From patchwork Wed Jul 27 00:40:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10641 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D25E7C19F21 for ; Wed, 27 Jul 2022 00:41:26 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web09.14400.1658882478851420184 for ; Tue, 26 Jul 2022 17:41:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cF2twhnV; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id x24-20020a17090ab01800b001f21556cf48so547506pjq.4 for ; Tue, 26 Jul 2022 17:41:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=8EvD88UKmgYRQYykSnfqEISHV6TwiBhTO4oxXX3qFK0=; b=cF2twhnVq8hDri3IclaJ4/jvs6OlMEvYcjTi13LiSytSxorqgf64whp97uB2DRm9Tg xCbYOk6BYzOxic+haeWvbgDj8OPNiLiwCS7Bx7d5LpXpR/NKilP2V14X9c66EmCnVNRf Dz8unmJLnDAMTFhuEKN8PHbdHAAcqbWMsY6bKA7OwZM36NVMoGMOum+RYtZlLS2jQvBh +okFGP90jEksSbf+0HNd6TOznN1AUiECiLZwkTOeyXsLCSN+kxz/8EQgmIi73N3VKfLk XguNXVtLXZcyLAt1IgBTaJiD3gydLk3fGpHseGd6XUJlc6v47zoSd8MVisdxePHmcGXX FtNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8EvD88UKmgYRQYykSnfqEISHV6TwiBhTO4oxXX3qFK0=; b=aC5CvAfl8CerS1tPOtnzPtP9iaMS44lZDRCUpDbEvIl9g1cHjWY1gdbdX2/S8APNY7 KHryGGcGXdKffpjWmFpKvrTC9ZhkYzcAv3QDwzDfvwaSV1406qWyGBjfLnveV44qBY7t HWgegSsm19J4TLAu/Jsm7ucr+tTMDHiNIb//QMlg5QpSF+XjlKwnp2gHVIhDX2iAGPfb 0Ax7X1r/MjuWnQkdA7Qqird9iM1KIaFZp05I3cz0S6IguH9yPZ5IV3N2oHUCdm/NXfhj pW2uBGRhTyjOXt6QhnLCfVykMrICScLGsYzVuE0Y1NWcqdTD+0kdHs2HtqY4LFuQJMeg TdRQ== X-Gm-Message-State: AJIora/hXUjTbKwlVRUT74eVgzN+z+16X5rrsy3vtK1NmaWNpWaDvlwt VK4hetaE4RMi0VQinZkCnLEAp9BFABRkPiG4 X-Google-Smtp-Source: AGRyM1ts6pyZ2r4V00jp/6ktXlX7bl0Uj3PQeGd0+Jgw/XjLAPbVtb1M+gdC+Awn0UyCNI3Uxok1Ng== X-Received: by 2002:a17:90a:5:b0:1f2:ea98:a273 with SMTP id 5-20020a17090a000500b001f2ea98a273mr1697646pja.155.1658882475450; Tue, 26 Jul 2022 17:41:15 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099 Date: Tue, 26 Jul 2022 14:40:32 -1000 Message-Id: <16be6e3b750c66aab3ef68eaa805b71abd50319a.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168524 From: Khem Raj Fixes stack overflow while handling recurring errors in Lua-stack Signed-off-by: Khem Raj Signed-off-by: Richard Purdie (cherry picked from commit caad9d5f7184f0fa60fa7770e5d3da3f533647cb) Signed-off-by: Steve Sakoman --- .../lua/lua/CVE-2022-33099.patch | 61 +++++++++++++++++++ meta/recipes-devtools/lua/lua_5.4.4.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch new file mode 100644 index 0000000000..fe7b6065c2 --- /dev/null +++ b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch @@ -0,0 +1,61 @@ +From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Fri, 20 May 2022 13:14:33 -0300 +Subject: [PATCH] Save stack space while handling errors + +Because error handling (luaG_errormsg) uses slots from EXTRA_STACK, +and some errors can recur (e.g., string overflow while creating an +error message in 'luaG_runerror', or a C-stack overflow before calling +the message handler), the code should use stack slots with parsimony. + +This commit fixes the bug "Lua-stack overflow when C stack overflows +while handling an error". + +CVE: CVE-2022-33099 + +Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf] + +Signed-off-by: Khem Raj +--- + ldebug.c | 5 ++++- + lvm.c | 6 ++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con + va_start(argp, fmt); + msg = luaO_pushvfstring(L, fmt, argp); /* format message */ + va_end(argp); +- if (isLua(ci)) /* if Lua function, add source:line information */ ++ if (isLua(ci)) { /* if Lua function, add source:line information */ + luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci)); ++ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */ ++ L->top--; ++ } + luaG_errormsg(L); + } + +--- a/src/lvm.c ++++ b/src/lvm.c +@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota + /* collect total length and number of strings */ + for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) { + size_t l = vslen(s2v(top - n - 1)); +- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) ++ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) { ++ L->top = top - total; /* pop strings to avoid wasting stack */ + luaG_runerror(L, "string length overflow"); ++ } + tl += l; + } + if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */ +@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota + setsvalue2s(L, top - n, ts); /* create result */ + } + total -= n-1; /* got 'n' strings to create 1 new */ +- L->top -= n-1; /* popped 'n' strings and pushed one */ ++ L->top = top - (n - 1); /* popped 'n' strings and pushed one */ + } while (total > 1); /* repeat until only 1 result left */ + } + diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.4.bb index 6f2cea5314..0b2e754b31 100644 --- a/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/meta/recipes-devtools/lua/lua_5.4.4.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ file://CVE-2022-28805.patch \ + file://CVE-2022-33099.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \ " From patchwork Wed Jul 27 00:40:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10643 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5C42C19F2A for ; Wed, 27 Jul 2022 00:41:26 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.14386.1658882481481615181 for ; Tue, 26 Jul 2022 17:41:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=4XfwvdlV; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id 70so14736650pfx.1 for ; Tue, 26 Jul 2022 17:41:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=jw/GYF7cy3IYOnD5Otkg5Vc8NyXpsCWg7bDxfgMv/Mw=; b=4XfwvdlVwuFbkNt8kShchCbjtPx9L/aXK1ubPdlJo16mE5g9Vp0gMiXTysNyYYeqLT PXRm4d7pr7WTYMg8mzJvApR/DzRLhFTrpMRkzTJMvJ8oMjc/MuqMiuNufYmgc+/hHaKO Kd58tW0iZmgPwLhqNy4LmvW9gZ3JfDZfZMIn4+aW7g/jMP9a46XJZ8wGqkpBZ9EkPNBP HeUTui7TTTE2eKVel886e5MgHeMI0NZnENp/c5sb9W4eROtXb9yRVFGRN1pbiqr0IkYp 9Ne7amSO/mMO1zg3TCxdIiJ0YkG6Hh4l/RGEGhrR4aG/URj93dQ5EeKrgqsqh5DiZN+A rmlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jw/GYF7cy3IYOnD5Otkg5Vc8NyXpsCWg7bDxfgMv/Mw=; b=I3J7YsoxUxFrZJbTJhLZ/LyYTRibiGAXokcO7jscNKpl+3JGf8wZm38vx8/fPDfaWl 9xxBB8LOUoCXrbgHt3E802e2e+01/KL+D4b6gQEF9unD1rbhWx614JKSP4AjmCDOtB9j TMHyNfGxB8sP40z1c/5yA8topYJ+rTx4CejyPSNOg6MP7AEsr9ThJgbFvGUectAmohcf SXpRJd/WRqcNq0S0bs/zq64lUaVYNaC2LmxGNYAPUxFHGKbuL0fMDLPH0ulnV8JJ8PtE dvBKNHtEHF4f8qkAa+B459sv1ZxaIGcznKG+KkSj0K0PzSdj7kK6xrcOLxuMX0aM46qj 4cVA== X-Gm-Message-State: AJIora+MDKUg93K7e7l01yInViBUqip/KQ7JtvQldlRMpmri0FuRfmNE 4G6RfS6K/FM2qY+my0elcL3ApV+8Um3pEnyI X-Google-Smtp-Source: AGRyM1sqPq7AFKvZ5ZcPVg7vSqHMVNcPrQho8v9P58yKO3fn+g2NTuNsf6HWGg1LmLFeODXCtN4E2g== X-Received: by 2002:a63:4cf:0:b0:41a:617f:e195 with SMTP id 198-20020a6304cf000000b0041a617fe195mr16453127pge.89.1658882480248; Tue, 26 Jul 2022 17:41:20 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/15] tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 Date: Tue, 26 Jul 2022 14:40:33 -1000 Message-Id: <6c373c041f1dd45458866408d1ca16d47cacbd86.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168525 From: Yi Zhao References: https://nvd.nist.gov/vuln/detail/CVE-2022-1354 https://security-tracker.debian.org/tracker/CVE-2022-1354 https://nvd.nist.gov/vuln/detail/CVE-2022-1355 https://security-tracker.debian.org/tracker/CVE-2022-1355 Patches from: CVE-2022-1354: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 CVE-2022-1355: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2 Signed-off-by: Yi Zhao Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2022-1354.patch | 212 ++++++++++++++++++ .../libtiff/tiff/CVE-2022-1355.patch | 62 +++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 + 3 files changed, 276 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch new file mode 100644 index 0000000000..71b85cac10 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch @@ -0,0 +1,212 @@ +From 87881e093691a35c60b91cafed058ba2dd5d9807 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sun, 5 Dec 2021 14:37:46 +0100 +Subject: [PATCH] TIFFReadDirectory: fix OJPEG hack (fixes #319) + +to avoid having the size of the strip arrays inconsistent with the +number of strips returned by TIFFNumberOfStrips(), which may cause +out-ouf-bounds array read afterwards. + +One of the OJPEG hack that alters SamplesPerPixel may influence the +number of strips. Hence compute tif_dir.td_nstrips only afterwards. + +CVE: CVE-2022-1354 + +Upstream-Status: Backport +[https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798] + +Signed-off-by: Yi Zhao +--- + libtiff/tif_dirread.c | 162 ++++++++++++++++++++++-------------------- + 1 file changed, 83 insertions(+), 79 deletions(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 8f434ef5..14c031d1 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -3794,50 +3794,7 @@ TIFFReadDirectory(TIFF* tif) + MissingRequired(tif,"ImageLength"); + goto bad; + } +- /* +- * Setup appropriate structures (by strip or by tile) +- */ +- if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) { +- tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif); +- tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth; +- tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip; +- tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth; +- tif->tif_flags &= ~TIFF_ISTILED; +- } else { +- tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif); +- tif->tif_flags |= TIFF_ISTILED; +- } +- if (!tif->tif_dir.td_nstrips) { +- TIFFErrorExt(tif->tif_clientdata, module, +- "Cannot handle zero number of %s", +- isTiled(tif) ? "tiles" : "strips"); +- goto bad; +- } +- tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips; +- if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE) +- tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel; +- if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) { +-#ifdef OJPEG_SUPPORT +- if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) && +- (isTiled(tif)==0) && +- (tif->tif_dir.td_nstrips==1)) { +- /* +- * XXX: OJPEG hack. +- * If a) compression is OJPEG, b) it's not a tiled TIFF, +- * and c) the number of strips is 1, +- * then we tolerate the absence of stripoffsets tag, +- * because, presumably, all required data is in the +- * JpegInterchangeFormat stream. +- */ +- TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); +- } else +-#endif +- { +- MissingRequired(tif, +- isTiled(tif) ? "TileOffsets" : "StripOffsets"); +- goto bad; +- } +- } ++ + /* + * Second pass: extract other information. + */ +@@ -4042,41 +3999,6 @@ TIFFReadDirectory(TIFF* tif) + } /* -- if (!dp->tdir_ignore) */ + } /* -- for-loop -- */ + +- if( tif->tif_mode == O_RDWR && +- tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && +- tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && +- tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && +- tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && +- tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && +- tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && +- tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && +- tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 ) +- { +- /* Directory typically created with TIFFDeferStrileArrayWriting() */ +- TIFFSetupStrips(tif); +- } +- else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) ) +- { +- if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 ) +- { +- if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry), +- tif->tif_dir.td_nstrips, +- &tif->tif_dir.td_stripoffset_p)) +- { +- goto