From patchwork Thu Dec 1 14:26:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70F14C43217 for ; Thu, 1 Dec 2022 14:27:32 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web10.44766.1669904850596773075 for ; Thu, 01 Dec 2022 06:27:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=nBSNhLH6; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id t17so2003848pjo.3 for ; Thu, 01 Dec 2022 06:27:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VtXhD6l46eWiOih/bkkBkT+pr8gofW2shVRsqAvWXzY=; b=nBSNhLH6+yv5Jl5m+zaPCCGBsg7Ls/HZNdu8CG6LrvWpgkKjmVd8rS1VwV5lAkP+vd BDZjti9rEsCr5No3HGyhJJ953AFx3E+oLnVAZMwLjd3iyPzEmsBJQ9lfJjm2Y0JZGIfp bna4/roewmGosActAAji6UOXQEpXukUIYdgZZJTxrVUfdriJgDVyCx54vpPBHzfJPJsh nVSiQ7QNNsRRTqFM2S/83AuswRbg0zx4WE+KjM/uKshv6Gq8oSJCWGCdv/uCp6ZzLMsk mjAeTRohpASlnfTLrbJuZTk1/1o6Hy6c9kGICF9/pRDhJaPSqcCUf+nRvTFSs30D03Xb Sq5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VtXhD6l46eWiOih/bkkBkT+pr8gofW2shVRsqAvWXzY=; b=Ph+vgOdLmTmQZPVe78jGLksfhAebMgqra884BuBtbY4FqL3jwaFmInbUEd4UzteTM5 IxLxrUzrPj7NR8HsmGPIHGq+kli7cULAkpN0G3QZ4iHBVSl24jhwk/PZbblLWI48x8gH SO2kqXpeQf/fLCibobYWtLFcL9ocJMKqsQQJvTFlfZv0aqF2YfhXEyYr5h0Y72e2Hqf3 bJ8U4Et0vcLOiWgNUMjR5n3fzgR+WFNcv8A1nYeuxXSpvOX6iSm3sSd8kx/u+oFcFH2f WBAv5skn81X9A9eWOmIiQC/PwJNdiLN+WsqKqrf7L0dTJJ4Ner3+pP53+9ytEqCRmIPb OMhA== X-Gm-Message-State: ANoB5pmhg+cmF8TW3voxIDY2gVJwINnzLenzpeupBNuVxiaJWSzK/5mc /FupUbKRGCQ6G1AXS0P1cqAfnw6dE7zsadG97RM= X-Google-Smtp-Source: AA0mqf6YqqHvLKmD52XrDgLZtmLIACSH5YwPJVBlt7nt88WP4Yk1hvKkf9sLQRyjE4LzRdms/vdZjQ== X-Received: by 2002:a17:90a:4745:b0:213:1442:24be with SMTP id y5-20020a17090a474500b00213144224bemr74872243pjg.15.1669904849418; Thu, 01 Dec 2022 06:27:29 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/23] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 Date: Thu, 1 Dec 2022 04:26:55 -1000 Message-Id: <0fc6693ab4f2f4b231b80c9675acea4e54b973f0.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174087 From: Xiangyu Chen Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532) Backport patch from upstream to fix following CVEs: CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e) CVE-2022-3775: font: Fix an integer underflow in blit_comb() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af) Signed-off-by: Xiangyu Chen Signed-off-by: Steve Sakoman --- ...erflow-in-grub_font_get_glyph_intern.patch | 115 ++++++++++++++++++ .../grub/files/CVE-2022-2601.patch | 85 +++++++++++++ .../grub/files/CVE-2022-3775.patch | 95 +++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 3 + 4 files changed, 298 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-2601.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-3775.patch diff --git a/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000000..efa00a3c6c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,115 @@ +From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] + +Signed-off-by: Xiangyu Chen + +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d09bb38..876b5b6 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8c..0d9603f 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89b..bb0f826 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + #error gcc 5.1 or newer or clang 3.8 or newer is required + #endif diff --git a/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch new file mode 100644 index 0000000000..727c509694 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch @@ -0,0 +1,85 @@ +From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] +CVE: CVE-2022-2601 + +Signed-off-by: Xiangyu Chen + +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 876b5b6..0ff5525 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch new file mode 100644 index 0000000000..853efd0486 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch @@ -0,0 +1,95 @@ +From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] +CVE: CVE-2022-3775 + +Signed-off-by: Xiangyu Chen + +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 0ff5525..7b1cbde 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 47ea561002..270efd30ef 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -32,6 +32,9 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" From patchwork Thu Dec 1 14:26:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 610BEC47088 for ; Thu, 1 Dec 2022 14:27:42 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.44767.1669904853083724814 for ; Thu, 01 Dec 2022 06:27:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Uxhs2Tb2; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id f9so1799991pgf.7 for ; Thu, 01 Dec 2022 06:27:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xHVIILNczfPryidS0p4PvReYYTiF1/p3kLDNIUp2Ojs=; b=Uxhs2Tb2RqGONKoHq+frEwhyfXimHPmAPkf2mn71WdhVmr58rXltZIs2AV9oeHkd3i h4JbxoBt1mEEnrIJermjUAljjTmFG3bKxQvbTu48FyorMBj7MlOcaZJZphBVXsWPdK+3 5xKprz//IuxvY+fsOW4Vl5+C0iABpLkRJkrsxijtFpPpthzaLA3B7V1lTC6ZHywABU0o RdpYvhzAtB64iSmQZtRYZIa9qc4s4425OBnXvojijf2t83YCu673zN78TX8YpEP2ccOb zjLS8c8Lp7ZCeS3gz3dso/9ZRJZXERmElF3eRzaGMLLc380PGNknS3oPjOS7bXa5jWc1 dWdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xHVIILNczfPryidS0p4PvReYYTiF1/p3kLDNIUp2Ojs=; b=lNA4gJJ753fdR6hWgD8oc68zF50xO8Yiach3JOasvae313v2JQ0+caNPnYHnsWJavd HmKHTZaUGQvAiPjNXvM2EjlACQZGlvLSXPeHANMYUUOw83R/+e13ZgihvvEvShtNno+T dXQYTNWKGpHFWK1BNz1fLbLJ9/f+7Zn0kTByINNePO6C+v4EFRdpdIiK+yZpkmYNNUEZ 9jhAb9YuK4gxoZOX1FQhikRi42J2Gp1JysLstGhah+5jXypWnYwr8fyaGG4I4HopQ1CZ e4r2OiruGcMEBW1t27vgB3kPPfk9qT+VxzDcBa1AlYO/b+QoRNBAUi09P0OBH2dZmGLa VCTA== X-Gm-Message-State: ANoB5pm+SqOl8gCkTTPv79OvXGu1PBoV18AIUJUlyXtxUKagwecaAcBt D4q9SLFtwx9eXhSzHo9xYF93qmYSbxiAL7E+iYg= X-Google-Smtp-Source: AA0mqf6eJOea+RJIYr0Vd/8eSWVfT4bS45oWNxTxbrwnLtQfZkLLre2yn0D7vlvj4Mgb1Q7JFh4tsA== X-Received: by 2002:a65:670f:0:b0:478:54e2:ecae with SMTP id u15-20020a65670f000000b0047854e2ecaemr9245018pgf.417.1669904851645; Thu, 01 Dec 2022 06:27:31 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/23] tiff: refresh with devtool Date: Thu, 1 Dec 2022 04:26:56 -1000 Message-Id: <535c814259ec63916debb17a326fa328c4f6237b.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174088 From: Martin Jansa * so that they can be easily and cleanly applied with "git am" * manually fix CVE-2022-2953.patch commit message not to use UTF-8 quotes and replace it with human readable text from original commit: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...-the-FPE-in-tiffcrop-415-427-and-428.patch | 2 +- ...rash-when-reading-a-file-with-multip.patch | 14 ++- ...ue-330-and-some-more-from-320-to-349.patch | 86 +++++++++---------- ...al-buffer-overflow-for-ASCII-tags-wh.patch | 13 ++- ...ue-380-and-382-heap-buffer-overflow-.patch | 14 ++- ...-for-return-value-of-limitMalloc-392.patch | 15 ++-- ...ag-avoid-calling-memcpy-with-a-null-.patch | 16 ++-- .../0005-fix-the-FPE-in-tiffcrop-393.patch | 15 ++-- ...x-heap-buffer-overflow-in-tiffcp-278.patch | 15 ++-- ...99c99f987dc32ae110370cfdd7df7975586b.patch | 9 +- .../libtiff/tiff/CVE-2022-1354.patch | 8 +- .../libtiff/tiff/CVE-2022-1355.patch | 8 +- .../libtiff/tiff/CVE-2022-2867.patch | 2 +- .../libtiff/tiff/CVE-2022-2869.patch | 2 +- .../libtiff/tiff/CVE-2022-2953.patch | 30 +++---- .../libtiff/tiff/CVE-2022-34526.patch | 6 +- ...ed69a485a9cfb299d9f060eb2a46c54e5903.patch | 2 +- ...0712f4c3a5b449f70c57988260a667ddbdef.patch | 9 +- 18 files changed, 118 insertions(+), 148 deletions(-) diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch index a28df6ed8c..a9dd42d755 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch @@ -1,4 +1,4 @@ -From 029da2cf70e8e38f10d62d4b0be440fb9d145af0 Mon Sep 17 00:00:00 2001 +From 6cfe933df4dbac5479801b2bd10103ef7db815ee Mon Sep 17 00:00:00 2001 From: 4ugustus Date: Sat, 11 Jun 2022 09:31:43 +0000 Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428) diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch index f1a4ab4251..a4d8bebe8c 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch @@ -1,11 +1,12 @@ +From adfd6be615635705c2f4eb8dfe49e2f463786361 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Thu, 24 Feb 2022 22:26:02 +0100 +Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple + CVE: CVE-2022-0865 Upstream-Status: Backport Signed-off-by: Ross Burton -From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Thu, 24 Feb 2022 22:26:02 +0100 -Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed (fixes #385) --- @@ -13,7 +14,7 @@ Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple 1 file changed, 10 insertions(+) diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c -index 74086338..8bfa4cef 100644 +index 7408633..8bfa4ce 100644 --- a/libtiff/tif_jbig.c +++ b/libtiff/tif_jbig.c @@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme) @@ -33,6 +34,3 @@ index 74086338..8bfa4cef 100644 /* Setup the function pointers for encode, decode, and cleanup. */ tif->tif_setupdecode = JBIGSetupDecode; --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch index 07acf5eb90..7c4feabc38 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch @@ -1,7 +1,8 @@ -From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001 +From 0ab805f46f68500da3b49d6f89380bab169bf6bb Mon Sep 17 00:00:00 2001 From: Su Laus Date: Tue, 10 May 2022 20:03:17 +0000 Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349 + Upstream-Status: Backport Signed-off-by: Zheng Qiu --- @@ -9,7 +10,7 @@ Signed-off-by: Zheng Qiu 1 file changed, 210 insertions(+), 72 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 77cf6ed1..791ec5e7 100644 +index 99e4208..b596f9e 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -63,20 +63,24 @@ @@ -67,7 +68,7 @@ index 77cf6ed1..791ec5e7 100644 ; /* This function could be modified to pass starting sample offset -@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 +@@ -2123,6 +2133,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 /*NOTREACHED*/ } } @@ -83,7 +84,7 @@ index 77cf6ed1..791ec5e7 100644 } /* end process_command_opts */ /* Start a new output file if one has not been previously opened or -@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2748,7 +2767,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, tsample_t count, uint32_t start, uint32_t end) { int i, bytes_per_sample, sindex; @@ -92,7 +93,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t src_byte /*, src_bit */; uint8_t *src = in; uint8_t *dst = out; -@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2759,6 +2778,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -103,7 +104,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamplesBytes", -@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2771,6 +2794,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -113,7 +114,7 @@ index 77cf6ed1..791ec5e7 100644 dst_rowsize = (bps * (end - start) * count) / 8; -@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2814,7 +2840,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, tsample_t count, uint32_t start, uint32_t end) { int ready_bits = 0, sindex = 0; @@ -122,7 +123,7 @@ index 77cf6ed1..791ec5e7 100644 uint8_t maskbits = 0, matchbits = 0; uint8_t buff1 = 0, buff2 = 0; uint8_t *src = in; -@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2826,6 +2852,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -133,7 +134,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamples8bits", -@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2838,7 +2868,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -145,7 +146,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = 0; maskbits = (uint8_t)-1 >> (8 - bps); buff1 = buff2 = 0; -@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2891,7 +2924,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, tsample_t count, uint32_t start, uint32_t end) { int ready_bits = 0, sindex = 0; @@ -154,7 +155,7 @@ index 77cf6ed1..791ec5e7 100644 uint16_t maskbits = 0, matchbits = 0; uint16_t buff1 = 0, buff2 = 0; uint8_t bytebuff = 0; -@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2904,6 +2937,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -165,7 +166,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamples16bits", -@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2916,6 +2953,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -175,7 +176,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = 0; maskbits = (uint16_t)-1 >> (16 - bps); -@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2980,7 +3020,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, tsample_t count, uint32_t start, uint32_t end) { int ready_bits = 0, sindex = 0; @@ -184,7 +185,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t maskbits = 0, matchbits = 0; uint32_t buff1 = 0, buff2 = 0; uint8_t bytebuff1 = 0, bytebuff2 = 0; -@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -2993,6 +3033,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -195,7 +196,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamples24bits", -@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3005,6 +3049,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -205,7 +206,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = 0; maskbits = (uint32_t)-1 >> (32 - bps); -@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3089,7 +3136,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, tsample_t count, uint32_t start, uint32_t end) { int ready_bits = 0, sindex = 0 /*, shift_width = 0 */; @@ -214,7 +215,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t longbuff1 = 0, longbuff2 = 0; uint64_t maskbits = 0, matchbits = 0; uint64_t buff1 = 0, buff2 = 0, buff3 = 0; -@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3104,6 +3151,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, } @@ -225,7 +226,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamples32bits", -@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3116,6 +3167,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -235,7 +236,7 @@ index 77cf6ed1..791ec5e7 100644 /* shift_width = ((bps + 7) / 8) + 1; */ ready_bits = 0; -@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3195,7 +3249,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, int shift) { int ready_bits = 0, sindex = 0; @@ -244,7 +245,7 @@ index 77cf6ed1..791ec5e7 100644 uint8_t maskbits = 0, matchbits = 0; uint8_t buff1 = 0, buff2 = 0; uint8_t *src = in; -@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3207,6 +3261,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -255,7 +256,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamplesShifted8bits", -@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3219,6 +3277,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -265,7 +266,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = shift; maskbits = (uint8_t)-1 >> (8 - bps); -@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3275,7 +3336,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, int shift) { int ready_bits = 0, sindex = 0; @@ -274,7 +275,7 @@ index 77cf6ed1..791ec5e7 100644 uint16_t maskbits = 0, matchbits = 0; uint16_t buff1 = 0, buff2 = 0; uint8_t bytebuff = 0; -@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3288,6 +3349,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -285,7 +286,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamplesShifted16bits", -@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3300,6 +3365,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -295,7 +296,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = shift; maskbits = (uint16_t)-1 >> (16 - bps); -@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3365,7 +3433,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, int shift) { int ready_bits = 0, sindex = 0; @@ -304,7 +305,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t maskbits = 0, matchbits = 0; uint32_t buff1 = 0, buff2 = 0; uint8_t bytebuff1 = 0, bytebuff2 = 0; -@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3378,6 +3446,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, return (1); } @@ -321,7 +322,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamplesShifted24bits", -@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3390,6 +3468,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -331,7 +332,7 @@ index 77cf6ed1..791ec5e7 100644 ready_bits = shift; maskbits = (uint32_t)-1 >> (32 - bps); -@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3451,7 +3532,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, buff2 = (buff2 << 8); bytebuff2 = bytebuff1; ready_bits -= 8; @@ -340,7 +341,7 @@ index 77cf6ed1..791ec5e7 100644 return (0); } /* end extractContigSamplesShifted24bits */ -@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3463,7 +3544,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, int shift) { int ready_bits = 0, sindex = 0 /*, shift_width = 0 */; @@ -349,7 +350,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t longbuff1 = 0, longbuff2 = 0; uint64_t maskbits = 0, matchbits = 0; uint64_t buff1 = 0, buff2 = 0, buff3 = 0; -@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3478,6 +3559,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, } @@ -360,7 +361,7 @@ index 77cf6ed1..791ec5e7 100644 if ((start > end) || (start > cols)) { TIFFError ("extractContigSamplesShifted32bits", -@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, +@@ -3490,6 +3575,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, "Invalid end column value %"PRIu32" ignored", end); end = cols; } @@ -370,7 +371,7 @@ index 77cf6ed1..791ec5e7 100644 /* shift_width = ((bps + 7) / 8) + 1; */ ready_bits = shift; -@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5431,7 +5519,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt { struct offset offsets; int i; @@ -379,7 +380,7 @@ index 77cf6ed1..791ec5e7 100644 uint32_t seg, total, need_buff = 0; uint32_t buffsize; uint32_t zwidth, zlength; -@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5512,8 +5600,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt seg = crop->zonelist[j].position; total = crop->zonelist[j].total; @@ -394,7 +395,7 @@ index 77cf6ed1..791ec5e7 100644 continue; } -@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5526,17 +5619,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt crop->regionlist[i].x1 = offsets.startx + (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total); @@ -428,7 +429,7 @@ index 77cf6ed1..791ec5e7 100644 zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; /* This is passed to extractCropZone or extractCompositeZones */ -@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5551,22 +5650,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt crop->regionlist[i].x1 = offsets.startx; crop->regionlist[i].x2 = offsets.endx; @@ -471,7 +472,7 @@ index 77cf6ed1..791ec5e7 100644 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; /* This is passed to extractCropZone or extractCompositeZones */ -@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5577,32 +5681,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt crop->combined_width = (uint32_t)zwidth; break; case EDGE_RIGHT: /* zones from right to left, length from top */ @@ -539,7 +540,7 @@ index 77cf6ed1..791ec5e7 100644 case EDGE_TOP: /* width from left, zones from top to bottom */ default: zwidth = offsets.crop_width; -@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5610,6 +5724,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt crop->regionlist[i].x2 = offsets.endx; crop->regionlist[i].y1 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total); @@ -554,7 +555,7 @@ index 77cf6ed1..791ec5e7 100644 test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total); if (test < 1 ) crop->regionlist[i].y2 = 0; -@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt +@@ -5620,6 +5742,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt else crop->regionlist[i].y2 = test - 1; } @@ -573,7 +574,7 @@ index 77cf6ed1..791ec5e7 100644 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; /* This is passed to extractCropZone or extractCompositeZones */ -@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, +@@ -7543,7 +7677,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, total_width = total_length = 0; for (i = 0; i < crop->selections; i++) { @@ -583,7 +584,7 @@ index 77cf6ed1..791ec5e7 100644 crop_buff = seg_buffs[i].buffer; if (!crop_buff) crop_buff = (unsigned char *)limitMalloc(cropsize); -@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, +@@ -7632,6 +7767,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ { @@ -593,7 +594,7 @@ index 77cf6ed1..791ec5e7 100644 if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, &crop->regionlist[i].length, &crop_buff)) { -@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, +@@ -7647,8 +7785,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8) * image->spp) * crop->regionlist[i].length; } @@ -604,6 +605,3 @@ index 77cf6ed1..791ec5e7 100644 return (0); } /* end processCropSelections */ --- -2.33.0 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch index 72776f09ba..e79964de55 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch @@ -1,11 +1,12 @@ +From bc71e64b6f4477ed69064802b1252bab904a89b4 Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 25 Jan 2022 16:25:28 +0000 +Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where + CVE: CVE-2022-22844 Upstream-Status: Backport Signed-off-by: Ross Burton -From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 -From: 4ugustus -Date: Tue, 25 Jan 2022 16:25:28 +0000 -Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where count is required (fixes #355) --- @@ -13,7 +14,7 @@ Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tools/tiffset.c b/tools/tiffset.c -index 8c9e23c5..e7a88c09 100644 +index 8c9e23c..e7a88c0 100644 --- a/tools/tiffset.c +++ b/tools/tiffset.c @@ -146,9 +146,19 @@ main(int argc, char* argv[]) @@ -39,5 +40,3 @@ index 8c9e23c5..e7a88c09 100644 } else if (TIFFFieldWriteCount(fip) > 0 || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { int ret = 1; --- -2.25.1 diff --git a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch index 812ffb232d..2becf53806 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch @@ -1,12 +1,13 @@ +From 9b2645d830b4ad004824cf28d81f3b974faf0037 Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Tue, 8 Mar 2022 17:02:44 +0000 +Subject: [PATCH] tiffcrop: fix issue #380 and #382 heap buffer overflow in + CVE: CVE-2022-0891 CVE: CVE-2022-1056 Upstream-Status: Backport Signed-off-by: Ross Burton -From e46b49e60fddb2e924302fb1751f79eb9cfb2253 Mon Sep 17 00:00:00 2001 -From: Su Laus -Date: Tue, 8 Mar 2022 17:02:44 +0000 -Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection --- @@ -14,7 +15,7 @@ Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index b85c2ce7..302a7e91 100644 +index b85c2ce..302a7e9 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -105,8 +105,8 @@ @@ -214,6 +215,3 @@ index b85c2ce7..302a7e91 100644 /* allocate a buffer if we don't have one already */ if (createImageSection(sectsize, sect_buff_ptr)) { --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch index a0b856b9e1..b48a3df1a9 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch @@ -1,18 +1,18 @@ +From b4743cc69d2f506e1f1c4db9adc8e58d75805e4d Mon Sep 17 00:00:00 2001 +From: Augustus +Date: Mon, 7 Mar 2022 18:21:49 +0800 +Subject: [PATCH] add checks for return value of limitMalloc (#392) + CVE: CVE-2022-0907 Upstream-Status: Backport Signed-off-by: Ross Burton -From a139191cc86f4dc44c74a0f22928e0fb38ed2485 Mon Sep 17 00:00:00 2001 -From: Augustus -Date: Mon, 7 Mar 2022 18:21:49 +0800 -Subject: [PATCH 3/6] add checks for return value of limitMalloc (#392) - --- tools/tiffcrop.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 302a7e91..e407bf51 100644 +index 302a7e9..e407bf5 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) @@ -88,6 +88,3 @@ index 302a7e91..e407bf51 100644 * End: */ + --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch index 719dabaecc..6f2df44bd5 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch @@ -1,11 +1,12 @@ +From 0343619094bfc7b8e23814f672411b008db2aa66 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Thu, 17 Feb 2022 15:28:43 +0100 +Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null + CVE: CVE-2022-0908 Upstream-Status: Backport Signed-off-by: Ross Burton -From ef5a0bf271823df168642444d051528a68205cb0 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Thu, 17 Feb 2022 15:28:43 +0100 -Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero (fixes #383) --- @@ -13,10 +14,10 @@ Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index d84147a0..4e8ce729 100644 +index d654a1c..a31109a 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c -@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) +@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) _TIFFfree(data); return(0); } @@ -28,6 +29,3 @@ index d84147a0..4e8ce729 100644 o[(uint32_t)dp->tdir_count]=0; if (data!=0) _TIFFfree(data); --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch index 64dbe9ef92..21dc552036 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch @@ -1,18 +1,18 @@ +From e56d66a033b533f26872a20cb2052473962a0f2e Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 8 Mar 2022 16:22:04 +0000 +Subject: [PATCH] fix the FPE in tiffcrop (#393) + CVE: CVE-2022-0909 Upstream-Status: Backport Signed-off-by: Ross Burton -From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001 -From: 4ugustus -Date: Tue, 8 Mar 2022 16:22:04 +0000 -Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393) - --- libtiff/tif_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c -index a6c254fc..77da6ea4 100644 +index a6c254f..77da6ea 100644 --- a/libtiff/tif_dir.c +++ b/libtiff/tif_dir.c @@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) @@ -31,6 +31,3 @@ index a6c254fc..77da6ea4 100644 goto badvaluedouble; td->td_yresolution = _TIFFClampDoubleToFloat( dblval ); break; --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch index afd5e59960..337b84d992 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch @@ -1,18 +1,18 @@ +From 2dd282a54e5fccf9b501973e6da5f83ebde8e980 Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Thu, 10 Mar 2022 08:48:00 +0000 +Subject: [PATCH] fix heap buffer overflow in tiffcp (#278) + CVE: CVE-2022-0924 Upstream-Status: Backport Signed-off-by: Ross Burton -From 1074b9691322b1e3671cd8ea0b6b3509d08978fb Mon Sep 17 00:00:00 2001 -From: 4ugustus -Date: Thu, 10 Mar 2022 08:48:00 +0000 -Subject: [PATCH 6/6] fix heap buffer overflow in tiffcp (#278) - --- tools/tiffcp.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 1f889516..552d8fad 100644 +index 1f88951..552d8fa 100644 --- a/tools/tiffcp.c +++ b/tools/tiffcp.c @@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) @@ -52,6 +52,3 @@ index 1f889516..552d8fad 100644 if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) { TIFFError(TIFFFileName(out), "Error, can't write strip %"PRIu32, --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch index 0b41dde606..e5b34fd258 100644 --- a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch +++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch @@ -1,4 +1,4 @@ -From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 +From 7b91458541769f3d7eddc55a39d01730af2489fc Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sat, 5 Feb 2022 20:36:41 +0100 Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null @@ -12,10 +12,10 @@ CVE: CVE-2022-0562 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 2bbc4585..23194ced 100644 +index d84147a..ae52ad4 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c -@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) +@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif) goto bad; } @@ -25,6 +25,3 @@ index 2bbc4585..23194ced 100644 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); _TIFFfree(new_sampleinfo); } --- -GitLab - diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch index 71b85cac10..989ccbfa50 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch @@ -1,4 +1,4 @@ -From 87881e093691a35c60b91cafed058ba2dd5d9807 Mon Sep 17 00:00:00 2001 +From 281fa3cf0e0e8a44b93478c63d90dbfb64359e88 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 5 Dec 2021 14:37:46 +0100 Subject: [PATCH] TIFFReadDirectory: fix OJPEG hack (fixes #319) @@ -16,12 +16,13 @@ Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798] Signed-off-by: Yi Zhao + --- libtiff/tif_dirread.c | 162 ++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 79 deletions(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 8f434ef5..14c031d1 100644 +index a31109a..d7cccbe 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -3794,50 +3794,7 @@ TIFFReadDirectory(TIFF* tif) @@ -207,6 +208,3 @@ index 8f434ef5..14c031d1 100644 /* * Make sure all non-color channels are extrasamples. * If it's not the case, define them as such. --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch index e59f5aad55..19ce68dfbc 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch @@ -1,4 +1,4 @@ -From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001 +From 19d775e058bf6bb0b0e9c56f406b775f9e725355 Mon Sep 17 00:00:00 2001 From: Su_Laus Date: Sat, 2 Apr 2022 22:33:31 +0200 Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400) @@ -9,12 +9,13 @@ Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2] Signed-off-by: Yi Zhao + --- tools/tiffcp.