From patchwork Mon Mar 21 22:29:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5612 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73ADCC433F5 for ; Mon, 21 Mar 2022 22:29:30 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.web09.2511.1647901769189880507 for ; Mon, 21 Mar 2022 15:29:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Wkd+9u+Q; spf=softfail (domain: sakoman.com, ip: 209.85.216.50, mailfrom: steve@sakoman.com) Received: by mail-pj1-f50.google.com with SMTP id jx9so331870pjb.5 for ; Mon, 21 Mar 2022 15:29:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=p39R6JQVX4yGuMjAaj1JB7UXczyOgH9ry4rOmc/Gip8=; b=Wkd+9u+QmamT4DYpxExXgXc1WOVgeaSN6GtYLke48RZyiUyFXeKHkPwN3n43nzEV7R aSio+hJNI6Sk1lW4tRmRuBAl/R5Su5UR5LtNt5gulu0XkjqGESBgasMFLsk3xzJMKNfd h9BkvDWwlPzMBat99Eh155hcra6YhNvvLfFpBos6zZbtNgueXgzxxkrrnoSSUO6UxJ6E HO427//Wg/9mBIJZA30PsMHLtoqV274RDHdtixrK0OaVydgRuyFBxE1KkCQMpC68B9RN Eh2l6sroSHlAkt5hOJFbR7KozZRq2IaGjK83PGepK+Fe7Msqh0qgLD7LQdbuUqE6T6yJ F4ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p39R6JQVX4yGuMjAaj1JB7UXczyOgH9ry4rOmc/Gip8=; b=4mr6ic//uyuyEHRC7orPKaTUaSSzzZgidThzJGow3fvcfJ1HiVRrXoLejOU7u3pf5S ITsa+1Uaha+gLGrxAm3i6sIMgP8e5mTtS/CshbKh9zRjJhvZ6famiBiHWpj6XKQXxp4Y ITZMGbS/HHRRL81v05sNMcJm9qBPVBsTZUWUeXw0iCu378c6g99bhrKfE2VFKFrLfYJI 5I52ZdeOW/Vna7WMUh0B2t2iZZyo24yqMmHppmzq9I7K9dB8X28EJ+SCu0XQN71LUJZS mpdAHJH93OzHoh/xUqmQOmkN5eCiVH3pKxgzSdo6BHbgyANPOypokanrcy4BxXr6TAPi uAHQ== X-Gm-Message-State: AOAM532/WXyOAexOKXm+TB5c9R6e79JNYmflPFV5yCwDWWLBQWSYeodu IU/SFGi1Z/H80E7Z14Ggsqhu4ZlEpKLnBeJS3vE= X-Google-Smtp-Source: ABdhPJwQqSesKFFpfjs1UrqYB5x1/vO8mSCWHwn+lLgTKusO23rLFqPTqtl3GaLS36J8axVuYYnNtA== X-Received: by 2002:a17:90b:4b02:b0:1c7:1bc3:690b with SMTP id lx2-20020a17090b4b0200b001c71bc3690bmr1428952pjb.174.1647901767897; Mon, 21 Mar 2022 15:29:27 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/13] libxml2: backport fix for CVE-2022-23308 Date: Mon, 21 Mar 2022 12:29:01 -1000 Message-Id: <6c2f91ce93921c9bfe52c62c0347b992df98d62d.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163514 From: Ralph Siemsen Use-after-free of ID and IDREF attributes, which could result in denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23308 CVE: CVE-2022-23308 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2022-23308.patch | 204 ++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 + 2 files changed, 205 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch new file mode 100644 index 0000000000..bf5604e81a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch @@ -0,0 +1,204 @@ +From 8b66850de350f0fcd786ae776a65ba15a5999e50 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 8 Feb 2022 03:29:24 +0100 +Subject: [PATCH] Use-after-free of ID and IDREF attributes + +If a document is parsed with XML_PARSE_DTDVALID and without +XML_PARSE_NOENT, the value of ID attributes has to be normalized after +potentially expanding entities in xmlRemoveID. Otherwise, later calls +to xmlGetID can return a pointer to previously freed memory. + +ID attributes which are empty or contain only whitespace after +entity expansion are affected in a similar way. This is fixed by +not storing such attributes in the ID table. + +The test to detect streaming mode when validating against a DTD was +broken. In connection with the defects above, this could result in a +use-after-free when using the xmlReader interface with validation. +Fix detection of streaming mode to avoid similar issues. (This changes +the expected result of a test case. But as far as I can tell, using the +XML reader with XIncludes referencing the root document never worked +properly, anyway.) + +All of these issues can result in denial of service. Using xmlReader +with validation could result in disclosure of memory via the error +channel, typically stderr. The security impact of xmlGetID returning +a pointer to freed memory depends on the application. The typical use +case of calling xmlGetID on an unmodified document is not affected. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e] + +The upstream patch 652dd12a858989b14eed4e84e453059cd3ba340e has been modified +to skip the patch to the testsuite result (result/XInclude/ns1.xml.rdr), as +this particular test does not exist in v2.9.10 (it was added later). + +CVE: CVE-2022-23308 +Signed-off-by: Ralph Siemsen + +--- + valid.c | 88 +++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 55 insertions(+), 33 deletions(-) + +diff --git a/valid.c b/valid.c +index 07963e7..ee75311 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++static int ++xmlIsStreaming(xmlValidCtxtPtr ctxt) { ++ xmlParserCtxtPtr pctxt; ++ ++ if (ctxt == NULL) ++ return(0); ++ /* ++ * These magic values are also abused to detect whether we're validating ++ * while parsing a document. In this case, userData points to the parser ++ * context. ++ */ ++ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) && ++ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1)) ++ return(0); ++ pctxt = ctxt->userData; ++ return(pctxt->parseMode == XML_PARSE_READER); ++} ++ + /** + * xmlFreeID: + * @not: A id +@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + if (doc == NULL) { + return(NULL); + } +- if (value == NULL) { ++ if ((value == NULL) || (value[0] == 0)) { + return(NULL); + } + if (attr == NULL) { +@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + */ + ret->value = xmlStrdup(value); + ret->doc = doc; +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + ID = xmlNodeListGetString(doc, attr->children, 1); + if (ID == NULL) + return(-1); ++ xmlValidNormalizeString(ID); + + id = xmlHashLookup(table, ID); + if (id == NULL || id->attr != attr) { +@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + * fill the structure. + */ + ret->value = xmlStrdup(value); +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + int extsubset = 0; + +@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { + xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, + "standalone: %s on %s value had to be normalized based on external subset declaration\n", +@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + + if (doc == NULL) return(NULL); +@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + return(ret); + } + diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index ebb996c8dd..1b22e5672c 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -27,6 +27,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://CVE-2021-3537.patch \ file://CVE-2021-3518.patch \ file://CVE-2021-3541.patch \ + file://CVE-2022-23308.patch \ " SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5" From patchwork Mon Mar 21 22:29:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5613 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73C6AC433EF for ; Mon, 21 Mar 2022 22:29:32 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web12.2377.1647901771037134939 for ; Mon, 21 Mar 2022 15:29:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Jad14TUP; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id s11so16653276pfu.13 for ; Mon, 21 Mar 2022 15:29:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zgd3HZs5VTghDUhMxst35gSWSij0LxI4ZDUwpzdP3uA=; b=Jad14TUPlcGhnbjNvxObNUT31EY7vYok8qftfCf/gfCdBps6McjCVmp10p7eD9OyT5 g3Ikha0XN0fEibRehjzyP2F0CXVeYjM7F6ls9OYd3KJM11j+UrB6zTnT1lOdoHbcd1IQ H0ztZmNV0NOGXbYMPjszDe94hj7N4sJWExk6x8lKEsuBOH+3gGrKALUpQdZBMUg6AU+/ K99APBwy2fPW5juuudSqEcsietIOuWG/LZkT1iGbP2M0oRAABZ073cOnBVX6Q8ZkyR3T rpkcnatsYNr5u3LIJhcsgLOSwDaEcjbp+y4ghOgB1XHloE6VJpNrvNQyDbr2faalOaah 6x6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zgd3HZs5VTghDUhMxst35gSWSij0LxI4ZDUwpzdP3uA=; b=ii891bKk4ymnbuPl4q8/o9TjxToT3NrltOtCn1tVi/veTNgN1M5AqEn1sS3aD3dxdC gEVbXVtdHWsHEj6OgbBkroDDVUk3LtxllRUaxQRMvKJPmX0pLloADMF6vSb1luH8TXnj Guj7cn2AlMxiR80T0GKK3kmMT2tXTPp6B6Xh+YVGlXF2WPqxoJYnPXjxv+qbF5JCaiBT 8CuXGrop/uBGR0YTJNQXqb25k3rOLcFAHqaOy6g9ZbD+RKo6Jo+UrkS1GQBOxqL+vS1D DKPGA95Il/AjO4alfapbAFdvi5piPAMwNOyBp5hPo6Ff+4m1F/zgybZbdT+BLD7cXMzy L1Ug== X-Gm-Message-State: AOAM5314pk/EzVLL3+P+uhNzPVSUGe/yN3qO8/bVhhhB79EdW0BHDFYO ixQwnLKtma9/gDxgGa03NYqF0JjCyAPbwXashCY= X-Google-Smtp-Source: ABdhPJw9ZhKC7qWTpBz6DaQSXKL0IgWpHxCgmTmdfy7CZNlViZY0GTfHJfR3VRgC0VCs5a8KrLiRlg== X-Received: by 2002:a65:62d0:0:b0:381:d38:c7b0 with SMTP id m16-20020a6562d0000000b003810d38c7b0mr19852893pgv.186.1647901770076; Mon, 21 Mar 2022 15:29:30 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/13] libxml2: move to gitlab.gnome.org Date: Mon, 21 Mar 2022 12:29:02 -1000 Message-Id: <38681a213a3b5f57b37257f7d96c4e970032ffe4.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163515 From: Ralph Siemsen The project has migrated from www.xmlsoft.org to gitlab.gnome.org. Update the homepage accordingly, and use gnomebase to construct the download URL, rather than including it in SRC_URI explicitly. Note that the download is now in .xz format rather than .gz, so the sha256sum is updated accordingly. Post-decompression tarballs are identical, so there is no change to the libxml2 code. Signed-off-by: Ralph Siemsen Signed-off-by: Richard Purdie (cherry picked from commit 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add) Signed-off-by: Steve Sakoman --- meta/recipes-core/libxml/libxml2_2.9.10.bb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index 1b22e5672c..976eeca1d4 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -1,6 +1,6 @@ SUMMARY = "XML C Parser Library and Toolkit" DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat." -HOMEPAGE = "http://www.xmlsoft.org/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2" BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2" SECTION = "libs" LICENSE = "MIT" @@ -11,8 +11,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \ DEPENDS = "zlib virtual/libiconv" -SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ - http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ +inherit gnomebase + +SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ file://libxml-64bit.patch \ file://runtest.patch \ file://run-ptest \ @@ -30,8 +31,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://CVE-2022-23308.patch \ " -SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5" -SRC_URI[libtar.sha256sum] = "aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f" +SRC_URI[archive.sha256sum] = "28a92f6ab1f311acf5e478564c49088ef0ac77090d9c719bbc5d518f1fe62eb9" SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" From patchwork Mon Mar 21 22:29:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5614 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B3B1C433EF for ; Mon, 21 Mar 2022 22:29:35 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web12.2378.1647901774224069122 for ; Mon, 21 Mar 2022 15:29:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=v84Gyuej; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id p5so10587983pfo.5 for ; Mon, 21 Mar 2022 15:29:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=bLPujXWnZUOTflhcQXFIVPNaHGk5pI2kPy2n9+q+Y00=; b=v84GyuejKR6VYjjQnSGXsjDLOS5yGmt9pGKvNkq1E9Pkno/D+Cix+5IqAY9L6Lp1VK Tq/GT97OHfUbPQYkVu8ZUvoZQDO6xK/Dha1FSgKKPAijdnoDBLT243zAXwJKuZgFU91Y cS00mbnZPDUxXejOSjSqKBGmrnzyvja/FOwKEMrd3eai3GK6mhZJQKFF/p48xnZcVYHy WbGJAbdjz8RbCRXaIKhh9gO8KjEz92wjNEF+HuYEdzTd0tWSm4qlf6S0WeYfIUOopHnN yHj4zXb14qRgBqaOLG7aZg/FM2tXAVE6ozpzNVBIFaPPr1KFeDV6k8rkUxA0AOGXT/3d G9ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bLPujXWnZUOTflhcQXFIVPNaHGk5pI2kPy2n9+q+Y00=; b=fpzmS9ljEk4ehCX6kDHHbMhJ4M6sQHUnYpUmWKdq37AyTPL/J88mv0LMwveJTP4hJh BrYrwPZSAVGYMb/OiPjGXst+43QDE6PUSfCgFc/K+oOj3gczDqRG34lLxcbdn9bqp+YR k+mLzT6TFYKaXNKiulK1pKNTgVd0dQvl9BseuW6OdxU2Kg2QfEr8d2/3PLjjzHMJrMEC 1uk1UAnL2KpdB2jp2an/q0y8jo1zZS+aUJ8vnhgmzVPRlxDpPcMiQyz6muA5HDtPM9xR /LlYOf9hDRelp2TKYJ3Hn3ogBm42Ak3XKD+J277yDkAgJ3IMEZTPrHckVMiB1IWqNpeB KmvQ== X-Gm-Message-State: AOAM5324G8wPFGsPT866pGUe56IrXolceqyFjoh30h1iTaXx+Stt9isY X7OTflj/M3CkJ2MXAmeZfcYXod6rMfcYXu/1q6c= X-Google-Smtp-Source: ABdhPJzyTjz5ySJ7khpR8tU7O5rNJ1OscSVQ2QGRJyeckR9m/OjW8riF2Q4dZrWnaFDfuQa4tcF8Yw== X-Received: by 2002:a63:5311:0:b0:373:9fdb:ce03 with SMTP id h17-20020a635311000000b003739fdbce03mr3059369pgb.518.1647901772626; Mon, 21 Mar 2022 15:29:32 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/13] re2c: backport fix for CVE-2018-21232 Date: Mon, 21 Mar 2022 12:29:03 -1000 Message-Id: <8c5ee47d446b36d6832acc8452687f50101f3e65.