bad; +- } +- } +- if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 ) +- { +- if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry), +- tif->tif_dir.td_nstrips, +- &tif->tif_dir.td_stripbytecount_p)) +- { +- goto bad; +- } +- } +- } +- + /* + * OJPEG hack: + * - If a) compression is OJPEG, and b) photometric tag is missing, +@@ -4147,6 +4069,88 @@ TIFFReadDirectory(TIFF* tif) + } + } + ++ /* ++ * Setup appropriate structures (by strip or by tile) ++ * We do that only after the above OJPEG hack which alters SamplesPerPixel ++ * and thus influences the number of strips in the separate planarconfig. ++ */ ++ if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) { ++ tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif); ++ tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth; ++ tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip; ++ tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth; ++ tif->tif_flags &= ~TIFF_ISTILED; ++ } else { ++ tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif); ++ tif->tif_flags |= TIFF_ISTILED; ++ } ++ if (!tif->tif_dir.td_nstrips) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Cannot handle zero number of %s", ++ isTiled(tif) ? "tiles" : "strips"); ++ goto bad; ++ } ++ tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips; ++ if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE) ++ tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel; ++ if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) { ++#ifdef OJPEG_SUPPORT ++ if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) && ++ (isTiled(tif)==0) && ++ (tif->tif_dir.td_nstrips==1)) { ++ /* ++ * XXX: OJPEG hack. ++ * If a) compression is OJPEG, b) it's not a tiled TIFF, ++ * and c) the number of strips is 1, ++ * then we tolerate the absence of stripoffsets tag, ++ * because, presumably, all required data is in the ++ * JpegInterchangeFormat stream. ++ */ ++ TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); ++ } else ++#endif ++ { ++ MissingRequired(tif, ++ isTiled(tif) ? "TileOffsets" : "StripOffsets"); ++ goto bad; ++ } ++ } ++ ++ if( tif->tif_mode == O_RDWR && ++ tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && ++ tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && ++ tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && ++ tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && ++ tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && ++ tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && ++ tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && ++ tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 ) ++ { ++ /* Directory typically created with TIFFDeferStrileArrayWriting() */ ++ TIFFSetupStrips(tif); ++ } ++ else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) ) ++ { ++ if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 ) ++ { ++ if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry), ++ tif->tif_dir.td_nstrips, ++ &tif->tif_dir.td_stripoffset_p)) ++ { ++ goto bad; ++ } ++ } ++ if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 ) ++ { ++ if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry), ++ tif->tif_dir.td_nstrips, ++ &tif->tif_dir.td_stripbytecount_p)) ++ { ++ goto bad; ++ } ++ } ++ } ++ + /* + * Make sure all non-color channels are extrasamples. + * If it's not the case, define them as such. +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch new file mode 100644 index 0000000000..e59f5aad55 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch @@ -0,0 +1,62 @@ +From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Sat, 2 Apr 2022 22:33:31 +0200 +Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400) + +CVE: CVE-2022-1355 + +Upstream-Status: Backport +[https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2] + +Signed-off-by: Yi Zhao +--- + tools/tiffcp.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index fd129bb7..8d944ff6 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -274,19 +274,34 @@ main(int argc, char* argv[]) + deftilewidth = atoi(optarg); + break; + case 'B': +- *mp++ = 'b'; *mp = '\0'; ++ if (strlen(mode) < (sizeof(mode) - 1)) ++ { ++ *mp++ = 'b'; *mp = '\0'; ++ } + break; + case 'L': +- *mp++ = 'l'; *mp = '\0'; ++ if (strlen(mode) < (sizeof(mode) - 1)) ++ { ++ *mp++ = 'l'; *mp = '\0'; ++ } + break; + case 'M': +- *mp++ = 'm'; *mp = '\0'; ++ if (strlen(mode) < (sizeof(mode) - 1)) ++ { ++ *mp++ = 'm'; *mp = '\0'; ++ } + break; + case 'C': +- *mp++ = 'c'; *mp = '\0'; ++ if (strlen(mode) < (sizeof(mode) - 1)) ++ { ++ *mp++ = 'c'; *mp = '\0'; ++ } + break; + case '8': +- *mp++ = '8'; *mp = '\0'; ++ if (strlen(mode) < (sizeof(mode)-1)) ++ { ++ *mp++ = '8'; *mp = '\0'; ++ } + break; + case 'x': + pageInSeq = 1; +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index c2d4b35d49..149516508f 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -19,6 +19,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://0005-fix-the-FPE-in-tiffcrop-393.patch \ file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \ file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ + file://CVE-2022-1354.patch \ + file://CVE-2022-1355.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" From patchwork Wed Jul 27 00:40:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10642 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0024C00144 for ; Wed, 27 Jul 2022 00:41:26 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web09.14401.1658882484121151218 for ; Tue, 26 Jul 2022 17:41:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ISOTNak8; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id c6so10712343plc.5 for ; Tue, 26 Jul 2022 17:41:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=rdBL6F71p0ASy3NBgI9R57OSs0uJJqgTqwsJUxjrAK4=; b=ISOTNak8+/AOvMD0ieX7TUqP/jBZspMuHVILP+a4RDz43UfHMgS0DkgyTfYseKMGeb vz+1SVLU7r99WCYyZfh6atk97azG+7G11IzT3NikEOZQxj4xoeVCHrXRfZ+I9ImFoNix tNOlI/DlJjSLbkMst2QO4UlzKGoA4buNpeFuFh4QMnYbnaxhhalEYNCtb8Q2jW5OTt5/ 7rrw/QmX2EH0R8GfPhd6HMijccODVP7StP+fAzKuVH03LnELtseqkMJkQitTPHVh5thq GpWSPvcQpKyLlwb/cbwkS34otE3tHuYfnxXOSU6fupHKQQuY4uZyvz/iOtizG9Q4umAw 6NQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rdBL6F71p0ASy3NBgI9R57OSs0uJJqgTqwsJUxjrAK4=; b=u9fWVRxqsiw+3+zt1Vs9C7MzDz4e/PHx2HEaH2sgNHVgNBdu1kGe+SWFmhPxHaz9jU CXUugxZbWKXOUWSVf3Rqfgn6CyaYxrtDNht2MIJPYkigV3IGbOA3IEYLwytON8G5f+eY jybUleB/G2bJfkflo7Dyo543o51SYzCdvts1j5QJK4XFA3/B03rKVOA7yfvBHhv5ysFL nssGZyFHJ43enwqWTPGvX3V8Yu4mC6MUW7b0AQXHa51fueSIT4RHZGRAB5fHFhoG/zcO f19aLa1k0v+schM+DefJ28RGHhr+JAJIW1RI9Yt1QR5eYIfhlDIFXbfTufbs7nIKwbLT YK8w== X-Gm-Message-State: AJIora/Qjjqwf4HIpSRuHLeaU34zrzohL6Ixd0IHienJNvB3cAlvBwVx G1GssBWJZ6l+O3JH1ZkHqR482MPQPo1w6TXB X-Google-Smtp-Source: AGRyM1vK5Xqa3N5GwEU/lMwk8Khw9mrCciIaeZJHf+npMaKHf417U0FCkjLM6zixSILoAHURZ1U/Iw== X-Received: by 2002:a17:902:cec8:b0:16d:8eb5:1d4c with SMTP id d8-20020a170902cec800b0016d8eb51d4cmr8029856plg.129.1658882482809; Tue, 26 Jul 2022 17:41:22 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/15] dpkg: fix CVE-2022-1664 Date: Tue, 26 Jul 2022 14:40:34 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168526 From: Sakib Sajal Backport patch to fix CVE-2022-1664. Signed-off-by: Sakib Sajal Signed-off-by: Steve Sakoman --- ...ive-Prevent-directory-traversal-for-.patch | 328 ++++++++++++++++++ meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 + 2 files changed, 329 insertions(+) create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch diff --git a/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch b/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch new file mode 100644 index 0000000000..d249d854fb --- /dev/null +++ b/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch @@ -0,0 +1,328 @@ +From 6d8a6799639f8853a2af1f9036bc70fddbfdd2a2 Mon Sep 17 00:00:00 2001 +From: Guillem Jover +Date: Tue, 3 May 2022 02:09:32 +0200 +Subject: [PATCH] Dpkg::Source::Archive: Prevent directory traversal for + in-place extracts + +For untrusted v2 and v3 source package formats that include a debian.tar +archive, when we are extracting it, we do that as an in-place extraction, +which can lead to directory traversal situations on specially crafted +orig.tar and debian.tar tarballs. + +GNU tar replaces entries on the filesystem by the entries present on +the tarball, but it will follow symlinks when the symlink pathname +itself is not present as an actual directory on the tarball. + +This means we can create an orig.tar where there's a symlink pointing +out of the source tree root directory, and then a debian.tar that +contains an entry within that symlink as if it was a directory, without +a directory entry for the symlink pathname itself, which will be +extracted following the symlink outside the source tree root. + +This is currently noted as expected in GNU tar documentation. But even +if there was a new extraction mode avoiding this problem we'd need such +new version. Using perl's Archive::Tar would solve the problem, but +switching to such different pure perl implementation, could cause +compatibility or performance issues. + +What we do is when we are requested to perform an in-place extract, we +instead still use a temporary directory, then walk that directory and +remove any matching entry in the destination directory, replicating what +GNU tar would do, but in addition avoiding the directory traversal issue +for symlinks. Which should work with any tar implementation and be safe. + +Reported-by: Max Justicz +Stable-Candidates: 1.18.x 1.19.x 1.20.x +Fixes: commit 0c0057a27fecccab77d2b3cffa9a7d172846f0b4 (1.14.17) +Fixes: CVE-2022-1664 + +CVE: CVE-2022-1664 +Upstream-Status: Backport [7a6c03cb34d4a09f35df2f10779cbf1b70a5200b] + +Signed-off-by: Sakib Sajal +--- + scripts/Dpkg/Source/Archive.pm | 122 +++++++++++++++++++++++++------- + scripts/t/Dpkg_Source_Archive.t | 110 +++++++++++++++++++++++++++- + 2 files changed, 204 insertions(+), 28 deletions(-) + +diff --git a/scripts/Dpkg/Source/Archive.pm b/scripts/Dpkg/Source/Archive.pm +index 33c181b20..2ddd04af8 100644 +--- a/scripts/Dpkg/Source/Archive.pm ++++ b/scripts/Dpkg/Source/Archive.pm +@@ -21,9 +21,11 @@ use warnings; + our $VERSION = '0.01'; + + use Carp; ++use Errno qw(ENOENT); + use File::Temp qw(tempdir); + use File::Basename qw(basename); + use File::Spec; ++use File::Find; + use Cwd; + + use Dpkg (); +@@ -110,19 +112,13 @@ sub extract { + my %spawn_opts = (wait_child => 1); + + # Prepare destination +- my $tmp; +- if ($opts{in_place}) { +- $spawn_opts{chdir} = $dest; +- $tmp = $dest; # So that fixperms call works +- } else { +- my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX'; +- unless (-e $dest) { +- # Kludge so that realpath works +- mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); +- } +- $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1); +- $spawn_opts{chdir} = $tmp; ++ my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX'; ++ unless (-e $dest) { ++ # Kludge so that realpath works ++ mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); + } ++ my $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1); ++ $spawn_opts{chdir} = $tmp; + + # Prepare stuff that handles the input of tar + $self->ensure_open('r', delete_sig => [ 'PIPE' ]); +@@ -145,22 +141,94 @@ sub extract { + # have to be calculated using mount options and other madness. + fixperms($tmp) unless $opts{no_fixperms}; + +- # Stop here if we extracted in-place