From patchwork Sun Mar 27 16:40:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9DF4C433F5 for ; Sun, 27 Mar 2022 16:41:15 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web12.741.1648399275243233512 for ; Sun, 27 Mar 2022 09:41:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=30W8lKDf; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id k14so10468514pga.0 for ; Sun, 27 Mar 2022 09:41:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Ipoe5sIl4hW9avRlGEblIPwwy9n/DqtNS2beLuu/bUI=; b=30W8lKDfd5ruw57936w1zQo2hKR+/7U0KdcfSlMIYqof0yy0m784nxU+ijO6o2q8SR nWPZmt6kl0CGfATORaScWbuUqF42bSGR8X3C3KkUJEc6kiu7RwSagXe8AnVbk6PJKcA2 7+K9Rfc/vT7UwwiWMFUZnTdFkWneiKAei0CCA2kPij1WhW98QrXvssU+vpJthh2PbmBC JM0NbOfkvYu162yLndmyygBfx5UyDLa8Ye+9Cqc7xtjd0JEA7RLbJYAPP4GyEp0TxjOU Qpg1pnQvCR8dtZlfRMYUmh+7QDcdzMz10Uk7Uqq7Xp8uc0T8rK77QB9RY8XzrT+InOR6 yshw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ipoe5sIl4hW9avRlGEblIPwwy9n/DqtNS2beLuu/bUI=; b=u7O4LjwrfuTmEWVK5dZ6yHoPh7hMy6GXYPlslj1X6PCyNuDAOOntBhBeUENGxvYAOm m1b48HY2raQfXnPpTfs7BskkmiOBg0bpURnEkiGS3vAMeVyeh+cpaxYpdKMOH/Geoxve YXJBaiMxFMBzTHGUiTjzBpnZ+3xTWYKRRuxNmhxpcNRy3cY7xxZdXM38K2w4PRbZ5E+v Zi4Z0lU9W+5XlIJp3tzehjc5CkJxlHgMNdL0boQ0grsG/VCCTM1LEBMAE/S4NMvJnsG7 4KDZnHJvCoXuCFmYp8lv8iwEtR/kKl2okSyUnc17KVPUCu0blV9ByuDx2bOZK9qDQH53 +yPQ== X-Gm-Message-State: AOAM530zMzIbHhEQ+rHI6WTeuNeZhw/URa1h3+KV0ZW5NmUfFHiulSGm in0lhf1DOZ7kPPi83ljUYRs0tdToL8rQKB+DnwU= X-Google-Smtp-Source: ABdhPJzEFFB9amrJ+zyravNwj2mnzGf0q4D8Rfk3SAWthq2sB46rclJZYp+YrjBI/2TN1n86cPWWpA== X-Received: by 2002:a63:5250:0:b0:381:744d:6898 with SMTP id s16-20020a635250000000b00381744d6898mr7429754pgl.388.1648399273781; Sun, 27 Mar 2022 09:41:13 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/10] libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77 Date: Sun, 27 Mar 2022 06:40:51 -1000 Message-Id: <3096134d25fc4cf9bd18839838a62a6c89344e31.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163667 The existing patch for CVE-2021-3200 also fixes CVE-2021-44568 through CVE-2021-44671 and CVE-2021-44573 through CVE-2021-44677, so update CVE tags in patch to reflect this. Reference: https://github.com/openSUSE/libsolv/issues/426 Signed-off-by: Steve Sakoman --- .../recipes-extended/libsolv/files/CVE-2021-3200.patch | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch index cc8f53cefd..fa577fd533 100644 --- a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch +++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch @@ -17,9 +17,19 @@ CVE: CVE-2021-33928 CVE: CVE-2021-33929 CVE: CVE-2021-33930 CVE: CVE-2021-33938 +CVE: CVE-2021-44568 +CVE: CVE-2021-44569 +CVE: CVE-2021-44570 +CVE: CVE-2021-44571 +CVE: CVE-2021-44573 +CVE: CVE-2021-44574 +CVE: CVE-2021-44575 +CVE: CVE-2021-44576 +CVE: CVE-2021-44577 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Chee Yang Lee +Signed-off-by: Steve Sakoman --- ext/testcase.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) From patchwork Sun Mar 27 16:40:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5889 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9E8AC433F5 for ; Sun, 27 Mar 2022 16:41:19 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web08.745.1648399278427534313 for ; Sun, 27 Mar 2022 09:41:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=o0uicljg; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id w7so7857454pfu.11 for ; Sun, 27 Mar 2022 09:41:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zCmjDb/C6MGbl26SxvNVTkqIzQpB+okfdLwuIeLYDmE=; b=o0uicljgB4hYh3AO93TgU8OSPbCiXJzxibJNlcF4SiMVUIOs5K7UAe5r9WcBL65Rqu onHUNZz2//jTcpVcPB3pAILai/yxjYXO9SGkWgIcDEAxkI/IPQeHNA+51WuHAjU4jBS5 Gf7BGyNq6QRHrX0mRJcoxIqyjRn4MCgToV97pFGYxDi+rb/Lm0ASomQby0OKF2MDxYIt SkCTj81pt9yjsg20/nYjEorUdG2BGVR6YjDb0ZI2or+WxJiA/HGwfM49lh2FL9g67eej Td0ClWayeBlhXSXcnCvmLfcsi9M6BMv5nxhiWc7EB1Zl2mffXrBeGH3g2H6X5cIhbCUa a6rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zCmjDb/C6MGbl26SxvNVTkqIzQpB+okfdLwuIeLYDmE=; b=JlVUGWerOFm0ohIALJaWUhCntsZAk0Y1IVT3FIq62onk2ruHCy78ObbeJ6Qj9BOKUw GXjwiNOspGaskRGTBozd6Coq+h780ZkpOaiVe/R05l8FjpB9+qSORiXRPSuBmeIGg6oR XnEwgJf6rPo+Lh1+7qAwx1j8Qrmo0NV6DDYlBPCCiNH0Yy7JPKVx/g2XGbJRiYAviBTU xTY7dy5lzA80DUGYA2Xu4NM8CN7ltFqRsluR2DtTS7WwOvmz9Kiy4sOCa3HRlakLEWq/ 4xEGCdMTaLI0RUVibf/5Fnw1ECXsoifCYhx7/COzfZFV5tx8KEUHYIEpWxQdQFN8YM0Q aYTg== X-Gm-Message-State: AOAM532SoGb5lhnwXrlv1Es59edGxUBYOXpkx/e/3DUEb0ovZ7cNSqHd M8CiFJqgowDx2D7pVJ7FeprHBJYOgPQqA+H8PFc= X-Google-Smtp-Source: ABdhPJwI1bLod5vSR3aToGyPzCjLVoGbY7DMlgjA9/5hIvq7Fnklx7qMSFwkoEu91ZXuZ+g0gCLeCA== X-Received: by 2002:a63:1d0d:0:b0:382:5f9c:9391 with SMTP id d13-20020a631d0d000000b003825f9c9391mr7331137pgd.617.1648399277572; Sun, 27 Mar 2022 09:41:17 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/10] python3: ignore CVE-2022-26488 Date: Sun, 27 Mar 2022 06:40:52 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163668 From: Ross Burton This CVE is specific to Microsoft Windows, so we can ignore it. Signed-off-by: Ross Burton Signed-off-by: Alexandre Belloni (cherry picked from commit 2bd3c5a93988140d9927340b3af68785ae03db65) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3_3.8.13.