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163516 From: Davide Gardenal Backport commits from the following issue: https://github.com/skvadrik/re2c/issues/219 CVE: CVE-2018-21232 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- .../re2c/re2c/CVE-2018-21232-1.patch | 347 ++++++++++++++++++ .../re2c/re2c/CVE-2018-21232-2.patch | 243 ++++++++++++ .../re2c/re2c/CVE-2018-21232-3.patch | 156 ++++++++ .../re2c/re2c/CVE-2018-21232-4.patch | 166 +++++++++ meta/recipes-support/re2c/re2c_1.0.1.bb | 6 +- 5 files changed, 917 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/re2c/re2c/CVE-2018-21232-1.patch create mode 100644 meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch create mode 100644 meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch create mode 100644 meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch diff --git a/meta/recipes-support/re2c/re2c/CVE-2018-21232-1.patch b/meta/recipes-support/re2c/re2c/CVE-2018-21232-1.patch new file mode 100644 index 0000000000..b7dcaefad3 --- /dev/null +++ b/meta/recipes-support/re2c/re2c/CVE-2018-21232-1.patch @@ -0,0 +1,347 @@ +From fd634998f813340768c333cdad638498602856e5 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Tue, 21 Apr 2020 21:28:32 +0100 +Subject: [PATCH] Rewrite recursion into iteration (Tarjan's SCC algorithm and + YYFILL states). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Stack overflow reported by Agostino Sarubbo. +Related to #219 "overflow-1.re test fails on system with small stack". + +Upstram-Status: Backport: +https://github.com/skvadrik/re2c/commit/fd634998f813340768c333cdad638498602856e5 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/dfa/fillpoints.cc b/src/dfa/fillpoints.cc +--- a/src/dfa/fillpoints.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/dfa/fillpoints.cc (date 1646929180243) +@@ -5,151 +5,186 @@ + + #include "src/dfa/dfa.h" + +-namespace re2c +-{ ++ ++/* ++ * note [finding strongly connected components of DFA] ++ * ++ * A slight modification of Tarjan's algorithm. ++ * ++ * The algorithm traverses the DFA in depth-first order. It maintains a stack ++ * of states that have already been visited but haven't been assigned to an SCC ++ * yet. For each state the algorithm calculates 'lowlink': index of the highest ++ * ancestor state reachable in one step from a descendant of this state. ++ * Lowlink is used to determine when a set of states should be popped off stack ++ * into a new SCC. ++ * ++ * We use lowlink to hold different kinds of information: ++ * - values in range [0 .. stack size] mean that the state is on stack (a ++ * link to a state with the smallest index reachable from this one) ++ * - SCC_UND means that this state has not been visited yet ++ * - SCC_INF means that this state has already been popped off stack ++ * ++ * We use stack size (rather than topological sort index) as a unique index of ++ * the state on stack. This is safe because the indices of states on stack are ++ * unique and less than the indices of states that have been popped off stack ++ * (SCC_INF). ++ */ ++ ++namespace re2c { ++ namespace { + +-static const size_t SCC_INF = std::numeric_limits::max(); +-static const size_t SCC_UND = SCC_INF - 1; ++ static const size_t SCC_INF = std::numeric_limits::max(); ++ static const size_t SCC_UND = SCC_INF - 1; + +-static bool loopback(size_t node, size_t narcs, const size_t *arcs) +-{ +- for (size_t i = 0; i < narcs; ++i) +- { +- if (arcs[i] == node) +- { +- return true; +- } +- } +- return false; +-} ++ static bool loopback(size_t state, size_t narcs, const size_t *arcs) ++ { ++ for (size_t i = 0; i < narcs; ++i) { ++ if (arcs[i] == state) return true; ++ } ++ return false; ++ } + +-/* +- * node [finding strongly connected components of DFA] +- * +- * A slight modification of Tarjan's algorithm. +- * +- * The algorithm walks graph in deep-first order. It maintains a stack +- * of nodes that have already been visited but haven't been assigned to +- * SCC yet. For each node the algorithm calculates 'lowlink': index of +- * the highest ancestor node reachable in one step from a descendant of +- * the node. Lowlink is used to determine when a set of nodes should be +- * popped off the stack into a new SCC. +- * +- * We use lowlink to hold different kinds of information: +- * - values in range [0 .. stack size] mean that this node is on stack +- * (link to a node with the smallest index reachable from this one) +- * - SCC_UND means that this node has not been visited yet +- * - SCC_INF means that this node has already been popped off stack +- * +- * We use stack size (rather than topological sort index) as unique index +- * of a node on stack. This is safe because indices of nodes on stack are +- * still unique and less than indices of nodes that have been popped off +- * stack (SCC_INF). +- * +- */ +-static void scc( +- const dfa_t &dfa, +- std::stack &stack, +- std::vector &lowlink, +- std::vector &trivial, +- size_t i) +-{ +- const size_t link = stack.size(); +- lowlink[i] = link; +- stack.push(i); ++ struct StackItem { ++ size_t state; // current state ++ size_t symbol; // next arc to be visited in this state ++ size_t link; // Tarjan's "lowlink" ++ }; ++ ++// Tarjan's algorithm ++ static void scc(const dfa_t &dfa, std::vector &trivial, ++ std::vector &stack_dfs) ++ { ++ std::vector lowlink(dfa.states.size(), SCC_UND); ++ std::stack stack; ++ ++ StackItem x0 = {0, 0, 0}; ++ stack_dfs.push_back(x0); ++ ++ while (!stack_dfs.empty()) { ++ const size_t i = stack_dfs.back().state; ++ size_t c = stack_dfs.back().symbol; ++ size_t link = stack_dfs.back().link; ++ stack_dfs.pop_back(); ++ ++ const size_t *arcs = dfa.states[i]->arcs; ++ ++ if (c == 0) { ++ // DFS recursive enter ++ //DASSERT(lowlink[i] == SCC_UND); ++ link = lowlink[i] = stack.size(); ++ stack.push(i); ++ } ++ else { ++ // DFS recursive return (from one of successor states) ++ const size_t j = arcs[c - 1]; ++ //DASSERT(lowlink[j] != SCC_UND); ++ lowlink[i] = std::min(lowlink[i], lowlink[j]); ++ } + +- const size_t *arcs = dfa.states[i]->arcs; +- for (size_t c = 0; c < dfa.nchars; ++c) +- { +- const size_t j = arcs[c]; +- if (j != dfa_t::NIL) +- { +- if (lowlink[j] == SCC_UND) +- { +- scc(dfa, stack, lowlink, trivial, j); +- } +- if (lowlink[j] < lowlink[i]) +- { +- lowlink[i] = lowlink[j]; +- } +- } +- } ++ // find the next successor state that hasn't been visited yet ++ for (; c < dfa.nchars; ++c) { ++ const size_t j = arcs[c]; ++ if (j != dfa_t::NIL) { ++ if (lowlink[j] == SCC_UND) { ++ break; ++ } ++ lowlink[i] = std::min(lowlink[i], lowlink[j]); ++ } ++ } + +- if (lowlink[i] == link) +- { +- // SCC is non-trivial (has loops) iff it either: +- // - consists of multiple nodes (they all must be interconnected) +- // - consists of single node which loops back to itself +- trivial[i] = i == stack.top() +- && !loopback(i, dfa.nchars, arcs); ++ if (c < dfa.nchars) { ++ // recurse into the next successor state ++ StackItem x1 = {i, c + 1, link}; ++ stack_dfs.push_back(x1); ++ StackItem x2 = {arcs[c], 0, SCC_UND}; ++ stack_dfs.push_back(x2); ++ } ++ else if (lowlink[i] == link) { ++ // all successors have been visited ++ // SCC is non-trivial (has loops) if either: ++ // - it contains multiple interconnected states ++ // - it contains a single self-looping state ++ trivial[i] = i == stack.top() && !loopback(i, dfa.nchars, arcs); + +- size_t j; +- do +- { +- j = stack.top(); +- stack.pop(); +- lowlink[j] = SCC_INF; +- } +- while (j != i); +- } +-} ++ for (;;) { ++ const size_t j = stack.top(); ++ stack.pop(); ++ lowlink[j] = SCC_INF; ++ if (i == j) break; ++ } ++ } ++ } ++ } + +-static void calc_fill( +- const dfa_t &dfa, +- const std::vector &trivial, +- std::vector &fill, +- size_t i) +-{ +- if (fill[i] == SCC_UND) +- { +- fill[i] = 0; +- const size_t *arcs = dfa.states[i]->arcs; +- for (size_t c = 0; c < dfa.nchars; ++c) +- { +- const size_t j = arcs[c]; +- if (j != dfa_t::NIL) +- { +- calc_fill(dfa, trivial, fill, j); +- size_t max = 1; +- if (trivial[j]) +- { +- max += fill[j]; +- } +- if (max > fill[i]) +- { +- fill[i] = max; +- } +- } +- } +- } +-} +- +-void fillpoints(const dfa_t &dfa, std::vector &fill) +-{ +- const size_t size = dfa.states.size(); +- +- // find DFA states that belong to non-trivial SCC +- std::stack stack; +- std::vector lowlink(size, SCC_UND); +- std::vector trivial(size, false); +- scc(dfa, stack, lowlink, trivial, 0); +- +- // for each DFA state, calculate YYFILL argument: +- // maximal path length to the next YYFILL state +- fill.resize(size, SCC_UND); +- calc_fill(dfa, trivial, fill, 0); ++ static void calc_fill(const dfa_t &dfa, const std::vector &trivial, ++ std::vector &stack_dfs, std::vector &fill) ++ { ++ const size_t nstates = dfa.states.size(); ++ fill.resize(nstates, SCC_UND); ++ ++ StackItem x0 = {0, 0, SCC_INF}; ++ stack_dfs.push_back(x0); ++ ++ while (!stack_dfs.empty()) { ++ const size_t i = stack_dfs.back().state; ++ size_t c = stack_dfs.back().symbol; ++ stack_dfs.pop_back(); ++ ++ const size_t *arcs = dfa.states[i]->arcs; ++ ++ if (c == 0) { ++ // DFS recursive enter ++ if (fill[i] != SCC_UND) continue; ++ fill[i] = 0; ++ } ++ else { ++ // DFS recursive return (from one of successor states) ++ const size_t j = arcs[c - 1]; ++ //DASSERT(fill[i] != SCC_UND && fill[j] != SCC_UND); ++ fill[i] = std::max(fill[i], 1 + (trivial[j] ? fill[j] : 0)); ++ } ++ ++ // find the next successor state that hasn't been visited yet ++ for (; c < dfa.nchars; ++c) { ++ const size_t j = arcs[c]; ++ if (j != dfa_t::NIL) break; ++ } ++ ++ if (c < dfa.nchars) { ++ // recurse into the next successor state ++ StackItem x1 = {i, c + 1, SCC_INF}; ++ stack_dfs.push_back(x1); ++ StackItem x2 = {arcs[c], 0, SCC_INF}; ++ stack_dfs.push_back(x2); ++ } ++ } + +- // The following states must trigger YYFILL: +- // - inital state +- // - all states in non-trivial SCCs +- // for other states, reset YYFILL argument to zero +- for (size_t i = 1; i < size; ++i) +- { +- if (trivial[i]) +- { +- fill[i] = 0; +- } +- } +-} ++ // The following states must trigger YYFILL: ++ // - inital state ++ // - all states in non-trivial SCCs ++ // for other states, reset YYFILL argument to zero ++ for (size_t i = 1; i < nstates; ++i) { ++ if (trivial[i]) { ++ fill[i] = 0; ++ } ++ } ++ } + ++ } // anonymous namespace ++ ++ void fillpoints(const dfa_t &dfa, std::vector &fill) ++ { ++ const size_t nstates = dfa.states.size(); ++ std::vector trivial(nstates, false); ++ std::vector stack_dfs; ++ stack_dfs.reserve(nstates); ++ ++ // find DFA states that belong to non-trivial SCC ++ scc(dfa, trivial, stack_dfs); ++ ++ // for each DFA state, calculate YYFILL argument: ++ // maximal path length to the next YYFILL state ++ calc_fill(dfa, trivial, stack_dfs, fill); ++ } ++ + } // namespace re2c diff --git a/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch b/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch new file mode 100644 index 0000000000..820a6decbc --- /dev/null +++ b/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch @@ -0,0 +1,243 @@ +From 7b5643476bd99c994c4f51b8143f942982d85521 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Wed, 22 Apr 2020 22:37:24 +0100 +Subject: [PATCH] Rewrite recursion into iteration (fixed tags computation). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstream-Stauts: Backport: +https://github.com/skvadrik/re2c/commit/7b5643476bd99c994c4f51b8143f942982d85521 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/re/tag.cc b/src/re/tag.cc +--- a/src/re/tag.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/tag.cc (date 1646986908580) +@@ -6,7 +6,7 @@ + { + + const size_t Tag::RIGHTMOST = std::numeric_limits::max(); +-const size_t Tag::VARDIST = std::numeric_limits::max(); ++const uint32_t Tag::VARDIST = std::numeric_limits::max(); + const size_t Tag::FICTIVE = Tag::RIGHTMOST - 1; + + } // namespace re2c + + +diff --git a/src/re/tag.h b/src/re/tag.h +--- a/src/re/tag.h (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/tag.h (date 1646986922376) +@@ -19,7 +19,7 @@ + struct Tag + { + static const size_t RIGHTMOST; +- static const size_t VARDIST; ++ static const uint32_t VARDIST; + static const size_t FICTIVE; + + const std::string *name; + + +diff --git a/src/re/fixed_tags.cc b/src/re/fixed_tags.cc +--- a/src/re/fixed_tags.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/fixed_tags.cc (date 1646991137317) +@@ -7,78 +7,131 @@ + #include "src/re/tag.h" + + namespace re2c { ++namespace { + + /* note [fixed and variable tags] + * +- * If distance between two tags is constant (equal for all strings that +- * match the given regexp), then lexer only needs to track one of them: +- * the second tag equals the first tag plus static offset. ++ * If distance between two tags is constant (equal for all strings that match ++ * the given regexp), then lexer only needs to track one of them: the second ++ * tag equals the first tag plus static offset. + * +- * However, this optimization is applied only to tags in top-level +- * concatenation, because other tags may be uninitialized and we don't +- * want to mess with conditional calculation of fixed tags. +- * ++ * This optimization is applied only to tags in top-level concatenation, ++ * because in other cases the base tag may be NULL, and the calculation of ++ * the fixed tag value is not as simple as substracting a fixed offset. + * Furthermore, fixed tags are fobidden with generic API because it cannot +- * express fixed offsets. +- * +- * Tags with history also cannot be fixed. ++ * express fixed offsets. M-tags (with history) also cannot be fixed. + * + * Another special case is fictive tags (those that exist only to impose +- * hierarchical laws of POSIX disambiguation). We treat them as fixed +- * in order to suppress code generation. ++ * hierarchical laws of POSIX disambiguation). We treat them as fixed in order ++ * to suppress code generation. + */ + +-static void find_fixed_tags(RE *re, std::vector &tags, +- size_t &dist, size_t &base, bool toplevel) ++struct StackItem { ++ RE *re; // current sub-RE ++ uint32_t dist; // distance backup for alternative, unused for other RE ++ uint8_t succ; // index of the next successor to be visited ++ bool toplevel; // if this sub-RE is in top-level concatenation ++}; ++ ++static void find_fixed_tags(RESpec &spec, std::vector &stack, RE *re0) + { +- switch (re->type) { +- case RE::NIL: break; +- case RE::SYM: +- if (dist != Tag::VARDIST) ++dist; +- break; +- case RE::ALT: { +- size_t d1 = dist, d2 = dist; +- find_fixed_tags(re->alt.re1, tags, d1, base, false); +- find_fixed_tags(re->alt.re2, tags, d2, base, false); +- dist = (d1 == d2) ? d1 : Tag::VARDIST; +- break; +- } +- case RE::CAT: +- find_fixed_tags(re->cat.re2, tags, dist, base, toplevel); +- find_fixed_tags(re->cat.re1, tags, dist, base, toplevel); +- break; +- case RE::ITER: +- find_fixed_tags(re->iter.re, tags, dist, base, false); +- dist = Tag::VARDIST; +- break; +- case RE::TAG: { +- // see note [fixed and variable tags] +- Tag &tag = tags[re->tag.idx]; +- if (fictive(tag)) { +- tag.base = tag.dist = 0; +- } else if (toplevel && dist != Tag::VARDIST && !history(tag)) { +- tag.base = base; +- tag.dist = dist; +- } else if (toplevel) { +- base = re->tag.idx; +- dist = 0; +- } +- if (trailing(tag)) dist = 0; +- break; +- } +- } ++ static const uint32_t VARDIST = Tag::VARDIST; ++ bool toplevel = spec.opts->input_api != INPUT_CUSTOM; ++ ++ // base tag, intially the fake "rightmost tag" (the end of RE) ++ size_t base = Tag::RIGHTMOST; ++ ++ // the distance to the nearest top-level tag to the right (base tag) ++ uint32_t dist = 0; ++ ++ const StackItem i0 = {re0, VARDIST, 0, toplevel}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ RE *re = i.re; ++ ++ if (re->type == RE::SYM) { ++ if (dist != VARDIST) ++dist; ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // save the current distance on stack (from the alternative end ++ // to base) and recurse into the left sub-RE ++ StackItem k = {re, dist, 1, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, VARDIST, 0, false}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // save the current distance on stack (from the left sub-RE to ++ // base), reset distance to the distance popped from stack (from ++ // the alternative end to base), recurse into the right sub-RE ++ StackItem k = {re, dist, 2, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re2, VARDIST, 0, false}; ++ stack.push_back(j); ++ dist = i.dist; ++ } ++ else { ++ // both sub-RE visited, compare the distance on stack (from the ++ // left sub-RE to base) to the current distance (from the right ++ // sub-RE to base), if not equal set variable distance ++ dist = (i.dist == dist) ? i.dist : VARDIST; ++ } ++ } ++ else if (re->type == RE::ITER) { ++ if (i.succ == 0) { ++ // recurse into the sub-RE ++ StackItem k = {re, VARDIST, 1, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->iter.re, VARDIST, 0, false}; ++ stack.push_back(j); ++ } ++ else { ++ // sub-RE visited, assume unknown number of iterations ++ // TODO: find precise distance for fixed repetition counter ++ dist = VARDIST; ++ } ++ } ++ else if (re->type == RE::CAT) { ++ // the right sub-RE is pushed on stack after the left sub-RE and ++ // visited earlier (because distance is computed from right to left) ++ StackItem j1 = {re->cat.re1, VARDIST, 0, i.toplevel}; ++ stack.push_back(j1); ++ StackItem j2 = {re->cat.re2, VARDIST, 0, i.toplevel}; ++ stack.push_back(j2); ++ } ++ else if (re->type == RE::TAG) { ++ // see note [fixed and variable tags] ++ Tag &tag = spec.tags[re->tag.idx]; ++ if (fictive(tag)) { ++ tag.base = tag.dist = 0; ++ } ++ else if (i.toplevel && dist != VARDIST && !history(tag)) { ++ tag.base = base; ++ tag.dist = dist; ++ } ++ else if (i.toplevel) { ++ base = re->tag.idx; ++ dist = 0; ++ } ++ if (trailing(tag)) { ++ dist = 0; ++ } ++ } ++ } + } ++ ++} // anonymous namespace + +-void find_fixed_tags(RESpec &spec) +-{ +- const bool generic = spec.opts->input_api == INPUT_CUSTOM; +- std::vector::iterator +- i = spec.res.begin(), +- e = spec.res.end(); +- for (; i != e; ++i) { +- size_t base = Tag::RIGHTMOST, dist = 0; +- find_fixed_tags(*i, spec.tags, dist, base, !generic); +- } +-} ++ void find_fixed_tags(RESpec &spec) ++ { ++ std::vector stack; ++ for (std::vector::iterator i = spec.res.begin(); i != spec.res.end(); ++i) { ++ find_fixed_tags(spec, stack, *i); ++ } ++ } + +-} // namespace re2c ++} // namespace re2c +\ No newline at end of file diff --git a/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch b/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch new file mode 100644 index 0000000000..f942e21cba --- /dev/null +++ b/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch @@ -0,0 +1,156 @@ +From 4d9c809355b574f2a58eac119f5e076c48e4d1e2 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Thu, 23 Apr 2020 22:16:51 +0100 +Subject: [PATCH] Rewrite recursion into iteration (nullable RE). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstream-Status: Backport: +https://github.com/skvadrik/re2c/commit/4d9c809355b574f2a58eac119f5e076c48e4d1e2 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/re/nullable.cc b/src/re/nullable.cc +--- a/src/re/nullable.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/nullable.cc (date 1647253886226) +@@ -9,43 +9,100 @@ + #include "src/re/tag.h" + + namespace re2c { ++ namespace { ++ ++ struct StackItem { ++ const RE *re; // current sub-RE ++ uint8_t succ; // index of the next sucessor to be visited ++ }; + +-static bool nullable(const RESpec &spec, const RE *re, bool &trail) +-{ +- if (trail) return true; ++ static bool nullable(const RESpec &spec, std::vector &stack, const RE *re0) ++ { ++ // the "nullable" status of the last sub-RE visited by DFS ++ bool null = false; + +- switch (re->type) { +- case RE::NIL: return true; +- case RE::SYM: return false; +- case RE::ITER: +- return nullable(spec, re->iter.re, trail); +- case RE::TAG: +- trail |= trailing(spec.tags[re->tag.idx]); +- return true; +- case RE::ALT: +- return nullable(spec, re->alt.re1, trail) +- || nullable(spec, re->alt.re2, trail); +- case RE::CAT: +- return nullable(spec, re->cat.re1, trail) +- && nullable(spec, re->cat.re2, trail); +- } +- return false; /* unreachable */ +-} ++ const StackItem i0 = {re0, 0}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ ++ const RE *re = i.re; ++ if (re->type == RE::NIL) { ++ null = true; ++ } ++ else if (re->type == RE::SYM) { ++ null = false; ++ } ++ else if (re->type == RE::TAG) { ++ null = true; + +-/* +- * warn about rules that match empty string +- * (including rules with nonempty trailing context) +- * false positives on partially self-shadowed rules like [^]? +- */ +-void warn_nullable(const RESpec &spec, const std::string &cond) +-{ +- const size_t nre = spec.res.size(); +- for (size_t i = 0; i < nre; ++i) { +- bool trail = false; +- if (nullable(spec, spec.res[i], trail)) { +- spec.warn.match_empty_string(spec.rules[i].code->fline, cond); +- } +- } +-} ++ // Trailing context is always in top-level concatenation, and sub-RE ++ // are visited from left to right. Since we are here, sub-RE to the ++ // left of the trailing context is nullable (otherwise we would not ++ // recurse into the right sub-RE), therefore the whole RE is nullable. ++ if (trailing(spec.tags[re->tag.idx])) { ++ //DASSERT(stack.size() == 1 && stack.back().re->type == RE::CAT); ++ stack.pop_back(); ++ break; ++ } ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 1}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, 0}; ++ stack.push_back(j); ++ } ++ else if (!null) { ++ // if the left sub-RE is nullable, so is alternative, so stop ++ // recursion; otherwise recurse into the right sub-RE ++ StackItem j = {re->alt.re2, 0}; ++ stack.push_back(j); ++ } ++ } ++ else if (re->type == RE::CAT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 1}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re1, 0}; ++ stack.push_back(j); ++ } ++ else if (null) { ++ // if the left sub-RE is not nullable, neither is concatenation, ++ // so stop recursion; otherwise recurse into the right sub-RE ++ StackItem j = {re->cat.re2, 0}; ++ stack.push_back(j); ++ } ++ } ++ else if (re->type == RE::ITER) { ++ // iteration is nullable if the sub-RE is nullable ++ // (zero repetitions is represented with alternative) ++ StackItem j = {re->iter.re, 0}; ++ stack.push_back(j); ++ } ++ } ++ ++ //DASSERT(stack.empty()); ++ return null; ++ } ++ ++ } // anonymous namespace ++ ++// Warn about rules that match empty string (including rules with nonempty ++// trailing context). False positives on partially self-shadowed rules like [^]? ++ void warn_nullable(const RESpec &spec, const std::string &cond) ++ { ++ std::vector stack; ++ const size_t nre = spec.res.size(); ++ for (size_t i = 0; i < nre; ++i) { ++ if (nullable(spec, stack, spec.res[i])) { ++ spec.warn.match_empty_string(spec.rules[i].code->fline, cond); ++ } ++ } ++ } + + } // namespace re2c diff --git a/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch b/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch new file mode 100644 index 0000000000..ee8d84b1bc --- /dev/null +++ b/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch @@ -0,0 +1,166 @@ +From 89be91f3df00657261870adbc590209fdb2bc405 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Thu, 23 Apr 2020 23:02:21 +0100 +Subject: [PATCH] Rewrite recursion into iteration (estimation of NFA size for + RE). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstram-Status: Backport: +https://github.com/skvadrik/re2c/commit/89be91f3df00657261870adbc590209fdb2bc405 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/nfa/estimate_size.cc b/src/nfa/estimate_size.cc +--- a/src/nfa/estimate_size.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/nfa/estimate_size.cc (date 1647005399735) +@@ -6,41 +6,113 @@ + #include "src/re/re.h" + + namespace re2c { ++namespace { ++ ++struct StackItem { ++ const RE *re; // current sub-RE ++ uint32_t size; // size of the sub-RE (only for alternative and concatenation) ++ uint8_t succ; // index of the next sucessor to be visited ++}; + +-static size_t estimate(const RE *re) ++static uint32_t estimate_re_size(const RE *re0, std::vector &stack) + { +- switch (re->type) { +- case RE::NIL: return 0; +- case RE::SYM: return 1; +- case RE::TAG: return 1; +- case RE::ALT: +- return estimate(re->alt.re1) +- + estimate(re->alt.re2) +- + 1; +- case RE::CAT: +- return estimate(re->cat.re1) +- + estimate(re->cat.re2); +- case RE::ITER: { +- const size_t +- iter = estimate(re->iter.re), +- min = re->iter.min, +- max = re->iter.max; +- return max == AST::MANY +- ? iter * min + 1 +- : iter * max + (max - min); +- } +- } +- return 0; /* unreachable */ +-} ++ // the estimated size of the last sub-RE visited by DFS ++ uint32_t size = 0; ++ ++ const StackItem i0 = {re0, 0, 0}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ ++ const RE *re = i.re; ++ if (re->type == RE::NIL) { ++ size = 0; ++ } ++ else if (re->type == RE::SYM || re->type == RE::TAG) { ++ size = 1; ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, 0, 0}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // recurse into the right sub-RE ++ StackItem k = {re, size, 2}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re2, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // both sub-RE visited, recursive return ++ size = i.size // left sub-RE (saved on stack) ++ + size // right sub-RE (just visited by DFS) ++ + 1; // additional state for alternative ++ } ++ } ++ else if (re->type == RE::CAT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re1, 0, 0}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // recurse into the right sub-RE ++ StackItem k = {re, size, 2}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re2, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // both sub-RE visited, recursive return ++ size = i.size // left sub-RE (saved on stack) ++ + size; // right sub-RE (just visited by DFS) ++ } ++ } ++ else if (re->type == RE::ITER) { ++ if (i.succ == 0) { ++ // recurse into the sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->iter.re, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // sub-RE visited, recursive return ++ const uint32_t min = re->iter.min, max = re->iter.max; ++ size = max == AST::MANY ++ ? size * min + 1 ++ : size * max + (max - min); ++ } ++ } ++ } ++ ++ //DASSERT(stack.empty()); ++ return size; ++} ++ ++} // anonymous namespace + + size_t estimate_size(const std::vector &res) + { +- const size_t nre = res.size(); +- size_t size = nre - 1; +- for (size_t i = 0; i < nre; ++i) { +- size += estimate(res[i]) + 1; +- } +- return size; ++ std::vector stack; ++ ++ const size_t nre = res.size(); ++ //DASSERT(nre > 0); ++ size_t size = nre - 1; ++ ++ for (size_t i = 0; i < nre; ++i) { ++ size += estimate_re_size(res[i], stack) + 1; ++ } ++ ++ return size; + } + + } // namespace re2c + diff --git a/meta/recipes-support/re2c/re2c_1.0.1.bb b/meta/recipes-support/re2c/re2c_1.0.1.bb index faeb496a1a..ca5c33f151 100644 --- a/meta/recipes-support/re2c/re2c_1.0.1.bb +++ b/meta/recipes-support/re2c/re2c_1.0.1.bb @@ -7,7 +7,11 @@ SECTION = "devel" LICENSE = "PD" LIC_FILES_CHKSUM = "file://README;beginline=146;md5=881056c9add17f8019ccd8c382ba963a" -SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.gz" +SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.gz \ +file://CVE-2018-21232-1.patch \ +file://CVE-2018-21232-2.patch \ +file://CVE-2018-21232-3.patch \ +file://CVE-2018-21232-4.patch" SRC_URI[md5sum] = "e2c6cf52fc6a21595f21bc82db5324f8" SRC_URI[sha256sum] = "605058d18a00e01bfc32aebf83af35ed5b13180b4e9f279c90843afab2c66c7c" UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" From patchwork Mon Mar 21 22:29:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 14188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Steve Sakoman" Subject: [OE-core][dunfell 04/13] qemu: backport fix for CVE-2020-13253 Date: Mon, 21 Mar 2022 12:29:04 -1000 Message-Id: In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Davide Gardenal Backport commits from the following MR: https://git.qemu.org/?p=qemu.git;a=commit;h=3a9163af4e3dd61795a35d47b702e302f98f81d6 Two other commits have been backported in order to be able to correctly apply the patches. CVE: CVE-2020-13253 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 5 + .../qemu/qemu/CVE-2020-13253_1.patch | 50 +++++++ .../qemu/qemu/CVE-2020-13253_2.patch | 112 ++++++++++++++ .../qemu/qemu/CVE-2020-13253_3.patch | 86 +++++++++++ .../qemu/qemu/CVE-2020-13253_4.patch | 139 ++++++++++++++++++ .../qemu/qemu/CVE-2020-13253_5.patch | 54 +++++++ 6 files changed, 446 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13253_1.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index ef9bc3f64a..0bdc917783 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -92,6 +92,11 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2020-27617.patch \ file://CVE-2020-28916.patch \ file://CVE-2021-3682.patch \ + file://CVE-2020-13253_1.patch \ + file://CVE-2020-13253_2.patch \ + file://CVE-2020-13253_3.patch \ + file://CVE-2020-13253_4.patch \ + file://CVE-2020-13253_5.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_1.patch new file mode 100644 index 0000000000..7f8383987c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_1.patch @@ -0,0 +1,50 @@ +From 6dd3a164f5b31c703c7d8372841ad3bd6a57de6d Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 5 Jun 2018 22:28:51 -0300 +Subject: [PATCH 1/1] hw/sd/sdcard: Simplify realize() a bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +We don't need to check if sd->blk is set twice. + +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-18-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=6dd3a164f5b31c703c7d8372841ad3bd6a57de6d + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 1cc16bf..edd60a0 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -2105,12 +2105,12 @@ static void sd_realize(DeviceState *dev, Error **errp) + return; + } + +- if (sd->blk && blk_is_read_only(sd->blk)) { +- error_setg(errp, "Cannot use read-only drive as SD card"); +- return; +- } +- + if (sd->blk) { ++ if (blk_is_read_only(sd->blk)) { ++ error_setg(errp, "Cannot use read-only drive as SD card"); ++ return; ++ } ++ + ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, + BLK_PERM_ALL, errp); + if (ret < 0) { +-- +1.8.3.1 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch new file mode 100644 index 0000000000..53145d059f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch @@ -0,0 +1,112 @@ +From a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 7 Jul 2020 13:02:34 +0200 +Subject: [PATCH] hw/sd/sdcard: Do not allow invalid SD card sizes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +QEMU allows to create SD card with unrealistic sizes. This could +work, but some guests (at least Linux) consider sizes that are not +a power of 2 as a firmware bug and fix the card size to the next +power of 2. + +While the possibility to use small SD card images has been seen as +a feature, it became a bug with CVE-2020-13253, where the guest is +able to do OOB read/write accesses past the image size end. + +In a pair of commits we will fix CVE-2020-13253 as: + + Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + WP_VIOLATION errors are not modified: the error bit is set, we + stay in receive-data state, wait for a stop command. All further + data transfer is ignored. See the check on sd->card_status at the + beginning of sd_read_data() and sd_write_data(). + +While this is the correct behavior, in case QEMU create smaller SD +cards, guests still try to access past the image size end, and QEMU +considers this is an invalid address, thus "all further data transfer +is ignored". This is wrong and make the guest looping until +eventually timeouts. + +Fix by not allowing invalid SD card sizes (suggesting the expected +size as a hint): + + $ qemu-system-arm -M orangepi-pc -drive file=rootfs.ext2,if=sd,format=raw + qemu-system-arm: Invalid SD card size: 60 MiB + SD card size has to be a power of 2, e.g. 64 MiB. + You can resize disk images with 'qemu-img resize ' + (note that this will lose data if you make the image smaller than it currently is). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Reviewed-by: Peter Maydell +Message-Id: <20200713183209.26308-8-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36 + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index edd60a09c0..76d68359a4 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -32,6 +32,7 @@ + + #include "qemu/osdep.h" + #include "qemu/units.h" ++#include "qemu/cutils.h" + #include "hw/irq.h" + #include "hw/registerfields.h" + #include "sysemu/block-backend.h" +@@ -2106,11 +2107,35 @@ static void sd_realize(DeviceState *dev, Error **errp) + } + + if (sd->blk) { ++ int64_t blk_size; ++ + if (blk_is_read_only(sd->blk)) { + error_setg(errp, "Cannot use read-only drive as SD card"); + return; + } + ++ blk_size = blk_getlength(sd->blk); ++ if (blk_size > 0 && !is_power_of_2(blk_size)) { ++ int64_t blk_size_aligned = pow2ceil(blk_size); ++ char *blk_size_str; ++ ++ blk_size_str = size_to_str(blk_size); ++ error_setg(errp, "Invalid SD card size: %s", blk_size_str); ++ g_free(blk_size_str); ++ ++ blk_size_str = size_to_str(blk_size_aligned); ++ error_append_hint(errp, ++ "SD card size has to be a power of 2, e.g. %s.