From patchwork Tue Jan 17 14:08:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02DA6C678D9 for ; Tue, 17 Jan 2023 14:09:05 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web11.197084.1673964542315817296 for ; Tue, 17 Jan 2023 06:09:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=RQvf300d; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id u1-20020a17090a450100b0022936a63a21so10784566pjg.4 for ; Tue, 17 Jan 2023 06:09:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/zDYOPeUwvFzdNKvrrdrL8W9s9rV9Ue2r39IqTOT82o=; b=RQvf300d0TjI7i19i62cdrVwXozB6EQm/pQQyue7HDCEG0wrd2khd8gXX9CrdVxsuF 7IyWZqumtDIYBETbZ5oecw9ERXpWeFoH7U0WbdelzXH8LI86K/+76atpXs2ns8AuLgjH MuvIAhu/Be77DBavs4g4j3xYdnhEMa/5PnTasB9jIDbirCScE6xZHp7aULwyDK6cE6nP yXh87WG6e8Rfe9cbgG4JbaBy7BU9sgNGq0HhUqNJcuT+J3OooUq4FtTnvfJrcJm0rV4d Uzr9YCRWot1q0c3dm2+K+cgRiEv8mnbXAVWjP9ku9wR8Vc+tr+R84ID1AAh3fM4ZpeBi ZXVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/zDYOPeUwvFzdNKvrrdrL8W9s9rV9Ue2r39IqTOT82o=; b=ixlG6vEHSZHQMzdjVSEIjlKKteLQUIaLCCEOPNkEpMsg3Al/tvnB8JJbUhoweyqFKw iH/XdbhecA12Sr5+lQocthT8zVoNnmFX7bH8lF9CNtJMscVQTJNPfHOpOMiRQ3yJeC21 3RJ/PUbOFaJP1qezHx52onNDnMMKklK72CZO0m8+EFSMduPxImY4qPs1G3bAsh53zsgx m9kXgYIHANyxF7bbb07AN4JiBi0yh7cPtXWwLonB5L0eBiNlzjX6kAr+a30vH1Udbt/E 6xapBDFAZuOmhDhNvPHD4ULzTLW0cYQutnIRN8zk1TinoK5BeASFmB5qXrgHkpUBMNsY zftA== X-Gm-Message-State: AFqh2kpazm3rv9oBlb3rj16bx/Dp/LY4tiI3nalAdY5mU1dRUWj+qi2g fAg6vI/e8Sx5nsWYwR/M8IBCxS5r8FAFmf4+KvM= X-Google-Smtp-Source: AMrXdXsozIUaEiLezWl7rMY+ZjiLhxvZNwkvDeIdvJie6fEgdyjZNKK/nxTCnGYIPAmxr2+CNt9K4Q== X-Received: by 2002:a05:6a20:6b91:b0:ac:21c3:2fb7 with SMTP id bu17-20020a056a206b9100b000ac21c32fb7mr21808772pzb.6.1673964536622; Tue, 17 Jan 2023 06:08:56 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.08.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:08:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 1/9] ffmpeg: refresh patches to apply cleanly Date: Tue, 17 Jan 2023 04:08:37 -1000 Message-Id: <6060dec1fc9d215f6b2ff9d6571bac802ac6a09b.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176041 From: Martin Jansa * the last patch added in: https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a doesn't apply cleanly. * fixes: ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected: Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch patching file libavcodec/vp3.c Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines). Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...c-stop-accessing-out-of-bounds-frame.patch | 19 ++++++++----------- ...c-stop-accessing-out-of-bounds-frame.patch | 7 ++----- ...-vp3-Add-missing-check-for-av_malloc.patch | 12 +++++------- 3 files changed, 15 insertions(+), 23 deletions(-) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch index 2775a81cc8..23573bb6b3 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch @@ -1,4 +1,4 @@ -From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001 +From ce25c03fb83395c0a8b5b8121182a486c4408dd4 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sat, 12 Nov 2022 16:12:00 +0100 Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame @@ -12,10 +12,10 @@ Signed-off-by: 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c -index d710eb4f82..4ced9523e2 100644 +index 337b1fa..3e97c87 100644 --- a/libavcodec/rpzaenc.c +++ b/libavcodec/rpzaenc.c -@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt +@@ -205,7 +205,7 @@ static void get_max_component_diff(BlockInfo *bi, uint16_t *block_ptr, // loop thru and compare pixels for (y = 0; y < bi->block_height; y++) { @@ -24,7 +24,7 @@ index d710eb4f82..4ced9523e2 100644 // TODO: optimize min_r = FFMIN(R(block_ptr[x]), min_r); min_g = FFMIN(G(block_ptr[x]), min_g); -@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi, +@@ -277,7 +277,7 @@ static int leastsquares(uint16_t *block_ptr, BlockInfo *bi, return -1; for (i = 0; i < bi->block_height; i++) { @@ -33,7 +33,7 @@ index d710eb4f82..4ced9523e2 100644 x = GET_CHAN(block_ptr[j], xchannel); y = GET_CHAN(block_ptr[j], ychannel); sumx += x; -@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi +@@ -324,7 +324,7 @@ static int calc_lsq_max_fit_error(uint16_t *block_ptr, BlockInfo *bi, int max_err = 0; for (i = 0; i < bi->block_height; i++) { @@ -42,7 +42,7 @@ index d710eb4f82..4ced9523e2 100644 int x_inc, lin_y, lin_x; x = GET_CHAN(block_ptr[j], xchannel); y = GET_CHAN(block_ptr[j], ychannel); -@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels, +@@ -419,7 +419,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels, uint16_t *dest_pixels, const BlockInfo *bi, int block_counter) { @@ -53,7 +53,7 @@ index d710eb4f82..4ced9523e2 100644 memcpy(dest_pixels, src_pixels, 8); dest_pixels += bi->rowstride; src_pixels += bi->rowstride; -@@ -730,14 +732,15 @@ post_skip : +@@ -729,14 +731,15 @@ post_skip : if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK uint16_t *row_ptr; @@ -72,7 +72,7 @@ index d710eb4f82..4ced9523e2 100644 rgb555 = row_ptr[x] & ~0x8000; put_bits(&s->pb, 16, rgb555); -@@ -745,6 +748,11 @@ post_skip : +@@ -744,6 +747,11 @@ post_skip : row_ptr += bi.rowstride; } @@ -84,6 +84,3 @@ index d710eb4f82..4ced9523e2 100644 block_counter++; } else { // FOUR COLOR BLOCK block_counter += encode_four_color_block(min_color, max_color, --- -2.34.1 - diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch index 923fc6a9c1..6e237fdd52 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch @@ -1,4 +1,4 @@ -From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001 +From d2f31887df2c42948dba7446c475026fdbc69336 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sat, 12 Nov 2022 15:19:21 +0100 Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame @@ -12,7 +12,7 @@ Signed-off-by: 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c -index f3d26a4e8d..33549b8ab4 100644 +index 52795ef..618dc4e 100644 --- a/libavcodec/smcenc.c +++ b/libavcodec/smcenc.c @@ -61,6 +61,7 @@ typedef struct SMCContext { @@ -103,6 +103,3 @@ index f3d26a4e8d..33549b8ab4 100644 blocks = coded_blocks; distinct = coded_distinct; --- -2.34.1 - diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch index 94858a6cdd..dca7c827e3 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch @@ -1,4 +1,4 @@ -From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001 +From ef748a8bd8720416b673e1743e5673a801e8279f Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang Date: Tue, 15 Feb 2022 17:58:08 +0800 Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc @@ -16,16 +16,17 @@ CVE: CVE-2022-3109 Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568] Signed-off-by: Narpat Mali + --- libavcodec/vp3.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c -index e9ab54d736..e2418eb6fa 100644 +index 5b9ba60..f1eccfe 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c -@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx, - AV_GET_BUFFER_FLAG_REF)) < 0) +@@ -2677,8 +2677,13 @@ static int vp3_decode_frame(AVCodecContext *avctx, + if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0) goto error; - if (!s->edge_emu_buffer) @@ -39,6 +40,3 @@ index e9ab54d736..e2418eb6fa 100644 if (s->keyframe) { if (!s->theora) { --- -2.34.1 - From patchwork Tue Jan 17 14:08:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18250 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E60DCC677F1 for ; Tue, 17 Jan 2023 14:09:04 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.196991.1673964539796302408 for ; Tue, 17 Jan 2023 06:09:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=JHD6nxeU; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id k18so9608318pll.5 for ; Tue, 17 Jan 2023 06:08:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VOq7cTz2grv+MgBOocKZkXj0xL9rJzwKz+x44wSV6oA=; b=JHD6nxeUp90wuk1oj26vrEvWSN5PVN/2n4YyXImINcvo+bQHbnCLsi+TzM8axlHrqA 9h5KYZFy/Yd64o8H1egF8I9DZrAiWYsaJ7VTQJQ+poxH3Y39W2yGUMKFsfWJA48nDP4S Ch3hm7MO5KdBbEbBarwvI0GxPCNbDWtac0vGV0jgr62jvXxkoTEJKhbeZy4BckknBSqy gutXljL7h0q5knyyJPY0/80DdYHWkYQXKzDMq96qy+G8g0J8xq0hIYDKHO0C3g0Q1oxA 3UcMnc1VJCxrhqxCWxilmkDgoGYdhj6DEs19/uBk6quGIjQcEIVm/AlU9XQqBGNF2bcp tFXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VOq7cTz2grv+MgBOocKZkXj0xL9rJzwKz+x44wSV6oA=; b=X+W0USTJ96vi5LtXF47bW6z3/f4EV/2mJARK0C1ozxcyJA+zZofg0WJWbNj3ZonCfv jfDcowhVT29KxDPj+W7+4S97RrCbSLMyax8zt3YQ70HEvU9jupqnHqa0QXuhDIrMLd+k oKugSTRq8m6eDL9VhCs8sI1t4B5Ow9BLgPxJf6u9orp7O0RpaO53AAZx7jll6XToA0Wz AlbvABp/4hgX7fcYJJbNK3Pnlu9yKr5JEilVEC0yBJssYD1B/A1unVwWyH7zAIDY62Sb sXSvw9CE6r9w+wzLckA7b9z+UlAT4ccOPhdg9oAJg9E4qP8dQcsGxYROaJ+kqetU4GeC GQPA== X-Gm-Message-State: AFqh2kplH1i9LVTTkSlUrecStb+RFVMz6cVYJRSmyIxC3W8R59LZqbp3 mp7v8Ac7pa1d2t3/yJjDk1YZJ6E9t4WbhVUUNqw= X-Google-Smtp-Source: AMrXdXv7RxsLv4CNfQKF0oRvYM1jVqYqu4wT9pJ85Cyoyztu9XC1jmiVAC4I8mVIHoThI9NkdZXABQ== X-Received: by 2002:a17:903:1204:b0:194:91e6:1e69 with SMTP id l4-20020a170903120400b0019491e61e69mr3859040plh.12.1673964538740; Tue, 17 Jan 2023 06:08:58 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.08.