as there's nothing to move around +- return if $opts{in_place}; +- +- # Rename extracted directory +- opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); +- my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); +- closedir($dir_dh); +- my $done = 0; +- erasedir($dest); +- if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { +- rename("$tmp/$entries[0]", $dest) +- or syserr(g_('unable to rename %s to %s'), +- "$tmp/$entries[0]", $dest); ++ # If we are extracting "in-place" do not remove the destination directory. ++ if ($opts{in_place}) { ++ my $canon_basedir = Cwd::realpath($dest); ++ # On Solaris /dev/null points to /devices/pseudo/mm@0:null. ++ my $canon_devnull = Cwd::realpath('/dev/null'); ++ my $check_symlink = sub { ++ my $pathname = shift; ++ my $canon_pathname = Cwd::realpath($pathname); ++ if (not defined $canon_pathname) { ++ return if $! == ENOENT; ++ ++ syserr(g_("pathname '%s' cannot be canonicalized"), $pathname); ++ } ++ return if $canon_pathname eq $canon_devnull; ++ return if $canon_pathname eq $canon_basedir; ++ return if $canon_pathname =~ m{^\Q$canon_basedir/\E}; ++ warning(g_("pathname '%s' points outside source root (to '%s')"), ++ $pathname, $canon_pathname); ++ }; ++ ++ my $move_in_place = sub { ++ my $relpath = File::Spec->abs2rel($File::Find::name, $tmp); ++ my $destpath = File::Spec->catfile($dest, $relpath); ++ ++ my ($mode, $atime, $mtime); ++ lstat $File::Find::name ++ or syserr(g_('cannot get source pathname %s metadata'), $File::Find::name); ++ ((undef) x 2, $mode, (undef) x 5, $atime, $mtime) = lstat _; ++ my $src_is_dir = -d _; ++ ++ my $dest_exists = 1; ++ if (not lstat $destpath) { ++ if ($! == ENOENT) { ++ $dest_exists = 0; ++ } else { ++ syserr(g_('cannot get target pathname %s metadata'), $destpath); ++ } ++ } ++ my $dest_is_dir = -d _; ++ if ($dest_exists) { ++ if ($dest_is_dir && $src_is_dir) { ++ # Refresh the destination directory attributes with the ++ # ones from the tarball. ++ chmod $mode, $destpath ++ or syserr(g_('cannot change directory %s mode'), $File::Find::name); ++ utime $atime, $mtime, $destpath ++ or syserr(g_('cannot change directory %s times'), $File::Find::name); ++ ++ # We should do nothing, and just walk further tree. ++ return; ++ } elsif ($dest_is_dir) { ++ rmdir $destpath ++ or syserr(g_('cannot remove destination directory %s'), $destpath); ++ } else { ++ $check_symlink->($destpath); ++ unlink $destpath ++ or syserr(g_('cannot remove destination file %s'), $destpath); ++ } ++ } ++ # If we are moving a directory, we do not need to walk it. ++ if ($src_is_dir) { ++ $File::Find::prune = 1; ++ } ++ rename $File::Find::name, $destpath ++ or syserr(g_('cannot move %s to %s'), $File::Find::name, $destpath); ++ }; ++ ++ find({ ++ wanted => $move_in_place, ++ no_chdir => 1, ++ dangling_symlinks => 0, ++ }, $tmp); + } else { +- rename($tmp, $dest) +- or syserr(g_('unable to rename %s to %s'), $tmp, $dest); ++ # Rename extracted directory ++ opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); ++ my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); ++ closedir($dir_dh); ++ ++ erasedir($dest); ++ ++ if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { ++ rename("$tmp/$entries[0]", $dest) ++ or syserr(g_('unable to rename %s to %s'), ++ "$tmp/$entries[0]", $dest); ++ } else { ++ rename($tmp, $dest) ++ or syserr(g_('unable to rename %s to %s'), $tmp, $dest); ++ } + } + erasedir($tmp); + } +diff --git a/scripts/t/Dpkg_Source_Archive.t b/scripts/t/Dpkg_Source_Archive.t +index 7b70da68e..504fbe1d4 100644 +--- a/scripts/t/Dpkg_Source_Archive.t ++++ b/scripts/t/Dpkg_Source_Archive.t +@@ -16,12 +16,120 @@ + use strict; + use warnings; + +-use Test::More tests => 1; ++use Test::More tests => 4; ++use Test::Dpkg qw(:paths); ++ ++use File::Spec; ++use File::Path qw(make_path rmtree); + + BEGIN { + use_ok('Dpkg::Source::Archive'); + } + ++use Dpkg; ++ ++my $tmpdir = test_get_temp_path(); ++ ++rmtree($tmpdir); ++ ++sub test_touch ++{ ++ my ($name, $data) = @_; ++ ++ open my $fh, '>', $name ++ or die "cannot touch file $name\n"; ++ print { $fh } $data if $data; ++ close $fh; ++} ++ ++sub test_path_escape ++{ ++ my $name = shift; ++ ++ my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree"); ++ my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay"); ++ my $outdir = "$tmpdir/$name-out"; ++ my $expdir = "$tmpdir/$name-exp"; ++ ++ # This is the base directory, where we are going to be extracting stuff ++ # into, which include traps. ++ make_path("$treedir/subdir-a"); ++ test_touch("$treedir/subdir-a/file-a"); ++ test_touch("$treedir/subdir-a/file-pre-a"); ++ make_path("$treedir/subdir-b"); ++ test_touch("$treedir/subdir-b/file-b"); ++ test_touch("$treedir/subdir-b/file-pre-b"); ++ symlink File::Spec->abs2rel($outdir, $treedir), "$treedir/symlink-escape"; ++ symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), "$treedir/symlink-nonexistent"; ++ symlink "$treedir/file", "$treedir/symlink-within"; ++ test_touch("$treedir/supposed-dir"); ++ ++ # This is the overlay directory, which we'll pack and extract over the ++ # base directory. ++ make_path($overdir); ++ make_path("$overdir/subdir-a/aa"); ++ test_touch("$overdir/subdir-a/aa/file-aa", 'aa'); ++ test_touch("$overdir/subdir-a/file-a", 'a'); ++ make_path("$overdir/subdir-b/bb"); ++ test_touch("$overdir/subdir-b/bb/file-bb", 'bb'); ++ test_touch("$overdir/subdir-b/file-b", 'b'); ++ make_path("$overdir/symlink-escape"); ++ test_touch("$overdir/symlink-escape/escaped-file", 'escaped'); ++ test_touch("$overdir/symlink-nonexistent", 'nonexistent'); ++ make_path("$overdir/symlink-within"); ++ make_path("$overdir/supposed-dir"); ++ test_touch("$overdir/supposed-dir/supposed-file", 'something'); ++ ++ # Generate overlay tar. ++ system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw( ++ subdir-a subdir-b ++ symlink-escape/escaped-file symlink-nonexistent symlink-within ++ supposed-dir ++ )) == 0 ++ or die "cannot create overlay tar archive\n"; ++ ++ # This is the expected directory, which we'll be comparing against. ++ make_path($expdir); ++ system('cp', '-a', $overdir, $expdir) == 0 ++ or die "cannot copy overlay hierarchy into expected directory\n"; ++ ++ # Store the expected and out reference directories into a tar to compare ++ # its structure against the result reference. ++ system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw( ++ subdir-a subdir-b ++ symlink-escape/escaped-file symlink-nonexistent symlink-within ++ supposed-dir ++ ), '-C', $treedir, qw( ++ subdir-a/file-pre-a ++ subdir-b/file-pre-b ++ )) == 0 ++ or die "cannot create expected tar archive\n"; ++ ++ # This directory is supposed to remain empty, anything inside implies a ++ # directory traversal. ++ make_path($outdir); ++ ++ my $warnseen; ++ local $SIG{__WARN__} = sub { $warnseen = $_[0] }; ++ ++ # Perform the extraction. ++ my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar"); ++ $tar->extract($treedir, in_place => 1); ++ ++ # Store the result into a tar to compare its structure against a reference. ++ system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.'); ++ ++ # Check results ++ ok(length $warnseen && $warnseen =~ m/points outside source root/, ++ 'expected warning seen'); ++ ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', $treedir) == 0, ++ 'expected directory matches'); ++ ok(! -e "$outdir/escaped-file", ++ 'expected output directory is empty, directory traversal'); ++} ++ ++test_path_escape('in-place'); ++ + # TODO: Add actual test cases. + + 1; +-- +2.33.0 + diff --git a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb index 681909f0bf..7ef6233ee4 100644 --- a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb +++ b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb @@ -14,6 +14,7 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main file://0001-dpkg-Support-muslx32-build.patch \ file://pager.patch \ file://0001-Add-support-for-riscv32-CPU.patch \ + file://0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch \ " SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch" From patchwork Wed Jul 27 00:40:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10645 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C85DDC3F6B0 for ; Wed, 27 Jul 2022 00:41:36 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web12.14368.1658882486640850645 for ; Tue, 26 Jul 2022 17:41:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=wNAVOp9O; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id v18so1650879plo.8 for ; Tue, 26 Jul 2022 17:41:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Gp1ULT/ixN+remDAFgLcn5OR0dCkPPLNYjnPGPkLHSE=; b=wNAVOp9OAlB98M05oISoH19ys1X/8iOgAO0J0+M/4e8C+R0LrIq+M/tGdj+NMw8bKo JhqeyhIyTkKb5Lx2TZ10DeCLDvpPg3yAkIRfUWIqIJBzVxWKI9OAW5c3wccbFwyCSaKL F0PGfICgc+BXr06Vh+4tFh5QHaOpUUtP2v00FaDwYsyR0EvtR98fP0/doEt8hlUwsfBJ xGpWJrdSksz3uVXkOOO897oe/er5HJfTPwQHoiB/qj7FEEHs7QIz/7YIELbDtBhRSzcL ukkEXC7jceO5CaBYzFGeoMxvGXGRhGBNjGnUopWT/pXJiuqYCCmSzJa8zzY/GX/NP7jf eMVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Gp1ULT/ixN+remDAFgLcn5OR0dCkPPLNYjnPGPkLHSE=; b=3oE7R+YQstTSWRo8zH2cjO6f041s6IXHysJj8SP3vc6Y6FVW787lJ+k3FMNvl0TsnN DzkOYIThTbJOIbaOohMgG441D1euYMsqvn7Dh/BUE3dmTMCfM00S1j3AN17v6vGxHWCG 0hilVpNK333Fn9kMclgUDhWv1ZehABs1MJqs3tRJlyJMBy6R8itW/n5Lvibh/PafpOyM y/gQZ1gDiGRZiwV4y1PkG6Yvxiq+1V4sRMM+g67bnTrx0MbmkOMxTrnlX2hiB21qRsYb uOka7axBWlXzBSAUxh3fm68u35l1A2kHQXbTwIKCx596y8yvQacgpPgs7q9Q6CYWShBB bUrA== X-Gm-Message-State: AJIora9P9xKyE09Ujp7zO1SoOXrQTpnag+QN2ro2wT36Z/VONVRg07wo 27UdrCrPbqmOUHaEPle4OF36cMxWN0EXVslC X-Google-Smtp-Source: AGRyM1v32LA34wraLtqjDdlufib3hUG3Z+FhwejHylGqPH7cWILTQ6aL0/n6gD9FfOriCaCB6mNm9g== X-Received: by 2002:a17:90a:b782:b0:1f1:abb8:de1b with SMTP id m2-20020a17090ab78200b001f1abb8de1bmr1734140pjr.44.1658882485396; Tue, 26 Jul 2022 17:41:25 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/15] bind: upgrade 9.18.2 -> 9.18.3 Date: Tue, 26 Jul 2022 14:40:35 -1000 Message-Id: <1bbedc1c6f9b1d431a7d72b9e8e2871d0fe988f5.