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index fd129bb7..8d944ff6 100644 +index 552d8fa..57eef90 100644 --- a/tools/tiffcp.c +++ b/tools/tiffcp.c @@ -274,19 +274,34 @@ main(int argc, char* argv[]) @@ -57,6 +58,3 @@ index fd129bb7..8d944ff6 100644 break; case 'x': pageInSeq = 1; --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch index ae33a3b4e7..73905acb17 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch @@ -1,4 +1,4 @@ -From 6ad097dac1d4908705f5a9d43dea76b7f2de89eb Mon Sep 17 00:00:00 2001 +From cca32f0d4f3dd2bd73d044bd6991ab3c764fc718 Mon Sep 17 00:00:00 2001 From: Su_Laus Date: Sun, 6 Feb 2022 17:53:53 +0100 Subject: [PATCH] tiffcrop.c: This update fixes also issues #350 and #351. diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch index 9a23e23fed..bda3427c0f 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch @@ -1,4 +1,4 @@ -From 0ec36342df880f5ad41576cb1b03061b8697dabd Mon Sep 17 00:00:00 2001 +From b4cf40182c865db554c6e67034afa6ea12c5554d Mon Sep 17 00:00:00 2001 From: Su_Laus Date: Sun, 6 Feb 2022 10:53:45 +0100 Subject: [PATCH] tiffcrop.c: Fix issue #352 heap-buffer-overflow by correcting diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch index 3a3a915688..92906521b0 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch @@ -1,16 +1,18 @@ +From 05ef5e05a0b8d18ab075e09b1ea349acc0035e67 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Mon, 15 Aug 2022 22:11:03 +0200 +Subject: [PATCH] tiffcrop: disable incompatibility of -S + CVE: CVE-2022-2953 Upstream-Status: Backport Signed-off-by: Ross Burton Signed-off-by: Zheng Qiu -From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001 -From: Su_Laus -Date: Mon, 15 Aug 2022 22:11:03 +0200 -Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?= - =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?= - =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?= - =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?= - =?UTF-8?q?Z=20and=20-z.?= +According to Richard Nolde +https://gitlab.com/libtiff/libtiff/-/issues/401#note_877637400 the +tiffcrop option "-S" is also mutually exclusive to the other crop +options (-X|-Y), -Z and -z. + MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -18,12 +20,13 @@ Content-Transfer-Encoding: 8bit This is now checked and ends tiffcrop if those arguments are not mutually exclusive. This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424 + --- - tools/tiffcrop.c | 31 ++++++++++++++++--------------- - 1 file changed, 16 insertions(+), 15 deletions(-) + tools/tiffcrop.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 90286a5e..c3b758ec 100644 +index b596f9e..8af85c9 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022"; @@ -63,7 +66,7 @@ index 90286a5e..c3b758ec 100644 " In no case should the options be applied to a given selection successively.\n" "\n" ; -@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 +@@ -2133,13 +2133,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 /*NOTREACHED*/ } } @@ -82,6 +85,3 @@ index 90286a5e..c3b758ec 100644 exit(EXIT_FAILURE); } } /* end process_command_opts */ --- -2.34.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch index 48ca56982f..f3f8121735 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch @@ -1,4 +1,4 @@ -From 3fc1fdda0068981340cc7ae136173731275e2c5e Mon Sep 17 00:00:00 2001 +From 786a8b6fd1384c6e20c17729822d1f61ed569320 Mon Sep 17 00:00:00 2001 From: Hitendra Prajapati Date: Thu, 18 Aug 2022 10:46:30 +0530 Subject: [PATCH] CVE-2022-34526 @@ -6,6 +6,7 @@ Subject: [PATCH] CVE-2022-34526 Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990] CVE: CVE-2022-34526 Signed-off-by: Hitendra Prajapati + --- libtiff/tif_dirinfo.c | 3 +++ 1 file changed, 3 insertions(+) @@ -24,6 +25,3 @@ index 8565dfb..0f722a5 100644 /* Check if codec specific tags are allowed for the current * compression scheme (codec) */ switch (tif->tif_dir.td_compression) { --- -2.25.1 - diff --git a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch index 1fa6a11104..272dd3d713 100644 --- a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch +++ b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch @@ -1,4 +1,4 @@ -From 740111312ca6ae718f233d914662a9969e6820ee Mon Sep 17 00:00:00 2001 +From fb89eab3ed46bbb0276bdee05b570455f6a27d2f Mon Sep 17 00:00:00 2001 From: Su_Laus Date: Sun, 6 Feb 2022 19:52:17 +0100 Subject: [PATCH] Move the crop_width and crop_length computation after the diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch index 74f9649fdf..5a84491711 100644 --- a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch +++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch @@ -1,4 +1,4 @@ -From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 +From 895867b72bd6c46da79de1a07d0993cd104e92cd Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sun, 6 Feb 2022 13:08:38 +0100 Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null @@ -12,10 +12,10 @@ CVE: CVE-2022-0561 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 23194ced..50ebf8ac 100644 +index ae52ad4..d654a1c 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c -@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l +@@ -5766,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l _TIFFfree(data); return(0); } @@ -27,6 +27,3 @@ index 23194ced..50ebf8ac 100644 _TIFFfree(data); data=resizeddata; } --- -GitLab - From patchwork Thu Dec 1 14:26:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A4EEC4708E for ; Thu, 1 Dec 2022 14:27:42 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.44908.1669904856200725739 for ; Thu, 01 Dec 2022 06:27:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=dtjus6L9; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id q1so1788905pgl.11 for ; Thu, 01 Dec 2022 06:27:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FL6EYeS6z5HK4GWMAJe1euahO4GEZ6naatXvNpJNPro=; b=dtjus6L9VIjPhs5sRRa43XQYgxbf75ON2qTSRLmDLj51cFSOHYhJ2nHpJC98I7fuNY HQ6bOKNzUE2GCpiG7ivpjvAgHIqZyh87fkqIwwY+a/snD/Zfc9qk49toELFbaDyLtg8U dnpVFrFOIVO3bAKCkZCSuWKW6JSOAFneAPAzSULr86UH1IY9Gt20yCzCtItSmkjCGtDP 0Y59R2UIsmavjZQwxlek5oA6p/G+Z2/Spom3pwi+9NzqYaVrK9Ue6Auc+MrqPgk2Am3k YISNX4DAXs91KyQWugRPZALWN8fGuJpQyFwWDb03iX9skXvGreTmJd9g/GfPVnn8jBxo qfcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FL6EYeS6z5HK4GWMAJe1euahO4GEZ6naatXvNpJNPro=; b=KK6izqcAJS/dvFmU3dPjRFdVZiC+SYGknJJ/+VvqRDFIqPguP8Zzj5SzeIhLnxM9cQ jrN6q/U+1rON8zx2zcVmWfmu7k4jeiBhdVqrE4ylgfAExkuan4B+MWXlby/HOKcQHHMu m+zM52d4R9lZEVOTaaTZe8Ou5/EToF8ZRzV7Eb7nEmukjogI2L1DjfvVsKexD71MpjGI w4edLo9GhR3dOeyBSwQJmLA62npetAFNudCCS/W9ztDfNLymk7/ttImj+MDga4/wTTNP iv5ceCK3J92chrZORWHFmGJJS+W6DRyI5d7YCJJXfFKrY3SAadgn92jmcVpTpqID6/ma xcGQ== X-Gm-Message-State: ANoB5pkFw8I8AHAiuhazNJuvQYzbZ7M+AJB5WRLCdSaYR5tZC9XqfkMJ aNlMfwZQbV54JZJwXwbh4M25HxDgnLG5Z7hxZuI= X-Google-Smtp-Source: AA0mqf7u/hizBEa0xBvZUOtkyUbLwr5Zcf0Yzm+/kdExIU4DYTJ0qDEPG11fg+7seppxiISBApUhmw== X-Received: by 2002:a63:1626:0:b0:46e:96b9:ed63 with SMTP id w38-20020a631626000000b0046e96b9ed63mr42478081pgl.258.1669904853909; Thu, 01 Dec 2022 06:27:33 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/23] tiff: fix a number of CVEs Date: Thu, 1 Dec 2022 04:26:57 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174089 From: Ross Burton Backport fixes from upstream for the following CVEs: - CVE-2022-3599 - CVE-2022-3597 - CVE-2022-3626 - CVE-2022-3627 - CVE-2022-3570 - CVE-2022-3598 Signed-off-by: Ross Burton Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 266 ++++++++ ...fcrop-S-option-Make-decision-simpler.patch | 36 + ...-incompatibility-of-Z-X-Y-z-options-.patch | 59 ++ ...ines-require-a-larger-buffer-fixes-2.patch | 640 ++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 5 +- 5 files changed, 1005 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch new file mode 100644 index 0000000000..37859c9192 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch @@ -0,0 +1,266 @@ +From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Tue, 30 Aug 2022 16:56:48 +0200 +Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related + TIFFTAG_NUMBEROFINKS value + +In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed: + +Behaviour for writing: + `NumberOfInks` MUST fit to the number of inks in the `InkNames` string. + `NumberOfInks` is automatically set when `InkNames` is set. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +Behaviour for reading: + When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow + +This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456. + +It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue. + +CVE: CVE-2022-3599 +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + libtiff/tif_dir.c | 119 ++++++++++++++++++++++++----------------- + libtiff/tif_dir.h | 2 + + libtiff/tif_dirinfo.c | 2 +- + libtiff/tif_dirwrite.c | 5 ++ + libtiff/tif_print.c | 4 ++ + 5 files changed, 82 insertions(+), 50 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 793e8a79..816f7756 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v) + } + + /* +- * Confirm we have "samplesperpixel" ink names separated by \0. Returns ++ * Count ink names separated by \0. Returns + * zero if the ink names are not as expected. + */ +-static uint32_t +-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s) ++static uint16_t ++countInkNamesString(TIFF *tif, uint32_t slen, const char *s) + { +- TIFFDirectory* td = &tif->tif_dir; +- uint16_t i = td->td_samplesperpixel; ++ uint16_t i = 0; ++ const char *ep = s + slen; ++ const char *cp = s; + + if (slen > 0) { +- const char* ep = s+slen; +- const char* cp = s; +- for (; i > 0; i--) { ++ do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) + goto bad; + cp++; /* skip \0 */ +- } +- return ((uint32_t)(cp - s)); ++ i++; ++ } while (cp < ep); ++ return (i); + } + bad: + TIFFErrorExt(tif->tif_clientdata, "TIFFSetField", +- "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16, +- tif->tif_name, +- td->td_samplesperpixel, +- (uint16_t)(td->td_samplesperpixel-i)); ++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink", ++ tif->tif_name, slen, i); + return (0); + } + +@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) + _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); + break; + case TIFFTAG_INKNAMES: +- v = (uint16_t) va_arg(ap, uint16_vap); +- s = va_arg(ap, char*); +- v = checkInkNamesString(tif, v, s); +- status = v > 0; +- if( v > 0 ) { +- _TIFFsetNString(&td->td_inknames, s, v); +- td->td_inknameslen = v; ++ { ++ v = (uint16_t) va_arg(ap, uint16_vap); ++ s = va_arg(ap, char*); ++ uint16_t ninksinstring; ++ ninksinstring = countInkNamesString(tif, v, s); ++ status = ninksinstring > 0; ++ if(ninksinstring > 0 ) { ++ _TIFFsetNString(&td->td_inknames, s, v); ++ td->td_inknameslen = v; ++ /* Set NumberOfInks to the value ninksinstring */ ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (td->td_numberofinks != ninksinstring) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring); ++ td->td_numberofinks = ninksinstring; ++ } ++ } else { ++ td->td_numberofinks = ninksinstring; ++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS); ++ } ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel); ++ } ++ } ++ } ++ } ++ break; ++ case TIFFTAG_NUMBEROFINKS: ++ v = (uint16_t)va_arg(ap, uint16_vap); ++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */ ++ if (TIFFFieldSet(tif, FIELD_INKNAMES)) ++ { ++ if (v != td->td_numberofinks) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")", ++ tif->tif_name, fip->field_name, v, td->td_numberofinks); ++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */ ++ status = 0; ++ } ++ } else { ++ td->td_numberofinks = (uint16_t)v; ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel); ++ } ++ } + } + break; + case TIFFTAG_PERSAMPLE: +@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + if (fip->field_bit == FIELD_CUSTOM) { + standard_tag = 0; + } +- +- if( standard_tag == TIFFTAG_NUMBEROFINKS ) +- { +- int i; +- for (i = 0; i < td->td_customValueCount; i++) { +- uint16_t val; +- TIFFTagValue *tv = td->td_customValues + i; +- if (tv->info->field_tag != standard_tag) +- continue; +- if( tv->value == NULL ) +- return 0; +- val = *(uint16_t *)tv->value; +- /* Truncate to SamplesPerPixel, since the */ +- /* setting code for INKNAMES assume that there are SamplesPerPixel */ +- /* inknames. */ +- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ +- if( val > td->td_samplesperpixel ) +- { +- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", +- "Truncating NumberOfInks from %u to %"PRIu16, +- val, td->td_samplesperpixel); +- val = td->td_samplesperpixel; +- } +- *va_arg(ap, uint16_t*) = val; +- return 1; +- } +- return 0; +- } + + switch (standard_tag) { + case TIFFTAG_SUBFILETYPE: +@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap) + case TIFFTAG_INKNAMES: + *va_arg(ap, const char**) = td->td_inknames; + break; ++ case TIFFTAG_NUMBEROFINKS: ++ *va_arg(ap, uint16_t *) = td->td_numberofinks; ++ break; + default: + { + int i; +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index 09065648..0c251c9e 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -117,6 +117,7 @@ typedef struct { + /* CMYK parameters */ + int td_inknameslen; + char* td_inknames; ++ uint16_t td_numberofinks; /* number of inks in InkNames string */ + + int td_customValueCount; + TIFFTagValue *td_customValues; +@@ -174,6 +175,7 @@ typedef struct { + #define FIELD_TRANSFERFUNCTION 44 + #define FIELD_INKNAMES 46 + #define FIELD_SUBIFD 49 ++#define FIELD_NUMBEROFINKS 50 + /* FIELD_CUSTOM (see tiffio.h) 65 */ + /* end of support for well-known tags; codec-private tags follow */ + #define FIELD_CODEC 66 /* base of codec-private tags */ +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 3371cb5c..3b4bcd33 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -114,7 +114,7 @@ tiffFields[] = { + { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray }, + { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL }, + { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL }, +- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL }, ++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL }, + { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL }, + { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL }, + { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL }, +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 6c86fdca..062e4610 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff) + if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames)) + goto bad; + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks)) ++ goto bad; ++ } + if (TIFFFieldSet(tif,FIELD_SUBIFD)) + { + if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir)) +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 16ce5780..a91b9e7b 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + } + fputs("\n", fd); + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) { ++ fprintf(fd, " NumberOfInks: %d\n", ++ td->td_numberofinks); ++ } + if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { + fprintf(fd, " Thresholding: "); + switch (td->td_threshholding) { +-- +2.34.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch new file mode 100644 index 0000000000..79b4ff3f6e --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch @@ -0,0 +1,36 @@ +From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Sat, 20 Aug 2022 23:35:26 +0200 +Subject: [PATCH] tiffcrop -S option: Make decision simpler. + +Upstream-Status: Backport +Signed-off-by: Ross Burton + +--- + tools/tiffcrop.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index c3b758ec..8fd856dc 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + } + /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ + char XY, Z, R, S; +- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); +- Z = (crop_data->crop_mode & CROP_ZONES); +- R = (crop_data->crop_mode & CROP_REGIONS); +- S = (page->mode & PAGE_MODE_ROWSCOLS); +- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0; ++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0; ++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; ++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; ++ if (XY + Z + R + S > 1) { + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); + exit(EXIT_FAILURE); + } +-- +2.34.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch new file mode 100644 index 0000000000..6a62787648 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch @@ -0,0 +1,59 @@ +From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Thu, 25 Aug 2022 16:11:41 +0200 +Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options + with any PAGE_MODE_x option (fixes #411 and #413) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S. + +Code analysis: + +With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[]. +In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) . + +Execution of the else-clause often leads to buffer-overflows. + +Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows. + +The MR solves issues #411 and #413. + +CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + doc/tools/tiffcrop.rst | 8 ++++++++ + tools/tiffcrop.c | 32 +++++++++++++++++++++++++------- + 2 files changed, 33 insertions(+), 7 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 8fd856dc..41a2ea36 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; + S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; + if (XY + Z + R + S > 1) { +- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); + exit(EXIT_FAILURE); + } ++ ++ /* Check for not allowed combination: ++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options ++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. ++. */ ++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { ++ TIFFError("tiffcrop input error", ++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); ++ exit(EXIT_FAILURE); ++ } ++ + } /* end process_command_opts */ + + /* Start a new output file if one has not been previously opened or +-- +2.34.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch new file mode 100644 index 0000000000..e10e37ccc9 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch @@ -0,0 +1,640 @@ +From 1e000b3484808f1ee7a68bd276220d1cd82dec73 Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Thu, 13 Oct 2022 14:33:27 +0000 +Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271, + #381, #386, #388, #389, #435) + +CVE: CVE-2022-3570 CVE-2022-3598 +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + tools/tiffcrop.c | 203 ++++++++++++++++++++++++++--------------------- + 1 file changed, 114 insertions(+), 89 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index f96c7d60..adf0f849 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -210,6 +210,10 @@ static char tiffcrop_rev_date[] = "02-09-2022"; + + #define TIFF_DIR_MAX 65534 + ++/* Some conversion subroutines require image buffers, which are at least 3 bytes ++ * larger than the necessary size for the image itself. */ ++#define NUM_BUFF_OVERSIZE_BYTES 3 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32_t tmargin; +@@ -231,7 +235,7 @@ struct offset { + */ + + struct buffinfo { +- uint32_t size; /* size of this buffer */ ++ size_t size; /* size of this buffer */ + unsigned char *buffer; /* address of the allocated buffer */ + }; + +@@ -805,8 +809,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + uint32_t dst_rowsize, shift_width; + uint32_t bytes_per_sample, bytes_per_pixel; + uint32_t trailing_bits, prev_trailing_bits; +- uint32_t tile_rowsize = TIFFTileRowSize(in); +- uint32_t src_offset, dst_offset; ++ tmsize_t tile_rowsize = TIFFTileRowSize(in); ++ tmsize_t src_offset, dst_offset; + uint32_t row_offset, col_offset; + uint8_t *bufp = (uint8_t*) buf; + unsigned char *src = NULL; +@@ -856,7 +860,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf, + TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); + exit(EXIT_FAILURE); + } +- tilebuf = limitMalloc(tile_buffsize + 3); ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 0; + tilebuf[tile_buffsize] = 0; +@@ -1019,7 +1023,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf, + for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++) + { + srcbuffs[sample] = NULL; +- tbuff = (unsigned char *)limitMalloc(tilesize + 8); ++ tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES); + if (!tbuff) + { + TIFFError ("readSeparateTilesIntoBuffer", +@@ -1213,7 +1217,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + rowstripsize = rowsperstrip * bytes_per_sample * (width + 1); + +- obuf = limitMalloc (rowstripsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (obuf == NULL) + return 1; + +@@ -1226,7 +1231,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + stripsize = TIFFVStripSize(out, nrows); + src = buf + (row * rowsize); + total_bytes += stripsize; +- memset (obuf, '\0', rowstripsize); ++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump)) + { + _TIFFfree(obuf); +@@ -1234,10 +1239,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf, + } + if ((dump->outfile != NULL) && (dump->level == 1)) + { +- dump_info(dump->outfile, dump->format,"", ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } ++ dump_info(dump->outfile, dump->format,"", + "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d", +- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf); +- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf); ++ s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf); ++ dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf); + } + + if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) +@@ -1264,7 +1274,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +- uint32_t tile_rowsize = TIFFTileRowSize(out); ++ tmsize_t tile_rowsize = TIFFTileRowSize(out); + uint8_t* bufp = (uint8_t*) buf; + tsize_t tile_buffsize = 0; + tsize_t tilesize = TIFFTileSize(out); +@@ -1307,9 +1317,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng + } + src_rowsize = ((imagewidth * spp * bps) + 7U) / 8; + +- tilebuf = limitMalloc(tile_buffsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 1; ++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + for (row = 0; row < imagelength; row += tl) + { + nrow = (row + tl > imagelength) ? imagelength - row : tl; +@@ -1355,7 +1367,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + uint32_t imagewidth, tsample_t spp, + struct dump_opts * dump) + { +- tdata_t obuf = limitMalloc(TIFFTileSize(out)); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + uint32_t tl, tw; + uint32_t row, col, nrow, ncol; + uint32_t src_rowsize, col_offset; +@@ -1365,6 +1378,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele + + if (obuf == NULL) + return 1; ++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + + if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) || + !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) || +@@ -1790,14 +1804,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + + *opt_offset = '\0'; + /* convert option to lowercase */ +- end = strlen (opt_ptr); ++ end = (unsigned int)strlen (opt_ptr); + for (i = 0; i < end; i++) + *(opt_ptr + i) = tolower((int) *(opt_ptr + i)); + /* Look for dump format specification */ + if (strncmp(opt_ptr, "for", 3) == 0) + { + /* convert value to lowercase */ +- end = strlen (opt_offset + 1); ++ end = (unsigned int)strlen (opt_offset + 1); + for (i = 1; i <= end; i++) + *(opt_offset + i) = tolower((int) *(opt_offset + i)); + /* check dump format value */ +@@ -2270,6 +2284,8 @@ main(int argc, char* argv[]) + size_t length; + char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */ + ++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3); ++ + little_endian = *((unsigned char *)&little_endian) & '1'; + + initImageData(&image); +@@ -3222,13 +3238,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3637,13 +3653,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3820,10 +3836,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3 + static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + { + uint8_t* bufp = buf; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint32_t strip, nstrips = TIFFNumberOfStrips(in); +- uint32_t stripsize = TIFFStripSize(in); +- uint32_t rows = 0; ++ tmsize_t stripsize = TIFFStripSize(in); ++ tmsize_t rows = 0; + uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); + tsize_t scanline_size = TIFFScanlineSize(in); + +@@ -3836,11 +3852,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf) + bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); + rows = bytes_read / scanline_size; + if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize)) +- TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32, ++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64, + strip + 1, bytes_read, stripsize); + + if (bytes_read < 0 && !ignore) { +- TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows", ++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows", + strip, rows); + return 0; + } +@@ -4305,13 +4321,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4354,10 +4370,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4830,13 +4846,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4879,10 +4895,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4905,7 +4921,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + { + int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; + uint32_t j; +- int32_t bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint16_t bps = 0, planar; + uint32_t nstrips; + uint32_t strips_per_sample; +@@ -4971,7 +4987,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + srcbuffs[s] = NULL; +- buff = limitMalloc(stripsize + 3); ++ buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES); + if (!buff) + { + TIFFError ("readSeparateStripsIntoBuffer", +@@ -4994,7 +5010,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt + buff = srcbuffs[s]; + strip = (s * strips_per_sample) + j; + bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize); +- rows_this_strip = bytes_read / src_rowsize; ++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize); + if (bytes_read < 0 && !ignore) + { + TIFFError(TIFFFileName(in), +@@ -6047,13 +6063,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + uint16_t input_compression = 0, input_photometric = 0; + uint16_t subsampling_horiz, subsampling_vert; + uint32_t width = 0, length = 0; +- uint32_t stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; ++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0; ++ tmsize_t scanlinesize = 0; + uint32_t tw = 0, tl = 0; /* Tile width and length */ +- uint32_t tile_rowsize = 0; ++ tmsize_t tile_rowsize = 0; + unsigned char *read_buff = NULL; + unsigned char *new_buff = NULL; + int readunit = 0; +- static uint32_t prev_readsize = 0; ++ static tmsize_t prev_readsize = 0; + + TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); +@@ -6355,7 +6372,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { +@@ -6366,11 +6383,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- new_buff = _TIFFrealloc(read_buff, buffsize+3); ++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (read_buff); +- read_buff = (unsigned char *)limitMalloc(buffsize+3); ++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + read_buff = new_buff; +@@ -6443,8 +6460,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + dump_info (dump->infile, dump->format, "", + "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp); + ++ if (scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ scanlinesize); ++ } + for (i = 0; i < length; i++) +- dump_buffer(dump->infile, dump->format, 1, scanlinesize, ++ dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize, + i, read_buff + (i * scanlinesize)); + } + return (0); +@@ -7464,13 +7486,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -7533,23 +7555,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + + if (!sect_buff) + { +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { + if (prev_sectsize < sectsize) + { +- new_buff = _TIFFrealloc(sect_buff, sectsize); ++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + _TIFFfree (sect_buff); +- sect_buff = (unsigned char *)limitMalloc(sectsize); ++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + sect_buff = new_buff; +@@ -7559,7 +7581,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -7590,17 +7612,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[0].