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:08:58 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 2/9] qemu: Fix CVE-2022-4144 Date: Tue, 17 Jan 2023 04:08:38 -1000 Message-Id: <4cb3874abf4fdeb04337a48a14c765ba9b2269d4.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176039 From: Bhabu Bindu Add patch to fix CVE-2022-4144 Link: https://security-tracker.debian.org/tracker/CVE-2022-4144 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2022-4144.patch | 99 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index cc9681fb4b..b68be447f1 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -92,6 +92,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0020-target-ppc-move-xs-n-madd-am-ds-p-xs-n-msub-am-ds-p-.patch \ file://0021-target-ppc-implement-xs-n-maddqp-o-xs-n-msubqp-o.patch \ file://CVE-2022-3165.patch \ + file://CVE-2022-4144.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch new file mode 100644 index 0000000000..96052a19e8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch @@ -0,0 +1,99 @@ +From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Mon, 28 Nov 2022 21:27:40 +0100 +Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt + (CVE-2022-4144) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Have qxl_get_check_slot_offset() return false if the requested +buffer size does not fit within the slot memory region. + +Similarly qxl_phys2virt() now returns NULL in such case, and +qxl_dirty_one_surface() aborts. + +This avoids buffer overrun in the host pointer returned by +memory_region_get_ram_ptr(). + +Fixes: CVE-2022-4144 (out-of-bounds read) +Reported-by: Wenxu Yin (@awxylitol) +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 + +CVE: CVE-2022-4144 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622] +Comments: Deleted patch hunk in qxl.h,as it contains change +in comments which is not present in current version of qemu + +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Stefan Hajnoczi +Message-Id: <20221128202741.4945-5-philmd@linaro.org> +Signed-off-by: Bhabu Bindu +--- + hw/display/qxl.c | 27 +++++++++++++++++++++++---- + 1 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index 231d733250..0b21626aad 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) + + /* can be also called from spice server thread context */ + static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, +- uint32_t *s, uint64_t *o) ++ uint32_t *s, uint64_t *o, ++ size_t size_requested) + { + uint64_t phys = le64_to_cpu(pqxl); + uint32_t slot = (phys >> (64 - 8)) & 0xff; + uint64_t offset = phys & 0xffffffffffff; ++ uint64_t size_available; + + if (slot >= NUM_MEMSLOTS) { + qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, +@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + slot, offset, qxl->guest_slots[slot].size); + return false; + } ++ size_available = memory_region_size(qxl->guest_slots[slot].mr); ++ if (qxl->guest_slots[slot].offset + offset >= size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n", ++ slot, qxl->guest_slots[slot].offset + offset, ++ size_available); ++ return false; ++ } ++ size_available -= qxl->guest_slots[slot].offset + offset; ++ if (size_requested > size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" size %zu: " ++ "overrun by %"PRIu64" bytes\n", ++ slot, offset, size_requested, ++ size_requested - size_available); ++ return false; ++ } + + *s = slot; + *o = offset; +@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id, + offset = le64_to_cpu(pqxl) & 0xffffffffffff; + return (void *)(intptr_t)offset; + case MEMSLOT_GROUP_GUEST: +- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { ++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { + return NULL; + } + ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); +@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + uint32_t slot; + bool rc; + +- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); +- assert(rc == true); + size = (uint64_t)height * abs(stride); ++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); ++ assert(rc == true); + trace_qxl_surfaces_dirty(qxl->id, offset, size); + qxl_set_dirty(qxl->guest_slots[slot].mr, + qxl->guest_slots[slot].offset + offset, From patchwork Tue Jan 17 14:08:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18247 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 025CAC678D7 for ; Tue, 17 Jan 2023 14:09:05 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web11.197079.1673964535072720118 for ; Tue, 17 Jan 2023 06:09:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=DMok5Ek4; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id q23-20020a17090a065700b002290913a521so15000449pje.5 for ; Tue, 17 Jan 2023 06:09:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CDoRjFpad+CPJM0jCkDPvybCoyCHc/SHvMJugMa7dXw=; b=DMok5Ek4uSDBcsBEx9oyzBfaFObZm91I2zQASnfK6P+rnCp0RYYp4qCd63M4KbcOxZ 5tqh0J6YPvGenKMP17CYWnMalUN0AwQ/iULwEAHODwZ85pBE1rxuETn0V1Sl3MoPggJA fGnz0RMWPNZooMaMYQkFtuFBuQEmXD3dl0wujtJ8iK2iQ/PIpCLqXYgoU+PBRNXkZ7WF gW3mJCK1phDs6qE591Eqt4WElub4bITBJFgDjUUiG+KM3mBoHQOLrFgBqP+oKBYwtrFV 8Z58i9dge8tioJiLRpTAhzOSTN8vWsNOZsUPP6diNmwKJ+XSveTUg/cUU5Nm6IQH/Uwm jlmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CDoRjFpad+CPJM0jCkDPvybCoyCHc/SHvMJugMa7dXw=; b=xMJoNbJRRmF8vzuUkfl6aTcE1mk0tDP8R2dDo0KPSUvhBLph7Qkq0QIiyi3OG+POAG Kc8hkq/vPb9FmEEeGe6n+ToiDR5u9VdPNfHfa1EVpBnqH4RxjayvsQYrIqRDfuy316QW /W5NJYkm/RAAhs19ZBafVnF0MzPhzeqEAu1BlRwaZeHLB11l0ySJOwswfFjw+qSLcalU E+jzqTEwpcEfgLa4DZDl6kZ6MeIP2Q3xH4xwFb1f1G0lPvVsEUaOFMdihV6Vy9wZjvmV hcLDOPWY2cJ8Wcc/LhckMNaDGEuQv8a0W/faiQXVDhz+sFggNNTY+fqWCBTkJR7wzcc3 A8tw== X-Gm-Message-State: AFqh2koOblcKmSx1DFHjkjiKf1FTHr0QccR/FXsk6/GTABfjxUl38MtO NAIHtkigKC/PdOa/jYB/+KvVqL+qoIZMtOQbW6o= X-Google-Smtp-Source: AMrXdXtLXRCxSkCh+9AgMZQqykkC0qTSvJ/C/oxD3ULIZ5vYnlW6c484iwka5mSeUWPFmOJeHbll4Q== X-Received: by 2002:a17:903:40cc:b0:194:9ae9:8700 with SMTP id t12-20020a17090340cc00b001949ae98700mr3393064pld.59.1673964540647; Tue, 17 Jan 2023 06:09:00 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.08.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:00 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 3/9] python3-setuptools: fix for CVE-2022-40897 Date: Tue, 17 Jan 2023 04:08:39 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176040 From: Narpat Mali Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVE: CVE-2022-40897 Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be] Signed-off-by: Narpat Mali Signed-off-by: Steve Sakoman --- ...-of-whitespace-to-search-backtrack.-.patch | 31 +++++++++++++++++++ .../python/python3-setuptools_59.5.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch diff --git a/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch b/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch new file mode 100644 index 0000000000..20a13da7bc --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch @@ -0,0 +1,31 @@ +From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001 +From: Narpat Mali +Date: Mon, 9 Jan 2023 14:45:05 +0000 +Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes + #3659. + +CVE: CVE-2022-40897 + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be] + +Signed-off-by: Narpat Mali +--- + setuptools/package_index.