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168527 From: wangmy Changelog: ========== [security] Fix a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. (CVE-2022-1183) [GL #3216] [bug] RPZ NSIP and NSDNAME rule processing didn't handle stub and static-stub zones at or above the query name. This has now been addressed. [GL #3232] Fixed a deadlock that could occur if an rndc connection arrived during the shutdown of network interfaces. [GL #3272] Refactor the fctx_done() function to set fctx to NULL after detaching, so that reference counting errors will be easier to avoid. [GL #2969] udp_recv() in dispatch could trigger an INSIST when the callback's result indicated success but the response was canceled in the meantime. [GL #3300] Work around a jemalloc quirk which could trigger an out-of-memory condition in named over time. [GL #3287] If there was a pending negative cache DS entry, validations depending upon it could fail. [GL #3279] dig returned a 0 exit status on UDP connection failure. [GL #3235] Fix an assertion failure when using dig with +nssearch and +tcp options by starting the next query in the send_done() callback (like in the UDP mode) instead of doing that recursively in start_tcp(). Also ensure that queries interrupted while connecting are detached properly. [GL #3144] Don't remove CDS/CDNSKEY DELETE records on zone sign when using 'auto-dnssec maintain;'. [GL #2931] [contrib] Avoid name space collision in dlz modules by prefixing functions with 'dlz_'. [GL !5778] dlz: Add FALLTHROUGH and UNREACHABLE macros. [GL #3306] [func] Add new named command-line option -C to print built-in defaults. [GL #1326] Introduce the concept of broken catalog zones described in the DNS catalog zones draft version 5 document. [GL #3224] Add DNS Extended Errors when stale answers are returned from cache. [GL #2267] Implement support for catalog zones change of ownership (coo) mechanism described in the DNS catalog zones draft version 5 document. [GL #3223] Implement support for catalog zones options new syntax based on catalog zones custom properties with "ext" suffix described in the DNS catalog zones draft version 5 document. [GL #3222] Implement reference counting for TLS contexts and allow reloading of TLS certificates on reconfiguration without destroying the underlying TCP listener sockets for TLS-based DNS transports. [GL #3122] Add support for remote TLS certificates verification, both to BIND and dig, making it possible to implement Strict and Mutual TLS authentication, as described in RFC 9103, Section 9.3. [GL #3163] [cleanup] Remove use of exclusive mode in ns_interfacemgr in favor of rwlocked access to localhost and localnets members of dns_aclenv_t structure. [GL #3229] Remove the task exclusive mode use in ns_clientmgr. [GL #3230] Signed-off-by: Wang Mingyu Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit d2ae8b85c71be2e9e332b1ef0a2d3083b30c63e6) Signed-off-by: Steve Sakoman --- .../0001-avoid-start-failure-with-bind-user.patch | 0 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 .../bind/{bind-9.18.2 => bind-9.18.3}/bind9 | 0 .../bind/{bind-9.18.2 => bind-9.18.3}/conf.patch | 0 .../bind/{bind-9.18.2 => bind-9.18.3}/generate-rndc-key.sh | 0 .../init.d-add-support-for-read-only-rootfs.patch | 0 .../make-etc-initd-bind-stop-work.patch | 0 .../bind/{bind-9.18.2 => bind-9.18.3}/named.service | 0 .../bind/{bind_9.18.2.bb => bind_9.18.3.bb} | 2 +- 10 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/0001-avoid-start-failure-with-bind-user.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/bind9 (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/conf.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/generate-rndc-key.sh (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/init.d-add-support-for-read-only-rootfs.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/make-etc-initd-bind-stop-work.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/named.service (100%) rename meta/recipes-connectivity/bind/{bind_9.18.2.bb => bind_9.18.3.bb} (98%) diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/0001-avoid-start-failure-with-bind-user.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/0001-named-lwresd-V-and-start-log-hide-build-options.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/bind-ensure-searching-for-json-headers-searches-sysr.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/bind9 b/meta/recipes-connectivity/bind/bind-9.18.3/bind9 similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/bind9 rename to meta/recipes-connectivity/bind/bind-9.18.3/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.3/conf.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/conf.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/conf.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/generate-rndc-key.sh rename to meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/init.d-add-support-for-read-only-rootfs.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/make-etc-initd-bind-stop-work.patch rename to meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/named.service b/meta/recipes-connectivity/bind/bind-9.18.3/named.service similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.2/named.service rename to meta/recipes-connectivity/bind/bind-9.18.3/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.18.2.bb b/meta/recipes-connectivity/bind/bind_9.18.3.bb similarity index 98% rename from meta/recipes-connectivity/bind/bind_9.18.2.bb rename to meta/recipes-connectivity/bind/bind_9.18.3.bb index 1c77aceb9f..b511b77f2e 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.2.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.3.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "2e4b38779bba0a23ee634fdf7c525fd9794c41d692bfd83cda25823a2a3ed969" +SRC_URI[sha256sum] = "0ad8da773bd93cba0ef66cc81999698ebdf9c3e51faed5e5c8c1eb75cad2ae6f" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Wed Jul 27 00:40:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10646 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCFDEC19F28 for ; Wed, 27 Jul 2022 00:41:36 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.14472.1658882489173289514 for ; Tue, 26 Jul 2022 17:41:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=xLEX+TJB; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id e1so4337545pjl.1 for ; Tue, 26 Jul 2022 17:41:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=QngP10n1UpLQ1mvCkG6BIyKYpS0AszeTJqIB02iFY5A=; b=xLEX+TJBNg9IvOKVTLT1fR2n47qydtGrPP8AKIYxfuSgZpZvBAXStYXU5SVAa9rZp3 kw9KMXlvtqEJwYnA4vXmqImlayAYDOfkBWQhp1MlnrT+/eq+5TsjgMwkvsAoW3BM1GUJ s99Sc14Br2r3CxVo7rQ83cnclIjmCS61ts7MYZHdlMVu51eJWIingh0zA4H+4jXacAVF 3bns7AVydtZ9Fx4nrxuMyj10z4myj9rwmheVfdtz76LIgAd/swzL4IqZGcg0ZpZUDgWa D2Z8Ik/B7OPhHbutlR+T/0pLLA0qN5jkzN6WeYWjMoI9urhg7/fHGfh/YbfQbxdIxyrD YXCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QngP10n1UpLQ1mvCkG6BIyKYpS0AszeTJqIB02iFY5A=; b=rGiLrVC1B8RSYBfAro/DX+Im3GrrStdZJwzZB9fQEolsvKfrwOcWd0aK6VOFNwxfsh F17f0RkxzkvrKWrVlMH5ruWSy7nSNX/CmD2i4rAx1iGPiqwp3lc6TarH6eHAFdhgJBYG 1Cchy84DvgJ99t2/2/EHmZc13eq8V5KAd4AFKOsFUdyUT1IbOotVu3fQTlAeKgjr+u9X NWC5MP0r0oNa8UCxZkyAeGwjTQk3QBWS6dq/oQAXks2VQwHFqCgrj+IJx5aADsJVs/qt cOLB6i+oDpK9v9Mt0GSi/WOMKQ85YsqjeKq6aWrkuxT+ggJF4T7zEulWtv4FBzhk6v6w +3lw== X-Gm-Message-State: AJIora9pwzYUPlfO5ZFp9U6V9/lvlLtevxOB4LAmbhDoztTTUXyWpbjw Q/d+M6+ZNwPvFO9ZEfHdPcSN5ZpNJnSqkMR6 X-Google-Smtp-Source: AGRyM1vw2GFHN11Ks3YkgBgzz7cAKZM44Gy216qgfsKhTa35RuwI3VSwc4sMd2VyXSVeKcHOeYhvUA== X-Received: by 2002:a17:90a:fec:b0:1f2:8c1f:210b with SMTP id 99-20020a17090a0fec00b001f28c1f210bmr1677364pjz.114.1658882487945; Tue, 26 Jul 2022 17:41:27 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/15] bind: upgrade 9.18.3 -> 9.18.4 Date: Tue, 26 Jul 2022 14:40:36 -1000 Message-Id: <5bfb44bff5d296b8fd447acb7bdb29b544bd1c20.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168528 From: wangmy Changelog: ========== [func] Don't try to process DNSSEC-related and ZONEMD records in catz. [GL #3380] [func] Add some more dnssec-policy checks to detect weird policies. [GL #1611] [test] Add new set of unit test macros and move the unit tests under single namespace in /tests/. [GL !6243] [func] Key timing options for 'dnssec-settime' and related utilities now accept "UNSET" times as printed by 'dnssec-settime -p'. [GL #3361] [bug] When the fetches-per-server quota was adjusted because of an authoritative server timing out more or less frequently, it was incorrectly set to 1 rather than the intended value. This has been fixed. [GL #3327] [bug] Only write key files if the dnssec-policy keymgr has changed the metadata. [GL #3302] [func] Key timing options for 'dnssec-keygen' and 'dnssec-settime' now accept times as printed by 'dnssec-settime -p'. [GL !2947] Signed-off-by: Wang Mingyu Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit d5a12d549209f01324d03963db96449ee43452eb) Signed-off-by: Steve Sakoman --- .../0001-avoid-start-failure-with-bind-user.patch | 0 .../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0 .../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0 .../bind/{bind-9.18.3 => bind-9.18.4}/bind9 | 0 .../bind/{bind-9.18.3 => bind-9.18.4}/conf.patch | 0 .../bind/{bind-9.18.3 => bind-9.18.4}/generate-rndc-key.sh | 0 .../init.d-add-support-for-read-only-rootfs.patch | 0 .../make-etc-initd-bind-stop-work.patch | 0 .../bind/{bind-9.18.3 => bind-9.18.4}/named.service | 0 .../bind/{bind_9.18.3.bb => bind_9.18.4.bb} | 2 +- 10 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/0001-avoid-start-failure-with-bind-user.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/bind9 (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/conf.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/generate-rndc-key.sh (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/init.d-add-support-for-read-only-rootfs.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/make-etc-initd-bind-stop-work.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/named.service (100%) rename meta/recipes-connectivity/bind/{bind_9.18.3.bb => bind_9.18.4.bb} (98%) diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/bind9 b/meta/recipes-connectivity/bind/bind-9.18.4/bind9 similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/bind9 rename to meta/recipes-connectivity/bind/bind-9.18.4/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/conf.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/conf.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh rename to meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch rename to meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/named.service b/meta/recipes-connectivity/bind/bind-9.18.4/named.service similarity index 100% rename from meta/recipes-connectivity/bind/bind-9.18.3/named.service rename to meta/recipes-connectivity/bind/bind-9.18.4/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.18.3.bb b/meta/recipes-connectivity/bind/bind_9.18.4.bb similarity index 98% rename from meta/recipes-connectivity/bind/bind_9.18.3.bb rename to meta/recipes-connectivity/bind/bind_9.18.4.bb index b511b77f2e..5af2022129 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.3.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.4.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "0ad8da773bd93cba0ef66cc81999698ebdf9c3e51faed5e5c8c1eb75cad2ae6f" +SRC_URI[sha256sum] = "f277ae50159a00c300eb926a9c5d51953038a936bd8242d6913dfb6eac42761d" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Wed Jul 27 00:40:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10647 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D499DC19F21 for ; Wed, 27 Jul 2022 00:41:36 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.14473.1658882491916841790 for ; Tue, 26 Jul 2022 17:41:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=z1+NPrD6; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id y1so6777186pja.4 for ; Tue, 26 Jul 2022 17:41:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=6DTb3FtitZxw1kV04XhAqTBCI5zzHc5oGmXvCUdJmKI=; b=z1+NPrD6PpUg/OHW0Lqxk0Vl2ul4imnvYdhafr3Ns/a0aHE7koXYF9aHf9hAHKftuv keXIdgUfptJuP6H1Y6m70xIgeEJcJCFU3Eo3HfpVtQIvO0NogwLjhSJiUdOyro+n68C4 lwDAgUt4Pv4rzb4oDql67dZO5DlQO2SnqvKL6dypsY2jtjRVaDsqrO49izUbn5vrvbSS 0QPfYJCxpgDItcRLLikNd0n+mgASBWdphA0k68Q0GASECHOMfalStImIahtPWueBkRyK r8S9f8nxl+QpydBn9gRfl+seQ4rHjVz2GD9N2MGuqKjP+T454VfRex0vdZzK97bz3JZt HQUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6DTb3FtitZxw1kV04XhAqTBCI5zzHc5oGmXvCUdJmKI=; b=3nGmgk7pnQ5C6JU7fPtWLHHweDF8UV/H7TdQ2WxC0QOnzlIEKXjc+dNVoQeCBOPEku EVlKh7T5vaVARa6dWqJdwZ7qefUYpKbMPRrI4Kyh8kYiYSGdXTSM+8ORIBQavAePhPWg QyUli4zCFN27Aaxlozs4/1/a7LMv9cG7zU7d6dtbBItbkzDhG4mv4MKg1vVg7Nc6lOaQ ohpTH9fHVTt0Gqmla28yggSa/10ZeGbbCtGAXiJ4bUA2qbSMoc1LCMN2jP8j5VJ/XnYD LUp7mBEtr1H02RmMvFFVlbxidGekmu4xqmrpM5uKsSGi6Ss3Bjv8YY21N9V6hpmMumlB QQyQ== X-Gm-Message-State: AJIora/LpYWwjV7+W00PZx9M7vIQKcZo6n8SOKAMnqYUu0QRVS9ze8hw 2G7iHq6XfZUqUGUnKpuJBn4rXRhaSOaSUtNn X-Google-Smtp-Source: AGRyM1tiyhOdBoX2m3C+j/DMKkmU/g805T5Z8bY1qjlMis6Qrkc6Xaj5XTfkDRTes49Pfbul3MkdfQ== X-Received: by 2002:a17:90b:4f47:b0:1f2:ab5b:f1b4 with SMTP id pj7-20020a17090b4f4700b001f2ab5bf1b4mr1611250pjb.208.1658882490617; Tue, 26 Jul 2022 17:41:30 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/15] gnupg: update 2.3.4 -> 2.3.6 Date: Tue, 26 Jul 2022 14:40:37 -1000 Message-Id: <4e9c180baf5fea79a2ca472651b782038051b837.