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7613,7 +7635,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[0].buffer = crop_buff; + seg_buffs[0].size = cropsize; + +@@ -7693,17 +7715,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[i].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7716,7 +7738,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[i].buffer = crop_buff; + seg_buffs[i].size = cropsize; + +@@ -7832,24 +7854,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + crop_buff = *crop_buff_ptr; + if (!crop_buff) + { +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + prev_cropsize = cropsize; + } + else + { + if (prev_cropsize < cropsize) + { +- new_buff = _TIFFrealloc(crop_buff, cropsize); ++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (crop_buff); +- crop_buff = (unsigned char *)limitMalloc(cropsize); ++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = new_buff; +@@ -7858,7 +7880,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -8156,13 +8178,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -8547,13 +8569,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_ + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -8622,12 +8644,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width, + return (-1); + } + +- if (!(rbuff = (unsigned char *)limitMalloc(buffsize))) ++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */ ++ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES))) + { +- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize); ++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } +- _TIFFmemset(rbuff, '\0', buffsize); ++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES); + + ibuff = *ibuff_ptr; + switch (rotation) +@@ -9155,13 +9178,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8_t)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8_t)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8_t)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8_t)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -9252,12 +9275,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + case MIRROR_BOTH: + case MIRROR_VERT: +- line_buff = (unsigned char *)limitMalloc(rowsize); ++ line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES); + if (line_buff == NULL) + { +- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize); ++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + + dst = ibuff + (rowsize * (length - 1)); + for (row = 0; row < length / 2; row++) +@@ -9289,11 +9313,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + } + else + { /* non 8 bit per sample data */ +- if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1))) ++ if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES))) + { + TIFFError("mirrorImage", "Unable to allocate mirror line buffer"); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + bytes_per_sample = (bps + 7) / 8; + bytes_per_pixel = ((bps * spp) + 7) / 8; + if (bytes_per_pixel < (bytes_per_sample + 1)) +@@ -9305,7 +9330,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_ + { + row_offset = row * rowsize; + src = ibuff + row_offset; +- _TIFFmemset (line_buff, '\0', rowsize); ++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + switch (shift_width) + { + case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff)) diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 29a2c38d8e..af9bdcfbde 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -27,6 +27,10 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \ file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \ file://CVE-2022-2953.patch \ + file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \ + file://0001-tiffcrop-S-option-Make-decision-simpler.patch \ + file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \ + file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" @@ -40,7 +44,6 @@ CVE_CHECK_IGNORE += "CVE-2015-7313" # These issues only affect libtiff post-4.3.0 but before 4.4.0, # caused by 3079627e and fixed by b4e79bfa. CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" - # Issue is in jbig which we don't enable CVE_CHECK_IGNORE += "CVE-2022-1210" From patchwork Thu Dec 1 14:26:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6578DC47089 for ; Thu, 1 Dec 2022 14:27:42 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.44769.1669904857198721119 for ; Thu, 01 Dec 2022 06:27:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=KcQ6idCQ; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id jn7so1761799plb.13 for ; Thu, 01 Dec 2022 06:27:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QgfqP2WR9s+5A9PUu+anUciwCIRAbh4BLWbCbQ9kp0U=; b=KcQ6idCQZcFFUvVkporGCOkg+1BEBlAEALGf4sidZ9OXnWWWwTp886M901fY9mK3SI GADUPvqIqb4+IyvRXWZ0V3/2h90mfAJy1ZtUf28aafYkza+ctAvPvJz0PZrPuw2BSfuB unLmvX+vY1cV36883/4rDYV0VLzGJzLeC97x41PQJ0C4TtroA+qvwyyyxZssTj9/cNJy RRUpniBGPSoVV//IipVvYAMc8ZhVoFNthYDIuVd6kJBMumCds06scRkeQ9Edrt5yzKmJ M4wla5VLAKimS7V108xLkt8L32JW1VMO2PsltmSYO4+fIyMwlA9Gpue+LtcQU9ba7Oas Pd9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QgfqP2WR9s+5A9PUu+anUciwCIRAbh4BLWbCbQ9kp0U=; b=J4bRpn3REO6gZ7z32gk4G3O/OvDtGEsBF7e8LyGQVgo4kR5LEACcs39mHfMABLSmN/ 9lOPIs9Se2GwOy86ke5HKpUvxV/daIu7ny8JmBKh0mEQOrcLIoW6w46psBj8bJe3ydOo NEyoquAL2QrZ9rpimPXlzOOfXuJGw/ufdjxwI+eWKtlIJqq2kj3GLkiJl1tnTu+mvM+V 9pBAVCffRIoeNKtVv/ytvVJOKQ0UOCWS3qyryzfFDydnq3eTGX1ZiOZySet12/FwjQ6g bpWJHDrAM1O9ecSPsQJXrFCGTIomrF2TssB5RX4va4j9i+WuvpTBzb9nvzG0+cUDME0r POhA== X-Gm-Message-State: ANoB5pk+dN3b7/SHDmqoHjzRn5Bb7oFDpDEHcqsqNR8iTAkyGeRPVQ+4 /qBuMYnyJeTlpgYKSCmmddtBFb0c+WPGFRC1WV8= X-Google-Smtp-Source: AA0mqf6/nRh0pujpRm5rAMpoL8m9+muLLS2TjxsUmhebGMZLqmjJTo3sZaKkxJh5dAyEIBQU2hH4mg== X-Received: by 2002:a17:902:bd42:b0:188:ca57:8945 with SMTP id b2-20020a170902bd4200b00188ca578945mr48324888plx.116.1669904856190; Thu, 01 Dec 2022 06:27:36 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/23] tiff: Security fix for CVE-2022-3970 Date: Thu, 1 Dec 2022 04:26:58 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174090 From: "Qiu, Zheng" This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be Signed-off-by: Zheng Qiu Signed-off-by: Alexandre Belloni Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2022-3970.patch | 38 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch new file mode 100644 index 0000000000..3779ebf646 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch @@ -0,0 +1,38 @@ +From 11c8026913e190b02266c1247e7a770e488d925e Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 8 Nov 2022 15:16:58 +0100 +Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on + strips/tiles > 2 GB + +Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 +Upstream-Status: Accepted + +Signed-off-by: Martin Jansa +--- + libtiff/tif_getimage.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index a1b6570b..9a2e0c59 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -3058,15 +3058,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in + return( ok ); + + for( i_row = 0; i_row < read_ysize; i_row++ ) { +- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize, +- raster + (read_ysize - i_row - 1) * read_xsize, ++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, ++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize, + read_xsize * sizeof(uint32_t) ); +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize, + 0, sizeof(uint32_t) * (tile_xsize - read_xsize) ); + } + + for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) { +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, + 0, sizeof(uint32_t) * tile_xsize ); + } + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index af9bdcfbde..b3737f962e 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -27,6 +27,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch \ file://0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch \ file://CVE-2022-2953.patch \ + file://CVE-2022-3970.patch \ file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \ file://0001-tiffcrop-S-option-Make-decision-simpler.patch \ file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \ From patchwork Thu Dec 1 14:26:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A45FC43217 for ; Thu, 1 Dec 2022 14:27:42 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web11.44911.1669904859497233040 for ; Thu, 01 Dec 2022 06:27:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=4To2EZSl; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id 3-20020a17090a098300b00219041dcbe9so2207899pjo.3 for ; Thu, 01 Dec 2022 06:27:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jgtvNF5TLEDD0P9mY5dDIwD9dGtLxvUfPYQpnfBKqxM=; b=4To2EZSl+YkeHRJNF/CHHHtvNTBPDV5Bzy4ZPsAuzybrotSuZnmQEL8PhhhXffhHXZ HGe4/XGESB7wcBv1NWLG8bhpWi7EGgcxSWHAaY06oxxoK+r77RFg6htbSwrVA4IKiQE3 ldzGfn5VrGrb2SNKHRQju1wbxKBFahrrR3w9sK1AncF292QNRlr7mI7avdyjqK1XFvK0 7+Vc4FSqRtNYFcd0rEVoUpFMpzGMKa5lqeLHKX5H78pvAbFqPce+FzuXN9VzL7yKlA4X 8WglfunWutSmJOoGQIMPOzvuDbPVv3HfPaiXolEyLLiGmWBaQU6XtQILfLUzRNW+ouj8 gVOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jgtvNF5TLEDD0P9mY5dDIwD9dGtLxvUfPYQpnfBKqxM=; b=Aol7Q1RQPs4grsm0dArPoO2mwAN7QHeBpjkQ0qVdCBexA3VZEaIp2/AlMs+lJBNmgr 5uSC0khm1JIneUkrslSzL90hB8rJuuipN93i65c44D9Uy4Y6eDRRvcaheFz4hmZLBx91 /cjtC84xjQvDHMYeOzAK6BTvCdjkPDjjhgf6yV6BKPdDPmDQdNoTy3+NCDav9DpaOuhd c6GDfKKZuCYQHf/J0bc7A03gPk1IdKEuxKfmzLnAM+zkCKni1mS/3ioqUlbTuUKv+ham MV+IOCLe2zRhfqtT8lNuPHaUBBUulgASiWZQiD0Xi1SawTaQYpJBsRK+mNVzHSiS7IKP /iHQ== X-Gm-Message-State: ANoB5pkKy3DksfBv9NtaQ91Vgd836nGtPKmaPKZrm16B5TtbCrzP2ub3 VbZZ5yCv6eBTyscZUEiLJ9qSJzVf2AnE9hlcFms= X-Google-Smtp-Source: AA0mqf4EU59vex/7QJHSDYcmor38nPp2CO6hyRhXivVYDbft3IDabcx4pqEkbZ2mpcfexoajyEPHgQ== X-Received: by 2002:a17:902:dac2:b0:188:f5c7:4d23 with SMTP id q2-20020a170902dac200b00188f5c74d23mr49076639plx.125.1669904858352; Thu, 01 Dec 2022 06:27:38 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/23] tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch Date: Thu, 1 Dec 2022 04:26:59 -1000 Message-Id: <97ad71541996023075950337e8b133c1a8551e0f.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174091 From: Martin Jansa * according to https://bugzilla.redhat.com/show_bug.cgi?id=2118863 this commit should be the fix for CVE-2022-2868 * resolves false-possitive entry in: https://lists.yoctoproject.org/g/yocto-security/message/705 CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- .../tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch index 272dd3d713..83d5db7fc6 100644 --- a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch +++ b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch @@ -5,11 +5,12 @@ Subject: [PATCH] Move the crop_width and crop_length computation after the sanity check to avoid warnings when built with -fsanitize=unsigned-integer-overflow. -Upstream-Status: Backport -[https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294] +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294] Signed-off-by: Teoh Jay Shen +CVE: CVE-2022-2868 + --- tools/tiffcrop.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) From patchwork Thu Dec 1 14:27:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF0AC4321E for ; Thu, 1 Dec 2022 14:27:42 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.44914.1669904861418891488 for ; Thu, 01 Dec 2022 06:27:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=QIW5EUiL; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id jl24so1780532plb.8 for ; Thu, 01 Dec 2022 06:27:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=P6oLzprM3Sf/Ql/OXwO1Azf+UKP+R5JdPW09693ft8U=; b=QIW5EUiLUITlETGS9e3gWgXWk2CbA49pArEcuZtdMCqB+U8VLGP4FodugLg2QxXV8G fgPOrK256g9rzqy9kNbTP37Rta6Lzoe1jcXuxrtnhsrlsJk4Zl9ek9vxwnaQR0CZDoqj u9KjW3C1Yd8o3FMOumIWrIECqOiH4jHHmqGGxs5zf1W77+HTURWi2fI7QU2DaNc0Qnsy 68Pb3bVhqpzA2l+m0qXo/i041ylwOYmMzO+TsTpes2CZrRoTsj3pSxkIyDlAL3EGv0eV eM15607UaNF87azR7/PmZ9GXr5uL0CQ5xwJedk9WS7Hhqr9jBuhhpvqwcgSOEaTCE/Yv Lexw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P6oLzprM3Sf/Ql/OXwO1Azf+UKP+R5JdPW09693ft8U=; b=ni/Nc0K7C2gTSwU/bih+pn6hgRAuwB3FKjdPkSz3Y8IxhdxKpvt+jsWcGW1JKCjQ6U EQutS24L38tQHz/i/QiBd15S14q48vhEMV/1IQXai0fEmQj5T12qnBQzcaXkRuqxV6aa IvMyFPsnY0BZS9khdbLBFS0+IHmDiVpFLrXDKfHApISVqFpVyeGuXBVL/o6qnXSUri9b Dq+2PKjzqemdDGZqLvIdObaukkPvyBAe1W5giEVhmn2HvyTc87jChLz9B4Ec8pqMb4L2 4FyFCSjBKcvrY/k09OwaHO6nESgdniVjfu7XwZx34UnviO7l6lKZ5RY3wbVhTzI+jwg7 bmOw== X-Gm-Message-State: ANoB5pnINDlopU8xmz2ojNDZ+FxbGK3C9VLanf4In4LHc7Bbh49wbaDV 9o3+B6e8yPHvBzXUETX/ZTlct9lUOEHluUEi43c= X-Google-Smtp-Source: AA0mqf6tH/ANl31LuH3cPxgEwABKU28GTHZpAL6zMIN+Ruh5R5Mb9RJdA5PRBB/xW3sL4+cAyVlskg== X-Received: by 2002:a17:90b:35cc:b0:213:e907:5c0d with SMTP id nb12-20020a17090b35cc00b00213e9075c0dmr67654562pjb.83.1669904860283; Thu, 01 Dec 2022 06:27:40 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/23] curl: Fix CVE-2022-32221 Date: Thu, 1 Dec 2022 04:27:00 -1000 Message-Id: <518bea85c9496d77c70d703b818e442eda841554.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174092 From: Bhabu Bindu POST following PUT confusion Link: https://ubuntu.com/security/CVE-2022-32221 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2022-32221.patch | 28 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32221.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-32221.patch b/meta/recipes-support/curl/curl/CVE-2022-32221.patch new file mode 100644 index 0000000000..b78b2ce1a8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32221.patch @@ -0,0 +1,28 @@ +From a64e3e59938abd7d667e4470a18072a24d7e9de9 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 15 Sep 2022 09:22:45 +0200 +Subject: [PATCH] setopt: when POST is set, reset the 'upload' field + +Reported-by: RobBotic1 on github +Fixes #9507 +Closes #9511 + +CVE: CVE-2022-32221 +Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9] +Signed-off-by: Bhabu Bindu +--- + lib/setopt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/setopt.c b/lib/setopt.c +index 03c4efdbf1e58..7289a4e78bdd0 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -700,6 +700,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + } + else + data->set.method = HTTPREQ_GET; ++ data->set.upload = FALSE; + break; + + case CURLOPT_HTTPPOST: diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 5368c91f5c..e0099f7453 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -29,6 +29,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-32207.patch \ file://CVE-2022-32208.patch \ file://CVE-2022-35252.patch \ + file://CVE-2022-32221.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Dec 1 14:27:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CBE6C4321E for ; Thu, 1 Dec 2022 14:27:52 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.44915.1669904863309351416 for ; Thu, 01 Dec 2022 06:27:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=rq7PJmA8; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id w129so2019425pfb.5 for ; Thu, 01 Dec 2022 06:27:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=atEdE0WNYJjUc9GqCVbi2mWqEu6ABkpg+LX7x4cflKQ=; b=rq7PJmA8bb900nWj3ZI6iOZmr/ZiJj5VlI1z6GmPWDsjvCJ4E+aG0nRZ3xVWRu/nCe XYNfsefnLmTbyhY95/mm9/4Ec2vnxA0ETyDQK04x1mwMIe8RFgi5mJH5hyYUcJawRGyh QYHg85vLamKBfsEd9FOIBjIPR6I5GgcC/fcbXqT5ND5duVxybOPU5YnB5GNmS+fbwJ0n UB+V/B12soEykPzVk6IvUqgOLTrQ5YH8if1sJ+MjtH1Uh4KQLUatsVS1CiAmKi2Nqyuf GmZaqbzA/wGoJNFpAhQUTb0JhyupdSGiiUlF8dPWbZhJ5wCzGfzaqWn7bAc1HVPLWRNl Yd6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=atEdE0WNYJjUc9GqCVbi2mWqEu6ABkpg+LX7x4cflKQ=; b=FURobUYUgYmk0rzOHYrpgInkXdGbhlBI+kjZjFBVWT4VsNlkLpygpMMg4J0iRVCoQH /eY9durSGOc1INqL0OS5MU510oDLd+Bl1AiVUwX4l57D7+OqJZm53r/zdfNbYDJ5zFii TcTPTXWLabcq/XJtVERgpvkQpWTizpAj3Iu2NedsJ0WuA6csTYCgWtosymt8bYVLk1Lh nqKSnnNaS4Vb5XGtX4Saz/6ri811v/72qYU73kGgh0DKMGdcicIWOPr7WCYnrRp04eZk 0TmXjdq2HAW3nmzsnXdeg82WWfu6mWOWNcO4oCfI/7bNxz06OgBAFnxC6/A0skG6LrNW z0aA== X-Gm-Message-State: ANoB5pmdTZzooL+hNPncQh2NRMW8ls4zN0GlugHff4F7kpjzsk4UacZW ir/UIiJGw8yodyTC9+Q6JfFcub1SbqUuRPPMhp0= X-Google-Smtp-Source: AA0mqf6DvMV9Rp/34KpUPo8Lyc7CFcPlvHYL/MC/JYIHR6i9s60YJzV7w5gp3GWR3whKAgDGkKEImA== X-Received: by 2002:aa7:8054:0:b0:56c:4303:a93d with SMTP id y20-20020aa78054000000b0056c4303a93dmr51449657pfm.73.1669904862195; Thu, 01 Dec 2022 06:27:42 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/23] curl: Fix CVE-2022-42916 Date: Thu, 1 Dec 2022 04:27:01 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174093 From: Bhabu Bindu HSTS bypass via IDN Link: https://security-tracker.debian.org/tracker/CVE-2022-42916 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2022-42916.patch | 136 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 137 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-42916.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-42916.patch b/meta/recipes-support/curl/curl/CVE-2022-42916.patch new file mode 100644 index 0000000000..fbc592280a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-42916.patch @@ -0,0 +1,136 @@ +From 53bcf55b4538067e6dc36242168866becb987bb7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 12 Oct 2022 10:47:59 +0200 +Subject: [PATCH] url: use IDN decoded names for HSTS checks + +Reported-by: Hiroki Kurosawa + +Closes #9791 + +CVE: CVE-2022-42916 +Upstream-Status: Backport [https://github.com/curl/curl/commit/53bcf55b4538067e6dc36242168866becb987bb7] +Signed-off-by: Bhabu Bindu +Comments: Refreshed hunk +--- + lib/url.c | 91 ++++++++++++++++++++++++++++--------------------------- + 1 file changed, 47 insertions(+), 44 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index a3be56bced9de..690c53c81a3c1 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2012,10 +2012,56 @@ + if(!strcasecompare("file", data->state.up.scheme)) + return CURLE_OUT_OF_MEMORY; + } ++ hostname = data->state.up.hostname; ++ ++ if(hostname && hostname[0] == '[') { ++ /* This looks like an IPv6 address literal. See if there is an address ++ scope. */ ++ size_t hlen; ++ conn->bits.ipv6_ip = TRUE; ++ /* cut off the brackets! */ ++ hostname++; ++ hlen = strlen(hostname); ++ hostname[hlen - 1] = 0; ++ ++ zonefrom_url(uh, data, conn); ++ } ++ ++ /* make sure the connect struct gets its own copy of the host name */ ++ conn->host.rawalloc = strdup(hostname ? hostname : ""); ++ if(!conn->host.rawalloc) ++ return CURLE_OUT_OF_MEMORY; ++ conn->host.name = conn->host.rawalloc; ++ ++ /************************************************************* ++ * IDN-convert the hostnames ++ *************************************************************/ ++ result = Curl_idnconvert_hostname(data, &conn->host); ++ if(result) ++ return result; ++ if(conn->bits.conn_to_host) { ++ result = Curl_idnconvert_hostname(data, &conn->conn_to_host); ++ if(result) ++ return result; ++ } ++#ifndef CURL_DISABLE_PROXY ++ if(conn->bits.httpproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); ++ if(result) ++ return result; ++ } ++ if(conn->bits.socksproxy) { ++ result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); ++ if(result) ++ return result; ++ } ++#endif + + #ifndef CURL_DISABLE_HSTS ++ /* HSTS upgrade */ + if(data->hsts && strcasecompare("http", data->state.up.scheme)) { +- if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) { ++ /* This MUST use the IDN decoded name */ ++ if(Curl_hsts(data->hsts, conn->host.name, TRUE)) { + char *url; + Curl_safefree(data->state.up.scheme); + uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0); +@@ -2145,26 +2191,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, + + (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0); + +- hostname = data->state.up.hostname; +- if(hostname && hostname[0] == '[') { +- /* This looks like an IPv6 address literal. See if there is an address +- scope. */ +- size_t hlen; +- conn->bits.ipv6_ip = TRUE; +- /* cut off the brackets! */ +- hostname++; +- hlen = strlen(hostname); +- hostname[hlen - 1] = 0; +- +- zonefrom_url(uh, data, conn); +- } +- +- /* make sure the connect struct gets its own copy of the host name */ +- conn->host.rawalloc = strdup(hostname ? hostname : ""); +- if(!conn->host.rawalloc) +- return CURLE_OUT_OF_MEMORY; +- conn->host.name = conn->host.rawalloc; +- + #ifdef ENABLE_IPV6 + if(data->set.scope_id) + /* Override any scope that was set above. */ +@@ -3713,29 +3739,6 @@ static CURLcode create_conn(struct Curl_easy *data, + if(result) + goto out; + +- /************************************************************* +- * IDN-convert the hostnames +- *************************************************************/ +- result = Curl_idnconvert_hostname(data, &conn->host); +- if(result) +- goto out; +- if(conn->bits.conn_to_host) { +- result = Curl_idnconvert_hostname(data, &conn->conn_to_host); +- if(result) +- goto out; +- } +-#ifndef CURL_DISABLE_PROXY +- if(conn->bits.httpproxy) { +- result = Curl_idnconvert_hostname(data, &conn->http_proxy.host); +- if(result) +- goto out; +- } +- if(conn->bits.socksproxy) { +- result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host); +- if(result) +- goto out; +- } +-#endif + + /************************************************************* + * Check whether the host and the "connect to host" are equal. diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index e0099f7453..a3e29a583d 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -30,6 +30,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-32208.patch \ file://CVE-2022-35252.patch \ file://CVE-2022-32221.patch \ + file://CVE-2022-42916.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Dec 1 14:27:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69F07C4708D for ; Thu, 1 Dec 2022 14:27:52 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.44919.1669904865204756937 for ; Thu, 01 Dec 2022 06:27:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=EL7Hrtw+; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 136so1821000pga.1 for ; Thu, 01 Dec 2022 06:27:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VT1W5GfD4PDlJGRmUXNwX4MDsURCLc6v5FhsgV7vzpg=; b=EL7Hrtw+F9Vv5l/HHu7ehbE+QtzzaT0oOShsH2OUAlIMMrDkDeVEL/jSVeZc307yNL 5tLfLs8H/NCYXbnirSHxtL4OCBfxI11a2Lz5NxUVhdjr1UO96DVDjPq//YySLmQXGxIC wSXUwuorUf0bOJG07to1dwfWq9Yj5364ldXYWlxhxbKpJ4sZAJ5DeocD5T6dJyPnqr67 t31nnug1YW2XWevEQocwInO5v8UoCzU4nBP/qJTQNVXTW7JDtl3ZX/BpYTYP99ZWx+jK /iEifdkawnLbzBJAXRjHAq3A0b/gkVPTmulemg12rcxgzcGJ5B2EpP4AsosZEaI0adpu +rXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VT1W5GfD4PDlJGRmUXNwX4MDsURCLc6v5FhsgV7vzpg=; b=x1JRLPcE+xaZdEOjwDK6xpQhrHBHVLu8HHs8XnJ/vJ98ISvsdieygb3kEfmEsJzW7Z MTP0y2YmlkFRSNfQ6XbcAbi4kSVG2Cpig78bwuOdu3TdV8G1iZhyDQ1YVtmrI5Ety8qd wVUCHwPnd2XFeIJXBg0ebnySjbtyvwf3KoVsrGHtMRvAeIOWLSjczoWZWWJKOiIHrJoX HeJfEp6mxJ008pn70BIi93/9f9MxFAMfPUrcilQ5AVcpyKrdW0rboz4nkpMNqkrKdziO pPX7jruTRS/vV9W7Uw0vdaFve7n1ThtmljuZzaA88/bX+msvfVZC1QU7NahEnIocvMjs 3Zlg== X-Gm-Message-State: ANoB5plEqwIARnx7fmvGrKHnMU5lCUQQMo8JiXwLZUim7h8U36R0nnO4 dgRXVFarucXj+xNxoPvgE/TjOvCgRjjwpSEwzF0= X-Google-Smtp-Source: AA0mqf6rlrGH9W+DgZSmkbZDoEZrKD4qqev+heXPug/WdVREcdW0/ezL89fOWt7grVtbAbE9aBj29Q== X-Received: by 2002:a63:fa12:0:b0:456:d859:2145 with SMTP id y18-20020a63fa12000000b00456d8592145mr44994398pgh.56.1669904864188; Thu, 01 Dec 2022 06:27:44 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/23] curl: Fix CVE-2022-42915 Date: Thu, 1 Dec 2022 04:27:02 -1000 Message-Id: <4754f33d7ec96f72351853463540c8b1a3f4bc0c.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174094 From: Bhabu Bindu HTTP proxy double-free Link: https://security-tracker.debian.org/tracker/CVE-2022-42915 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2022-42915.patch | 53 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-42915.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/meta/recipes-support/curl/curl/CVE-2022-42915.patch new file mode 100644 index 0000000000..0f37a80e09 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-42915.patch @@ -0,0 +1,53 @@ +From 55e1875729f9d9fc7315cec611bffbd2c817ad89 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 6 Oct 2022 14:13:36 +0200 +Subject: [PATCH] http_proxy: restore the protocol pointer on error + +Reported-by: Trail of Bits + +Closes #9790 + +CVE: CVE-2022-42915 +Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89] +Signed-off-by: Bhabu Bindu +--- + lib/http_proxy.c | 6 ++---- + lib/url.c | 9 --------- + 2 files changed, 2 insertions(+), 13 deletions(-) + +diff --git a/lib/http_proxy.c b/lib/http_proxy.c +index 1f87f6c62aa40..cc20b3a801941 100644 +--- a/lib/http_proxy.c ++++ b/lib/http_proxy.c +@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data) + Curl_dyn_free(&s->rcvbuf); + Curl_dyn_free(&s->req); + +- /* restore the protocol pointer, if not already done */ +- if(s->prot_save) +- data->req.p.http = s->prot_save; +- s->prot_save = NULL; ++ /* restore the protocol pointer */ ++ data->req.p.http = s->prot_save; + data->info.httpcode = 0; /* clear it as it might've been used for the + proxy */ + data->req.ignorebody = FALSE; +diff --git a/lib/url.c b/lib/url.c +index 690c53c81a3c1..be5ffca2d8b20 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -751,15 +751,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) + DEBUGASSERT(data); + infof(data, "Closing connection %ld", conn->connection_id); + +-#ifndef USE_HYPER +- if(conn->connect_state && conn->connect_state->prot_save) { +- /* If this was closed with a CONNECT in progress, cleanup this temporary +- struct arrangement */ +- data->req.p.http = NULL; +- Curl_safefree(conn->connect_state->prot_save); +- } +-#endif +- + /* possible left-overs from the async name resolvers */ + Curl_resolver_cancel(data); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index a3e29a583d..87f4cd13aa 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -31,6 +31,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-35252.patch \ file://CVE-2022-32221.patch \ file://CVE-2022-42916.patch \ + file://CVE-2022-42915.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Dec 1 14:27:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16272 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68FE6C47088 for ; Thu, 1 Dec 2022 14:27:52 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.44921.1669904867136998578 for ; Thu, 01 Dec 2022 06:27:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=FV16ORlH; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id r7so1990812pfl.11 for ; Thu, 01 Dec 2022 06:27:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WHzt6t6dRVOknRXv1GLxo6hHl5KcIYdTwDbOPch4alY=; b=FV16ORlHTERxUn5itYwQNceI8C39FagVN/+l3YkcEisZ9XTsOVNIdRKxXtP226IgkL w3csT3IA0YEJSdpmOyp2Ddvpw9e9y7haiUDmddrPwj8FeYIJr6NxfQOkGCfmTTTzcZIJ SQ9wgy8sQlB5u1YGBk2Evfc7Ttzv0msYaCishYjwA1jaNb3QeGbfIP4Fu8G0AQ4HGyME 4jr8G6PWYM2zydOKYO1/iXLOMnAe90QM04mTomV950sbxjgQL4Jawyx26AjikoG3Vlsd gSCnqluih/thdXbXbSdGl04rWn3mteQps6ROVZarzsjxvzuFsMyd29D19uj3CbtCByNX 6GoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WHzt6t6dRVOknRXv1GLxo6hHl5KcIYdTwDbOPch4alY=; b=yz+5Ty/qhYshT8bU66o11YxVl0A0dDTV4qlRuM3JIcKcSamsj5veqO22LciH6RPuKP ek7FoqR8pJoEcTBTDf+w3mwpOOlDezNjRM6X+Xn+epHZeYtiqDDFcgGar7Exs6KlKMlr hYo76E9hmXG1KXYQyXpAz2P6lUqxhbpzQoFBHRR5d1vwcWUhzBmSnEM4FBDZ4Jwr6zRb GFL/C/6HcsJA02Z3d79zNna1+7bEFmkQfQ+NfO0dl8MbBvICmuo7qOku5SEt8waKNTnE VbV9pCBJOsOHshjpU+28/OiK7+P5xs8eewsUd0y1VHucjq5cywvomw0ZDk4/mgROwRmZ MAnA== X-Gm-Message-State: ANoB5plVkvQtOD6Afj1fDZkT2oIVEzOe+9fZMQtWrEtmZR8l54Ng7qxm /Uyzrj9SJVgQbXeIRQ9CGXUrocePvO2c9kWDne0= X-Google-Smtp-Source: AA0mqf5fHpdv2FiK4aLNo87LnrSQ8/uKRj7I77quYG+f3tqKxo04vFrpXLRtLfl8CqkoVcX6R1xwVA== X-Received: by 2002:a62:1413:0:b0:574:e84e:d7a1 with SMTP id 19-20020a621413000000b00574e84ed7a1mr26328077pfu.83.1669904866009; Thu, 01 Dec 2022 06:27:46 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:45 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/23] dropbear: fix CVE-2021-36369 Date: Thu, 1 Dec 2022 04:27:03 -1000 Message-Id: <212dd2ce833aaf7f19111e95fbc22fc8c6d63db4.