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index 270e7f3..e93fcc6 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -197,7 +197,7 @@ def unique_values(func): + return wrapper + + +-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I) ++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I) + # this line is here to fix emacs' cruddy broken syntax highlighting + + +-- +2.34.1 + diff --git a/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb b/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb index f2810e18d3..5f2676a04a 100644 --- a/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb +++ b/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb @@ -11,6 +11,7 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e SRC_URI += "\ file://0001-change-shebang-to-python3.patch \ file://0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch \ + file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \ " SRC_URI[sha256sum] = "d144f85102f999444d06f9c0e8c737fd0194f10f2f7e5fdb77573f6e2fa4fad0" From patchwork Tue Jan 17 14:08:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18249 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA024C63797 for ; Tue, 17 Jan 2023 14:09:04 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.196991.1673964539796302408 for ; Tue, 17 Jan 2023 06:09:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ErjrPIXd; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id k18so9608515pll.5 for ; Tue, 17 Jan 2023 06:09:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lh6vq5CF0VwNgINokrSPSrKjjxUpGsTg3CHyEJU+css=; b=ErjrPIXdsrZYKWF0bS57I+dD+VetRXI9hEN7HTRBhOUyr4fCaPqRPMbSqGCe2slLIK 3UywkKq+c9cb8piPJD+cztiBZcEufdTNZzjo3BmFpGEVyEEQAiiQVt3Ba8TidQ7M6cig y/tm18k56md5iyGmP4cjAtFwK6VYxp+nBMyzV5KvUyaBz0hOodZOtVgGZuVQsHwfM0KF kqckyGhFwmTwAgqJA0hdurhOueJSCezPrp30k6mSc7q4BpNt20eH2oq9YwFUp9tWzrVC cfC4zur1meuLfjPE4B5H1baPgrGX1AnQC9dwOqpEp2T2ZuIBHkDt98j9Xo9SjQr5hQDv nnCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lh6vq5CF0VwNgINokrSPSrKjjxUpGsTg3CHyEJU+css=; b=AZcG66bFpgmVhTJHfShixwLtXyB9MTvf90ynZ/IXPdglT2yHO3rd/nBDxvIrfQGnF4 WiQanFINg1/0FB6rAE3+rXwuxpsYrPi1mCp2eujBneCGyp6chGD9D/TUEsdhc7VZU7Bq ogLHK+8phMKObqV5BUhKYQ461AV17re4WxMLTv7t1IN3vAukVZUbZPKjY4yrzMnEMLr9 Tgz7C/ml0R2mA4XxYQKUeF1YnUE/Xf6Gh4Ig0HU2ZTAHqnBNoast2eWUtYquiPtjEzZE lTJc7Tw76Dn6Z+1KZ7LWOAO5ygh30ex/9lQcIcbEE8b3/e+XVBcUEe0LFd3krfdWdnnk lupQ== X-Gm-Message-State: AFqh2kpmj+/UkpQSn7kKFbk1x5oflkxiT9XruyWpFqx1t4rzHpYUbAlR 8dXngOs6f+X3lUNf6waA6ixHloa8I6QhfgCUY30= X-Google-Smtp-Source: AMrXdXuSCpoCPfMEFzRSA1WFc5c2o7ctfxImrbGW+GdJizvQBLbz8X4ZouVYIXeSW2ATBkps8GFXQA== X-Received: by 2002:a17:903:48d:b0:187:1b7a:6930 with SMTP id jj13-20020a170903048d00b001871b7a6930mr3734390plb.6.1673964542558; Tue, 17 Jan 2023 06:09:02 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:02 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 4/9] python3-wheel: fix for CVE-2022-40898 Date: Tue, 17 Jan 2023 04:08:40 -1000 Message-Id: <0974291e545aec68755dfb634c75dca37cca1ea9.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176042 From: Narpat Mali An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. CVE: CVE-2022-40898 Upstream-Status: Backport [https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0] Signed-off-by: Narpat Mali --- ...tential-DoS-attack-via-WHEEL_INFO_RE.patch | 32 +++++++++++++++++++ .../python/python3-wheel_0.37.1.bb | 4 ++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch diff --git a/meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch b/meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch new file mode 100644 index 0000000000..bdaae7dd10 --- /dev/null +++ b/meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch @@ -0,0 +1,32 @@ +From a9a0d67a663f20b69903751c23851dd4cd6b49d4 Mon Sep 17 00:00:00 2001 +From: Narpat Mali +Date: Wed, 11 Jan 2023 07:45:57 +0000 +Subject: [PATCH] Fixed potential DoS attack via WHEEL_INFO_RE + +CVE: CVE-2022-40898 + +Upstream-Status: Backport [https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0] + +Signed-off-by: Narpat Mali +--- + src/wheel/wheelfile.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/wheel/wheelfile.py b/src/wheel/wheelfile.py +index 21e7361..ff06edf 100644 +--- a/src/wheel/wheelfile.py ++++ b/src/wheel/wheelfile.py +@@ -27,8 +27,8 @@ else: + # Non-greedy matching of an optional build number may be too clever (more + # invalid wheel filenames will match). Separate regex for .dist-info? + WHEEL_INFO_RE = re.compile( +- r"""^(?P(?P.+?)-(?P.+?))(-(?P\d[^-]*))? +- -(?P.+?)-(?P.+?)-(?P.+?)\.whl$""", ++ r"""^(?P(?P[^-]+?)-(?P[^-]+?))(-(?P\d[^-]*))? ++ -(?P[^-]+?)-(?P[^-]+?)-(?P[^.]+?)\.whl$""", + re.VERBOSE) + + +-- +2.32.0 + diff --git a/meta/recipes-devtools/python/python3-wheel_0.37.1.bb b/meta/recipes-devtools/python/python3-wheel_0.37.1.bb index 2f7dd122ba..3ee03ddd36 100644 --- a/meta/recipes-devtools/python/python3-wheel_0.37.1.bb +++ b/meta/recipes-devtools/python/python3-wheel_0.37.1.bb @@ -8,7 +8,9 @@ SRC_URI[sha256sum] = "e9a504e793efbca1b8e0e9cb979a249cf4a0a7b5b8c9e8b65a5e39d495 inherit python_flit_core pypi -SRC_URI += " file://0001-Backport-pyproject.toml-from-flit-backend-branch.patch" +SRC_URI += "file://0001-Backport-pyproject.toml-from-flit-backend-branch.patch \ + file://0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch \ + " BBCLASSEXTEND = "native nativesdk" From patchwork Tue Jan 17 14:08:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3943C678D4 for ; Tue, 17 Jan 2023 14:09:14 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web11.197088.1673964546165434294 for ; Tue, 17 Jan 2023 06:09:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=IorSTXHu; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9so33621011pll.9 for ; Tue, 17 Jan 2023 06:09:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=c31qqQJVM3a5IoV3hqDT/29UntED0QwvAlKuBr5nJZc=; b=IorSTXHuBi8lSIvMTnpC/frZlQjzpfdpJ3NwNCu+lEu0mQYAtKWbtk0wHn7mVA+Npd Z4F2FcsOOs/nuG13XJX7UWBaX5FYPUR83nmhpVRHRy4QXJR3qAohZafkUeaZ6kEwhqdM vO6hTQFOF50S3FQI9yfnRP6abmWuz/w1FIAd9zj7PHC3pkxSdoqH6IFxiqy4DcNJ52rX vtH1JMkFIOfXBrzV5MyVsGhs4Qc4v0t3D6DF4WDIAR43wN0/BqopQe4/3bqbvrMETVTC LTcsUPO91oz2w5ZncBzrJhqqgfc5+P2XPqtDtSiF6lPGwXx8QlWZuO5b0vSkh0ijpRxr r6iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c31qqQJVM3a5IoV3hqDT/29UntED0QwvAlKuBr5nJZc=; b=el+pkYaHf9Pg9QMw0bRMgM6nAf5vaJetPra3/EffTdxiay7Ji2ElZpO+OwWuqqPCQ7 P/XU10H0PH5StJ2dTkLpXAtp9NkZObWmQAVbWkbUWF2SX8pFfqSql0lngpGovTXW1N5/ ykNCy81EHq1NPj+Km8pSHGPhKr2PnVa+3gG0ld3PsLsZYxjEHAECciLXBMEGLa5MD+iP FdulEohqZXs0l839u5I5nL7U3sjgCFOV4hH608aAJK5nL/MxuQroZ+nE+H16eSax54tn yUK6FL4ty1ST5ljDlRFRbFwZetRsUtEeAjIo4PpnTeC2l5sxTB6ffDtYWkkg0y586fd9 J1bg== X-Gm-Message-State: AFqh2kpFMMh/fyVybhDFRuNmqlgpSCBdu2bGPhajxYmvKvzDV1OfQQ7a 7vHPa/sP/4RYj4I+Y9LOxE24IRDEQdOAJDyV/MM= X-Google-Smtp-Source: AMrXdXsCPh57qX05umMWp2BhKGKJ6mhm4dDc2wmoUBPwT3AhZlGymisMFHGjeLt2MvqQmsXepi01cg== X-Received: by 2002:a17:902:b496:b0:192:aecb:232b with SMTP id y22-20020a170902b49600b00192aecb232bmr4012356plr.18.1673964544646; Tue, 17 Jan 2023 06:09:04 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:04 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 5/9] python3-git: fix for CVE-2022-24439 Date: Tue, 17 Jan 2023 04:08:41 -1000 Message-Id: <55f93e3786290dfa5ac72b5969bb2793f6a98bde.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176043 From: Narpat Mali All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. CVE: CVE-2022-24439 Upstream-Status: Backport Reference: https://github.com/gitpython-developers/GitPython/discussions/1529 https://github.com/gitpython-developers/GitPython/pull/1518 https://github.com/gitpython-developers/GitPython/pull/1521 Signed-off-by: Narpat Mali --- ...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 ++++ ...