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3_3.8.13.bb b/meta/recipes-devtools/python/python3_3.8.13.bb index 112ebec4c1..d7f6e9155d 100644 --- a/meta/recipes-devtools/python/python3_3.8.13.bb +++ b/meta/recipes-devtools/python/python3_3.8.13.bb @@ -56,7 +56,7 @@ CVE_CHECK_WHITELIST += "CVE-2007-4559" CVE_CHECK_WHITELIST += "CVE-2019-18348" # This is windows only issue. -CVE_CHECK_WHITELIST += "CVE-2020-15523" +CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" PYTHON_MAJMIN = "3.8" From patchwork Sun Mar 27 16:40:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5890 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCF71C433EF for ; Sun, 27 Mar 2022 16:41:21 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web11.732.1648399280604390900 for ; Sun, 27 Mar 2022 09:41:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cKO27HzR; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id q19so10443894pgm.6 for ; Sun, 27 Mar 2022 09:41:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=DAhO/V7ZCROCPirfRLvaj2hXD7oGm7yhApNZcGfh//U=; b=cKO27HzR6H3yZFULSg+ORaTfaV7Sr044jXw367IZi9uLGMcSmdniMQ0Gqtkk0yhojJ sB2NzNSL/+PbWpLnIbNZwNBSZyin31YBk0rC6k72g9GyZXkCR03qWPO57NxOfQZ8tZC1 zBvNj//3/NMB5fXbhR2tjRphICWfs52lU0IphsXy3M0cS1piQKS9NhJZIVrLRxR4VW8R K9ibLUKVsGyGsem4B4qSsHt1QNqxjP+FJofZqY7sr0M2QvXnWOMiOSL5j7+wMPHsnwC1 dPjpqKGz3G3h+DaCYX5C2sr1vWvB1plWebkLjUsBRm8m5vbPmM2Y/wOEeGGhh9kOYKts 704w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DAhO/V7ZCROCPirfRLvaj2hXD7oGm7yhApNZcGfh//U=; b=aPb9lU9RmN4EBGp/ne4YhJRL/U0M+HxYXqgUDZjx235PKLcHAbYb4az/H1DpWHkWey /mExcQaSNQmPQeRnP0fOPTKyxcx/FTzVu2FYi+lDURBC6+88YQJX2lH4UEusV2D/bo89 yrzfFsYt/eamrSpAjBetarz7zHj4EYw4OTMLwtP9BOVb+kHRjwX35l+JKD3/TGFWiRPO JUrF8ih8ke2KaivQmzN/k6yTPkP4pR1puOd+PNrjEwR1311jK6vEhPjCnHD/OwnNDnsG 0Q326rWSJD8MsOKmkOopFYd6rPxNU7ybCXIz1KCE63FGu403VbTkxYOKZHoNTH4u2TlM /Yaw== X-Gm-Message-State: AOAM531hXnjBobWb8PYThPiknYxKhhepBa0UjmPYWE7jUBWn7lo2M/xo Zv1SP4bJo5wlD6UnLgXDi45GmncM/ii/qG86M5Q= X-Google-Smtp-Source: ABdhPJyR+DfI+kc+nuC2dgt0IjfEUJE5YfO4a5kfGeopNqCtulVNPq6Cme22gKKc7MjcYw3H1Vi5WQ== X-Received: by 2002:a63:f412:0:b0:381:28f:85dd with SMTP id g18-20020a63f412000000b00381028f85ddmr7196811pgi.319.1648399279700; Sun, 27 Mar 2022 09:41:19 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/10] qemu: backport patch fix for CVE-2020-13791 Date: Sun, 27 Mar 2022 06:40:53 -1000 Message-Id: <6d4e6302fa21b1c663b94b05088ecf9b9d544c0a.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163669 From: Davide Gardenal Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00979.html CVE: CVE-2020-13791 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-13791.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 0bdc917783..25c2cdef3a 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -97,6 +97,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2020-13253_3.patch \ file://CVE-2020-13253_4.patch \ file://CVE-2020-13253_5.patch \ + file://CVE-2020-13791.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch new file mode 100644 index 0000000000..1e8278f7b7 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch @@ -0,0 +1,44 @@ +Date: Thu, 4 Jun 2020 16:25:24 +0530 +From: Prasad J Pandit +Subject: [PATCH v3] ati-vga: check address before reading configuration bytes (CVE-2020-13791) + +While reading PCI configuration bytes, a guest may send an +address towards the end of the configuration space. It may lead +to an OOB access issue. Add check to ensure 'address + size' is +within PCI configuration space. + +CVE: CVE-2020-13791 + +Upstream-Status: Submitted +https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00979.html + +Reported-by: Ren Ding +Reported-by: Hanqing Zhao +Reported-by: Yi Ren +Suggested-by: BALATON Zoltan +Signed-off-by: Prasad J Pandit +Signed-off-by: Davide Gardenal +--- + hw/display/ati.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +Update v3: avoid modifying 'addr' variable + -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00834.html + +diff --git a/hw/display/ati.c b/hw/display/ati.c +index 67604e68de..b4d0fd88b7 100644 +--- a/hw/display/ati.c ++++ b/hw/display/ati.c +@@ -387,7 +387,9 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size) + val = s->regs.crtc_pitch; + break; + case 0xf00 ... 0xfff: +- val = pci_default_read_config(&s->dev, addr - 0xf00, size); ++ if ((addr - 0xf00) + size <= pci_config_size(&s->dev)) { ++ val = pci_default_read_config(&s->dev, addr - 0xf00, size); ++ } + break; + case CUR_OFFSET: + val = s->regs.cur_offset; +-- +2.26.2 From patchwork Sun Mar 27 16:40:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5891 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B53C9C433EF for ; Sun, 27 Mar 2022 16:41:23 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web09.775.1648399282821097586 for ; Sun, 27 Mar 2022 09:41:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Zof6n2XV; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id f10so2513065plr.6 for ; Sun, 27 Mar 2022 09:41:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=IjZ3Ajf4x//2FC2Qk4HWp3o2bYKT2rnDiZ9dx7A1HdE=; b=Zof6n2XVlCH3Qv88vZYchxhQ0QEzw7ou6DkW2b7Dv/KCYBiBB0te2YzOf6ujpth3mm TbBxb2egBLhqWmV9xOlHYlpgoAd7uO2iYHgT2IIOo2cm/bF8sudZSxYs/N1z1uYcIL1J 1yUVJOBpJ8X5y1YN4lXUeifXOQxlrvGbr24o7FyLkk0g36OksoAgIRoVlFimTsXpNTsH C50w6u5+D+q9+zFQpGPx+mijy6+flNsgl/5BupQbGONIY0zIF/ft4Twei28uTifFNo4w 1OuufNk74iFFDQZus1qidiM141hhj4Z00P3v2IIe4DMB8v1Dp3ucSybZQECWKAZF58VE J0QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IjZ3Ajf4x//2FC2Qk4HWp3o2bYKT2rnDiZ9dx7A1HdE=; b=UId8SjtsJMuxThSpnweF8JnkE2OUB4JWwUT7FTPM+g2hFe+bH92gJv72C3vwE6NAH/ E4Ba8936sqiybFRxvD/CEg5kIKTP0+qo/kKFkYfAEoF1ZvrXcb8cq4EfYS9BQO6Nc2g/ n6to4sJD5Mzhaio6xhcJZWEGOk+AlHlZdwslp3BEwWBjDqapvWc82arlrfOR7dD5rcgZ 92eL124pw3sf3Jn5cIZhReTG0JvxaWS4B5TF3xnxr5BicfCyLlSIqVcPbZsUBv+PeubE O3O2yY/2ExB9TSw0ENbCAgGKAO0OQX1e44YJ05gMQ3/+nk8mOrLkB42JAk6FiR7IwfCs Z9Qg== X-Gm-Message-State: AOAM532ymFi3cmzP8vurMo+NHDQYz23bZigMjHkeuSAe+09o+zsorxWY vX9oJZKpUDZvR9AiI+jmA773BG5e7MlnW6L2MA8= X-Google-Smtp-Source: ABdhPJyOrwjWoFLnrNc6UzapSVAw+usHU54GUDcCyA+k38YuYwPEcpmu9BU6UTeIbFmp9ICJKnkvfg== X-Received: by 2002:a17:903:2285:b0:154:7dd3:c949 with SMTP id b5-20020a170903228500b001547dd3c949mr22284791plh.108.1648399281705; Sun, 27 Mar 2022 09:41:21 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/10] apt: backport patch fix for CVE-2020-3810 Date: Sun, 27 Mar 2022 06:40:54 -1000 Message-Id: <2c58d4691b07230616272f2727e0ad0a345064be.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163670 From: Davide Gardenal Upstream commit: https://salsa.debian.org/apt-team/apt/-/blob/dceb1e49e4b8e4dadaf056be34088b415939cda6/apt-pkg/contrib/arfile.cc CVE: CVE-2020-3810 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/apt/apt.inc | 1 + .../apt/apt/CVE-2020-3810.patch | 174 ++++++++++++++++++ 2 files changed, 175 insertions(+) create mode 100644 meta/recipes-devtools/apt/apt/CVE-2020-3810.patch diff --git a/meta/recipes-devtools/apt/apt.inc b/meta/recipes-devtools/apt/apt.inc index 3c4fc6df07..ba827848a7 100644 --- a/meta/recipes-devtools/apt/apt.inc +++ b/meta/recipes-devtools/apt/apt.inc @@ -18,6 +18,7 @@ SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/${BPN}/${P file://0001-environment.mak-musl-based-systems-can-generate-shar.patch \ file://0001-apt-1.2.12-Fix-musl-build.patch \ file://0001-Include-array.h-for-std-array.patch \ + file://CVE-2020-3810.patch \ " SRC_URI[md5sum] = "d30eed9304e82ea8238c854b5c5a34d9" SRC_URI[sha256sum] = "03ded4f5e9b8d43ecec083704b2dcabf20c182ed382db9ac7251da0b0b038059" diff --git a/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch b/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch new file mode 100644 index 0000000000..cf1206a3fa --- /dev/null +++ b/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch @@ -0,0 +1,174 @@ +From dceb1e49e4b8e4dadaf056be34088b415939cda6 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 12 May 2020 11:49:09 +0200 +Subject: [PATCH] SECURITY UPDATE: Fix out of bounds read in .ar and .tar + implementation (CVE-2020-3810) + +When normalizing ar member names by removing trailing whitespace +and slashes, an out-out-bound read can be caused if the ar member +name consists only of such characters, because the code did not +stop at 0, but would wrap around and continue reading from the +stack, without any limit. + +Add a check to abort if we reached the first character in the +name, effectively rejecting the use of names consisting just +of slashes and spaces. + +Furthermore, certain error cases in arfile.cc and extracttar.cc have +included member names in the output that were not checked at all and +might hence not be nul terminated, leading to further out of bound reads. + +Fixes Debian/apt#111 +LP: #1878177 + +CVE: CVE-2020-3810 + +Upstream-Status: Backport: +https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 + +Signed-off-by: Davide Gardenal +--- +apt-inst/contrib/arfile.cc | 11 ++- +apt-inst/contrib/extracttar.cc | 2 +- +.../test-github-111-invalid-armember | 88 +++++++++++++++++++ + 3 files changed, 98 insertions(+), 3 deletions(-) + create mode 100755 test/integration/test-github-111-invalid-armember + +diff --git a/apt-inst/contrib/arfile.cc b/st/contrib/arfile.cc +index 3fc3afedb..5cb43c690 100644 +--- a/apt-inst/contrib/arfile.cc ++++ b/apt-inst/contrib/arfile.cc +@@ -92,7 +92,7 @@ bool ARArchive::LoadHeaders() + StrToNum(Head.Size,Memb->Size,sizeof(Head.Size)) == false) + { + delete Memb; +- return _error->Error(_("Invalid archive member header %s"), Head.Name); ++ return _error->Error(_("Invalid archive member header")); + } + + // Check for an extra long name string +@@ -119,7 +119,14 @@ bool ARArchive::LoadHeaders() + else + { + unsigned int I = sizeof(Head.Name) - 1; +- for (; Head.Name[I] == ' ' || Head.Name[I] == '/'; I--); ++ for (; Head.Name[I] == ' ' || Head.Name[I] == '/'; I--) ++ { ++ if (I == 0) ++ { ++ delete Memb; ++ return _error->Error(_("Invalid archive member header")); ++ } ++ } + Memb->Name = std::string(Head.Name,I+1); + } + +diff --git a/apt-inst/contrib/extracttar.cc b/apt-inst/contrib/extracttar.cc +index 9bb0a55c0..b22f59dbc 100644 +--- a/apt-inst/contrib/extracttar.cc ++++ b/apt-inst/contrib/extracttar.cc +@@ -254,7 +254,7 @@ bool ExtractTar::Go(pkgDirStream &Stream) + + default: + BadRecord = true; +- _error->Warning(_("Unknown TAR header type %u, member %s"),(unsigned)Tar->LinkFlag,Tar->Name); ++ _error->Warning(_("Unknown TAR header type %u"), (unsigned)Tar->LinkFlag); + break; + } + +diff --git a/test/integration/test-github-111-invalid-armember b/test/integration/test-github-111-invalid-armember +new file mode 100755 +index 000000000..ec2163bf6 +--- /dev/null ++++ b/test/integration/test-github-111-invalid-armember +@@ -0,0 +1,88 @@ ++#!