\n" ++ "You can resize disk images with" ++ " 'qemu-img resize '\n" ++ "(note that this will lose data if you make the" ++ " image smaller than it currently is).\n", ++ blk_size_str); ++ g_free(blk_size_str); ++ ++ return; ++ } ++ + ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, + BLK_PERM_ALL, errp); + if (ret < 0) { +-- +2.32.0 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch new file mode 100644 index 0000000000..b512b2bd7f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch @@ -0,0 +1,86 @@ +From 794d68de2f021a6d3874df41d6bbe8590ec05207 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Mon, 13 Jul 2020 09:27:35 +0200 +Subject: [PATCH] hw/sd/sdcard: Update coding style to make checkpatch.pl happy +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +To make the next commit easier to review, clean this code first. + +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Reviewed-by: Alexander Bulekov +Message-Id: <20200630133912.9428-3-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=794d68de2f021a6d3874df41d6bbe8590ec05207 + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +--- a/hw/sd/sd.c (revision b0ca999a43a22b38158a222233d3f5881648bb4f) ++++ b/hw/sd/sd.c (date 1647514442924) +@@ -1154,8 +1154,9 @@ + sd->data_start = addr; + sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ } + return sd_r1; + + default: +@@ -1170,8 +1171,9 @@ + sd->data_start = addr; + sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ } + return sd_r1; + + default: +@@ -1216,12 +1218,15 @@ + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; +- if (sd_wp_addr(sd, sd->data_start)) ++ } ++ if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; +- if (sd->csd[14] & 0x30) ++ } ++ if (sd->csd[14] & 0x30) { + sd->card_status |= WP_VIOLATION; ++ } + return sd_r1; + + default: +@@ -1240,12 +1245,15 @@ + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; +- if (sd_wp_addr(sd, sd->data_start)) ++ } ++ if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; +- if (sd->csd[14] & 0x30) ++ } ++ if (sd->csd[14] & 0x30) { + sd->card_status |= WP_VIOLATION; ++ } + return sd_r1; + + default: diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch new file mode 100644 index 0000000000..6b4c1ec050 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch @@ -0,0 +1,139 @@ +From 790762e5487114341cccc5bffcec4cb3c022c3cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Thu, 4 Jun 2020 19:22:29 +0200 +Subject: [PATCH] hw/sd/sdcard: Do not switch to ReceivingData if address is + invalid +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Only move the state machine to ReceivingData if there is no +pending error. This avoids later OOB access while processing +commands queued. + + "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" + + 4.3.3 Data Read + + Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + 4.3.4 Data Write + + Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + +WP_VIOLATION errors are not modified: the error bit is set, we +stay in receive-data state, wait for a stop command. All further +data transfer is ignored. See the check on sd->card_status at the +beginning of sd_read_data() and sd_write_data(). + +Fixes: CVE-2020-13253 + +Cc: qemu-stable@nongnu.org +Reported-by: Alexander Bulekov +Buglink: https://bugs.launchpad.net/qemu/+bug/1880822 +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-6-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=790762e5487114341cccc5bffcec4cb3c022c3cd + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 38 ++++++++++++++++++++++++-------------- + 1 file changed, 24 insertions(+), 14 deletions(-) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index f4f76f8fd2..fad9cf1ee7 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -1171,13 +1171,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 17: /* CMD17: READ_SINGLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: +- sd->state = sd_sendingdata_state; +- sd->data_start = addr; +- sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { ++ if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; + } ++ ++ sd->state = sd_sendingdata_state; ++ sd->data_start = addr; ++ sd->data_offset = 0; + return sd_r1; + + default: +@@ -1188,13 +1190,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 18: /* CMD18: READ_MULTIPLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: +- sd->state = sd_sendingdata_state; +- sd->data_start = addr; +- sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { ++ if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; + } ++ ++ sd->state = sd_sendingdata_state; ++ sd->data_start = addr; ++ sd->data_offset = 0; + return sd_r1; + + default: +@@ -1234,14 +1238,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { +- sd->card_status |= ADDRESS_ERROR; +- } + if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; + } +@@ -1261,14 +1268,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { +- sd->card_status |= ADDRESS_ERROR; +- } + if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; + } +-- +2.32.0 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch new file mode 100644 index 0000000000..ffce610f79 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch @@ -0,0 +1,54 @@ +From 9157dd597d293ab7f599f4d96c3fe8a6e07c633d Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 3 Jun 2020 19:59:16 +0200 +Subject: [PATCH] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Only SCSD cards support Class 6 (Block Oriented Write Protection) +commands. + + "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" + + 4.3.14 Command Functional Difference in Card Capacity Types + + * Write Protected Group + + SDHC and SDXC do not support write-protected groups. Issuing + CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. + +Cc: qemu-stable@nongnu.org +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-7-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=9157dd597d293ab7f599f4d96c3fe8a6e07c633d + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 5137168..1cc16bf 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + sd->multi_blk_cnt = 0; + } + ++ if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { ++ /* Only Standard Capacity cards support class 6 commands */ ++ return sd_illegal; ++ } ++ + switch (req.cmd) { + /* Basic commands (Class 0 and Class 1) */ + case 0: /* CMD0: GO_IDLE_STATE */ +-- +1.8.3.1 From patchwork Mon Mar 21 22:29:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5615 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8812BC433FE for ; Mon, 21 Mar 2022 22:29:39 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.web08.2473.1647901778201591853 for ; Mon, 21 Mar 2022 15:29:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=pN7BwqGN; spf=softfail (domain: sakoman.com, ip: 209.85.216.50, mailfrom: steve@sakoman.com) Received: by mail-pj1-f50.google.com with SMTP id m11-20020a17090a7f8b00b001beef6143a8so559371pjl.4 for ; Mon, 21 Mar 2022 15:29:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=giQsGTRC4suQeu3qNNVyGHijy3/rXGee6EiR8EYxdn4=; b=pN7BwqGNyFiHyebXCVpMQ2mbVqRQwkrhu3BWDb6ugerwacXhomzLOTBforW4n9XA89 npwjdBPYrr+eW7TPjizr5+1GP1wFmwPf6uS0OzhdZfE9MbOrMRqr7mjRdus8LQ5rPBid 3pyhiFWeMmgfSib2cSQ1xxoEggItDm1X4lnxrI0CIvBwTWyTPCaQTFB6Qkiamk2Y4uS3 l5NF8Ca/2xWh9Xx1mGs+CmYaJPN+4qRWQh6LiSmlFCUw5Hw8fKOzRk15pzHSEDv7pYvp I+Wt79IshzV+BTYu/KhF+rF6R8LiKy4o2iBX9v/q58lGNq3sEK2gieFPBInbZotK8Opi X3Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=giQsGTRC4suQeu3qNNVyGHijy3/rXGee6EiR8EYxdn4=; b=SMerPD0NcG5qoABr47dI6GwFjV+BNBBWl1AOFBoK6Qn4OdOaIh9z5kuD9ARicAncWD +hCAXSiKfJXZPX5ho53NH7GcYnRHHfpOBK7v0bptEzYZX321/IDC+N4L5Hg9sS+6o811 oRs3V5JdmoGIQ+f1oOvuD75Z9/2rcd6BOj2NHWsmZyXNDMcSJZDN6xGYd+pMuqcPqKEQ kTJ/KB3gnnV/yFGD+3f3Ekcibyjd4mXgqAX8+gtmA7KJ2j1F+tyL7BN6TPNmXtHKgj54 VsHL8Xt2WAQAweTa8JJ0z/tjudA3J99EzwDt4q4+CrgpKmUiLlthnNJ+dPX+CgKcavMH 2lKw== X-Gm-Message-State: AOAM532IF9POT9dUt643r1nlvOcv6fj3UE5KEtBqzDSPUjQ3V9/7ByAl +cUSLgpOnhTwgAaeccVuuEu1FAxIT3+qVZtQCTg= X-Google-Smtp-Source: ABdhPJx2psEgbV+RdMjh/RhZer44/pbh1v0qEYasEaXhDPutPDyJODdJDYnSFSj4pMMOcQwJQTdZUA== X-Received: by 2002:a17:902:e94f:b0:14f:1636:c8a8 with SMTP id b15-20020a170902e94f00b0014f1636c8a8mr14763872pll.130.1647901777224; Mon, 21 Mar 2022 15:29:37 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/13] bluez5: fix CVE-2021-3658 Date: Mon, 21 Mar 2022 12:29:05 -1000 Message-Id: <12669ab256a3ffbcb4bcbaba1bc9c690920d32b1.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163518 From: Minjae Kim adapter incorrectly restores Discoverable state after powered down Upstream-Status: Backport [https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055] CVE: CVE-2021-3658 Signed-off-by:Minjae Kim Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/bluez5/bluez5.inc | 1 + .../bluez5/bluez5/CVE-2021-3658.patch | 95 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 34796fdd20..7cf061dcf6 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -54,6 +54,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-test-gatt-Fix-hung-issue.patch \ file://CVE-2021-0129.patch \ file://CVE-2021-3588.patch \ + file://CVE-2021-3658.