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++ .../python/python3-git_3.1.27.bb | 4 + 3 files changed, 589 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch diff --git a/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch b/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch new file mode 100644 index 0000000000..16192b22c7 --- /dev/null +++ b/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch @@ -0,0 +1,97 @@ +From 6ebe9231cd34dacd32a964859bc509aaa1e3f5fd Mon Sep 17 00:00:00 2001 +From: Narpat Mali +Date: Fri, 6 Jan 2023 14:13:10 +0000 +Subject: [PATCH] python3-git: CVE-2022-24439 fix from PR 1518 + +Fix command injection +Add `--` in some commands that receive user input +and if interpreted as options could lead to remote +code execution (RCE). + +There may be more commands that could benefit from `--` +so the input is never interpreted as an option, +but most of those aren't dangerous. + +Fixed commands: + +- push +- pull +- fetch +- clone/clone_from and friends +- archive (not sure if this one can be exploited, but it doesn't hurt + adding `--` :)) + +For anyone using GitPython and exposing any of the GitPython methods to users, +make sure to always validate the input (like if starts with `--`). +And for anyone allowing users to pass arbitrary options, be aware +that some options may lead fo RCE, like `--exc`, `--upload-pack`, +`--receive-pack`, `--config` (#1516). + +Ref #1517 + +CVE: CVE-2022-24439 + +Upstream-Status: Backport [https://github.com/gitpython-developers/GitPython/pull/1518] + +Signed-off-by: Narpat Mali +--- + git/remote.py | 6 +++--- + git/repo/base.py | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/git/remote.py b/git/remote.py +index 56f3c5b..59681bc 100644 +--- a/git/remote.py ++++ b/git/remote.py +@@ -881,7 +881,7 @@ class Remote(LazyMixin, IterableObj): + else: + args = [refspec] + +- proc = self.repo.git.fetch(self, *args, as_process=True, with_stdout=False, ++ proc = self.repo.git.fetch("--", self, *args, as_process=True, with_stdout=False, + universal_newlines=True, v=verbose, **kwargs) + res = self._get_fetch_info_from_stderr(proc, progress, + kill_after_timeout=kill_after_timeout) +@@ -905,7 +905,7 @@ class Remote(LazyMixin, IterableObj): + # No argument refspec, then ensure the repo's config has a fetch refspec. + self._assert_refspec() + kwargs = add_progress(kwargs, self.repo.git, progress) +- proc = self.repo.git.pull(self, refspec, with_stdout=False, as_process=True, ++ proc = self.repo.git.pull("--", self, refspec, with_stdout=False, as_process=True, + universal_newlines=True, v=True, **kwargs) + res = self._get_fetch_info_from_stderr(proc, progress, + kill_after_timeout=kill_after_timeout) +@@ -945,7 +945,7 @@ class Remote(LazyMixin, IterableObj): + If the operation fails completely, the length of the returned IterableList will + be 0.""" + kwargs = add_progress(kwargs, self.repo.git, progress) +- proc = self.repo.git.push(self, refspec, porcelain=True, as_process=True, ++ proc = self.repo.git.push("--", self, refspec, porcelain=True, as_process=True, + universal_newlines=True, + kill_after_timeout=kill_after_timeout, + **kwargs) +diff --git a/git/repo/base.py b/git/repo/base.py +index 7713c91..f14f929 100644 +--- a/git/repo/base.py ++++ b/git/repo/base.py +@@ -1072,7 +1072,7 @@ class Repo(object): + multi = None + if multi_options: + multi = shlex.split(' '.join(multi_options)) +- proc = git.clone(multi, Git.polish_url(str(url)), clone_path, with_extended_output=True, as_process=True, ++ proc = git.clone("--", multi, Git.polish_url(str(url)), clone_path, with_extended_output=True, as_process=True, + v=True, universal_newlines=True, **add_progress(kwargs, git, progress)) + if progress: + handle_process_output(proc, None, to_progress_instance(progress).new_message_handler(), +@@ -1173,7 +1173,7 @@ class Repo(object): + if not isinstance(path, (tuple, list)): + path = [path] + # end assure paths is list +- self.git.archive(treeish, *path, **kwargs) ++ self.git.archive("--", treeish, *path, **kwargs) + return self + + def has_separate_working_tree(self) -> bool: +-- +2.34.1 + diff --git a/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch b/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch new file mode 100644 index 0000000000..e3e66ec450 --- /dev/null +++ b/meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch @@ -0,0 +1,488 @@ +From fe9b71628767610a238e47cd46b82d411a7e871a Mon Sep 17 00:00:00 2001 +From: Narpat Mali +Date: Sat, 7 Jan 2023 17:16:57 +0000 +Subject: [PATCH] python3-git: CVE-2022-24439 fix from PR 1521 + +Forbid unsafe protocol URLs in Repo.clone{,_from}() +Since the URL is passed directly to git clone, and the remote-ext helper +will happily execute shell commands, so by default disallow URLs that +contain a "::" unless a new unsafe_protocols kwarg is passed. +(CVE-2022-24439) + +Fixes #1515 + +CVE: CVE-2022-24439 + +Upstream-Status: Backport [https://github.com/gitpython-developers/GitPython/pull/1521] + +Signed-off-by: Narpat Mali +--- + git/cmd.py | 51 ++++++++++++++++++++++++-- + git/exc.py | 8 ++++ + git/objects/submodule/base.py | 19 ++++++---- + git/remote.py | 69 +++++++++++++++++++++++++++++++---- + git/repo/base.py | 44 ++++++++++++++++++---- + 5 files changed, 166 insertions(+), 25 deletions(-) + +diff --git a/git/cmd.py b/git/cmd.py +index 4f05698..77026d6 100644 +--- a/git/cmd.py ++++ b/git/cmd.py +@@ -4,6 +4,7 @@ + # This module is part of GitPython and is released under + # the BSD License: http://www.opensource.org/licenses/bsd-license.php + from __future__ import annotations ++import re + from contextlib import contextmanager + import io + import logging +@@ -31,7 +32,9 @@ from git.util import is_cygwin_git, cygpath, expand_path, remove_password_if_pre + + from .exc import ( + GitCommandError, +- GitCommandNotFound ++ GitCommandNotFound, ++ UnsafeOptionError, ++ UnsafeProtocolError + ) + from .util import ( + LazyMixin, +@@ -225,6 +228,8 @@ class Git(LazyMixin): + + _excluded_ = ('cat_file_all', 'cat_file_header', '_version_info') + ++ re_unsafe_protocol = re.compile("(.+)::.+") ++ + def __getstate__(self) -> Dict[str, Any]: + return slots_to_dict(self, exclude=self._excluded_) + +@@ -400,6 +405,44 @@ class Git(LazyMixin): + url = url.replace("\\\\", "\\").replace("\\", "/") + return url + ++ @classmethod ++ def check_unsafe_protocols(cls, url: str) -> None: ++ """ ++ Check for unsafe protocols. ++ Apart from the usual protocols (http, git, ssh), ++ Git allows "remote helpers" that have the form `::
`, ++ one of these helpers (`ext::`) can be used to invoke any arbitrary command. ++ See: ++ - https://git-scm.com/docs/gitremote-helpers ++ - https://git-scm.com/docs/git-remote-ext ++ """ ++ match = cls.re_unsafe_protocol.match(url) ++ if match: ++ protocol = match.group(1) ++ raise UnsafeProtocolError( ++ f"The `{protocol}::` protocol looks suspicious, use `allow_unsafe_protocols=True` to allow it." ++ ) ++ ++ @classmethod ++ def check_unsafe_options(cls, options: List[str], unsafe_options: List[str]) -> None: ++ """ ++ Check for unsafe options. ++ Some options that are passed to `git ` can be used to execute ++ arbitrary commands, this are blocked by default. ++ """ ++ # Options can be of the form `foo` or `--foo bar` `--foo=bar`, ++ # so we need to check if they start with "--foo" or if they are equal to "foo". ++ bare_unsafe_options = [ ++ option.lstrip("-") ++ for option in unsafe_options ++ ] ++ for option in options: ++ for unsafe_option, bare_option in zip(unsafe_options, bare_unsafe_options): ++ if option.startswith(unsafe_option) or option == bare_option: ++ raise UnsafeOptionError( ++ f"{unsafe_option} is not allowed, use `allow_unsafe_options=True` to allow it." ++ ) ++ + class AutoInterrupt(object): + """Kill/Interrupt the stored process instance once this instance goes out of scope. It is + used to prevent processes piling up in case iterators stop reading. +@@ -1068,12 +1111,12 @@ class Git(LazyMixin): + return args + + @classmethod +- def __unpack_args(cls, arg_list: Sequence[str]) -> List[str]: ++ def _unpack_args(cls, arg_list: Sequence[str]) -> List[str]: + + outlist = [] + if isinstance(arg_list, (list, tuple)): + for arg in arg_list: +- outlist.extend(cls.