/bin/sh ++set -e ++ ++TESTDIR="$(readlink -f "$(dirname "$0")")" ++. "$TESTDIR/framework" ++setupenvironment ++configarchitecture "amd64" ++setupaptarchive ++ ++# this used to crash, but it should treat it as an invalid member header ++touch ' ' ++ar -q test.deb ' ' ++testsuccessequal "E: Invalid archive member header" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++rm test.deb ++touch 'x' ++ar -q test.deb 'x' ++testsuccessequal "E: This is not a valid DEB archive, missing 'debian-binary' member" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++# [ other fields] - name is not nul terminated here, it ends in . ++msgmsg "Unterminated ar member name" ++printf '!\0120123456789ABCDE.A123456789A.01234.01234.0123456.012345678.0.' > test.deb ++testsuccessequal "E: Invalid archive member header" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++# unused source code for generating $tar below ++maketar() { ++ cat > maketar.c << EOF ++ #include ++ #include ++ struct tar { ++ char Name[100]; ++ char Mode[8]; ++ char UserID[8]; ++ char GroupID[8]; ++ char Size[12]; ++ char MTime[12]; ++ char Checksum[8]; ++ char LinkFlag; ++ char LinkName[100]; ++ char MagicNumber[8]; ++ char UserName[32]; ++ char GroupName[32]; ++ char Major[8]; ++ char Minor[8]; ++ }; ++ ++ int main(void) ++ { ++ union { ++ struct tar t; ++ char buf[512]; ++ } t; ++ for (int i = 0; i < sizeof(t.buf); i++) ++ t.buf[i] = '7'; ++ memcpy(t.t.Name, "unterminatedName", 16); ++ memcpy(t.t.UserName, "userName", 8); ++ memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); ++ t.t.LinkFlag = 'X'; // I AM BROKEN ++ memcpy(t.t.Size, "000000000000", sizeof(t.t.Size)); ++ memset(t.t.Checksum,' ',sizeof(t.t.Checksum)); ++ ++ unsigned long sum = 0; ++ for (int i = 0; i < sizeof(t.buf); i++) ++ sum += t.buf[i]; ++ ++ int written = sprintf(t.t.Checksum, "%lo", sum); ++ for (int i = written; i < sizeof(t.t.Checksum); i++) ++ t.t.Checksum[i] = ' '; ++ fwrite(t.buf, sizeof(t.buf), 1, stdout); ++ } ++EOF ++ ++ gcc maketar.c -o maketar -Wall ++ ./maketar ++} ++ ++ ++# ++tar="unterminatedName77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777700000000000077777777777773544 X777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777userName777777777777777777777777thisIsAGroupNamethisIsAGroupName777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777" ++printf '%s' "$tar" | gzip > control.tar.gz ++cp control.tar.gz data.tar.gz ++touch debian-binary ++rm test.deb ++ar -q test.deb debian-binary control.tar.gz data.tar.gz ++testsuccessequal "W: Unknown TAR header type 88" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb +-- +GitLab From patchwork Sun Mar 27 16:40:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5892 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7F63C433F5 for ; Sun, 27 Mar 2022 16:41:25 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web09.776.1648399284855949966 for ; Sun, 27 Mar 2022 09:41:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=lhJQihis; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id bc27so10440592pgb.4 for ; Sun, 27 Mar 2022 09:41:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=XA9eCQP+256jCBI+irMcT6YUc11Z6ow7Aiv9kH5lN3Q=; b=lhJQihis/VTxbcxqm1xI9D02h409bwqetvtWWiDbNR8TYf6igxrH0Jm+XSTzHM5TdT P47sJbPjTAJx6TLeg2DOxmGSdOCTRNg536FP63xYfPKvReU2knfzvMy3XCVwRmNXjNQN tpeu3Wt36i8ZPoUVBly2KCRz9e1bzWJWaxhvCmWUZ1BY7BAyXYmTYTLdHonw9Bk0wrff 0QMIxxIf1srwiwgTsIgn73nNWWOimVpLNe235c1fxrsthAT8P4sTD6bFY7AQFyfAiQYE 9vRAhZ1YWei+mPjS6HcNIxtQyweX5r1NScq2gM3KIiB8Xdof0ncUvTFF9bsGHL99CrSw H7Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XA9eCQP+256jCBI+irMcT6YUc11Z6ow7Aiv9kH5lN3Q=; b=7cY5gC2+EAugmpiOXJlnnYg+qnkf3O8KRFCx747WMigopKvLvYV8jYnY473iAeMUi3 rx4zQg2fG5dCO4PAuCb4FBhNbHlK6p5nfX+T/jv+gNbdFUrc7BGkFkIRlR6t2FFnyXA+ pGU8UP7pGC45MGtzwFR3Ng4BQoyb8HCYQ60illpBrm2OSG7mQsxhndY2iTG/D1y/CSRa +MK2B7sls1p0T0R0j0qbFTLNEu5NSdxix+PNmwD7H8qBXOG4w0ROCzL9VXBfSn4p7wxQ G6Jms7t+Ioz0M+YfPftiDfc5XXErrCulrG8HvNy+IpFskto0WOZzpwm25uLMfr2kDcYI AdZA== X-Gm-Message-State: AOAM532ngwxpY7Z2QXeKmmpcsZ1IcRuW6o+1ZFIUKCsWJMxuBaKx62un cT0ZiMxzyORL2QBN2Xyc6UsDx8OvKUJatTxks9Y= X-Google-Smtp-Source: ABdhPJwCqe5Ah6BlMU9CbLdMHTOU7VJ+JHz376pdvkUSYpUKDKmodURbjdpi91VJUBK9MyqFy1wukA== X-Received: by 2002:a05:6a00:1acb:b0:4fb:358f:fe87 with SMTP id f11-20020a056a001acb00b004fb358ffe87mr6435766pfv.75.1648399283836; Sun, 27 Mar 2022 09:41:23 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/10] ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native Date: Sun, 27 Mar 2022 06:40:55 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163671 CVE patches (and the stack limits check patch) should have been added to SRC_URI_BASE so that they are applied for both target and -native packages. Signed-off-by: Steve Sakoman --- meta/recipes-extended/ghostscript/ghostscript_9.52.