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174095 From: Chee Yang Lee Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- meta/recipes-core/dropbear/dropbear.inc | 4 +- .../dropbear/dropbear/CVE-2021-36369.patch | 145 ++++++++++++++++++ 2 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index 2d6e64cf8d..f3f085b616 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -27,7 +27,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://dropbear.socket \ file://dropbear.default \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + file://CVE-2021-36369.patch \ + " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch b/meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch new file mode 100644 index 0000000000..5ff11abdd6 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch @@ -0,0 +1,145 @@ +From e9b15a8b1035b62413b2b881315c6bffd02205d4 Mon Sep 17 00:00:00 2001 +From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> +Date: Thu, 19 Aug 2021 17:37:14 +0200 +Subject: [PATCH] added option to disable trivial auth methods (#128) + +* added option to disable trivial auth methods + +* rename argument to match with other ssh clients + +* fixed trivial auth detection for pubkeys + +[https://github.com/mkj/dropbear/pull/128] +Upstream-Status: Backport +CVE: CVE-2021-36369 +Signed-off-by: Chee Yang Lee + +--- + cli-auth.c | 3 +++ + cli-authinteract.c | 1 + + cli-authpasswd.c | 2 +- + cli-authpubkey.c | 1 + + cli-runopts.c | 7 +++++++ + cli-session.c | 1 + + runopts.h | 1 + + session.h | 1 + + 8 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/cli-auth.c b/cli-auth.c +index 2e509e5..6f04495 100644 +--- a/cli-auth.c ++++ b/cli-auth.c +@@ -267,6 +267,9 @@ void recv_msg_userauth_success() { + if DROPBEAR_CLI_IMMEDIATE_AUTH is set */ + + TRACE(("received msg_userauth_success")) ++ if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) { ++ dropbear_exit("trivial authentication not allowed"); ++ } + /* Note: in delayed-zlib mode, setting authdone here + * will enable compression in the transport layer */ + ses.authstate.authdone = 1; +diff --git a/cli-authinteract.c b/cli-authinteract.c +index e1cc9a1..f7128ee 100644 +--- a/cli-authinteract.c ++++ b/cli-authinteract.c +@@ -114,6 +114,7 @@ void recv_msg_userauth_info_request() { + m_free(instruction); + + for (i = 0; i < num_prompts; i++) { ++ cli_ses.is_trivial_auth = 0; + unsigned int response_len = 0; + prompt = buf_getstring(ses.payload, NULL); + cleantext(prompt); +diff --git a/cli-authpasswd.c b/cli-authpasswd.c +index 00fdd8b..a24d43e 100644 +--- a/cli-authpasswd.c ++++ b/cli-authpasswd.c +@@ -155,7 +155,7 @@ void cli_auth_password() { + + encrypt_packet(); + m_burn(password, strlen(password)); +- ++ cli_ses.is_trivial_auth = 0; + TRACE(("leave cli_auth_password")) + } + #endif /* DROPBEAR_CLI_PASSWORD_AUTH */ +diff --git a/cli-authpubkey.c b/cli-authpubkey.c +index 42c4e3f..fa01807 100644 +--- a/cli-authpubkey.c ++++ b/cli-authpubkey.c +@@ -176,6 +176,7 @@ static void send_msg_userauth_pubkey(sign_key *key, enum signature_type sigtype, + buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); + cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf); + buf_free(sigbuf); /* Nothing confidential in the buffer */ ++ cli_ses.is_trivial_auth = 0; + } + + encrypt_packet(); +diff --git a/cli-runopts.c b/cli-runopts.c +index 3654b9a..255b47e 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -152,6 +152,7 @@ void cli_getopts(int argc, char ** argv) { + #if DROPBEAR_CLI_ANYTCPFWD + cli_opts.exit_on_fwd_failure = 0; + #endif ++ cli_opts.disable_trivial_auth = 0; + #if DROPBEAR_CLI_LOCALTCPFWD + cli_opts.localfwds = list_new(); + opts.listen_fwd_all = 0; +@@ -889,6 +890,7 @@ static void add_extendedopt(const char* origstr) { + #if DROPBEAR_CLI_ANYTCPFWD + "\tExitOnForwardFailure\n" + #endif ++ "\tDisableTrivialAuth\n" + #ifndef DISABLE_SYSLOG + "\tUseSyslog\n" + #endif +@@ -916,5 +918,10 @@ static void add_extendedopt(const char* origstr) { + return; + } + ++ if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) { ++ cli_opts.disable_trivial_auth = parse_flag_value(optstr); ++ return; ++ } ++ + dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr); + } +diff --git a/cli-session.c b/cli-session.c +index 5e5af22..afb54a1 100644 +--- a/cli-session.c ++++ b/cli-session.c +@@ -165,6 +165,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) { + /* Auth */ + cli_ses.lastprivkey = NULL; + cli_ses.lastauthtype = 0; ++ cli_ses.is_trivial_auth = 1; + + /* For printing "remote host closed" for the user */ + ses.remoteclosed = cli_remoteclosed; +diff --git a/runopts.h b/runopts.h +index 6a4a94c..01201d2 100644 +--- a/runopts.h ++++ b/runopts.h +@@ -159,6 +159,7 @@ typedef struct cli_runopts { + #if DROPBEAR_CLI_ANYTCPFWD + int exit_on_fwd_failure; + #endif ++ int disable_trivial_auth; + #if DROPBEAR_CLI_REMOTETCPFWD + m_list * remotefwds; + #endif +diff --git a/session.h b/session.h +index fb5b8cb..6706592 100644 +--- a/session.h ++++ b/session.h +@@ -316,6 +316,7 @@ struct clientsession { + + int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, + for the last type of auth we tried */ ++ int is_trivial_auth; + int ignore_next_auth_response; + #if DROPBEAR_CLI_INTERACT_AUTH + int auth_interact_failed; /* flag whether interactive auth can still From patchwork Thu Dec 1 14:27:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C4A4C43217 for ; Thu, 1 Dec 2022 14:27:52 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.44764.1669904847658381290 for ; Thu, 01 Dec 2022 06:27:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=lPCr8pvl; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id a9so1782524pld.7 for ; Thu, 01 Dec 2022 06:27:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vP+P1nKc3MWMQRtenzlrV9DDomg5C/ZV61hZo0fELb0=; b=lPCr8pvleTSukjkAdGSjbd6IoHcCocX3Rou+SnA9UZ1qI8t40WsVu3ABEvrMbWMKE+ GLoaA9KH7ZkEVO77CwQfI87eYe7eyWrD+s2jb5NxgxAsLZGyZZ9fbLm5Bh09zV2q0UAO geRX1LtZ7Wi8iD8Lbuuj40tHc6KO722nIMgy9vLiDsn+WQy8UARIjI5694YRi4fVzj+f LqTXdxSbvKG5PtKhESURXtGnkcnNQCtmPHy09fbvrnGzTi6waQ2ED4HZbZa0W/u+Ce8p AFuTv7J9wVoeGKfTEAvaaqW9rnI1eXNd0z02mEfOb0VFSjqMDuipeZGJy/fs6a12otsn FxJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vP+P1nKc3MWMQRtenzlrV9DDomg5C/ZV61hZo0fELb0=; b=f0In60DcG3MrWtSebYUbx9ZA3GEMx+C+UQlJkDZ4ZMv/ANRQO1z+0jgV/7HfNX+BeT 7tn7iqU8dlgGqt1Dfb2PGE31y5OuA0vymdBu7owp15PBT9N9/tirqQ4Dsr1m2CCQ8FE/ 8X5w2myN/o3IoRdj2PxoFo40bH0C5u60KRBsMN6bgSRbJYfN7sMyB6aOvtaWu9q9nunB cRc3k3cIxovLGbkqimpmGlghtNiBg5Rj6kenRY2z2TvUTvHolxp2ZhD+8DyV+jkmnVy9 t/1jUUsjAk+foqQLm2cZmDxR2mgfxtW9YRW0YXaIM4MKPP1m2PP3XjBxpMpwC/+JIIeQ F3bQ== X-Gm-Message-State: ANoB5plJb9ucl1K4nFOaWy5oOwjxx+e23Lq+L280SdEACq7mRjBP/0Ng dX/DfDjWwUBEQDBFngSxCcs27WA2EbjwOTuWnWY= X-Google-Smtp-Source: AA0mqf5c8iTD7nLlUf/j996VgFo5bP+Ezqgt1xV7XDAzFxsZlZtQfnn7MNEnRZZTAAryooSqH+77Ug== X-Received: by 2002:a17:902:8c8e:b0:188:d588:34f2 with SMTP id t14-20020a1709028c8e00b00188d58834f2mr61613907plo.15.1669904867899; Thu, 01 Dec 2022 06:27:47 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/23] libpam: fix CVE-2022-28321 Date: Thu, 1 Dec 2022 04:27:04 -1000 Message-Id: <399d4986a7707c081dd5da1991647cb02cbea69c.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174096 From: "Polampalli, Archana" The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. References: https://nvd.nist.gov/vuln/detail/CVE-2022-28321 Upstream patches: https://github.com/linux-pam/linux-pam/commit/08992030c56c940c0707ccbc442b1c325aa01e6d https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f Signed-off-by: Archana Polampalli Signed-off-by: Alexandre Belloni (cherry picked from commit b1fd799af0086347de1ec4b72d562b1fb490def1) Signed-off-by: Steve Sakoman --- .../pam/libpam/CVE-2022-28321-0002.patch | 205 ++++++++++++++++++ meta/recipes-extended/pam/libpam_1.5.2.bb | 1 + 2 files changed, 206 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch diff --git a/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch new file mode 100644 index 0000000000..e7bf03f9f7 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch @@ -0,0 +1,205 @@ +From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 24 Feb 2022 10:37:32 +0100 +Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf + +According to the manual page, the following entry is valid but does not +work: +-:root:ALL EXCEPT localhost + +See https://bugzilla.suse.com/show_bug.cgi?id=1019866 + +Patched is based on PR#226 from Josef Moellers + +Upstream-Status: Backport +CVE: CVE-2022-28321 + +Reference to upstream patch: +[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] + +Signed-off-by: Stefan Ghinea +--- + modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- + 1 file changed, 76 insertions(+), 19 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 277192b..bca424f 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); + } + +@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai = NULL; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- DIAG_PUSH_IGNORE_CAST_ALIGN; +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } +-- +2.37.3 + diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb b/meta/recipes-extended/pam/libpam_1.5.2.bb index 081986ef43..dabd3256c8 100644 --- a/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/meta/recipes-extended/pam/libpam_1.5.2.bb @@ -24,6 +24,7 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux file://0001-run-xtests.sh-check-whether-files-exist.patch \ file://run-ptest \ file://pam-volatiles.conf \ + file://CVE-2022-28321-0002.patch \ " SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d" From patchwork Thu Dec 1 14:27:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62D08C47089 for ; Thu, 1 Dec 2022 14:27:52 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.44764.1669904847658381290 for ; Thu, 01 Dec 2022 06:27:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=qnAAWMGY; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id a9so1782618pld.7 for ; Thu, 01 Dec 2022 06:27:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Rhhr+0WiyB5MHPq/tJPataL68lK0Uo3H4P/2bAieuJs=; b=qnAAWMGYajK6OdPfdEJd06G+7g+6k3hg6liyClW2P/W+BHv7i7C3kAy0QGoNeSVCqs RfHsxARfEVMWSTYTXSmQ5tuOW+QH7nB729eBzQNABun0Fy9FLjKrJz10bTTNehIGXxtd mt1yFunySRqmE0bU+HznbIKJ7ZtTxVXLyIY8LwMHuSLKoYNTF+6nXumUeIlt1qYCy1I2 k/4Rm+btke7ld58IgrRniw3LWyY+HGqcF8dsrG+9LkaP8y6wGC+c/U9AMI/MuoG4k4zo Pld9jzhri2MH2C86yQneTn0ePr33yyS0Xu0UmqLsUCrm+9VMe8fpl4J9k4Uvwl7o7PVI vjCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rhhr+0WiyB5MHPq/tJPataL68lK0Uo3H4P/2bAieuJs=; b=e8STLP5yFuvAodNxml/c7CULEFiMOPGHu+WwABmJkO/Utn5HNFOJgfb7pNcm4tXlvT kLqCFtvarfhocPP2dNXm7+IvoCovJikP8yhIx45WhqCpn90bDI8DuGJm5Qxx7kSjHk2W /UvFNgeZLvHtODChZCUefh7Vt5d/ZxBEXX4DjJKAfWKstLms0B8Srbg01ecoUoJ7MES/ 4DfW0loHLBZBu+c9wGcihvaXflJbmuavTejExOu6Gd478ND05B77Txf2byaTur7YyJQq tkHWoQ7kEryVW7eXLhCCfW0XD+7OltxgJ+GQITO7l7USSsmTNTs9kagems0kchm49plX hfMA== X-Gm-Message-State: ANoB5pnM3b+BjsbR7jgDNbObNLMyOCi702TqTq7yzWeGGEBAUI50wS1v QVkFUA6o/ehfsWdVCbKBKhUjvoUelX7IiA58Lls= X-Google-Smtp-Source: AA0mqf6t/Qki2q8nUdyEhihMT8H/gUa44GRQwEMrhjoh+jB2HaPEp5tXYkGMZB4vdNk1qSNEvldhQg== X-Received: by 2002:a17:90a:a60c:b0:213:2e97:5ea4 with SMTP id c12-20020a17090aa60c00b002132e975ea4mr76714511pjq.92.1669904870013; Thu, 01 Dec 2022 06:27:50 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/23] dbus: upgrade 1.14.0 -> 1.14.4 Date: Thu, 1 Dec 2022 04:27:05 -1000 Message-Id: <300216ca357ae58fbe52e49c76832b66f15c6c13.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:27:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174097 From: Xiangyu Chen License-Update: D-Bus changed to dbus. 1.14.4 has contians following CVEs, removing local patches: CVE-2022-42012: 0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch [https://github.com/freedesktop/dbus/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946] CVE-2022-42011: 0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch [https://github.com/freedesktop/dbus/commit/b9e6a7523085a2cfceaffca7ba1ab4251f12a984] CVE-2022-42010: 0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch [https://github.com/freedesktop/dbus/commit/3e53a785dee8d1432156188a2c4260e4cbc78c4d] Signed-off-by: Xiangyu Chen Signed-off-by: Steve Sakoman --- ...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76 ----------- ...idate-Check-brackets-in-signature-ne.patch | 119 ------------------ ...idate-Validate-length-of-arrays-of-f.patch | 61 --------- .../dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} | 10 +- 4 files changed, 4 insertions(+), 262 deletions(-) delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch rename meta/recipes-core/dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} (93%) diff --git a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch deleted file mode 100644 index 47f4f1e0d3..0000000000 --- a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 3fb065b0752db1e298e4ada52cf4adc414f5e946 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Fri, 30 Sep 2022 13:46:31 +0100 -Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed - -When a D-Bus message includes attached file descriptors, the body of the -message contains unsigned 32-bit indexes pointing into an out-of-band -array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to -these indexes as "handles" for the associated fds (not to be confused -with a Windows HANDLE, which is a kernel object). - -The assertion message removed by this commit is arguably correct up to -a point: fd-passing is only reasonable on a local machine, and no known -operating system allows processes of differing endianness even on a -multi-endian ARM or PowerPC CPU, so it makes little sense for the sender -to specify a byte-order that differs from the byte-order of the recipient. - -However, this doesn't account for the fact that a malicious sender -doesn't have to restrict itself to only doing things that make sense. -On a system with untrusted local users, a message sender could crash -the system dbus-daemon (a denial of service) by sending a message in -the opposite endianness that contains handles to file descriptors. - -Before this commit, if assertions are enabled, attempting to byteswap -a fd index would cleanly crash the message recipient with an assertion -failure. If assertions are disabled, attempting to byteswap a fd index -would silently do nothing without advancing the pointer p, causing the -message's type and the pointer into its contents to go out of sync, which -can result in a subsequent crash (the crash demonstrated by fuzzing was -a use-after-free, but other failure modes might be possible). - -In principle we could resolve this by rejecting wrong-endianness messages -from a local sender, but it's actually simpler and less code to treat -wrong-endianness messages as valid and byteswap them. - -Thanks: Evgeny Vereshchagin -Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds" -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 -Resolves: CVE-2022-42012 - -Upstream-Status: Backport from [https://gitlab.freedesktop.org/dbus/dbus/-/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946] - -Signed-off-by: Simon McVittie -(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44) -Signed-off-by: Xiangyu Chen ---- - dbus/dbus-marshal-byteswap.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c -index 27695aaf..7104e9c6 100644 ---- a/dbus/dbus-marshal-byteswap.c -+++ b/dbus/dbus-marshal-byteswap.c -@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader, - case DBUS_TYPE_BOOLEAN: - case DBUS_TYPE_INT32: - case DBUS_TYPE_UINT32: -+ case DBUS_TYPE_UNIX_FD: - { - p = _DBUS_ALIGN_ADDRESS (p, 4); - *((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p)); -@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader, - } - break; - -- case DBUS_TYPE_UNIX_FD: -- /* fds can only be passed on a local machine, so byte order must always match */ -- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense"); -- break; -- - default: - _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature"); - break; --- -2.34.1 - diff --git a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch deleted file mode 100644 index f2e14fb8d5..0000000000 --- a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 3e53a785dee8d1432156188a2c4260e4cbc78c4d Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Tue, 13 Sep 2022 15:10:22 +0100 -Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest - correctly - -In debug builds with assertions enabled, a signature with incorrectly -nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result -in an assertion failure. - -In production builds without assertions enabled, a signature with -incorrectly nested `()` and `{}` could potentially result in a crash -or incorrect message parsing, although we do not have a concrete example -of either of these failure modes. - -Thanks: Evgeny Vereshchagin -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 -Resolves: CVE-2022-42010 - -Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/3e53a785dee8d1432156188a2c4260e4cbc78c4d] - -Signed-off-by: Simon McVittie -(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916) -Signed-off-by: Xiangyu Chen ---- - dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++- - 1 file changed, 37 insertions(+), 1 deletion(-) - -diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c -index 4d492f3f..ae68414d 100644 ---- a/dbus/dbus-marshal-validate.c -+++ b/dbus/dbus-marshal-validate.c -@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - - int element_count; - DBusList *element_count_stack; -+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' }; -+ char last_bracket; - - result = DBUS_VALID; - element_count_stack = NULL; -@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - - while (p != end) - { -+ _dbus_assert (struct_depth + dict_entry_depth >= 0); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0'); -+ - switch (*p) - { - case DBUS_TYPE_BYTE: -@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0'); -+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR; - break; - - case DBUS_STRUCT_END_CHAR: -@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1]; -+ -+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR) -+ { -+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED; -+ goto out; -+ } -+ - _dbus_list_pop_last (&element_count_stack); - - struct_depth -= 1; -+ opened_brackets[struct_depth + dict_entry_depth] = '\0'; - break; - - case DBUS_DICT_ENTRY_BEGIN_CHAR: -@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0'); -+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR; - break; - - case DBUS_DICT_ENTRY_END_CHAR: -@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED; - goto out; - } -- -+ -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1]; -+ -+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR) -+ { -+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED; -+ goto out; -+ } -+ - dict_entry_depth -= 1; -+ opened_brackets[struct_depth + dict_entry_depth] = '\0'; - - element_count = - _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack)); --- -2.34.1 - diff --git a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch deleted file mode 100644 index f953326f78..0000000000 --- a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch +++ /dev/null @@ -1,61 +0,0 @@ -From b9e6a7523085a2cfceaffca7ba1ab4251f12a984 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Mon, 12 Sep 2022 13:14:18 +0100 -Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of - fixed-length items - -This fast-path previously did not check that the array was made up -of an integer number of items. This could lead to assertion failures -and out-of-bounds accesses during subsequent message processing (which -assumes that the message has already been validated), particularly after -the addition of _dbus_header_remove_unknown_fields(), which makes it -more likely that dbus-daemon will apply non-trivial edits to messages. - -Thanks: Evgeny Vereshchagin -Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays" -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 -Resolves: CVE-2022-42011 - -Upstream-Status: Backport from -[https://gitlab.freedesktop.org/dbus/dbus/-/commit/b9e6a7523085a2cfceaffca7ba1ab4251f12a984] - -Signed-off-by: Simon McVittie -(cherry picked from commit 079bbf16186e87fb0157adf8951f19864bc2ed69) -Signed-off-by: Xiangyu Chen ---- - dbus/dbus-marshal-validate.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c -index ae68414d..7d0d6cf7 100644 ---- a/dbus/dbus-marshal-validate.c -+++ b/dbus/dbus-marshal-validate.c -@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader, - */ - if (dbus_type_is_fixed (array_elem_type)) - { -+ /* Note that fixed-size types all have sizes equal to -+ * their alignments, so this is really the item size. */ -+ alignment = _dbus_type_get_alignment (array_elem_type); -+ _dbus_assert (alignment == 1 || alignment == 2 || -+ alignment == 4 || alignment == 8); -+ -+ /* Because the alignment is a power of 2, this is -+ * equivalent to: (claimed_len % alignment) != 0, -+ * but avoids slower integer division */ -+ if ((claimed_len & (alignment - 1)) != 0) -+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT; -+ - /* bools need to be handled differently, because they can - * have an invalid value - */ - if (array_elem_type == DBUS_TYPE_BOOLEAN) - { - dbus_uint32_t v; -- alignment = _dbus_type_get_alignment (array_elem_type); - - while (p < array_end) - { --- -2.34.1 - diff --git a/meta/recipes-core/dbus/dbus_1.14.0.bb b/meta/recipes-core/dbus/dbus_1.14.4.bb similarity index 93% rename from meta/recipes-core/dbus/dbus_1.14.0.bb rename to meta/recipes-core/dbus/dbus_1.14.4.bb index 484629e987..9684f0c6e2 100644 --- a/meta/recipes-core/dbus/dbus_1.14.0.bb +++ b/meta/recipes-core/dbus/dbus_1.14.4.bb @@ -6,19 +6,17 @@ SECTION = "base" inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome LICENSE = "AFL-2.1 | GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8" +LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \ + file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8 \ + " SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \ file://run-ptest \ file://tmpdir.patch \ file://dbus-1.init \ - file://0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch \ - file://0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch \ - file://0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch \ " -SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4" +SRC_URI[sha256sum] = "7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e" EXTRA_OECONF = "--disable-xml-docs \ --disable-doxygen-docs \ From patchwork Thu Dec 1 14:27:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16276 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B863C4321E for ; Thu, 1 Dec 2022 14:28:02 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web10.44780.1669904873261942798 for ; Thu, 01 Dec 2022 06:27:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Sgtcbd1e; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id p24so1804956plw.1 for ; Thu, 01 Dec 2022 06:27:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sajttHUzmY0+OTCLZfv3P99spazkV/aABlMhMq41SGU=; b=Sgtcbd1e4yk1XF0HYUt4CF4w2IrVGdLvIpQM2rHF6feiVIiNOzmst49Uq680F5Qd+k IoEryhJbU12kUpZrPpoOkWp8KJaBhViumTEOVhgScYIP9WmGvgHd4woDuYJ6qlOMPAym 3gZhQrzkjTLoeMUOHH0m/u5JLvCzDIyntkxBkrqQ9hwZPigif3Rd/oG2ujwjbREuP1A/ cibDDXF5wTUFpKy7nzu5gECUXifZ/z/TfijDcwmLQpnQUo+uZ1gBWvfIQzs+7+6GHeVZ pY05WmUnqvnmYCfffZc7ryraWKK8K+zWi/tRpSmX8eirCKsPF7rgph3o6ICEikH3LFpF 342g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sajttHUzmY0+OTCLZfv3P99spazkV/aABlMhMq41SGU=; b=rtDHsoIvhNWeHCG0j2vQ7Q3DT5em2LniQb/aQ5wuaQHPQ2178517hAkBqWy+fOlacp lT5eNr+SWPmixu+QEyVaYJeK4FdTOy7ZSIDUnLu8PFsNFBhwYuG8yGTkBOsMouEpH1jm 2KfUXA5jab+RmjVjbfKotkKn2uZ9nDngeSiS1oK6yisZs9XjONV91fLZs+Eo6vbKNchH +82KNO+KahfSccZY7p7hrWhr4oG2mzm+0I1XhZqSEDntLpMTJ5YwXglUOunbTYpNsQ7O jSwjwrgncKUqq6ZYT5XEZInIGVXObtF6fyWfkQmIqtaKTuOeFJYDNNzidWrNrhncB94Q NpGg== X-Gm-Message-State: ANoB5pllozcSo6VTKgFqINIuuHqeZQIzDq97MZ+ptlPH7Pf7PUDU3F1i GPssQJ5u6n14miOUP/V/53iyX5yl/QXt858bM3g= X-Google-Smtp-Source: AA0mqf6MjgdydtPLG7QzFlH2TwEsdIxhlLNRE1UJS7GuSeu3nR6ODAvsYoEYL+X7MLSZpepdTFEgng== X-Received: by 2002:a17:902:f243:b0:189:8141:f0e5 with SMTP id j3-20020a170902f24300b001898141f0e5mr23927633plc.129.1669904872121; Thu, 01 Dec 2022 06:27:52 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/23] linux-yocto/5.15: update to v5.15.74 Date: Thu, 1 Dec 2022 04:27:06 -1000 Message-Id: <6a53f59d89a0a02c95861b9e9ed98b39fae14f28.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174098 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: a3f2f5ac9d61 Linux 5.15.74 de124365a7d2 wifi: mac80211: fix MBSSID parsing use-after-free 7d998f6b7365 mac80211: fix memory leaks with element parsing fee48f3bdd75 mac80211: always allocate struct ieee802_11_elems 630060f11756 mac80211: mlme: find auth challenge directly 21df3a583e8e mac80211: move CRC into struct ieee802_11_elems 864f2d3482f4 mac80211: mesh: clean up rx_bcn_presp API e5ebcbb4f967 misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic cb9defecf381 misc: pci_endpoint_test: Aggregate params checking for xfer 2c657a0cbd48 Input: xpad - fix wireless 360 controller breaking after suspend db4db28fccb4 Input: xpad - add supported devices as contributed on github d15bb1f6dabe wifi: cfg80211: update hidden BSSes to avoid WARN_ON 93a3a3255407 wifi: mac80211: fix crash in beacon protection for P2P-device fff244e9171b wifi: mac80211_hwsim: avoid mac80211 warning on bad rate 0a8ee682e4f9 wifi: cfg80211: avoid nontransmitted BSS list corruption bfe29873454f wifi: cfg80211: fix BSS refcounting bugs 9e99ca59ed39 wifi: cfg80211: ensure length byte is present before access 0a861bd25dad wifi: cfg80211/mac80211: reject bad MBSSID elements 9a8ef2030510 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() 398e30b67092 random: use expired timer rather than wq for mixing fast pool 984faa6fc759 random: avoid reading two cache lines on irq randomness a937c59863d7 Revert "crypto: qat - reduce size of mapped region" 0e3ff69ee691 Revert "powerpc/rtas: Implement reentrant rtas call" e0295c43166b USB: serial: qcserial: add new usb-id for Dell branded EM7455 76efb4897bc3 scsi: stex: Properly zero out the passthrough command structure 5fbbe7e98e9b efi: Correct Macmini DMI match in uefi cert quirk 8754dc846d03 ALSA: hda: Fix position reporting on Poulsbo 14f143fb4268 random: clamp credited irq bits to maximum mixed be53fa6cf667 random: restore O_NONBLOCK support 2f96da3fd18f ceph: don't truncate file in atomic_open c0c3d3d3ea41 nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure 44b1ee304bac nilfs2: fix leak of nilfs_root in case of writer thread creation failure cb602c2b654e nilfs2: fix use-after-free bug of struct nilfs_root 1e512c65b4ad nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() 17aac9b7af2b Linux 5.15.73 f7b16f51753a Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5" d8b1b64a070e rpmsg: qcom: glink: replace strncpy() with strscpy_pad() d58eb80b723d USB: serial: ftdi_sio: fix 300 bps rate for SIO 5ff80339cdc3 usb: mon: make mmapped memory read only 278fefd29eea net/mlx5: Disable irq when locking lag_lock 54f382d4b7f8 wifi: cfg80211: fix MCS divisor value 0fa249414a6f mm/huge_memory: use pfn_to_online_page() in split_huge_pages_all() f1d6894159fc mm/huge_memory: minor cleanup for split_huge_pages_all 7190afd4cd5f perf parse-events: Identify broken modifiers f6f740f6ca3b mmc: core: Terminate infinite loop in SD-UHS voltage switch 9635e05e015a mmc: core: Replace with already defined values for readability f2af62d909ad drm/amd/display: skip audio setup when audio stream is enabled d444cfe6d047 drm/amd/display: update gamut remap if plane has changed 4afcb53474ae drm/amd/display: Assume an LTTPR is always present on fixed_vs links 5e76ff629a20 drm/amd/display: Fix double cursor on non-video RGB MPO e6590139ffa3 net: atlantic: fix potential memory leak in aq_ndev_close() 005e368a61bc arch: um: Mark the stack non-executable to fix a binutils warning 5f85191bedba um: Cleanup compiler warning in arch/x86/um/tls_32.c 6827af886be8 um: Cleanup syscall_handler_t cast in syscalls_32.h f386b373e9f7 ALSA: hda/hdmi: Fix the converter reuse for the silent stream a36b2dc5c0da net: marvell: prestera: add support for for Aldrin2 d2588ba1a338 net/ieee802154: fix uninit value bug in dgram_sendmsg 1030659dac4e scsi: qedf: Fix a UAF bug in __qedf_probe() f7126aa3624c ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer 968299cd58b7 dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure 17f55255af4c dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property b2f275550136 dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling fd425b89d040 firmware: arm_scmi: Add SCMI PM driver remove routine e092fc3a2892 firmware: arm_scmi: Harden accesses to the sensor domains 9f81dbb934fb firmware: arm_scmi: Improve checks in the info_get operations 64b79e632869 fs: fix UAF/GPF bug in nilfs_mdt_destroy 31bdba07f6b2 powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush 46c22e7b094f mm: gup: fix the fast GUP race against THP collapse 88ccea0a4458 xsk: Inherit need_wakeup flag for shared sockets f07fbefcea5b docs: update mediator information in CoC docs cf26ddb96b4f Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Signed-off-by: Bruce Ashfield Signed-off-by: Alexandre Belloni (cherry picked from commit e4d9e5bb39700022cd428bb922a329101fc0f1b0) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index e573b27c9c..414f7abbc5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "47b86b149db08838964584baec1b913c5d67c060" -SRCREV_meta ?