__unpack_args(arg)) ++ outlist.extend(cls._unpack_args(arg)) + else: + outlist.append(str(arg_list)) + +@@ -1154,7 +1197,7 @@ class Git(LazyMixin): + # Prepare the argument list + + opt_args = self.transform_kwargs(**opts_kwargs) +- ext_args = self.__unpack_args([a for a in args if a is not None]) ++ ext_args = self._unpack_args([a for a in args if a is not None]) + + if insert_after_this_arg is None: + args_list = opt_args + ext_args +diff --git a/git/exc.py b/git/exc.py +index e8ff784..5c96db2 100644 +--- a/git/exc.py ++++ b/git/exc.py +@@ -36,6 +36,14 @@ class NoSuchPathError(GitError, OSError): + """ Thrown if a path could not be access by the system. """ + + ++class UnsafeProtocolError(GitError): ++ """Thrown if unsafe protocols are passed without being explicitly allowed.""" ++ ++ ++class UnsafeOptionError(GitError): ++ """Thrown if unsafe options are passed without being explicitly allowed.""" ++ ++ + class CommandError(GitError): + """Base class for exceptions thrown at every stage of `Popen()` execution. + +diff --git a/git/objects/submodule/base.py b/git/objects/submodule/base.py +index f782045..deb224e 100644 +--- a/git/objects/submodule/base.py ++++ b/git/objects/submodule/base.py +@@ -264,7 +264,8 @@ class Submodule(IndexObject, TraversableIterableObj): + # end + + @classmethod +- def _clone_repo(cls, repo: 'Repo', url: str, path: PathLike, name: str, **kwargs: Any) -> 'Repo': ++ def _clone_repo(cls, repo: 'Repo', url: str, path: PathLike, name: str, ++ allow_unsafe_options: bool = False, allow_unsafe_protocols: bool = False,**kwargs: Any) -> 'Repo': + """:return: Repo instance of newly cloned repository + :param repo: our parent repository + :param url: url to clone from +@@ -281,7 +282,8 @@ class Submodule(IndexObject, TraversableIterableObj): + module_checkout_path = osp.join(str(repo.working_tree_dir), path) + # end + +- clone = git.Repo.clone_from(url, module_checkout_path, **kwargs) ++ clone = git.Repo.clone_from(url, module_checkout_path, allow_unsafe_options=allow_unsafe_options, ++ allow_unsafe_protocols=allow_unsafe_protocols, **kwargs) + if cls._need_gitfile_submodules(repo.git): + cls._write_git_file_and_module_config(module_checkout_path, module_abspath) + # end +@@ -338,8 +340,8 @@ class Submodule(IndexObject, TraversableIterableObj): + @classmethod + def add(cls, repo: 'Repo', name: str, path: PathLike, url: Union[str, None] = None, + branch: Union[str, None] = None, no_checkout: bool = False, depth: Union[int, None] = None, +- env: Union[Mapping[str, str], None] = None, clone_multi_options: Union[Sequence[TBD], None] = None +- ) -> 'Submodule': ++ env: Union[Mapping[str, str], None] = None, clone_multi_options: Union[Sequence[TBD], None] = None, ++ allow_unsafe_options: bool = False, allow_unsafe_protocols: bool = False,) -> 'Submodule': + """Add a new submodule to the given repository. This will alter the index + as well as the .gitmodules file, but will not create a new commit. + If the submodule already exists, no matter if the configuration differs +@@ -447,7 +449,8 @@ class Submodule(IndexObject, TraversableIterableObj): + kwargs['multi_options'] = clone_multi_options + + # _clone_repo(cls, repo, url, path, name, **kwargs): +- mrepo = cls._clone_repo(repo, url, path, name, env=env, **kwargs) ++ mrepo = cls._clone_repo(repo, url, path, name, env=env, allow_unsafe_options=allow_unsafe_options, ++ allow_unsafe_protocols=allow_unsafe_protocols, **kwargs) + # END verify url + + ## See #525 for ensuring git urls in config-files valid under Windows. +@@ -484,7 +487,8 @@ class Submodule(IndexObject, TraversableIterableObj): + def update(self, recursive: bool = False, init: bool = True, to_latest_revision: bool = False, + progress: Union['UpdateProgress', None] = None, dry_run: bool = False, + force: bool = False, keep_going: bool = False, env: Union[Mapping[str, str], None] = None, +- clone_multi_options: Union[Sequence[TBD], None] = None) -> 'Submodule': ++ clone_multi_options: Union[Sequence[TBD], None] = None, allow_unsafe_options: bool = False, ++ allow_unsafe_protocols: bool = False) -> 'Submodule': + """Update the repository of this submodule to point to the checkout + we point at with the binsha of this instance. + +@@ -585,7 +589,8 @@ class Submodule(IndexObject, TraversableIterableObj): + (self.url, checkout_module_abspath, self.name)) + if not dry_run: + mrepo = self._clone_repo(self.repo, self.url, self.path, self.name, n=True, env=env, +- multi_options=clone_multi_options) ++ multi_options=clone_multi_options, allow_unsafe_options=allow_unsafe_options, ++ allow_unsafe_protocols=allow_unsafe_protocols) + # END handle dry-run + progress.update(END | CLONE, 0, 1, prefix + "Done cloning to %s" % checkout_module_abspath) + +diff --git a/git/remote.py b/git/remote.py +index 59681bc..cea6b99 100644 +--- a/git/remote.py ++++ b/git/remote.py +@@ -473,6 +473,23 @@ class Remote(LazyMixin, IterableObj): + __slots__ = ("repo", "name", "_config_reader") + _id_attribute_ = "name" + ++ unsafe_git_fetch_options = [ ++ # This option allows users to execute arbitrary commands. ++ # https://git-scm.com/docs/git-fetch#Documentation/git-fetch.txt---upload-packltupload-packgt ++ "--upload-pack", ++ ] ++ unsafe_git_pull_options = [ ++ # This option allows users to execute arbitrary commands. ++ # https://git-scm.com/docs/git-pull#Documentation/git-pull.txt---upload-packltupload-packgt ++ "--upload-pack" ++ ] ++ unsafe_git_push_options = [ ++ # This option allows users to execute arbitrary commands. ++ # https://git-scm.com/docs/git-push#Documentation/git-push.txt---execltgit-receive-packgt ++ "--receive-pack", ++ "--exec", ++ ] ++ + def __init__(self, repo: 'Repo', name: str) -> None: + """Initialize a remote instance + +@@ -549,7 +566,8 @@ class Remote(LazyMixin, IterableObj): + yield Remote(repo, section[lbound + 1:rbound]) + # END for each configuration section + +- def set_url(self, new_url: str, old_url: Optional[str] = None, **kwargs: Any) -> 'Remote': ++ def set_url(self, new_url: str, old_url: Optional[str] = None, ++ allow_unsafe_protocols: bool = False, **kwargs: Any) -> 'Remote': + """Configure URLs on current remote (cf command git remote set_url) + + This command manages URLs on the remote. +@@ -558,15 +576,17 @@ class Remote(LazyMixin, IterableObj): + :param old_url: when set, replaces this URL with new_url for the remote + :return: self + """ ++ if not allow_unsafe_protocols: ++ Git.check_unsafe_protocols(new_url) + scmd = 'set-url' + kwargs['insert_kwargs_after'] = scmd + if old_url: +- self.repo.git.remote(scmd, self.name, new_url, old_url, **kwargs) ++ self.repo.git.remote(scmd, "--", self.name, new_url, old_url, **kwargs) + else: +- self.repo.git.remote(scmd, self.name, new_url, **kwargs) ++ self.repo.git.remote(scmd, "--", self.name, new_url, **kwargs) + return self + +- def add_url(self, url: str, **kwargs: Any) -> 'Remote': ++ def add_url(self, url: str, allow_unsafe_protocols: bool = False, **kwargs: Any) -> 'Remote': + """Adds a new url on current remote (special case of git remote set_url) + + This command adds new URLs to a given remote, making it possible to have +@@ -575,7 +595,7 @@ class Remote(LazyMixin, IterableObj): + :param url: string being the URL to add as an extra remote URL + :return: self + """ +- return self.set_url(url, add=True) ++ return self.set_url(url, add=True, allow_unsafe_protocols=allow_unsafe_protocols) + + def delete_url(self, url: str, **kwargs: Any) -> 'Remote': + """Deletes a new url on current remote (special case of git remote set_url) +@@ -667,7 +687,7 @@ class Remote(LazyMixin, IterableObj): + return out_refs + + @ classmethod +- def create(cls, repo: 'Repo', name: str, url: str, **kwargs: Any) -> 'Remote': ++ def create(cls, repo: 'Repo', name: str, url: str, allow_unsafe_protocols: bool = False, *kwargs: Any) -> 'Remote': + """Create a new remote to the given repository + :param repo: Repository instance that is to receive the new remote + :param name: Desired name of the remote +@@ -677,7 +697,10 @@ class Remote(LazyMixin, IterableObj): + :raise GitCommandError: in case an origin with that name already exists""" + scmd = 'add' + kwargs['insert_kwargs_after'] = scmd +- repo.git.remote(scmd, name, Git.polish_url(url), **kwargs) ++ url = Git.polish_url(url) ++ if not allow_unsafe_protocols: ++ Git.check_unsafe_protocols(url) ++ repo.git.remote(scmd, "--", name, url, **kwargs) + return cls(repo, name) + + # add is an alias +@@ -840,6 +863,8 @@ class Remote(LazyMixin, IterableObj): + progress: Union[RemoteProgress, None, 'UpdateProgress'] = None, + verbose: bool = True, + kill_after_timeout: Union[None, float] = None, ++ allow_unsafe_protocols: bool = False, ++ allow_unsafe_options: bool = False, + **kwargs: Any) -> IterableList[FetchInfo]: + """Fetch the latest changes for this remote + +@@ -881,6 +906,14 @@ class Remote(LazyMixin, IterableObj): + else: + args = [refspec] + ++ if not allow_unsafe_protocols: ++ for ref in args: ++ if ref: ++ Git.check_unsafe_protocols(ref) ++ ++ if not allow_unsafe_options: ++ Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_fetch_options) ++ + proc = self.repo.git.fetch("--", self, *args, as_process=True, with_stdout=False, + universal_newlines=True, v=verbose, **kwargs) + res = self._get_fetch_info_from_stderr(proc, progress, +@@ -892,6 +925,8 @@ class Remote(LazyMixin, IterableObj): + def pull(self, refspec: Union[str, List[str], None] = None, + progress: Union[RemoteProgress, 'UpdateProgress', None] = None, + kill_after_timeout: Union[None, float] = None, ++ allow_unsafe_protocols: bool = False, ++ allow_unsafe_options: bool = False, + **kwargs: Any) -> IterableList[FetchInfo]: + """Pull changes from the given branch, being the same as a fetch followed + by a merge of branch with your local branch. +@@ -905,6 +940,15 @@ class Remote(LazyMixin, IterableObj): + # No argument refspec, then ensure the repo's config has a fetch refspec. + self._assert_refspec() + kwargs = add_progress(kwargs, self.repo.git, progress) ++ ++ refspec = Git._unpack_args(refspec or []) ++ if not allow_unsafe_protocols: ++ for ref in refspec: ++ Git.check_unsafe_protocols(ref) ++ ++ if not allow_unsafe_options: ++ Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_pull_options) ++ + proc = self.repo.git.pull("--", self, refspec, with_stdout=False, as_process=True, + universal_newlines=True, v=True, **kwargs) + res = self._get_fetch_info_from_stderr(proc, progress, +@@ -916,6 +960,8 @@ class Remote(LazyMixin, IterableObj): + def push(self, refspec: Union[str, List[str], None] = None, + progress: Union[RemoteProgress, 'UpdateProgress', Callable[..., RemoteProgress], None] = None, + kill_after_timeout: Union[None, float] = None, ++ allow_unsafe_protocols: bool = False, ++ allow_unsafe_options: bool = False, + **kwargs: Any) -> IterableList[PushInfo]: + """Push changes from source branch in refspec to target branch in refspec. + +@@ -945,6 +991,15 @@ class Remote(LazyMixin, IterableObj): + If the operation fails completely, the length of the returned IterableList will + be 0.""" + kwargs = add_progress(kwargs, self.repo.git, progress) ++ ++ refspec = Git._unpack_args(refspec or []) ++ if not allow_unsafe_protocols: ++ for ref in refspec: ++ Git.check_unsafe_protocols(ref) ++ ++ if not allow_unsafe_options: ++ Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_push_options) ++ + proc = self.repo.git.push("--", self, refspec, porcelain=True, as_process=True, + universal_newlines=True, + kill_after_timeout=kill_after_timeout, +diff --git a/git/repo/base.py b/git/repo/base.py +index f14f929..7b3565b 100644 +--- a/git/repo/base.py ++++ b/git/repo/base.py +@@ -24,7 +24,11 @@ from git.compat import ( + ) + from git.config import GitConfigParser + from git.db import GitCmdObjectDB +-from git.exc import InvalidGitRepositoryError, NoSuchPathError, GitCommandError ++from git.exc import ( ++ GitCommandError, ++ InvalidGitRepositoryError, ++ NoSuchPathError, ++) + from git.index import IndexFile + from git.objects import Submodule, RootModule, Commit + from git.refs import HEAD, Head, Reference, TagReference +@@ -97,6 +101,18 @@ class Repo(object): + re_author_committer_start = re.compile(r'^(author|committer)') + re_tab_full_line = re.compile(r'^\t(.*)$') + ++ unsafe_git_clone_options = [ ++ # This option allows users to execute arbitrary commands. ++ # https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---upload-packltupload-packgt ++ "--upload-pack", ++ "-u", ++ # Users can override configuration variables ++ # like `protocol.allow` or `core.gitProxy` to execute arbitrary commands. ++ # https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---configltkeygtltvaluegt ++ "--config", ++ "-c", ++ ] ++ + # invariants + # represents the configuration level of a configuration file + config_level: ConfigLevels_Tup = ("system", "user", "global", "repository") +@@ -1049,7 +1065,8 @@ class Repo(object): + @ classmethod + def _clone(cls, git: 'Git', url: PathLike, path: PathLike, odb_default_type: Type[GitCmdObjectDB], + progress: Union['RemoteProgress', 'UpdateProgress', Callable[..., 'RemoteProgress'], None] = None, +- multi_options: Optional[List[str]] = None, **kwargs: Any ++ multi_options: Optional[List[str]] = None, allow_unsafe_protocols: bool = False, ++ allow_unsafe_options: bool = False, **kwargs: Any + ) -> 'Repo': + odbt = kwargs.pop('odbt', odb_default_type) + +@@ -1072,6 +1089,12 @@ class Repo(object): + multi = None + if multi_options: + multi = shlex.split(' '.join(multi_options)) ++ ++ if not allow_unsafe_protocols: ++ Git.check_unsafe_protocols(str(url)) ++ if not allow_unsafe_options and multi_options: ++ Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options) ++ + proc = git.clone("--", multi, Git.polish_url(str(url)), clone_path, with_extended_output=True, as_process=True, + v=True, universal_newlines=True, **add_progress(kwargs, git, progress)) + if progress: +@@ -1107,7 +1130,9 @@ class Repo(object): + return repo + + def clone(self, path: PathLike, progress: Optional[Callable] = None, +- multi_options: Optional[List[str]] = None, **kwargs: Any) -> 'Repo': ++ multi_options: Optional[List[str]] = None, unsafe_protocols: bool = False, ++ allow_unsafe_protocols: bool = False, allow_unsafe_options: bool = False, ++ **kwargs: Any) -> 'Repo': + """Create a clone from this repository. + + :param path: is the full path of the new repo (traditionally ends with ./.git). +@@ -1116,18 +1141,21 @@ class Repo(object): + option per list item which is passed exactly as specified to clone. + For example ['--config core.filemode=false', '--config core.ignorecase', + '--recurse-submodule=repo1_path', '--recurse-submodule=repo2_path'] ++ :param unsafe_protocols: Allow unsafe protocols to be used, like ex + :param kwargs: + * odbt = ObjectDatabase Type, allowing to determine the object database + implementation used by the returned Repo instance + * All remaining keyword arguments are given to the git-clone command + + :return: ``git.Repo`` (the newly cloned repo)""" +- return self._clone(self.git, self.common_dir, path, type(self.odb), progress, multi_options, **kwargs) ++ return self._clone(self.git, self.common_dir, path, type(self.odb), progress, multi_options, ++ allow_unsafe_protocols=allow_unsafe_protocols, allow_unsafe_options=allow_unsafe_options, **kwargs) + + @ classmethod + def clone_from(cls, url: PathLike, to_path: PathLike, progress: Optional[Callable] = None, +- env: Optional[Mapping[str, str]] = None, +- multi_options: Optional[List[str]] = None, **kwargs: Any) -> 'Repo': ++ env: Optional[Mapping[str, str]] = None, multi_options: Optional[List[str]] = None, ++ unsafe_protocols: bool = False, allow_unsafe_protocols: bool = False, ++ allow_unsafe_options: bool = False, **kwargs: Any) -> 'Repo': + """Create a clone from the given URL + + :param url: valid git url, see http://www.kernel.org/pub/software/scm/git/docs/git-clone.html#URLS +@@ -1140,12 +1168,14 @@ class Repo(object): + If you want to unset some variable, consider providing empty string + as its value. + :param multi_options: See ``clone`` method ++ :param unsafe_protocols: Allow unsafe protocols to be used, like ext + :param kwargs: see the ``clone`` method + :return: Repo instance pointing to the cloned directory""" + git = cls.GitCommandWrapperType(os.getcwd()) + if env is not None: + git.update_environment(**env) +- return cls._clone(git, url, to_path, GitCmdObjectDB, progress, multi_options, **kwargs) ++ return cls._clone(git, url, to_path, GitCmdObjectDB, progress, multi_options, ++ allow_unsafe_protocols=allow_unsafe_protocols, allow_unsafe_options=allow_unsafe_options, **kwargs) + + def archive(self, ostream: Union[TextIO, BinaryIO], treeish: Optional[str] = None, + prefix: Optional[str] = None, **kwargs: Any) -> Repo: +-- +2.34.1 + diff --git a/meta/recipes-devtools/python/python3-git_3.1.27.bb b/meta/recipes-devtools/python/python3-git_3.1.27.bb index fb1bae8f8e..1bd1426926 100644 --- a/meta/recipes-devtools/python/python3-git_3.1.27.bb +++ b/meta/recipes-devtools/python/python3-git_3.1.27.bb @@ -12,6 +12,10 @@ PYPI_PACKAGE = "GitPython" inherit pypi python_setuptools_build_meta +SRC_URI += "file://0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch \ + file://0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch \ + " + SRC_URI[sha256sum] = "1c885ce809e8ba2d88a29befeb385fcea06338d3640712b59ca623c220bb5704" DEPENDS += " ${PYTHON_PN}-gitdb" From patchwork Tue Jan 17 14:08:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18253 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCF23C63797 for ; Tue, 17 Jan 2023 14:09:14 +0000 (UTC) Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web10.196995.1673964548885573142 for ; Tue, 17 Jan 2023 06:09:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=y9I9Vgnh; spf=softfail (domain: sakoman.com, ip: 209.85.216.47, mailfrom: steve@sakoman.com) Received: by mail-pj1-f47.google.com with SMTP id o7-20020a17090a0a0700b00226c9b82c3aso34185767pjo.3 for ; Tue, 17 Jan 2023 06:09:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KR4V4An7RzDLdGtN+9jelZn0FOyPjzFi+ejVUJfO3Yg=; b=y9I9Vgnh4IQHnhvQZQmAJDvfdSu0NMCxWFVmWkH+rE35mAKpz9dTm+N+QndgfmA+Ek XuNK+H4KMLaAs1Tdqi99fnr9i5+oUIMxHlb3P3ZXlLW/OROHdZxbIMkwvnoSe15Onn1/ rI88BFqqtCvV8USc9xvGq+BwHZIQyYJ0zhsQGUhopmfwYsBWr1nKHOzzB9cIJlyxgdpI eguf0SwqTUm1ZEV089UxMy7Q+gW9Q+OixOKjvc9iAqzxaLCMWb3M8x+wKa7bf6VUNGKJ TTHaub8scMQW4IHlEgjXvpEV6p7oicITDStHrVQP/8KxzD34w8TVJsAT483qJHxeshho vLOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KR4V4An7RzDLdGtN+9jelZn0FOyPjzFi+ejVUJfO3Yg=; b=30f5lJJC+dEGGSgn/KgOwVeF5uhvyPG62PX/PZEveDrb+yC8Vb+CLJrDL2zaNx3phY xkj8+4YHf+PaMp2L2bl+WaHcm+KU6o0nQuxO3oY2dAzgJBLIQMnLIfEYJxWgMELLEY4K mNY8rexHcFhjme7emI1YAz1y3NpN962b5UVFmHEOWi+jBUdN+aHz1MTznFPHJXp9ntH5 ehZtsrDzyAcR9jIPki6PDVA7/L0hKHxhIvSfrofFVBcDDBBWdP0U3BO6QEpSQwLJA9/E wS3p7+WAaZDCY+bJX84/3o4uZM9ZQy+odj6PemM3UrQN710YufCT1PiCMIYQSRPsv8+R w6KQ== X-Gm-Message-State: AFqh2kpr4tDSwVQXN7LL+lnD6GPHuWZ+EWwnLe938VUaO2Mk4W+Ti9iz MjR4/FAyQmi5wqRxOWolWSsCX4yNak0g/ty4kjg= X-Google-Smtp-Source: AMrXdXv3iPBRVV2NVfXfrS8Pv8WH3jIk3WGfZXl7YoRTarih3aAglmJebuSv4mJNcursLJhO7Shk2Q== X-Received: by 2002:a17:902:7597:b0:194:afe4:3011 with SMTP id j23-20020a170902759700b00194afe43011mr1096058pll.52.1673964546599; Tue, 17 Jan 2023 06:09:06 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:06 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 6/9] libksba: fix CVE-2022-47629 Date: Tue, 17 Jan 2023 04:08:42 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176044 From: Yogita Urade Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE: CVE-2022-47926 References: https://nvd.nist.gov/vuln/detail/CVE-2022-47629 Signed-off-by: Yogita Urade --- ...overflow-in-the-CRL-signature-parser.patch | 72 +++++++++++++++++++ meta/recipes-support/libksba/libksba_1.6.2.bb | 3 +- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch diff --git a/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch b/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch new file mode 100644 index 0000000000..8c0080d56b --- /dev/null +++ b/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch @@ -0,0 +1,72 @@ +From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Tue, 22 Nov 2022 16:36:46 +0100 +Subject: [PATCH] Fix an integer overflow in the CRL signature parser. + +* src/crl.c (parse_signature): N+N2 now checked for overflow. + +* src/ocsp.c (parse_response_extensions): Do not accept too large +values. +(parse_single_extensions): Ditto. +-- + +The second patch is an extra safegourd not related to the reported +bug. + +CVE: CVE-2022-47629 + +Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070] + +GnuPG-bug-id: 6284 +Reported-by: Joseph Surin, elttam +--- + src/crl.c | 2 +- + src/ocsp.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/crl.c b/src/crl.c +index 9f71c85..2e6ca29 100644 +--- a/src/crl.c ++++ b/src/crl.c +@@ -1349,7 +1349,7 @@ parse_signature (ksba_crl_t crl) + && !ti.is_constructed) ) + return gpg_error (GPG_ERR_INV_CRL_OBJ); + n2 = ti.nhdr + ti.length; +- if (n + n2 >= DIM(tmpbuf)) ++ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n) + return gpg_error (GPG_ERR_TOO_LARGE); + memcpy (tmpbuf+n, ti.buf, ti.nhdr); + err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length); +diff --git a/src/ocsp.c b/src/ocsp.c +index d4cba04..657d15f 100644 +--- a/src/ocsp.c ++++ b/src/ocsp.c +@@ -721,6 +721,12 @@ parse_response_extensions (ksba_ocsp_t ocsp, + || memcmp (ocsp->nonce, data, ti.length)) + ocsp->bad_nonce = 1; + } ++ if (ti.length > (1<<24)) ++ { ++ /* Bail out on much too large objects. */ ++ err = gpg_error (GPG_ERR_BAD_BER); ++ goto leave; ++ } + ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); + if (!ex) + { +@@ -788,6 +794,12 @@ parse_single_extensions (struct ocsp_reqitem_s *ri, + err = parse_octet_string (&data, &datalen, &ti); + if (err) + goto leave; ++ if (ti.length > (1<<24)) ++ { ++ /* Bail out on much too large objects. */ ++ err = gpg_error (GPG_ERR_BAD_BER); ++ goto leave; ++ } + ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); + if (!ex) + { +-- +2.32.0 + diff --git a/meta/recipes-support/libksba/libksba_1.6.2.bb b/meta/recipes-support/libksba/libksba_1.6.2.bb index f6ecb9aec4..d0ee8475f8 100644 --- a/meta/recipes-support/libksba/libksba_1.6.2.bb +++ b/meta/recipes-support/libksba/libksba_1.6.2.bb @@ -22,7 +22,8 @@ inherit autotools binconfig-disabled pkgconfig texinfo UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://ksba-add-pkgconfig-support.patch" + file://ksba-add-pkgconfig-support.patch \ + file://0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch" SRC_URI[sha256sum] = "fce01ccac59812bddadffacff017dac2e4762bdb6ebc6ffe06f6ed4f6192c971" From patchwork Tue Jan 17 14:08:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8D73C678D8 for ; Tue, 17 Jan 2023 14:09:14 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web10.196996.1673964549411908304 for ; Tue, 17 Jan 2023 06:09:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=kOZYyUN4; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id w4-20020a17090ac98400b002186f5d7a4cso37309923pjt.0 for ; Tue, 17 Jan 2023 06:09:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vMuqTJ9F1Lh24mj68upDfuFS7zX4RfgfO4aSkgIk8Tk=; b=kOZYyUN4ATpBpU1Ji9TKoYwaLsDTv3bScEKmjbsNcr5o4uScvtvoXOKy/D1w0vbW8K 2NnKfHwHxEMmARH/mYvvMCeOexA4VcUnqNC0kXf8wefeoJUdWFXjOr8b4kEikce6Ty75 uXOFAwgfrMPCTjLEIuLLGtyfzUzpy9vaSchTMYJk0tI89rNPs9KZfIKbN3BpLoIxzqhF p8IYuzbuiZqhJQgZQiQcl1hCQWcVF6cEgQhSKbgsyn5Wbmphdfe+ZNTLXVtzFHegEzC8 +dpB3it3GWxRbjA+b1tI4EtkJXrRsPZH4D8Mr7c9SC7TCirUL4CM6whjFaKnUGANcxom qHkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vMuqTJ9F1Lh24mj68upDfuFS7zX4RfgfO4aSkgIk8Tk=; b=7MmWvbdMmbP6toUqqlPDoCljJvBLLqqTkcK2n7rM35vHnEwgy2cWiV8sSV44wQ8Boc TPAlrgUqMaQWFBdvkWSIYH6XoNlWlnSvjzR7WbdaIv6FmHWITQI5eCJwbfgTIeNsz1rc 33KlxwJ7QPSvuXGKT5LmkX36NN89v1srNUKOn+LQ0RUr5TuPc/sxrCSuC6kyVfgtrp5r 2IMk2RgTFIBhviR45ZxLJe8c+HtRb4vlrp9FccZsV1emULvL8VIMIIRfjDDz/G/y260k YcnmUMUdnXByLv8C4QBaA5LA40g/rjwv57f9eq7XzA5ByThVaFAJazrWeD1yeC01myNy FD4A== X-Gm-Message-State: AFqh2kq/aU0DANIYYfBtV/qT4avDsBe/nY+xN59z8M4eXcBx3gOAm+vY MdQmyZP/UYMtpQojt/1NRN5JyroHtKOhTB+mXoI= X-Google-Smtp-Source: AMrXdXvWolXy9autYgzIsSMYH/AeN7owiGCm+3Po2Gqusk/ajO8siNJH3dFEhA5JwzUxTmcDa9OPqA== X-Received: by 2002:a17:903:2789:b0:194:97cd:c04b with SMTP id jw9-20020a170903278900b0019497cdc04bmr3561473plb.16.1673964548499; Tue, 17 Jan 2023 06:09:08 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:08 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 7/9] glibc: stable 2.35 branch updates. Date: Tue, 17 Jan 2023 04:08:43 -1000 Message-Id: <4db5727a0b44d471382c95c3897b68af5ab1a3b4.