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index ac3d0dca43..310c4f6d24 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -33,14 +33,14 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ + file://CVE-2020-15900.patch \ + file://check-stack-limits-after-function-evalution.patch \ + file://CVE-2021-45949.patch \ " SRC_URI = "${SRC_URI_BASE} \ file://ghostscript-9.21-prevent_recompiling.patch \ file://cups-no-gcrypt.patch \ - file://CVE-2020-15900.patch \ - file://check-stack-limits-after-function-evalution.patch \ - file://CVE-2021-45949.patch \ " SRC_URI_class-native = "${SRC_URI_BASE} \ From patchwork Sun Mar 27 16:40:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5893 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC78BC433F5 for ; Sun, 27 Mar 2022 16:41:27 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web09.779.1648399286955195621 for ; Sun, 27 Mar 2022 09:41:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=HMbJF8ie; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id w7so7857635pfu.11 for ; Sun, 27 Mar 2022 09:41:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=+DLIYWB/6j0HZboAYDYs/0ULt57oPXZ3LLKaeDX3D3o=; b=HMbJF8ieB31zv5PR9fawjIKoFW1CqymdYRXLgP6HMXqNZ3o0OIy3c3S7Z9987TELgI fy42fF7RS2x4ix6fje59h5qYXjmEF1/aLYCPKD0p7hENJLRgiMJOhYD9W5dVm74RDLmk J9gpHQvni7Q7eQgyWbzg607de6GvVRDI52P+51Znv/IOJ0jX8tL0S+Oka3aHP+lxgjyy yi2fXlHaWW5QQNwTEXwf3ZlZCn9IBkEGgFxZsrtD0q12c8WVUlzkMenLkobVgqpgQIVh urUiFvmxsBloWjKofzuzuNhKBynww43xB0LONn5vwjGCjmVTLOOKpdzj+qLp3NcRp8id H50g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+DLIYWB/6j0HZboAYDYs/0ULt57oPXZ3LLKaeDX3D3o=; b=hgtWi4tPKHiMwQDXi/uviMRr6AcyY3R6FoG4w5RcTRqEk/nLNzqQGb6g2ncaEN0pVO 45iUJB0l66X0NivS/Gc7zmOQuMLDu4IzMLGHOhvvNUsjshjHGW9dBkzKSw8aCfMBOQ7m 0hF4NevfyQVNOpn3HqeeKhga6ZTVsDcN3UQlOLWhN1y9CCJYW2GDl+BmjILAu8g3YqSh 4LPPV+VvXNWBogSDORddemOZHLDbvBVtZX/qWmLazOdlmC51aQ4JBmofqsxtlBX1waxK PK8x3BHMI6LsGZekQQFMf4z0UQWfjOMCl6qwcf2BezR+0yf7FrLkqDPq2UzvYyO8Xy2n QZdA== X-Gm-Message-State: AOAM5318HrsNUOO3zCfXLmSgYesONWyENHqEhjss42Bnee02OloTC0m8 ZQWc2bCgsTKPeeeG6i93lj24uKXfXiUvuMcazo0= X-Google-Smtp-Source: ABdhPJyyugNe7vNnNBFN3zdhrBTOuyk39aLpraszbnkB8B0huqUDhuj/dXJ1ZPegEw0p3u6P38tz0g== X-Received: by 2002:a62:643:0:b0:4f7:2b29:159a with SMTP id 64-20020a620643000000b004f72b29159amr19305488pfg.16.1648399285781; Sun, 27 Mar 2022 09:41:25 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/10] ghostscript: backport patch fix for CVE-2021-3781 Date: Sun, 27 Mar 2022 06:40:56 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163672 From: Davide Gardenal Upstream advisory: https://ghostscript.com/blog/CVE-2021-3781.html Other than the CVE fix other two commits are backported to fit the patch. Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2021-3781_1.patch | 121 +++++++++ .../ghostscript/CVE-2021-3781_2.patch | 37 +++ .../ghostscript/CVE-2021-3781_3.patch | 238 ++++++++++++++++++ .../ghostscript/ghostscript_9.52.bb | 3 + 4 files changed, 399 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch new file mode 100644 index 0000000000..033ba77f9a --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch @@ -0,0 +1,121 @@ +From 3920a727fb19e19f597e518610ce2416d08cb75f Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 20 Aug 2020 17:19:09 +0100 +Subject: [PATCH] Fix pdfwrite "%d" mode with file permissions + +Firstly, in gx_device_delete_output_file the iodev pointer was being passed +to the delete_method incorrectly (passing a pointer to that pointer). Thus +when we attempted to use that to confirm permission to delete the file, it +crashed. Credit to Ken for finding that. + +Secondly, due to the way pdfwrite works, when running with an output file per +page, it creates the current output file immediately it has completed writing +the previous one. Thus, it has to delete that partial file on exit. + +Previously, the output file was not added to the "control" permission list, +so an attempt to delete it would result in an error. So add the output file +to the "control" as well as "write" list. + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;f=base/gslibctx.c;h=3920a727fb19e19f597e518610ce2416d08cb75f + +Signed-off-by: Davide Gardenal +--- + base/gsdevice.c | 2 +- + base/gslibctx.c | 20 ++++++++++++++------ + 2 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/base/gsdevice.c b/base/gsdevice.c +index 913119495..ac78af93f 100644 +--- a/base/gsdevice.c ++++ b/base/gsdevice.c +@@ -1185,7 +1185,7 @@ int gx_device_delete_output_file(const gx_device * dev, const char *fname) + parsed.len = strlen(parsed.fname); + } + if (parsed.iodev) +- code = parsed.iodev->procs.delete_file((gx_io_device *)(&parsed.iodev), (const char *)parsed.fname); ++ code = parsed.iodev->procs.delete_file((gx_io_device *)(parsed.iodev), (const char *)parsed.fname); + else + code = gs_note_error(gs_error_invalidfileaccess); + +diff --git a/base/gslibctx.c b/base/gslibctx.c +index d726c58b5..ff8fc895e 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -647,7 +647,7 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + char *fp, f[gp_file_name_sizeof]; + const int pipe = 124; /* ASCII code for '|' */ + const int len = strlen(fname); +- int i; ++ int i, code; + + /* Be sure the string copy will fit */ + if (len >= gp_file_name_sizeof) +@@ -658,8 +658,6 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + rewrite_percent_specifiers(f); + for (i = 0; i < len; i++) { + if (f[i] == pipe) { +- int code; +- + fp = &f[i + 1]; + /* Because we potentially have to check file permissions at two levels + for the output file (gx_device_open_output_file and the low level +@@ -671,10 +669,16 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + if (code < 0) + return code; + break; ++ code = gs_add_control_path(mem, gs_permit_file_control, f); ++ if (code < 0) ++ return code; + } + if (!IS_WHITESPACE(f[i])) + break; + } ++ code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ if (code < 0) ++ return code; + return