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168529 From: Alexander Kanavin Remove 0003-dirmngr-uses-libgpg-error.patch (upstream addressed the issue). Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie Signed-off-by: Yue Tao Signed-off-by: Steve Sakoman --- ...-a-custom-value-for-the-location-of-.patch | 6 ++-- .../0003-dirmngr-uses-libgpg-error.patch | 29 ------------------- .../gnupg/gnupg/relocate.patch | 18 ++++++------ .../gnupg/{gnupg_2.3.4.bb => gnupg_2.3.6.bb} | 3 +- 4 files changed, 13 insertions(+), 43 deletions(-) delete mode 100644 meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch rename meta/recipes-support/gnupg/{gnupg_2.3.4.bb => gnupg_2.3.6.bb} (95%) diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index b58fbfe6f5..c4ede9ea5e 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From bdde1faa774753e29d582d79186e08a38597de9e Mon Sep 17 00:00:00 2001 +From 89b98553084fbefe1ef2c7cbff9e72cf43144c49 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 5cdd316..e5f2d6a 100644 +index d86c60e..65c22b2 100644 --- a/configure.ac +++ b/configure.ac -@@ -1962,7 +1962,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1955,7 +1955,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch deleted file mode 100644 index b4106d3620..0000000000 --- a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9ace8f1b68ab708c44dce4c0152b975fbceb0398 Mon Sep 17 00:00:00 2001 -From: Saul Wold -Date: Wed, 16 Aug 2017 11:18:01 +0800 -Subject: [PATCH] dirmngr uses libgpg error - -Upstream-Status: Pending -Signed-off-by: Saul Wold - -Rebase to 2.1.23 - -Signed-off-by: Hongxu Jia - ---- - dirmngr/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am -index 77ca3f5..1446775 100644 ---- a/dirmngr/Makefile.am -+++ b/dirmngr/Makefile.am -@@ -86,7 +86,7 @@ endif - dirmngr_LDADD = $(libcommonpth) \ - $(DNSLIBS) $(LIBASSUAN_LIBS) \ - $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \ -- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) -+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) $(GPG_ERROR_LIBS) - if USE_LDAP - dirmngr_LDADD += $(ldaplibs) - endif diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch index 74f48e9582..43999b8a6d 100644 --- a/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From 1e34e1d477f843c0ee2f1a3fddc20201f0233e81 Mon Sep 17 00:00:00 2001 +From 89ae4f03307104689e1857d9857d452af6b35ac4 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common/homedir.c b/common/homedir.c -index 174d961..f4c25fb 100644 +index 260aeb2..1aeb08d 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -1161,7 +1161,7 @@ gnupg_socketdir (void) +@@ -1143,7 +1143,7 @@ gnupg_socketdir (void) if (!name) { unsigned int dummy; @@ -26,7 +26,7 @@ index 174d961..f4c25fb 100644 gpgrt_annotate_leaked_object (name); } -@@ -1193,7 +1193,7 @@ gnupg_sysconfdir (void) +@@ -1175,7 +1175,7 @@ gnupg_sysconfdir (void) if (dir) return dir; else @@ -35,7 +35,7 @@ index 174d961..f4c25fb 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1229,7 +1229,7 @@ gnupg_bindir (void) +@@ -1211,7 +1211,7 @@ gnupg_bindir (void) return name; } else @@ -44,7 +44,7 @@ index 174d961..f4c25fb 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1256,7 +1256,7 @@ gnupg_libexecdir (void) +@@ -1238,7 +1238,7 @@ gnupg_libexecdir (void) return name; } else @@ -53,7 +53,7 @@ index 174d961..f4c25fb 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1286,7 +1286,7 @@ gnupg_libdir (void) +@@ -1268,7 +1268,7 @@ gnupg_libdir (void) return name; } else @@ -62,7 +62,7 @@ index 174d961..f4c25fb 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1317,7 +1317,7 @@ gnupg_datadir (void) +@@ -1299,7 +1299,7 @@ gnupg_datadir (void) return name; } else @@ -71,7 +71,7 @@ index 174d961..f4c25fb 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1349,7 +1349,7 @@ gnupg_localedir (void) +@@ -1331,7 +1331,7 @@ gnupg_localedir (void) return name; } else diff --git a/meta/recipes-support/gnupg/gnupg_2.3.4.bb b/meta/recipes-support/gnupg/gnupg_2.3.6.bb similarity index 95% rename from meta/recipes-support/gnupg/gnupg_2.3.4.bb rename to meta/recipes-support/gnupg/gnupg_2.3.6.bb index d27bddb8bd..f35eb8c75a 100644 --- a/meta/recipes-support/gnupg/gnupg_2.3.4.bb +++ b/meta/recipes-support/gnupg/gnupg_2.3.6.bb @@ -16,7 +16,6 @@ inherit autotools gettext texinfo pkgconfig UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ - file://0003-dirmngr-uses-libgpg-error.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ " @@ -24,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "f3468ecafb1d7f9ad7b51fd1db7aebf17ceb89d2efa8a05cf2f39b4d405402ae" +SRC_URI[sha256sum] = "21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ From patchwork Wed Jul 27 00:40:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C85ADC00144 for ; Wed, 27 Jul 2022 00:41:36 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web09.14403.1658882494108520411 for ; Tue, 26 Jul 2022 17:41:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ufpYdC29; spf=softfail (domain: sakoman.com, ip: 209.85.216.54, mailfrom: steve@sakoman.com) Received: by mail-pj1-f54.google.com with SMTP id o5-20020a17090a3d4500b001ef76490983so586802pjf.2 for ; Tue, 26 Jul 2022 17:41:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=4J1PLbFU76pBZMpNToaMYGLgE3QnnLfuKTr8k9arutE=; b=ufpYdC29Qne/K4L9OHiQn3tZuZXPTmuXOPNgoD6fh0jiH55bLtKjhIINspuCE1xoO5 EZDnLb7xMA5Kuda3sb1/8xPCd2eNE4z8B8v7UsJ/SCeJ/y2IYuAS1YIf4pX80L77YMc9 aNo5OKwULC/ui2jhega26jW5SlMKlv/vryzFdOXrmS7yC5FACZ+9EuY14bv+pnwAnZtP YH3d+9TmR+1Xyw7ZCeWvwK5WJeSy0gKc9ZDvuzHVXbGE7BzYFTXoDa/qsOCk/pxzJ6Bh qMsyJF9trTzVV98MvZOTo5YQsSwBp5szFvQN54lF1dNUjWHu4PQEWma+PPAW2K121x2R p/mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4J1PLbFU76pBZMpNToaMYGLgE3QnnLfuKTr8k9arutE=; b=tWgENkzXjTPKfuKdm6HiJwKVelKdcuop6vgKEzIu0iOaabr8Y2g8Q7YZC0LhJOFgR5 Hs+8f3h6O0dPyhzmrynfjEVAsOd0TfFEkAgsuhZKeyHsSqLa1xMI7XThnrWnHky8CV5f s5xt1eAKOMEEEci4kzYjtzHFvOk0e1jDDogony7kaSb+Ue1ngQWaka4K86LpO2VQvPB+ hXnx/1oAV2bjbRPoc7/4UlxqyUaWyHfXwIhj/ZFFFgPfmPF89FFs/xlZGLcfTvJ0+/k6 lKzIY0iHy9yM03yzswQhaCj9DiKU1TukJui8Iy6yb+YIRh9Rl0yQE9AAW+W1xdVDZ0qa ruhg== X-Gm-Message-State: AJIora+hPbOkkPSt5wNxuzZl70oP5PqX23vv6WOSnvHy6Fb/is58BAVm 847FDgHJqTNaelTgkvvtlCYXQqM3+B/qDag+ X-Google-Smtp-Source: AGRyM1tRIXzV3ng6n6WTQu/tDM8uQwrK6XXR7wHFQI/BY+TTkjg8eOWxaCpB357NVvr+tciuiaVLZA== X-Received: by 2002:a17:90b:4a91:b0:1f0:64c5:2a04 with SMTP id lp17-20020a17090b4a9100b001f064c52a04mr1618035pjb.127.1658882493046; Tue, 26 Jul 2022 17:41:33 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/15] gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 Date: Tue, 26 Jul 2022 14:40:38 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168530 From: Yue Tao Signed-off-by: Yue Tao Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-support/gnupg/{gnupg_2.3.6.bb => gnupg_2.3.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/gnupg/{gnupg_2.3.6.bb => gnupg_2.3.7.bb} (97%) diff --git a/meta/recipes-support/gnupg/gnupg_2.3.6.bb b/meta/recipes-support/gnupg/gnupg_2.3.7.bb similarity index 97% rename from meta/recipes-support/gnupg/gnupg_2.3.6.bb rename to meta/recipes-support/gnupg/gnupg_2.3.7.bb index f35eb8c75a..da2b1c4deb 100644 --- a/meta/recipes-support/gnupg/gnupg_2.3.6.bb +++ b/meta/recipes-support/gnupg/gnupg_2.3.7.bb @@ -23,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1" +SRC_URI[sha256sum] = "ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ From patchwork Wed Jul 27 00:40:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10652 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6B28C19F28 for ; Wed, 27 Jul 2022 00:41:46 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web09.14404.1658882496606958713 for ; Tue, 26 Jul 2022 17:41:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=1N8Nq3/e; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d10so14693911pfd.9 for ; Tue, 26 Jul 2022 17:41:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=DLBHQmsE3zgz4f60Td4hI7yeIp+SQd3WqnWkWOFBdgY=; b=1N8Nq3/ejR5bgUnJhzEVCxWSAeGzu8Y6Kw9INUmMAInGGJm2yNxs2LP/XTA7OOmFUc axsa+oyWp6/XZbNfX2E3IGhNbifaydA7HGsJPQHT4qZ6YtQGXqbrURddDvBc/j1PBH7C Lcbe+19ymAju/ftwl1Rj5t4GxihWaePIHoGgBsRHrYbGdBn3T3yddDS16Pu9yRe+SYNj WTl23SEl8gD5yDrFk4bnwnhprJ3NE444x6aGamdJRO0+vZJxWgmIrZxCQ6glVMXd3K/m N0+AzpbkqyY4NhQnrlWEONVGdRyqMundY2tPd6/Y6MDUHZYcgqefJQpLEOG1tD8iF91l 4ApQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DLBHQmsE3zgz4f60Td4hI7yeIp+SQd3WqnWkWOFBdgY=; b=5kavdOvXzN/eLALjze/o6PyPWV8wag5WYu0V3ELVL4EqMCRmzVzGDSrY958Z8NFofk f8kfCelH+La9U708bDngOqm9raAOvavY+hZ5PSR8/llUmk6wFWb+XvhFLgygwqFg9ZPj ZUm1HWfiqlp4NUGGNHGKGTmofNz6G0kidIrnpIZDeh4EA2EG1vWYGkcTQfe4h6dY1Md3 hmCVSXYgdCmpKtUsDH0ShHLy1EKJ7lTv+RrP6dwW7iCZxlX7R5MAiMiOYDKDKciv0Wc8 HgQxgt8ABEIIHPfhs/xIullHVvaued3lFKRxQXQAmxVtLDWxyJbCB6hYw5Hq4QYDScLK rTMw== X-Gm-Message-State: AJIora8I1Rbtm2hwDV1DJKjOe7mAk06jS5ewHyX1FKRL0QX3SB7krzrz kpeultiGg/Nmsj1Rfq650ZyPk+dYbddiPPW3 X-Google-Smtp-Source: AGRyM1vrEbBMYZaSXAo5nrfNGNrYWBqhBG9BPzXqFWafbWYem0zUlo/GEcmpilAgVu/TW/xR2ngYzg== X-Received: by 2002:a63:1c0f:0:b0:41a:3b20:5f8c with SMTP id c15-20020a631c0f000000b0041a3b205f8cmr16712415pgc.44.1658882495199; Tue, 26 Jul 2022 17:41:35 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/15] vim: Upgrade 9.0.0021 -> 9.0.0063 Date: Tue, 26 Jul 2022 14:40:39 -1000 Message-Id: <8b42e405fc630537398116a1429a9bc7cb2152ab.