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176045 From: Yash Shinde Below commits on glibc-2.35 stable branch are updated. 293211b6fd time: Use 64 bit time on tzfile 26c8278889 nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) f75f61b659 nis: Build libnsl with 64 bit time_t ca97201c24 Apply asm redirections in syslog.h before first use [BZ #27087] cad7947db7 elf: Fix wrong fscanf usage on tst-pldd e9eb987894 Allow for unpriviledged nested containers 2636fbb7ef elf: Fix wrong fscanf usage on tst-pldd e7019eeeb5 x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] fb73a40981 elf: Fix rtld-audit trampoline for aarch64 Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 7d7db46c2f..d36da0ce3f 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "8d125a1f9145ad90c94e438858d6b5b7578686f2" +SRCREV_glibc ?= "293211b6fddf60fc407d21fcba0326dd2148f76b" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" From patchwork Tue Jan 17 14:08:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18255 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8B1EC678D7 for ; Tue, 17 Jan 2023 14:09:14 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web10.196997.1673964551341064314 for ; Tue, 17 Jan 2023 06:09:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=3wvLrqho; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id z4-20020a17090a170400b00226d331390cso34180311pjd.5 for ; Tue, 17 Jan 2023 06:09:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f+TQpD27PNr87KDIvQUnbZpzPZyFiVm4z18CbJi5Nw4=; b=3wvLrqho0M7mTdmIEBJGTfz5hzT9WzS5M8yizu8aT/9E5G1EjHud+mHc+u/ogRGJnE +WIzQCJsZFlUPdc43HguICt7MUfZfAXHMl/y7VitD6Eqkdz2WsEdkNMTjuHyROClVg2I Xm1XCaFRYGvZhNunnJUBoUWJQRmCmkPFC2fzDXLtph2v9lyX/4VwM6h9GcHznM7SAoRH AXE++2NabOpK5EI696NJhK/6ZF3ceQB/yUhIx90+9g2dpNAi5ePK4nxRdy8A0ViU//nF HK/CkPAsODeQgIQoge3g8MKuut3RpSSkeMQXSrAs52EAWIQFFcnwYjFcwH1GSbta1xS8 6FBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f+TQpD27PNr87KDIvQUnbZpzPZyFiVm4z18CbJi5Nw4=; b=5TM9/mn8sH01+9vPCVc3CiFzmqz+KAi+A/3g5XDzH/G9VRmQ01K6qmgImRHF0aGM+R p9//djMhBxRm2FIryu14WLgrI1yDMVvvdXZPr518aCLn99X8bC1Pt4k381KakLSJU/Yx xHDjeaIGwOvhB+b3L+yaLUXi67eocEiToyo7eFB7eaC3DtX59P+HL0zJgZa/37d55xGs Piy/Y5dJkp27caSQTN+4FnrREmz/kP4s9pNHljfxwy3qVMsyP50VG2shoW69cjR6ufFY UEKJ5K1AqAMDJ+2nxWFRCBupt55EjNpPH8XCZT8b9l+EvzegADR21pzHLYcMcEFw/cBH 64qw== X-Gm-Message-State: AFqh2kqDsdT8mfO5dyV0vf1b5WaPcdoSAY1MSo2XMjwSkeIgy7wY/iBD PKkUM5f3bUi3vwu8bbGHVTJNxqDjQVEjRf1N2js= X-Google-Smtp-Source: AMrXdXvlq3tg5IEOJ+5x2fCTzwHwKe2xxb5bGx04HZkpJ2/ydaGK/SQ6uCdUi81X0KV9FGWZLmGPtA== X-Received: by 2002:a05:6a21:8cc4:b0:b2:36a6:d7b4 with SMTP id ta4-20020a056a218cc400b000b236a6d7b4mr3077950pzb.27.1673964550368; Tue, 17 Jan 2023 06:09:10 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 8/9] freetype:update mirror site. Date: Tue, 17 Jan 2023 04:08:44 -1000 Message-Id: <8f1de2127bd8f3f2a182a8532102ec0d3d44be70.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176046 From: KARN JYE LAU update SAVANNAH_NONGNU_MIRROR to SAVANNAH_GNU_MIRROR to resolve package fetching issues. Signed-off-by: KARN JYE LAU Signed-off-by: Steve Sakoman --- meta/recipes-graphics/freetype/freetype_2.11.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 5b464d3d70..d425e162bc 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \ file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" -SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \ +SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27404.patch \ file://CVE-2022-27405.patch \ file://CVE-2022-27406.patch \ From patchwork Tue Jan 17 14:08:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCC70C3DA78 for ; Tue, 17 Jan 2023 14:09:14 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web11.197093.1673964553234064962 for ; Tue, 17 Jan 2023 06:09:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=qi9p8psF; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id bj3so29268433pjb.0 for ; Tue, 17 Jan 2023 06:09:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RwPdcWd48vhnkojHsbr8xMXyw192hjsXFN+QmAwZV4s=; b=qi9p8psF/pmQbtxJ8D+IL57Xu41KXm12PkVhxUcQ4EiIiSVGx8yK6U8xuGDEKPsXHo BL/FiSDrsswJ/Sz5bBxM+x6SjFipBb9XgJ3rPKN8DKIBbcfY3mXjFAdgNJm8Gy7LfztF zdwEjwhpa98kusA8ylFc5nWAwzGAcvAox3fN0umNE6wo1r1hp4YWwyi6haRosbmFsxbT o0MTi9nFMjhivhDpS7tRoYunKjYrYNB5y57KJ+ZVYiZhqlcengQl1ogVUCRPpkgszF42 i9G+7DAyAdBjHJBg/ThY+LDPH7h6tBX0lAjxOOlw1D+xOP6v9bkHf5twJzIcNlzfgB+D 0iDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RwPdcWd48vhnkojHsbr8xMXyw192hjsXFN+QmAwZV4s=; b=V/Lh41KN4K4WSa6Vwi9rI8/bF7HVhTB3IhcMiI1+3EOfp2XHukqzaFr0YXAFX+4rQe plgoyT7oINTOarAnLhS7JgwqSL/jky3Eh3VQn4HfLRRQYBR9r2PtBlVU5Nss6uZ+4Rle mENNCodop06LTVYKd7vZYH+ZjrnTHWVlw9RoxakjV1w2txHFUmBTK7W1ixQLkpBRrw4M LrzyT4Ur071lsyZ5yV1QQGE1jFn6H9kXfgo8Y69Q0qAXvg+U+kzZJ9ufXX9E8BXkoFBg DLGdrH5WWH7Dkpq6DKgJHt0+N8rXHw8ipIA+niHxqfg7zgysd8tgFNbZ44VEcZEkFUOf VnEg== X-Gm-Message-State: AFqh2koxuLr2aSIwJvlfek/EuOhsUda27TJ8Uo9APKoMAXKCUHTXJkgA 0406QAg+t/ZZX4AQPFk9bvR1Hcw76yEJSNhX094= X-Google-Smtp-Source: AMrXdXv+uCoijZGUTuOFOsbtQBkpeXTExMJAYeDuckCJr7shnxhpIYI8LPo0FfTkc1vydYVsJVfstg== X-Received: by 2002:a17:902:bb8f:b0:189:8ca1:e641 with SMTP id m15-20020a170902bb8f00b001898ca1e641mr3356507pls.60.1673964552268; Tue, 17 Jan 2023 06:09:12 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y2-20020a17090264c200b001930b7e2c04sm18197788pli.287.2023.01.17.06.09.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Jan 2023 06:09:11 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 9/9] gtk-icon-cache: Fix GTKIC_CMD if-else condition Date: Tue, 17 Jan 2023 04:08:45 -1000 Message-Id: <34de16fd86775c0f2ede1670fec90217e4d11776.1673964419.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Jan 2023 14:09:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176047 From: Daniel Gomez GTKIC_CMD variable gets the wrong assignation leading into a post install script error. Fix if-else condition in GTKIC_CMD variable to assign gtk4-update-icon-cache when GTKIC_VERSION is 4 but gtk-update-icon-cache when is 3. Also, rename gtk-update-icon-cache-3.0.0 to gtk-update-icon-cache-3.0 to match the gtk-update-icon-cache binary name deployed in meta/recipes-gnome/gtk+/gtk+3.inc. Signed-off-by: Daniel Gomez Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Robert Joslyn Signed-off-by: Steve Sakoman --- meta/classes/gtk-icon-cache.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/gtk-icon-cache.bbclass b/meta/classes/gtk-icon-cache.bbclass index 6808339b90..f999b891f3 100644 --- a/meta/classes/gtk-icon-cache.bbclass +++ b/meta/classes/gtk-icon-cache.bbclass @@ -3,7 +3,7 @@ FILES:${PN} += "${datadir}/icons/hicolor" GTKIC_VERSION ??= '3' GTKPN = "${@ 'gtk4' if d.getVar('GTKIC_VERSION') == '4' else 'gtk+3' }" -GTKIC_CMD = "${@ 'gtk-update-icon-cache-3.0.0' if d.getVar('GTKIC_VERSION') == '4' else 'gtk4-update-icon-cache' }" +GTKIC_CMD = "${@ 'gtk4-update-icon-cache' if d.getVar('GTKIC_VERSION') == '4' else 'gtk-update-icon-cache-3.0' }" #gtk+3/gtk4 require GTK3DISTROFEATURES, DEPENDS on it make all the #recipes inherit this class require GTK3DISTROFEATURES