gs_add_control_path(mem, gs_permit_file_writing, fp); + } + +@@ -684,7 +688,7 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + char *fp, f[gp_file_name_sizeof]; + const int pipe = 124; /* ASCII code for '|' */ + const int len = strlen(fname); +- int i; ++ int i, code; + + /* Be sure the string copy will fit */ + if (len >= gp_file_name_sizeof) +@@ -694,8 +698,6 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + /* Try to rewrite any %d (or similar) in the string */ + for (i = 0; i < len; i++) { + if (f[i] == pipe) { +- int code; +- + fp = &f[i + 1]; + /* Because we potentially have to check file permissions at two levels + for the output file (gx_device_open_output_file and the low level +@@ -704,6 +706,9 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + the pipe_fopen(), the leading '|' has been stripped. + */ + code = gs_remove_control_path(mem, gs_permit_file_writing, f); ++ if (code < 0) ++ return code; ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; + break; +@@ -711,6 +716,9 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + if (!IS_WHITESPACE(f[i])) + break; + } ++ code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ if (code < 0) ++ return code; + return gs_remove_control_path(mem, gs_permit_file_writing, fp); + } + +-- +2.25.1 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch new file mode 100644 index 0000000000..beade79eef --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch @@ -0,0 +1,37 @@ +From 9daf042fd7bb19e93388d89d9686a2fa4496f382 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 24 Aug 2020 09:24:31 +0100 +Subject: [PATCH] Coverity 361429: move "break" to correct place. + +We had to add the outputfile to the "control" file permission list (as well +as write), but for the "pipe" case, I accidentally added the call after the +break out of loop that checks for a pipe. + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;f=base/gslibctx.c;h=9daf042fd7bb19e93388d89d9686a2fa4496f382 + +Signed-off-by: Davide Gardenal +--- + base/gslibctx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gslibctx.c b/base/gslibctx.c +index ff8fc895e..63dfbe2e0 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -668,10 +668,10 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + code = gs_add_control_path(mem, gs_permit_file_writing, f); + if (code < 0) + return code; +- break; + code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; ++ break; + } + if (!IS_WHITESPACE(f[i])) + break; +-- +2.25.1 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch new file mode 100644 index 0000000000..e3f9e81c45 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch @@ -0,0 +1,238 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde + +Signed-off-by: Davide Gardenal +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + unsigned long *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.25.1 diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 310c4f6d24..a829d4b4ae 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -36,6 +36,9 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2020-15900.patch \ file://check-stack-limits-after-function-evalution.patch \ file://CVE-2021-45949.patch \ + file://CVE-2021-3781_1.patch \ + file://CVE-2021-3781_2.patch \ + file://CVE-2021-3781_3.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Sun Mar 27 16:40:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5894 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD600C433EF for ; Sun, 27 Mar 2022 16:41:29 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web09.780.1648399288645619675 for ; Sun, 27 Mar 2022 09:41:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=7H9ZEA3x; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id w8so12845394pll.10 for ; Sun, 27 Mar 2022 09:41:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=JOxFewf5vjPJ/GdgGCqx0tayAjccwk9KV7VkpdU215w=; b=7H9ZEA3xzCbDmqgwsDF7ei8rKLBuRZq/rSDDRjtUX/oYEW91IdDeuV3Vm3MoipqYVq DKkT5fujIsLxhjYKc3UX5EFTnKykF2GHyT2B0/WzBFbGqfjetJ0GKn7NQ/7//OEIOEEo FArHLRdZa8JqTKpehrcCYRYam1IhsYgT6roiWZUPQveFbp2d+pkOw6AIROgsWw4aTxLK xtTJ2hFJrkXXnwM4yhe4tCHbBQzHvdrHBp8YY3pzoQUTEz1kLZiG0ZVHGcwlDqpuYmxD Zrk9bwjJ4z33vsl6xjVUJ5/ROM4zUtf7hGdZtYjo0Ux0gRhfXjg3L+75xRMoAYCcaczP ymfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JOxFewf5vjPJ/GdgGCqx0tayAjccwk9KV7VkpdU215w=; b=zX5fk0Kxoih/Ksbn3vaFkqe3okCiaAxF1C0BK9Ocb7EO9kvqw5SOCd9fYRm9ahDR+7 Uxx0c+k+/FH5y9sS9WkGmU0q6O2cOwH/SntlWBV9CTBBNPpUzksWHV4BKB60M+bT+ebI iEydM0deu4LuRsChdik+i6b8LbNDbGhIr/aIVPlFK5nLxMlj3eiCeBiFeWcQtZvgzrfR EMOZ4WR1dngXWulkP54px5GyV0Re1T6582AHYWinYpsXef+RlYX+3fDOVjGCR03q4Ts9 MVPzlCLv3UzK30HVPcvTQ/Lv0Y2wIrwVzRMrkh/ZEjNqLM1zJSBhokjBQcz+M2rccZEQ MKHA== X-Gm-Message-State: AOAM533vFkdTNw3c7aaSXVFwdN+IwvmhakEiZvGNEMiqfK9/476Mg+Ik CW99gwKrJHZIl9CeEMSJ0j05DT22oMrW20Sblmg= X-Google-Smtp-Source: ABdhPJx9SvCCGBhlvoI3WwBUvWKTNAZGBmUo83v8QhMsPpXm3VKzlXifAWhC1jya3NXMQ9AIFRaW7Q== X-Received: by 2002:a17:902:74cc:b0:155:e153:6273 with SMTP id f12-20020a17090274cc00b00155e1536273mr11563947plt.55.1648399287750; Sun, 27 Mar 2022 09:41:27 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/10] libxml2: fix CVE-2022-23308 regression Date: Sun, 27 Mar 2022 06:40:57 -1000 Message-Id: <906ffe5bf83c0e587299aaedb9382ce04c3c7acf.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163673 From: Ralph Siemsen The fix for the CVE in 2.9.13 caused a regression which was addressed after 2.9.13. We import that patch here. Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- .../CVE-2022-23308-fix-regression.patch | 98 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 + 2 files changed, 99 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch new file mode 100644 index 0000000000..7fc243eec1 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch @@ -0,0 +1,98 @@ +From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 22 Feb 2022 11:51:08 +0100 +Subject: [PATCH] Fix --without-valid build + +Regressed in commit 652dd12a. +--- + valid.c | 58 ++++++++++++++++++++++++++++----------------------------- + 1 file changed, 29 insertions(+), 29 deletions(-) +--- + +From https://github.com/GNOME/libxml2.git + commit 646fe48d1c8a74310c409ddf81fe7df6700052af + +CVE: CVE-2022-23308 +Upstream-Status: Backport + +Signed-off-by: Ralph Siemsen + +diff --git a/valid.c b/valid.c +index 8e596f1d..9684683a 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + +-/** +- * xmlValidNormalizeString: +- * @str: a string +- * +- * Normalize a string in-place. +- */ +-static void +-xmlValidNormalizeString(xmlChar *str) { +- xmlChar *dst; +- const xmlChar *src; +- +- if (str == NULL) +- return; +- src = str; +- dst = str; +- +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; +-} +- + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + static int + xmlIsStreaming(xmlValidCtxtPtr ctxt) { + xmlParserCtxtPtr pctxt; +-- +2.35.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index c45cf4423e..c4bb8f29e0 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -29,6 +29,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://CVE-2021-3518.patch \ file://CVE-2021-3541.patch \ file://CVE-2022-23308.patch \ + file://CVE-2022-23308-fix-regression.patch \ " SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" From patchwork Sun Mar 27 16:40:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5895 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A696AC433F5 for ; Sun, 27 Mar 2022 16:41:31 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web08.752.1648399290656998593 for ; Sun, 27 Mar 2022 09:41:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=JWAGarbT; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id p8so10539388pfh.8 for ; Sun, 27 Mar 2022 09:41:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=lqvgD+/GA7tTRZS5WyC4C9HU/wgws5v7zHpC2y2VKvI=; b=JWAGarbTkC+KO+7yISLLJoTBeO7Hav7bffmSG7z0pURwiUo72UTj0RrjV0VUJ+IO5L SHuvum27ps0qmR1aiTdmadDjPRt5LuRfJmZk8fZJlZfhQ+jxLc7rW/ZoqDwX6okaC16b 45X3+Lbjom07yn0lFTp+EkOOwr7D/scnhSXPzBI4gu6Q40KInQ2tIiNAVB7Y6QbqpUF3 5GeMXiMWYy2VsdWfKYKJWXF/Hzrwjz/NZfcDyQzJs3CA3u9pJveXn1k8yL0o/D3UsCRz GwTUgkDzxF1+NlSvUX3NPvjY/NjKPqwhq3uwuFsHSJO6VkAmAK13CqxobfP99JTMgHur Xb/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lqvgD+/GA7tTRZS5WyC4C9HU/wgws5v7zHpC2y2VKvI=; b=0Schb0jtsyzVAasbaGDxc3wRl9y9za4UXhFLShN9PRz++rs0dRpc81Dj956t5x8nyq 9JTwPovpPa1OerHG06261jNld4preC8s8n3+88cRjEmJEQsfRsd9t6BcLuiyRGu4mGXz VaNCcyywP2JunqAmwrh1vhiVU+d0BqjlVTOjFZM5vpzDnkLQdqQj4NN8vW8kTC52aNs1 g4WlBpmj7s0esXeSTHzjXoE3/LUxrqKu3/BE6/lp18im1v+PZi683mi8SssAZRCcPw34 gKfvasIFOIBO0Z3wQXktUIXpyHBVBj2HD1xCXw32/zWPBjDm9Mb+alwcH/PjuEDQuocc 8YtA== X-Gm-Message-State: AOAM5301fM1YYe8ZSggvEZJUC0vV76qqsgsV40iHJa7mbDfIJoXOmCC5 AWp44/AC8kmmOPoUmvf7o6h8mKiD5EY4eFTeleg= X-Google-Smtp-Source: ABdhPJyMB8fitAeci4QDMhAnkBFfg919fJsS2yPz8p11I8qNuWNCy9PA2dLiUpl4YVFr/xjdKEfIRA== X-Received: by 2002:a63:615:0:b0:382:6cc2:6983 with SMTP id 21-20020a630615000000b003826cc26983mr7173606pgg.37.1648399289676; Sun, 27 Mar 2022 09:41:29 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/10] gnu-config: update SRC_URI Date: Sun, 27 Mar 2022 06:40:58 -1000 Message-Id: <4ee75d865b34f615bc649004e9dd0460eaf42dbf.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163674 From: Minjae Kim The git repo for gnu-config was changed, so update the SRC_URI accordingly with the new link. Signed-off-by:Minjae Kim Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gnu-config/gnu-config_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/meta/recipes-devtools/gnu-config/gnu-config_git.bb index df8947e425..05cd6a1e63 100644 --- a/meta/recipes-devtools/gnu-config/gnu-config_git.bb +++ b/meta/recipes-devtools/gnu-config/gnu-config_git.bb @@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1" SRCREV = "5256817ace8493502ec88501a19e4051c2e220b0" PV = "20200117+git${SRCPV}" -SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \ +SRC_URI = "git://git.savannah.gnu.org/git/config.git;protocol=https;branch=master \ file://gnu-configize.in" S = "${WORKDIR}/git" UPSTREAM_CHECK_COMMITS = "1" From patchwork Sun Mar 27 16:40:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5896 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A929CC433FE for ; Sun, 27 Mar 2022 16:41:33 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web08.753.1648399292504141309 for ; Sun, 27 Mar 2022 09:41:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ExHDG6qB; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id j8so2662294pll.11 for ; Sun, 27 Mar 2022 09:41:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=GBRRw65CyBD+CDzpobGM4RdVTs1rgkS+Zsap+aFeha4=; b=ExHDG6qBKivhsy374JcLmiwA6tYgxtE3tnAVCDYlzchDUWDAaY8/99FzICrVyIDJkt KQCjiE4UT5/XDGAFxL0Bn0S5n6q010a5U48CbENjZzuFoL56i5VL3FnLFQG3sHwpuK2W