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch new file mode 100644 index 0000000000..1738ca13da --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch @@ -0,0 +1,95 @@ +From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Thu, 24 Jun 2021 16:32:04 -0700 +Subject: [PATCH] adapter: Fix storing discoverable setting + +discoverable setting shall only be store when changed via Discoverable +property and not when discovery client set it as that be considered +temporary just for the lifetime of the discovery. + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055] +Signed-off-by:Minjae Kim +--- + src/adapter.c | 35 ++++++++++++++++++++++------------- + 1 file changed, 22 insertions(+), 13 deletions(-) + +diff --git a/src/adapter.c b/src/adapter.c +index 12e4ff5c0..663b778e4 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) + if (changed_mask & MGMT_SETTING_DISCOVERABLE) { + g_dbus_emit_property_changed(dbus_conn, adapter->path, + ADAPTER_INTERFACE, "Discoverable"); +- store_adapter_info(adapter); ++ /* Only persist discoverable setting if it was not set ++ * temporarily by discovery. ++ */ ++ if (!adapter->discovery_discoverable) ++ store_adapter_info(adapter); + btd_adv_manager_refresh(adapter->adv_manager); + } + +@@ -2162,8 +2166,6 @@ static bool filters_equal(struct mgmt_cp_start_service_discovery *a, + static int update_discovery_filter(struct btd_adapter *adapter) + { + struct mgmt_cp_start_service_discovery *sd_cp; +- GSList *l; +- + + DBG(""); + +@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct btd_adapter *adapter) + return -ENOMEM; + } + +- for (l = adapter->discovery_list; l; l = g_slist_next(l)) { +- struct discovery_client *client = l->data; ++ /* Only attempt to overwrite current discoverable setting when not ++ * discoverable. ++ */ ++ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)) { ++ GSList *l; + +- if (!client->discovery_filter) +- continue; ++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { ++ struct discovery_client *client = l->data; + +- if (client->discovery_filter->discoverable) +- break; +- } ++ if (!client->discovery_filter) ++ continue; + +- set_discovery_discoverable(adapter, l ? true : false); ++ if (client->discovery_filter->discoverable) { ++ set_discovery_discoverable(adapter, true); ++ break; ++ } ++ } ++ } + + /* + * If filters are equal, then don't update scan, except for when +@@ -2216,8 +2225,7 @@ static int discovery_stop(struct discovery_client *client) + return 0; + } + +- if (adapter->discovery_discoverable) +- set_discovery_discoverable(adapter, false); ++ set_discovery_discoverable(adapter, false); + + /* + * In the idle phase of a discovery, there is no need to stop it +@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter *adapter) + g_free(adapter->current_discovery_filter); + adapter->current_discovery_filter = NULL; + ++ set_discovery_discoverable(adapter, false); + adapter->discovering = false; + + while (adapter->connections) { +-- +2.25.1 + From patchwork Mon Mar 21 22:29:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5616 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75055C433EF for ; Mon, 21 Mar 2022 22:29:41 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web09.2514.1647901780375670959 for ; Mon, 21 Mar 2022 15:29:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=jUf9h4/q; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id l8so16745329pfu.1 for ; Mon, 21 Mar 2022 15:29:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=telUtB11Dlt0PFx4XFy6rRsdf3/o+EF35esCP0MxyPE=; b=jUf9h4/qcBDS8CN+g0Ob4ytRyIMD/KOu3nwAinJke8XiXB2woF91AGPFtwjL861HKs wFnwYr5Y5HVsJSaAq7lAiTEoW8txtSi3+js2+zL1ULLDSFiPYuVZzKmTnxmolanlEP3g 8ntian4TYlz+VMyXT5Iz0sfpDek1QO0aUMKi2KzFBp/HtPFM3vijC8+TtOtEb3Sqoual EPC0Nz7/79nFpNzqnqk6M46UoDavt8B3dTryRlqNiLapbNQPQiQ8c7eB+i1/Xke7imOE n1uydzAeBazXwISQ9ggQHUJ0gNaCDORQuAUoDD0kS+OYOpeM71Pnpi0pahqBgQ60c8ZE Orjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=telUtB11Dlt0PFx4XFy6rRsdf3/o+EF35esCP0MxyPE=; b=TBlY1eq4u4N0uF4FaJj76aubzLu/FUo6s0NIiaYAe6slMHbCgE4KYycZHl3PDnz8TI k3cEZI4b3yQfuPMoB4BjIjt/TRP/yzcwftz3eNQFn3F830WJXRKyuiT2V+kpItNssRNr 8MaE+Vjhjdo+tey90vzSUGFNACCJGiTpLqVxSuT0p6qh8andOav8e4Kfc28MrD3DkQFK fJYWUyLp5UOyA2AS6oi2mhmVBVNfGVMSsUsqtwBfcvGc8NTKjv5knEVXBBFu0tqgFaoG eBfPSnq9okigeVIhQaxLbg+1EwPN0cFiLsJmxS8xCXkdrQxUYhthhoqoNc5LHkRqbOMA biEg== X-Gm-Message-State: AOAM533r03Wol29gKmleSWaylGPqeZShmKTnynOD2lWzVDv7TnCA3Iox BxLzP4UBKprPyohH8qDIVim7tcvuBXSC+RA0TCM= X-Google-Smtp-Source: ABdhPJzOdS5pd8uSFt0A3MwF3Y7lBXz5QiomWzQ3IejiWF1//7dkEdYuH3tPAXANQNQrunoAlHgDgg== X-Received: by 2002:a05:6a00:1683:b0:4f7:e497:6a55 with SMTP id k3-20020a056a00168300b004f7e4976a55mr26173923pfc.21.1647901779328; Mon, 21 Mar 2022 15:29:39 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/13] openssl: upgrade 1.1.1l -> 1.1.1n Date: Mon, 21 Mar 2022 12:29:06 -1000 Message-Id: <4d33b7ce0c50af81a01014a7d7d37c93a041a28d.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163519 From: Ovidiu Panait Upgrade openssl 1.1.1l -> 1.1.1n to fix CVE-2022-0778: https://nvd.nist.gov/vuln/detail/CVE-2022-0778 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 This also fixes an evp_extra_test ptest failure introduced by openssl-1.1.1m: """ not ok 19 - test_signatures_with_engine ERROR: (ptr) 'e = ENGINE_by_id(engine_id) != NULL' failed @ ../openssl-1.1.1m/test/evp_extra_test.c:1890 0x0 not ok 20 - test_cipher_with_engine """ The ptest change is already present in Yocto master since oe-core commit 5cd40648b0ba ("openssl: upgrade to 3.0.1"). Signed-off-by: Ovidiu Panait Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2021-4160.patch | 145 ------------------ .../{openssl_1.1.1l.bb => openssl_1.1.1n.bb} | 4 +- 2 files changed, 2 insertions(+), 147 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1n.bb} (97%) diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch deleted file mode 100644 index ff1e807157..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch +++ /dev/null @@ -1,145 +0,0 @@ -From e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Sat, 11 Dec 2021 20:28:11 +0100 -Subject: [PATCH] Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit - targets - -bn_sqr_comba8 does for instance compute a wrong result for the value: -a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 - -The correct result is: -r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f - 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 - -but the actual result was: -r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f - 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 - -so the forth word of the result was 0x75be8e3c but should have been -0x75be8e3d instead. - -Likewise bn_sqr_comba4 has an identical bug for the same value as well: -a=0x022181ba fd3aa878 899b2346 ee210f45 - -correct result: -r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 - -wrong result: -r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 - -Fortunately the bn_mul_comba4/8 code paths are not affected. - -Also the mips64 target does in fact not handle the carry propagation -correctly. - -Example: -a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000 - 022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001 - -correct result: -r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 - 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d - 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 - 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 - -wrong result: -r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 - 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d - 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 - 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 - -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/17258) - -(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) - -Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb] -CVE: CVE-2021-4160 -Signed-off-by: Ranjitsinh Rathod - ---- - crypto/bn/asm/mips.pl | 4 ++++ - test/bntest.c | 45 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 49 insertions(+) - -diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl -index 8ad715bda4..74101030f2 100644 ---- a/crypto/bn/asm/mips.pl -+++ b/crypto/bn/asm/mips.pl -@@ -1984,6 +1984,8 @@ $code.=<<___; - sltu $at,$c_2,$t_1 - $ADDU $c_3,$t_2,$at - $ST $c_2,$BNSZ($a0) -+ sltu $at,$c_3,$t_2 -+ $ADDU $c_1,$at - mflo ($t_1,$a_2,$a_0) - mfhi ($t_2,$a_2,$a_0) - ___ -@@ -2194,6 +2196,8 @@ $code.=<<___; - sltu $at,$c_2,$t_1 - $ADDU $c_3,$t_2,$at - $ST $c_2,$BNSZ($a0) -+ sltu $at,$c_3,$t_2 -+ $ADDU $c_1,$at - mflo ($t_1,$a_2,$a_0) - mfhi ($t_2,$a_2,$a_0) - ___ -diff --git a/test/bntest.c b/test/bntest.c -index b58028a301..bab34ba54b 100644 ---- a/test/bntest.c -+++ b/test/bntest.c -@@ -627,6 +627,51 @@ static int test_modexp_mont5(void) - if (!TEST_BN_eq(c, d)) - goto err; - -+ /* -+ * Regression test for overflow bug in bn_sqr_comba4/8 for -+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets. -+ */ -+ { -+ static const char *ehex[] = { -+ "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", -+ "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", -+ "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", -+ "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", -+ "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", -+ "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", -+ "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", -+ "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", -+ NULL}; -+ static const char *phex[] = { -+ "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", -+ "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", -+ "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", -+ "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439", -+ "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5", -+ "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813", -+ "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4", -+ "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5", -+ NULL}; -+ static const char *mhex[] = { -+ "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f", -+ "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3", -+ "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900", -+ "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b", -+ "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc", -+ "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647", -+ "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c", -+ "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b", -+ NULL}; -+ -+ if (!TEST_true(parse_bigBN(&e, ehex)) -+ || !TEST_true(parse_bigBN(&p, phex)) -+ || !TEST_true(parse_bigBN(&m, mhex)) -+ || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) -+ || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) -+ || !TEST_BN_eq(a, d)) -+ goto err; -+ } -+ - /* Zero input */ - if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0))) - goto err; --- -2.25.1 - diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb similarity index 97% rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb rename to meta/recipes-connectivity/openssl/openssl_1.1.1n.bb index 24466e11b1..8538bd5a18 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb @@ -18,14 +18,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://afalg.patch \ file://reproducible.patch \ file://reproducibility.patch \ - file://CVE-2021-4160.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" +SRC_URI[sha256sum] = "40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -181,6 +180,7 @@ do_install_ptest () { install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines } From patchwork Mon Mar 21 22:29:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5617 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87F19C433EF for ; Mon, 21 Mar 2022 22:29:43 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.2452.1647901782506759989 for ; Mon, 21 Mar 2022 15:29:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=weMwafKN; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id o23so11299105pgk.13 for ; Mon, 21 Mar 2022 15:29:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=qxh4WFuO55K1+9jK60gvj/pDkoZwJ9cthlZ5hWfKtjw=; b=weMwafKNIXUWPEU9rYhNi7xBGTdMt+wnV5wBM7RbOuk2pQHXyXrHkgW+sMrbCh8bOS 4yJalBDtQ8DfdCD9bWzIsQf/V0DvpE++6TcbGKvlffsihKELjK33SNyx7OLEv6e03lkn 9pn2Jds1VJst4q2xbsfoJ7LQ2JKZA0wmGe33A1IAZyKUNZEQ0g2jJquOPGtNH9trzbq0 VUc9LAlK6yfDfF+HoKHACS0Lso/rnIDYmZPhLBJCVRg18FHXltvjvODEayY2lLWhOFg3 uvTQMzjixmzkIPc1Mi+UiHsCwuHE94GUZ4+peBgTTlSAILv9w11X2/Jybz++MLtXnruT XLPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qxh4WFuO55K1+9jK60gvj/pDkoZwJ9cthlZ5hWfKtjw=; b=ba1k7CmujjX87dvmChsqY2vBeR3SBlkFrehEDtGDC92GkkwbS+EvMknX6OhO9mHmqb 9uZOZiRTsRgiN/hO+/GeLi5zR+PVEDIU0WR7VCyHs5Goh1B+HXr4ErH3oNxr9KZmpyt3 LWz34nfIneENjrAC15JjYwgtyrvMmBERSX+lQmI7JdxziJCcuUluZkRqFvOZrGjb9Ynp erEtaFiOjLXUZdVg8AZZAQIWoVJx43zF3WoW4sesXt3UXMfPPDr7tbZiBu7lzr/Q6zux ox8at7GUF5tix5cQ+LBKDythQSDdzUX13F8hp0rPiBztr8dHQLF4sTUTM3cutrE8Lj8D 2TcQ== X-Gm-Message-State: AOAM533ToLQWA0l8ZugP1/DyUzhurFaMDQenRMW0aRRgcmZbxJVbPZjf ZqAC4mFXs8sJ/BDts4T44eiVsfKTUa2J6UuF9n8= X-Google-Smtp-Source: ABdhPJz6MvbhxWmqVCyzjO4mPGcgCBUwDUqee42FMlpcCKlAHBXQWEJGqbThuwJUz9aD1al1lTc+Rg== X-Received: by 2002:a63:740f:0:b0:381:1467:d478 with SMTP id p15-20020a63740f000000b003811467d478mr19551664pgc.391.1647901781525; Mon, 21 Mar 2022 15:29:41 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/13] python3: upgrade 3.8.12 -> 3.8.13 Date: Mon, 21 Mar 2022 12:29:07 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163520 From: Tim Orling Security and bug fixes (including upgrades for security and bug fixes to bundled components). For changes see: https://docs.python.org/release/3.8.13/whatsnew/changelog.html#python-3-8-13-final CVE: CVE-2022-26488 License-Update: Add 2022 to copyright years * Update bpo-36852 patch to apply after change in 3.8.13 Signed-off-by: Tim Orling Signed-off-by: Steve Sakoman --- ...