= "c6aba7f07aae15d63bccf5b072a6e70602c2bcef" +SRCREV_machine ?= "cf39c84e1a884fcd4802640d20142bb506e9d3d0" +SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.72" +LINUX_VERSION ?= "5.15.74" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 693750860d..3b85967ca2 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.72" +LINUX_VERSION ?= "5.15.74" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "34404e5be3791dac897da77afa6c7fa00c993f78" -SRCREV_meta ?= "c6aba7f07aae15d63bccf5b072a6e70602c2bcef" +SRCREV_machine ?= "61a508a44ed255900245d81ebe11bb5916e3145c" +SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 792cf41a53..99b5c054f3 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "84a35b23cf4c520894d0d1b91628eb019dc7901a" -SRCREV_machine:qemuarm64 ?= "e939c4ebc789805c00a36eaf4a190df6f8f51470" -SRCREV_machine:qemumips ?= "1adf4e5b574a5d23b4724766890ea74101d04abd" -SRCREV_machine:qemuppc ?= "7220def162c7b2d3b4f1c6c86de0ecc19ade7d5f" -SRCREV_machine:qemuriscv64 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" -SRCREV_machine:qemuriscv32 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" -SRCREV_machine:qemux86 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" -SRCREV_machine:qemux86-64 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" -SRCREV_machine:qemumips64 ?= "3840e1613b7fe9cc68e9cdfcaf7afa5e14fa8344" -SRCREV_machine ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c" -SRCREV_meta ?= "c6aba7f07aae15d63bccf5b072a6e70602c2bcef" +SRCREV_machine:qemuarm ?= "af0268ca8969a472d1263e83b0a78f00834b700e" +SRCREV_machine:qemuarm64 ?= "08b455a0e020e52340bde98e4942eaf43eb12554" +SRCREV_machine:qemumips ?= "6f7b375ea6a2736168056e6133d01aaea592e696" +SRCREV_machine:qemuppc ?= "73b9bd277094cae3d4b39b24f79f6e29b7518fc6" +SRCREV_machine:qemuriscv64 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" +SRCREV_machine:qemuriscv32 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" +SRCREV_machine:qemux86 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" +SRCREV_machine:qemux86-64 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" +SRCREV_machine:qemumips64 ?= "33e8f888ab9242ea807b722c0982e871edc3339f" +SRCREV_machine ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" +SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "c68173b2012b8eba332cf9832f0ad23427d795b5" +SRCREV_machine:class-devupstream ?= "a3f2f5ac9d61e973e383f17a95cf2aa384e2d0c4" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.72" +LINUX_VERSION ?= "5.15.74" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Dec 1 14:27:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16278 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72970C4708E for ; Thu, 1 Dec 2022 14:28:02 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.44784.1669904876089724639 for ; Thu, 01 Dec 2022 06:27:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=P/urnKp5; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id h28so1996466pfq.9 for ; Thu, 01 Dec 2022 06:27:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gd9BTYzzkNC/Fka9e2Ugn8LseXA4ZRg6xplJUEA5zxM=; b=P/urnKp5ok5w8aj/bvOxQQB00uFfj8DFNAr6YeQG8WBdWr/BUG9Vv9YxSZ6KM/MGKX imHxH3XfmrjS4MQM2XiAbPEMX4boijj4pgmGpsdlUygMURK7niVWx1HDyVaxKQJ5j+Z0 KRwB4xZYdoMh6NZOPrp1E+qVMCWMrJ/w/1FMIvvrISwvJTsYMjboxINcw6rxR2/oiQ8+ 2WdHYaXOwRe5I52E0b0qreNyxL10fp31vU4RfFXv41L3jFVRqKztoA55t5IcUsrpKXy3 9SXhkPKWzJWOt6ImvKr6gHh2lFE6dB78ab3OHXQwQEBDqNa74qWGqjADqI3N1QpOexrO 0RVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gd9BTYzzkNC/Fka9e2Ugn8LseXA4ZRg6xplJUEA5zxM=; b=tfuAKUEI4TDRkHTP9fUOsqXj8Qk+tc0XVq2TGHlbTTLWqVIhsXrhoY88LiqVPSNsDS r+Zi9MzL4EdCCEeTU06PUY7XHZTBOOf//J6+8qz71Yeid9hIk3yD1F6TCn5m/MrVUaKa L3WChzUAPGE8tHv58/2XyNOFS0M+IE6k+tw+QkSGhmUqjE+FahI34Iuhu/6o4uQjCtJL qWXAH8T8zzenXJmHpZy76CfDgIxY83u4wU0bUAwXLJsZZuHM+9xjOoKxGt4g/HtY0GEB Nm3j1RMlOesM4xnf5TTvOY+8J5eLGWuwiOYDfuNrbR0KMhfOpBL7Hz/vWSiVv+OL8Hja rx/w== X-Gm-Message-State: ANoB5pncJae04jMkVqYv0MV8zSVhJLvn56FKK3NAr5EAhakn5Y8sXGse Qj8sLR2v6JxT1m9xsAYckgr1QiOISqVKQP6d7NU= X-Google-Smtp-Source: AA0mqf5O3+pUHr6FhEDzE6HK2IQsOk5cTM2geARbRHnKEMKGGRbs9i8fPNIMGoDXQikpK9t9w5tsxg== X-Received: by 2002:aa7:9696:0:b0:574:aa0b:bdc3 with SMTP id f22-20020aa79696000000b00574aa0bbdc3mr33530757pfk.18.1669904874190; Thu, 01 Dec 2022 06:27:54 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:53 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/23] linux-yocto/5.15: update to v5.15.76 Date: Thu, 1 Dec 2022 04:27:07 -1000 Message-Id: <3660f67312ae8a320ba0c66b01e419e5957a36e7.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174099 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 4f5365f77018 Linux 5.15.76 33fc9e26b7cb mm: /proc/pid/smaps_rollup: fix no vma's null-deref b9d8cbe90a0f mmc: core: Add SD card quirk for broken discard 0ee2f0567a56 Makefile.debug: re-enable debug info for .S files 117825e9bbb1 x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB 0983205085fa ACPI: video: Force backlight native for more TongFang devices 289b56715ba6 perf: Skip and warn on unknown format 'configN' attrs 9d912a385368 mmc: sdhci-tegra: Use actual clock rate for SW tuning correction 7aeda81191fd tracing: Do not free snapshot if tracer is on cmdline 57252e7bd491 tracing: Simplify conditional compilation code in tracing_set_tracer() 20bc6d23f7f6 ksmbd: fix incorrect handling of iterate_dir 3c8cfcaa2d9a ksmbd: handle smb2 query dir request for OutputBufferLength that is too small 8754fa5dbc6e arm64: mte: move register initialization to C ea7be82fd7e1 fs: dlm: fix invalid derefence of sb_lvbptr 0365d6af75f9 iommu/vt-d: Clean up si_domain in the init_dmars() error path 5c95d0c9d0eb iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() 209740fd132e net: phy: dp83822: disable MDI crossover status change interrupt ce1234573d18 net: sched: fix race condition in qdisc_graft() 91f8f5342bee net: hns: fix possible memory leak in hnae_ae_register() 50c31fa95230 wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() d2fc83a6b55e sfc: include vport_id in filter spec hash and equal() c2e1e59d59fa net: sched: sfb: fix null pointer access issue when sfb_init() fails 34f2a4eedc8e net: sched: delete duplicate cleanup of backlog and qlen 154f4c06d9db net: sched: cake: fix null pointer access issue when cake_init() fails 5efed7578dd4 nvmet: fix workqueue MEM_RECLAIM flushing dependency 2f2b84b02088 nvme-hwmon: kmalloc the NVME SMART log buffer 66c56b232839 nvme-hwmon: consistently ignore errors from nvme_hwmon_init d77f6908f9ce netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements efa9dd7e679e ionic: catch NULL pointer issue on reconfig 35ece858660e net: hsr: avoid possible NULL deref in skb_clone() e326df21da25 dm: remove unnecessary assignment statement in alloc_dev() 847301f0ee1c cifs: Fix xid leak in cifs_ses_add_channel() 8905d13b9ede cifs: Fix xid leak in cifs_flock() 27cfd3afaab0 cifs: Fix xid leak in cifs_copy_file_range() 593d877c39aa cifs: Fix xid leak in cifs_create() a8df9d0428c7 udp: Update reuse->has_conns under reuseport_lock. 9749595feb33 scsi: lpfc: Fix memory leak in lpfc_create_port() b9122e0e0ea8 net: phylink: add mac_managed_pm in phylink_config structure 412db9b06d3c net: phy: dp83867: Extend RX strap quirk for SGMII mode 5ce613051994 net/atm: fix proc_mpc_write incorrect return value 0eb17faedce7 sfc: Change VF mac via PF as first preference if available. 0f58940ca3c1 HID: magicmouse: Do not set BTN_MOUSE on double report 94a171c982b8 i40e: Fix DMA mappings leak dbc01c0a4e20 tipc: fix an information leak in tipc_topsrv_kern_subscr b294cad6f02e tipc: Fix recognition of trial period 6161c364e378 ACPI: extlog: Handle multiple records 40e5fceddfd5 drm/vc4: Add module dependency on hdmi-codec 6c5041a10324 btrfs: fix processing of delayed tree block refs during backref walking af67578d565c btrfs: fix processing of delayed data refs during backref walking c439cafce8cf x86/topology: Fix duplicated core ID within a package d31f4bc22596 x86/topology: Fix multiple packages shown on a single-package system fcc96e89b3ff media: venus: dec: Handle the case where find_format fails b22b4823a0a5 media: mceusb: set timeout to at least timeout provided 5265cc1202a3 media: ipu3-imgu: Fix NULL pointer dereference in active selection access 1e4e71f9e197 KVM: arm64: vgic: Fix exit condition in scan_its_table() 5bf2fda26a72 kvm: Add support for arch compat vm ioctls 112a005d1ded mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages 2d508b4e6536 drm/amdgpu: fix sdma doorbell init ordering on APUs b5606e3ab1f7 cpufreq: qcom: fix memory leak in error path d866f5982c15 x86/resctrl: Fix min_cbm_bits for AMD 8fbe13de1cc7 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS 5d6a037b3a94 ata: ahci-imx: Fix MODULE_ALIAS 30cf0dee372b hwmon/coretemp: Handle large core ID value 2f7171465f26 x86/microcode/AMD: Apply the patch early on every logical thread 93d7e2b47a72 i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter 14d260f94ff8 cpufreq: qcom: fix writes in read-only memory region 3006766d247b selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() 1b31cb0065e2 ocfs2: fix BUG when iput after ocfs2_mknod fails e469db818ec9 ocfs2: clear dinode links count in case of error ded9d535be0d btrfs: enhance unsupported compat RO flags handling 537412c54712 perf/x86/intel/pt: Relax address filter validation 8ddc58e0e312 arm64: errata: Remove AES hwcap for COMPAT tasks 738515cf8bb4 usb: gadget: uvc: improve sg exit condition db11d8c72a5d usb: gadget: uvc: giveback vb2 buffer on req complete aee340dccf5a usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer 2f54ce7392d7 usb: gadget: uvc: use on returned header len in video_encode_isoc_sg d80db2f1450c usb: gadget: uvc: consistently use define for headerlen f9681a67503e arm64/mm: Consolidate TCR_EL1 fields 5b20aacff7ad r8152: add PID for the Lenovo OneLink+ Dock bd8a595958a5 Linux 5.15.75 b6e2c54be37d io-wq: Fix memory leak in worker creation 7c359e28492f gcov: support GCC 12.1 and newer compilers 8418c1672c1f thermal: intel_powerclamp: Use first online CPU as control_cpu 55c824b62067 ext4: continue to expand file system when the target size doesn't reach 0e63de6d7e4c lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 84cd0b20fada Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT 371aaf6b48f5 Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 e1591557e3a0 drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n 34f31a2b6679 net/ieee802154: don't warn zero-sized raw_sendmsg() de904d0fe1cb Revert "net/ieee802154: reject zero-sized raw_sendmsg()" 9c65eef9d6c9 net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses d7eadffce032 blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() 28787ff9fbea ALSA: usb-audio: Fix last interface check for registration b8989e95d74e net: ieee802154: return -EINVAL for unknown addr type 0db2efb3bff8 mm: hugetlb: fix UAF in hugetlb_handle_userfault 98aada6e2278 io_uring/rw: fix unexpected link breakage d6b7efc722a2 io_uring/rw: fix error'ed retry return values e857457c6f90 io_uring/rw: fix short rw error handling cd148d4e3183 io_uring: correct pinned_vm accounting 813d8fe5d303 io_uring/af_unix: defer registered files gc to io_uring release c69a2324fc6b perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc e81bf40b280b clk: bcm2835: Round UART input clock up da17cbb229af clk: bcm2835: Make peripheral PLLC critical 20b8c456df58 usb: idmouse: fix an uninit-value in idmouse_open ec8adf767e1c nvmet-tcp: add bounds check on Transfer Tag 1c6432884010 nvme: copy firmware_rev on each init b9b5560b342e ext2: Use kvmalloc() for group descriptor array 8c067a3051cd scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled 39bef9c6a91b staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() b4573a2bad3c staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() eb24d93e3e01 Revert "usb: storage: Add quirk for Samsung Fit flash" 3a38985d8bfd usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug 9d4f84a15f9c arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes 3c84c7f592c4 usb: musb: Fix musb_gadget.c rxstate overflow bug fcd594da0b59 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() 9e86dffd0b02 md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d f8e80792c1a8 eventfd: guard wake_up in eventfd fs calls as well c61786dc727d HID: roccat: Fix use-after-free in roccat_read() f7f425d61de9 soundwire: intel: fix error handling on dai registration issues 093a5463aeec soundwire: cadence: Don't overwrite msg->buf during write commands 1b4ed920b2ff bcache: fix set_at_max_writeback_rate() for multiple attached devices eecb5ccc84a1 ata: libahci_platform: Sanity check the DT child nodes number 70b2adb1d698 blk-throttle: prevent overflow while calculating wait time ff8551d411f1 staging: vt6655: fix potential memory leak 7c8bc374659d power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() 3d6946180734 iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity c0d73be0af8c nbd: Fix hung when signal interrupts nbd_start_device_ioctl() 9d54de866062 scsi: 3w-9xxx: Avoid disabling device if failing to enable it d68da10b0cce dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow 518a2a1cc361 usb: host: xhci-plat: suspend/resume clks for brcm f002aa7c0ac5 usb: host: xhci-plat: suspend and resume clocks 6bcd745c87a0 clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate 5c32cbf6ccea media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc 6f21976095c1 media: cx88: Fix a null-ptr-deref bug in buffer_prepare() 0a07b13af04d clk: zynqmp: Fix stack-out-of-bounds in strncpy` 3680442cbaee ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n 4a89c0befca7 btrfs: don't print information about space cache or tree every remount 39a07058c762 btrfs: scrub: try to fix super block errors f3857dd7c03a btrfs: dump extra info if one free space cache has more bitmaps than it should d3c6d5be46de arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply 82046b6a84e0 kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT 35365417333d ARM: dts: imx6sx: add missing properties for sram 602813650cbc ARM: dts: imx6sll: add missing properties for sram 6a12e1e23cb1 ARM: dts: imx6sl: add missing properties for sram 8c24dc621bb7 ARM: dts: imx6qp: add missing properties for sram 47666b9a11a1 ARM: dts: imx6dl: add missing properties for sram 19fe40c5185d ARM: dts: imx6q: add missing properties for sram 9361ba779152 ARM: dts: imx7d-sdb: config the max pressure for tsc2046 0f90671ff93f drm/amd/display: Remove interface for periodic interrupt 1 88fd06740659 drm/dp: Don't rewrite link config when setting phy test pattern 668806a8268b mmc: sdhci-msm: add compatible string check for sdm670 587c7da87721 drm/meson: explicitly remove aggregate driver at module unload time d76ff04a72f9 drm/meson: reorder driver deinit sequence to fix use-after-free bug d894db35617f drm/amdgpu: fix initial connector audio value e3675f688d3b ASoC: SOF: pci: Change DMI match info to support all Chrome platforms f16e1b7b3968 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading 39da49ffa2f3 platform/chrome: cros_ec: Notify the PM of wake events during resume 74636047845c drm: panel-orientation-quirks: Add quirk for Anbernic Win600 2810061452f9 drm/vc4: vec: Fix timings for VEC modes 0506c4eae9a9 ALSA: usb-audio: Register card at the last interface 39d7a81bbb7a drm: bridge: dw_hdmi: only trigger hotplug event on link change dfbed8c92eb8 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails a47d92c74b1e drm/amd/display: fix overflow on MIN_I64 definition a29f7427041a gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() 5ff7bec678ca drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook ca163e389f0a drm: Prevent drm_copy_field() to attempt copying a NULL pointer df5ac9392648 drm: Use size_t type for len variable in drm_copy_field() 5ab84b1596b2 drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() b3179865cf7e r8152: Rate limit overflow messages d1e894f950ad Bluetooth: L2CAP: Fix user-after-free 124b7c773271 net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory 5b94d48898d9 hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms a269c3e39087 wifi: rt2x00: correctly set BBP register 86 for MT7620 b5e6ada5a5d6 wifi: rt2x00: set SoC wmac clock register 357c89074ae6 wifi: rt2x00: set VGC gain for both chains of MT7620 92e2e04da567 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 4304b8e07579 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 4a5eab200e43 can: bcm: check the result of can_send() in bcm_can_tx() 3423a50fa018 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times 3ac837cef1fb Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() af46b2b9b096 wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value e33da263e965 regulator: core: Prevent integer underflow d58c8781c0d7 Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk 232d59eca07f wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() 37f15edba22d iavf: Fix race between iavf_close and iavf_reset_task 03155680191e xfrm: Update ipcomp_scratches with NULL when freed 716c526d666d thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround b1b4144508ad wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() 839f563c5dc5 x86/mce: Retrieve poison range from hardware 1663629bc3ff tcp: annotate data-race around tcp_md5sig_pool_populated 7b03296b4f7a openvswitch: Fix overreporting of drops in dropwatch ffd7a1dcae9a openvswitch: Fix double reporting of drops in dropwatch d449d00a8dce net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 624f03a027f2 ice: set tx_tstamps when creating new Tx rings via ethtool 2e52d858de3a bpftool: Clear errno after libcap's checks 75995ce1c926 wifi: brcmfmac: fix invalid address access when enabling SCAN log level 83b94969751a NFSD: fix use-after-free on source server when doing inter-server copy 118dc74b2bc0 NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data 066b1302f2a9 x86/entry: Work around Clang __bdos() bug 06c56c9d5da8 ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable 6733222f2cc9 ARM: decompressor: Include .data.rel.ro.local 561490843445 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash 139bbbd01114 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue a1387ae83e97 MIPS: BCM47XX: Cast memcmp() of function to (void *) c2790fede920 cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode 30eca146c89d ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address 5374638222d0 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk 7ed95b080334 rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() cf38a05eb1d0 rcu: Back off upon fill_page_cache_func() allocation failure 3e2d8b89f031 rcu: Avoid triggering strict-GP irq-work when RCU is idle 27d3e646dd83 fs: dlm: fix race in lowcomms b6b87460f4eb selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle 497d736784e5 f2fs: fix to account FS_CP_DATA_IO correctly fb1dcc2a9e4b f2fs: fix race condition on setting FI_NO_EXTENT flag 6ddbd411a00a ACPI: APEI: do not add task_work to kernel thread to avoid memory leak 21f1ba52b88c thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id 172c8a24fc83 crypto: cavium - prevent integer overflow loading firmware 12acfa1059ad crypto: marvell/octeontx - prevent integer overflows c963ce2fa05d kbuild: rpm-pkg: fix breakage when V=1 is used 059ce6b68b76 kbuild: remove the target in signal traps when interrupted 1e9c23db31b6 tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads 84795de93e1f tracing: kprobe: Make gen test module work in arm and riscv 867fce09aa20 tracing: kprobe: Fix kprobe event gen test module on exit a9990f24adfe iommu/iova: Fix module config properly f0cac6cc02a9 cifs: return correct error in ->calc_signature() 1f1ab76e2515 crypto: qat - fix DMA transfer direction 393307b99aac crypto: inside-secure - Change swab to swab32 93538944ab0b crypto: ccp - Release dma channels before dmaengine unrgister 779a9930f3e1 crypto: akcipher - default implementation for setting a private key 0c7043a5b5c3 iommu/omap: Fix buffer overflow in debugfs 046803b74d51 cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset 771d8aa02dac crypto: hisilicon/qm - fix missing put dfx access 9bf3ec61a246 crypto: qat - fix default value of WDT timer 3bfc220e5ce3 hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() 507128a0e32d cgroup: Honor caller's cgroup NS when resolving path 8ffe511b7de7 hwrng: arm-smccc-trng - fix NO_ENTROPY handling 272093471305 crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr e0b4ebf59834 crypto: sahara - don't sleep when in softirq 8484023b5763 powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL 7f536a8cb62d powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() 1f98f8f43541 powerpc: Fix SPE Power ISA properties for e500v1 platforms 72c5b7110fba powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 399afe92f640 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition 592b302d8bf6 powerpc: Fix fallocate and fadvise64_64 compat parameter combination 61af84b3db81 powerpc/powernv: add missing of_node_put() in opal_export_attrs() 5be9cb6c06fa powerpc/pci_dn: Add missing of_node_put() 5a13d3f1af1c powerpc/sysdev/fsl_msi: Add missing of_node_put() b0c0490b3c57 powerpc/math_emu/efp: Include module.h 93379dc92de0 powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig 25a4fb0e1a76 mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg b8fcd9ab0f65 mailbox: mpfs: account for mbox offsets while sending ba2264359525 mailbox: mpfs: fix handling of the reg property fad007a315fe clk: ast2600: BCLK comes from EPLL 3441076f83aa clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe 9209e6bab75d clk: imx: scu: fix memleak on platform_device_add() fails bdf72f2d649b clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration e338131e980b clk: baikal-t1: Add SATA internal ref clock buffer 35b766027580 clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent b2db8b2c5391 clk: baikal-t1: Fix invalid xGMAC PTP clock divider 435a8a39c6ae clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD b0bc75fe6775 spmi: pmic-arb: correct duplicate APID to PPID mapping logic faabbb103d60 usb: mtu3: fix failed runtime suspend in host only mode 57f66534a41a dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() 8aa96c5bc393 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent 2dafc5afd9d6 mfd: sm501: Add check for platform_driver_register() d43d93dbd8aa mfd: fsl-imx25: Fix check for platform_get_irq() errors b940bb3c8154 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() 0715005c483e mfd: lp8788: Fix an error handling path in lp8788_probe() aec1f073f91f mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() 53bfc1c3c751 mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() 2f921d62c236 fsi: core: Check error number after calling ida_simple_get 041c79f6aefb RDMA/rxe: Fix resize_finish() in rxe_queue.c 959d4ee095e9 clk: qcom: gcc-sm6115: Override default Alpha PLL regs 8e556f557368 clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical a26b0658751b scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() e87fb1fcf88f scsi: iscsi: Run recv path from workqueue c2af03a7c1b5 scsi: iscsi: Add recv workqueue helpers d6aafc21bef1 scsi: iscsi: Rename iscsi_conn_queue_work() e45a1516d293 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() 6a54f769748b serial: 8250: Fix restoring termios speed after suspend a5dba0933834 firmware: google: Test spinlock on panic path to avoid lockups 60d14575d0ba slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON f19e5b7df545 staging: vt6655: fix some erroneous memory clean-up loops 433c33c554d7 phy: qualcomm: call clk_disable_unprepare in the error handling c4293def8860 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown a91a3c2d8db8 serial: 8250: Toggle IER bits on only after irq has been set up 6be8e565a4a6 drivers: serial: jsm: fix some leaks in probe 1d05df7757f4 usb: gadget: function: fix dangling pnp_string in f_printer.c ed2c66b75280 xhci: Don't show warning for reinit on known broken suspend 4d7d8f5cb284 IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers e221b4f16e9e RDMA/cm: Use SLID in the work completion as the DLID in responder side 7a37c58ee72e md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() b467d9460ec2 md/raid5: Ensure stripe_fill happens on non-read IO with journal 5d8259c9d191 md: Replace snprintf with scnprintf 9e92d5ca5424 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() 058833dbeb8d ata: fix ata_id_has_dipm() dad910a6d4a5 ata: fix ata_id_has_ncq_autosense() 21faddeff7bf ata: fix ata_id_has_devslp() 204cc767dcb5 ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() 5c75d608fad5 RDMA/siw: Fix QP destroy to wait for all references dropped. 