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168531 From: Richard Purdie Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Signed-off-by: Richard Purdie (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Mingli Yu Signed-off-by: Steve Sakoman --- .../vim/files/crosscompile.patch | 51 +++++++++++++++++++ meta/recipes-support/vim/files/racefix.patch | 12 +++-- meta/recipes-support/vim/vim.inc | 9 +++- 3 files changed, 66 insertions(+), 6 deletions(-) create mode 100644 meta/recipes-support/vim/files/crosscompile.patch diff --git a/meta/recipes-support/vim/files/crosscompile.patch b/meta/recipes-support/vim/files/crosscompile.patch new file mode 100644 index 0000000000..583d3fc7b0 --- /dev/null +++ b/meta/recipes-support/vim/files/crosscompile.patch @@ -0,0 +1,51 @@ +configure.ac: Fix create_timer solaris test for cross compiling + +A runtime test was added for create_timer however this meant cross compiling +would no longer work. Allow a cache value to be specified to allow cross +compiling again. + +Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org + +Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777] + +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( + dnl Check for timer_create. It probably requires the 'rt' library. + dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually + dnl works, on Solaris timer_create() exists but fails at runtime. +-AC_MSG_CHECKING([for timer_create]) ++AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create], + save_LIBS="$LIBS" + LIBS="$LIBS -lrt" + AC_RUN_IFELSE([AC_LANG_PROGRAM([ +@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {} + if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) + exit(1); // cannot create a monotonic timer + ])], +- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE), ++ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes, + LIBS="$save_LIBS" + AC_RUN_IFELSE([AC_LANG_PROGRAM([ + #include +@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {} + if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) + exit(1); // cannot create a monotonic timer + ])], +- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE), +- AC_MSG_RESULT(no))) ++ vim_cv_timer_create=yes, ++ vim_cv_timer_create=no), ++ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create') ++ ) ++) ++ ++if test "x$vim_cv_timer_create" = "xyes" ; then ++ AC_DEFINE(HAVE_TIMER_CREATE) ++fi ++ + + AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash], + [ diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch index 1cb8fb442f..34bd37d650 100644 --- a/meta/recipes-support/vim/files/racefix.patch +++ b/meta/recipes-support/vim/files/racefix.patch @@ -1,9 +1,13 @@ +po/Makefile: Avoid race over LINGUAS file + The creation of the LINGUAS file is duplicated for each desktop file -which can lead the commands to race against each other. Rework -the makefile to avoid this as the expense of leaving the file on disk. +which can lead the commands to race against each other. One target might +remove it before another has been able to use it. Rework the makefile to +avoid this as the expense of leaving the file on disk. + +Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org -Upstream-Status: Pending -RP 2021/2/15 +Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776] Index: git/src/po/Makefile =================================================================== diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 7e2c624bc1..31229534e4 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,10 +19,11 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ + file://crosscompile.patch \ " -PV .= ".0021" -SRCREV = "5e59ea54c0c37c2f84770f068d95280069828774" +PV .= ".0063" +SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" @@ -95,6 +96,10 @@ EXTRA_OECONF = " \ STRIP=/bin/true \ " +# Some host distros don't have it, disable consistently +EXTRA_OECONF:append:class-native = " vim_cv_timer_create=no" +EXTRA_OECONF:append:class-target = " vim_cv_timer_create=yes" + do_install() { autotools_do_install From patchwork Wed Jul 27 00:40:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10651 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDDB7C19F2A for ; Wed, 27 Jul 2022 00:41:46 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web09.14400.1658882478851420184 for ; Tue, 26 Jul 2022 17:41:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=YV0Bdvnm; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id x24-20020a17090ab01800b001f21556cf48so548150pjq.4 for ; Tue, 26 Jul 2022 17:41:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=us60GOjd3Wgz9wTUq3Bn6BI3y0OhB/evll8sumuA2oc=; b=YV0BdvnmUeuWFZ6O8RU3xZoX0ExVXc2+USJAcFkDa/15n13Mz4KsoL2u3XBuEDdkaz 9nf+lBtv1avaNP3jSBswT/92eHQP0g14r6LbF3Th1rmt57KQVyOpCvY0VZpr6mlWVC5b Fy6KoJgVWAe4/jcA/9B3ETkiZ18ipqhNbXx0oC7GZ0GyMHwYvNEo8YoLP19dQr92/6Jc LZxTJQTYajSrSB2qyYQ4uFVSUWoycqM57tDCS7FkckUuKOeVC1lip2Rk7bGtyghglnG1 bq3wRUN0BtCKZf5YrU9EaZeoYaIZVCC2e9IfDAppEJXrk6Yv+RAUY6buSmAjLT+xyfla QgBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=us60GOjd3Wgz9wTUq3Bn6BI3y0OhB/evll8sumuA2oc=; b=Nn3+KlrcWv5hjRb9lHq7bGgTiH+GyK8d7VAxKSL0bdoo9oU9AYPABDH8bGAqpPp92D 8PUmglYcWNqSHXlOGEpU2927cNSUf5K/3xgSj3gxfmNgNwpPwIvT0XRrT6RmgGt5E5yt vGTKeu/o/N/bsBP6oVg8pJECkjanx+TVXJZc4cFe6v+IAVr1ODh07tM+elQgtHukz9nH fOW25ZbG9XvZKaUDAKHKc3ByPToOxlXbFJmaB1YxaXNeLaFfrqQKCAcIl0nc3HiEDiky iM9KHsiMfbKDpwoOvsWejmi7KTNM24mc7coMcxQab9BBbDAlwN8nK7PZKn2bAkno7kN6 8zGg== X-Gm-Message-State: AJIora8L5x9grI98uCJsWM/qyeJdyHox9dC4/R642asbPobNpby2a7i4 1ude592FIfID0fbTMyIHqhtF0NvOP1Gz+iW9 X-Google-Smtp-Source: AGRyM1tuEObHypPU9Dxz82kMtHrGg7rZZ6TnSxRmuD//Y4EqIyeoisinGIUIOzB/w4xYkhmtjA06WQ== X-Received: by 2002:a17:90a:6d64:b0:1f2:5981:325e with SMTP id z91-20020a17090a6d6400b001f25981325emr1643580pjj.109.1658882497983; Tue, 26 Jul 2022 17:41:37 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:37 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/15] go: update v1.17.10 -> v1.17.12 Date: Tue, 26 Jul 2022 14:40:40 -1000 Message-Id: <4c3591cd31b61c4008af80701dfc1bcd6339e0e8.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168532 From: Sakib Sajal go.git$ git log --oneline go1.17.10..go1.17.12 1ed3c127da (tag: go1.17.12) [release-branch.go1.17] go1.17.12 cd54600b86 [release-branch.go1.17] encoding/gob: add a depth limit for ignored fields 76f8b7304d [release-branch.go1.17] path/filepath: fix stack exhaustion in Glob 8c1d8c8362 [release-branch.go1.17] io/fs: fix stack exhaustion in Glob 0117dee7dc [release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read ba8788ebce [release-branch.go1.17] go/parser: limit recursion depth 2678d0c957 [release-branch.go1.17] encoding/xml: limit depth of nesting in unmarshal 58facfbe7d [release-branch.go1.17] encoding/xml: use iterative Skip, rather than recursive ed2f33e1a7 [release-branch.go1.17] net/http: preserve nil values in Header.Clone d13431c37a [release-branch.go1.17] net/http: don't strip whitespace from Transfer-Encoding headers ae2dfcc1c8 [release-branch.go1.17] runtime: add race annotations to cbs.lock fc07039e23 [release-branch.go1.17] runtime: add race annotations to metricsSema 9ef614f5aa [release-branch.go1.17] cmd/compile: allow 128-bit values to be spilled b1be664d64 [release-branch.go1.17] runtime: store consistent total allocation stats as uint64 77cc1c0def [release-branch.go1.17] cmd/go: pass --no-decorate when listing git tags for a commit 8d2935ab7c [release-branch.go1.17] cmd/dist: test cgo internal linking on darwin-arm64 651a8d81ba [release-branch.go1.17] cmd/dist: skip internal linking tests on arm64 26cdea3acc (tag: go1.17.11) [release-branch.go1.17] go1.17.11 4c69fd51a9 [release-branch.go1.17] path/filepath: do not remove prefix "." when following path contains ":". 909881db03 [release-branch.go1.17] misc/cgo/testsanitizers: buffer the signal channel in TestTSAN/tsan11 03c2e56f68 [release-branch.go1.17] crypto/tls: avoid extra allocations in steady-state Handshake calls c15a8e2dbb [release-branch.go1.17] crypto/tls: randomly generate ticket_age_add 590b53fac9 [release-branch.go1.17] os/exec: return clear error for missing cmd.Path 2be03d789d [release-branch.go1.17] crypto/rand: properly handle large Read on windows 65701ad2b4 [release-branch.go1.17] misc/cgo/testsanitizers: use buffered channel in tsan12.go e846f3f2d6 [release-branch.go1.17] runtime: skip TestGdbBacktrace flakes matching a known GDB internal error a9003376d5 [release-branch.go1.17] cmd/dist: consistently set PWD when executing a command in a different directory 0e7138a102 [release-branch.go1.17] runtime: mark TestGcSys as flaky Signed-off-by: Sakib Sajal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} | 2 +- ...o-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} | 4 ++-- ...cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} | 0 .../go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} | 0 .../go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} | 0 .../go/{go-native_1.17.10.bb => go-native_1.17.12.bb} | 0 .../go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} | 0 meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} | 0 8 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} (92%) rename meta/recipes-devtools/go/{go-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.17.10.bb => go-native_1.17.12.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} (100%) rename meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.17.10.inc b/meta/recipes-devtools/go/go-1.17.12.inc similarity index 92% rename from meta/recipes-devtools/go/go-1.17.10.inc rename to meta/recipes-devtools/go/go-1.17.12.inc index e71feb5d02..77a983f9d0 100644 --- a/meta/recipes-devtools/go/go-1.17.10.inc +++ b/meta/recipes-devtools/go/go-1.17.12.inc @@ -17,7 +17,7 @@ SRC_URI += "\ file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ " -SRC_URI[main.sha256sum] = "299e55af30f15691b015d8dcf8ecae72412412569e5b2ece20361753a456f2f9" +SRC_URI[main.sha256sum] = "0d51b5b3f280c0f01f534598c0219db5878f337da6137a9ee698777413607209" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.17.10.bb b/meta/recipes-devtools/go/go-binary-native_1.17.12.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.17.10.bb rename to meta/recipes-devtools/go/go-binary-native_1.17.12.bb index 0f49cebcb7..b034950721 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.17.10.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.17.12.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "87fc728c9c731e2f74e4a999ef53cf07302d7ed3504b0839027bd9c10edaa3fd" -SRC_URI[go_linux_arm64.sha256sum] = "649141201efa7195403eb1301b95dc79c5b3e65968986a391da1370521701b0c" +SRC_URI[go_linux_amd64.sha256sum] = "6e5203fbdcade4aa4331e441fd2e1db8444681a6a6c72886a37ddd11caa415d4" +SRC_URI[go_linux_arm64.sha256sum] = "74a4832d0f150a2d768a6781553494ba84152e854ebef743c4092cd9d1f66a9f" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.17.10.bb b/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.17.10.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb diff --git a/meta/recipes-devtools/go/go-cross_1.17.10.bb b/meta/recipes-devtools/go/go-cross_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.17.10.bb rename to meta/recipes-devtools/go/go-cross_1.17.12.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.17.10.bb b/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.17.10.bb rename to meta/recipes-devtools/go/go-crosssdk_1.17.12.bb diff --git a/meta/recipes-devtools/go/go-native_1.17.10.bb b/meta/recipes-devtools/go/go-native_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.17.10.bb rename to meta/recipes-devtools/go/go-native_1.17.12.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.17.10.bb b/meta/recipes-devtools/go/go-runtime_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.17.10.bb rename to meta/recipes-devtools/go/go-runtime_1.17.12.bb diff --git a/meta/recipes-devtools/go/go_1.17.10.bb b/meta/recipes-devtools/go/go_1.17.12.