-detection-of-mips-architecture-for-.patch | 42 ++++++++++--------- .../{python3_3.8.12.bb => python3_3.8.13.bb} | 6 +-- 2 files changed, 26 insertions(+), 22 deletions(-) rename meta/recipes-devtools/python/{python3_3.8.12.bb => python3_3.8.13.bb} (98%) diff --git a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch index c4fae09a5b..4ac0e140cc 100644 --- a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch +++ b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch @@ -14,17 +14,21 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196] Signed-off-by: Matthias Schoepfer %% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch + +Updated to apply after dea270a2a80214de22afadaaca2043d0d782eb7d + +Signed-off-by: Tim Orling --- configure.ac | 175 +++++++-------------------------------------------- 1 file changed, 21 insertions(+), 154 deletions(-) diff --git a/configure.ac b/configure.ac -index ede710e..bc81b0b 100644 +index de83332dd3..16b02d0798 100644 --- a/configure.ac +++ b/configure.ac -@@ -710,160 +710,27 @@ fi - MULTIARCH=$($CC --print-multiarch 2>/dev/null) - AC_SUBST(MULTIARCH) +@@ -719,160 +719,27 @@ then + fi + -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics]) -cat >> conftest.c </dev/null) -- -2.24.1 +2.32.0 diff --git a/meta/recipes-devtools/python/python3_3.8.12.bb b/meta/recipes-devtools/python/python3_3.8.13.bb similarity index 98% rename from meta/recipes-devtools/python/python3_3.8.12.bb rename to meta/recipes-devtools/python/python3_3.8.13.bb index cfcc91b396..112ebec4c1 100644 --- a/meta/recipes-devtools/python/python3_3.8.12.bb +++ b/meta/recipes-devtools/python/python3_3.8.13.bb @@ -4,7 +4,7 @@ DESCRIPTION = "Python is a programming language that lets you work more quickly LICENSE = "PSF-2.0 & BSD-0-Clause" SECTION = "devel/python" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c22d2438294c784731bf9dd224a467b7" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c84eccf626bb6fde43e6ea5e28d8feb5" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://run-ptest \ @@ -42,8 +42,8 @@ SRC_URI_append_class-native = " \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[md5sum] = "9dd8f82e586b776383c82e27923f8795" -SRC_URI[sha256sum] = "b1d3a76420375343b5e8a22fceb1ac65b77193e9ed27146524f0a9db058728ea" +SRC_URI[md5sum] = "c4b7100dcaace9d33ab1fda9a3a038d6" +SRC_URI[sha256sum] = "6f309077012040aa39fe8f0c61db8c0fa1c45136763299d375c9e5756f09cf57" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Mon Mar 21 22:29:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5621 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75339C433EF for ; Mon, 21 Mar 2022 22:29:52 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web11.2453.1647901784522186110 for ; Mon, 21 Mar 2022 15:29:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ZtXstbQr; spf=softfail (domain: sakoman.com, ip: 209.85.215.170, mailfrom: steve@sakoman.com) Received: by mail-pg1-f170.google.com with SMTP id o8so11298611pgf.9 for ; Mon, 21 Mar 2022 15:29:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=rc4OnnoqLFsJAmAPWiKb6Gurzk5jMhjThwM4nEiEo9I=; b=ZtXstbQrxD+/YlMEoPgjJXgwpGEJi/paHGJq0VoKSECi4MMporSbeGsdc7ZtFNfTNA gJWyDLSC8FJKLdSTnPi2oFQXNFkCqeTcxex0fskcHdapH9XLs+XwdRqEFfQ+8NPqSoAv Tz2JFdGlfObQDP4iUEvFQP4KsYOUcQh3aPPzTt5dlBr9iGreZAZzyPjNvx7jhvyLg6ay SeMeCYcmpIXKbS8Vz6deD3RE89swdn5wLL65HTOz57afcumuzSrRMvo7vDyZ1P3loJBV AiQH0N80AWKCJK2OukEP6Fx4aAXxNfpU0fVuMESLW/wL7kzM2FS/Aaw+AMPe18Nirkcq sHyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rc4OnnoqLFsJAmAPWiKb6Gurzk5jMhjThwM4nEiEo9I=; b=o8WuYW7ILh2frwQCeZU41ShhZPf6ucUBqH5cY/oWCjRT3BF45YmYJyIDwaFNDWvDKM /EHjpi+ApY9HaFtzyOXLPgYcWgYshFiKujHpYxcFIk8pUuYsGEbP6llEZjtNrjvZbLN3 2UTE1kKlLIYRHzxuBockH1z2MWKrgmPOYvmf4TxENl9GAKQp/2YG7++KsGdo1R7n3UdP xwyqXs0+UPiEXy2wD+KQ6LbHH2lBTTFiivG/q4DC3lV7BSMqk1WSD58TACBDhtnD+L/3 NieoXOqXwlHzdopr7MuB/nJH4bVOTEvKceydQ8mNO5k1WQBGgdrHrv3Uhg/+gDjH3HdT r7Bg== X-Gm-Message-State: AOAM531/xISe31eGODVAtHCRObwMhOnbfiUxTK2c0tck2+j+ZnaJzLoJ ViKPPy1QFz1lgmxOjsXiMCaotylh77ui1svjdPg= X-Google-Smtp-Source: ABdhPJw/n+ewDNTE6cWL3ZawBhaByyk/9cSkCzwAeONw74kv/3Juv3XU6xseg04OFLtSsJCsQfddUA== X-Received: by 2002:a63:4665:0:b0:374:7305:dab4 with SMTP id v37-20020a634665000000b003747305dab4mr19824331pgk.256.1647901783622; Mon, 21 Mar 2022 15:29:43 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:43 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/13] linux-firmware: upgrade 20220209 -> 20220310 Date: Mon, 21 Mar 2022 12:29:08 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163521 From: wangmy License-Update: year updated to 2022 Version of some driver files updated Added files for some drivers Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit be1b1d204c89035c54a626db46c5054e553b82c2) Signed-off-by: Steve Sakoman --- ...inux-firmware_20220209.bb => linux-firmware_20220310.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220209.bb => linux-firmware_20220310.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb index 9cb357fa90..7a6cb1903b 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb @@ -72,7 +72,7 @@ LICENSE = "\ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=d357524f5099e2a3db3c1838921c593f \ + file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=ed3d7426e4df06fbadcca24ebf00cc5f \ + file://WHENCE;md5=45a9c4a92d152e9495db81e1192f2bdc \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -205,7 +205,7 @@ PE = "1" SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "e2e46fa618414952bbf2f6920cd3abcddbef45bfb7d1352994b4bfc35394d177" +SRC_URI[sha256sum] = "5938ee717b2023b48f6bfcf344b40ddc947e3e22c0bc36d4c3418f90fea68182" inherit allarch From patchwork Mon Mar 21 22:29:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5618 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1968C433EF for ; Mon, 21 Mar 2022 22:29:47 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.2409.1647901786549434128 for ; Mon, 21 Mar 2022 15:29:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=dbWhK3IW; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d19so16691392pfv.7 for ; Mon, 21 Mar 2022 15:29:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=H+xnDsS9e0ODeLLBFwJfJDYvfVh9APmBSrRlfYjPBtI=; b=dbWhK3IWpjZF4QrtCI6Pm3XHVHhzxzSc2+6WsYYMwlOqSZye+tE+whz9cdFm4WAQU/ XQ450OhYysynMcbduS/948+Q3KA4hP9shYQjAhqTD4/6sEYxjqc1zSP87gTx5Xn62PbZ iptXinCrHJ+K8+cZLAI93Hl3l4JdHwuscyQ4udtcO8m2TimKFZrsWvMbdg7uwLJVJl3K V2HoJguktp5SXI2PdzEzRDwopgdkx33oOg8J3AeXI9qCqtpQnf2QjxsZfG4kCk+w94jj ZOLNODM1GehiLNF+63GoaLit685XOI5OrgoCAjDDHSSL5imYIEXmDwe+4nqgYBA+Wuw+ +rMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H+xnDsS9e0ODeLLBFwJfJDYvfVh9APmBSrRlfYjPBtI=; b=b8gi35DgUJdH3Cshye0NOTk4/1OxhCzPhX5ZGJ3UnNj4q//0vdvsSlVSyR9f5rnVJc EnmjLnUBEPRVrrWW5JmXCPQR68kjWTG1OkjfDEqbl41Ka2Rrw4gFhPBeJNxxey7DRrvq RJ8z4eQIRMHudLwqjaP3ZCr47jgqUZ4SGKrUjFz4SM2gZbBEvxpJU5mZdloKs/zLWLLA RHxA5KrlV+tJSCbE7W7IwyqoAA5Ofn8/BgvZiAWhz72DFYSzwaw8c/kDxuJIc5CAuK3S BzCbrk7l5UxNxZ9d14zqj5s9TB1nrqZrC2IMHLRJGWChh9IpBx15hcI2fUxQzWCUc/R+ L0lA== X-Gm-Message-State: AOAM533UHYYxeTHFuwZJ3m/BkKejh0MRgNe7nkY9qxSNzuJ7opgVUTCH 93+6959Q8/M3E8RjHkgr1pSMnGME/a6U2ybgtL0= X-Google-Smtp-Source: ABdhPJym+5oHlIJmZ4gBrMfO9u5itMKqGL2zFd31uDttkGI4qZjhu+weBf+W5KF26X8eEpsNAeKBXA== X-Received: by 2002:a05:6a00:22d2:b0:4fa:9d26:bc5d with SMTP id f18-20020a056a0022d200b004fa9d26bc5dmr7965353pfj.79.1647901785539; Mon, 21 Mar 2022 15:29:45 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/13] mobile-broadband-provider-info: upgrade 20201225 -> 20210805 Date: Mon, 21 Mar 2022 12:29:09 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163522 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 93a335993ce592a8ee34fc9a490e327f2775e03f) Signed-off-by: Steve Sakoman --- .../mobile-broadband-provider-info_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index b4cbc1a76c..4246f4dcbd 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -4,8 +4,8 @@ DESCRIPTION = "Mobile Broadband Service Provider Database stores service provide SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a" -PV = "20201225" +SRCREV = "11f2247eccd3c161b8fd9b41143862e9fb81193c" +PV = "20210805" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master" From patchwork Mon Mar 21 22:29:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5619 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 712FAC433F5 for ; Mon, 21 Mar 2022 22:29:49 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web09.2519.1647901788858880223 for ; Mon, 21 Mar 2022 15:29:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=LXybbO9r; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id s8so16657527pfk.12 for ; Mon, 21 Mar 2022 15:29:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pFUrNh+ShJu8enYXPdE4vGjxo+ggcmq4XggGWwwMZys=; b=LXybbO9rEVGJzjncL7/Wl8M1GfYO8wnxlPb9GFjLZE8TmjslKofd2/6PPGUm0FP0w4 0iNLIBrrsF0ElVpSRm+yX07FrElUF5LF4wlg3o8Caw4PKr9Kxyn4qFzD5QH2fMFfum+h knODCFCjc4JAxpQbyZrzKHdxK6Wi8iLb1cBq4uLJbzg50aW0fV/RCYKctldLHK8ioVtc bcGGIlqEvfEbEuPzbvPA7BPkP8HQia0n3oZ9D3uK+p6vVks7IoH6vbbwoKNhYQGJr3HM 1ztIR6HnDGcyzVqbPbNyyhb7App5HQaoqqtNHrpgsO+Uh37oM2pJqtq4W9bTVx6JaX7X u/Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pFUrNh+ShJu8enYXPdE4vGjxo+ggcmq4XggGWwwMZys=; b=bTjeuc8WorSjuP+FEwPUdvkII9MbTbzwT/S9RgGD0SpwgqW4oKtqvPmWLtKvDHZUFP 49brbeC72CkB5DxdeV504+oNwdQq0yWkZt8x3cZwAy+xjREy0OaYdR2a15KHB7Js1agI 0oR1jAzVA/nhgTkD9Wh0by4rUwURjsQ8JHaKVZ7gD3NFXknP+3iFaDBhWa4jNN1MwUVw P/EHy1SWKS+xSfGFcthKRVvXL7YAmOD+nbx8egvnKm/um22fMSMaptibcqWCDwI/E88j /JaMbtaj2E/OzMb8QVdExdtF6MMLbtRt6SFkVoz0vKYfr7dJlkCY/9whXsmlrmB0JT16 dR7A== X-Gm-Message-State: AOAM530OAvmezf5IeHKF4CpU3oJJZTH3xQhbJPqDzw/SOM0uwfIn8wA9 a5YpMX581Qe8QBjU6gzicr4bqfL2EvMZ1l7O0vU= X-Google-Smtp-Source: ABdhPJy6bJPNqaB0yOqZR1fyCyC8yidRPPEcmzJ8b3FqVEku0OitJUXaq2hcDsDNXhXUizZPx1L1XA== X-Received: by 2002:a05:6a02:20c:b0:381:f276:98d6 with SMTP id bh12-20020a056a02020c00b00381f27698d6mr18970508pgb.39.1647901787961; Mon, 21 Mar 2022 15:29:47 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/13] mobile-broadband-provider-info: upgrade 20210805 -> 20220315 Date: Mon, 21 Mar 2022 12:29:10 -1000 Message-Id: <9e3758114cbc74d820c5904b81b011e5c4a1715b.