308cd50f174c RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. e58a0b9100ba RDMA/srp: Fix srp_abort() dc9e4ef6b072 RDMA/irdma: Align AE id codes to correct flush code and event 84ce1a8e36bb mtd: rawnand: fsl_elbc: Fix none ECC mode be424a7d5374 mtd: rawnand: intel: Remove undocumented compatible string 445395900b64 mtd: rawnand: intel: Read the chip-select line from the correct OF node cbbf9cca47ac phy: phy-mtk-tphy: fix the phy type setting issue e4be7c9495c8 phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() 88263152ff56 mtd: devices: docg3: check the return value of devm_ioremap() in the probe a0e4ac698891 clk: qcom: sm6115: Select QCOM_GDSC aecb632674b7 dyndbg: drop EXPORTed dynamic_debug_exec_queries 0d4421f2cb54 dyndbg: let query-modname override actual module name 0c0d9f38b087 dyndbg: fix module.dyndbg handling 49d85932f7d2 dyndbg: fix static_branch manipulation 7cb9b20941e1 dmaengine: hisilicon: Add multi-thread support for a DMA channel b88630d9aac0 dmaengine: hisilicon: Fix CQ head update e84aeeafe8b3 dmaengine: hisilicon: Disable channels when unregister hisi_dma b94605f5cb99 fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() 11bd8bbdf8f6 misc: ocxl: fix possible refcount leak in afu_ioctl() c23c5e184550 RDMA/rxe: Fix the error caused by qp->sk f2f405af70e6 RDMA/rxe: Fix "kernel NULL pointer dereference" error 2ea7caa96846 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init 23624abbc9c6 media: uvcvideo: Use entity get_cur in uvc_ctrl_set 6c5da92103bd media: uvcvideo: Fix memory leak in uvc_gpio_parse 4e2042f1adc7 media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() aeffca434426 tty: xilinx_uartps: Fix the ignore_status a8d772c7b853 media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop 6225501072d3 HSI: omap_ssi_port: Fix dma_map_sg error check 691f23a8475f HSI: omap_ssi: Fix refcount leak in ssi_probe d6e750535b46 clk: tegra20: Fix refcount leak in tegra20_clock_init e7a57fb92af5 clk: tegra: Fix refcount leak in tegra114_clock_init 417ed4432b1b clk: tegra: Fix refcount leak in tegra210_clock_init ca5f338ef165 clk: sprd: Hold reference returned by of_get_parent() 49343bdf95eb clk: berlin: Add of_node_put() for of_get_parent() 857b719bede4 clk: qoriq: Hold reference returned by of_get_parent() a8cbce0305b2 clk: oxnas: Hold reference returned by of_get_parent() e0001a565c16 clk: meson: Hold reference returned by of_get_parent() e900ec4c4f74 usb: common: debug: Check non-standard control requests c11f48764c8b RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey cd35ad9a7d66 iio: magnetometer: yas530: Change data type of hard_offsets to signed 23fafc2e2cf6 iio: ABI: Fix wrong format of differential capacitance channel ABI. 8169da520e8f iio: inkern: fix return value in devm_of_iio_channel_get_by_name() 504e8807fe5f iio: inkern: only release the device node when done with it b0d4fcc3ecb8 iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume 5db9b840ac88 iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq c5c63736d2a1 iio: adc: at91-sama5d2_adc: check return status for pressure and touch 5f1654a0e520 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX 017cf3b0a628 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen 6c93b683ceda arm64: ftrace: fix module PLTs with mcount bbf64eb10273 ext4: don't run ext4lazyinit for read-only filesystems 7a00a2320752 ARM: Drop CMDLINE_* dependency on ATAGS 2af04fe87ea5 ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family 2134214bc403 arm64: dts: ti: k3-j7200: fix main pinmux range 7247a1d7a46a soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA 4f7892f24281 ia64: export memory_add_physaddr_to_nid to fix cxl build error 2ef01657b2d6 ARM: dts: kirkwood: lsxl: remove first ethernet port bf7caa3c5caf ARM: dts: kirkwood: lsxl: fix serial line 42ce4c73a468 ARM: dts: turris-omnia: Fix mpp26 pin name and comment 96d8f2b43e72 ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus 08ada28d1def soc: qcom: smem_state: Add refcounting for the 'state->of_node' 96e0028debdd soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() a29b6eb959bd locks: fix TOCTOU race when granting write lease 7e053784c4c7 memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() 2680690f9ce4 memory: of: Fix refcount leak bug in of_get_ddr_timings() 566b143aa511 memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() 10df962300c2 ALSA: hda/hdmi: Don't skip notification handling during PM operation cc756b79a5c9 ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe f9cb3bd55726 ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe b7dda65fa875 ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe b2bc9fc56a3e ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe 3c3ef19a8870 mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() b14dc262274b ALSA: dmaengine: increment buffer pointer atomically f5f1f5ee5048 ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() f910aca07625 ASoC: codecs: tx-macro: fix kcontrol put b47a37ad4a44 drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() bdf54d4b0074 drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() 635e7700c5b4 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx 4f859884673d ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API 64545b8a9690 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() 3ba3814c00a4 drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() a5ce83e85d79 drm/omap: dss: Fix refcount leak bugs f5f599daa0bc drm/bochs: fix blanking 928ac9fc1ace ALSA: hda: beep: Simplify keep-power-at-enable behavior fbb88a7c84c1 ASoC: rsnd: Add check for rsnd_mod_power_on 4610e7a4111f drm/bridge: megachips: Fix a null pointer dereference bug 079c550c57ff drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() c12daccc9017 platform/chrome: cros_ec_typec: Correct alt mode index c317d2b8a430 platform/x86: msi-laptop: Fix resource cleanup 0e21d41bc768 platform/x86: msi-laptop: Fix old-ec check for backlight registering 6bc81c1b6313 ASoC: tas2764: Fix mute/unmute e644497c5361 ASoC: tas2764: Drop conflicting set_bias_level power setting 35bd912ed6c0 ASoC: tas2764: Allow mono streams fd1d3b265784 platform/chrome: fix memory corruption in ioctl 27bb672c0437 platform/chrome: fix double-free in chromeos_laptop_prepare() 57dfb855bc9e ASoC: mt6359: fix tests for platform_get_irq() failure 8a475a7732a5 drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() 56d2233cf573 drm/dp_mst: fix drm_dp_dpcd_read return value checks fe6eb3d0c874 drm/bridge: parade-ps8640: Fix regulator supply order 60630834fad3 drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling 26c1b4cfe56f drm/mipi-dsi: Detach devices when removing the host 652042135e08 drm/bridge: Avoid uninitialized variable warning f369fb4deed7 drm: bridge: adv7511: unregister cec i2c device after cec adapter 20609125b8bd drm: bridge: adv7511: fix CEC power down control register offset a624161ebe0c net: mvpp2: fix mvpp2 debugfs leak 7aef5082c56e once: add DO_ONCE_SLOW() for sleepable contexts 77bfd26cbb61 net/ieee802154: reject zero-sized raw_sendmsg() dc4e9cd6d6a6 net: wwan: iosm: Call mutex_init before locking it 0b6516a4e3eb bnx2x: fix potential memory leak in bnx2x_tpa_stop() 30bfa5aa7228 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() f828333ca90f hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller c91b922b4170 spi: Ensure that sg_table won't be used after being freed 49d429760df7 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited 19d636b663e0 sctp: handle the error returned from sctp_auth_asoc_init_active_key 7bfa18b05f38 mISDN: fix use-after-free bugs in l1oip timer handlers 6f1991a940b9 eth: alx: take rtnl_lock on resume e28a4e7f0296 vhost/vsock: Use kvmalloc/kvfree for larger packets. 5dbdd690ed83 wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM 432eecffcf1b spi: s3c64xx: Fix large transfers with DMA 1454a26cb1ab netfilter: nft_fib: Fix for rpath check with VRF devices 7d98b26684cb xfrm: Reinject transport-mode packets through workqueue 397e880acf44 Bluetooth: hci_core: Fix not handling link timeouts propertly 1331d3e1f9b5 i2c: mlxbf: support lock mechanism 9233ab8198d8 skmsg: Schedule psock work if the cached skb exists on the psock 44f1dc2e821d spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe daa5239ea49f spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe 6b941151865e x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype 3c27a1380798 x86/microcode/AMD: Track patch allocation size explicitly 3e2b805a68ab wifi: ath11k: fix number of VHT beamformee spatial streams 5a6827cdc258 netfilter: conntrack: revisit the gc initial rescheduling bias 9c39ca418ba3 netfilter: conntrack: fix the gc rescheduling delay b8917dce2134 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure c087c35292ea bpf: Ensure correct locking around vulnerable function find_vpid() a0f15af17b7d net: fs_enet: Fix wrong check in do_pd_setup ee7c5e814fb2 Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release 57d4f2f8a67b wifi: mt76: mt7915: do not check state before configuring implicit beamform dea9093f24d6 wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload 817e8b75ae06 wifi: mt76: sdio: fix transmitting packet hangs 5dc095a37fbd wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask 9973f78c19f3 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration 5d9222c68022 bpf: btf: fix truncated last_member_type_id in btf_struct_resolve 4ce47c5545d2 spi: meson-spicc: do not rely on busy flag in pow2 clk ops 36c484bac9ed wifi: rtl8xxxu: Fix skb misuse in TX queue selection fefd2269e681 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() e22f6499183d spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() 37005a948677 selftests/xsk: Avoid use-after-free on ctx 69995c64e50e wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() 6f9484e969cb wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() d091771f511d Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend f91e25cfa553 bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy 0e1342510490 bpf: Propagate error from htab_lock_bucket() to userspace 0b00c6130c1a bpf: Disable preemption when increasing per-cpu map_locked 68ab7690332a xsk: Fix backpressure mechanism on Tx 0559a6d96a99 x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register e962e458bf96 spi: mt7621: Fix an error message in mt7621_spi_probe() 0a16bbc8b030 bpftool: Fix a wrong type cast in btf_dumper_int 6e8eadfa9bb1 wifi: mac80211: allow bw change during channel switch in mesh 4ed5155043c9 bpf: Fix reference state management for synchronous callbacks 3d0a101e7139 leds: lm3601x: Don't use mutex after it was destroyed 54a3201f3c1f wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() 714536ff6f6c wifi: rtlwifi: 8192de: correct checking of IQK reload 80a474502ef5 NFSD: Fix handling of oversized NFSv4 COMPOUND requests dc7f225090c2 NFSD: Protect against send buffer overflow in NFSv2 READDIR cedaf73c8bda SUNRPC: Fix svcxdr_init_encode's buflen calculation 6b55707ff8b2 SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation aed881630557 nfsd: Fix a memory leak in an error handling path 5c4b234c44cb objtool: Preserve special st_shndx indexes in elf_update_symbol 425a2a9469d2 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE 2647b20e043c ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() 93296e7ab774 MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() 993b13abde17 MIPS: SGI-IP27: Free some unused memory 959855093f94 sh: machvec: Use char[] for section boundaries 91fafd22f852 thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() 81fb3ee298d5 ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers 33d478eee2b5 userfaultfd: open userfaultfds with O_RDONLY 10918ebecdc9 ima: fix blocking of security.ima xattrs of unsupported algorithms b7af9b8be891 selinux: use "grep -E" instead of "egrep" 73b8218ef4aa smb3: must initialize two ACL struct fields to zero adf428ae46be drm/amd/display: Fix vblank refcount in vrr transition 60a517452560 drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier 01bd3eaa5371 drm/i915: Fix watermark calculations for gen12+ MC CCS modifier 20018a252f19 drm/i915: Fix watermark calculations for gen12+ RC CCS modifier 861f085f81fd drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() 446d40e2a8cb drm/nouveau/kms/nv140-: Disable interlacing 4dab0d27a421 staging: greybus: audio_helper: remove unused and wrong debugfs usage 28eb4bdb23e2 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS 4f7b1e7d0f36 KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 be1a6a61f1b3 KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" 379de01906eb KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility e3e5baa36879 blk-wbt: call rq_qos_add() after wb_normal is initialized e8e0a6f4b8a2 media: cedrus: Fix endless loop in cedrus_h265_skip_bits() b76fac61c33f media: cedrus: Set the platform driver data earlier b19254eadab3 efi: libstub: drop pointless get_memory_map() call 5cda4a11b490 thunderbolt: Explicitly enable lane adapter hotplug events at startup d9c79fbcbdb6 tracing: Fix reading strings from synthetic events b9ab154d22b8 tracing: Add "(fault)" name injection to kernel probes 8ae88c4842c2 tracing: Move duplicate code of trace_kprobe/eprobe.c into header 84f4be2093e1 tracing: Add ioctl() to force ring buffer waiters to wake up 32eb54a986f4 tracing: Wake up waiters when tracing is disabled 2475de2bc0de tracing: Wake up ring buffer waiters on closing of the file 48272aa48d80 tracing: Disable interrupt or preemption before acquiring arch_spinlock_t d4ab9bc5f56e ring-buffer: Fix race between reset page and reading page be60f698c276 ring-buffer: Add ring_buffer_wake_waiters() 5201dd81aef7 ring-buffer: Check pending waiters when doing wake ups as well bc6d4e9d6484 ring-buffer: Have the shortest_full queue be the shortest not longest e8d116738514 ring-buffer: Allow splice to read previous partially read pages fb96b7489fbd ftrace: Properly unset FTRACE_HASH_FL_MOD 31dc1727c103 livepatch: fix race between fork and KLP transition 36997b75bbb3 ext4: update 'state->fc_regions_size' after successful memory allocation 417b0455a0b6 ext4: fix potential memory leak in ext4_fc_record_regions() 9b5eb368a86f ext4: fix potential memory leak in ext4_fc_record_modified_inode() ef1607c99136 ext4: fix miss release buffer head in ext4_fc_write_inode d29fa1ab4e62 ext4: fix dir corruption when ext4_dx_add_entry() fails d12471b41674 ext4: place buffer head allocation before handle start 46e5f470a144 ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate 1f5e643b3829 ext4: don't increase iversion counter for ea_inodes dd366295d1ec ext4: fix check for block being out of directory size 4a967fe8b043 ext4: make ext4_lazyinit_thread freezable 533c60a0b97c ext4: fix null-ptr-deref in ext4_write_info d8e4af8314df ext4: avoid crash when inline data creation follows DIO write 56fcd0788f0d jbd2: add miss release buffer head in fc_do_one_pass() d11d2ded2939 jbd2: fix potential use-after-free in jbd2_fc_wait_bufs e7385c868ee0 jbd2: fix potential buffer head reference count leak d87fe290a533 jbd2: wake up journal waiters in FIFO order, not LIFO 7434626c5eaa hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero 095493833b18 hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO 73687c53919f f2fs: fix to do sanity check on summary info ed854f10e6af f2fs: fix to do sanity check on destination blkaddr during recovery 7f10357c9046 f2fs: increase the limit for reserve_root 0035b84223de f2fs: flush pending checkpoints when freezing super ab4958975490 f2fs: complete checkpoints during remount 0a408c6212c1 btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer 4b996a3014ef btrfs: fix race between quota enable and quota rescan ioctl 0d9423034308 fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE 95a520b591c9 ksmbd: Fix user namespace mapping a19f316406ea ksmbd: Fix wrong return value and message length check in smb2_ioctl() 39b685562825 ksmbd: fix endless loop when encryption for response fails 2b0897e33682 fbdev: smscufx: Fix use-after-free in ufx_ops_open() aa7b2c927e4e pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback 5d97378b3626 gpio: rockchip: request GPIO mux to pinctrl when setting direction e0b1c16fdadd scsi: qedf: Populate sysfs attributes for vport 1d567179f277 slimbus: qcom-ngd: cleanup in probe error path fa0aab2e45f0 slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure ba2159df1806 powerpc/boot: Explicitly disable usage of SPE instructions 9df2a9cdad5b powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain 75d9de25a6f8 NFSD: Protect against send buffer overflow in NFSv3 READ 2be9331ca606 NFSD: Protect against send buffer overflow in NFSv2 READ 071a076fd1b7 NFSD: Protect against send buffer overflow in NFSv3 READDIR 209a94c5192b serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices 63a3d75cf18c serial: 8250: Let drivers request full 16550A feature probing 26e5c79e673c PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge 7c16d0a4e6a4 xen/gntdev: Accommodate VMA splitting 1cb73704cb47 xen/gntdev: Prevent leaking grants 43bed0a13a5c mm/mmap: undo ->mmap() when arch_validate_flags() fails 2b0072d33eb6 mm/damon: validate if the pmd entry is present before accessing 91c4eb16e804 arm64: errata: Add Cortex-A55 to the repeat tlbi list fc0f921b7e6e drm/udl: Restore display mode on resume 064093472524 drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() fb3910436be4 drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error f122bcb34f1a drm/virtio: Check whether transferred 2D BO is shmem a95fb5d55af0 dmaengine: mxs: use platform_driver_register e7a3334e83f9 Revert "drm/amdgpu: use dirty framebuffer helper" 4bdedc3b5341 nvme-pci: set min_align_mask before calculating max_hw_sectors 32aa0b3f0c06 nvme-multipath: fix possible hang in live ns resize with ANA access 9391cc3a787a nvmem: core: Fix memleak in nvmem_register() 7efe61dc6aa4 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK 81ab826a285d riscv: Pass -mno-relax only on lld < 15.0.0 7780bb02a069 riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb c657b70e8074 riscv: Make VM_WRITE imply VM_READ 3c3c4fa118a4 riscv: Allow PROT_WRITE-only mmap() af3aaee08df8 parisc: fbdev/stifb: Align graphics memory size to 4MB dc235db7b79a RISC-V: Make port I/O string accessors actually work 8c487db000fd riscv: topology: fix default topology reporting d46c24f307fb arm64: topology: move store_cpu_topology() to shared code fcf0f6cbb653 regulator: qcom_rpm: Fix circular deferral regression 78d81a8a8ce1 net: thunderbolt: Enable DMA paths only after rings are enabled 3281e81ce90c hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API e1ab98ec2bc9 ASoC: wcd934x: fix order of Slimbus unprepare/disable a2140a9922d1 ASoC: wcd9335: fix order of Slimbus unprepare/disable d0507b36da9f platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure fcfeecca153d quota: Check next/prev free block number after reading from quota file 17214cfab73b HID: multitouch: Add memory barriers 219e4a0f9d68 fs: dlm: handle -EBUSY first in lock arg validation 34ed22dd2860 fs: dlm: fix race between test_bit() and queue_work() 7fa5304c4b5b i2c: designware: Fix handling of real but unexpected device interrupts f9effcefa8be mmc: sdhci-sprd: Fix minimum clock limit a4df91a88c3f can: kvaser_usb_leaf: Fix CAN state after restart 0c28c2c0cfa2 can: kvaser_usb_leaf: Fix TX queue out of sync after restart b8c4f6345e0e can: kvaser_usb_leaf: Fix overread with an invalid command de4434d6823c can: kvaser_usb: Fix use of uninitialized completion 354d768e315d usb: add quirks for Lenovo OneLink+ Dock 103b459590e1 xhci: dbc: Fix memory leak in xhci_alloc_dbc() 39f4c90b9995 iio: pressure: dps310: Reset chip after timeout bc493cd75466 iio: pressure: dps310: Refactor startup procedure 5f6bfc1926bb iio: adc: ad7923: fix channel readings for some variants 1be580ed8403 iio: ltc2497: Fix reading conversion results ef4018707df8 iio: dac: ad5593r: Fix i2c read protocol requirements 60480291c1fc cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message 0d814a2199cf cifs: destage dirty pages before re-reading them for cache=none 15993e9a9b12 hv_netvsc: Fix race between VF offering and VF association message from host f9dc33f23153 io_uring/net: don't update msg_name if not provided a1bd289c10ac mtd: rawnand: atmel: Unmap streaming DMA mappings 3e4d2375d154 ALSA: hda/realtek: Add Intel Reference SSID to support headset keys 41e83faf036c ALSA: hda/realtek: Add quirk for ASUS GV601R laptop c01f385c70db ALSA: hda/realtek: Correct pin configs for ASUS G533Z 0d50e05ecc2c ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 ec439b97d983 ALSA: usb-audio: Fix NULL dererence at error path 0672215994e2 ALSA: usb-audio: Fix potential memory leaks 550ca3082ebd ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() 45899fae65e5 ALSA: oss: Fix potential deadlock at unregistration 5ca155aa79e9 Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Signed-off-by: Bruce Ashfield Signed-off-by: Alexandre Belloni (cherry picked from commit 865633976508a3af002a68f0c68d36a74ce6b53c) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 414f7abbc5..215a14c826 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "cf39c84e1a884fcd4802640d20142bb506e9d3d0" -SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" +SRCREV_machine ?= "8cd14c788563009eeb88f1c5ffb0c0d8bad59943" +SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.74" +LINUX_VERSION ?= "5.15.76" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 3b85967ca2..bbbca44b76 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.74" +LINUX_VERSION ?= "5.15.76" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "61a508a44ed255900245d81ebe11bb5916e3145c" -SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" +SRCREV_machine ?= "f7afe3f65c15cc4d211ab30bc981493fd5b7d3a0" +SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 99b5c054f3..f542b3cb11 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "af0268ca8969a472d1263e83b0a78f00834b700e" -SRCREV_machine:qemuarm64 ?= "08b455a0e020e52340bde98e4942eaf43eb12554" -SRCREV_machine:qemumips ?= "6f7b375ea6a2736168056e6133d01aaea592e696" -SRCREV_machine:qemuppc ?= "73b9bd277094cae3d4b39b24f79f6e29b7518fc6" -SRCREV_machine:qemuriscv64 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" -SRCREV_machine:qemuriscv32 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" -SRCREV_machine:qemux86 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" -SRCREV_machine:qemux86-64 ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" -SRCREV_machine:qemumips64 ?= "33e8f888ab9242ea807b722c0982e871edc3339f" -SRCREV_machine ?= "f0bee94053065c7cb8eacadfdd6bf739a2042b35" -SRCREV_meta ?= "74e1a21c730b600c344804c1bc775a6a2ee7b8e6" +SRCREV_machine:qemuarm ?= "d7819ee61a286d4271fbb9aa8881ec6e70cdbe11" +SRCREV_machine:qemuarm64 ?= "38180346106d8eb46aca94bf01228fc75d4b70fa" +SRCREV_machine:qemumips ?= "d774a943b853ed0047169ce6d71249a0f8b77307" +SRCREV_machine:qemuppc ?= "527f0c70315df84882792510ebf2e778c5980266" +SRCREV_machine:qemuriscv64 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" +SRCREV_machine:qemuriscv32 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" +SRCREV_machine:qemux86 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" +SRCREV_machine:qemux86-64 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" +SRCREV_machine:qemumips64 ?= "980c0d78ca192b2d0e63753ff6c5daba7b9e37de" +SRCREV_machine ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" +SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "a3f2f5ac9d61e973e383f17a95cf2aa384e2d0c4" +SRCREV_machine:class-devupstream ?= "4f5365f77018349d64386b202b37e8b737236556" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.74" +LINUX_VERSION ?= "5.15.76" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Dec 1 14:27:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16277 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68994C47089 for ; Thu, 1 Dec 2022 14:28:02 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.44931.1669904877581408350 for ; Thu, 01 Dec 2022 06:27:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=fpxFLZDv; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id 140so2014182pfz.6 for ; Thu, 01 Dec 2022 06:27:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Kx2e1x1E2APbzeBHerNbTcMCUgFK7Y7/biTkZvb7U9g=; b=fpxFLZDvXcU/BSc/kP/Q+lwz1a3Yxgn91DE+5B4sY9G22CXdYuEOMxEAcKBzQ3Xsf0 JXJUwmPB987muIuQnJFmKd+hSF8m3M2gkkrbEJKeYa3wQOH7sA+e+TvraV/hZxjXdm3R hknLdnuA9CLHju3+6/wnS5ZOO4XWSkuATUsPfNMBQc1KEj2knUYu9YcPUPvCZ/F12N5f Q3/LNw7rUS7ArFGoNFoRQk903bTWG7SAvVTsgQP8grcs3DSuL8ryTcJQDJviwAwzB8zj reO7u4UxXhtIPQO3Kc9yanR/+/uYJOQLoLHlDU4e6XSAmCpzOkzY9UCiy1RNvpmKHiFr fp6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kx2e1x1E2APbzeBHerNbTcMCUgFK7Y7/biTkZvb7U9g=; b=Ds1IAeuhCghHm0oIcQ0O7YavSvCimzvJC5ENQDioNdMl53Gf9nioPufaJAH46Od9YQ eyKAYx62k4++RDipG3ar/Q5aP8/3ly3Fax4DciIhK1F1PPthCb0+45OEYy4jT5YZnA0q 8e286GQnGyb+IpWeTeR6EVscAbvLSmyGRfA/BhJqWD8le8RI23ujCKmi4u8t3Er4Vj40 tw3Yy9ebNkuWYT5hACs6Qz1/YlKLZsas4EcYI+x6BrKjawVut4WotUmDfIgt8OQwjoRK cE8GJdhTWt1Bv5hplTtRgHX/3H2Z4TYmKxo0WzL18N41lqTb9bhjilejMwH3pcWzkcll OooA== X-Gm-Message-State: ANoB5pnFWbDPn1vVnrxb8x+PvbzZf4HWMigWGthDDcie4OKEDfX799z4 gAuA5HoybLYcPs6aR8wVlA44OEhi0sCTtqZYB+k= X-Google-Smtp-Source: AA0mqf7ERqrlQQvnpZBrnjybREaWK7Jy3x3WE3egB10jy1iSGp94NrPmdxaiYIuKNx7tymieUP5RxA== X-Received: by 2002:a05:6a00:18a9:b0:572:6da6:218e with SMTP id x41-20020a056a0018a900b005726da6218emr48235581pfh.1.1669904876128; Thu, 01 Dec 2022 06:27:56 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:55 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/23] linux-yocto/5.15: update to v5.15.78 Date: Thu, 1 Dec 2022 04:27:08 -1000 Message-Id: <522ddd3600eaecf1ef3f3e7f771eef1fa4ef5f23.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174100 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 509a32764e1a Linux 5.15.78 7038af4ce951 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() b66617cc3c2f drm/i915/sdvo: Setup DDC fully before output init 73d52322c4af drm/i915/sdvo: Filter out invalid outputs more sensibly 2219b6aad345 drm/rockchip: dsi: Force synchronous probe dd955eb4e616 drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach cfa8a89af9f2 cifs: fix regression in very old smb1 mounts 3189de0ac310 ext4,f2fs: fix readahead of verity data a663e6ab17a2 tee: Fix tee_shm_register() for kernel TEE drivers d46db722a0af KVM: x86: emulator: update the emulation mode after CR0 write 942aec252b23 KVM: x86: emulator: update the emulation mode after rsm 9df4bb7b3863 KVM: x86: emulator: introduce emulator_recalc_and_set_mode 311f1e51a290 KVM: x86: emulator: em_sysexit should update ctxt->mode 37a03de2d0c5 KVM: arm64: Fix bad dereference on MTE-enabled systems 167dca5e210b KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable 19c2b2ffbeec KVM: x86: Mask off reserved bits in CPUID.8000001FH 553fd40d3bf7 KVM: x86: Mask off reserved bits in CPUID.80000001H 006366b96c16 KVM: x86: Mask off reserved bits in CPUID.80000008H fc796fd861fa KVM: x86: Mask off reserved bits in CPUID.8000001AH ef7716398a78 KVM: x86: Mask off reserved bits in CPUID.80000006H a88998446b6d x86/syscall: Include asm/ptrace.h in syscall_wrapper header 999cff2b6ce3 ext4: fix BUG_ON() when directory entry has invalid rec_len 0a43c015e981 ext4: fix warning in 'ext4_da_release_space' ada82803a773 parisc: Avoid printing the hardware path twice 081ff43a7786 parisc: Export iosapic_serial_irq() symbol for serial port driver 5daf985dd0f3 parisc: Make 8250_gsc driver dependend on CONFIG_PARISC 425fe99771bf perf/x86/intel: Fix pebs event constraints for SPR 4613a450172e perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] 7de3fe6a1354 perf/x86/intel: Fix pebs event constraints for ICL 71d6c33fe223 arm64: entry: avoid kprobe recursion 52be536155f5 efi: random: Use 'ACPI reclaim' memory for random seed 83b5ec7ee82d efi: random: reduce seed size to 32 bytes 0417f70b8588 fuse: add file_modified() to fallocate 2de8eec8afb7 capabilities: fix potential memleak on error path from vfs_getxattr_alloc() bd07f8067b35 tracing/histogram: Update document for KEYS_MAX size 27b4406f9c35 tools/nolibc/string: Fix memcmp() implementation b5074df412bf ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() 85f3caa95579 kprobe: reverse kp->flags when arm_kprobe failed d1b6a8e3414a tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() 828577e0baaf tcp/udp: Make early_demux back namespacified. 