l7B1Cs69aQEjti4qM5UhkPx0Vf4pcyZYs+EABBpMb90/mLLaORtjenM7114DSh2VGkXc NZ6KMbTYsMFVfnKZS20vaW9Omt+nXd/e9nm+DUrn/dVhQ0wohwtWgNMcRpfvaO/wunT/ /upLrA1B5ifcOq1j3isD8dWwImNJMnlo7u3z1Mk55V38gCZL6JJxyR01wZSxrDmYRacf wJSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=GBRRw65CyBD+CDzpobGM4RdVTs1rgkS+Zsap+aFeha4=; b=u9ZLgngooooYYm76wmpLlmmXBFuuIsrL/CxwND3A0uvg9grrsmO0bu/2Ib6I2B6LW/ 8r7i45dUcl4krsKrbS4nqS4Fb8WCVoVrbzwpy7lebg10j4b8tGBXyPY2FtJtWVRbuM31 uRSvDT3ic/X9uut2Iv1/ERC51xxdWYjeDePlgrpc4rKT3W3SKBtueShrq0pEd2MFbhQL /Xy25zxAulvGUf0a4CKwZMxf1Ote1bVSAodLQwARqfwhzGIfJ9HEAVO9oE9/MAHZWTmK 8CRjYkzBV0tXExdlfvktQf+QE9D75xV0pI31XxSGf1EN6bL+S5hqRAid3T/HCgPOsiBS WnUA== X-Gm-Message-State: AOAM533Y++XnfxLwkuWndtxb+4sP3bvofsHcAPY744we1ziMmTDvwDJm sqXbpYkJ7VyaMdYuSE4yiwNrgnqZ38uxOaVWj/o= X-Google-Smtp-Source: ABdhPJwp9wYZ3T3EB1Xrq9UN0mrFwIkjiDs8dBIM14z+twWnygWH+S1cNAwysFTM40CXwt/0cA0LYQ== X-Received: by 2002:a17:902:b097:b0:154:2bda:bd38 with SMTP id p23-20020a170902b09700b001542bdabd38mr22942211plr.155.1648399291605; Sun, 27 Mar 2022 09:41:31 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/10] virglrenderer: update SRC_URI Date: Sun, 27 Mar 2022 06:40:59 -1000 Message-Id: <619d9ba2bb1f869869937f7d7942cc77580fdc08.1648399113.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163675 From: Minjae Kim The git repo for virglrenderer was changed, so update the SRC_URI accordingly with the new link. Signed-off-by:Minjae Kim Signed-off-by: Steve Sakoman --- meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb index 772db5bbaf..31c45ef89c 100644 --- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb +++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10" DEPENDS = "libdrm mesa libepoxy" SRCREV = "7d204f3927be65fb3365dce01dbcd04d447a4985" -SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=master \ +SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=master \ file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ file://0001-meson.build-use-python3-directly-for-python.patch \ " From patchwork Sun Mar 27 16:41:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 5897 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9441C433F5 for ; Sun, 27 Mar 2022 16:41:35 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web09.783.1648399295282560050 for ; Sun, 27 Mar 2022 09:41:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=xzI7FxVZ; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id t4so7375065pgc.1 for ; Sun, 27 Mar 2022 09:41:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NDRZSz9xmMbBWUg5FjskqqUGTv6sN4JNQNaZZw/zI7I=; b=xzI7FxVZFqfnqnpjJYwIfNaK7sW7bViFKRJpISauuWQlxjaC+JnKypENkC/7rfHD5+ 8ovJU72Jrcq3CACk3Z4mtVBwlRQNhtAjWXzoFH9XogHU8Y8eExEZGbVRQOi4rUCHTYIr 4/8bpV1Q8rNbxmQZaLwSZwUH4tp+u4r2xX786XhjSsgNl3tSR4cuHS2w49Eqx2568guL I2+q9ZpsVEa+QdXsHThakzzhkQhDCbghGTs2CMzKye1/UNVyX+oSRWc0O9UYapFHLkax zMzegHZko8gcpmi+OU0ErFmt3Lkj+qeYRRruKzt3sUkPbFO7Ub64Vi8XPeYlx5uxWs4M H0Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NDRZSz9xmMbBWUg5FjskqqUGTv6sN4JNQNaZZw/zI7I=; b=pwl1qNC0xDR0flieJbOE0Ln5T/d2pGBdAukbMi0kI6B4TgDAQhlcJM06xN5+Dh8USF 1hVofeNzORIq+nODdOD6bFtAD1fu6MxrCgSQirKmh7JNYBjScPfye3596MfWulMtojjI EDBPUS5669meErPBGV2YuylfEAIeQ7tlTQRI5yTw/kwKXN8IjI7n7CgqWa2eWLXpI6C1 hE4Yms/cCLAUVo5WmviVK9u8hUZtEk8Kj1Ct1SfEVSxnApq9E0qepHVzh7qzLHtmzLa9 7qCfech+PFyPmYcBDj6LU/v6KvIXWwCxWL3w+h1FHFiHWL/UfKB3ZvemAhjD1Mug/Zim +u4Q== X-Gm-Message-State: AOAM533wF+DjWd3Uo0WgEa3nf0qnRerK18pyXVL6GF2W3XqEc5Szftre D98DmHl2zDNuHyIjGxM1CeyqgdVqBryk74dBbJg= X-Google-Smtp-Source: ABdhPJz7ZBGIoVEcAndruKZgrEn2Q+c8DVs++jwjy75u2lRI2ZXRoTg4cQd1BYqNyQHBIacfkfXEpg== X-Received: by 2002:aa7:8893:0:b0:4fb:10e1:8976 with SMTP id z19-20020aa78893000000b004fb10e18976mr12593904pfe.36.1648399294440; Sun, 27 Mar 2022 09:41:34 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h13-20020a056a00230d00b004f427ffd485sm14583732pfh.143.2022.03.27.09.41.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 09:41:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/10] oeqa/selftest/tinfoil: Fix intermittent event loss issue in test Date: Sun, 27 Mar 2022 06:41:00 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 27 Mar 2022 16:41:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163676 From: Richard Purdie We've been seeing occasional test failures on the autobuilder where we don't see the expected events. It turns out this is due to run_command being helpful and eating them if the server is fast and the client slow. Adding a sleep into the run_command code makes the failure consistent. Use a new "handle_events" argument to allow us to handle all the events which is what this test requires. [YOCTO #14585] Signed-off-by: Richard Purdie Signed-off-by: Alexandre Belloni (cherry picked from commit 2292983c717b8cadcf0c443bb7b649a84ea5ad57) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/tinfoil.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/tinfoil.py b/meta/lib/oeqa/selftest/cases/tinfoil.py index 11cbced5ea..686ce7e6b9 100644 --- a/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -94,7 +94,7 @@ class TinfoilTests(OESelftestTestCase): pass pattern = 'conf' - res = tinfoil.run_command('testCookerCommandEvent', pattern) + res = tinfoil.run_command('testCookerCommandEvent', pattern, handle_events=False) self.assertTrue(res) eventreceived = False