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.17.10.bb rename to meta/recipes-devtools/go/go_1.17.12.bb From patchwork Wed Jul 27 00:40:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10650 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEDE8C19F21 for ; Wed, 27 Jul 2022 00:41:46 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.web12.14373.1658882501172163838 for ; Tue, 26 Jul 2022 17:41:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ENes4Rjo; spf=softfail (domain: sakoman.com, ip: 209.85.216.42, mailfrom: steve@sakoman.com) Received: by mail-pj1-f42.google.com with SMTP id ku18so14935006pjb.2 for ; Tue, 26 Jul 2022 17:41:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pnKao7jjT0Sk6uigFyd8iazxRG/SDB+M8xkGYu0JxEM=; b=ENes4Rjo9Vm0HLGBgvJdYI9CV7HJbBgSiu8aU+4xw0OipM+B4bkcXExf9N1K3hDwSG NLIkdbqX9XQLnIclb4x77Q/pH79ZSK4vxNYbLzcHobaWKgS3K07AiBxUgw/kIGFcRZWq ZX24wjUyZzFYtdzH206icm5ORd1xNpBt8Yy75yMnG0RTGgWCx8qgwEUsYGz4D8zv+aIe /5pIGW5c04wDve0FAZ3cvHhWo551mtz9zvyGtGWa0hVxCWaNrqIg/5O+QQrB64tb1wgV A/k9NDgZikP1leIR6qwkBIR8cXXIZgolJ4MjFdCyR4NmWqJ3A6fbM7ul6iVBa3NEM4pU zYzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pnKao7jjT0Sk6uigFyd8iazxRG/SDB+M8xkGYu0JxEM=; b=Kk88UwnxjAJE17qC8jAFfyCKB5FOaEZFAUJlsYl27CQSOZvb7zzToyIwEMxX6rdp7y lNCNFRWJ/YQzi1NyvTbws+zLzSXRsYvN7C5Wx165c6oUoYDmeNPpisoC0OJ0Pc1AgLDf yjRCruFC8dlZKPoW87qHzHxLXbVbT37qqj+WnmJHTtKzT9mCXepmHTrDQtdnn3ygzOcM sXmIk+v/5FLUsPQjPdhqslxUtZ0RKOXDM+ZJVxELKettNgPDB3CKxAYzpwRysXgrs7Oi ilALJ6IaL10TjBl5lsUogcV80gnna2Um91Ld8uNrqHNC7+40j59+i5zmOPGiEUG++F2c 9dNg== X-Gm-Message-State: AJIora+PsP/FJt0mxWC6m2ZcHtxbTULHPzI76kBlCvEsXfa1gRMubwUj 9HoOt448mYfeA38pEY8w61l8io9Klk78VtvW X-Google-Smtp-Source: AGRyM1tMFgivRuSxL2UYw2xW3tGigXcc+y92qHT85SXuAUlGREyLgQm1m7a4/mAAkqHvMdjbQHh6jA== X-Received: by 2002:a17:90b:1d87:b0:1f0:6c87:fc8 with SMTP id pf7-20020a17090b1d8700b001f06c870fc8mr1604631pjb.173.1658882500127; Tue, 26 Jul 2022 17:41:40 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:39 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/15] git: upgrade v2.35.3 -> v2.35.4 Date: Tue, 26 Jul 2022 14:40:41 -1000 Message-Id: <11943acaacd9b81b09ca378f40b17c393d33cb4b.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168533 From: Sakib Sajal Minor upgrade which includes fix for CVE-2022-29187. Signed-off-by: Sakib Sajal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} (98%) diff --git a/meta/recipes-devtools/git/git_2.35.3.bb b/meta/recipes-devtools/git/git_2.35.4.bb similarity index 98% rename from meta/recipes-devtools/git/git_2.35.3.bb rename to meta/recipes-devtools/git/git_2.35.4.bb index 794045c8b7..18f39875db 100644 --- a/meta/recipes-devtools/git/git_2.35.3.bb +++ b/meta/recipes-devtools/git/git_2.35.4.bb @@ -165,4 +165,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ " EXTRA_OEMAKE += "NO_GETTEXT=1" -SRC_URI[tarball.sha256sum] = "cad708072d5c0b390c71651f5edb44143f00b357766973470bf9adebc0944c03" +SRC_URI[tarball.sha256sum] = "4970108bdc227e2c3687899f8fc7501c54c839dcc42f4d999ac9e3e3f52df583" From patchwork Wed Jul 27 00:40:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10649 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEE0CC3F6B0 for ; Wed, 27 Jul 2022 00:41:46 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web09.14405.1658882503188295579 for ; Tue, 26 Jul 2022 17:41:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=wxKuxcr+; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id z3so14813706plb.1 for ; Tue, 26 Jul 2022 17:41:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=lmLeydW/LoQlnNyWhOAtE/Aoy11s0mrEvy2HosCOsdI=; b=wxKuxcr+n5CUcjd6hFycfD23hInp2sK7Dmu/UVhZPDF9TbwIeJmxWmlwIykjcwHgyf pEbQzTnNmVOHJuaMt/KKIYaXQ/Vdu7VQlWu9DpayF0hOMcebYXNlhOvsdGvxwDXatmMc T31ACTWltdbIAye21JvOg3ueVtdirrQdfIT5yLUMn42Jm+KLiZXw5q7T6W7IaZmDVbu5 Vkd+haYqmff7F+nKLXoLvyDIEtavVvuXlRchX+31fI3KqnhACfE4BRMTZKMYK6JjUTpJ QwiOZmcCg4bLdakGboBnNIWiy3TqxG67Fxw3k/ZsrKvYkXpSLE+ZOgXr1YHjxZxViB/2 Fiwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lmLeydW/LoQlnNyWhOAtE/Aoy11s0mrEvy2HosCOsdI=; b=l9wGM9o+XjkHTAcNLox2PiLqfWVP8T4Y+JyepheDuHcPKIWg6ytli3Rn3i/ZvYsWjr jCyXvFWSe147h51hcZ900oxFQbae4/gJS+ZiflwDjas775IlkTtnLBtZPlUiNCyTkjxe jVBV80vZZEUC/lDjBh4NcZFiEzq7MI041EmpX29EaKseySpUNkn7CrTtk13ko4itE/FM 1P9mTH3zuSO2GD+4LrQji0Fude7qAcTDhq5ZW57bJmP/odu5+J9B2pU26UTTIeB9qyka YfBTGEvChpCjISwcWOUtnoxYgLgrggZ4UlQn8D2Ux/o82eHAjEF/qNZOE+By0tLL9VEx 5D3A== X-Gm-Message-State: AJIora+1LXSNPgUsV2PzKGIE0QvaYCUrXCFRRFY4DHkDZ7oYFV2Z/oaS AsPQo3N/hDx/WGqDm5s/uDzYyfAOm+qaQhCS X-Google-Smtp-Source: AGRyM1v8Dki7J4yNXVXu685jXgArGex8W4Akse+XCZ+XkGu/M9BLfkkGcFZruG4BPzd9u/LKkRC+cQ== X-Received: by 2002:a17:902:7c83:b0:16d:3db9:fdc5 with SMTP id y3-20020a1709027c8300b0016d3db9fdc5mr18376505pll.153.1658882502154; Tue, 26 Jul 2022 17:41:42 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/15] sstatesig: Include all dependencies in SPDX task signatures Date: Tue, 26 Jul 2022 14:40:42 -1000 Message-Id: <7549429fc93218dee33b216010b2c36a9f814091.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168534 From: Joshua Watt SDPX generation involves looking through BB_TASKDEPDATA for dependencies, then linking to the generated documents for those dependencies. These document links use a checksum to validate the document, which means that if a upstream document changes, all downstream documents must be regenerated to get the new checksum, otherwise the compendium of documents produced by the build will have broken links; therefore all dependent task should be included in the signature (even from "ABI safe" recipes). Signed-off-by: Joshua Watt Signed-off-by: Alexandre Belloni (cherry picked from commit 5fe543b9ceec971cf0297ff0ae3b0ccc4703cece) Signed-off-by: Steve Sakoman --- meta/lib/oe/sstatesig.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 7150bd0929..de65244932 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -24,10 +24,19 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches): return "/allarch.bbclass" in inherits def isImage(mc, fn): return "/image.bbclass" in " ".join(dataCaches[mc].inherits[fn]) + def isSPDXTask(task): + return task in ("do_create_spdx", "do_create_runtime_spdx") depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep) mc, _ = bb.runqueue.split_mc(fn) + # Keep all dependencies between SPDX tasks in the signature. SPDX documents + # are linked together by hashes, which means if a dependent document changes, + # all downstream documents must be re-written (even if they are "safe" + # dependencies). + if isSPDXTask(task) and isSPDXTask(deptaskname): + return True + # (Almost) always include our own inter-task dependencies (unless it comes # from a mcdepends). The exception is the special # do_kernel_configme->do_unpack_and_patch dependency from archiver.bbclass. From patchwork Wed Jul 27 00:40:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10648 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C32FCC00144 for ; Wed, 27 Jul 2022 00:41:46 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web09.14406.1658882505898679338 for ; Tue, 26 Jul 2022 17:41:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=puqwMreQ; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id p1so6293275plr.11 for ; Tue, 26 Jul 2022 17:41:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=HGc2fcDoDp8gWx/b/dmbIUnXQdvZ6TA3HjJU2zbEpG8=; b=puqwMreQ0T1+A+HF5eHTcv/e7Wfu56mq7CeyE1p/HhEttljROYrq5Fd6vFZA24uQOw d+Az1DS7FyJnehv5ABvkvBWLc6cX7elmkAEB9+p+LhLhI+wt11tVQxajk8f5hBJ//2en lZpCSgrK9VxoKz7krD/Vyopm8TWLU1/di66AMGqC5QKvljEBoou1/JI+W7o29tSVSHAu 1ixqlBVWqXVsKSKE/p7NoNt8sPeth898TkXrHDhoeCW5bPNxGPRGM0nElIcqYTD8nexw f+ZFeJNEB2qmGk4zN6MLXxWR3eUAjElWMVKzdMKtfIIp+HBt1iWOrr2ow29Bj7F9Ckj9 qTtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HGc2fcDoDp8gWx/b/dmbIUnXQdvZ6TA3HjJU2zbEpG8=; b=iP9aiD+PKwhWyBEpFlCx6KiL3xtsWqNCYEqD4YUkwuOHXOWm/ADscXGFGrgU1Anw+p C9a7nQScv+8iutiWSYzBl5oxM6lh/QTX+aIAyjj71+INXqTRi4kWCURDLboH5l5eBCvz h37hAWqjSW7BQpsD5l5gLRF/tQruTk6ACeJIGWlf7BTuZThHH8H6PPfy291x34arseBQ kkOd02SlcEO9oioU7g9WU6iY/cO1/1zacr24XEaMwtaxylxjlm3QDEGcS9cMBlFzwnTB QsSqSnXcq8T0gbIPgI/SJZQhRzvBMno1LaCEDrMgXMOTRo9B04nDera/1/YzS1CRbPyp ROqA== X-Gm-Message-State: AJIora/cfMOdMbubQFcOIq9cmKDavEbBFX6Lnb9ivjmxJ/Dt9mobXQVT rJQTe1adKCYo+WlPnTXEOMuy3q82kJbQaY1d X-Google-Smtp-Source: AGRyM1u1M4gLHy1pPXYgpFsfiJ2ejCY7g9uiTxOWh6UN0fARG03Razfywq49iDsqZOvfDO8fwuB2qA== X-Received: by 2002:a17:902:8e89:b0:16d:69b7:49b4 with SMTP id bg9-20020a1709028e8900b0016d69b749b4mr13826482plb.167.1658882504870; Tue, 26 Jul 2022 17:41:44 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:44 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/15] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Date: Tue, 26 Jul 2022 14:40:43 -1000 Message-Id: <96215d6d45d2cae59c9e36e6a77bbbada410b259.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168535 From: Ming Liu This is to ensure host-user-contaminated.txt would be removed before do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a host-user-contaminated.txt file that generated from previous builds could be used which is wrong. Signed-off-by: Ming Liu Signed-off-by: Alexandre Belloni (cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111) Signed-off-by: Steve Sakoman --- meta/classes/rootfs-postcommands.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index fc179613fb..a59d9b5878 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -305,7 +305,7 @@ rootfs_trim_schemas () { } rootfs_check_host_user_contaminated () { - contaminated="${WORKDIR}/host-user-contaminated.txt" + contaminated="${S}/host-user-contaminated.txt" HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)" HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)" From patchwork Wed Jul 27 00:40:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10655 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C85EEC3F6B0 for ; Wed, 27 Jul 2022 00:41:56 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.web12.14373.1658882501172163838 for ; Tue, 26 Jul 2022 17:41:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=P+Q3tQw5; spf=softfail (domain: sakoman.com, ip: 209.85.216.42, mailfrom: steve@sakoman.com) Received: by mail-pj1-f42.google.com with SMTP id ku18so14935261pjb.2 for ; Tue, 26 Jul 2022 17:41:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=0ro3I/8eCLaC0bFIvHDC2GJYYjRtJxWSg8EGiYzqEK0=; b=P+Q3tQw53ZzRbXXbkj2m93fqfVjuWuZaJUsXy/sr5Pm0rI6osTvWKCbJmubk1c6Bar 6f33CHqyJlEw8HvZZavXkveDNQ5/6lX8DNO0dkrpUMwu14qmVAxcuHFbbFAiXQ2P9aAY uRiFtqMxRligXBTp0NkVp5sYqt6M2vPWS2cQh/2lgw7bn12pFFLM9r2Hwb9oeLIZhJmx BpO1nVEYRePWVaW7feZV1/XgJyu/O6XnjvfEdwwvbVkBseBWaYHMYC83ghn/Ne+FX2Xy iBf1cLOa8VWwvagFNp780rQD390RZ7AFn4UWoWxgf+wqmmLEWfXkwQFleb0ktnfoJ0od ENjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0ro3I/8eCLaC0bFIvHDC2GJYYjRtJxWSg8EGiYzqEK0=; b=ef556o3Ey0fSAAjK/dRrgugd+hUpPQzRldYis9su7BpJVwYOrnZ297UUm7V8bazy+b w7cmG/9EcljYeNiWdvc6kL/aSKkWazrQDJ3Vd2bA9gY9yqPhURtY82/du1msAIftTJIr OqoBuqcqdfQYl2pxp7Jm2Yf9z66nEHKGqTbJu4+KgIEzR4i/4rNi8PGlQMT3/DpTokT+ jn31fHtoo7buoUFD20XvrwW/tWOFvzG2wNnjLnv6H4qzNwwsl2SC5DA7uhd2iKsQfDO7 6NAIi/RjKWkJ1J93mMDzCfuHnSxoryZcNEf0FFWePeghPJPbDZecWIwqsmeZYQ4FG1/I Fn8w== X-Gm-Message-State: AJIora985k10kM1+B3wVswKp05Ru/YXCcCQGr457o78a2pT4Mb1UVxIN zG0QXPPDyIrRYGAHypoqS14LsfNxOtHB9Os3 X-Google-Smtp-Source: AGRyM1tCKEKmK2vlnbGkNz9weKBt0DrIiw1L1PtqmUw4XX6SPdE6OFo8YdR+W7+HsOr2oqEYpeoZRw== X-Received: by 2002:a17:90b:4f44:b0:1f2:a900:a1e8 with SMTP id pj4-20020a17090b4f4400b001f2a900a1e8mr1764142pjb.32.1658882507354; Tue, 26 Jul 2022 17:41:47 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:46 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner Date: Tue, 26 Jul 2022 14:40:44 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168536 From: Tom Hochstein An intermittent failure occurs in libical-native do_compile: | Traceback (most recent call last): | File "/.../build/tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 813, in move | os.rename(src, real_dst) | OSError: [Errno 18] Invalid cross-device link: '/tmp/g-ir-scanner-cache-adxo_2bq' -> '/home/bamboo/.cache/g-ir-scanner/bab9a83d2cd93e62ed005a2c1d4f89ae75c67251' | | During handling of the above exception, another exception occurred: | | Traceback (most