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163523 From: Changhyeok Bae Signed-off-by: Changhyeok Bae Signed-off-by: Richard Purdie (cherry picked from commit ed02ee8f20094f598448d58875cb7be8a24a019f) Signed-off-by: Steve Sakoman --- .../mobile-broadband-provider-info_git.bb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 4246f4dcbd..781b9216c5 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -4,11 +4,12 @@ DESCRIPTION = "Mobile Broadband Service Provider Database stores service provide SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "11f2247eccd3c161b8fd9b41143862e9fb81193c" -PV = "20210805" + +SRCREV = "4cbb44a9fe26aa6f0b28beb79f9488b37c097b5e" +PV = "20220315" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" S = "${WORKDIR}/git" inherit autotools From patchwork Mon Mar 21 22:29:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5620 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B0CCC433F5 for ; Mon, 21 Mar 2022 22:29:51 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web09.2520.1647901791066067553 for ; Mon, 21 Mar 2022 15:29:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=PGlO6RND; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id t5so16721187pfg.4 for ; Mon, 21 Mar 2022 15:29:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=1dRDLPr6Xos85btpXI/abzPUvBs30tu5wuy75sKAhH4=; b=PGlO6RNDkVg7RJuEsz9b+CC81OxtteyiMCzsIlzdNq0J8jHbrObBpifvambEd9mweo j5SY6yimZ2xivaqlz0L3SnJYgPGxBKHffP/4qKrsOdmEO4AnvxOyykxd3KvVeGwLbtN3 HRm6Ow3nOvqLND+EstpUcBjMIn0oLFm+ngDZfqO/rNAy6qvu+02gu8uU/4ZsRsxtzCFJ EaWU5nlH7L2GNim2FSYD6zzKacnPHkGnVATRJ5ZOi6an8881IlEJQg6L0jSzdezYIDMH /X0S2fxOXEEx1jSNJjO0+CLAo+tzdDkWr41pH77SR7IVtL+DDSCg/nYTc/2/fxJmqphs Pz6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1dRDLPr6Xos85btpXI/abzPUvBs30tu5wuy75sKAhH4=; b=U9A+VDCRvc2zPetAs+AIPKWvGilRlSknSxszDjzREbYqL86Zw2FgOIjZeRM9ikPiGd 3JXleihxDygN7Fzrp5nnXsIF/jjcqSYJbbVuhMb/wD/eIkVQiOFUY3KixqwwtdKu5jiG btoQs0pJDkuSt2N23HA/cu/KRQt4eIPEBmA8c0y58Fzwqr4TnpV92hlMRT7+yul76Nh5 XYMfgEfXnIpEqtYmnQr1JuRlHiqYUeUtvfG3Ve9a633rccGWNCJb36WSZ+/t7DVTf4g6 VQdeqvxBCIymm0y6e2UITGq/8mAhyq1xDOSpTKrjrHhBPKjplulMriO8DHEyOZts/pFy fBFg== X-Gm-Message-State: AOAM532RTEVzQFiHsPDQM4cQ0iOyRIfJop7E/YRD9XUWlALY4xLsqnDT 4unQsUUN7lC6JIgjcCg1bPEbA/p8BgSl163UdCU= X-Google-Smtp-Source: ABdhPJzqsL7uuvpzEo9PjMs+s2DDuniYH711xRihGO7igQPsvMcP/DS9cXHKNo6axAjy3IbEeOrwog== X-Received: by 2002:a65:604a:0:b0:375:5cc8:7458 with SMTP id a10-20020a65604a000000b003755cc87458mr19969888pgp.205.1647901789986; Mon, 21 Mar 2022 15:29:49 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/13] python3targetconfig: Use for nativesdk too Date: Mon, 21 Mar 2022 12:29:11 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163524 From: Richard Purdie nativesdk is a cross compiled target and therefore should use the target config, not the native one. Copy the target entries accordingly. Signed-off-by: Richard Purdie (cherry picked from commit b1b5fec350b390fa7f2d26966df1411b032faf87) Signed-off-by: Steve Sakoman --- meta/classes/python3targetconfig.bbclass | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/meta/classes/python3targetconfig.bbclass b/meta/classes/python3targetconfig.bbclass index fc1025c207..a6e67f1bf8 100644 --- a/meta/classes/python3targetconfig.bbclass +++ b/meta/classes/python3targetconfig.bbclass @@ -15,3 +15,15 @@ do_compile_prepend_class-target() { do_install_prepend_class-target() { export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" } + +do_configure:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} + +do_compile:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} + +do_install:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} From patchwork Mon Mar 21 22:29:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5622 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77723C433EF for ; Mon, 21 Mar 2022 22:29:54 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.2412.1647901793515440849 for ; Mon, 21 Mar 2022 15:29:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=qUZ/oVBv; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id t5so16721251pfg.4 for ; Mon, 21 Mar 2022 15:29:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=5r8YY9NdGMzh/Hd85dR6xZg0EaGNSzvK5brognfYlVY=; b=qUZ/oVBvvpACb7e+hUmLx2y4GwlYM45xKSFT6RjdynP7fceBrdQxVeuL34o3nQZTGb ndXolsGzZyItn8EuoH6R4ikiAPuBhBInxVqi/hewHiM9y58NIM/4A9dO6rrXId+/AlM3 ZN/WP8XXELYzR/nwkU0aKQKBzQxeYsnVZrxlGK4OA1looxiawfvxtZk5pRi9/T8b19Fc jRQriPtzHSOpBmgvHuugsUIf9+76aSFR3UGMZ7RG8X0apBeDkS9AGZCROa2kE41to6cq 0zYFJaSgyPhxUZB4PZoVWUW5qK0SS0+jIe8ZZvyM/fyowHCgpZobgLF/MMOFMYe+0vPh 8qvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5r8YY9NdGMzh/Hd85dR6xZg0EaGNSzvK5brognfYlVY=; b=7lnO6iF2UYXkqq/3fMPpnPRtocnXxCXovbSnbX7y2HeFjDsehKQVLQNnkIFf0nLIxn XEejdDGrI++M8/XIlVxubW6OBRdQ2QmI5rG99YZFhS3kSORc4Ht2LcXIvOU1tgyjjE1+ 8TTGLfNhkEjIoLq1c4LMbh9NasXprEc3XLgmqVz+c14KHC1H25vNsz4we4iXJuhTAfka sL9P6hJG0cUi1IPHmfV4ruRXDjHK6nWxgmsu41ogKHgh7kjwHBNTRrYW2wuC1S+Yr9G0 0FwbvB83RVFRQz5DsaejBBs10mmTHqNuiBRXmYXSPa/JdaXpZ2JTvzuwivq/f4SsAC9E XsPw== X-Gm-Message-State: AOAM530Ha4YNfw6k4yaHiINkVciPwgENjEfUPO6vB14lXu+GH9hNivfy 0gOo5QIS3aO5fXMQWLGjebigPOOhn6aCkLhkTDA= X-Google-Smtp-Source: ABdhPJwdCt1txR9PHXsGBqIywAnEZLlpydjdMEALmSzKS6rk2oYaGYRlnEC78m7DhsdvPfs6ffOb+g== X-Received: by 2002:a63:8948:0:b0:37f:f087:9cac with SMTP id v69-20020a638948000000b0037ff0879cacmr19912658pgd.120.1647901792584; Mon, 21 Mar 2022 15:29:52 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/13] oeqa/runtime/ping: Improve failure message to include more detail Date: Mon, 21 Mar 2022 12:29:12 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163525 From: Richard Purdie When the ping test fails due to a timeout we only get limited debug information. Tweak the code to improve that in case it sheds any light on intermittent failures. Signed-off-by: Richard Purdie (cherry picked from commit d81704057950e1970ef7f673fa771834fd2b3f1e) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/runtime/cases/ping.py | 20 ++++++++++++-------- meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/ping.py b/meta/lib/oeqa/runtime/cases/ping.py index f6603f75ec..498f80d0a5 100644 --- a/meta/lib/oeqa/runtime/cases/ping.py +++ b/meta/lib/oeqa/runtime/cases/ping.py @@ -6,6 +6,7 @@ from subprocess import Popen, PIPE from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.oetimeout import OETimeout +from oeqa.core.exception import OEQATimeoutError class PingTest(OERuntimeTestCase): @@ -13,14 +14,17 @@ class PingTest(OERuntimeTestCase): def test_ping(self): output = '' count = 0 - while count < 5: - cmd = 'ping -c 1 %s' % self.target.ip - proc = Popen(cmd, shell=True, stdout=PIPE) - output += proc.communicate()[0].decode('utf-8') - if proc.poll() == 0: - count += 1 - else: - count = 0 + try: + while count < 5: + cmd = 'ping -c 1 %s' % self.target.ip + proc = Popen(cmd, shell=True, stdout=PIPE) + output += proc.communicate()[0].decode('utf-8') + if proc.poll() == 0: + count += 1 + else: + count = 0 + except OEQATimeoutError: + self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output)) msg = ('Expected 5 consecutive, got %d.\n' 'ping output is:\n%s' % (count,output)) self.assertEqual(count, 5, msg = msg) diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index 976eeca1d4..c45cf4423e 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -31,7 +31,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://CVE-2022-23308.patch \ " -SRC_URI[archive.sha256sum] = "28a92f6ab1f311acf5e478564c49088ef0ac77090d9c719bbc5d518f1fe62eb9" +SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" From patchwork Mon Mar 21 22:29:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5623 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76413C433F5 for ; Mon, 21 Mar 2022 22:29:56 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web08.2474.1647901795599419021 for ; Mon, 21 Mar 2022 15:29:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=d4YFVGTx; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id bx24-20020a17090af49800b001c6872a9e4eso553707pjb.5 for ; Mon, 21 Mar 2022 15:29:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=+xDuSFHO7axlhqFWT9pXH8u9UaA8AnagHC1u/Jly51Q=; b=d4YFVGTx1wG8tefVzC0J8jgYYDo4GorUfEtXPMiWMycCQlaXBH4uZ7ySfsPKhnJ2kS RcoNVF2iHi5DIZrptgcaieNFl6wncAAC11JHh+3q13aWKynLzsWUA1az6P4b4R+Oqou+ QeRWkZmjSAZNR6QsputAwNM6KJ+RZ0XLgKlOlCg861ESgudvgJiFKMSeIA+Rfk8vpNpE cxjuoAqxSpoD01m2AkhNcTr0u99K2s6VvE/3cI9dHIHZNeYaypGhdeEW97+rURZl4U1H g8rDOJcPox250Kw8NuJuAomEYx5n+0LYn61jsR8Jl2nxDI7+VmDN2gDKW5YQauJyX/0p xJGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+xDuSFHO7axlhqFWT9pXH8u9UaA8AnagHC1u/Jly51Q=; b=HcZQbEUIRKPQFtxCjJMKwBpEhERqNC/QvBzTZP/AgqLsbMXes//ST9dNhCC0N5SwZg V1Ri8LTLkp/2vSscX8X9uXvSVUmSjwh+IJEKuwEyxeuckafWntWlmcScTuERZPD7faeC OeIKDmEHovSlsyPMJzJ35V7rb/l5TMUJuktQofqqr4FGMTL1KB7n3CYVlYpo8p4rOKL3 uC5xvqdmyeYeG+yyw3osDwcZNIKxXhLvaEkuINdKy7sUJG0MMsDPrGCFzljXD5OAjWqT zTOJBETrtiODgsmmu4FQiB2g0Lbr7VyBUnpLqju8OXLBqsUiKm6+0YxtMCpRgoXGVLMC zKdg== X-Gm-Message-State: AOAM530g3UDIKnBigG6rRZe20a8fKPzrQketyA/QBVIB1vbkdK9bJbvR dF9RywFAaat5eUofCa72Bq0bjCJ2upHAObVOPGA= X-Google-Smtp-Source: ABdhPJzD0zl5ECLZNkCNlYYZWY5A0b2O5ps4owEdKciyW6V+BeLNx4BMiN0n4mYK2PCEym16H+34TQ== X-Received: by 2002:a17:90b:1c8f:b0:1b8:c6dc:ca61 with SMTP id oo15-20020a17090b1c8f00b001b8c6dcca61mr1406980pjb.13.1647901794725; Mon, 21 Mar 2022 15:29:54 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id k13-20020aa7820d000000b004fa72a52040sm12352649pfi.172.2022.03.21.15.29.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 15:29:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/13] oeqa/selftest/tinfoil: Improve tinfoil event test debugging Date: Mon, 21 Mar 2022 12:29:13 -1000 Message-Id: <71015408c60ddf2e9af00cc8574815971e1b689d.1647901591.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 22:29:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163526 From: Richard Purdie We still see occasional test failures for unknown reasons. Add some debugging to show whether the matching files event was received even if the command complete wasn't. Also ensure any commandfailed/commandexit event is shown. This will hopefully aid debugging the next time the issue occurs. Signed-off-by: Richard Purdie Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 2f7a788bb51ef09ee23c94176285437ea760fab7) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/tinfoil.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/tinfoil.py b/meta/lib/oeqa/selftest/cases/tinfoil.py index 4fcbe594c9..11cbced5ea 100644 --- a/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -87,7 +87,7 @@ class TinfoilTests(OESelftestTestCase): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=True) - tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted']) + tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted', 'bb.command.CommandFailed', 'bb.command.CommandExit']) # Need to drain events otherwise events that were masked may still be in the queue while tinfoil.wait_event(): @@ -118,7 +118,7 @@ class TinfoilTests(OESelftestTestCase): else: self.fail('Unexpected event: %s' % event) - self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server') + self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server (Matching event received: %s)' % str(eventreceived)) self.assertTrue(eventreceived, 'Did not receive FilesMatchingFound event from bitbake server') def test_setvariable_clean(self):