88561a66777e ftrace: Fix use-after-free for dynamic ftrace_ops 450d7480705e btrfs: fix type of parameter generation in btrfs_get_dentry 007058eb8292 btrfs: fix tree mod log mishandling of reallocated nodes 336fdd295c14 btrfs: fix lost file sync on direct IO write with nowait and dsync iocb cff805b1518f fscrypt: fix keyring memory leak on mount failure e6f4fd85ef1e fscrypt: stop using keyrings subsystem for fscrypt_master_key 3975affcf55f af_unix: Fix memory leaks of the whole sk due to OOB skb. 4302806dbfea block, bfq: protect 'bfqd->queued' by 'bfqd->lock' 3e4697ffdfbb Bluetooth: L2CAP: Fix attempting to access uninitialized memory 81035e1201e2 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM d78ccdce662e i2c: piix4: Fix adapter not be removed in piix4_remove() c76ff8ae113f arm64: dts: juno: Add thermal critical trip points 7398435e616d firmware: arm_scmi: Fix devres allocation device in virtio transport 3653cdc21b9e firmware: arm_scmi: Make Rx chan_setup fail on memory errors e514d67b2364 firmware: arm_scmi: Suppress the driver's bind attributes 4e68c5da60cd block: Fix possible memory leak for rq_wb on add_disk failure bf822b6980a6 arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers f2329886e567 arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers 33fcc55dbc5b arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers f3429a1e4924 arm64: dts: imx8: correct clock order de2a83186ad3 ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset cb9ce8910a6f clk: qcom: Update the force mem core bit for GPU clocks bdc118249698 efi/tpm: Pass correct address to memblock_reserve 3a4d6f165eac i2c: xiic: Add platform module alias 62eea4014a9b drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case 7a2547cac2e0 HID: saitek: add madcatz variant of MMO7 mouse device ID 931c97a54cd1 scsi: core: Restrict legal sdev_state transitions via sysfs c50ec15725e0 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() 8ecd1db58b7a media: v4l: subdev: Fail graciously when getting try data for NULL state f96ad391d054 media: meson: vdec: fix possible refcount leak in vdec_probe() 8b785cdcd3cb media: dvb-frontends/drxk: initialize err to 0 73dfb6421338 media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE cbfa26936f31 media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE 647c12c47ee0 media: rkisp1: Zero v4l2_subdev_format fields in when validating links abbeb8f7271b media: rkisp1: Use correct macro for gradient registers 03b30e5a369d media: rkisp1: Initialize color space on resizer sink and source pads d58b6b665c88 media: rkisp1: Don't pass the quantization to rkisp1_csm_config() 0e501fd0f38e s390/cio: fix out-of-bounds access on cio_ignore free c65cc569370c s390/cio: derive cdev information only for IO-subchannels c64be93f1e51 s390/boot: add secure boot trailer 1cdaca8f00a7 s390/uaccess: add missing EX_TABLE entries to __clear_user() 509cbbdec9d7 mtd: parsers: bcm47xxpart: Fix halfblock reads 5b8797e9dbf7 mtd: parsers: bcm47xxpart: print correct offset on read error 2f07635876bd fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards 154934c74f97 video/fbdev/stifb: Implement the stifb_fillrect() function b524b41806e9 drm/msm/hdmi: fix IRQ lifetime c55dd6200131 drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag d153d468c43d vsock: fix possible infinite sleep in vsock_connectible_wait_data() 0ed71af4d017 ipv6: fix WARNING in ip6_route_net_exit_late() 2b45d6d0c41c net, neigh: Fix null-ptr-deref in neigh_table_clear() 61defd6450a9 net/smc: Fix possible leaked pernet namespace in smc_init() de889774273f stmmac: dwmac-loongson: fix invalid mdio_node 535b78739ae7 ibmvnic: Free rwi on reset success 985a88bf0b27 net: mdio: fix undefined behavior in bit shift for __mdiobus_register aa16cac06b75 Bluetooth: L2CAP: Fix memory leak in vhci_write a3a7b2ac64de Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() cf2719a21fdb Bluetooth: virtio_bt: Use skb_put to set length 8278a87bb1ee Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu 42d20d5e2457 netfilter: ipset: enforce documented limit to prevent allocating huge memory f46ea5fa3320 btrfs: fix ulist leaks in error paths of qgroup self tests 222a3d533027 btrfs: fix inode list leak during backref walking at find_parent_nodes() 6ba3479f9e96 btrfs: fix inode list leak during backref walking at resolve_indirect_refs() a80634f392af isdn: mISDN: netjet: fix wrong check of device registration 029d5b7688a2 mISDN: fix possible memory leak in mISDN_register_device() 3e2129c67dac rose: Fix NULL pointer dereference in rose_send_frame() 06d7596d1872 ipvs: fix WARNING in ip_vs_app_net_cleanup() 5ee2d6b726b0 ipvs: fix WARNING in __ip_vs_cleanup_batch() 33e7783bc07e ipvs: use explicitly signed chars 6044791b7be7 netfilter: nf_tables: release flow rule object from commit path 1ffe7100411a netfilter: nf_tables: netlink notifier might race to release objects dcc79cf735b8 net: tun: fix bugs for oversize packet when napi frags enabled fc4b50adb400 net: sched: Fix use after free in red_enqueue() ab80025ea7ac ata: pata_legacy: fix pdc20230_set_piomode() dede9ba02705 net: fec: fix improper use of NETDEV_TX_BUSY 5dfdac5e3f8d nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() 7486f5c90078 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() 3cba1f061bfe nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() 44bc1868a4f5 nfc: fdp: Fix potential memory leak in fdp_nci_send() 4bef9a89f2f5 net: dsa: fall back to default tagger if we can't load the one from DT 06f9e0b37f7e RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() 6b3d5dcb1234 RDMA/core: Fix null-ptr-deref in ib_core_cleanup() 9f555b1584fc net: dsa: Fix possible memory leaks in dsa_loop_init() 24641993a7dc nfs4: Fix kmemleak when allocate slot failed 0797c85433cc NFSv4.2: Fixup CLONE dest file size for zero-length count d59722d088a9 SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed dea7ef05deea NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot 7b1c2458dec1 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors 4ec017e30089 NFSv4: Fix a potential state reclaim deadlock e3e53c5af563 RDMA/hns: Disable local invalidate operation 85ab79ac9413 RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() be16cc7abdae RDMA/hns: Remove magic number ba95409d6b58 IB/hfi1: Correctly move list in sc_disable() 484d9690370e RDMA/cma: Use output interface for net_dev check f7d9de8a0d33 KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER b7b66f13ac09 KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() 0c60fa7f5518 KVM: x86: Protect the unused bits in MSR exiting flags ad8e4868dd16 HID: playstation: add initial DualSense Edge controller support 3a44ae4afaa5 mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page 8576d7edeaa5 drm/amd/display: explicitly disable psr_feature_enable appropriately 058b3a11f748 KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) 9ee32892c767 KVM: x86: Trace re-injected exceptions 0c9c1306d6bd serial: ar933x: Deassert Transmit Enable on ->rs485_config() 21d65b351691 scsi: lpfc: Rework MIB Rx Monitor debug info logic d70705e131d6 scsi: lpfc: Adjust CMF total bytes and rxmonitor 9ebc6e8ad13b scsi: lpfc: Adjust bytes received vales during cmf timer interval 793d8378b74a Linux 5.15.77 1401e9336beb tcp/udp: Fix memory leak in ipv6_renew_options(). b079d3775237 serial: Deassert Transmit Enable on probe in driver-specific way 63f75fea3a72 serial: core: move RS485 configuration tasks from drivers into core 0753069d4431 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive 17ff99e2240c can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L aad798a0b39c scsi: sd: Revert "scsi: sd: Remove a local variable" 52c2329147cf arm64: Add AMPERE1 to the Spectre-BHB affected list 5397ea6a08a5 net: enetc: survive memory pressure without crashing 885a454e97c4 kcm: do not sense pfmemalloc status in kcm_sendpage() 92b4c5c3fa81 net: do not sense pfmemalloc status in skb_append_pagefrags() ae1b08592edf net/mlx5: Fix crash during sync firmware reset 37ada47d019b net/mlx5: Update fw fatal reporter state on PCI handlers successful recover 9e6523d06a09 net/mlx5: Print more info on pci error handlers ab3de780c176 net/mlx5: Fix possible use-after-free in async command interface 8bbff203e306 net/mlx5e: Extend SKB room check to include PTP-SQ ee1c0ca1af7c net/mlx5e: Do not increment ESN when updating IPsec ESN state eefa97a7a001 netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed c9589e18a60c net: broadcom: bcm4908_enet: update TX stats after actual transmission 9711616a4908 net: broadcom: bcm4908enet: remove redundant variable bytes b317d53680b1 nh: fix scope used to find saddr when adding non gw nh 2ad284ac8866 net: bcmsysport: Indicate MAC is in charge of PHY PM d1cfa71d5b68 net: ehea: fix possible memory leak in ehea_register_port() 588bdd7ee48f openvswitch: switch from WARN to pr_warn 9a1c1df9255b ALSA: aoa: Fix I2S device accounting e81d7826b8f4 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() 77a754fcfec1 net: ethernet: ave: Fix MAC to be in charge of PHY PM bc2518ec710e net: fec: limit register access on i.MX6UL f710deeea73a perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics eb59cb2fabd4 PM: domains: Fix handling of unavailable/disabled idle states bde7c2acef30 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() 8927d90d56e4 i40e: Fix flow-type by setting GL_HASH_INSET registers c39de3ae5075 i40e: Fix VF hang when reset is triggered on another VF 250bf8ab78f7 i40e: Fix ethtool rx-flow-hash setting for X722 ad3f1d9bf162 ipv6: ensure sane device mtu in tunnels e2ec5bb78ca8 perf vendor events power10: Fix hv-24x7 metric events f9df388ed6ea media: vivid: set num_in/outputs to 0 if not supported 4cc7d8d42047 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' 491c0959f01d media: v4l2-dv-timings: add sanity checks for blanking values 0f83edbe4fe9 media: vivid: dev->bitmap_cap wasn't freed in all cases 5b1fb2a28d0a media: vivid: s_fbuf: add more sanity checks 3436e5633776 PM: hibernate: Allow hybrid sleep to work with s2idle 3cc8c4088fae can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path a3e09eff32d8 can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path 304a10161696 drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() 2fe6b24ce299 net-memcg: avoid stalls when under memory pressure 9b171fdcbf0e tcp: fix indefinite deferral of RTO with SACK reneging a85d39f14aa8 tcp: fix a signed-integer-overflow bug in tcp_add_backlog() 2437f3c5c6a6 tcp: minor optimization in tcp_add_backlog() ef27df75912d net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY a1e18acb0246 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed 62086d1c4602 kcm: annotate data-races around kcm->rx_wait 342d918cf9a4 kcm: annotate data-races around kcm->rx_psock 6bb23225bb70 atlantic: fix deadlock at aq_nic_stop 4e2cbc1f0e18 drm/i915/dp: Reset frl trained flag before restarting FRL training 3d92ab0865f1 amd-xgbe: add the bit rate quirk for Molex cables 75a6d1ebf8b7 amd-xgbe: fix the SFP compliance codes check for DAC cables 98bada8fa0e3 x86/unwind/orc: Fix unreliable stack dump with gcov 88e879c9f595 nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() 18c60b383df3 net: macb: Specify PHY PM management done by MAC 95c22fc1e80e net: hinic: fix the issue of double release MBOX callback of VF 6016d96a6adf net: hinic: fix the issue of CMDQ memory leaks e6765fe8de37 net: hinic: fix memory leak when reading function table 62aa78a0c3e5 net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() 1e0bee973ef6 net: netsec: fix error handling in netsec_register_mdio() 7a939503fc32 tipc: fix a null-ptr-deref in tipc_topsrv_accept c638b520ba4b perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() 4fdf6f978c6b ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() b68873690373 ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile eca851572df5 mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() 08c246c7dfef arc: iounmap() arg is volatile 739eac37ff9c sched/core: Fix comparison in sched_group_cookie_match() ca7b0a10287e perf: Fix missing SIGTRAPs eb77474a2a21 ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile 9b6841ab7096 KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test 59de8738ed43 drm/msm: Fix return type of mdp4_lvds_connector_mode_valid a560aeac2f2d media: atomisp: prevent integer overflow in sh_css_set_black_frame() 32f93e460861 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation 5a93a8288c57 net: ieee802154: fix error return code in dgram_bind() 138a13d8f5c8 ethtool: eeprom: fix null-deref on genl_info in dump 1c2b1d3bba2e mmc: block: Remove error check of hw_reset on reset 0b0d169723f4 Revert "scsi: lpfc: SLI path split: Refactor lpfc_iocbq" 7a0fce24de60 Revert "scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4" 7a36c9de4324 Revert "scsi: lpfc: SLI path split: Refactor SCSI paths" eb8be2dbfbb4 Revert "scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()" 065bf71a8a53 Revert "scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()" 97dc9076ea5e Revert "scsi: lpfc: Resolve some cleanup issues following SLI path refactoring" b32b766be44e s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() 1ad7213fcf49 s390/futex: add missing EX_TABLE entry to __futex_atomic_op() ae9398e837b9 perf auxtrace: Fix address filter symbol name match for modules 14009ada5712 ARC: mm: fix leakage of memory allocated for PTE eb9ed3343ca7 pinctrl: Ingenic: JZ4755 bug fixes 94d2643df1e7 kernfs: fix use-after-free in __kernfs_remove f1204dfc4cd7 counter: microchip-tcb-capture: Handle Signal1 read and Synapse 6fb0106c64ee mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus 73e3901e7029 mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake 1e8cd93ae536 mmc: core: Fix kernel panic when remove non-standard SDIO card 02e51e7cd1d3 mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO 4c365a0c21aa coresight: cti: Fix hang in cti_disable_hw() b32775e03969 drm/msm/dp: fix IRQ lifetime b48949ab451e drm/msm/hdmi: fix memory corruption with too many bridges 9f035d1fb306 drm/msm/dsi: fix memory corruption with too many bridges 986a89b3717e drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume a2f0934e6bdb scsi: qla2xxx: Use transport-defined speed mask for supported_speeds 2b1a3172ee4d mac802154: Fix LQI recording 46b4b1e11e52 exec: Copy oldsighand->action under spin-lock 265b6fb780f5 fs/binfmt_elf: Fix memory leak in load_elf_binary() 24030742a7b8 cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores 3423a3417f4f cpufreq: intel_pstate: Read all MSRs on the target CPU cc6a7249842f fbdev: smscufx: Fix several use-after-free bugs 1a8b22e3f394 iio: adxl372: Fix unsafe buffer attributes 2f08cad21366 iio: temperature: ltc2983: allocate iio channels once 1bfe97f49785 iio: light: tsl2583: Fix module unloading 569709540e12 tools: iio: iio_utils: fix digit calculation c892a81c7424 xhci: Remove device endpoints from bandwidth list when freeing the device dfacb5c7f0a9 xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices 64058af657ba xhci: Add quirk to reset host back to default state at shutdown 022f21e850e9 mtd: rawnand: marvell: Use correct logic for nand-keep-config f90897c0f634 usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller a0c54d5152d5 usb: bdc: change state when port disconnected e0fd70ab4815 usb: dwc3: gadget: Don't set IMI for no_interrupt ad538aea64dd usb: dwc3: gadget: Stop processing more requests on IMI f2f53be61714 usb: gadget: uvc: fix sg handling during video encode 80ff4ef77737 usb: gadget: uvc: fix sg handling in error case 555011f6b27b USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM 311428871ba1 ALSA: rme9652: use explicitly signed char fa8b39c7ed82 ALSA: au88x0: use explicitly signed char 8af82d330d5d ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 259cb4dee1bb ALSA: Use del_timer_sync() before freeing timer 33ddee2b95ab can: kvaser_usb: Fix possible completions during init_completion 86da269c7567 can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() ead049562758 NFSv4: Add an fattr allocation to _nfs4_discover_trunking() eb1fe9600b86 NFSv4: Fix free of uninitialized nfs4_label on referral lookup. Signed-off-by: Bruce Ashfield Signed-off-by: Alexandre Belloni (cherry picked from commit 7514e04bf4dae3d3bbd20bb21b442f273f8d6c73) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 215a14c826..f80cabe55d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "8cd14c788563009eeb88f1c5ffb0c0d8bad59943" -SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" +SRCREV_machine ?= "a0d36398b257c555381e735cd721cd8479d6762d" +SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.76" +LINUX_VERSION ?= "5.15.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index bbbca44b76..c09f51ce61 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.76" +LINUX_VERSION ?= "5.15.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "f7afe3f65c15cc4d211ab30bc981493fd5b7d3a0" -SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" +SRCREV_machine ?= "1c3448ff6cc6d24d16c6ef6065cb642245cac627" +SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index f542b3cb11..710accc9e2 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "d7819ee61a286d4271fbb9aa8881ec6e70cdbe11" -SRCREV_machine:qemuarm64 ?= "38180346106d8eb46aca94bf01228fc75d4b70fa" -SRCREV_machine:qemumips ?= "d774a943b853ed0047169ce6d71249a0f8b77307" -SRCREV_machine:qemuppc ?= "527f0c70315df84882792510ebf2e778c5980266" -SRCREV_machine:qemuriscv64 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" -SRCREV_machine:qemuriscv32 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" -SRCREV_machine:qemux86 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" -SRCREV_machine:qemux86-64 ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" -SRCREV_machine:qemumips64 ?= "980c0d78ca192b2d0e63753ff6c5daba7b9e37de" -SRCREV_machine ?= "d2f773f779186759d9b9a6c403fd8d533a0bff6c" -SRCREV_meta ?= "a120c990509eccdaa613b264a4f6c187277548df" +SRCREV_machine:qemuarm ?= "d3aa5916b2b02966ef37bfe3fc527c99754571ec" +SRCREV_machine:qemuarm64 ?= "a1d364fbe3d8a916426a107f07b89fd0338923c7" +SRCREV_machine:qemumips ?= "904de7b55a7e8edf4cd894fb0558efee799a314a" +SRCREV_machine:qemuppc ?= "35d547b91124bef128a13402190ca05f54a2392e" +SRCREV_machine:qemuriscv64 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" +SRCREV_machine:qemuriscv32 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" +SRCREV_machine:qemux86 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" +SRCREV_machine:qemux86-64 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" +SRCREV_machine:qemumips64 ?= "ae8ab2e3acaf9e14cd75a6c96f1ba43c66a1babd" +SRCREV_machine ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" +SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "4f5365f77018349d64386b202b37e8b737236556" +SRCREV_machine:class-devupstream ?= "509a32764e1a5692935c4f26ed96fbe94c480186" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.76" +LINUX_VERSION ?= "5.15.78" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Dec 1 14:27:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16275 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B88EC47088 for ; Thu, 1 Dec 2022 14:28:02 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.44787.1669904879017606514 for ; Thu, 01 Dec 2022 06:27:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=7DRGxVcE; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 62so1783172pgb.13 for ; Thu, 01 Dec 2022 06:27:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rURhyf9kE6AjA9xpYKCTvBocFv16QIZZyRdbFWksyls=; b=7DRGxVcEacNA3DimeTLQRkCyvV9n0KdySPUOIuVAgRMTKEJ0me99hhCT9MI4FjOWyh ULM7E0GHE4KOx0ZJebbs+EPUXL2zZYXFRRPREbphWqxDISd+LNWCNG0/XD0ahniW6nCS VqIv9zTj5/ttTKn+HYRX0O9c91wspoemcvQP9k+oDRMI1V1mkBh8p+L5poeu2wE12VOJ R5avN7PlfALdvpQ6UzRVPJuwTeESvFzzWCaJjJ9PtomS8eBkxBof/lmqUINTggcr6p22 ZJkDiqya1ss6fNURZ/zlmeyuMgzl/ZzGwls4mSn+7lh6hTU95qBvdd233bt4vdjcZn7S Kshw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rURhyf9kE6AjA9xpYKCTvBocFv16QIZZyRdbFWksyls=; b=daAIDUJLBqZwQ2Ac66INkaBAsNQ3bZVwnMkGj6xmVVtq/UwisOUhygasongXIMeTgA ib0uxPdSOc9I4xr/+80FCQzJS3Wiu6K/n6ahODxFmoo8PoJcfv2zqq2rCtWzK3LWPG8O JrHaUkm3fXwCbGTs+2Imb5lBVIAjfQ4XFmWcs+SUs1F/BHBPW/AQAjdMpNP+4G0nYwsM 8js+F3KWdQzJhxv99d8e7ow4Se89IgmBMAN/TM5/qNtg9+DTTCn5rmlaihkqhOQPTDiZ IC5FhuEykkvF+HDb4VqVc0WK2D/rLhKfLWvw/y7TaI2hIiZKG/HBWs460PMWc9IewCHx F+9Q== X-Gm-Message-State: ANoB5pmhgxs4zyEV8vZDIzISEpTg4HA84QZ41vh2XefqgS+y2RcQXw6W RHe71mG39N4GkmPCPo9JteBrKfjVwLiYXEK2Aq8= X-Google-Smtp-Source: AA0mqf7rTEe6sxfmVohTqSWVX1gcMujYx9qcOfm0VZfg3jHJD6WgaYR3VYl5SSbvhuXfzw+KeXT1Cg== X-Received: by 2002:a63:1955:0:b0:477:50ed:6415 with SMTP id 21-20020a631955000000b0047750ed6415mr49273516pgz.535.1669904878046; Thu, 01 Dec 2022 06:27:58 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:57 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/23] linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings Date: Thu, 1 Dec 2022 04:27:09 -1000 Message-Id: <8d06b6b13051e85250bf480ea6e3c0201b28330e.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174101 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: f475b1a9ded qat: fix CONFIG_CRYPTO_CCM mismatch warnings Signed-off-by: Bruce Ashfield Signed-off-by: Alexandre Belloni (cherry picked from commit a3417ce85e38d514c7dc43c2ddcdacf45996fc2a) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index f80cabe55d..fc1ccd9b39 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "a0d36398b257c555381e735cd721cd8479d6762d" -SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" +SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index c09f51ce61..087c30b5a5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -15,7 +15,7 @@ KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine ?= "1c3448ff6cc6d24d16c6ef6065cb642245cac627" -SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" +SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 710accc9e2..d5f21daf35 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -23,7 +23,7 @@ SRCREV_machine:qemux86 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" SRCREV_machine:qemux86-64 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" SRCREV_machine:qemumips64 ?= "ae8ab2e3acaf9e14cd75a6c96f1ba43c66a1babd" SRCREV_machine ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_meta ?= "5ca1021282e796e2427f8c7769af524c433fb39d" +SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same From patchwork Thu Dec 1 14:27:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16274 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6276BC43217 for ; Thu, 1 Dec 2022 14:28:02 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web10.44789.1669904881118116803 for ; Thu, 01 Dec 2022 06:28:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ejmtLS0D; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id l22-20020a17090a3f1600b00212fbbcfb78so5379391pjc.3 for ; Thu, 01 Dec 2022 06:28:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2MfgLMQx6sxlNpksWYDzqVlaXx7ZGNHMC/RqByZqe6w=; b=ejmtLS0DMq2GKru8dY5EXhzIjedFjDNRG0gaSoeJTGMxoMHYbhvX/27Q4xWMSjIY0t g0TpK4iXzi1nmg5EWUsSw70/rWPpaIoPsLFIkuomh+wTO2BQaeszXYCCDruXy5rDtT/3 4kCdpAuIVllfpPVN2/C2ZA4+/UV8fTUEmCsjrStrvgALSCXuK2YLapMraVaa3mMpDsLd NQcFuUkDGpXJKB25hSI3dTFv78kaG7jUDFnn0Rj7iosBs3HYsCggkdlIylmdjQ9BBvCn HWP1naoCpX0FnL5thwPqbxyw1QyXl5ltj/82heq6TfN8UH5t1qTKwa6qBnnMCn0CHS10 ndXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2MfgLMQx6sxlNpksWYDzqVlaXx7ZGNHMC/RqByZqe6w=; b=f5/q7Xohuu5ED4pPbUI8XsKMDWR6D/0MhQTfmyk+P72U24th5RyPG4ZsLyKF1X/Sft wB/7SH4E2gjmXnM3YqHlcJPChlTGEBdiyXStBUPUVpGxupAYT9fITZnUiJ+ZhX+HCfOZ DBmLv+P9SXZoR/EMXgJ+mRrz+PkNcIswBZatlTYcf3mGiXYvWXmqm3PPxZo1OPbhzOrv cR9S4/1PJxTGbzIdy1vsn4X6nrrhzJ5qpg9WLySZOztBpyf1c3xih2USk4qy5v6hPxof 33H0GqFBQWbudNZPrw8nltE0qemcZc6SRXAkOkeIsy2zV11te2zu0Fs3D+y/2Y/icq0+ m3AA== X-Gm-Message-State: ANoB5pkjx5NYZLkh1GIXYDoeB7tTK59m1k/SNyRZoHQdhH5AHaAtrS34 CI6Z2Ecsw7kgx00loWh775AyIkbOAbeoo9D3lH4= X-Google-Smtp-Source: AA0mqf7ffmvk1w3k4fXk7DLWaNGmJh3xuhwHEzUZ7Avyh5xKUD4JUOTOuv6n8uGZL67VZiJSVS7HCQ== X-Received: by 2002:a17:902:c186:b0:189:7644:c46d with SMTP id d6-20020a170902c18600b001897644c46dmr26721074pld.155.1669904880138; Thu, 01 Dec 2022 06:28:00 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.27.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:27:59 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/23] kern-tools: integrate ZFS speedup patch Date: Thu, 1 Dec 2022 04:27:10 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174102 From: Bruce Ashfield Bumping the SRCREV to integrat the following kern-tools change: commit 2d01f24bc78256c709728eb3f204491bce13e0e5 Author: Volodymyr Babchuk Date: Fri Nov 4 23:32:38 2022 +0000 kconf_check: store some files in tmpdir Some file systems, like ZFS, are very slow at appending to existing files. Due to Copy-On-Write nature, they create a new copy of a file each time we do ">>" in a shell script. This becomes very noticeable if shell script does lots and lots of appends, like sanitize_fragment() function in kconf_check. On my setup, do_kernel_configcheck task takes literally hours to complete. To fix this issue, we can store sanitized_list and fragment_errors.txt files on tmpfs, which is extremely fast at writing. As most distros use tmpfs for /tmp, logical step is to use `mktemp` to create temporary files. After completing writing to temporary locations, we can move those two files back to ${LOGDIR}. Also, function 'cleanup' was added to remove temporary files in case of abnormal exit. With this patch, do_kernel_configcheck task completes in ~2 minutes on my setup, which is a great improvement. Signed-off-by: Volodymyr Babchuk Signed-off-by: Bruce Ashfield Signed-off-by: Alexandre Belloni (cherry picked from commit 9d50e2606eb66019044ee176f355a84a65a1499c) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/kern-tools/kern-tools-native_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 07d7daf5fb..12f1cf516e 100644 --- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "6a4752ebbe7d242c02b3c74a5772926edd243626" +SRCREV = "2d01f24bc78256c709728eb3f204491bce13e0e5" PV = "0.3+git${SRCPV}" inherit native From patchwork Thu Dec 1 14:27:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F68C47088 for ; Thu, 1 Dec 2022 14:28:12 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.44919.1669904865204756937 for ; Thu, 01 Dec 2022 06:28:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=lBhrmHO7; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 136so1821659pga.1 for ; Thu, 01 Dec 2022 06:28:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=03jrrJ1rvIokgXJc2Q1Z9w3J3D8XIOOW+EvIBSEf0Y4=; b=lBhrmHO7fYv/HuOsgQzanLaZoMf5VpzngdyxkfKlSk7nXBwu47PTxTL9jQJA7O6yig rKo7rlCPvowqT/I8Zvqvw3kSSn9hYGZhm8ihi58362ZCEtorQyWweEu2SUm0WY6sl6Gc ZQqTg6facsktrQQidsAp48ZY+d6Et2ofqSL3f5Hz4e7N5XnrSG2ftWh51F2hKCCNrMH2 27Ajau73n7E5rTTUKCnzLs94UudmweGUZaXLWXxUkwVbqU6ChAC63Qh3+UnKx+qWHFbW 1tm/FRqNovR7dwegKFgVke0vLjcjlLlkxparJEuwQp02WY3UXIMvv0vAfQiTRVl6Hmue j6HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=03jrrJ1rvIokgXJc2Q1Z9w3J3D8XIOOW+EvIBSEf0Y4=; b=SJ6sjk39RQaqPdjVDfQYN6NOVF9T3GtqSi31hbKUvIe61sqkhDBIq/Mymuee2YTpEv taj1XVUTDbxJHhHvCUK3LLCpur6UVrlohMiiKM+N0QmVGd7exDbJIMWIjm87jMv+UNPl ppQCVMdyAeWpM+XoJVkAV0Nm88Pj6YrZSpLl9bmA720mZ8dfUKDkyXNT4yE/kdLMO9zL /dh60a5bhfU2JX0XuxIKG7EDFQWRr7WqhZa7s3RNyLwkZeG80XBigCE13XR1EkUcAIba TqS+4tSm6T/qO2ntxJ0bDNlOweidsYWv8480+QpZeAibwgkQJxzj7guD7PvLVZNBsImZ r3mQ== X-Gm-Message-State: ANoB5pk8wOOcymVgiYn7Uzr2ZMoNedcNH3zMu5oKYbcY0o1F7aiGYRVS OotU1MS0EPGHBelEVXAqDGY0MMHlDNuhF2A6nUE= X-Google-Smtp-Source: AA0mqf6x0wtPdOzm694EJgEQFYh4JRWKv1I/HmGJYrASwUJP4rbPjTGnd8aKuiJattDb+SbONTuTOg== X-Received: by 2002:a05:6a00:1696:b0:537:b0c3:691 with SMTP id k22-20020a056a00169600b00537b0c30691mr47345447pfc.59.1669904881966; Thu, 01 Dec 2022 06:28:01 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:01 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 17/23] kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild Date: Thu, 1 Dec 2022 04:27:11 -1000 Message-Id: <640ac18b2daed698adbf849a5aef55f5de9e5db5.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174103 From: Chen Qi Currently, the KERNEL_DEBUG_TIMESTAMPS is not working as expected at rebuild. That is, even if we set it to "1", the kernel build time is not changed. The problem could be reproduced by the following steps. 1. bitbake core-image-minimal; start image and check `uname -a` output. 