recent call last): | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/bin/g-ir-scanner", line 99, in | sys.exit(scanner_main(sys.argv)) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 590, in scanner_main | transformer = create_transformer(namespace, options) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 409, in create_transformer | transformer.register_include(include_obj) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 140, in register_include | self._parse_include(filename) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 230, in _parse_include | self._parse_include(dep_filename) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 225, in _parse_include | self._cachestore.store(filename, parser) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/cachestore.py", line 153, in store | shutil.move(tmp_filename, store_filename) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 833, in move | copy_function(src, real_dst) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 435, in copy2 | copystat(src, dst, follow_symlinks=follow_symlinks) | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 374, in copystat | lookup("utime")(dst, ns=(st.st_atime_ns, st.st_mtime_ns), | FileNotFoundError: [Errno 2] No such file or directory A similar issue is described in a fix for gobject-introspection-native. https://github.com/openembedded/openembedded-core/commit/d3c48ff7d19e86b2338b1778f9563969bba3d336 The problem was fixed there by setting the environment variable GI_SCANNER_DISABLE_CACHE to disable the use of $HOME/.cache. Extend the fix to users of gobject-instropection by promoting the fix to the bbclass. Signed-off-by: Tom Hochstein Signed-off-by: Alexandre Belloni (cherry picked from commit 35d5f707f6bb2ce5e9ab908e66e1ea9eeac754b1) Signed-off-by: Steve Sakoman --- meta/classes/gobject-introspection-data.bbclass | 5 +++++ .../gobject-introspection/gobject-introspection_1.72.0.bb | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/meta/classes/gobject-introspection-data.bbclass b/meta/classes/gobject-introspection-data.bbclass index 2ef684626a..d90cdb4839 100644 --- a/meta/classes/gobject-introspection-data.bbclass +++ b/meta/classes/gobject-introspection-data.bbclass @@ -5,3 +5,8 @@ # so that qemu use can be avoided when necessary. GI_DATA_ENABLED ?= "${@bb.utils.contains('DISTRO_FEATURES', 'gobject-introspection-data', \ bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d), 'False', d)}" + +do_compile:prepend() { + # This prevents g-ir-scanner from writing cache data to $HOME + export GI_SCANNER_DISABLE_CACHE=1 +} diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb index 355e77d107..9a47e908b7 100644 --- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb +++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb @@ -113,9 +113,6 @@ EOF } do_compile:prepend() { - # This prevents g-ir-scanner from writing cache data to $HOME - export GI_SCANNER_DISABLE_CACHE=1 - # Needed to run g-ir unit tests, which won't be able to find the built libraries otherwise export GIR_EXTRA_LIBS_PATH=$B/.libs } From patchwork Wed Jul 27 00:40:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10654 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C85C1C00144 for ; Wed, 27 Jul 2022 00:41:56 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.14474.1658882511128432520 for ; Tue, 26 Jul 2022 17:41:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=qZDubBo7; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id f11so14565891pgj.7 for ; Tue, 26 Jul 2022 17:41:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NZkJb2lPSHnwRWykx+PuoaBjVQYHfFxdt6f9ouV/kIM=; b=qZDubBo74tf+40cC4O1rdF2MMGAEzMA1NAhO1/J8sGBETzjtip+oQdlu2Vm3zlyKhE JmgvRge0Q801fik1rp1IyOWg+trkHLxs3vzXkTaOiRn4VWUlXtTPWsJynic1PM320+FG 6XBEUue/Mw0wH73Ks+22texXCD/rAoEsEV4VdteS6uBDS+OLja+8Vnzu72EgBJpxiHi3 qMMAcwh2h6YApi8OMKCQIBY7xYo2H3GPEWHholz0oGvDcYr8gjcKnYrRmRV8PwOrmR5l u+PewLFc+8RW7Grmtzcg7hW91lrS24bcjA4h28i1DwhHzW5sbxHKaKeoD9t/7/lBptWg w/7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NZkJb2lPSHnwRWykx+PuoaBjVQYHfFxdt6f9ouV/kIM=; b=XtaJhJG+rOeL+BYRVcXxUziF1Rc3fP2TRQ261XpWAXBYIta4RNMnXGktWyS9HvZD0F DQ90M90iBLN9Sxb5AnHV4Zu1hPbone0so7k9QohQn/pg6v2HnI/jkqL1Vp+yAty+Xslb SH94O1ZofjZqy26VQsepRdtxXbF3WSeTX3B611FkGFW1tjBd9F6u+t0I8V8+sLlKYhJ3 XZZ4/OtHotxUU5B76QErxYYv7fVlpvDyfuljDwjKpTQnVZkrozRX/cC75TGyAKAclQmT 1j4yFYaHPltjiCNxFJc1z5JGlUcyj4/uICoZdB+hswl5FoRWtT6d6vzv4uQ1vK8C6N9c P17A== X-Gm-Message-State: AJIora+llcpt+aYEu9GLQv+HfhiNKPdgvmbyWCY7Byv1VRXGeWxog4cx h1LcOjj8lU1SqZ7LHSA7l2RK0qetOsbD7wdB X-Google-Smtp-Source: AGRyM1skK1mdFwk2fy+c16510hLohqECzaT+IRSx0unFUS8DiMPTcfElAnewZ5Ff7U2Lsri3io6j/A== X-Received: by 2002:a05:6a00:244a:b0:52b:e9a8:cb14 with SMTP id d10-20020a056a00244a00b0052be9a8cb14mr16961614pfj.32.1658882510081; Tue, 26 Jul 2022 17:41:50 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/15] gcc: Backport a fix for gcc bug 105039 Date: Tue, 26 Jul 2022 14:40:45 -1000 Message-Id: <943760dfb8036bd2f5e075bf0696f820fd6dc79d.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168537 From: Naveen Backport a fix from: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 which fixes rust recursion issues in the demangler. Signed-off-by: Naveen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-11.3.inc | 2 +- .../gcc/gcc/0030-rust-recursion-limit.patch | 92 +++++++++++++++++++ 2 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.3.inc index acbb43a25f..2cebeb2bc8 100644 --- a/meta/recipes-devtools/gcc/gcc-11.3.inc +++ b/meta/recipes-devtools/gcc/gcc-11.3.inc @@ -59,7 +59,7 @@ SRC_URI = "\ file://0027-libatomic-Do-not-enforce-march-on-aarch64.patch \ file://0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch \ file://0029-Fix-install-path-of-linux64.h.patch \ - \ + file://0030-rust-recursion-limit.patch \ file://0001-CVE-2021-42574.patch \ file://0002-CVE-2021-42574.patch \ file://0003-CVE-2021-42574.patch \ diff --git a/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch b/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch new file mode 100644 index 0000000000..bbe2f18f6f --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch @@ -0,0 +1,92 @@ +From 9234cdca6ee88badfc00297e72f13dac4e540c79 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Fri, 1 Jul 2022 15:58:52 +0100 +Subject: [PATCH] Add a recursion limit to the demangle_const function in the + Rust demangler. + +libiberty/ + PR demangler/105039 + * rust-demangle.c (demangle_const): Add recursion limit. + +Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79] +--- + libiberty/rust-demangle.c | 29 ++++++++++++++++++++--------- + 1 file changed, 20 insertions(+), 9 deletions(-) + +diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c +index bb58d900e27..36afcfae278 100644 +--- a/libiberty/rust-demangle.c ++++ b/libiberty/rust-demangle.c +@@ -126,7 +126,7 @@ parse_integer_62 (struct rust_demangler *rdm) + return 0; + + x = 0; +- while (!eat (rdm, '_')) ++ while (!eat (rdm, '_') && !rdm->errored) + { + c = next (rdm); + x *= 62; +@@ -1148,6 +1148,15 @@ demangle_const (struct rust_demangler *rdm) + if (rdm->errored) + return; + ++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT) ++ { ++ ++ rdm->recursion; ++ if (rdm->recursion > RUST_MAX_RECURSION_COUNT) ++ /* FIXME: There ought to be a way to report ++ that the recursion limit has been reached. */ ++ goto fail_return; ++ } ++ + if (eat (rdm, 'B')) + { + backref = parse_integer_62 (rdm); +@@ -1158,7 +1167,7 @@ demangle_const (struct rust_demangler *rdm) + demangle_const (rdm); + rdm->next = old_next; + } +- return; ++ goto pass_return; + } + + ty_tag = next (rdm); +@@ -1167,7 +1176,7 @@ demangle_const (struct rust_demangler *rdm) + /* Placeholder. */ + case 'p': + PRINT ("_"); +- return; ++ goto pass_return; + + /* Unsigned integer types. */ + case 'h': +@@ -1200,18 +1209,20 @@ demangle_const (struct rust_demangler *rdm) + break; + + default: +- rdm->errored = 1; +- return; ++ goto fail_return; + } + +- if (rdm->errored) +- return; +- +- if (rdm->verbose) ++ if (!rdm->errored && rdm->verbose) + { + PRINT (": "); + PRINT (basic_type (ty_tag)); + } ++ ++ fail_return: ++ rdm->errored = 1; ++ pass_return: ++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT) ++ -- rdm->recursion; + } + + static void +-- +2.31.1 + From patchwork Wed Jul 27 00:40:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10653 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE3CEC19F28 for ; Wed, 27 Jul 2022 00:41:56 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web09.14400.1658882478851420184 for ; Tue, 26 Jul 2022 17:41:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=FE5NDFjl; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id x24-20020a17090ab01800b001f21556cf48so548640pjq.4 for ; Tue, 26 Jul 2022 17:41:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=eBC89MeRD0K/rwXoFG2Dt+WjV12I7ZP6O3BRxgHALTI=; b=FE5NDFjl8/nsYzI7jNX75rw4S+azCysfkdO0m5azqDj2BRah4qTt4kbOgnC0qYGrNA U5uZRxFbzK5zYJB+E8UVK1VxiFLPLAuKbEAgex/GwrkAEiUv8HnkLwujMYLIbSLVv+a6 CopcJvkF6pTZEjWJ5Z+vhO/dcFR08dczGjW3H/7LBAjFofWaJjw66mP+yrzoOKj6RoxX I2tzYJe8OHOhb2cNJrvHiBKIK49BXRxLpuQXT6B4DeIyZsxLTBk3K4+le/qXyovcB5V7 0Bn6g9U0wgaqEBxxOCBnUI79UpKZvmeCCHCvAhNzL33BIQteFttyWDBdwzD/I501oMc7 EhNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eBC89MeRD0K/rwXoFG2Dt+WjV12I7ZP6O3BRxgHALTI=; b=MMpa2ZFrI4lGXiUXUnZg2yoW4cOmoM4EtKYx6OnXIAfFVsigQrP07nXiXCVvQQ3oIy SKwwMtGLhMEZZdbb7qlc1LPqhRj8xwjrRk6qnaOt8yDXexi7hcp9t0JnZ7apMhgTuCqt qkjhgIKeMeU9yl5CkZL5nyeFG+u8yGCmKeSOs+AFIk/u5ezoyTuqMkeOSWebttT3bdj2 AnxffFXRVl6zODr62AdRetC4YQ+00yXI4IXYgIG2pKF5ZGMp1y9SGT+TfUbhxG5Fhuqr XbCMB8vOKOnfyN+CTPEneVi6wt0P1/rsd+f5HYqx5+VmqY7rGke5ZkLOqXTR4aQRy7Cq 2Tow== X-Gm-Message-State: AJIora8L6sqIYfOs38+E3E1KxrT/Zxw6srSeTGkqZh5THsLm0yIT7bnp RcM04/bKZNxNiAnC6qgZuDCPrVTmcJlPdkWc X-Google-Smtp-Source: AGRyM1vHEypWPaSdECQckPjlSHK2eelhfdsKrDqxMrW9sdDCYL1YoxYUlJa3XBxIIQ+MCjtuJucB/A== X-Received: by 2002:a17:90a:9406:b0:1f1:a0c0:75d4 with SMTP id r6-20020a17090a940600b001f1a0c075d4mr1680944pjo.198.1658882512645; Tue, 26 Jul 2022 17:41:52 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id u16-20020a170902e5d000b0015e8d4eb219sm12356278plf.99.2022.07.26.17.41.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 17:41:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so Date: Tue, 26 Jul 2022 14:40:46 -1000 Message-Id: <2bc86c029fb82ae572f6a89407ccfe332972568c.1658882276.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Jul 2022 00:41:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168538 From: Khem Raj This is a dummy shared object therefore reduce dependencies further by not requiring the C startup files, we wont use this shared library for anything useful anyway Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Pavel Zhukov Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc index c85b5888d4..8074bf1025 100644 --- a/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -68,8 +68,7 @@ do_configure () { # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure # tests. Create a dummy empty lib for the purposes of configure. mkdir -p ${WORKDIR}/dummylib - touch ${WORKDIR}/dummylib/dummylib.c - ${CC} ${WORKDIR}/dummylib/dummylib.c -shared -o ${WORKDIR}/dummylib/libstdc++.so + ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so for d in libgcc ${RUNTIMETARGET}; do echo "Configuring $d" rm -rf ${B}/${TARGET_SYS}/$d/