2. set in local.conf: KERNEL_DEBUG_TIMESTAMPS = "1" 3. bitbake core-image-minimal; start image and check `uname -a` output. It's expected that after enabling KERNEL_DEBUG_TIMESTAMPS, the kernel build time will be set to current date. But it's not. This is because the compile.h was not re-generated when do_compile task was re-executed. In mkcompile_h, we have: """ # Only replace the real compile.h if the new one is different, # in order to preserve the timestamp and avoid unnecessary # recompilations. # We don't consider the file changed if only the date/time changed, # unless KBUILD_BUILD_TIMESTAMP was explicitly set (e.g. for # reproducible builds with that value referring to a commit timestamp). # A kernel config change will increase the generation number, thus # causing compile.h to be updated (including date/time) due to the # changed comment in the # first line. """ It has made it very clear that it will not be re-generated unless we have KBUILD_BUILD_TIMESTAMP set explicitly. So we set this variable explicitly in do_compile to fix this issue. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni (cherry picked from commit 1b68c2d2d385013a1c535ef81172494302a36d74) Signed-off-by: Steve Sakoman --- meta/classes/kernel.bbclass | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass index ad2b296c2d..3e7264fb98 100644 --- a/meta/classes/kernel.bbclass +++ b/meta/classes/kernel.bbclass @@ -361,6 +361,10 @@ kernel_do_compile() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi # The $use_alternate_initrd is only set from # do_bundle_initramfs() This variable is specifically for the @@ -406,6 +410,10 @@ do_compile_kernelmodules() { export KBUILD_BUILD_TIMESTAMP="$ts" export KCONFIG_NOTIMESTAMP=1 bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + else + ts=`LC_ALL=C date` + export KBUILD_BUILD_TIMESTAMP="$ts" + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} From patchwork Thu Dec 1 14:27:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16282 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69213C4708D for ; Thu, 1 Dec 2022 14:28:12 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web10.44793.1669904885227545146 for ; Thu, 01 Dec 2022 06:28:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=s7GsIzEu; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id t11-20020a17090a024b00b0021932afece4so5374083pje.5 for ; Thu, 01 Dec 2022 06:28:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GVcBAZu2fw/QbTT2JR15Tb71TBZDs9x9YxqyL7S1kCg=; b=s7GsIzEucWVcQQzDUkwPye3FMnk0pCKTNBjS83IDxjz1KKzHNAPC6eWPhxoT70Yxyp yQ1et4S0Ww7e9NkzNDN5MH5XOWtYQRG++OIBbaoUwn4NtDdq8yK9d2R8jtLtexQB1P1y kfPyHsFjz68tGpHhgbdKjiGewjtTRlmx/JNWEupp0T46XvUYpKnVBqNQMgd/HtS/QGA9 TtLFtcPgJ2klamKn4Bc97/SfOm44QQnfgwx4qi2DB/h9/KCPU+U6xfXvkWq1SSg6pvGr p612hO0XeGUAQX/N9ouvkycMRboxoUHdN7CXv6JRvTYg8z+Z3Utfpulqj3ZiFdTXPNf9 oxRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GVcBAZu2fw/QbTT2JR15Tb71TBZDs9x9YxqyL7S1kCg=; b=l35QN/fEfyo0atqqcIuQDFDF6YvV46kR4uXVtMpq/VwwCw00/Y+Zxs+Q35PMYZlpvH PrnloCiDHPNOD7NMubpMXQUo3NsIxNn7NAVHvImsLol4UsWxyg0oyMY+uc1ctUBMZ0uR 34mp2AYjOrwtxnmKXtxETF0ufBK3RP2/lxzF2BVHj4nUhmJsoe8UI+KuxP1aF0mH4UuP F6wX6rvi3USZzq5c95YSs5eFFWOd4vzF0UxtDOFqAVfxLyzqWoGWzwdOyaSxLxvTd+3Z yhDOcoB0+alqQGgw1VZqMBMO5WE1zflbxQJ21EqLBRfuDegFjeWbqmRSUx/4DE5FDZlN vhcg== X-Gm-Message-State: ANoB5pnnQwchdPeLSPo4wLSTlRtmykVTHuROFPj4pDhMmnyjWBBRLjhR MV1EH3ZgCEd5zv49fzm28lAFpBHCVnmDlzUTU9Y= X-Google-Smtp-Source: AA0mqf4fFRKaoNXODQZhCx0NEELZ0vPs+GX8B9pY9aL7DrX5YyhTgNsozy2VmO4v9dlZeKrSpoUqpA== X-Received: by 2002:a17:902:be06:b0:189:26bb:3bad with SMTP id r6-20020a170902be0600b0018926bb3badmr50317457pls.92.1669904884091; Thu, 01 Dec 2022 06:28:04 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:03 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 18/23] linux-firmware: upgrade 20221012 -> 20221109 Date: Thu, 1 Dec 2022 04:27:12 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174104 From: Dmitry Baryshkov License-Update: additional files Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni (cherry picked from commit 6940f297243a66bd58d6adee7d690bcee9b9ccb2) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20221012.bb => linux-firmware_20221109.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221012.bb => linux-firmware_20221109.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb index c7ecee0d9a..dc977c2bb7 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "d6d9d74a344a78028e6b0f1df80db14b" +WHENCE_CHKSUM = "ab4ba608dc4b757716871f9be033f0f1" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "e9d174af729511c8cccb60ec4e0b223b3c44b67d813b42d1ab9813acfa667fa5" +SRC_URI[sha256sum] = "c0ddffbbcf30f2e015bddd5c6d3ce1f13976b906aceabda4a57e3c41a3190701" inherit allarch From patchwork Thu Dec 1 14:27:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16281 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69244C4708E for ; Thu, 1 Dec 2022 14:28:12 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web10.44794.1669904887208809688 for ; Thu, 01 Dec 2022 06:28:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=fHllXkZx; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id v3-20020a17090ac90300b00218441ac0f6so4308509pjt.0 for ; Thu, 01 Dec 2022 06:28:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/wthRAa93hvYf8cpUJgFFoE9aQ11V/eVxwEaLlVsnro=; b=fHllXkZxLgc4ed+oFk+934MMPflFS2eaHuiEzttllMpnrxLn22L+bCIWag0L84PM16 8lnHRyyzm9KNLaIh4wq/a4uPRRzn36KGFX5A24YzoD5ia8TevsA3l9SLzV/jEBDSsOUD jkuhcq5V5acjq3rLKvGR7TtxGin7HfWzYmdqxRdCIfeJ5PmFNu6gHUj1tir8QV9jATIq DwroFyvzIxHHzewwLK0l6EAjx4c3PungNv2ti0XoqQyft17HmV1WsCYFRd/ita4PtX7d vscPe1B0z8G+PYQz/u4DKjA+ZyDIsPuTl+X6FvJDSzVHXRdyEjmiTyO6oC1uWkPALkh9 oQNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/wthRAa93hvYf8cpUJgFFoE9aQ11V/eVxwEaLlVsnro=; b=q1R0rQjgZu0vsKiafH+lX6Tn2zRmTxQUBbHSIbPABwcDTX/INR/WkL75JXjonGbbSr B6MlF//uHjScqRupAjG0m5CZTIPNOusrOfvDgn5BBzKcS0gcwlqcPJCa6qT9bBMQ0zgE O1Zb5XiQxff2bEf0ryaG4h3eWDjUWI0tT4AassNdWSd7vkZRlzvVMwp1onUdN9RvEeez 7GBENbg5jvwnSxzhsPEvqLK/9THGvAOZV8Esn47JYpslDaELnVuIJZCJGHe6CQCVxB3f 65XOjTVxzanfQlrYA/t3XLqUyiSS4DxxJULjBVVZg5Og2OVDL4P2YHAnz1lSG1ONpnAp 5Uzg== X-Gm-Message-State: ANoB5pmE/q2eSX6P1W/iDC52cOXoC10+9mhAJ/5eQY4Uqh6r37SBK2VP ime/ANnUg9fVKHtHRfDR6wY6dB+T/PC855yzxWo= X-Google-Smtp-Source: AA0mqf5u59ooOVd6ckIYaanKTYIUTaLQ1wMNAgC03KvSRePknhv+89gO/53AMMD+C095gBhFe94zfg== X-Received: by 2002:a17:902:7006:b0:181:b55a:f987 with SMTP id y6-20020a170902700600b00181b55af987mr48516156plk.67.1669904886198; Thu, 01 Dec 2022 06:28:06 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:05 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 19/23] linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 Date: Thu, 1 Dec 2022 04:27:13 -1000 Message-Id: <6c477dffa8c83418d6e5c9635370e37d512885c3.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174105 From: Dmitry Baryshkov Extend the linux-firmware-qcom-adreno-a530 package with the squashed Adreno 530 zap shader. Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni (cherry picked from commit 920bf119f35824a3531801f5e41158a8ad1bca4c) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb index dc977c2bb7..b05b960ebd 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb @@ -993,7 +993,7 @@ FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" -FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/a530*.*" FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" From patchwork Thu Dec 1 14:27:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16280 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CB44C4321E for ; Thu, 1 Dec 2022 14:28:12 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.44940.1669904889070158994 for ; Thu, 01 Dec 2022 06:28:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cFr8IETd; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id y4so1803646plb.2 for ; Thu, 01 Dec 2022 06:28:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=J4iAb9RzJjivxQAz+bpDbiGIqE2zFbAK3qkIU89jR3c=; b=cFr8IETdp4oxG6ztKJ6jyxVSeq8P6UaZVzrqafmMoBW9D/j2D7tcgVPvtU1NkMvsdC RhfH27LoX39HawEpg3ry11xomz1nuxWK1ksE76iOkjq/9L6sWK8iHMwPeOpwTHPXfcRl pYGwRw0GTWXKse+e3ga6DY+rLLR6/1ebCcuanM6JmY4IepMve4qSpYZlTO3U6WFdr8OO TmSwaj8Xt+ydvgZ68hakI3Sc86RQp0wy5Qx6aN6+8dgjUQh/hbg/rcOxfpCX3hYQTpRM T4OPWlJhhWy6eOfXtlsZLMTipZZQLNuNgb0XXEM0sbkdSBhwcmgqwTO6nEdbbcK2H7tU QyeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J4iAb9RzJjivxQAz+bpDbiGIqE2zFbAK3qkIU89jR3c=; b=zObduNKWautxOvaq3ngS37NMBKcvkP33buECbdCADHxXujHnsew6RWOsQqMr+kj1IO HIwEzGBQ60m5gopWbCa8n0yBbqAjt8Xgp1HFLs2Mnpw9kV2/0EWILB8f4OJrMFQZAkQ8 ybowKXActdBVSs4AvlCi0yj/Gtu9vqS6iWVzB3iTuSIf+I5rrlLco0+RpfyXXFubd0FR FubjyhQg302JyYU8S2L2OVeaN9tw89kVeBa2EwKA0QhLv9ZLeH72K7jxTJv5J9jZJuf/ mhI2dJtPDgZ25eGy62KXRXYmHMmAZTdjgvar98OCnoiySRD67SBo8kkxKCXKIwHQBCPR uqIg== X-Gm-Message-State: ANoB5pn66Ipt9bYdQYNzeYDuBQB9fmPGOy0yoQtKb2tOZv2367Wm9S+O 5G1rmliJA1U/DGP+s8f+E3wN6sVnobsuhIlzW9s= X-Google-Smtp-Source: AA0mqf6GdhUzNw2Js7CgHCuR93Mj1g3bPxYS4It0tAP4K/nJBUXoGUAhoieOG+/VoCpN5RdrhozWFQ== X-Received: by 2002:a17:90a:1090:b0:212:f52e:55c9 with SMTP id c16-20020a17090a109000b00212f52e55c9mr75822239pja.56.1669904888110; Thu, 01 Dec 2022 06:28:08 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:07 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 20/23] sstatesig: emit more helpful error message when not finding sstate manifest Date: Thu, 1 Dec 2022 04:27:14 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174106 From: Enrico Jörns Since oe-core commit 64b89f3c8fc31842256c482a3039d90d3f12c1cc ("sstatesig.py: make it fatal error when sstate manifest isn't found") errors like: | Manifest [..]/tmp/sstate-control/manifest-x86_64_x86_64-nativesdk-dbus.populate_sysroot not found in imx8mm_dummy cortexa53-mx8mm cortexa53 armv8a-crc armv8a aarch64 allarch x86_64_x86_64-nativesdk (variant '')? are fatal now and cannot be ignored but must be debugged. Unfortunately, the currently emitted error message is a bit imprecise with telling the reader what has actually gone wrong. This commit: * adds the word 'sstate' to the error message to clarify the scope we are dealing with ('sstate manifests', since there are other manifests, too) * does not randomly print the last manifest file searched for as THE manifest file that could not be found Instead, we print the name of the task the sstate was searched for * adds the word 'multilib' to variant to make clear which variant we are talking about * adds a separate line noting the searched pkgarchs and adds explicitly mentions this word ('pkgarchs') * prints a list of ALL manifest file locations attempted * removes the '?' at the end of the message since such errors indeed leave the question of what is the cause but the error message itself is more like a statement. The result for the exact same issue as noted above then looks as follows: | The sstate manifest for task 'dbus:populate_sysroot' (multilib variant '') could not be found. | The pkgarchs considered were: imx8mm_dummy, cortexa53-mx8mm, cortexa53, armv8a-crc, armv8a, aarch64, allarch, x86_64_x86_64-nativesdk. | But none of these manifests exists: | [..]/tmp/sstate-control/manifest-imx8mm_dummy-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-cortexa53-mx8mm-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-cortexa53-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-armv8a-crc-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-armv8a-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-aarch64-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-allarch-dbus.populate_sysroot | [..]/tmp/sstate-control/manifest-x86_64_x86_64-nativesdk-dbus.populate_sysroot Signed-off-by: Enrico Jorns Signed-off-by: Alexandre Belloni (cherry picked from commit 735ec126ec219c7cb89cb05b0e433201bb7f59eb) Signed-off-by: Steve Sakoman --- meta/lib/oe/sstatesig.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index f5a77bea27..bbe28efa81 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -467,11 +467,15 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, multilibcache): pkgarchs.append('allarch') pkgarchs.append('${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}') + searched_manifests = [] + for pkgarch in pkgarchs: manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname)) if os.path.exists(manifest): return manifest, d2 - bb.fatal("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant)) + searched_manifests.append(manifest) + bb.fatal("The sstate manifest for task '%s:%s' (multilib variant '%s') could not be found.\nThe pkgarchs considered were: %s.\nBut none of these manifests exists:\n %s" + % (taskdata, taskname, variant, d2.expand(", ".join(pkgarchs)),"\n ".join(searched_manifests))) return None, d2 def OEOuthashBasic(path, sigfile, task, d): From patchwork Thu Dec 1 14:27:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16283 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CB20C43217 for ; Thu, 1 Dec 2022 14:28:12 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.44942.1669904891337123978 for ; Thu, 01 Dec 2022 06:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=4F3Y7pFA; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id w2so478633pfq.12 for ; Thu, 01 Dec 2022 06:28:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=e8Eylsft4HgXGcyynYjReSJVRF+RUNLi4eDrTRq8mx8=; b=4F3Y7pFAZ7sDR1HCIIvNcMfGc/nUrOuHrC8hpQImRwPjqKyZ9OwEJL00rijgbqooUc q+FjTLWL0EOhLiy8l6cOcHln/7w6FHyB1nVYfJAQy6NcRDS3Msi3l2+c/y3ImhhSRbiG VYYMOTuWmJBJAEc4+d+BIsPr+3almqjeTP5CwTFcv126bfzMPnqVPHFlxQmKFB/6bsCi 1zzvHvf2N/tpxZM/9KzEXLlFjA4p+9vSsW87fd7dZEk1koRZNXoi66Shz84DaZYDgrTB YdBkzMS8/u3aytCyy/+BYeb53BMrDsNyM0aUdiZoyyryT3OL/kv7YRp+aewj35ivrs0a GK/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e8Eylsft4HgXGcyynYjReSJVRF+RUNLi4eDrTRq8mx8=; b=W+VkoFg3CBCcsy3zXDJhsO/5YiJehPtGIHFDXLY3oDsvHX4Im2fD+RX2jN4OFOmBrb w/s1dvM4PK6HHwLglrfmMKS1aA4GVTkmKRUS3Au8Mn3qbqbI37hN0gGNiXn8HpSkHidL bl3eYh+rSI5lgwbcFrl2XPVsxlD6uaHocduncrVpp4hmJ/OcQbeiJZyg+yRiJBX6E1Xj 6o5xXt2wrnKZTr+XPc1VxSeMZ1uOP8+NbP8ATT54cZfUqK+QH3UCy0KYxEnz2Yfda0kW Zt/I19HLvJJ1dWm1+ifai+a1Dr5xBcjcxugg5dJ8QjdSk8ivOG4yr86N2RCi9MINnTV6 VZBQ== X-Gm-Message-State: ANoB5plTLVhQNSEaMaXL/yKpA0cLsXOd+cSF3kxEMW1oyCareU5dRkD2 gwC1TYaa0fG23RyWydgrgrX9d6jB1EPfcb+kq0g= X-Google-Smtp-Source: AA0mqf7r5vewhjroMZshKrzDwIz7rSiErUfBlVAZL9qCh24JEaKHxcM9HgF6X2MbcCL7PJWfk7uO7A== X-Received: by 2002:a63:c46:0:b0:476:ed2a:6228 with SMTP id 6-20020a630c46000000b00476ed2a6228mr41966467pgm.137.1669904890121; Thu, 01 Dec 2022 06:28:10 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 21/23] resolvconf: make it work Date: Thu, 1 Dec 2022 04:27:15 -1000 Message-Id: <66d85b2d841e6d3281f47ef9a39aa5483aad35d0.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174107 From: Chen Qi The current resolvconf does not work. Make it work with the following changes. 1. Install normalize-resolvconf, which is used by resolvconf. 2. Add dependencies: sed, util-linux-flock. util-linux-flock is needed by our busybox does not support '-w' by default. sed is needed because we want to avoid package QA issue complaining sed is needed by no one provides it. 3. Add a patch to replace 'readlink -m' with 'readlink -l'. This could avoid the runtime dependency on coreutils. The replacement is safe as /etc always exits in OE's system. 4. Remove allarch inheritage. This is because the above RDEPENDS change does not allow this any more. test_sstate_allarch_samesigs would fail if we don't do this. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni (cherry picked from commit 1b0581fd241cc9de2feda896aefbf055dc0099dc) Signed-off-by: Steve Sakoman --- ...01-avoid-using-m-option-for-readlink.patch | 37 +++++++++++++++++++ .../resolvconf/resolvconf_1.91.bb | 9 +++-- 2 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch @@ -0,0 +1,37 @@ +From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Thu, 17 Nov 2022 17:26:30 +0800 +Subject: [PATCH] avoid using -m option for readlink + +Use a more widely used option '-f' instead of '-m' here to +avoid dependency on coreutils. + +Looking at the git history of the resolvconf repo, the '-m' +is deliberately used. And it wants to depend on coreutils. +But in case of OE, the existence of /etc is ensured, and busybox +readlink provides '-f' option, so we can just use '-f'. In this +way, the coreutils dependency is not necessary any more. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi +--- + etc/resolvconf/update.d/libc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc +index 1c4f6bc..f75d22c 100755 +--- a/etc/resolvconf/update.d/libc ++++ b/etc/resolvconf/update.d/libc +@@ -57,7 +57,7 @@ fi + report_warning() { echo "$0: Warning: $*" >&2 ; } + + resolv_conf_is_symlinked_to_dynamic_file() { +- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] ++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] + } + + if ! resolv_conf_is_symlinked_to_dynamic_file ; then +-- +2.17.1 + diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb index 94fd2c1a70..3f1b75d07d 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb @@ -9,10 +9,11 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS:${PN} = "bash" +RDEPENDS:${PN} = "bash sed util-linux-flock" SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://99_resolvconf \ + file://0001-avoid-using-m-option-for-readlink.patch \ " SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1" @@ -23,8 +24,6 @@ S = "${WORKDIR}/git" # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" -inherit allarch - do_compile () { : } @@ -39,12 +38,14 @@ do_install () { fi install -d ${D}${base_libdir}/${BPN} install -d ${D}${sysconfdir}/${BPN} + install -d ${D}${nonarch_base_libdir}/${BPN} ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${sysconfdir} ${D}${base_sbindir} install -d ${D}${mandir}/man8 ${D}${docdir}/${P} cp -pPR etc/resolvconf ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir}/ install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} install -d ${D}/${sysconfdir}/network/if-up.d install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf @@ -64,4 +65,4 @@ pkg_postinst:${PN} () { fi } -FILES:${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" From patchwork Thu Dec 1 14:27:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B2F2C43217 for ; Thu, 1 Dec 2022 14:28:22 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web11.44945.1669904893116103332 for ; Thu, 01 Dec 2022 06:28:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=rStE3olt; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id o12so2002303pjo.4 for ; Thu, 01 Dec 2022 06:28:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ysF8occMlJ8PD17TNpCn/Co+RAg1mCuk3hn8f6SstSk=; b=rStE3oltKYEkgzZjf+NoV6YfemLrlPgqKHDdLGrFtX9O/suG5UAurQwGzOfEqYkC0l thcRiIN7oI36dMIKIEttGyfK5PNqdxU3tJxh2dGM/FFMusQsnNwE+Wm+mVlsJFhG3J7/ wCBoZM1Bu5OMk54Xnb8C7GiHdR5Luwg1hd4K8od5HKnCWvd2gkduVAcsTap7qeUURPG6 GZAsKy/Aqd7UNp5Wn6cON6Ohho+8xCXyk9fjJ/kvA3osZphNqFBU3nqWAJXUUfvDjDA3 atr6rIGtqleavjk0ryJtdRC/hzkmbXHSsFk5/aJ/p+aTuj8czMeJMBS931g+X8GOuelg Q1MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ysF8occMlJ8PD17TNpCn/Co+RAg1mCuk3hn8f6SstSk=; b=C7U16yBr+1KmI+GtTv1y4OM55aC1kZu1roib7GtKsnRsGGpzzHsJsQrlQgTmfBYuRl JBFKJC0L5hyzFG6aiRyalM0/ANfrVqryExfVfvuf8RUbO7NlamFc8+ggNh5nYnvV4ad6 hUJcW1sg63Ad1hDKiMJkEDRqr9gMYEjG10QnbxzW/NIKTDhWsEYLMXNjKePQU1iLuL/X wraW9FoCB4fIg8nV9ZkeX5voIUIdcB174hm/0GvjkpG1zg7LTwEKlNlyHoI5oMEBLjyV NgVclPlpjJ5eXIM1QyCTUGccTtN7qh+tGJp80S75t065una5Bv2Jod3ikD3zPBc2PVhl tyxw== X-Gm-Message-State: ANoB5plrCsDFA6vieKPfGt0PT5G82SszD6SGpWYaTi4Eh0FYIzTEfXao DKj/Od1U8g1z0EmETt5N+X1iLwON0v1xqSOOFQA= X-Google-Smtp-Source: AA0mqf6ysA50ASEUjqPTlNNcgqPxGhm791vaZPRrvQIyJ6MsFzHVSg5pqI2izBd0qczP5OZNJYKg8Q== X-Received: by 2002:a17:902:f2c5:b0:189:1cc3:802a with SMTP id h5-20020a170902f2c500b001891cc3802amr48868613plc.56.1669904892002; Thu, 01 Dec 2022 06:28:12 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:11 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 22/23] dhcpcd: fix to work with systemd Date: Thu, 1 Dec 2022 04:27:16 -1000 Message-Id: <26c1338f5ad73488d80cdb97ae2efbf0652ee1ac.1669904703.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174108 From: Chen Qi Currently, dhcpcd does not work well with systemd. When using dhcpcd to configure network, the /etc/resolv.conf contents are not correct. This issue could easily be reproduced by using 'qemu + slirp' to start a systemd based image and using dhcpcd to configure network. The expected 'nameserver 10.0.2.3' is not in /etc/resolv.conf. The root cause of this problem is that dhcpcd assumes the resolvconf should recognize .protocol suffix[1]. But systemd's resolvconf (which is a symlink to resolvectl) has a limited support for traditional resolvconf interface[2], and "may not work with all clients"[3]. This of cource includes the clients that use the .protocol suffix. The current situation is: 1. systemd is not going to support the .protocol suffix in the foreseeable near future[4]. 2. dhcpcd does not want to merge systemd specific patch and insists systemd needs to consider the .protocol suffix[5][6]. It's a normal thing that people have different opinions. As a build system that supports such combination, however, we do need to come up with a solution to fix this typical integration problem, making dhcpcd and systemd work together. This patch solves this integration problem by relying on dhcpcd's ability to manage its own resolv.conf contents. But instead of letting it to write to /etc/resolv.conf directly, we supply the generated contents to resolvconf. In this way, the resolvconf still stands in the central place and dhcpcd remains a supplier to it. And the /etc/resolv.conf can get the correct contents. With this patch, dhcpcd could work with both sysvinit and systemd. [1] https://man.archlinux.org/man/resolvconf.8.en [2] https://man.archlinux.org/man/resolvectl.1#COMPATIBILITY_WITH_RESOLVCONF(8) [3] https://wiki.archlinux.org/title/systemd-resolved [4] https://github.com/systemd/systemd/issues/25032 [5] https://github.com/NetworkConfiguration/dhcpcd/pull/152 [6] https://github.com/NetworkConfiguration/dhcpcd/issues/146 Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni (cherry picked from commit 935ae419f51d911c73f5dc7b4a2e5e9a7b206985) Signed-off-by: Steve Sakoman --- .../dhcpcd/dhcpcd_9.4.1.bb | 1 + ...mprove-the-sitation-of-working-with-.patch | 82 +++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index ab6ffe986c..1d03de09c8 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -13,6 +13,7 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ file://dhcpcd.service \ file://dhcpcd@.service \ " diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..6f90c88249 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch @@ -0,0 +1,82 @@ +From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 9 Nov 2022 16:33:18 +0800 +Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd + +systemd's resolvconf implementation ignores the protocol part. +See https://github.com/systemd/systemd/issues/25032. + +When using 'dhcp server + dns server + dhcpcd + systemd', we +get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', +yet systemd's resolvconf treats it as eth0. This will delete the +DNS information set by 'resolvconf -a eth0.dhcp'. + +Fortunately, 20-resolv.conf has the ability to build the resolv.conf +file contents itself. We can just pass the generated contents to +systemd's resolvconf. This way, the DNS information is not incorrectly +deleted. Also, it does not cause behavior regression for dhcpcd +in other cases. + +Upstream-Status: Inappropriate [OE Specific] +This patch has been rejected by dhcpcd upstream. +See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 + +Signed-off-by: Chen Qi +--- + hooks/20-resolv.conf | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf +index 504a6c53..eb6e5845 100644 +--- a/hooks/20-resolv.conf ++++ b/hooks/20-resolv.conf +@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" + NL=" + " + : ${resolvconf:=resolvconf} ++resolvconf_from_systemd=false + if type "$resolvconf" >/dev/null 2>&1; then + have_resolvconf=true ++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then ++ resolvconf_from_systemd=true ++ fi + else + have_resolvconf=false + fi +@@ -69,8 +73,13 @@ build_resolv_conf() + else + echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" + fi +- if change_file /etc/resolv.conf "$cf"; then +- chmod 644 /etc/resolv.conf ++ if $resolvconf_from_systemd; then ++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" ++ "$resolvconf" -a "$ifname" <"$cf" ++ else ++ if change_file /etc/resolv.conf "$cf"; then ++ chmod 644 /etc/resolv.conf ++ fi + fi + rm -f "$cf" + } +@@ -170,7 +179,7 @@ add_resolv_conf() + for x in ${new_domain_name_servers}; do + conf="${conf}nameserver $x$NL" + done +- if $have_resolvconf; then ++ if $have_resolvconf && ! $resolvconf_from_systemd; then + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" + printf %s "$conf" | "$resolvconf" -a "$ifname" + return $? +@@ -186,7 +195,7 @@ add_resolv_conf() + + remove_resolv_conf() + { +- if $have_resolvconf; then ++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then + "$resolvconf" -d "$ifname" -f + else + if [ -e "$resolv_conf_dir/$ifname" ]; then +-- +2.17.1 + From patchwork Thu Dec 1 14:27:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 16284 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B31BC4321E for ; Thu, 1 Dec 2022 14:28:22 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.44787.1669904879017606514 for ; Thu, 01 Dec 2022 06:28:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=xtspHYY3; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 62so1783781pgb.13 for ; Thu, 01 Dec 2022 06:28:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=w/JMBBNme0lvxU7ImDJGm0Gh/iLEP8sFCUtmqE/mrQU=; b=xtspHYY3zrd+PUwNy4CjZsUvn/ficdHVhe+ODIOA2RpNGsBl6fYzc2h8QDpmeO2kOw 5BLynMmzaX5apD820PYP/xR/adYW+ZNjRTulVu++jltK5c5PnX/ffE4syK3Zs4/HMXlW 2md+DR0IEBNYdJi4ZkdcDOLoKWbyWm7M3kZRrFjDXPcH0YaZCY29PUCyTRENr9UdiT8a 0wMM/GKbF8YTvgi9BgwGgW8Bmo8TA0QxfsXS1Dg7qqkRqieJsmmpCx3MZYF+w63AIp5O yQxpu1N2M4jfPA1w6CzzRIDNW+y7pZpw1v5i/VVCz/p62oiOvDvnrd3VzmL3avo2tcLS ElmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w/JMBBNme0lvxU7ImDJGm0Gh/iLEP8sFCUtmqE/mrQU=; b=bUYsOQIT1Up/9XY8Rh/qvoVjsmzbfmhum79IHvddf9xigY3iiXQh5jrGQPIfIYiVuH xhxFZ1YPHP4oHU+EdZBUbPIdZn6Jede5bRndG1a5V2aAOFMFcz4gowYSBuJLYAcgGTAM goK/6EehtWOrhhjZSnO5dQcg6nQnDgsN94XvRMtd9CunXGVxbsRO1T9hVuqID1sM0f++ v3xRnH83NtkL9H+MJusJa7tmkdBgoGt4fy7I2BIxqJ4xm7TPdidnPtgTyYWlAiT3dDZk SYeYkpBRPvWae0brVwrh4kcEjZGQqhlOOTbRvfAijxqCx7Puo3mcJPuXO3CZYWRQi8o9 ZHGg== X-Gm-Message-State: ANoB5pk40l5EbdqBfY/OCJAEXq2Y0F5Vo3i92Bk9sEimZMhbl2d1AzuD QixrnmKvn4WU057W9AMUiPcVRFtZT/f+DLgqwPI= X-Google-Smtp-Source: AA0mqf6WTeuVY/dkNIdSSSizJddHo8f/hZQ7XJ4DxBu/vS93BqQQfheLuHpjce8ooj2pjfyQwdlVCQ== X-Received: by 2002:a63:d255:0:b0:477:d17b:414 with SMTP id t21-20020a63d255000000b00477d17b0414mr29418984pgi.503.1669904893798; Thu, 01 Dec 2022 06:28:13 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id b14-20020a17090a6ace00b00218e8a0d7f0sm4908308pjm.22.2022.12.01.06.28.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 06:28:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 23/23] mirrors.bbclass: update CPAN_MIRROR Date: Thu, 1 Dec 2022 04:27:17 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Dec 2022 14:28:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/174109 From: Tim Orling Both of these redirect to https://cpan.metacpan.org/: http://cpan.metacpan.org/ http://search.cpan.org/CPAN/ Signed-off-by: Tim Orling Signed-off-by: Alexandre Belloni (cherry picked from commit f1b74fc09f70d52d9ac629b04d81aa94fd97ff40) Signed-off-by: Steve Sakoman --- meta/classes/mirrors.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index b8926fa6e5..3720c00ae5 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -61,8 +61,7 @@ osc://.*/.* http://sources.openembedded.org/ \ https?://.*/.* http://sources.openembedded.org/ \ ftp://.*/.* http://sources.openembedded.org/ \ npm://.*/?.* http://sources.openembedded.org/ \ -${CPAN_MIRROR} http://cpan.metacpan.org/ \ -${CPAN_MIRROR} http://search.cpan.org/CPAN/ \ +${CPAN_MIRROR} https://cpan.metacpan.org/ \ https?://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \ https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \ "