From patchwork Tue Mar 7 22:47:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37284C678D5 for ; Tue, 7 Mar 2023 22:48:26 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.8617.1678229299776983764 for ; Tue, 07 Mar 2023 14:48:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=1y1B+amy; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id y10so9088895pfi.8 for ; Tue, 07 Mar 2023 14:48:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UHBt1AB4i9acPcL4yrlDhHL74GV2WTXWPEf4HUx0FQE=; b=1y1B+amynMO9SUNTE099RUaYLtiMzdw33fEq8G0mALzhRfrW3q4PqBoWD6+SpOmj+H IwcjtA2a9E/epNvTH4qqqSuREe83gV2WLca9m5MdO7KuYpmQJzeao+fec/hx7GsUbWT9 POtnRbRo6UEMTJAEWdTHbWW5o5Jnjz5Qdq0JNx9kWOG9v9qzrosCvxFSUl1Cs0w5q01c aZ017s1v8yDUm0XbueSSHJn3Lb2YVnTNhHn237Z+Fj2/J2buauLRE0aQDwnkkLXVBwu7 Xlvz3gItsAFMCWTENk9gRj5b2z8/BMB/DRf2/qv0pZbzlAkHNlRHiDjuHJgKRlv13IJ8 ionA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UHBt1AB4i9acPcL4yrlDhHL74GV2WTXWPEf4HUx0FQE=; b=xDjIG6cWl/SvD/WtE+6yX6BOxfTGkyTZPT6youW2aD+4oVioqdTsWNNz0TfFvVqTuT 76ydArk5YhKjCYoPtQoBz/hEC8hiVAD+jnLtJ8bS3SY1gzk4xcwKPcJOopvOPlZJ4JWi keZtoRTvXljfDpkjbJacu1WVQQBYi5JgogezYPlmtn0MPMrE6Vjga8qk2dFAQfxmvQt0 EybrhSmxXod4u8h38Giz8yhReqxI/UVgCQ3w5/wY+KKmBWbsmEdatvbYMe1OA4Ah0ioH pn6saAjuv0wS8IEDFntHrrC1McSJkSpBXG8NqsEbe3s+Z1rxjh9yqXDW40fN/GFqsqPj SkNA== X-Gm-Message-State: AO0yUKVPau/O/ZTc1LK/LqVpuEbywdkz9jGh7vZ4FJQY0jGqo6Q0iiWF d41q6D/pte3jY2wNeW+WrQmgywra2uAsbWhD++E= X-Google-Smtp-Source: AK7set/UvuCa1v+QS+KoeOsCYBMiMlZA/ndaFeOIbyYk6MNqfmgojayuK0JdTp1u8ewaksiRUzciuQ== X-Received: by 2002:aa7:9f85:0:b0:5a8:e9c0:7d0a with SMTP id z5-20020aa79f85000000b005a8e9c07d0amr13940064pfr.4.1678229298347; Tue, 07 Mar 2023 14:48:18 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/23] curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response Date: Tue, 7 Mar 2023 12:47:35 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178123 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2022-43552.patch | 82 +++++++++++++++++++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-43552.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/meta/recipes-support/curl/curl/CVE-2022-43552.patch new file mode 100644 index 0000000000..d729441454 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-43552.patch @@ -0,0 +1,82 @@ +rom 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 19 Dec 2022 08:38:37 +0100 +Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done() + +It is managed by the generic layer. + +Reported-by: Trail of Bits + +Closes #10112 + +CVE: CVE-2022-43552 +Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2] +Signed-off-by: Hitendra Prajapati +--- + lib/smb.c | 14 ++------------ + lib/telnet.c | 3 --- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/lib/smb.c b/lib/smb.c +index 12f9925..8db3b27 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -61,8 +61,6 @@ static CURLcode smb_connect(struct connectdata *conn, bool *done); + static CURLcode smb_connection_state(struct connectdata *conn, bool *done); + static CURLcode smb_do(struct connectdata *conn, bool *done); + static CURLcode smb_request_state(struct connectdata *conn, bool *done); +-static CURLcode smb_done(struct connectdata *conn, CURLcode status, +- bool premature); + static CURLcode smb_disconnect(struct connectdata *conn, bool dead); + static int smb_getsock(struct connectdata *conn, curl_socket_t *socks); + static CURLcode smb_parse_url_path(struct connectdata *conn); +@@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_smb = { + "SMB", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -99,7 +97,7 @@ const struct Curl_handler Curl_handler_smbs = { + "SMBS", /* scheme */ + smb_setup_connection, /* setup_connection */ + smb_do, /* do_it */ +- smb_done, /* done */ ++ ZERO_NULL, /* done */ + ZERO_NULL, /* do_more */ + smb_connect, /* connect_it */ + smb_connection_state, /* connecting */ +@@ -919,14 +917,6 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done) + return CURLE_OK; + } + +-static CURLcode smb_done(struct connectdata *conn, CURLcode status, +- bool premature) +-{ +- (void) premature; +- Curl_safefree(conn->data->req.protop); +- return status; +-} +- + static CURLcode smb_disconnect(struct connectdata *conn, bool dead) + { + struct smb_conn *smbc = &conn->proto.smbc; +diff --git a/lib/telnet.c b/lib/telnet.c +index 3347ad6..e3b9208 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -1294,9 +1294,6 @@ static CURLcode telnet_done(struct connectdata *conn, + + curl_slist_free_all(tn->telnet_vars); + tn->telnet_vars = NULL; +- +- Curl_safefree(conn->data->req.protop); +- + return CURLE_OK; + } + +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 63faae6296..899daf8eac 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -41,6 +41,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2022-35252.patch \ file://CVE-2022-32221.patch \ file://CVE-2022-35260.patch \ + file://CVE-2022-43552.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" From patchwork Tue Mar 7 22:47:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20543 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39385C6FD1E for ; Tue, 7 Mar 2023 22:48:26 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web11.8691.1678229303187934615 for ; Tue, 07 Mar 2023 14:48:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=tFdMLuoA; spf=softfail (domain: sakoman.com, ip: 209.85.216.54, mailfrom: steve@sakoman.com) Received: by mail-pj1-f54.google.com with SMTP id h11-20020a17090a2ecb00b00237c740335cso206138pjs.3 for ; Tue, 07 Mar 2023 14:48:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229302; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0anbPfqAtufNqZoiwCN7ZrHmaxk4//BnGUlngoK3ijE=; b=tFdMLuoAlSF8cCcZb5BxlvW3ERlm6AMWuk5unOPW/FCwOy13Uhu5vdNIjm2d27mhYa YiV+LkUx/52yzsh7cIh7QijnGj8ETe1dSTU9qqy9Cb8u7Nc9EWT5ssm0OUlLz57do/cV yfbj836N/DxrRlV9b29iG7NCvIhqrYWvNMcm9ma19Io+XxUw9ynDp4EDgQBH06tsy7hX qKHJrBdXMMbMVU69E1yoAzHNINvf7RoJt6xHakVwqXNeJWYfogT2myklkeLhPUNfZ843 /JphTcpcneRAhXwfF/65x9vp7O/jJ7Id1gCPqV4EddexVeFk0hm6WVAzNdxcKLJqKNZ9 /AWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229302; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0anbPfqAtufNqZoiwCN7ZrHmaxk4//BnGUlngoK3ijE=; b=EvIm3JJTLb9sbYi1zuVO7eX2BcSB8E3M+E1Z76oiz7biXdjABswtE4LaUU/LY67w0z 0FDfjLlMDKD0E07oJureAK4JplcE4Xnzw98s7xIQNkyvoGsPewyB465XReaQSsnWzsMy 3WWmgpAGGvjm7LEvdKzMrbPP+VjuhIf1AyFikZQjrEIi00T9tlrzL5iqdeSsjsXQT5gO VkSDgcGduuoLKvpFC/EXD9RlqqUckOexJ9FroXjxkfEAjFs18Perafz8XBo75CFcPz71 be99RRUsfgSjh4T+B9mIXMEkjhsEUXr/7GIs9t9ytR2rTbHy9Si0icAULzMrPo/pQl92 A48Q== X-Gm-Message-State: AO0yUKVLYnJoZ2sxO2xHYfD1BURiVCp9sdqzOuDtJMD2DDj2td+EwpDV US+sTg6cLh4+ok0qXACS9hwtIbgPBgyU3Hpfgic= X-Google-Smtp-Source: AK7set+R9uXJaTqfEys7NYYWOuTFq49UN0fr7ib4JLiHLm/KYb4pcmY6x2PNQrAmXJOOpyclyKlExA== X-Received: by 2002:a05:6a20:394f:b0:bc:8254:ddff with SMTP id r15-20020a056a20394f00b000bc8254ddffmr19869415pzg.1.1678229300805; Tue, 07 Mar 2023 14:48:20 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/23] tiff: fix multiple CVEs Date: Tue, 7 Mar 2023 12:47:36 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178124 From: Chee Yang Lee import patches from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz fix multiple CVEs: CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVE-2022-48281 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2022-3570_3598.patch | 659 ++++++++++++++++++ .../files/CVE-2022-3597_3626_3627.patch | 123 ++++ .../libtiff/files/CVE-2022-3599.patch | 277 ++++++++ .../libtiff/files/CVE-2022-3970.patch | 45 ++ .../libtiff/files/CVE-2022-48281.patch | 26 + .../CVE-2023-0795_0796_0797_0798_0799.patch | 157 +++++ .../CVE-2023-0800_0801_0802_0803_0804.patch | 135 ++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 7 + 8 files changed, 1429 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-3570_3598.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3570_3598.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3570_3598.patch new file mode 100644 index 0000000000..760e20dd2b --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3570_3598.patch @@ -0,0 +1,659 @@ +From 226e336cdceec933da2e9f72b6578c7a1bea450b Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Thu, 13 Oct 2022 14:33:27 +0000 +Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271, + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2022-3570 CVE-2022-3598 +Signed-off-by: Chee Yang Lee + +Origin: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff +Origin: https://gitlab.com/libtiff/libtiff/-/commit/24d3b2425af24432e0e4e2fd58b33f3b04c4bfa4 +Reviewed-by: Sylvain Beucler +Last-Update: 2023-01-17 + + #381, #386, #388, #389, #435) + +--- + tools/tiffcrop.c | 209 ++++++++++++++++++++++++++--------------------- + 1 file changed, 117 insertions(+), 92 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index c7877aa..c923920 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -126,6 +126,7 @@ static char tiffcrop_rev_date[] = "03-03-2010"; + + #ifdef HAVE_STDINT_H + # include ++# include + #endif + + #ifndef HAVE_GETOPT +@@ -212,6 +213,10 @@ extern int getopt(int argc, char * const argv[], const char *optstring); + + #define TIFF_DIR_MAX 65534 + ++/* Some conversion subroutines require image buffers, which are at least 3 bytes ++ * larger than the necessary size for the image itself. */ ++#define NUM_BUFF_OVERSIZE_BYTES 3 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32 tmargin; +@@ -233,7 +238,7 @@ struct offset { + */ + + struct buffinfo { +- uint32 size; /* size of this buffer */ ++ size_t size; /* size of this buffer */ + unsigned char *buffer; /* address of the allocated buffer */ + }; + +@@ -771,8 +776,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf, + uint32 dst_rowsize, shift_width; + uint32 bytes_per_sample, bytes_per_pixel; + uint32 trailing_bits, prev_trailing_bits; +- uint32 tile_rowsize = TIFFTileRowSize(in); +- uint32 src_offset, dst_offset; ++ tmsize_t tile_rowsize = TIFFTileRowSize(in); ++ tmsize_t src_offset, dst_offset; + uint32 row_offset, col_offset; + uint8 *bufp = (uint8*) buf; + unsigned char *src = NULL; +@@ -822,7 +827,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf, + TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); + exit(-1); + } +- tilebuf = _TIFFmalloc(tile_buffsize + 3); ++ tilebuf = _TIFFmalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 0; + tilebuf[tile_buffsize] = 0; +@@ -986,7 +991,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8 *obuf, + for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++) + { + srcbuffs[sample] = NULL; +- tbuff = (unsigned char *)_TIFFmalloc(tilesize + 8); ++ tbuff = (unsigned char *)_TIFFmalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES); + if (!tbuff) + { + TIFFError ("readSeparateTilesIntoBuffer", +@@ -1181,7 +1186,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf, + } + rowstripsize = rowsperstrip * bytes_per_sample * (width + 1); + +- obuf = _TIFFmalloc (rowstripsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ obuf = _TIFFmalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (obuf == NULL) + return 1; + +@@ -1194,7 +1200,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf, + stripsize = TIFFVStripSize(out, nrows); + src = buf + (row * rowsize); + total_bytes += stripsize; +- memset (obuf, '\0', rowstripsize); ++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES); + if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump)) + { + _TIFFfree(obuf); +@@ -1202,10 +1208,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf, + } + if ((dump->outfile != NULL) && (dump->level == 1)) + { +- dump_info(dump->outfile, dump->format,"", ++ if ((uint64_t)scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ (uint64_t)scanlinesize); ++ } ++ dump_info(dump->outfile, dump->format,"", + "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d", +- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf); +- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf); ++ s + 1, strip + 1, stripsize, row + 1, (uint32)scanlinesize, src - buf); ++ dump_buffer(dump->outfile, dump->format, nrows, (uint32)scanlinesize, row, obuf); + } + + if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) +@@ -1232,7 +1243,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength, + uint32 tl, tw; + uint32 row, col, nrow, ncol; + uint32 src_rowsize, col_offset; +- uint32 tile_rowsize = TIFFTileRowSize(out); ++ tmsize_t tile_rowsize = TIFFTileRowSize(out); + uint8* bufp = (uint8*) buf; + tsize_t tile_buffsize = 0; + tsize_t tilesize = TIFFTileSize(out); +@@ -1275,9 +1286,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength, + } + src_rowsize = ((imagewidth * spp * bps) + 7U) / 8; + +- tilebuf = _TIFFmalloc(tile_buffsize); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tilebuf = _TIFFmalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (tilebuf == 0) + return 1; ++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES); + for (row = 0; row < imagelength; row += tl) + { + nrow = (row + tl > imagelength) ? imagelength - row : tl; +@@ -1323,7 +1336,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8* buf, uint32 imagelength + uint32 imagewidth, tsample_t spp, + struct dump_opts * dump) + { +- tdata_t obuf = _TIFFmalloc(TIFFTileSize(out)); ++ /* Add 3 padding bytes for extractContigSamples32bits */ ++ tdata_t obuf = _TIFFmalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + uint32 tl, tw; + uint32 row, col, nrow, ncol; + uint32 src_rowsize, col_offset; +@@ -1333,6 +1347,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8* buf, uint32 imagelength + + if (obuf == NULL) + return 1; ++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES); + + TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); + TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); +@@ -1754,14 +1769,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + + *opt_offset = '\0'; + /* convert option to lowercase */ +- end = strlen (opt_ptr); ++ end = (unsigned int)strlen (opt_ptr); + for (i = 0; i < end; i++) + *(opt_ptr + i) = tolower((int) *(opt_ptr + i)); + /* Look for dump format specification */ + if (strncmp(opt_ptr, "for", 3) == 0) + { + /* convert value to lowercase */ +- end = strlen (opt_offset + 1); ++ end = (unsigned int)strlen (opt_offset + 1); + for (i = 1; i <= end; i++) + *(opt_offset + i) = tolower((int) *(opt_offset + i)); + /* check dump format value */ +@@ -2213,6 +2228,8 @@ main(int argc, char* argv[]) + size_t length; + char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */ + ++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3); ++ + little_endian = *((unsigned char *)&little_endian) & '1'; + + initImageData(&image); +@@ -3114,13 +3131,13 @@ extractContigSamples32bits (uint8 *in, uint8 *out, uint32 cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3495,13 +3512,13 @@ extractContigSamplesShifted32bits (uint8 *in, uint8 *out, uint32 cols, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -3678,10 +3695,10 @@ extractContigSamplesToTileBuffer(uint8 *out, uint8 *in, uint32 rows, uint32 cols + static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) + { + uint8* bufp = buf; +- int32 bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint32 strip, nstrips = TIFFNumberOfStrips(in); +- uint32 stripsize = TIFFStripSize(in); +- uint32 rows = 0; ++ tmsize_t stripsize = TIFFStripSize(in); ++ tmsize_t rows = 0; + uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); + tsize_t scanline_size = TIFFScanlineSize(in); + +@@ -3694,13 +3711,12 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) + bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); + rows = bytes_read / scanline_size; + if ((strip < (nstrips - 1)) && (bytes_read != (int32)stripsize)) +- TIFFError("", "Strip %d: read %lu bytes, strip size %lu", +- (int)strip + 1, (unsigned long) bytes_read, +- (unsigned long)stripsize); ++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64, ++ strip + 1, bytes_read, stripsize); + + if (bytes_read < 0 && !ignore) { +- TIFFError("", "Error reading strip %lu after %lu rows", +- (unsigned long) strip, (unsigned long)rows); ++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows", ++ strip, rows); + return 0; + } + bufp += stripsize; +@@ -4164,13 +4180,13 @@ combineSeparateSamples32bits (uint8 *in[], uint8 *out, uint32 cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4213,10 +4229,10 @@ combineSeparateSamples32bits (uint8 *in[], uint8 *out, uint32 cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4689,13 +4705,13 @@ combineSeparateTileSamples32bits (uint8 *in[], uint8 *out, uint32 cols, + /* If we have a full buffer's worth, write it out */ + if (ready_bits >= 32) + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -4738,10 +4754,10 @@ combineSeparateTileSamples32bits (uint8 *in[], uint8 *out, uint32 cols, + "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d", + row + 1, col + 1, src_byte, src_bit, dst - out); + +- dump_long (dumpfile, format, "Match bits ", matchbits); ++ dump_wide (dumpfile, format, "Match bits ", matchbits); + dump_data (dumpfile, format, "Src bits ", src, 4); +- dump_long (dumpfile, format, "Buff1 bits ", buff1); +- dump_long (dumpfile, format, "Buff2 bits ", buff2); ++ dump_wide (dumpfile, format, "Buff1 bits ", buff1); ++ dump_wide (dumpfile, format, "Buff2 bits ", buff2); + dump_byte (dumpfile, format, "Write bits1", bytebuff1); + dump_byte (dumpfile, format, "Write bits2", bytebuff2); + dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits); +@@ -4764,7 +4780,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, + { + int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; + uint32 j; +- int32 bytes_read = 0; ++ tmsize_t bytes_read = 0; + uint16 bps = 0, planar; + uint32 nstrips; + uint32 strips_per_sample; +@@ -4830,7 +4846,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + srcbuffs[s] = NULL; +- buff = _TIFFmalloc(stripsize + 3); ++ buff = _TIFFmalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES); + if (!buff) + { + TIFFError ("readSeparateStripsIntoBuffer", +@@ -4853,7 +4869,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length, + buff = srcbuffs[s]; + strip = (s * strips_per_sample) + j; + bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize); +- rows_this_strip = bytes_read / src_rowsize; ++ rows_this_strip = (uint32)(bytes_read / src_rowsize); + if (bytes_read < 0 && !ignore) + { + TIFFError(TIFFFileName(in), +@@ -5860,13 +5876,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + uint16 input_compression = 0, input_photometric = 0; + uint16 subsampling_horiz, subsampling_vert; + uint32 width = 0, length = 0; +- uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; ++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0; ++ tmsize_t scanlinesize = 0; + uint32 tw = 0, tl = 0; /* Tile width and length */ +- uint32 tile_rowsize = 0; ++ tmsize_t tile_rowsize = 0; + unsigned char *read_buff = NULL; + unsigned char *new_buff = NULL; + int readunit = 0; +- static uint32 prev_readsize = 0; ++ static tmsize_t prev_readsize = 0; + + TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); +@@ -6168,7 +6185,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); ++ read_buff = (unsigned char *)_TIFFmalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { +@@ -6179,11 +6196,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + TIFFError("loadImage", "Unable to allocate/reallocate read buffer"); + return (-1); + } +- new_buff = _TIFFrealloc(read_buff, buffsize+3); ++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (read_buff); +- read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); ++ read_buff = (unsigned char *)_TIFFmalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + read_buff = new_buff; +@@ -6256,8 +6273,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c + dump_info (dump->infile, dump->format, "", + "Bits per sample %d, Samples per pixel %d", bps, spp); + ++ if ((uint64_t)scanlinesize > 0x0ffffffffULL) { ++ dump_info(dump->infile, dump->format, "loadImage", ++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.", ++ (uint64_t)scanlinesize); ++ } + for (i = 0; i < length; i++) +- dump_buffer(dump->infile, dump->format, 1, scanlinesize, ++ dump_buffer(dump->infile, dump->format, 1, (uint32)scanlinesize, + i, read_buff + (i * scanlinesize)); + } + return (0); +@@ -7277,13 +7299,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -7346,23 +7368,23 @@ createImageSection(uint32 sectsize, unsigned char **sect_buff_ptr) + + if (!sect_buff) + { +- sect_buff = (unsigned char *)_TIFFmalloc(sectsize); ++ sect_buff = (unsigned char *)_TIFFmalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + { + if (prev_sectsize < sectsize) + { +- new_buff = _TIFFrealloc(sect_buff, sectsize); ++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (sect_buff); +- sect_buff = (unsigned char *)_TIFFmalloc(sectsize); ++ sect_buff = (unsigned char *)_TIFFmalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + sect_buff = new_buff; +@@ -7372,7 +7394,7 @@ createImageSection(uint32 sectsize, unsigned char **sect_buff_ptr) + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } +- _TIFFmemset(sect_buff, 0, sectsize); ++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -7403,17 +7425,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[0].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7426,7 +7448,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[0].buffer = crop_buff; + seg_buffs[0].size = cropsize; + +@@ -7505,17 +7527,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + cropsize = crop->bufftotal; + crop_buff = seg_buffs[i].buffer; + if (!crop_buff) +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { + prev_cropsize = seg_buffs[0].size; + if (prev_cropsize < cropsize) + { +- next_buff = _TIFFrealloc(crop_buff, cropsize); ++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (! next_buff) + { + _TIFFfree (crop_buff); +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = next_buff; +@@ -7528,7 +7550,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + return (-1); + } + +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + seg_buffs[i].buffer = crop_buff; + seg_buffs[i].size = cropsize; + +@@ -7641,24 +7663,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + crop_buff = *crop_buff_ptr; + if (!crop_buff) + { +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + prev_cropsize = cropsize; + } + else + { + if (prev_cropsize < cropsize) + { +- new_buff = _TIFFrealloc(crop_buff, cropsize); ++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); + if (!new_buff) + { + free (crop_buff); +- crop_buff = (unsigned char *)_TIFFmalloc(cropsize); ++ crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + else + crop_buff = new_buff; +@@ -7667,7 +7689,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } +- _TIFFmemset(crop_buff, 0, cropsize); ++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES); + } + } + +@@ -7965,13 +7987,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image, + if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { + TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); + if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { +- int inknameslen = strlen(inknames) + 1; ++ int inknameslen = (int)strlen(inknames) + 1; + const char* cp = inknames; + while (ninks > 1) { + cp = strchr(cp, '\0'); + if (cp) { + cp++; +- inknameslen += (strlen(cp) + 1); ++ inknameslen += ((int)strlen(cp) + 1); + } + ninks--; + } +@@ -8356,13 +8378,13 @@ rotateContigSamples32bits(uint16 rotation, uint16 spp, uint16 bps, uint32 width, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -8431,12 +8453,13 @@ rotateImage(uint16 rotation, struct image_data *image, uint32 *img_width, + return (-1); + } + +- if (!(rbuff = (unsigned char *)_TIFFmalloc(buffsize))) ++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */ ++ if (!(rbuff = (unsigned char *)_TIFFmalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES))) + { +- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize); ++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } +- _TIFFmemset(rbuff, '\0', buffsize); ++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES); + + ibuff = *ibuff_ptr; + switch (rotation) +@@ -8964,13 +8987,13 @@ reverseSamples32bits (uint16 spp, uint16 bps, uint32 width, + } + else /* If we have a full buffer's worth, write it out */ + { +- bytebuff1 = (buff2 >> 56); ++ bytebuff1 = (uint8)(buff2 >> 56); + *dst++ = bytebuff1; +- bytebuff2 = (buff2 >> 48); ++ bytebuff2 = (uint8)(buff2 >> 48); + *dst++ = bytebuff2; +- bytebuff3 = (buff2 >> 40); ++ bytebuff3 = (uint8)(buff2 >> 40); + *dst++ = bytebuff3; +- bytebuff4 = (buff2 >> 32); ++ bytebuff4 = (uint8)(buff2 >> 32); + *dst++ = bytebuff4; + ready_bits -= 32; + +@@ -9061,12 +9084,13 @@ mirrorImage(uint16 spp, uint16 bps, uint16 mirror, uint32 width, uint32 length, + { + case MIRROR_BOTH: + case MIRROR_VERT: +- line_buff = (unsigned char *)_TIFFmalloc(rowsize); ++ line_buff = (unsigned char *)_TIFFmalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES); + if (line_buff == NULL) + { +- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize); ++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + + dst = ibuff + (rowsize * (length - 1)); + for (row = 0; row < length / 2; row++) +@@ -9098,11 +9122,12 @@ mirrorImage(uint16 spp, uint16 bps, uint16 mirror, uint32 width, uint32 length, + } + else + { /* non 8 bit per sample data */ +- if (!(line_buff = (unsigned char *)_TIFFmalloc(rowsize + 1))) ++ if (!(line_buff = (unsigned char *)_TIFFmalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES))) + { + TIFFError("mirrorImage", "Unable to allocate mirror line buffer"); + return (-1); + } ++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + bytes_per_sample = (bps + 7) / 8; + bytes_per_pixel = ((bps * spp) + 7) / 8; + if (bytes_per_pixel < (bytes_per_sample + 1)) +@@ -9114,7 +9139,7 @@ mirrorImage(uint16 spp, uint16 bps, uint16 mirror, uint32 width, uint32 length, + { + row_offset = row * rowsize; + src = ibuff + row_offset; +- _TIFFmemset (line_buff, '\0', rowsize); ++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES); + switch (shift_width) + { + case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff)) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch new file mode 100644 index 0000000000..18a4b4e0ff --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch @@ -0,0 +1,123 @@ +From f7c06c395daf1b2c52ab431e00db2d9fc2ac993e Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Tue, 10 May 2022 20:03:17 +0000 +Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349 + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 +Signed-off-by: Chee Yang Lee + +Origin: https://gitlab.com/libtiff/libtiff/-/commit/e319508023580e2f70e6e626f745b5b2a1707313 +Origin: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf +Origin: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba +Origin: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 +Reviewed-by: Sylvain Beucler +Last-Update: 2023-01-17 + +--- + tools/tiffcrop.c | 50 ++++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 42 insertions(+), 8 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index c923920..a0789a3 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -103,7 +103,12 @@ + * selects which functions dump data, with higher numbers selecting + * lower level, scanline level routines. Debug reports a limited set + * of messages to monitor progess without enabling dump logs. +- */ ++ * ++ * Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive. ++ * In no case should the options be applied to a given selection successively. ++ * Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options ++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. ++ */ + + static char tiffcrop_version_id[] = "2.4.1"; + static char tiffcrop_rev_date[] = "03-03-2010"; +@@ -176,12 +181,12 @@ extern int getopt(int argc, char * const argv[], const char *optstring); + #define ROTATECW_270 32 + #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270) + +-#define CROP_NONE 0 +-#define CROP_MARGINS 1 +-#define CROP_WIDTH 2 +-#define CROP_LENGTH 4 +-#define CROP_ZONES 8 +-#define CROP_REGIONS 16 ++#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */ ++#define CROP_MARGINS 1 /* "-m" */ ++#define CROP_WIDTH 2 /* "-X" */ ++#define CROP_LENGTH 4 /* "-Y" */ ++#define CROP_ZONES 8 /* "-Z" */ ++#define CROP_REGIONS 16 /* "-z" */ + #define CROP_ROTATE 32 + #define CROP_MIRROR 64 + #define CROP_INVERT 128 +@@ -323,7 +328,7 @@ struct crop_mask { + #define PAGE_MODE_RESOLUTION 1 + #define PAGE_MODE_PAPERSIZE 2 + #define PAGE_MODE_MARGINS 4 +-#define PAGE_MODE_ROWSCOLS 8 ++#define PAGE_MODE_ROWSCOLS 8 /* for -S option */ + + #define INVERT_DATA_ONLY 10 + #define INVERT_DATA_AND_TAG 11 +@@ -754,6 +759,12 @@ static char* usage_info[] = { + " The four debug/dump options are independent, though it makes little sense to", + " specify a dump file without specifying a detail level.", + " ", ++"Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive.", ++" In no case should the options be applied to a given selection successively.", ++" ", ++"Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options", ++" such as - H, -V, -P, -J or -K are not supported and may cause buffer overflows.", ++" ", + NULL + }; + +@@ -2112,6 +2123,27 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 + /*NOTREACHED*/ + } + } ++ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ ++ char XY, Z, R, S; ++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0; ++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0; ++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; ++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; ++ if (XY + Z + R + S > 1) { ++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* Check for not allowed combination: ++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options ++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. ++. */ ++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { ++ TIFFError("tiffcrop input error", ++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); ++ exit(EXIT_FAILURE); ++ } ++ + } /* end process_command_opts */ + + /* Start a new output file if one has not been previously opened or +@@ -2384,6 +2416,7 @@ main(int argc, char* argv[]) + exit (-1); + } + ++ /* Crop input image and copy zones and regions from input image into seg_buffs or crop_buff. */ + if (crop.selections > 0) + { + if (processCropSelections(&image, &crop, &read_buff, seg_buffs)) +@@ -2400,6 +2433,7 @@ main(int argc, char* argv[]) + exit (-1); + } + } ++ /* Format and write selected image parts to output file(s). */ + if (page.mode == PAGE_MODE_NONE) + { /* Whole image or sections not based on output page size */ + if (crop.selections > 0) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch new file mode 100644 index 0000000000..9689a99638 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch @@ -0,0 +1,277 @@ +From 01bca7e6f608da7696949fca6acda78b9935ba19 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Tue, 30 Aug 2022 16:56:48 +0200 +Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2022-3599 +Signed-off-by: Chee Yang Lee + +Origin: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 +Reviewed-by: Sylvain Beucler +Last-Update: 2023-01-17 + + TIFFTAG_NUMBEROFINKS value + +In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed: + +Behaviour for writing: + `NumberOfInks` MUST fit to the number of inks in the `InkNames` string. + `NumberOfInks` is automatically set when `InkNames` is set. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +Behaviour for reading: + When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string. + If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued. + If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued. + +This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow + +This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456. + +It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue. + +--- + libtiff/tif_dir.c | 120 ++++++++++++++++++++++++----------------- + libtiff/tif_dir.h | 2 + + libtiff/tif_dirinfo.c | 2 +- + libtiff/tif_dirwrite.c | 5 ++ + libtiff/tif_print.c | 4 ++ + 5 files changed, 83 insertions(+), 50 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 39aeeb4..9d8267a 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -29,6 +29,7 @@ + * (and also some miscellaneous stuff) + */ + #include "tiffiop.h" ++# include + + /* + * These are used in the backwards compatibility code... +@@ -137,32 +138,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32* v) + } + + /* +- * Confirm we have "samplesperpixel" ink names separated by \0. Returns ++ * Count ink names separated by \0. Returns + * zero if the ink names are not as expected. + */ +-static uint32 +-checkInkNamesString(TIFF* tif, uint32 slen, const char* s) ++static uint16 ++countInkNamesString(TIFF *tif, uint32 slen, const char *s) + { +- TIFFDirectory* td = &tif->tif_dir; +- uint16 i = td->td_samplesperpixel; ++ uint16 i = 0; ++ const char *ep = s + slen; ++ const char *cp = s; + + if (slen > 0) { +- const char* ep = s+slen; +- const char* cp = s; +- for (; i > 0; i--) { ++ do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) + goto bad; + cp++; /* skip \0 */ +- } +- return ((uint32)(cp-s)); ++ i++; ++ } while (cp < ep); ++ return (i); + } + bad: + TIFFErrorExt(tif->tif_clientdata, "TIFFSetField", +- "%s: Invalid InkNames value; expecting %d names, found %d", +- tif->tif_name, +- td->td_samplesperpixel, +- td->td_samplesperpixel-i); ++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink", ++ tif->tif_name, slen, i); + return (0); + } + +@@ -476,13 +475,61 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) + _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); + break; + case TIFFTAG_INKNAMES: +- v = (uint16) va_arg(ap, uint16_vap); +- s = va_arg(ap, char*); +- v = checkInkNamesString(tif, v, s); +- status = v > 0; +- if( v > 0 ) { +- _TIFFsetNString(&td->td_inknames, s, v); +- td->td_inknameslen = v; ++ { ++ v = (uint16) va_arg(ap, uint16_vap); ++ s = va_arg(ap, char*); ++ uint16 ninksinstring; ++ ninksinstring = countInkNamesString(tif, v, s); ++ status = ninksinstring > 0; ++ if(ninksinstring > 0 ) { ++ _TIFFsetNString(&td->td_inknames, s, v); ++ td->td_inknameslen = v; ++ /* Set NumberOfInks to the value ninksinstring */ ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (td->td_numberofinks != ninksinstring) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring); ++ td->td_numberofinks = ninksinstring; ++ } ++ } else { ++ td->td_numberofinks = ninksinstring; ++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS); ++ } ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel); ++ } ++ } ++ } ++ } ++ break; ++ case TIFFTAG_NUMBEROFINKS: ++ v = (uint16)va_arg(ap, uint16_vap); ++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */ ++ if (TIFFFieldSet(tif, FIELD_INKNAMES)) ++ { ++ if (v != td->td_numberofinks) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")", ++ tif->tif_name, fip->field_name, v, td->td_numberofinks); ++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */ ++ status = 0; ++ } ++ } else { ++ td->td_numberofinks = (uint16)v; ++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) ++ { ++ if (td->td_numberofinks != td->td_samplesperpixel) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"", ++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel); ++ } ++ } + } + break; + case TIFFTAG_PERSAMPLE: +@@ -887,34 +934,6 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) + if (fip->field_bit == FIELD_CUSTOM) { + standard_tag = 0; + } +- +- if( standard_tag == TIFFTAG_NUMBEROFINKS ) +- { +- int i; +- for (i = 0; i < td->td_customValueCount; i++) { +- uint16 val; +- TIFFTagValue *tv = td->td_customValues + i; +- if (tv->info->field_tag != standard_tag) +- continue; +- if( tv->value == NULL ) +- return 0; +- val = *(uint16 *)tv->value; +- /* Truncate to SamplesPerPixel, since the */ +- /* setting code for INKNAMES assume that there are SamplesPerPixel */ +- /* inknames. */ +- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ +- if( val > td->td_samplesperpixel ) +- { +- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", +- "Truncating NumberOfInks from %u to %u", +- val, td->td_samplesperpixel); +- val = td->td_samplesperpixel; +- } +- *va_arg(ap, uint16*) = val; +- return 1; +- } +- return 0; +- } + + switch (standard_tag) { + case TIFFTAG_SUBFILETYPE: +@@ -1092,6 +1111,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) + case TIFFTAG_INKNAMES: + *va_arg(ap, char**) = td->td_inknames; + break; ++ case TIFFTAG_NUMBEROFINKS: ++ *va_arg(ap, uint16 *) = td->td_numberofinks; ++ break; + default: + { + int i; +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index e7f0667..7cad679 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -117,6 +117,7 @@ typedef struct { + /* CMYK parameters */ + int td_inknameslen; + char* td_inknames; ++ uint16 td_numberofinks; /* number of inks in InkNames string */ + + int td_customValueCount; + TIFFTagValue *td_customValues; +@@ -174,6 +175,7 @@ typedef struct { + #define FIELD_TRANSFERFUNCTION 44 + #define FIELD_INKNAMES 46 + #define FIELD_SUBIFD 49 ++#define FIELD_NUMBEROFINKS 50 + /* FIELD_CUSTOM (see tiffio.h) 65 */ + /* end of support for well-known tags; codec-private tags follow */ + #define FIELD_CODEC 66 /* base of codec-private tags */ +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index fbfaaf0..bf7de70 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -104,7 +104,7 @@ tiffFields[] = { + { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray }, + { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL }, + { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL }, +- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL }, ++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL }, + { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL }, + { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL }, + { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL }, +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 9e4d306..a2dbc3b 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -677,6 +677,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) + if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames)) + goto bad; + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) ++ { ++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks)) ++ goto bad; ++ } + if (TIFFFieldSet(tif,FIELD_SUBIFD)) + { + if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir)) +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index a073794..a9f05a7 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -402,6 +402,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + } + fputs("\n", fd); + } ++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) { ++ fprintf(fd, " NumberOfInks: %d\n", ++ td->td_numberofinks); ++ } + if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { + fprintf(fd, " Thresholding: "); + switch (td->td_threshholding) { diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch new file mode 100644 index 0000000000..ea70827cbe --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch @@ -0,0 +1,45 @@ +From 7e87352217d1f0c77eee7033ac59e3aab08532bb Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 8 Nov 2022 15:16:58 +0100 +Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2022-3970 +Signed-off-by: Chee Yang Lee + +Origin: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be +Reviewed-by: Sylvain Beucler +Last-Update: 2023-01-17 + + strips/tiles > 2 GB + +Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 + +--- + libtiff/tif_getimage.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index 96ab146..0b90dcc 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -3042,15 +3042,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32 col, uint32 row, uint32 * raster, int stop + return( ok ); + + for( i_row = 0; i_row < read_ysize; i_row++ ) { +- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize, +- raster + (read_ysize - i_row - 1) * read_xsize, ++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, ++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize, + read_xsize * sizeof(uint32) ); +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize, + 0, sizeof(uint32) * (tile_xsize - read_xsize) ); + } + + for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) { +- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize, ++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize, + 0, sizeof(uint32) * tile_xsize ); + } + diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch new file mode 100644 index 0000000000..5747202bd9 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch @@ -0,0 +1,26 @@ +From 424c82b5b33256e7f03faace51dc8010f3ded9ff Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Sat, 21 Jan 2023 15:58:10 +0000 +Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz] +CVE: CVE-2022-48281 +Signed-off-by: Chee Yang Lee + +--- + tools/tiffcrop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index a0789a3..8aed9cd 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -7564,7 +7564,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + crop_buff = (unsigned char *)_TIFFmalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { +- prev_cropsize = seg_buffs[0].size; ++ prev_cropsize = seg_buffs[i].size; + if (prev_cropsize < cropsize) + { + next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch new file mode 100644 index 0000000000..253018525a --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch @@ -0,0 +1,157 @@ +From 7808740e100ba30ffb791044f3b14dec3e85ed6f Mon Sep 17 00:00:00 2001 +From: Markus Koschany +Date: Tue, 21 Feb 2023 14:26:43 +0100 +Subject: [PATCH] CVE-2023-0795 + +This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, +CVE-2023-0799. + +Bug-Debian: https://bugs.debian.org/1031632 +Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 +Signed-off-by: Chee Yang Lee +--- + tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++-------------------- + 1 file changed, 30 insertions(+), 21 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 8aed9cd..f21a7d7 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -277,7 +277,6 @@ struct region { + uint32 width; /* width in pixels */ + uint32 length; /* length in pixels */ + uint32 buffsize; /* size of buffer needed to hold the cropped region */ +- unsigned char *buffptr; /* address of start of the region */ + }; + + /* Cropping parameters from command line and image data +@@ -532,7 +531,7 @@ static int rotateContigSamples24bits(uint16, uint16, uint16, uint32, + static int rotateContigSamples32bits(uint16, uint16, uint16, uint32, + uint32, uint32, uint8 *, uint8 *); + static int rotateImage(uint16, struct image_data *, uint32 *, uint32 *, +- unsigned char **); ++ unsigned char **, int); + static int mirrorImage(uint16, uint16, uint16, uint32, uint32, + unsigned char *); + static int invertImage(uint16, uint16, uint16, uint32, uint32, +@@ -5112,7 +5111,6 @@ initCropMasks (struct crop_mask *cps) + cps->regionlist[i].width = 0; + cps->regionlist[i].length = 0; + cps->regionlist[i].buffsize = 0; +- cps->regionlist[i].buffptr = NULL; + cps->zonelist[i].position = 0; + cps->zonelist[i].total = 0; + } +@@ -6358,8 +6356,13 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b + image->adjustments & ROTATE_ANY); + return (-1); + } +- +- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr)) ++ ++ /* Dummy variable in order not to switch two times the ++ * image->width,->length within rotateImage(), ++ * but switch xres, yres there. */ ++ uint32_t width = image->width; ++ uint32_t length = image->length; ++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE)) + { + TIFFError ("correct_orientation", "Unable to rotate image"); + return (-1); +@@ -6427,7 +6430,6 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop, + /* These should not be needed for composite images */ + crop->regionlist[i].width = crop_width; + crop->regionlist[i].length = crop_length; +- crop->regionlist[i].buffptr = crop_buff; + + src_rowsize = ((img_width * bps * spp) + 7) / 8; + dst_rowsize = (((crop_width * bps * count) + 7) / 8); +@@ -6664,7 +6666,6 @@ extractSeparateRegion(struct image_data *image, struct crop_mask *crop, + + crop->regionlist[region].width = crop_width; + crop->regionlist[region].length = crop_length; +- crop->regionlist[region].buffptr = crop_buff; + + src = read_buff; + dst = crop_buff; +@@ -7542,7 +7543,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, &crop_buff)) ++ &crop->combined_length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate composite regions by %d degrees", crop->rotation); +@@ -7648,7 +7649,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, +- &crop->regionlist[i].length, &crop_buff)) ++ &crop->regionlist[i].length, &crop_buff, FALSE)) + { + TIFFError("processCropSelections", + "Failed to rotate crop region by %d degrees", crop->rotation); +@@ -7780,7 +7781,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, crop_buff_ptr)) ++ &crop->combined_length, crop_buff_ptr, TRUE)) + { + TIFFError("createCroppedImage", + "Failed to rotate image or cropped selection by %d degrees", crop->rotation); +@@ -8443,7 +8444,7 @@ rotateContigSamples32bits(uint16 rotation, uint16 spp, uint16 bps, uint32 width, + /* Rotate an image by a multiple of 90 degrees clockwise */ + static int + rotateImage(uint16 rotation, struct image_data *image, uint32 *img_width, +- uint32 *img_length, unsigned char **ibuff_ptr) ++ uint32 *img_length, unsigned char **ibuff_ptr, int rot_image_params) + { + int shift_width; + uint32 bytes_per_pixel, bytes_per_sample; +@@ -8634,11 +8635,15 @@ rotateImage(uint16 rotation, struct image_data *image, uint32 *img_width, + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + + case 270: if ((bps % 8) == 0) /* byte aligned data */ +@@ -8711,11 +8716,15 @@ rotateImage(uint16 rotation, struct image_data *image, uint32 *img_width, + + *img_width = length; + *img_length = width; +- image->width = length; +- image->length = width; +- res_temp = image->xres; +- image->xres = image->yres; +- image->yres = res_temp; ++ /* Only toggle image parameters if whole input image is rotated. */ ++ if (rot_image_params) ++ { ++ image->width = length; ++ image->length = width; ++ res_temp = image->xres; ++ image->xres = image->yres; ++ image->yres = res_temp; ++ } + break; + default: + break; diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch new file mode 100644 index 0000000000..bf1a439b4d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch @@ -0,0 +1,135 @@ +From e18be834497e0ebf68d443abb9e18187f36cd3bf Mon Sep 17 00:00:00 2001 +From: Markus Koschany +Date: Tue, 21 Feb 2023 14:39:52 +0100 +Subject: [PATCH] CVE-2023-0800 + +This is also the fix for CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, +CVE-2023-0804. + +Bug-Debian: https://bugs.debian.org/1031632 +Origin: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + +Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] +CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 +Signed-off-by: Chee Yang Lee +--- + tools/tiffcrop.c | 73 +++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 69 insertions(+), 4 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index f21a7d7..742615a 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -5250,18 +5250,40 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, + + crop->regionlist[i].buffsize = buffsize; + crop->bufftotal += buffsize; ++ ++ /* For composite images with more than one region, the ++ * combined_length or combined_width always needs to be equal, ++ * respectively. ++ * Otherwise, even the first section/region copy ++ * action might cause buffer overrun. */ + if (crop->img_mode == COMPOSITE_IMAGES) + { + switch (crop->edge_ref) + { + case EDGE_LEFT: + case EDGE_RIGHT: ++ if (i > 0 && zlength != crop->combined_length) ++ { ++ TIFFError( ++ "computeInputPixelOffsets", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (-1); ++ } + crop->combined_length = zlength; + crop->combined_width += zwidth; + break; + case EDGE_BOTTOM: + case EDGE_TOP: /* width from left, length from top */ + default: ++ if (i > 0 && zwidth != crop->combined_width) ++ { ++ TIFFError("computeInputPixelOffsets", ++ "Only equal width regions can be " ++ "combined for -E " ++ "top or bottom"); ++ return (-1); ++ } + crop->combined_width = zwidth; + crop->combined_length += zlength; + break; +@@ -6416,6 +6438,47 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop, + crop->combined_width = 0; + crop->combined_length = 0; + ++ /* If there is more than one region, check beforehand whether all the width ++ * and length values of the regions are the same, respectively. */ ++ switch (crop->edge_ref) ++ { ++ default: ++ case EDGE_TOP: ++ case EDGE_BOTTOM: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_width0 = ++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; ++ uint32_t crop_width1 = ++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; ++ if (crop_width0 != crop_width1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal width regions can be combined for -E " ++ "top or bottom"); ++ return (1); ++ } ++ } ++ break; ++ case EDGE_LEFT: ++ case EDGE_RIGHT: ++ for (i = 1; i < crop->selections; i++) ++ { ++ uint32_t crop_length0 = ++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; ++ uint32_t crop_length1 = ++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; ++ if (crop_length0 != crop_length1) ++ { ++ TIFFError("extractCompositeRegions", ++ "Only equal length regions can be combined for " ++ "-E left or right"); ++ return (1); ++ } ++ } ++ } ++ ++ + for (i = 0; i < crop->selections; i++) + { + /* rows, columns, width, length are expressed in pixels */ +@@ -6439,8 +6502,9 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop, + default: + case EDGE_TOP: + case EDGE_BOTTOM: +- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) +- { ++ if ((crop->selections > i + 1) && ++ (crop_width != crop->regionlist[i + 1].width)) ++ { + TIFFError ("extractCompositeRegions", + "Only equal width regions can be combined for -E top or bottom"); + return (1); +@@ -6520,8 +6584,9 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop, + break; + case EDGE_LEFT: /* splice the pieces of each row together, side by side */ + case EDGE_RIGHT: +- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) +- { ++ if ((crop->selections > i + 1) && ++ (crop_length != crop->regionlist[i + 1].length)) ++ { + TIFFError ("extractCompositeRegions", + "Only equal length regions can be combined for -E left or right"); + return (1); diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 74ececb113..4b48d81e2b 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -29,6 +29,13 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch \ file://CVE-2022-1354.patch \ file://CVE-2022-1355.patch \ + file://CVE-2022-3570_3598.patch \ + file://CVE-2022-3597_3626_3627.patch \ + file://CVE-2022-3599.patch \ + file://CVE-2022-3970.patch \ + file://CVE-2022-48281.patch \ + file://CVE-2023-0795_0796_0797_0798_0799.patch \ + file://CVE-2023-0800_0801_0802_0803_0804.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" From patchwork Tue Mar 7 22:47:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73544C74A44 for ; Tue, 7 Mar 2023 22:48:26 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web11.8693.1678229304978679545 for ; Tue, 07 Mar 2023 14:48:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=TVxo+UPq; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id nn12so45090pjb.5 for ; Tue, 07 Mar 2023 14:48:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229304; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=T+sGYa05aYSvbnXIiUsoRnRNrxZfFrXHsqdkkSm2SW8=; b=TVxo+UPqvStyZHvBkx4blm+Zq5R3ZFdKxmxqCPY+18bWjykmipKFdrrbvTVLW2Deen xFGxoIYV8JDN//eJ7D11sAxP7IvAqIc6AQTr7aaCorwABwc/kIZiixdr/0haca8njvvE r4ikPSTkY5HIEMMPSogNqD4SUI5ImcXxg8vffDm8YwqtsLkQfWVJiJUN/u3A+wt2yWRZ CAjbimSfoZG0la8XSWkIXjVA6lFN5HAD5igTijIfTs7PqOJoJj/nMJbtV2W08FuSVprQ CJMceoq8PBUY3q8DJPh4VBM5uxXFXJREmFmc5tfQWMe5UXUf4GJBGaE2vu3yLfALy7BX Q1Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229304; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T+sGYa05aYSvbnXIiUsoRnRNrxZfFrXHsqdkkSm2SW8=; b=FD/bbD/Bz0VkZm5mfhO38fXFmXheyxexkRK1NZMfS6HF1U3JJYCrnCVMQFGidYKaJQ WyH21KfYFjoRl+fJk/GIDifYUIVObQfEPpuZuGH7Z2ggunm7A6pMwbhFfsE25l1baRTa JV7ia6kx3eHAf0gW3cuqP2VVTSID+iJn/wRGkwdscmliPQxpnDODqFZkB/bbkldk5T67 JclJ7CQueUSPGxzDAWAg74rsMOX9yXHVrX5M02cbI5yvd46NCYZnqvAO6r23tylXXq5C 5Zpt0RPxL6JTpw8kN8Q3KObHkMbU029M70wP8X7JpyuYKBkh1M6XqmWwrQPdJNFm6o6/ kxRw== X-Gm-Message-State: AO0yUKWL2zR7tyUdtTGNcGha0hkUbLx0Mte1k7W72OvrX3FfVBtv48Zi t/lofJRS1oYn4wGWAxT8DQhgvdiRTLJDFAdUbRc= X-Google-Smtp-Source: AK7set9cCAOPCcxztnznnkJpq0d3XpwFWH41WjxxET5DPlA8wtVjq43YAOZOdsqw6HN27aE7xEmqMA== X-Received: by 2002:a05:6a20:3d24:b0:cd:5334:e261 with SMTP id y36-20020a056a203d2400b000cd5334e261mr17679555pzi.12.1678229302909; Tue, 07 Mar 2023 14:48:22 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:22 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/23] git: Security fix for CVE-2022-41903 Date: Tue, 7 Mar 2023 12:47:37 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178125 From: Vijay Anusuri Upstream-Status: Backport from https://github.com/git/git/commit/a244dc5b & https://github.com/git/git/commit/81dc898d & https://github.com/git/git/commit/b49f309a & https://github.com/git/git/commit/f6e0b9f3 & https://github.com/git/git/commit/1de69c0c & https://github.com/git/git/commit/48050c42 & https://github.com/git/git/commit/522cc87f & https://github.com/git/git/commit/17d23e8a & https://github.com/git/git/commit/937b71cc & https://github.com/git/git/commit/81c2d4c3 & https://github.com/git/git/commit/f930a239 & https://github.com/git/git/commit/304a50ad Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../git/files/CVE-2022-41903-01.patch | 39 ++++ .../git/files/CVE-2022-41903-02.patch | 187 ++++++++++++++++++ .../git/files/CVE-2022-41903-03.patch | 146 ++++++++++++++ .../git/files/CVE-2022-41903-04.patch | 150 ++++++++++++++ .../git/files/CVE-2022-41903-05.patch | 98 +++++++++ .../git/files/CVE-2022-41903-06.patch | 90 +++++++++ .../git/files/CVE-2022-41903-07.patch | 123 ++++++++++++ .../git/files/CVE-2022-41903-08.patch | 67 +++++++ .../git/files/CVE-2022-41903-09.patch | 162 +++++++++++++++ .../git/files/CVE-2022-41903-10.patch | 99 ++++++++++ .../git/files/CVE-2022-41903-11.patch | 90 +++++++++ .../git/files/CVE-2022-41903-12.patch | 124 ++++++++++++ meta/recipes-devtools/git/git.inc | 12 ++ 13 files changed, 1387 insertions(+) create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-01.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-02.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-03.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-04.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-05.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-06.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-07.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-08.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-09.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-10.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-11.patch create mode 100644 meta/recipes-devtools/git/files/CVE-2022-41903-12.patch diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-01.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-01.patch new file mode 100644 index 0000000000..87091abd47 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-01.patch @@ -0,0 +1,39 @@ +From a244dc5b0a629290881641467c7a545de7508ab2 Mon Sep 17 00:00:00 2001 +From: Carlo Marcelo Arenas Belón +Date: Tue, 2 Nov 2021 15:46:06 +0000 +Subject: [PATCH 01/12] test-lib: add prerequisite for 64-bit platforms + +Allow tests that assume a 64-bit `size_t` to be skipped in 32-bit +platforms and regardless of the size of `long`. + +This imitates the `LONG_IS_64BIT` prerequisite. + +Signed-off-by: Carlo Marcelo Arenas Belón +Signed-off-by: Johannes Schindelin +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + t/test-lib.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/t/test-lib.sh b/t/test-lib.sh +index e06fa02..db5ec2f 100644 +--- a/t/test-lib.sh ++++ b/t/test-lib.sh +@@ -1613,6 +1613,10 @@ build_option () { + sed -ne "s/^$1: //p" + } + ++test_lazy_prereq SIZE_T_IS_64BIT ' ++ test 8 -eq "$(build_option sizeof-size_t)" ++' ++ + test_lazy_prereq LONG_IS_64BIT ' + test 8 -le "$(build_option sizeof-long)" + ' +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-02.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-02.patch new file mode 100644 index 0000000000..f35e55b585 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-02.patch @@ -0,0 +1,187 @@ +From 81dc898df9b4b4035534a927f3234a3839b698bf Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:25 +0100 +Subject: [PATCH 02/12] pretty: fix out-of-bounds write caused by integer overflow + +When using a padding specifier in the pretty format passed to git-log(1) +we need to calculate the string length in several places. These string +lengths are stored in `int`s though, which means that these can easily +overflow when the input lengths exceeds 2GB. This can ultimately lead to +an out-of-bounds write when these are used in a call to memcpy(3P): + + ==8340==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f1ec62f97fe at pc 0x7f2127e5f427 bp 0x7ffd3bd63de0 sp 0x7ffd3bd63588 + WRITE of size 1 at 0x7f1ec62f97fe thread T0 + #0 0x7f2127e5f426 in __interceptor_memcpy /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 + #1 0x5628e96aa605 in format_and_pad_commit pretty.c:1762 + #2 0x5628e96aa7f4 in format_commit_item pretty.c:1801 + #3 0x5628e97cdb24 in strbuf_expand strbuf.c:429 + #4 0x5628e96ab060 in repo_format_commit_message pretty.c:1869 + #5 0x5628e96acd0f in pretty_print_commit pretty.c:2161 + #6 0x5628e95a44c8 in show_log log-tree.c:781 + #7 0x5628e95a76ba in log_tree_commit log-tree.c:1117 + #8 0x5628e922bed5 in cmd_log_walk_no_free builtin/log.c:508 + #9 0x5628e922c35b in cmd_log_walk builtin/log.c:549 + #10 0x5628e922f1a2 in cmd_log builtin/log.c:883 + #11 0x5628e9106993 in run_builtin git.c:466 + #12 0x5628e9107397 in handle_builtin git.c:721 + #13 0x5628e9107b07 in run_argv git.c:788 + #14 0x5628e91088a7 in cmd_main git.c:923 + #15 0x5628e939d682 in main common-main.c:57 + #16 0x7f2127c3c28f (/usr/lib/libc.so.6+0x2328f) + #17 0x7f2127c3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #18 0x5628e91020e4 in _start ../sysdeps/x86_64/start.S:115 + + 0x7f1ec62f97fe is located 2 bytes to the left of 4831838265-byte region [0x7f1ec62f9800,0x7f1fe62f9839) + allocated by thread T0 here: + #0 0x7f2127ebe7ea in __interceptor_realloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 + #1 0x5628e98774d4 in xrealloc wrapper.c:136 + #2 0x5628e97cb01c in strbuf_grow strbuf.c:99 + #3 0x5628e97ccd42 in strbuf_addchars strbuf.c:327 + #4 0x5628e96aa55c in format_and_pad_commit pretty.c:1761 + #5 0x5628e96aa7f4 in format_commit_item pretty.c:1801 + #6 0x5628e97cdb24 in strbuf_expand strbuf.c:429 + #7 0x5628e96ab060 in repo_format_commit_message pretty.c:1869 + #8 0x5628e96acd0f in pretty_print_commit pretty.c:2161 + #9 0x5628e95a44c8 in show_log log-tree.c:781 + #10 0x5628e95a76ba in log_tree_commit log-tree.c:1117 + #11 0x5628e922bed5 in cmd_log_walk_no_free builtin/log.c:508 + #12 0x5628e922c35b in cmd_log_walk builtin/log.c:549 + #13 0x5628e922f1a2 in cmd_log builtin/log.c:883 + #14 0x5628e9106993 in run_builtin git.c:466 + #15 0x5628e9107397 in handle_builtin git.c:721 + #16 0x5628e9107b07 in run_argv git.c:788 + #17 0x5628e91088a7 in cmd_main git.c:923 + #18 0x5628e939d682 in main common-main.c:57 + #19 0x7f2127c3c28f (/usr/lib/libc.so.6+0x2328f) + #20 0x7f2127c3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #21 0x5628e91020e4 in _start ../sysdeps/x86_64/start.S:115 + + SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy + Shadow bytes around the buggy address: + 0x0fe458c572a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0fe458c572b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0fe458c572c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0fe458c572d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0fe458c572e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + =>0x0fe458c572f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] + 0x0fe458c57300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0fe458c57310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0fe458c57320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0fe458c57330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0fe458c57340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb + ==8340==ABORTING + +The pretty format can also be used in `git archive` operations via the +`export-subst` attribute. So this is what in our opinion makes this a +critical issue in the context of Git forges which allow to download an +archive of user supplied Git repositories. + +Fix this vulnerability by using `size_t` instead of `int` to track the +string lengths. Add tests which detect this vulnerability when Git is +compiled with the address sanitizer. + +Reported-by: Joern Schneeweisz +Original-patch-by: Joern Schneeweisz +Modified-by: Taylor Blau +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/81dc898df9b4b4035534a927f3234a3839b698bf] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + pretty.c | 11 ++++++----- + t/t4205-log-pretty-formats.sh | 17 +++++++++++++++++ + 2 files changed, 23 insertions(+), 5 deletions(-) + +diff --git a/pretty.c b/pretty.c +index b32f036..637e344 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -1427,7 +1427,9 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + struct format_commit_context *c) + { + struct strbuf local_sb = STRBUF_INIT; +- int total_consumed = 0, len, padding = c->padding; ++ size_t total_consumed = 0; ++ int len, padding = c->padding; ++ + if (padding < 0) { + const char *start = strrchr(sb->buf, '\n'); + int occupied; +@@ -1439,7 +1441,7 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + } + while (1) { + int modifier = *placeholder == 'C'; +- int consumed = format_commit_one(&local_sb, placeholder, c); ++ size_t consumed = format_commit_one(&local_sb, placeholder, c); + total_consumed += consumed; + + if (!modifier) +@@ -1505,7 +1507,7 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + } + strbuf_addbuf(sb, &local_sb); + } else { +- int sb_len = sb->len, offset = 0; ++ size_t sb_len = sb->len, offset = 0; + if (c->flush_type == flush_left) + offset = padding - len; + else if (c->flush_type == flush_both) +@@ -1528,8 +1530,7 @@ static size_t format_commit_item(struct strbuf *sb, /* in UTF-8 */ + const char *placeholder, + void *context) + { +- int consumed; +- size_t orig_len; ++ size_t consumed, orig_len; + enum { + NO_MAGIC, + ADD_LF_BEFORE_NON_EMPTY, +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index f42a69f..a2acee1 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -788,4 +788,21 @@ test_expect_success '%S in git log --format works with other placeholders (part + test_cmp expect actual + ' + ++test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' ++ # We only assert that this command does not crash. This needs to be ++ # executed with the address sanitizer to demonstrate failure. ++ git log -1 --pretty="format:%>(2147483646)%x41%41%>(2147483646)%x41" >/dev/null ++' ++ ++test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'set up huge commit' ' ++ test-tool genzeros 2147483649 | tr "\000" "1" >expect && ++ huge_commit=$(git commit-tree -F expect HEAD^{tree}) ++' ++ ++test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' ++ git log -1 --format="%B%<(1)%x30" $huge_commit >actual && ++ echo 0 >>expect && ++ test_cmp expect actual ++' ++ + test_done +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-03.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-03.patch new file mode 100644 index 0000000000..d83d77eaf7 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-03.patch @@ -0,0 +1,146 @@ +From b49f309aa16febeddb65e82526640a91bbba3be3 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:30 +0100 +Subject: [PATCH 03/12] pretty: fix out-of-bounds read when left-flushing with stealing + +With the `%>>()` pretty formatter, you can ask git-log(1) et al to +steal spaces. To do so we need to look ahead of the next token to see +whether there are spaces there. This loop takes into account ANSI +sequences that end with an `m`, and if it finds any it will skip them +until it finds the first space. While doing so it does not take into +account the buffer's limits though and easily does an out-of-bounds +read. + +Add a test that hits this behaviour. While we don't have an easy way to +verify this, the test causes the following failure when run with +`SANITIZE=address`: + + ==37941==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000baf at pc 0x55ba6f88e0d0 bp 0x7ffc84c50d20 sp 0x7ffc84c50d10 + READ of size 1 at 0x603000000baf thread T0 + #0 0x55ba6f88e0cf in format_and_pad_commit pretty.c:1712 + #1 0x55ba6f88e7b4 in format_commit_item pretty.c:1801 + #2 0x55ba6f9b1ae4 in strbuf_expand strbuf.c:429 + #3 0x55ba6f88f020 in repo_format_commit_message pretty.c:1869 + #4 0x55ba6f890ccf in pretty_print_commit pretty.c:2161 + #5 0x55ba6f7884c8 in show_log log-tree.c:781 + #6 0x55ba6f78b6ba in log_tree_commit log-tree.c:1117 + #7 0x55ba6f40fed5 in cmd_log_walk_no_free builtin/log.c:508 + #8 0x55ba6f41035b in cmd_log_walk builtin/log.c:549 + #9 0x55ba6f4131a2 in cmd_log builtin/log.c:883 + #10 0x55ba6f2ea993 in run_builtin git.c:466 + #11 0x55ba6f2eb397 in handle_builtin git.c:721 + #12 0x55ba6f2ebb07 in run_argv git.c:788 + #13 0x55ba6f2ec8a7 in cmd_main git.c:923 + #14 0x55ba6f581682 in main common-main.c:57 + #15 0x7f2d08c3c28f (/usr/lib/libc.so.6+0x2328f) + #16 0x7f2d08c3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #17 0x55ba6f2e60e4 in _start ../sysdeps/x86_64/start.S:115 + + 0x603000000baf is located 1 bytes to the left of 24-byte region [0x603000000bb0,0x603000000bc8) + allocated by thread T0 here: + #0 0x7f2d08ebe7ea in __interceptor_realloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 + #1 0x55ba6fa5b494 in xrealloc wrapper.c:136 + #2 0x55ba6f9aefdc in strbuf_grow strbuf.c:99 + #3 0x55ba6f9b0a06 in strbuf_add strbuf.c:298 + #4 0x55ba6f9b1a25 in strbuf_expand strbuf.c:418 + #5 0x55ba6f88f020 in repo_format_commit_message pretty.c:1869 + #6 0x55ba6f890ccf in pretty_print_commit pretty.c:2161 + #7 0x55ba6f7884c8 in show_log log-tree.c:781 + #8 0x55ba6f78b6ba in log_tree_commit log-tree.c:1117 + #9 0x55ba6f40fed5 in cmd_log_walk_no_free builtin/log.c:508 + #10 0x55ba6f41035b in cmd_log_walk builtin/log.c:549 + #11 0x55ba6f4131a2 in cmd_log builtin/log.c:883 + #12 0x55ba6f2ea993 in run_builtin git.c:466 + #13 0x55ba6f2eb397 in handle_builtin git.c:721 + #14 0x55ba6f2ebb07 in run_argv git.c:788 + #15 0x55ba6f2ec8a7 in cmd_main git.c:923 + #16 0x55ba6f581682 in main common-main.c:57 + #17 0x7f2d08c3c28f (/usr/lib/libc.so.6+0x2328f) + #18 0x7f2d08c3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #19 0x55ba6f2e60e4 in _start ../sysdeps/x86_64/start.S:115 + + SUMMARY: AddressSanitizer: heap-buffer-overflow pretty.c:1712 in format_and_pad_commit + Shadow bytes around the buggy address: + 0x0c067fff8120: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd + 0x0c067fff8130: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa + 0x0c067fff8140: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa + 0x0c067fff8150: fa fa fd fd fd fd fa fa 00 00 00 fa fa fa fd fd + 0x0c067fff8160: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa + =>0x0c067fff8170: fd fd fd fa fa[fa]00 00 00 fa fa fa 00 00 00 fa + 0x0c067fff8180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff8190: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff81a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff81b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb + +Luckily enough, this would only cause us to copy the out-of-bounds data +into the formatted commit in case we really had an ANSI sequence +preceding our buffer. So this bug likely has no security consequences. + +Fix it regardless by not traversing past the buffer's start. + +Reported-by: Patrick Steinhardt +Reported-by: Eric Sesterhenn +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/b49f309aa16febeddb65e82526640a91bbba3be3] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + pretty.c | 2 +- + t/t4205-log-pretty-formats.sh | 6 ++++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/pretty.c b/pretty.c +index 637e344..4348a82 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -1468,7 +1468,7 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + if (*ch != 'm') + break; + p = ch - 1; +- while (ch - p < 10 && *p != '\033') ++ while (p > sb->buf && ch - p < 10 && *p != '\033') + p--; + if (*p != '\033' || + ch + 1 - p != display_mode_esc_sequence_len(p)) +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index a2acee1..e69caba 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -788,6 +788,12 @@ test_expect_success '%S in git log --format works with other placeholders (part + test_cmp expect actual + ' + ++test_expect_success 'log --pretty with space stealing' ' ++ printf mm0 >expect && ++ git log -1 --pretty="format:mm%>>|(1)%x30" >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-04.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-04.patch new file mode 100644 index 0000000000..9e3c74ff67 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-04.patch @@ -0,0 +1,150 @@ +From f6e0b9f38987ad5e47bab551f8760b70689a5905 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:34 +0100 +Subject: [PATCH 04/12] pretty: fix out-of-bounds read when parsing invalid padding format + +An out-of-bounds read can be triggered when parsing an incomplete +padding format string passed via `--pretty=format` or in Git archives +when files are marked with the `export-subst` gitattribute. + +This bug exists since we have introduced support for truncating output +via the `trunc` keyword a7f01c6 (pretty: support truncating in %>, %< +and %><, 2013-04-19). Before this commit, we used to find the end of the +formatting string by using strchr(3P). This function returns a `NULL` +pointer in case the character in question wasn't found. The subsequent +check whether any character was found thus simply checked the returned +pointer. After the commit we switched to strcspn(3P) though, which only +returns the offset to the first found character or to the trailing NUL +byte. As the end pointer is now computed by adding the offset to the +start pointer it won't be `NULL` anymore, and as a consequence the check +doesn't do anything anymore. + +The out-of-bounds data that is being read can in fact end up in the +formatted string. As a consequence, it is possible to leak memory +contents either by calling git-log(1) or via git-archive(1) when any of +the archived files is marked with the `export-subst` gitattribute. + + ==10888==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000398 at pc 0x7f0356047cb2 bp 0x7fff3ffb95d0 sp 0x7fff3ffb8d78 + READ of size 1 at 0x602000000398 thread T0 + #0 0x7f0356047cb1 in __interceptor_strchrnul /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:725 + #1 0x563b7cec9a43 in strbuf_expand strbuf.c:417 + #2 0x563b7cda7060 in repo_format_commit_message pretty.c:1869 + #3 0x563b7cda8d0f in pretty_print_commit pretty.c:2161 + #4 0x563b7cca04c8 in show_log log-tree.c:781 + #5 0x563b7cca36ba in log_tree_commit log-tree.c:1117 + #6 0x563b7c927ed5 in cmd_log_walk_no_free builtin/log.c:508 + #7 0x563b7c92835b in cmd_log_walk builtin/log.c:549 + #8 0x563b7c92b1a2 in cmd_log builtin/log.c:883 + #9 0x563b7c802993 in run_builtin git.c:466 + #10 0x563b7c803397 in handle_builtin git.c:721 + #11 0x563b7c803b07 in run_argv git.c:788 + #12 0x563b7c8048a7 in cmd_main git.c:923 + #13 0x563b7ca99682 in main common-main.c:57 + #14 0x7f0355e3c28f (/usr/lib/libc.so.6+0x2328f) + #15 0x7f0355e3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #16 0x563b7c7fe0e4 in _start ../sysdeps/x86_64/start.S:115 + + 0x602000000398 is located 0 bytes to the right of 8-byte region [0x602000000390,0x602000000398) + allocated by thread T0 here: + #0 0x7f0356072faa in __interceptor_strdup /usr/src/debug/gcc/libsanitizer/asan/asan_interceptors.cpp:439 + #1 0x563b7cf7317c in xstrdup wrapper.c:39 + #2 0x563b7cd9a06a in save_user_format pretty.c:40 + #3 0x563b7cd9b3e5 in get_commit_format pretty.c:173 + #4 0x563b7ce54ea0 in handle_revision_opt revision.c:2456 + #5 0x563b7ce597c9 in setup_revisions revision.c:2850 + #6 0x563b7c9269e0 in cmd_log_init_finish builtin/log.c:269 + #7 0x563b7c927362 in cmd_log_init builtin/log.c:348 + #8 0x563b7c92b193 in cmd_log builtin/log.c:882 + #9 0x563b7c802993 in run_builtin git.c:466 + #10 0x563b7c803397 in handle_builtin git.c:721 + #11 0x563b7c803b07 in run_argv git.c:788 + #12 0x563b7c8048a7 in cmd_main git.c:923 + #13 0x563b7ca99682 in main common-main.c:57 + #14 0x7f0355e3c28f (/usr/lib/libc.so.6+0x2328f) + #15 0x7f0355e3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #16 0x563b7c7fe0e4 in _start ../sysdeps/x86_64/start.S:115 + + SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:725 in __interceptor_strchrnul + Shadow bytes around the buggy address: + 0x0c047fff8020: fa fa fd fd fa fa 00 06 fa fa 05 fa fa fa fd fd + 0x0c047fff8030: fa fa 00 02 fa fa 06 fa fa fa 05 fa fa fa fd fd + 0x0c047fff8040: fa fa 00 07 fa fa 03 fa fa fa fd fd fa fa 00 00 + 0x0c047fff8050: fa fa 00 01 fa fa fd fd fa fa 00 00 fa fa 00 01 + 0x0c047fff8060: fa fa 00 06 fa fa 00 06 fa fa 05 fa fa fa 05 fa + =>0x0c047fff8070: fa fa 00[fa]fa fa fd fa fa fa fd fd fa fa fd fd + 0x0c047fff8080: fa fa fd fd fa fa 00 00 fa fa 00 fa fa fa fd fa + 0x0c047fff8090: fa fa fd fd fa fa 00 00 fa fa fa fa fa fa fa fa + 0x0c047fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c047fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c047fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb + ==10888==ABORTING + +Fix this bug by checking whether `end` points at the trailing NUL byte. +Add a test which catches this out-of-bounds read and which demonstrates +that we used to write out-of-bounds data into the formatted message. + +Reported-by: Markus Vervier +Original-patch-by: Markus Vervier +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/f6e0b9f38987ad5e47bab551f8760b70689a5905] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + pretty.c | 2 +- + t/t4205-log-pretty-formats.sh | 6 ++++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/pretty.c b/pretty.c +index 4348a82..c49e818 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -1024,7 +1024,7 @@ static size_t parse_padding_placeholder(const char *placeholder, + const char *end = start + strcspn(start, ",)"); + char *next; + int width; +- if (!end || end == start) ++ if (!*end || end == start) + return 0; + width = strtol(start, &next, 10); + if (next == start || width == 0) +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index e69caba..8a349df 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -794,6 +794,12 @@ test_expect_success 'log --pretty with space stealing' ' + test_cmp expect actual + ' + ++test_expect_success 'log --pretty with invalid padding format' ' ++ printf "%s%%<(20" "$(git rev-parse HEAD)" >expect && ++ git log -1 --pretty="format:%H%<(20" >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-05.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-05.patch new file mode 100644 index 0000000000..994f7a55b1 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-05.patch @@ -0,0 +1,98 @@ +From 1de69c0cdd388b0a5b7bdde0bfa0bda514a354b0 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:39 +0100 +Subject: [PATCH 05/12] pretty: fix adding linefeed when placeholder is not expanded + +When a formatting directive has a `+` or ` ` after the `%`, then we add +either a line feed or space if the placeholder expands to a non-empty +string. In specific cases though this logic doesn't work as expected, +and we try to add the character even in the case where the formatting +directive is empty. + +One such pattern is `%w(1)%+d%+w(2)`. `%+d` expands to reference names +pointing to a certain commit, like in `git log --decorate`. For a tagged +commit this would for example expand to `\n (tag: v1.0.0)`, which has a +leading newline due to the `+` modifier and a space added by `%d`. Now +the second wrapping directive will cause us to rewrap the text to +`\n(tag:\nv1.0.0)`, which is one byte shorter due to the missing leading +space. The code that handles the `+` magic now notices that the length +has changed and will thus try to insert a leading line feed at the +original posititon. But as the string was shortened, the original +position is past the buffer's boundary and thus we die with an error. + +Now there are two issues here: + + 1. We check whether the buffer length has changed, not whether it + has been extended. This causes us to try and add the character + past the string boundary. + + 2. The current logic does not make any sense whatsoever. When the + string got expanded due to the rewrap, putting the separator into + the original position is likely to put it somewhere into the + middle of the rewrapped contents. + +It is debatable whether `%+w()` makes any sense in the first place. +Strictly speaking, the placeholder never expands to a non-empty string, +and consequentially we shouldn't ever accept this combination. We thus +fix the bug by simply refusing `%+w()`. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/1de69c0cdd388b0a5b7bdde0bfa0bda514a354b0] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + pretty.c | 14 +++++++++++++- + t/t4205-log-pretty-formats.sh | 8 ++++++++ + 2 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/pretty.c b/pretty.c +index c49e818..195d005 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -1551,9 +1551,21 @@ static size_t format_commit_item(struct strbuf *sb, /* in UTF-8 */ + default: + break; + } +- if (magic != NO_MAGIC) ++ if (magic != NO_MAGIC) { + placeholder++; + ++ switch (placeholder[0]) { ++ case 'w': ++ /* ++ * `%+w()` cannot ever expand to a non-empty string, ++ * and it potentially changes the layout of preceding ++ * contents. We're thus not able to handle the magic in ++ * this combination and refuse the pattern. ++ */ ++ return 0; ++ }; ++ } ++ + orig_len = sb->len; + if (((struct format_commit_context *)context)->flush_type != no_flush) + consumed = format_and_pad_commit(sb, placeholder, context); +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index 8a349df..fa1bc2b 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -800,6 +800,14 @@ test_expect_success 'log --pretty with invalid padding format' ' + test_cmp expect actual + ' + ++test_expect_success 'log --pretty with magical wrapping directives' ' ++ commit_id=$(git commit-tree HEAD^{tree} -m "describe me") && ++ git tag describe-me $commit_id && ++ printf "\n(tag:\ndescribe-me)%%+w(2)" >expect && ++ git log -1 --pretty="format:%w(1)%+d%+w(2)" $commit_id >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch new file mode 100644 index 0000000000..93fbe5c7fe --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-06.patch @@ -0,0 +1,90 @@ +From 48050c42c73c28b0c001d63d11dffac7e116847b Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:49 +0100 +Subject: [PATCH 06/12] pretty: fix integer overflow in wrapping format + +The `%w(width,indent1,indent2)` formatting directive can be used to +rewrap text to a specific width and is designed after git-shortlog(1)'s +`-w` parameter. While the three parameters are all stored as `size_t` +internally, `strbuf_add_wrapped_text()` accepts integers as input. As a +result, the casted integers may overflow. As these now-negative integers +are later on passed to `strbuf_addchars()`, we will ultimately run into +implementation-defined behaviour due to casting a negative number back +to `size_t` again. On my platform, this results in trying to allocate +9000 petabyte of memory. + +Fix this overflow by using `cast_size_t_to_int()` so that we reject +inputs that cannot be represented as an integer. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/48050c42c73c28b0c001d63d11dffac7e116847b] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + git-compat-util.h | 8 ++++++++ + pretty.c | 4 +++- + t/t4205-log-pretty-formats.sh | 12 ++++++++++++ + 3 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/git-compat-util.h b/git-compat-util.h +index a1ecfd3..b0f3890 100644 +--- a/git-compat-util.h ++++ b/git-compat-util.h +@@ -854,6 +854,14 @@ static inline size_t st_sub(size_t a, size_t b) + return a - b; + } + ++static inline int cast_size_t_to_int(size_t a) ++{ ++ if (a > INT_MAX) ++ die("number too large to represent as int on this platform: %"PRIuMAX, ++ (uintmax_t)a); ++ return (int)a; ++} ++ + #ifdef HAVE_ALLOCA_H + # include + # define xalloca(size) (alloca(size)) +diff --git a/pretty.c b/pretty.c +index 195d005..ff9fc97 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -898,7 +898,9 @@ static void strbuf_wrap(struct strbuf *sb, size_t pos, + if (pos) + strbuf_add(&tmp, sb->buf, pos); + strbuf_add_wrapped_text(&tmp, sb->buf + pos, +- (int) indent1, (int) indent2, (int) width); ++ cast_size_t_to_int(indent1), ++ cast_size_t_to_int(indent2), ++ cast_size_t_to_int(width)); + strbuf_swap(&tmp, sb); + strbuf_release(&tmp); + } +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index fa1bc2b..23ac508 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -808,6 +808,18 @@ test_expect_success 'log --pretty with magical wrapping directives' ' + test_cmp expect actual + ' + ++test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping directive' ' ++ cat >expect <<-EOF && ++ fatal: number too large to represent as int on this platform: 2147483649 ++ EOF ++ test_must_fail git log -1 --pretty="format:%w(2147483649,1,1)%d" 2>error && ++ test_cmp expect error && ++ test_must_fail git log -1 --pretty="format:%w(1,2147483649,1)%d" 2>error && ++ test_cmp expect error && ++ test_must_fail git log -1 --pretty="format:%w(1,1,2147483649)%d" 2>error && ++ test_cmp expect error ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-07.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-07.patch new file mode 100644 index 0000000000..ec248ad6c2 --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-07.patch @@ -0,0 +1,123 @@ +From 522cc87fdc25449222a5894a428eebf4b8d5eaa9 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:46:53 +0100 +Subject: [PATCH 07/12] utf8: fix truncated string lengths in utf8_strnwidth() + +The `utf8_strnwidth()` function accepts an optional string length as +input parameter. This parameter can either be set to `-1`, in which case +we call `strlen()` on the input. Or it can be set to a positive integer +that indicates a precomputed length, which callers typically compute by +calling `strlen()` at some point themselves. + +The input parameter is an `int` though, whereas `strlen()` returns a +`size_t`. This can lead to implementation-defined behaviour though when +the `size_t` cannot be represented by the `int`. In the general case +though this leads to wrap-around and thus to negative string sizes, +which is sure enough to not lead to well-defined behaviour. + +Fix this by accepting a `size_t` instead of an `int` as string length. +While this takes away the ability of callers to simply pass in `-1` as +string length, it really is trivial enough to convert them to instead +pass in `strlen()` instead. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/522cc87fdc25449222a5894a428eebf4b8d5eaa9] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + column.c | 2 +- + pretty.c | 4 ++-- + utf8.c | 8 +++----- + utf8.h | 2 +- + 4 files changed, 7 insertions(+), 9 deletions(-) + +diff --git a/column.c b/column.c +index 4a38eed..0c79850 100644 +--- a/column.c ++++ b/column.c +@@ -23,7 +23,7 @@ struct column_data { + /* return length of 's' in letters, ANSI escapes stripped */ + static int item_length(const char *s) + { +- return utf8_strnwidth(s, -1, 1); ++ return utf8_strnwidth(s, strlen(s), 1); + } + + /* +diff --git a/pretty.c b/pretty.c +index ff9fc97..c3c1443 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -1437,7 +1437,7 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + int occupied; + if (!start) + start = sb->buf; +- occupied = utf8_strnwidth(start, -1, 1); ++ occupied = utf8_strnwidth(start, strlen(start), 1); + occupied += c->pretty_ctx->graph_width; + padding = (-padding) - occupied; + } +@@ -1455,7 +1455,7 @@ static size_t format_and_pad_commit(struct strbuf *sb, /* in UTF-8 */ + placeholder++; + total_consumed++; + } +- len = utf8_strnwidth(local_sb.buf, -1, 1); ++ len = utf8_strnwidth(local_sb.buf, local_sb.len, 1); + + if (c->flush_type == flush_left_and_steal) { + const char *ch = sb->buf + sb->len - 1; +diff --git a/utf8.c b/utf8.c +index 5c8f151..a66984b 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -206,13 +206,11 @@ int utf8_width(const char **start, size_t *remainder_p) + * string, assuming that the string is utf8. Returns strlen() instead + * if the string does not look like a valid utf8 string. + */ +-int utf8_strnwidth(const char *string, int len, int skip_ansi) ++int utf8_strnwidth(const char *string, size_t len, int skip_ansi) + { + int width = 0; + const char *orig = string; + +- if (len == -1) +- len = strlen(string); + while (string && string < orig + len) { + int skip; + while (skip_ansi && +@@ -225,7 +223,7 @@ int utf8_strnwidth(const char *string, int len, int skip_ansi) + + int utf8_strwidth(const char *string) + { +- return utf8_strnwidth(string, -1, 0); ++ return utf8_strnwidth(string, strlen(string), 0); + } + + int is_utf8(const char *text) +@@ -792,7 +790,7 @@ int skip_utf8_bom(char **text, size_t len) + void strbuf_utf8_align(struct strbuf *buf, align_type position, unsigned int width, + const char *s) + { +- int slen = strlen(s); ++ size_t slen = strlen(s); + int display_len = utf8_strnwidth(s, slen, 0); + int utf8_compensation = slen - display_len; + +diff --git a/utf8.h b/utf8.h +index fcd5167..6da1b6d 100644 +--- a/utf8.h ++++ b/utf8.h +@@ -7,7 +7,7 @@ typedef unsigned int ucs_char_t; /* assuming 32bit int */ + + size_t display_mode_esc_sequence_len(const char *s); + int utf8_width(const char **start, size_t *remainder_p); +-int utf8_strnwidth(const char *string, int len, int skip_ansi); ++int utf8_strnwidth(const char *string, size_t len, int skip_ansi); + int utf8_strwidth(const char *string); + int is_utf8(const char *text); + int is_encoding_utf8(const char *name); +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch new file mode 100644 index 0000000000..3de6a5ba6a --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch @@ -0,0 +1,67 @@ +From 17d23e8a3812a5ca3dd6564e74d5250f22e5d76d Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:47:00 +0100 +Subject: [PATCH 08/12] utf8: fix returning negative string width + +The `utf8_strnwidth()` function calls `utf8_width()` in a loop and adds +its returned width to the end result. `utf8_width()` can return `-1` +though in case it reads a control character, which means that the +computed string width is going to be wrong. In the worst case where +there are more control characters than non-control characters, we may +even return a negative string width. + +Fix this bug by treating control characters as having zero width. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + t/t4205-log-pretty-formats.sh | 6 ++++++ + utf8.c | 8 ++++++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index 23ac508..261a6f0 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -820,6 +820,12 @@ test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping dire + test_cmp expect error + ' + ++test_expect_success 'log --pretty with padding and preceding control chars' ' ++ printf "\20\20 0" >expect && ++ git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +diff --git a/utf8.c b/utf8.c +index a66984b..6632bd2 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -212,11 +212,15 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi) + const char *orig = string; + + while (string && string < orig + len) { +- int skip; ++ int glyph_width, skip; ++ + while (skip_ansi && + (skip = display_mode_esc_sequence_len(string)) != 0) + string += skip; +- width += utf8_width(&string, NULL); ++ ++ glyph_width = utf8_width(&string, NULL); ++ if (glyph_width > 0) ++ width += glyph_width; + } + return string ? width : len; + } +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-09.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-09.patch new file mode 100644 index 0000000000..761d4c6a9f --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-09.patch @@ -0,0 +1,162 @@ +From 937b71cc8b5b998963a7f9a33312ba3549d55510 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:47:04 +0100 +Subject: [PATCH 09/12] utf8: fix overflow when returning string width + +The return type of both `utf8_strwidth()` and `utf8_strnwidth()` is +`int`, but we operate on string lengths which are typically of type +`size_t`. This means that when the string is longer than `INT_MAX`, we +will overflow and thus return a negative result. + +This can lead to an out-of-bounds write with `--pretty=format:%<1)%B` +and a commit message that is 2^31+1 bytes long: + + ================================================================= + ==26009==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000001168 at pc 0x7f95c4e5f427 bp 0x7ffd8541c900 sp 0x7ffd8541c0a8 + WRITE of size 2147483649 at 0x603000001168 thread T0 + #0 0x7f95c4e5f426 in __interceptor_memcpy /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 + #1 0x5612bbb1068c in format_and_pad_commit pretty.c:1763 + #2 0x5612bbb1087a in format_commit_item pretty.c:1801 + #3 0x5612bbc33bab in strbuf_expand strbuf.c:429 + #4 0x5612bbb110e7 in repo_format_commit_message pretty.c:1869 + #5 0x5612bbb12d96 in pretty_print_commit pretty.c:2161 + #6 0x5612bba0a4d5 in show_log log-tree.c:781 + #7 0x5612bba0d6c7 in log_tree_commit log-tree.c:1117 + #8 0x5612bb691ed5 in cmd_log_walk_no_free builtin/log.c:508 + #9 0x5612bb69235b in cmd_log_walk builtin/log.c:549 + #10 0x5612bb6951a2 in cmd_log builtin/log.c:883 + #11 0x5612bb56c993 in run_builtin git.c:466 + #12 0x5612bb56d397 in handle_builtin git.c:721 + #13 0x5612bb56db07 in run_argv git.c:788 + #14 0x5612bb56e8a7 in cmd_main git.c:923 + #15 0x5612bb803682 in main common-main.c:57 + #16 0x7f95c4c3c28f (/usr/lib/libc.so.6+0x2328f) + #17 0x7f95c4c3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) + #18 0x5612bb5680e4 in _start ../sysdeps/x86_64/start.S:115 + + 0x603000001168 is located 0 bytes to the right of 24-byte region [0x603000001150,0x603000001168) + allocated by thread T0 here: + #0 0x7f95c4ebe7ea in __interceptor_realloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:85 + #1 0x5612bbcdd556 in xrealloc wrapper.c:136 + #2 0x5612bbc310a3 in strbuf_grow strbuf.c:99 + #3 0x5612bbc32acd in strbuf_add strbuf.c:298 + #4 0x5612bbc33aec in strbuf_expand strbuf.c:418 + #5 0x5612bbb110e7 in repo_format_commit_message pretty.c:1869 + #6 0x5612bbb12d96 in pretty_print_commit pretty.c:2161 + #7 0x5612bba0a4d5 in show_log log-tree.c:781 + #8 0x5612bba0d6c7 in log_tree_commit log-tree.c:1117 + #9 0x5612bb691ed5 in cmd_log_walk_no_free builtin/log.c:508 + #10 0x5612bb69235b in cmd_log_walk builtin/log.c:549 + #11 0x5612bb6951a2 in cmd_log builtin/log.c:883 + #12 0x5612bb56c993 in run_builtin git.c:466 + #13 0x5612bb56d397 in handle_builtin git.c:721 + #14 0x5612bb56db07 in run_argv git.c:788 + #15 0x5612bb56e8a7 in cmd_main git.c:923 + #16 0x5612bb803682 in main common-main.c:57 + #17 0x7f95c4c3c28f (/usr/lib/libc.so.6+0x2328f) + + SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy + Shadow bytes around the buggy address: + 0x0c067fff81d0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa + 0x0c067fff81e0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd + 0x0c067fff81f0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa + 0x0c067fff8200: fd fd fd fa fa fa fd fd fd fd fa fa 00 00 00 fa + 0x0c067fff8210: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd + =>0x0c067fff8220: fd fa fa fa fd fd fd fa fa fa 00 00 00[fa]fa fa + 0x0c067fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c067fff8270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb + ==26009==ABORTING + +Now the proper fix for this would be to convert both functions to return +an `size_t` instead of an `int`. But given that this commit may be part +of a security release, let's instead do the minimal viable fix and die +in case we see an overflow. + +Add a test that would have previously caused us to crash. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/937b71cc8b5b998963a7f9a33312ba3549d55510] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + t/t4205-log-pretty-formats.sh | 8 ++++++++ + utf8.c | 12 +++++++++--- + 2 files changed, 17 insertions(+), 3 deletions(-) + +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index 261a6f0..de15007 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -843,4 +843,12 @@ test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit mes + test_cmp expect actual + ' + ++test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message does not cause allocation failure' ' ++ test_must_fail git log -1 --format="%<(1)%B" $huge_commit 2>error && ++ cat >expect <<-EOF && ++ fatal: number too large to represent as int on this platform: 2147483649 ++ EOF ++ test_cmp expect error ++' ++ + test_done +diff --git a/utf8.c b/utf8.c +index 6632bd2..03be475 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -208,11 +208,12 @@ int utf8_width(const char **start, size_t *remainder_p) + */ + int utf8_strnwidth(const char *string, size_t len, int skip_ansi) + { +- int width = 0; + const char *orig = string; ++ size_t width = 0; + + while (string && string < orig + len) { +- int glyph_width, skip; ++ int glyph_width; ++ size_t skip; + + while (skip_ansi && + (skip = display_mode_esc_sequence_len(string)) != 0) +@@ -222,7 +223,12 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi) + if (glyph_width > 0) + width += glyph_width; + } +- return string ? width : len; ++ ++ /* ++ * TODO: fix the interface of this function and `utf8_strwidth()` to ++ * return `size_t` instead of `int`. ++ */ ++ return cast_size_t_to_int(string ? width : len); + } + + int utf8_strwidth(const char *string) +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-10.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-10.patch new file mode 100644 index 0000000000..bbfc6e758f --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-10.patch @@ -0,0 +1,99 @@ +From 81c2d4c3a5ba0e6ab8c348708441fed170e63a82 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:47:10 +0100 +Subject: [PATCH 10/12] utf8: fix checking for glyph width in strbuf_utf8_replace() + +In `strbuf_utf8_replace()`, we call `utf8_width()` to compute the width +of the current glyph. If the glyph is a control character though it can +be that `utf8_width()` returns `-1`, but because we assign this value to +a `size_t` the conversion will cause us to underflow. This bug can +easily be triggered with the following command: + + $ git log --pretty='format:xxx%<|(1,trunc)%x10' + +>From all I can see though this seems to be a benign underflow that has +no security-related consequences. + +Fix the bug by using an `int` instead. When we see a control character, +we now copy it into the target buffer but don't advance the current +width of the string. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/81c2d4c3a5ba0e6ab8c348708441fed170e63a82] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + t/t4205-log-pretty-formats.sh | 7 +++++++ + utf8.c | 19 ++++++++++++++----- + 2 files changed, 21 insertions(+), 5 deletions(-) + +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index de15007..52c8bc8 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -826,6 +826,13 @@ test_expect_success 'log --pretty with padding and preceding control chars' ' + test_cmp expect actual + ' + ++test_expect_success 'log --pretty truncation with control chars' ' ++ test_commit "$(printf "\20\20\20\20xxxx")" file contents commit-with-control-chars && ++ printf "\20\20\20\20x.." >expect && ++ git log -1 --pretty="format:%<(3,trunc)%s" commit-with-control-chars >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +diff --git a/utf8.c b/utf8.c +index 03be475..ec03e69 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -377,6 +377,7 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width, + dst = sb_dst.buf; + + while (src < end) { ++ int glyph_width; + char *old; + size_t n; + +@@ -390,21 +391,29 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width, + break; + + old = src; +- n = utf8_width((const char**)&src, NULL); +- if (!src) /* broken utf-8, do nothing */ ++ glyph_width = utf8_width((const char**)&src, NULL); ++ if (!src) /* broken utf-8, do nothing */ + goto out; +- if (n && w >= pos && w < pos + width) { ++ ++ /* ++ * In case we see a control character we copy it into the ++ * buffer, but don't add it to the width. ++ */ ++ if (glyph_width < 0) ++ glyph_width = 0; ++ ++ if (glyph_width && w >= pos && w < pos + width) { + if (subst) { + memcpy(dst, subst, subst_len); + dst += subst_len; + subst = NULL; + } +- w += n; ++ w += glyph_width; + continue; + } + memcpy(dst, old, src - old); + dst += src - old; +- w += n; ++ w += glyph_width; + } + strbuf_setlen(&sb_dst, dst - sb_dst.buf); + strbuf_swap(sb_src, &sb_dst); +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-11.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-11.patch new file mode 100644 index 0000000000..f339edfc8a --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-11.patch @@ -0,0 +1,90 @@ +From f930a2394303b902e2973f4308f96529f736b8bc Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:47:15 +0100 +Subject: [PATCH 11/12] utf8: refactor strbuf_utf8_replace to not rely on preallocated buffer + +In `strbuf_utf8_replace`, we preallocate the destination buffer and then +use `memcpy` to copy bytes into it at computed offsets. This feels +rather fragile and is hard to understand at times. Refactor the code to +instead use `strbuf_add` and `strbuf_addstr` so that we can be sure that +there is no possibility to perform an out-of-bounds write. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/f930a2394303b902e2973f4308f96529f736b8bc] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + utf8.c | 34 +++++++++++++--------------------- + 1 file changed, 13 insertions(+), 21 deletions(-) + +diff --git a/utf8.c b/utf8.c +index ec03e69..a13f5e3 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -365,26 +365,20 @@ void strbuf_add_wrapped_bytes(struct strbuf *buf, const char *data, int len, + void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width, + const char *subst) + { +- struct strbuf sb_dst = STRBUF_INIT; +- char *src = sb_src->buf; +- char *end = src + sb_src->len; +- char *dst; +- int w = 0, subst_len = 0; ++ const char *src = sb_src->buf, *end = sb_src->buf + sb_src->len; ++ struct strbuf dst; ++ int w = 0; + +- if (subst) +- subst_len = strlen(subst); +- strbuf_grow(&sb_dst, sb_src->len + subst_len); +- dst = sb_dst.buf; ++ strbuf_init(&dst, sb_src->len); + + while (src < end) { ++ const char *old; + int glyph_width; +- char *old; + size_t n; + + while ((n = display_mode_esc_sequence_len(src))) { +- memcpy(dst, src, n); ++ strbuf_add(&dst, src, n); + src += n; +- dst += n; + } + + if (src >= end) +@@ -404,21 +398,19 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width, + + if (glyph_width && w >= pos && w < pos + width) { + if (subst) { +- memcpy(dst, subst, subst_len); +- dst += subst_len; ++ strbuf_addstr(&dst, subst); + subst = NULL; + } +- w += glyph_width; +- continue; ++ } else { ++ strbuf_add(&dst, old, src - old); + } +- memcpy(dst, old, src - old); +- dst += src - old; ++ + w += glyph_width; + } +- strbuf_setlen(&sb_dst, dst - sb_dst.buf); +- strbuf_swap(sb_src, &sb_dst); ++ ++ strbuf_swap(sb_src, &dst); + out: +- strbuf_release(&sb_dst); ++ strbuf_release(&dst); + } + + /* +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-12.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-12.patch new file mode 100644 index 0000000000..978865978d --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-12.patch @@ -0,0 +1,124 @@ +From 304a50adff6480ede46b68f7545baab542cbfb46 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Thu, 1 Dec 2022 15:47:23 +0100 +Subject: [PATCH 12/12] pretty: restrict input lengths for padding and wrapping formats + +Both the padding and wrapping formatting directives allow the caller to +specify an integer that ultimately leads to us adding this many chars to +the result buffer. As a consequence, it is trivial to e.g. allocate 2GB +of RAM via a single formatting directive and cause resource exhaustion +on the machine executing this logic. Furthermore, it is debatable +whether there are any sane usecases that require the user to pad data to +2GB boundaries or to indent wrapped data by 2GB. + +Restrict the input sizes to 16 kilobytes at a maximum to limit the +amount of bytes that can be requested by the user. This is not meant +as a fix because there are ways to trivially amplify the amount of +data we generate via formatting directives; the real protection is +achieved by the changes in previous steps to catch and avoid integer +wraparound that causes us to under-allocate and access beyond the +end of allocated memory reagions. But having such a limit +significantly helps fuzzing the pretty format, because the fuzzer is +otherwise quite fast to run out-of-memory as it discovers these +formatters. + +Signed-off-by: Patrick Steinhardt +Signed-off-by: Junio C Hamano + +Upstream-Status: Backport [https://github.com/git/git/commit/304a50adff6480ede46b68f7545baab542cbfb46] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri +--- + pretty.c | 26 ++++++++++++++++++++++++++ + t/t4205-log-pretty-formats.sh | 24 +++++++++++++++--------- + 2 files changed, 41 insertions(+), 9 deletions(-) + +diff --git a/pretty.c b/pretty.c +index c3c1443..e9687f0 100644 +--- a/pretty.c ++++ b/pretty.c +@@ -13,6 +13,13 @@ + #include "gpg-interface.h" + #include "trailer.h" + ++/* ++ * The limit for formatting directives, which enable the caller to append ++ * arbitrarily many bytes to the formatted buffer. This includes padding ++ * and wrapping formatters. ++ */ ++#define FORMATTING_LIMIT (16 * 1024) ++ + static char *user_format; + static struct cmt_fmt_map { + const char *name; +@@ -1029,6 +1036,15 @@ static size_t parse_padding_placeholder(const char *placeholder, + if (!*end || end == start) + return 0; + width = strtol(start, &next, 10); ++ ++ /* ++ * We need to limit the amount of padding, or otherwise this ++ * would allow the user to pad the buffer by arbitrarily many ++ * bytes and thus cause resource exhaustion. ++ */ ++ if (width < -FORMATTING_LIMIT || width > FORMATTING_LIMIT) ++ return 0; ++ + if (next == start || width == 0) + return 0; + if (width < 0) { +@@ -1188,6 +1204,16 @@ static size_t format_commit_one(struct strbuf *sb, /* in UTF-8 */ + if (*next != ')') + return 0; + } ++ ++ /* ++ * We need to limit the format here as it allows the ++ * user to prepend arbitrarily many bytes to the buffer ++ * when rewrapping. ++ */ ++ if (width > FORMATTING_LIMIT || ++ indent1 > FORMATTING_LIMIT || ++ indent2 > FORMATTING_LIMIT) ++ return 0; + rewrap_message_tail(sb, c, width, indent1, indent2); + return end - placeholder + 1; + } else +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index 52c8bc8..572d02f 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -809,15 +809,21 @@ test_expect_success 'log --pretty with magical wrapping directives' ' + ' + + test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping directive' ' +- cat >expect <<-EOF && +- fatal: number too large to represent as int on this platform: 2147483649 +- EOF +- test_must_fail git log -1 --pretty="format:%w(2147483649,1,1)%d" 2>error && +- test_cmp expect error && +- test_must_fail git log -1 --pretty="format:%w(1,2147483649,1)%d" 2>error && +- test_cmp expect error && +- test_must_fail git log -1 --pretty="format:%w(1,1,2147483649)%d" 2>error && +- test_cmp expect error ++ printf "%%w(2147483649,1,1)0" >expect && ++ git log -1 --pretty="format:%w(2147483649,1,1)%x30" >actual && ++ test_cmp expect actual && ++ printf "%%w(1,2147483649,1)0" >expect && ++ git log -1 --pretty="format:%w(1,2147483649,1)%x30" >actual && ++ test_cmp expect actual && ++ printf "%%w(1,1,2147483649)0" >expect && ++ git log -1 --pretty="format:%w(1,1,2147483649)%x30" >actual && ++ test_cmp expect actual ++' ++ ++test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing padding directive' ' ++ printf "%%<(2147483649)0" >expect && ++ git log -1 --pretty="format:%<(2147483649)%x30" >actual && ++ test_cmp expect actual + ' + + test_expect_success 'log --pretty with padding and preceding control chars' ' +-- +2.25.1 + diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index ed6308ea2d..3c4c0fd37b 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc @@ -12,6 +12,18 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ file://fixsort.patch \ file://CVE-2021-40330.patch \ file://CVE-2022-23521.patch \ + file://CVE-2022-41903-01.patch \ + file://CVE-2022-41903-02.patch \ + file://CVE-2022-41903-03.patch \ + file://CVE-2022-41903-04.patch \ + file://CVE-2022-41903-05.patch \ + file://CVE-2022-41903-06.patch \ + file://CVE-2022-41903-07.patch \ + file://CVE-2022-41903-08.patch \ + file://CVE-2022-41903-09.patch \ + file://CVE-2022-41903-10.patch \ + file://CVE-2022-41903-11.patch \ + file://CVE-2022-41903-12.patch \ " S = "${WORKDIR}/git-${PV}" From patchwork Tue Mar 7 22:47:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEE84C76186 for ; Tue, 7 Mar 2023 22:48:35 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web10.8620.1678229307929155656 for ; Tue, 07 Mar 2023 14:48:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=q9VEK8Ho; spf=softfail (domain: sakoman.com, ip: 209.85.215.170, mailfrom: steve@sakoman.com) Received: by mail-pg1-f170.google.com with SMTP id s17so8573690pgv.4 for ; Tue, 07 Mar 2023 14:48:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6IL1pJvvtT5Vp+CVQZuKxas/jJGT/dMGkX8Z4SBnoUE=; b=q9VEK8HoAwCBSQgQ2adlVCkminF6sZXBbPkcOWERIjeRIcb0RlnQ1y6DVYzsTzsbnU svldYjpQHm7uomrGIBWOoYQm38FAIyRoP+lHIlB4lXsWrtZ0HzqXTUgX6Hf7Vai4OQ2J DSwKE9c5mke1t2BHl79qXMudc2cQQCmtDj6phxV71erKFPGlDZe12aptydVpKtpIqKuw sXmqzCaOnogvNoNkbepbUWQFKHpZzEZCdjR9iOWFLPdIrwxcijS981WJbRDV4C24APug ydEDWXNIz5hTDL6VMbPYENt+Me0jcil2L5+eQEm/wHxHDlD7q1X1+fOgrrW11QceGVk/ M4CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6IL1pJvvtT5Vp+CVQZuKxas/jJGT/dMGkX8Z4SBnoUE=; b=J6q+CYLWGDw1CBKp+qaH3D/dGRaI1C06YqP3wWWf76QLP0tS2ZYPCjc2NhAuL93+SI IYJOP5Gk38IswCpw+328HtTyQdSHLxSYyCOjhBDcqaqIDztZaong9H7KLXMSaZXhYACV dpiuZSa72M0KnIl+p5+ZPkQkQ4SDqM+9HyzE/+HXJtpvZl+HE2wrbufn13HKix/nNcQm sIoikUcvqfsbFTjkVwBMYwD9JS10grMlRIgKXtnTapvSDg/C6WxqY6P5yLypZ4/ZD8e8 +qE1XsyIBOZI6vHRhZOOTILl04WV79F2SX4lj4xskxEkVOCrV9Q0Q4lvP6rt0dPUIclr QcSw== X-Gm-Message-State: AO0yUKVfIVxMfomizWMAlUuY2S54mHnFNJudojb8Btk0mMuDIr+uZd6q PEmRuvfIEUHcaOrSiKOHID+i+TiBJvpIM0pnO0c= X-Google-Smtp-Source: AK7set8RYQzuvGuYVhq5PxgQAs6dQHxVTGnF78+ZraUckUwvYXrbjZ3x/kpzDULMT3tMpcn/GmJtJg== X-Received: by 2002:a62:1bc3:0:b0:5a8:a751:d22 with SMTP id b186-20020a621bc3000000b005a8a7510d22mr15711322pfb.12.1678229304938; Tue, 07 Mar 2023 14:48:24 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:24 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/23] bluez5: Exclude CVE-2022-39177 from cve-check Date: Tue, 7 Mar 2023 12:47:38 -1000 Message-Id: <27c59788ce8b97666429981104d9e5d38634230e.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178126 From: Hugo SIMELIERE CVE already fixed in CVE-2022-39176.patch Signed-off-by: Hugo SIMELIERE Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb index e5353bd815..be74a35e0a 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb @@ -6,6 +6,13 @@ SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089 # These issues have kernel fixes rather than bluez fixes so exclude here CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" +# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b +# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177 +# already backport in CVE-2022-39176.patch +# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 + +CVE_CHECK_WHITELIST += "CVE-2022-39177" + # noinst programs in Makefile.tools that are conditional on READLINE # support NOINST_TOOLS_READLINE ?= " \ From patchwork Tue Mar 7 22:47:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E134AC74A44 for ; Tue, 7 Mar 2023 22:48:35 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.8696.1678229308125011952 for ; Tue, 07 Mar 2023 14:48:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=EEV/bJFH; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id d6so8578401pgu.2 for ; Tue, 07 Mar 2023 14:48:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4UPJ6STtZDZS/kHygDJ0lipjb9HB/l9LiDxVcyMWzTY=; b=EEV/bJFHKdzbRDOVVwq9XCm1p3L1BzJPDGfrl2E/noLHJvIbRvDV1O98j2MPPKk1Nz F9ob2REyLF3HVDntZGshEhWHtEuZiIGdPYE6F0EHQ9tFIdhVVFs7grXzdGgai85wVmuw 4uOeYHof1QPN725q307DbqHh7ekilHl/SsiL/xRLDGtYhjnkX5LHJ8t6jwXYeSa/9b2E no10nu6FvZl8V21pg2NWkSJF9EWIKl2GHLewrJvMUAlaeEKwnDUrPBwkQkgEQ2GF7jko FZOuJBreUGbxx9zhzv3hAKfBSPSd814eURYjTNa9TV2m6q71pv46ieT9aj3b8Kz9+HnM RqFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4UPJ6STtZDZS/kHygDJ0lipjb9HB/l9LiDxVcyMWzTY=; b=70fgc5QNq28BGZL6jOnvYjz/q75YV5PwRSlV6gpV5Y5PUOOv7ilVpsT2vrpjTJ3HVb dEg37GAnEjF28KYca6N8bj5gG7DAaEDpBtsVjW40acZ6Q3zMmV6FWNHaDphoGtaA1ySK hoyE8SkYUeZIl53T3wd4+HtEuItk3SnHsP/0AsM+PNhi6DhxhA0kzP44eJovvgBV+sQ+ VMHK8+YqgCelkxBsOWHW1457TIKLYpTqF8NfjPYurK2j8UJfCTVXVZEg6hsSEBpcIbPO 5P7hjYKNr6V9qNB1qnpAxXM3lqUpJinS6DqiGk+KTRQa7DBxTWlTs8OUsPkzLDZ2ARAK ds1g== X-Gm-Message-State: AO0yUKV/xeEazczuGCn5EFK01L5dyFO6gM+pNV/efBfYwUBzxQa+WOca s/hyyHzg92DglpK9ZCitZ+iOHLkG/FmoxmV0t2s= X-Google-Smtp-Source: AK7set/aKXJMr5CX86FNgZqS3XFmM2it2RaN951UMj8av/6EZBUO1vg3Iv6w/lotqjSn0fStHzbS9A== X-Received: by 2002:a62:6494:0:b0:5a9:c2b0:428f with SMTP id y142-20020a626494000000b005a9c2b0428fmr11159443pfb.31.1678229306931; Tue, 07 Mar 2023 14:48:26 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:26 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/23] glibc: Security fix for CVE-2023-0687 Date: Tue, 7 Mar 2023 12:47:39 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178127 From: Shubham Kulkarni Backport from https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc Signed-off-by: Shubham Kulkarni Signed-off-by: Steve Sakoman --- .../glibc/glibc/CVE-2023-0687.patch | 82 +++++++++++++++++++ meta/recipes-core/glibc/glibc_2.31.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch b/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch new file mode 100644 index 0000000000..10c7e5666d --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch @@ -0,0 +1,82 @@ +From 952aff5c00ad7c6b83c3f310f2643939538827f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?= + =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= +Date: Sat, 4 Feb 2023 14:41:38 +0300 +Subject: [PATCH] gmon: Fix allocated buffer overflow (bug 29444) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `__monstartup()` allocates a buffer used to store all the data +accumulated by the monitor. + +The size of this buffer depends on the size of the internal structures +used and the address range for which the monitor is activated, as well +as on the maximum density of call instructions and/or callable functions +that could be potentially on a segment of executable code. + +In particular a hash table of arcs is placed at the end of this buffer. +The size of this hash table is calculated in bytes as + p->fromssize = p->textsize / HASHFRACTION; + +but actually should be + p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms)); + +This results in writing beyond the end of the allocated buffer when an +added arc corresponds to a call near from the end of the monitored +address range, since `_mcount()` check the incoming caller address for +monitored range but not the intermediate result hash-like index that +uses to write into the table. + +It should be noted that when the results are output to `gmon.out`, the +table is read to the last element calculated from the allocated size in +bytes, so the arcs stored outside the buffer boundary did not fall into +`gprof` for analysis. Thus this "feature" help me to found this bug +during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438 + +Just in case, I will explicitly note that the problem breaks the +`make test t=gmon/tst-gmon-dso` added for Bug 29438. +There, the arc of the `f3()` call disappears from the output, since in +the DSO case, the call to `f3` is located close to the end of the +monitored range. + +Signed-off-by: Леонид Юрьев (Leonid Yuriev) + +Another minor error seems a related typo in the calculation of +`kcountsize`, but since kcounts are smaller than froms, this is +actually to align the p->froms data. + +Co-authored-by: DJ Delorie +Reviewed-by: Carlos O'Donell + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc] +CVE: CVE-2023-0687 +Signed-off-by: Shubham Kulkarni +--- + gmon/gmon.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/gmon/gmon.c b/gmon/gmon.c +index dee6480..bf76358 100644 +--- a/gmon/gmon.c ++++ b/gmon/gmon.c +@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc) + p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER)); + p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER)); + p->textsize = p->highpc - p->lowpc; ++ /* This looks like a typo, but it's here to align the p->froms ++ section. */ + p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms)); + p->hashfraction = HASHFRACTION; + p->log_hashfraction = -1; +@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc) + instead of integer division. Precompute shift amount. */ + p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1; + } +- p->fromssize = p->textsize / HASHFRACTION; ++ p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms)); + p->tolimit = p->textsize * ARCDENSITY / 100; + if (p->tolimit < MINARCS) + p->tolimit = MINARCS; +-- +2.7.4 diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 0c37467fe4..8d216f6ed1 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -79,6 +79,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ + file://CVE-2023-0687.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" From patchwork Tue Mar 7 22:47:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE2D4C74A5B for ; Tue, 7 Mar 2023 22:48:35 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.8621.1678229309831789921 for ; Tue, 07 Mar 2023 14:48:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ML7UPmkG; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id ay18so9116078pfb.2 for ; Tue, 07 Mar 2023 14:48:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vaNQM5Lx8geW+XiJ0amDj822wZPb8dukSiicOU/oVW8=; b=ML7UPmkGHdrqcmY2BAfOyKnTppv+av+GzUY5gEzsAWlFYPzQWpHxTuvGzw6Og4eTxz GvM4wbVJR4tcpGQID6IRy1p6+8o8lWEwtml1k5nhouSB0b+UMEE3OIdKii6J/EXUd9RF /Qz8FRdUbua524KsDpGJuIeF5DjlQ678J73u2ZIACec6BWc/co3E/rWR4bmiuAwtB5fs YG0xaSAXsCpiAcpytKeItXQ6ilaaNHQtGdcqvK2gIYlf8m/tbH7k9dgOxnAmixH8KOa2 fvcj+EEKqK8/aJfl8/wdTErCrL2C8NuXh1IR1Gyc8BiGPnvq2yuDF+WaDB/r5K5XScib PzUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vaNQM5Lx8geW+XiJ0amDj822wZPb8dukSiicOU/oVW8=; b=dt03pbIVwGi33xsNrCr7FHF6HC/1glmj9axdzG+o50GcWHHYV3vNSNzmXXRnCaDDKG IbFj61Wyn8sAGe0vLxpHb6rvg4iry27jCL5U/bnza399VZNVaifkHnWpGEfhiSDAhMLY RdsBxGIgbeaQxFyWF2aOeSFROvccNJATx8Qvnt0hTt6U8Vwf8oOzJaz2uORyZC0wNwEN htYaOZ/IXFEz0oJ2tOvkM8iiKiWwl/UK7Y/W9yTfo73gCWsZV3L6b3qckE2ISD5yJWpX ARGd/kMaNAgnKFQc5hKCOywpPBAJaBDVQ1/XdCTCQmWM6GI9SetlI6goLp8jRaU7h1Dd qNAA== X-Gm-Message-State: AO0yUKXO3fFtIdWSjSSjzSpM+Tovce5J0M6AEJwJHnix/HNkqSK5iohs zBIQsPKL3L/v0im+QIK1MxV12FmC4lCzFhZBN9c= X-Google-Smtp-Source: AK7set+5tvjh+0EQcwMYQxKGNdc2O6v+QZ1vr3iBKrW4WdiTfacYczfij2rHX/ayh54UgI6Xe27OEQ== X-Received: by 2002:a62:1c16:0:b0:5a8:ada1:cc6f with SMTP id c22-20020a621c16000000b005a8ada1cc6fmr12554512pfc.33.1678229308715; Tue, 07 Mar 2023 14:48:28 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/23] tar: CVE-2022-48303 Date: Tue, 7 Mar 2023 12:47:40 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178128 From: Rodolfo Quesada Zumbado Fixes CVE-2022-48303 by checking Base-256 encoding is at least 2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-48303 Upstream patch: https://savannah.gnu.org/bugs/?62387 https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 (From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b) Signed-off-by: Rodolfo Quesada Zumbado Signed-off-by: Joe Slater Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie (cherry picked from commit 2a00f15354084cee6b2183fcdbfdfc7826c365da) Signed-off-by: Riyaz Khan Signed-off-by: Riyaz Khan Signed-off-by: Steve Sakoman --- .../tar/tar/CVE-2022-48303.patch | 43 +++++++++++++++++++ meta/recipes-extended/tar/tar_1.32.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-extended/tar/tar/CVE-2022-48303.patch diff --git a/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch new file mode 100644 index 0000000000..b2f40f3e64 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch @@ -0,0 +1,43 @@ +From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Sat, 11 Feb 2023 11:57:39 +0200 +Subject: Fix boundary checking in base-256 decoder + +* src/list.c (from_header): Base-256 encoding is at least 2 bytes +long. + +Upstream-Status: Backport [see reference below] +CVE: CVE-2022-48303 + +Reference to upstream patch: +https://savannah.gnu.org/bugs/?62387 +https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 + +Signed-off-by: Rodolfo Quesada Zumbado +Signed-off-by: Joe Slater +--- + src/list.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado + + +(limited to 'src/list.c') + +diff --git a/src/list.c b/src/list.c +index 9fafc42..86bcfdd 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type, + where++; + } + } +- else if (*where == '\200' /* positive base-256 */ +- || *where == '\377' /* negative base-256 */) ++ else if (where <= lim - 2 ++ && (*where == '\200' /* positive base-256 */ ++ || *where == '\377' /* negative base-256 */)) + { + /* Parse base-256 output. A nonnegative number N is + represented as (256**DIGS)/2 + N; a negative number -N is +-- +cgit v1.1 + diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index db1540dbd6..1246f01256 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://musl_dirent.patch \ file://CVE-2021-20193.patch \ + file://CVE-2022-48303.patch \ " SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" From patchwork Tue Mar 7 22:47:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20548 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE00DC74A4B for ; Tue, 7 Mar 2023 22:48:35 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web10.8625.1678229311538277265 for ; Tue, 07 Mar 2023 14:48:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=KFMc/rsY; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id 130so8581852pgg.3 for ; Tue, 07 Mar 2023 14:48:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229310; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tKiyuaBqGvNHfG6besOqVp1cZQUxX3/eO1O0+Zj2+6w=; b=KFMc/rsYdyoeYfTKy9QE5DWFsWrZun5Y4q5gR2cIuEeSouzf6arVjywLOnteGhiDqU aBNeawDVNlrdUzkJ1BMLcUs5n7yZ+CnxG0wvO111yO4H4sOVOd+EOTQ9ypGj05wooM2Z 3mWG5A1tkZQ67VPKT6hy67aKGZ//zuYnhpRXeMwzG0IMOjsyGMiWVMei8BdPC0+9GXKK wBG2K/Znpas1L3et/3ggyrKm9yLAoi2fBK1tQLkvXozHyDSjv0WLmFBPgfdrOtIRwdFg pfxllB4wwlCFeQjTC4jrBpLuXoJLNIovGDwsPuDaW+OeWVC1pAaNojhqRZujk10w5K9C 6BcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229310; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tKiyuaBqGvNHfG6besOqVp1cZQUxX3/eO1O0+Zj2+6w=; b=kV4yHS/AZeRmyHc5Z0CR6+MCnZnQLYaNE3c5D1CzxotZwueuenePiDHEO7LjHQ/WNz YbVmGrXG/Hl982eYpmi/zFdpDBgitcJeJlfSNb7cM8cYjBus32z2jHwLGduv9oVo/l91 YfMnjODeivVPycr7EHt+Ve7pgGDZjGCRltB7o4VKtnxcsK7Yjz8daqIDChRok0lW7jP7 e530twSqfL5w11iWp9FKzpioHVWwBu6LvSI7pd2e7MZcvk9z/mxvS+zCCTlLbA1QVeVy UM2bcK8rCaAmgsCHWk+tWk/Ks6LVrnJW/M4/Zi4QyuBIIyGBP0SuZ/4sbaVfex1LotX9 hyrg== X-Gm-Message-State: AO0yUKVzILmq9gYBP/54fSU5YogZbQFz//+oqMXPAiqtibyXF2LDndMk Z1/C0Q08C4AhqyWHhLZaIRJa2XsTqOwc5xsgqtw= X-Google-Smtp-Source: AK7set9xHQkryP9mJbIg2FyMgz/uSpq+LSkvDn66dc32aeDiPEzpwA9XdRJGHrAiRsQ7dH+NjnddqQ== X-Received: by 2002:aa7:9401:0:b0:578:ac9f:79a9 with SMTP id x1-20020aa79401000000b00578ac9f79a9mr11992298pfo.15.1678229310534; Tue, 07 Mar 2023 14:48:30 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/23] vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs Date: Tue, 7 Mar 2023 12:47:41 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178129 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 46250c0d37..234ecd0027 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1211" -SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" +PV .= ".1293" +SRCREV = "0caaf1e46511f7a92e036f05e6aa9d5992540117" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Tue Mar 7 22:47:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20550 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A01FC76188 for ; Tue, 7 Mar 2023 22:48:36 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web11.8693.1678229304978679545 for ; Tue, 07 Mar 2023 14:48:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=qnaMo4SL; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id nn12so45428pjb.5 for ; Tue, 07 Mar 2023 14:48:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229312; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ByHTubwfhbo0y0c5XuUE8N7mBf7YnxIz6lVbMWpQysc=; b=qnaMo4SLG7+A9aW7wfsXRNAMyO1xyvxXiwl3EwqyOPlW1I1apUtv0R1JGtdvcrl72Y kXGsbwWSn2UC1WUPGTwpRaL0hoQoNAvI8BH9LppGmT45FAis1ZR4yVCaoY9vvBidk39F QuSRTzzVCPWTgQdyCLUYl1ZAZHk6uqS3vtxOHiQeNj5rtiUjfm5cOEFw9DVyOCe7qemK 8DePVqUvihihna9J5zBGzJQBXA8ezLIEAm+JacD3vWOC45l8wQ5tLMabzUzv9lIgfSxS ALuI7t/NhEP9/80Ntkq2MzS8W45K2tJdnbDt65G6iaRa3c7H/L8ycCKlPSjjZPh+AJgo KcaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229312; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ByHTubwfhbo0y0c5XuUE8N7mBf7YnxIz6lVbMWpQysc=; b=Z8JZ7GOFZSwJEE3V8de/aDYtZlN3aof+FFc3slHIklEkfqXsYNAjcq/jm0BPUmZJ/i HFS4eAlVGQHNJMU/KsPM+6mzLecPuasGgrKz9ZVJrC/nluMviahOzQ9w4exRmKZx/TWU JVtL6TjyHD/9G2Ow99I4n8P/nVaWUvZiDA6ey1HOmJfKTw+DfWt9qNXD+yuShoDV0n1Y FnXd3WZZqg7GN4QHB2K0ZVQohPGjOU25bMpJCHrt1igMDB5Bf2v+0RmdPuyHRMd3Vgsb xrprOE/oSSZg80fOV7WKaWQPGuUGuOvMVfPVw/cx9uUK86pGbsrCcySiQar7Vf73uMW5 pyMQ== X-Gm-Message-State: AO0yUKWPKKfMnlXxk3X0UmYeYbZV4QIRNTkxjGUjgesSpM4p0prBMUPg oHe09JzTsuBsDSOntVjZ1z8XB90Ax2KeU9vaMiY= X-Google-Smtp-Source: AK7set8JydZh+r12TmMbpcTYtN4HiR+gSyJ4yjFZsfJQE/EyXvbL//qO53WhQMRaBGa4rM6ic7R1wQ== X-Received: by 2002:a05:6a20:9150:b0:be:d389:7abf with SMTP id x16-20020a056a20915000b000bed3897abfmr18197139pzc.3.1678229312374; Tue, 07 Mar 2023 14:48:32 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:32 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/23] linux-firmware: upgrade 20221214 -> 20230117 Date: Tue, 7 Mar 2023 12:47:42 -1000 Message-Id: <4cfe4c03904cb313d5cfbb6739cd9964a61c5fa0.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178130 From: Alexander Kanavin License-Update: additional firmwares, copyright years Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit fdb8c12fc71b4a985372f5d02ce59a1402c14c4a) Signed-off-by: Steve Sakoman --- ...inux-firmware_20221214.bb => linux-firmware_20230117.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221214.bb => linux-firmware_20230117.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb index e3105053c7..ad2f4ac334 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb @@ -70,7 +70,7 @@ LICENSE = "\ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ + file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \ file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "bf7c716d16e48fe118c6209f99b13253" +WHENCE_CHKSUM = "05f1d941972cedadbf667c05f6010378" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "e793783e92acbde549965521462d1d1327827360664cf242dbda08f075654331" +SRC_URI[sha256sum] = "df11e25ba2fb4d5343473757e17a3b4cef599250a26b1f7e0f038850f0cb3d64" inherit allarch From patchwork Tue Mar 7 22:47:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20546 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1000C6FD1E for ; Tue, 7 Mar 2023 22:48:35 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web11.8697.1678229315108481274 for ; Tue, 07 Mar 2023 14:48:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=w07X+0KY; spf=softfail (domain: sakoman.com, ip: 209.85.215.170, mailfrom: steve@sakoman.com) Received: by mail-pg1-f170.google.com with SMTP id s18so8587474pgq.1 for ; Tue, 07 Mar 2023 14:48:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7lF54qiVWWqWJMbpVMSknllGvGqNMmqw142wJ+TsHpU=; b=w07X+0KYZmPBn0eLSUTCN1aIR0bUFEG7j3iR3bZyq6IyWlR0q2mjTt4s5Jc7RReQcK X85nPTTVnvk92eq8F3SnX8TIWRS8yZF3VXCKryZChOs8Wft5/hFG+Jc+hw0iklCxCvjq MAwnE8C/PzZObc7IkSpgmYoKiB4H8FUDPpeHy6mfMBtDWGbFAHxI27r6QQtFI5iPENRs RPKMpIHowo59lJ3dAC9WejBMC2mJhTC2flBkuvYO55tTjM1GP4wQzqNqDgZ3+XoJz7jM sI7HnCnxrNIGl4I+hVYnifTnrbGbwDU9vDxbhgDruNw/4J3VhxE5verTColZkBVHUk2d lsOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7lF54qiVWWqWJMbpVMSknllGvGqNMmqw142wJ+TsHpU=; b=vT6WgN0gTerdwpagY0sIm5Yp18YFgaaJ2qAgD7GwIc1wr9CHCo4O0WqVOWXzATBsMD 7VGjgIN+DP6htdV4wxpLcYEkS+XC8Cfsji3wuaU0MphS/F5SHq6OLtNiCNyeBj+XAt8w Vd42KKe72ggYEYjhgnuwES8h5c9ce0H80Y7vtrpw9X5/oatbbCf4PgjZX4mmaOLU4d5Q s2IwVlNfbStj4fL1M+O/W24OkQoqKt1H6rNAnYczW44hNQRvVqp5ATQpvpBQC+IaxRy9 FntS/uE2i2mp6Sc6hOw+cEVWSMnn0t4vX9dZWo5/Na+D+FCr2IkrBRHGIzNaQUsKSTbr eaBw== X-Gm-Message-State: AO0yUKXVcGUIqqysENdhvfvYzRGQBn9/JZBcmMYuNU06/InTs2NeVzT4 vFq3vTgPt2txAjm63YgBFE5uiJG0E4e7/24pzAs= X-Google-Smtp-Source: AK7set8mlMRju/7MiNdqcXbkgoH50dbyDJQwpm6i1mV1FvK541XWWriSCCERo1A47IFaQPkBkBQO4g== X-Received: by 2002:a62:6541:0:b0:5a8:d97d:c346 with SMTP id z62-20020a626541000000b005a8d97dc346mr14011205pfb.12.1678229314137; Tue, 07 Mar 2023 14:48:34 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/23] linux-firmware: properly set license for all Qualcomm firmware Date: Tue, 7 Mar 2023 12:47:43 -1000 Message-Id: <2cb8f5efb99df37c8e2103ecdc7f482ee129650a.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178131 From: Dmitry Baryshkov It is not enough to depend on the ${PN}-qcom-license package. Set LICENSE variable for all the qcom packages to point to the proper license. Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 9dc41e18dc138a7cce920f8e4c85eb3130c0d553) Signed-off-by: Steve Sakoman --- .../linux-firmware/linux-firmware_20230117.bb | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb index ad2f4ac334..de22df1eba 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb @@ -961,6 +961,31 @@ RDEPENDS_${PN}-qat = "${PN}-qat-license" # For QCOM VPU/GPU and SDM845 LICENSE_${PN}-qcom-license = "Firmware-qcom" +LICENSE_${PN}-qcom-venus-1.8 = "Firmware-qcom" +LICENSE_${PN}-qcom-venus-4.2 = "Firmware-qcom" +LICENSE_${PN}-qcom-venus-5.2 = "Firmware-qcom" +LICENSE_${PN}-qcom-venus-5.4 = "Firmware-qcom" +LICENSE_${PN}-qcom-vpu-1.0 = "Firmware-qcom" +LICENSE_${PN}-qcom-vpu-2.0 = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a2xx = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a3xx = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a4xx = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a530 = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a630 = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a650 = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a660 = "Firmware-qcom" +LICENSE_${PN}-qcom-apq8096-audio = "Firmware-qcom" +LICENSE_${PN}-qcom-apq8096-modem = "Firmware-qcom" +LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom" +LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom" +LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom" +LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom" +LICENSE_${PN}-qcom-sdm845-audio = "Firmware-qcom" +LICENSE_${PN}-qcom-sdm845-compute = "Firmware-qcom" +LICENSE_${PN}-qcom-sdm845-modem = "Firmware-qcom" +LICENSE_${PN}-qcom-sm8250-audio = "Firmware-qcom" +LICENSE_${PN}-qcom-sm8250-compute = "Firmware-qcom" + FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" From patchwork Tue Mar 7 22:47:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E027EC678D5 for ; Tue, 7 Mar 2023 22:48:45 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web11.8700.1678229316859405297 for ; Tue, 07 Mar 2023 14:48:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=xbzyDMO/; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id y19so8566544pgk.5 for ; Tue, 07 Mar 2023 14:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229316; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=faL0shdJY64vEfPQsdCErZ0iMR46EXq8SZCEQP0zOMI=; b=xbzyDMO/jsY1b3KtGZbtZtgrhaXcRkF/2QnW79bdMmUvub85KyuEWcMBbqgVWI0Hdk IcHXP6fOWLZaoMKWApnxwxfZGZouOUAZNRYCZiwCSuQJ6J281j1lgoBco+65BgJvYwqL ranl1BBRi8Cscc36ESi7x+PEYNEVCDGdtIU8WY99uyzapVYUg+iPk5RtGXsrvkgl9rLA sEIe6IihSdvMF4hyLJkcAMlwBj9Vx1mB+mHiqkeHiUllsHtg59KJVfXvRhXiLloHGAXM lJCP3EMhTCp1D+OKECzezHyRuUFHpmjFrlCW9Di1Ixp9PyLvIX2wMTVVEjvkSjYZdtC6 X5BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229316; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=faL0shdJY64vEfPQsdCErZ0iMR46EXq8SZCEQP0zOMI=; b=h7ibUGmz8tLOYk2RlbvUwWr3xEROTaSVv0TLUzhwCqwGxLKXwKIHpVKUNKwd9ynknE 1sjth4YnQHjKh6AK0p3xhoEIBXDXHBQcUK1xZSKQA1/aUN3JUEwJgfZvzFJYqc+ucFQk +B7zdWvTXDDfRTyn5Z03uK1q6W9nj98u5u7AxT7CqK4+s7RAW6vNkLwNVyiaLWXNRZdQ XuVQ+5WVdaXJl6ZEqBpxoScerM+y+7dt7P+ee1Bvlqp4LMX/LoHOw1y4+lK4ImbQVvAx Cfv2yz7nKwBwf9jHBLMmZmnivkFC3S8/TPPfiw2KUnr6pwNn24YrOjLnYoGEpyZn7Cf0 7NsA== X-Gm-Message-State: AO0yUKUoUHL4f98xf7nhurETYzw1Ir+uoCv0+3PPirzxzGjpXK/HuPXS hydx42QxaXcD3lPaOZApSQVPy1Wooxn1u8SpJRw= X-Google-Smtp-Source: AK7set8RTGJkrgSsUmTV1A79fHf+GNL2U/IzYADU0ntCY/JBU70gk78aEJE8Z7E/guLUXg2qQI7Lbw== X-Received: by 2002:a62:5e03:0:b0:5b5:8e27:1394 with SMTP id s3-20020a625e03000000b005b58e271394mr13235140pfb.34.1678229315935; Tue, 07 Mar 2023 14:48:35 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/23] linux-firmware: add yamato fw files to qcom-adreno-a2xx package Date: Tue, 7 Mar 2023 12:47:44 -1000 Message-Id: <420c41b9560574b10aa56fbe073509c56adda93e.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178132 From: Dmitry Baryshkov Newest linux-firmware release got firmware for Adreno A200. Add these two files to the ${PN}-qcom-adreno-a2xx package. As these files are licensed under a separate BSD-3-Clause license, add separate license package too. Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 56e1b2b06ef7f22d4ac5899046f650ae8ec0d547) Signed-off-by: Steve Sakoman --- .../linux-firmware/linux-firmware_20230117.bb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb index de22df1eba..ce0c90d4c5 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb @@ -45,6 +45,7 @@ LICENSE = "\ & Firmware-phanfw \ & Firmware-qat \ & Firmware-qcom \ + & Firmware-qcom-yamato \ & Firmware-qla1280 \ & Firmware-qla2xxx \ & Firmware-qualcommAthos_ar3k \ @@ -109,6 +110,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ + file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ @@ -177,6 +179,7 @@ NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" +NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato" NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" @@ -305,7 +308,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-nvidia-gpu \ ${PN}-netronome-license ${PN}-netronome \ ${PN}-qat ${PN}-qat-license \ - ${PN}-qcom-license \ + ${PN}-qcom-license ${PN}-qcom-yamato-license \ ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ @@ -961,13 +964,14 @@ RDEPENDS_${PN}-qat = "${PN}-qat-license" # For QCOM VPU/GPU and SDM845 LICENSE_${PN}-qcom-license = "Firmware-qcom" +LICENSE_${PN}-qcom-yamato-license = "Firmware-qcom-yamato" LICENSE_${PN}-qcom-venus-1.8 = "Firmware-qcom" LICENSE_${PN}-qcom-venus-4.2 = "Firmware-qcom" LICENSE_${PN}-qcom-venus-5.2 = "Firmware-qcom" LICENSE_${PN}-qcom-venus-5.4 = "Firmware-qcom" LICENSE_${PN}-qcom-vpu-1.0 = "Firmware-qcom" LICENSE_${PN}-qcom-vpu-2.0 = "Firmware-qcom" -LICENSE_${PN}-qcom-adreno-a2xx = "Firmware-qcom" +LICENSE_${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato" LICENSE_${PN}-qcom-adreno-a3xx = "Firmware-qcom" LICENSE_${PN}-qcom-adreno-a4xx = "Firmware-qcom" LICENSE_${PN}-qcom-adreno-a530 = "Firmware-qcom" @@ -987,13 +991,14 @@ LICENSE_${PN}-qcom-sm8250-audio = "Firmware-qcom" LICENSE_${PN}-qcom-sm8250-compute = "Firmware-qcom" FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES_${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato" FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" -FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" +FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw" FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" FILES_${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" @@ -1019,7 +1024,7 @@ RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license" RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license" RDEPENDS_${PN}-qcom-adreno-a4xx = "${PN}-qcom-license" RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license" RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license" From patchwork Tue Mar 7 22:47:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20556 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5CC7C742A7 for ; Tue, 7 Mar 2023 22:48:45 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.8617.1678229299776983764 for ; Tue, 07 Mar 2023 14:48:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=lVpYIuIp; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id y10so9089366pfi.8 for ; Tue, 07 Mar 2023 14:48:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229318; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wytZlLu0Ig0rEbfKLnp2o0A1PVjrSZhINot1fOt8nmc=; b=lVpYIuIp7BC1JbHi0SGrzHyjAlZy7uayZ/BkINFwSH4ZSB/Yua0N/yYMi1dbuhc2bo 7+ORqk0H/p0S10IYaRqFfK8hT5kZ7j+rfyHMRUwzCqN92E6feF17kGTwtZNBB5cNMaRY YSPdO0C/Xx1tV0SISRbUQkQBhHHPOCtgtV2kTvsPurD9vneU3nhHvr0VN60OzyPNe6jd EbkzscHWo1T8d4XGxZwVGXOrCC/VqJ/rnyU+/u8knvs3Tb/ndSOJrQVqPom0pGVaJZfN GgzKwUGXvA4jlf7g01NGiPe0oY7uWnfi2cywp/FlCO8d+kPbavdxZdztZ+mwziLqMRPh zD4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229318; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wytZlLu0Ig0rEbfKLnp2o0A1PVjrSZhINot1fOt8nmc=; b=LwSWR0GBtA3xxcOAUjWJgmLbfdll6kPp0BqCzJ2jaL+x8fkUmyzkWcEID+e0GZR5it N2uMANVNLoZKMk4Kiuu5gjy3JeKWazib2KK0PSneNhLefbCpDEMVKfMotB0hZTQS1uT3 mjiN32lwgvdPNEUgE9unVSOGdTmxoC5IJRx+YuNvNDE3Treba80H3MF4qcbqQKaS4l5d x8ZloGF1OsJeaQlk75T3Ycr1C0NaDGURSHa/vM8TO7rFi+ylWSkw+nCC+LJqWNa/KyRF 4/dnguoL7ZwbtaQW7K+Fm+TUdeM65WgPlpwZHQWGOXcmEn2+MnuOYfbxOoqxQXeEgoML kmnw== X-Gm-Message-State: AO0yUKUUtZjpdVEeVajC2WKs8gYRNCCpqcrTxrEfhPlJRkjKObvYJsJK ycg/TKrz43oKvFd/DpQ5rJZ6of0oybus6rvt8I8= X-Google-Smtp-Source: AK7set8HThcLDCyI2sAa5AdrjaM8cXZzym9d7L+pojI0y3DP3SMuhmdhnc9We3uE+PjqO8YsLJK1lA== X-Received: by 2002:aa7:96f9:0:b0:593:2289:f01c with SMTP id i25-20020aa796f9000000b005932289f01cmr12122017pfq.25.1678229317897; Tue, 07 Mar 2023 14:48:37 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/23] linux-firmware: upgrade 20230117 -> 20230210 Date: Tue, 7 Mar 2023 12:47:45 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178133 From: Alexander Kanavin License-Update: additional firmwares Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit 8e6134d39b840d96e1c37d3df21a522afea8bc76) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20230117.bb => linux-firmware_20230210.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230117.bb => linux-firmware_20230210.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb index ce0c90d4c5..fb1ea61906 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "05f1d941972cedadbf667c05f6010378" +WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "df11e25ba2fb4d5343473757e17a3b4cef599250a26b1f7e0f038850f0cb3d64" +SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a" inherit allarch From patchwork Tue Mar 7 22:47:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20552 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB473C6FA99 for ; Tue, 7 Mar 2023 22:48:45 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.8615.1678229297038846880 for ; Tue, 07 Mar 2023 14:48:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=6iTV7hvV; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id y11so15853732plg.1 for ; Tue, 07 Mar 2023 14:48:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229319; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=h/qC8J4/W2oKJ1ODVbb9o9k7iZHBze20RsIGasdQKRU=; b=6iTV7hvVKKlt3Un69KV4MfYQ8odAv2i7XcR/SwoArzdvtDBchogrI07tm4v3Fve2rJ Hwdk4Dx8GFWyRUfRvBx3B0/5qS7uM7zdd/aBo+qFVPVmcKxvmK/TbPidF9GKedc/buiC cSI+adTkAGmGNnwAJG72s/NqegUn9SXmUaBl8TjUZ9OxfjUnOBV+4YyzskBDDcdGVjNy FIsUAF8DNyS67sLoUdTBpmQXD4KY59VEN4d3Svn6aWsKUhabjc6JeH/WcZIWnDImRtQi iKhRdBVWCfyCCKuycgKLp9m+qyjLxIK05x/lyFyk47z0jDOLKMJ2v7r0Rnf+ERrRi6AO SBZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229319; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h/qC8J4/W2oKJ1ODVbb9o9k7iZHBze20RsIGasdQKRU=; b=uyyT2wfgV3UWFNQ74Gr12mhWFPb2pbd33Cari01T6Czp5rvAFC0/MaiO6tL+2jGAoS INYxTyFNFcAztWEFigaVgCkKKnhzkcQOXCbGRcEjt+PhK/4wOjPXgkFRebCFmczLB0FV 4DnyOhwmMeClPr6A2g0yulDvnYuKOTuxoEOsCX+lGL4fCg2trZl9WOoxgc0LJuj41feM QTDcBzhPMpiwZ2hcNbRRCHEQPevmSB3lve2ClpBLKhaPxvPuN53iJK2akeqVmV/Uw5/1 HHJlKB7/Df4i5zSqHfhOOFF3MgScWfV4irpR/YD7BGKQnvSoLceyPTXB+HWbI3HZkQf6 l3+A== X-Gm-Message-State: AO0yUKU1rqiWZ7/xkQfDSjTi3IiP+zG8hTxwPBw3Q64gwacZX/bkZBHX meKa25SOxoCFDmgM28iX6oU+iRh0/cz+++bIOdc= X-Google-Smtp-Source: AK7set8YjTAG41sYQBu8OzjRAbsFuMZLKoUwt3S1D8Dd4lQxjDp35EHUz02VIQgbQl/31lP0ZKhGgg== X-Received: by 2002:a05:6a20:841a:b0:bc:96bd:d701 with SMTP id c26-20020a056a20841a00b000bc96bdd701mr22785953pzd.13.1678229319613; Tue, 07 Mar 2023 14:48:39 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/23] wireless-regdb: upgrade 2022.08.12 -> 2023.02.13 Date: Tue, 7 Mar 2023 12:47:46 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178134 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit a8e8ea1b4b100b6f0ba5ca9441a8f3f1ac31fbfd) Signed-off-by: Steve Sakoman --- ...ireless-regdb_2022.08.12.bb => wireless-regdb_2023.02.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.08.12.bb => wireless-regdb_2023.02.13.bb} (94%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb similarity index 94% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb index 7165a9f9b3..295510225a 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84" +SRC_URI[sha256sum] = "fe81e8a8694dc4753a45087a1c4c7e1b48dee5a59f5f796ce374ea550f0b2e73" inherit bin_package allarch From patchwork Tue Mar 7 22:47:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20555 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EACF5C6FD1E for ; Tue, 7 Mar 2023 22:48:45 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.8636.1678229322284071356 for ; Tue, 07 Mar 2023 14:48:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=r1tOmsFn; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id z11so9100884pfh.4 for ; Tue, 07 Mar 2023 14:48:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=19z5GKXTYGNLD79eWa8gQem4879XoR8N4mCLO6flHm8=; b=r1tOmsFn9PpAbCfz9Nc18wqiP6YEsldU/zF2iUM9EIlQ6ieEF+zR0Q6IEqgksP5uom wej7BNMdkN5ZRtahEXvaL75sU4uV8Yuk6R8Wp286bJ4F3I6ZiCDFwSElKpQ1VgheNEel w02F4TELKpOznzc7ZOABuXtcNGiyLiPQlO2dhfTN+3FFusVf86srOH4KuZc1W9M0tg+V e5Z8SF/CCe6AhV4BDHgSmh9UHGENoUtAou54yZfKKmBUg/A7FUSo+Fh0o3WkpOoBYoMe nxkKagpq3rGU4TJ9vCbzCwA9K8khgt9O1ysKvZlkGG4CckdPo1ntciuIdJZKk494eo0W XKbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=19z5GKXTYGNLD79eWa8gQem4879XoR8N4mCLO6flHm8=; b=KOoOczYYVkJfar/YIPonkYgdiwO+x+gsZz83sLn/Kx6J+FoO036ecmUHhmF4T7KRme ih6UuBEzLD+GcPXumJW303irAXRTpzy9IQA4SuAnJcPjyf58WbT5dayQKldlufd0973R ADx5/gWIBiTL9COEtmjEfEFN3KLxJKWY1KbrDIWaQyV2yFBcc0de7DQgItUsltceIGd4 ZEdLdsKv3FCCTM3e07kQUYp7E/0yXMdQ3w6y3yTxW7ufxe+6Uk0b7Dp0fjDX2g4rLn21 hEQYbltq1IoAaQeuQgpj/wDLFV8ClKavQadGBF+PVIvI9TidJSxa++0rO+OdSjs/OXJh prGQ== X-Gm-Message-State: AO0yUKXhjLGMKOdPUyA3kLQQzZ0vrNzz5X9cZwfojj7OH50/bAc5Gmel M5QCs6FGuEqXhWOsIK6+VYbOq3soB6iYGqSahQ8= X-Google-Smtp-Source: AK7set9EnRxwlk2qoo2oG4Y6042rltrWpViFd0A3rvUNgxfmGg0Pjb9TFzLVqXEXwkRkkJhJ2Fl0+Q== X-Received: by 2002:a62:1dd4:0:b0:5aa:6125:dbf4 with SMTP id d203-20020a621dd4000000b005aa6125dbf4mr17149969pfd.11.1678229321336; Tue, 07 Mar 2023 14:48:41 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/23] apr: Fix to work with autoconf 2.70 Date: Tue, 7 Mar 2023 12:47:47 -1000 Message-Id: <41121149212b3684991a62261c17a45afd50bb83.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178135 From: Richard Purdie Fix an issue with autoconf 2.70 where duplicate macro includes caused configure failures. Signed-off-by: Richard Purdie Signed-off-by: Ross Burton (cherry picked from commit 4e5d7c86a8a5e752df451d988861a86236e8c8ff) Signed-off-by: Steve Sakoman --- .../recipes-support/apr/apr/autoconf270.patch | 22 +++++++++++++++++++ meta/recipes-support/apr/apr_1.7.0.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-support/apr/apr/autoconf270.patch diff --git a/meta/recipes-support/apr/apr/autoconf270.patch b/meta/recipes-support/apr/apr/autoconf270.patch new file mode 100644 index 0000000000..9f7b5c624c --- /dev/null +++ b/meta/recipes-support/apr/apr/autoconf270.patch @@ -0,0 +1,22 @@ +With autoconf 2.70 confdefs.h is already included. Including it twice generates +compiler warnings and since this macros is to error on warnings, it breaks. + +Fix by not including the file. + +Upstream-Status: Pending +RP - 2021/1/28 + +Index: apr-1.7.0/build/apr_common.m4 +=================================================================== +--- apr-1.7.0.orig/build/apr_common.m4 ++++ apr-1.7.0/build/apr_common.m4 +@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], + fi + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( +- [#include "confdefs.h" +- ] ++ [] + [[$1]] + [int main(int argc, const char *const *argv) {] + [[$2]] diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 92cc61a864..b70edfaf42 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ + file://autoconf270.patch \ file://CVE-2021-35940.patch \ " From patchwork Tue Mar 7 22:47:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20554 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFC91C74A4B for ; Tue, 7 Mar 2023 22:48:45 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.8637.1678229324101292487 for ; Tue, 07 Mar 2023 14:48:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=AyApGY/p; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id n6so15830251plf.5 for ; Tue, 07 Mar 2023 14:48:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229323; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IWHmaC2Qp3Li5TzJtvDSfJNUEqpC4LslPssow/GtwRQ=; b=AyApGY/psmi/twLL22GyPqTKKb1ijn4tzUm5FcUawa3+Y2HQjPrv8bwNG7g5Z0vgks +dqt07BONcyTcNzAzLxq2x0VhnnY6R/IgDM+uyeFTht6Zg3k1llWRfl6hsDouNBKifl9 f0mCYcoDz74UJ1qDEg7Em5GjZkV3L2Cs43Wu8yNodExaI+3JcVOLhbf7tQagyAfnnWXn e4CRAW6KrgoOnLYskSETPC4uqXZbCs1digaJYwSSnu/vYHlgwzBzf0/J5XV36LQuDRmk 3fgAU9+djsQh8LmbQr8/aTekeAWEb5Qum8NrDYZhdQorkB4KL3Sb5aoG0UU2yJwTZZ81 hZaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229323; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IWHmaC2Qp3Li5TzJtvDSfJNUEqpC4LslPssow/GtwRQ=; b=JBVeK+vms4vlQrfcQkY3SLgPzmcCcm6fxo0d8sNANp1i8oBLPR17cVb+x2YMvozZGx OE5bJ4gXXVoBSf77kiBj0EadosGdIviPNXhI4AYUCYmxLvba75TeCMII7ffiwCg70t+D 4GvtjOu/iGab8hAtfLyJc+Loy7vSv8EODoh701orhKgKaIwvkGnoNwXD5ExrRk88bkHU x9pmZ/gXmBoErxWD5/grIqsw9WR3yogBbGVlokbwT9uobg0KF//tEsb/uLtqq0HzROwa 5J8sDc0fIlSejqb57JNHkQSDy5KLR+jH3dMfLBkRTbLUL5hwF3lnEhq0DA9u9Z28oGyA TCmg== X-Gm-Message-State: AO0yUKVi2Q3SJfVi1WwkPrUHvIC4DdeFcfd/o51lgRJSswKQVrFdD2j5 2H/2U8LV3g1jyEmonXLN+bgUwk0lMlU9wJLvTxU= X-Google-Smtp-Source: AK7set9qOfObQbO9yf5Yw1t75E5HYvg3P0nF0Da+SNkHHUFWkz4/11GOosRwBD5juvNlApCRunkIkA== X-Received: by 2002:a05:6a21:7897:b0:be:a55a:8910 with SMTP id bf23-20020a056a21789700b000bea55a8910mr18094596pzc.4.1678229323056; Tue, 07 Mar 2023 14:48:43 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:42 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/23] apr: Use correct strerror_r implementation based on libc type Date: Tue, 7 Mar 2023 12:47:48 -1000 Message-Id: <993cfeaefa73e3b82cf15db78584e5f9b9f86ddf.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178136 From: Khem Raj musl does not implement GNU extention of strerror_r but XSI compliant version, therefore add it via a packageconfig to set right variables during configure to cache the value. configure detection logic depends on runtime test which will always be wrong on cross compiles therefore backport a patch to make it possible to cache the needed configure variable. Signed-off-by: Khem Raj Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit ded3d76a844dd1aef9ac610fbe506bf76285369b) Signed-off-by: Steve Sakoman --- ...CHE_CHECK-for-strerror_r-return-type.patch | 52 +++++++++++++++++++ meta/recipes-support/apr/apr_1.7.0.bb | 4 ++ 2 files changed, 56 insertions(+) create mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch diff --git a/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch new file mode 100644 index 0000000000..d0a9bd9129 --- /dev/null +++ b/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch @@ -0,0 +1,52 @@ +From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 23 Aug 2022 22:42:03 -0700 +Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type + +APR's configure script uses AC_TRY_RUN to detect whether the return type +of strerror_r is int. When cross-compiling this defaults to no. + +This commit adds an AC_CACHE_CHECK so users who cross-compile APR may +influence the outcome with a configure variable. + +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] +Signed-off-by: Khem Raj +--- + build/apr_common.m4 | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/build/apr_common.m4 b/build/apr_common.m4 +index cbf2a4c..42e75cf 100644 +--- a/build/apr_common.m4 ++++ b/build/apr_common.m4 +@@ -525,8 +525,9 @@ dnl string. + dnl + dnl + AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ +-AC_MSG_CHECKING(for type of return code from strerror_r) +-AC_TRY_RUN([ ++AC_CACHE_CHECK([whether return code from strerror_r has type int], ++[ac_cv_strerror_r_rc_int], ++[AC_TRY_RUN([ + #include + #include + #include +@@ -542,14 +543,10 @@ main() + }], [ + ac_cv_strerror_r_rc_int=yes ], [ + ac_cv_strerror_r_rc_int=no ], [ +- ac_cv_strerror_r_rc_int=no ] ) ++ ac_cv_strerror_r_rc_int=no ] ) ] ) + if test "x$ac_cv_strerror_r_rc_int" = xyes; then + AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) +- msg="int" +-else +- msg="pointer" + fi +-AC_MSG_RESULT([$msg]) + ] ) + + dnl +-- +2.37.2 + diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index b70edfaf42..b9d3e356da 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ + file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ file://CVE-2021-35940.patch \ " @@ -44,9 +45,12 @@ CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sct CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes" CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes" +CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG:append:libc-musl = " xsi-strerror" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[timed-tests] = "--enable-timed-tests,--disable-timed-tests," +PACKAGECONFIG[xsi-strerror] = "ac_cv_strerror_r_rc_int=yes,ac_cv_strerror_r_rc_int=no," do_configure_prepend() { # Avoid absolute paths for grep since it causes failures From patchwork Tue Mar 7 22:47:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1DC5C742A7 for ; Tue, 7 Mar 2023 22:48:55 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.8705.1678229325886900780 for ; Tue, 07 Mar 2023 14:48:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=yobUnBz7; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id c10so9070038pfv.13 for ; Tue, 07 Mar 2023 14:48:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229325; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dwzmvn2NE2qgwNRDVJ4cE4Zh1wuTeoYx6gAI6uz5wB4=; b=yobUnBz77Cn40YT4D6jBUQ1EtBfikpkA17RMVNG+cauo4DWXSKbjmgwOffY0PmhOmQ SSi/M/o0vD2UA6LK9LwJxKVkENBYY4644WXQzVADON2dc58Uq538kDCTuYB9ZPrhqjVm edPZAZBohB01ICjVRZWNjWM2dkobc4zXJUFrpqqER0z9Pj7HsMSJClQuK9mqDyrf5UcF Hrc73r6XYJKaQRj51q4yBSmAy4xX0ecJmmgU6wQgFnkDimxOvdrxKcNGpz4O2V4PmT59 voMvMc2fm47ejuAIK452snUX6uEBTFLd5BrExUH9fv0U6h0mV9AfaE31Ywg21xLeotXS cMuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229325; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dwzmvn2NE2qgwNRDVJ4cE4Zh1wuTeoYx6gAI6uz5wB4=; b=Od7EDpvTiOCO8JQQT1KWBsZ2lKfK3zvClTiZKcMpKi8sybHWXAgYDTme3LSlpcxsg0 jTFDVOwINIJkbg79MxeZkiGQSMlGCkUPZz8DqaH4H1ihlX28tjnnzSUA61bc6BRna0Dv UiU7ovwwxE3r4UunaXsyAarK8GYDaT3rXYVKYclzfKZjp7jGaLg39hBLnZ7Q0y8Fd4P+ tGMX9F2P2qFSyMrccfldTIuehyzKoExDjDldHapjHsfFROSNQbGIRvKgs32d4MNmy8VT iMO4cRnAmS3xZZMv67Zd+oPEBwmYMN6I4Wk1cOZYbufy+G9338X4kVtr7tZ68wgPdJeu ayzA== X-Gm-Message-State: AO0yUKX5Ek7CC0zK3+pFj9UUd9mGl4oFQFjVyLgiMQprN6CTnf6kQXfL tT36ggyV3iCgfXCTpWtwuRdhgND0bfHPHPhT0Dc= X-Google-Smtp-Source: AK7set+oPwbcTo0nDgbZj2Ot49DGl3L2e4Ic2NNXAXSVqG6lGYfqQtQS2QuDiU6DvHk8f2HkTmQAKQ== X-Received: by 2002:a62:19c9:0:b0:60e:950c:7a5d with SMTP id 192-20020a6219c9000000b0060e950c7a5dmr15009747pfz.1.1678229324864; Tue, 07 Mar 2023 14:48:44 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/23] apr: Cache configure tests which use AC_TRY_RUN Date: Tue, 7 Mar 2023 12:47:49 -1000 Message-Id: <104c9ddf7a5323e5193c611b98b3e7465157aecd.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178137 From: Khem Raj AC_TRY_RUN macro means the test needs to run to find the result and we are cross compiling so this will always get wrong results, this results in miscompiling apache2 on musl because it disables rlimit (ac_cv_struct_rlimit) wrongly. All these variables are determined with AC_TRY_RUN checks Signed-off-by: Khem Raj Signed-off-by: Luca Ceresoli (cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c) Signed-off-by: Steve Sakoman --- ...-runtime-test-for-mmap-that-can-map-.patch | 62 +++++++++++++++++++ meta/recipes-support/apr/apr_1.7.0.bb | 15 ++++- 2 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch diff --git a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch new file mode 100644 index 0000000000..fa6202da79 --- /dev/null +++ b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -0,0 +1,62 @@ +From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 26 Aug 2022 00:28:08 -0700 +Subject: [PATCH] configure: Remove runtime test for mmap that can map + /dev/zero + +This never works for cross-compile moreover it ends up disabling +ac_cv_file__dev_zero which then results in compiler errors in shared +mutexes + +Upstream-Status: Inappropriate [Cross-compile specific] +Signed-off-by: Khem Raj +--- + configure.in | 32 -------------------------------- + 1 file changed, 32 deletions(-) + +diff --git a/configure.in b/configure.in +index a99049d..f1f55c7 100644 +--- a/configure.in ++++ b/configure.in +@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ + APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) + AC_CHECK_FILE(/dev/zero) + +-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. +-if test "$ac_cv_func_mmap" = "yes" && +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_MSG_CHECKING(for mmap that can map /dev/zero) +- AC_TRY_RUN([ +-#include +-#include +-#include +-#ifdef HAVE_SYS_MMAN_H +-#include +-#endif +- int main() +- { +- int fd; +- void *m; +- fd = open("/dev/zero", O_RDWR); +- if (fd < 0) { +- return 1; +- } +- m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); +- if (m == (void *)-1) { /* aka MAP_FAILED */ +- return 2; +- } +- if (munmap(m, sizeof(void*)) < 0) { +- return 3; +- } +- return 0; +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) +- +- AC_MSG_RESULT($ac_cv_file__dev_zero) +-fi +- + # Now we determine which one is our anonymous shmem preference. + haveshmgetanon="0" + havemmapzero="0" +-- +2.37.2 + diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index b9d3e356da..5e62e5683f 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -25,6 +25,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ + file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ file://CVE-2021-35940.patch \ " @@ -37,12 +38,22 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'" # Added to fix some issues with cmake. Refer to https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928 CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes" - +# Enable largefile +CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes" +# Additional AC_TRY_RUN tests which will need to be cached for cross compile +CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes apr_cv_sock_cloexec=yes \ + ac_cv_struct_rlimit=yes \ + ac_cv_func_sem_open=yes \ + apr_cv_process_shared_works=yes \ + apr_cv_mutex_robust_shared=yes \ + " # Also suppress trying to use sctp. # CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sctp_uio_h=no" -CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes" +# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail during cross-compile +CACHED_CONFIGUREVARS += "${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS') != '32']}" + CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes" CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes" From patchwork Tue Mar 7 22:47:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20562 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7CA5C6FD1E for ; Tue, 7 Mar 2023 22:48:55 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.8707.1678229327932319480 for ; Tue, 07 Mar 2023 14:48:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=iTwtavmD; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id fa28so9075348pfb.12 for ; Tue, 07 Mar 2023 14:48:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229327; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KmZYwgtnavzVMKIUqHMotUhNLcnDH10yfiyWbzQuLyY=; b=iTwtavmDx1MWGEdi0Sc+tfVCLU/Zg2t8yQC45dNR9YHPz5s+6uITxokorR3IlKd3X8 9mg2tP81QHek/x65nvkVwOsTCvoDMej9+7iOsXLJKa1CpcFtdmp3UDMQ4IAuEXi2fptU pHyY/oPe6eB+GuD2Rx7N7ZVwLisvnxtrbOJC/fQHD219QLcN3LAib31Z3hkkwNpYs8gV LZ6Hi0LwXGDOCZWFefaU7arq7hBZumWC1m/s3vyo82Fyiq3rWtL5EIfYW4EubifRx5vg uJnLM/Jq4QRmwnReenRtu51d8XiNVSPfV0QUq2DYbYzzCQeWGF/wOZ2JU+nTHDYi1twP qYeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229327; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KmZYwgtnavzVMKIUqHMotUhNLcnDH10yfiyWbzQuLyY=; b=r6bUunn6JUF8267c2eQ9bUoWEi2N0KBRc2rt8HZOxM2u21jXUBJV3BYXyR2Nqyyk5U UheJ6GyRGzPPbrEiTdW4N2CqqqJL2L6qYakTctCtzUjDRO25Anu5ZV+Rf8GfNqr7Br1s efK6FzduiUqYkXgWgZXn9ldpQ4iPAPKdg4m0KYtnHzPslJAjGYllSFN+Ts2HhEMcYpbx dqstlB1mayHPm2ov2gI+mZpBE3CKWudXIoDaJJvHu7yC+n1aG3/GZC40xo0scUjIRUL9 W/sGPxcRm1oBdJBiKUF/XrZdqZbAv1iy0Gb9iXeeNMn4Z4i7qwq60P9LZuO9HixQJdQU 8GZQ== X-Gm-Message-State: AO0yUKVOmWMhoAM3t7l47jSJlR7A0sswj6sPtr41yYAb7dXwPwYvnYky 6zPztS9T4nw7Kk/Byr3wrHFhInc4AlA2xNnBpOA= X-Google-Smtp-Source: AK7set/cAjP5Odbgzw6+guHicHbAIIDtmFP9WhqiCwH1i1tj0XXO6ofIOMNSQuXMZ2OhJGjjsqFGIQ== X-Received: by 2002:a05:6a00:804:b0:5a8:1866:7cfe with SMTP id m4-20020a056a00080400b005a818667cfemr22183198pfk.17.1678229326741; Tue, 07 Mar 2023 14:48:46 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/23] apr: update 1.7.0 -> 1.7.2 Date: Tue, 7 Mar 2023 12:47:50 -1000 Message-Id: <013633b9f4b7dff2616c6d2e59e4d8118e3ce51f.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178138 From: Alexander Kanavin Changes for APR 1.7.2 *) Correct a packaging issue in 1.7.1. The contents of the release were correct, but the top level directory was misnamed. Changes for APR 1.7.1 *) SECURITY: CVE-2022-24963 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. *) SECURITY: CVE-2022-28331 (cve.mitre.org) On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. *) SECURITY: CVE-2021-35940 (cve.mitre.org) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] *) configure: Fix various build issues for compilers enforcing strict C99 compliance. PR 66396, 66408, 66426. [Florian Weimer , Sam James ] *) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov] *) configure: Prefer posix name-based shared memory over SysV IPC. [Jim Jagielski] *) configure: Add --disable-sctp argument to forcibly disable SCTP support, or --enable-sctp which fails if SCTP support is not detected. [Lubos Uhliarik , Joe Orton] *) Fix handle leak in the Win32 apr_uid_current implementation. PR 61165. [Ivan Zhakov] *) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file to avoid a fd and inode leak when/if later passed to apr_file_setaside(). [Yann Ylavic] *) APR's configure script uses AC_TRY_RUN to detect whether the return type of strerror_r is int. When cross-compiling this defaults to no. This commit adds an AC_CACHE_CHECK so users who cross-compile APR may influence the outcome with a configure variable. [Sebastian Kemper ] *) Add a cache check with which users who cross-compile APR can influence the outcome of the /dev/zero test by setting the variable ac_cv_mmap__dev_zero=yes [Sebastian Kemper ] *) Trick autoconf into printing the correct default prefix in the help. [Stefan Fritsch] *) Don't try to use PROC_PTHREAD by default when cross compiling. [Yann Ylavic] *) Add the ability to cross compile APR. [Graham Leggett] *) While cross-compiling, the tools/gen_test_char could not be executed at build time, use AX_PROG_CC_FOR_BUILD to build native tools/gen_test_char Support explicit libtool by variable assigning before buildcheck.sh, it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool) [Hongxu Jia ] *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen ] *) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053. [Mike Frysinger ] *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] *) apr_pools: Fix pool debugging output so that creation events are always emitted before allocation events and subpool destruction events are emitted on pool clear/destroy for proper accounting. [Brane Čibej] *) apr_socket_listen: Allow larger listen backlog values on Windows 8+. [Evgeny Kotkov ] *) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10 *) Fix attempt to free invalid memory on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov] Dropped patches have all been merged, addressed separately or are backports. Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf) Signed-off-by: Steve Sakoman (cherry picked from commit a308e10ef4ad9e097b025f009866eae178259781) Signed-off-by: Steve Sakoman --- ...ion-to-disable-timed-dependant-tests.patch | 20 ++--- ...CHE_CHECK-for-strerror_r-return-type.patch | 52 ------------- ...-runtime-test-for-mmap-that-can-map-.patch | 26 +++---- ...ir-path-references-from-installed-ap.patch | 25 +++--- ...configure.in-support-cross-compiling.patch | 63 --------------- ...ze-doesn-t-match-in-glibc-when-cross.patch | 76 ------------------- .../apr/apr/CVE-2021-35940.patch | 58 -------------- .../recipes-support/apr/apr/autoconf270.patch | 22 ------ .../apr/apr/libtoolize_check.patch | 21 +++-- .../apr/{apr_1.7.0.bb => apr_1.7.2.bb} | 8 +- 10 files changed, 51 insertions(+), 320 deletions(-) delete mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch delete mode 100644 meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch delete mode 100644 meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch delete mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch delete mode 100644 meta/recipes-support/apr/apr/autoconf270.patch rename meta/recipes-support/apr/{apr_1.7.0.bb => apr_1.7.2.bb} (91%) diff --git a/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch index abff4e9331..a274f3a16e 100644 --- a/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch +++ b/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch @@ -1,14 +1,15 @@ -From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001 +From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001 From: Jeremy Puhlman Date: Thu, 26 Mar 2020 18:30:36 +0000 Subject: [PATCH] Add option to disable timed dependant tests -The disabled tests rely on timing to pass correctly. On a virtualized +The disabled tests rely on timing to pass correctly. On a virtualized system under heavy load, these tests randomly fail because they miss a timer or other timing related issues. Upstream-Status: Pending Signed-off-by: Jeremy Puhlman + --- configure.in | 6 ++++++ include/apr.h.in | 1 + @@ -16,10 +17,10 @@ Signed-off-by: Jeremy Puhlman 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in -index d9f32d6..f0c5661 100644 +index bfd488b..3663220 100644 --- a/configure.in +++ b/configure.in -@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks, +@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks, ) AC_SUBST(apr_has_timedlocks) @@ -45,10 +46,10 @@ index ee99def..c46a5f4 100644 #define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@ diff --git a/test/testlock.c b/test/testlock.c -index a43f477..6233d0b 100644 +index e3437c1..04e01b9 100644 --- a/test/testlock.c +++ b/test/testlock.c -@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite) +@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, threads_not_impl, NULL); #else abts_run_test(suite, test_thread_mutex, NULL); @@ -56,6 +57,8 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_thread_timedmutex, NULL); #endif + abts_run_test(suite, test_thread_nestedmutex, NULL); +@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite) abts_run_test(suite, test_thread_rwlock, NULL); abts_run_test(suite, test_cond, NULL); abts_run_test(suite, test_timeoutcond, NULL); @@ -63,7 +66,4 @@ index a43f477..6233d0b 100644 +#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS abts_run_test(suite, test_timeoutmutex, NULL); #endif - #endif --- -2.23.0 - + #ifdef WIN32 diff --git a/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch deleted file mode 100644 index d0a9bd9129..0000000000 --- a/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Tue, 23 Aug 2022 22:42:03 -0700 -Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type - -APR's configure script uses AC_TRY_RUN to detect whether the return type -of strerror_r is int. When cross-compiling this defaults to no. - -This commit adds an AC_CACHE_CHECK so users who cross-compile APR may -influence the outcome with a configure variable. - -Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] -Signed-off-by: Khem Raj ---- - build/apr_common.m4 | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/build/apr_common.m4 b/build/apr_common.m4 -index cbf2a4c..42e75cf 100644 ---- a/build/apr_common.m4 -+++ b/build/apr_common.m4 -@@ -525,8 +525,9 @@ dnl string. - dnl - dnl - AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ --AC_MSG_CHECKING(for type of return code from strerror_r) --AC_TRY_RUN([ -+AC_CACHE_CHECK([whether return code from strerror_r has type int], -+[ac_cv_strerror_r_rc_int], -+[AC_TRY_RUN([ - #include - #include - #include -@@ -542,14 +543,10 @@ main() - }], [ - ac_cv_strerror_r_rc_int=yes ], [ - ac_cv_strerror_r_rc_int=no ], [ -- ac_cv_strerror_r_rc_int=no ] ) -+ ac_cv_strerror_r_rc_int=no ] ) ] ) - if test "x$ac_cv_strerror_r_rc_int" = xyes; then - AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) -- msg="int" --else -- msg="pointer" - fi --AC_MSG_RESULT([$msg]) - ] ) - - dnl --- -2.37.2 - diff --git a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch index fa6202da79..a78b16284f 100644 --- a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch +++ b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -1,4 +1,4 @@ -From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 26 Aug 2022 00:28:08 -0700 Subject: [PATCH] configure: Remove runtime test for mmap that can map @@ -10,24 +10,25 @@ mutexes Upstream-Status: Inappropriate [Cross-compile specific] Signed-off-by: Khem Raj + --- - configure.in | 32 -------------------------------- - 1 file changed, 32 deletions(-) + configure.in | 30 ------------------------------ + 1 file changed, 30 deletions(-) diff --git a/configure.in b/configure.in -index a99049d..f1f55c7 100644 +index 3663220..dce9789 100644 --- a/configure.in +++ b/configure.in -@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ +@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) AC_CHECK_FILE(/dev/zero) -# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. -if test "$ac_cv_func_mmap" = "yes" && -- test "$ac_cv_file__dev_zero" = "yes"; then -- AC_MSG_CHECKING(for mmap that can map /dev/zero) -- AC_TRY_RUN([ --#include +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_CACHE_CHECK([for mmap that can map /dev/zero], +- [ac_cv_mmap__dev_zero], +- [AC_TRY_RUN([#include -#include -#include -#ifdef HAVE_SYS_MMAN_H @@ -49,14 +50,9 @@ index a99049d..f1f55c7 100644 - return 3; - } - return 0; -- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) -- -- AC_MSG_RESULT($ac_cv_file__dev_zero) +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])]) -fi - # Now we determine which one is our anonymous shmem preference. haveshmgetanon="0" havemmapzero="0" --- -2.37.2 - diff --git a/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch index 72e706f966..d63423f3a1 100644 --- a/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch +++ b/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch @@ -1,8 +1,7 @@ -From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001 +From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Tue, 30 Jan 2018 09:39:06 +0800 -Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr - files +Subject: [PATCH] apr: Remove workdir path references from installed apr files Upstream-Status: Inappropriate [configuration] @@ -14,20 +13,23 @@ packages at target run time, the workdir path caused confusion. Rebase to 1.6.3 Signed-off-by: Hongxu Jia + --- - apr-config.in | 26 ++------------------------ - 1 file changed, 2 insertions(+), 24 deletions(-) + apr-config.in | 32 ++------------------------------ + 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/apr-config.in b/apr-config.in -index 84b4073..bbbf651 100644 +index bed47ca..47874e5 100644 --- a/apr-config.in +++ b/apr-config.in -@@ -152,14 +152,7 @@ while test $# -gt 0; do +@@ -164,16 +164,7 @@ while test $# -gt 0; do flags="$flags $LDFLAGS" ;; --includes) - if test "$location" = "installed"; then flags="$flags -I$includedir $EXTRA_INCLUDES" +- elif test "$location" = "crosscompile"; then +- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES" - elif test "$location" = "source"; then - flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES" - else @@ -37,13 +39,15 @@ index 84b4073..bbbf651 100644 ;; --srcdir) echo $APR_SOURCE_DIR -@@ -181,29 +174,14 @@ while test $# -gt 0; do +@@ -197,33 +188,14 @@ while test $# -gt 0; do exit 0 ;; --link-ld) - if test "$location" = "installed"; then - ### avoid using -L if libdir is a "standard" location like /usr/lib - flags="$flags -L$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}" - else - ### this surely can't work since the library is in .libs? - flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}" @@ -62,6 +66,8 @@ index 84b4073..bbbf651 100644 - # Since the user is specifying they are linking with libtool, we - # *know* that -R will be recognized by libtool. - flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}" +- elif test "$location" = "crosscompile"; then +- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}" - else - flags="$flags $LA_FILE" - fi @@ -69,6 +75,3 @@ index 84b4073..bbbf651 100644 ;; --shlib-path-var) echo "$SHLIBPATH_VAR" --- -1.8.3.1 - diff --git a/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch deleted file mode 100644 index 4dd53bd8eb..0000000000 --- a/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Fri, 2 Feb 2018 15:51:42 +0800 -Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling - -While cross compiling, the tools/gen_test_char could not -be executed at build time, use AX_PROG_CC_FOR_BUILD to -build native tools/gen_test_char - -Upstream-Status: Submitted [https://github.com/apache/apr/pull/8] - -Signed-off-by: Hongxu Jia ---- - Makefile.in | 10 +++------- - configure.in | 3 +++ - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 5fb760e..8675f90 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@ - - CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \ - build/apr_rules.out tools/gen_test_char@EXEEXT@ \ -- tools/gen_test_char.o tools/gen_test_char.lo \ -+ tools/gen_test_char.o \ - include/private/apr_escape_test_char.h - DISTCLEAN_TARGETS = config.cache config.log config.status \ - include/apr.h include/arch/unix/apr_private.h \ -@@ -131,13 +131,9 @@ check: $(TARGET_LIB) - etags: - etags `find . -name '*.[ch]'` - --OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS) --tools/gen_test_char.lo: tools/gen_test_char.c -+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c - $(APR_MKDIR) tools -- $(LT_COMPILE) -- --tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char) -- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS) -+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@ - - include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@ - $(APR_MKDIR) include/private -diff --git a/configure.in b/configure.in -index 719f331..361120f 100644 ---- a/configure.in -+++ b/configure.in -@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a - dnl preload section from invoking the macro to get compiler info. - AC_PROG_CC - -+dnl Check build CC for gen_test_char compiling which is executed at build time. -+AX_PROG_CC_FOR_BUILD -+ - dnl AC_PROG_SED is only avaliable in recent autoconf versions. - dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present. - ifdef([AC_PROG_SED], --- -1.8.3.1 - diff --git a/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch deleted file mode 100644 index d1a2ebe881..0000000000 --- a/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001 -From: Dengke Du -Date: Wed, 14 Dec 2016 18:13:08 +0800 -Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross - compiling - -In configure.in, it contains the following: - - APR_CHECK_SIZEOF_EXTENDED([#include ], off_t, 8) - -the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4, -it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross -compiling enable. - -So it was hardcoded for cross compiling, we should detect it dynamic based on -the sysroot's glibc. We change it to the following: - - AC_CHECK_SIZEOF(off_t) - -The same for the following hardcoded types for cross compiling: - - pid_t 8 - ssize_t 8 - size_t 8 - off_t 8 - -Change the above correspondingly. - -Signed-off-by: Dengke Du - -Upstream-Status: Pending - ---- - configure.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.in b/configure.in -index 27b8539..fb408d1 100644 ---- a/configure.in -+++ b/configure.in -@@ -1801,7 +1801,7 @@ else - socklen_t_value="int" - fi - --APR_CHECK_SIZEOF_EXTENDED([#include ], pid_t, 8) -+AC_CHECK_SIZEOF(pid_t) - - if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then - pid_t_fmt='#define APR_PID_T_FMT "hd"' -@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [ - APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"]) - ]) - --APR_CHECK_SIZEOF_EXTENDED([#include ], ssize_t, 8) -+AC_CHECK_SIZEOF(ssize_t) - - dnl the else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_ssize_t]) -@@ -1891,7 +1891,7 @@ fi - - ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include ], size_t, 8) -+AC_CHECK_SIZEOF(size_t) - - # else cases below should no longer occur; - AC_MSG_CHECKING([which format to use for apr_size_t]) -@@ -1909,7 +1909,7 @@ fi - - size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\"" - --APR_CHECK_SIZEOF_EXTENDED([#include ], off_t, 8) -+AC_CHECK_SIZEOF(off_t) - - if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then - # Enable LFS diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch deleted file mode 100644 index 00befdacee..0000000000 --- a/meta/recipes-support/apr/apr/CVE-2021-35940.patch +++ /dev/null @@ -1,58 +0,0 @@ - -SECURITY: CVE-2021-35940 (cve.mitre.org) - -Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though -was addressed in 1.6.x in 1.6.3 and later via r1807976. - -The fix was merged back to 1.7.x in r1891198. - -Since this was a regression in 1.7.0, a new CVE name has been assigned -to track this, CVE-2021-35940. - -Thanks to Iveta Cesalova for reporting this issue. - -https://svn.apache.org/viewvc?view=revision&revision=1891198 - -Upstream-Status: Backport -CVE: CVE-2021-35940 -Signed-off-by: Armin Kuster - - -Index: time/unix/time.c -=================================================================== ---- a/time/unix/time.c (revision 1891197) -+++ b/time/unix/time.c (revision 1891198) -@@ -142,6 +142,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) -Index: time/win32/time.c -=================================================================== ---- a/time/win32/time.c (revision 1891197) -+++ b/time/win32/time.c (revision 1891198) -@@ -54,6 +54,9 @@ - static const int dayoffset[12] = - {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; - -+ if (tm->wMonth < 1 || tm->wMonth > 12) -+ return APR_EBADDATE; -+ - /* Note; the caller is responsible for filling in detailed tm_usec, - * tm_gmtoff and tm_isdst data when applicable. - */ -@@ -228,6 +231,9 @@ - static const int dayoffset[12] = - {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; - -+ if (xt->tm_mon < 0 || xt->tm_mon >= 12) -+ return APR_EBADDATE; -+ - /* shift new year to 1st March in order to make leap year calc easy */ - - if (xt->tm_mon < 2) diff --git a/meta/recipes-support/apr/apr/autoconf270.patch b/meta/recipes-support/apr/apr/autoconf270.patch deleted file mode 100644 index 9f7b5c624c..0000000000 --- a/meta/recipes-support/apr/apr/autoconf270.patch +++ /dev/null @@ -1,22 +0,0 @@ -With autoconf 2.70 confdefs.h is already included. Including it twice generates -compiler warnings and since this macros is to error on warnings, it breaks. - -Fix by not including the file. - -Upstream-Status: Pending -RP - 2021/1/28 - -Index: apr-1.7.0/build/apr_common.m4 -=================================================================== ---- apr-1.7.0.orig/build/apr_common.m4 -+++ apr-1.7.0/build/apr_common.m4 -@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], - fi - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE( -- [#include "confdefs.h" -- ] -+ [] - [[$1]] - [int main(int argc, const char *const *argv) {] - [[$2]] diff --git a/meta/recipes-support/apr/apr/libtoolize_check.patch b/meta/recipes-support/apr/apr/libtoolize_check.patch index 740792e6b0..80ce43caa4 100644 --- a/meta/recipes-support/apr/apr/libtoolize_check.patch +++ b/meta/recipes-support/apr/apr/libtoolize_check.patch @@ -1,6 +1,7 @@ +From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001 From: Helmut Grohne -Subject: check for libtoolize rather than libtool -Last-Update: 2014-09-19 +Date: Tue, 7 Feb 2023 07:04:00 +0000 +Subject: [PATCH] check for libtoolize rather than libtool libtool is now in package libtool-bin, but apr only needs libtoolize. @@ -8,14 +9,22 @@ Upstream-Status: Pending [ from debian: https://sources.debian.org/data/main/a/a Signed-off-by: Robert Yang ---- apr.orig/build/buildcheck.sh -+++ apr/build/buildcheck.sh -@@ -39,11 +39,11 @@ fi +--- + build/buildcheck.sh | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/build/buildcheck.sh b/build/buildcheck.sh +index 44921b5..08bc8a8 100755 +--- a/build/buildcheck.sh ++++ b/build/buildcheck.sh +@@ -39,13 +39,11 @@ fi # ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a # output is multiline from 1.5 onwards -# Require libtool 1.4 or newer --libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-if test -z "$libtool"; then +- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` +-fi -lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'` +# Require libtoolize 1.4 or newer +libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14` diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.2.bb similarity index 91% rename from meta/recipes-support/apr/apr_1.7.0.bb rename to meta/recipes-support/apr/apr_1.7.2.bb index 5e62e5683f..807dce21da 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.2.bb @@ -16,21 +16,15 @@ BBCLASSEXTEND = "native nativesdk" SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://run-ptest \ file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \ - file://0003-Makefile.in-configure.in-support-cross-compiling.patch \ file://0004-Fix-packet-discards-HTTP-redirect.patch \ file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \ - file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ - file://autoconf270.patch \ - file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ - file://CVE-2021-35940.patch \ " -SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea" +SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e" inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script From patchwork Tue Mar 7 22:47:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20558 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE3B9C74A44 for ; Tue, 7 Mar 2023 22:48:55 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.8641.1678229329487449345 for ; Tue, 07 Mar 2023 14:48:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=gUx9gGY7; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id a9so15790062plh.11 for ; Tue, 07 Mar 2023 14:48:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VvHYZ9q6GtjuK2oFcnJ5Vg8c/ZXLI784v9B8/Nh5kYo=; b=gUx9gGY7cDxND0WJNiX4kOKCUZO9HC1zfOV3oHeKYvxomtTYSB/kvlTlgs4q6GqM2v F2hQ+nNr380o7T6xBUmivD5tgjqhXMcSBtjV4mlOABsjWniENpPAWhIrEC0NgGN6ZRYQ eDUx4sFaPbsFOGZBH492aqU2JZE0SW5qWwOeYG/pWtD9xr5fiDKWcDQeYNhWZ2s+YiCg 6ztdV4A3dPa0DEZ29G/ygbny8fQ7s/yXQsBaD3RJ+CC5msoHcnkjwYC95ZJJFneO6giL exmfT7/DIt7BypxqQ3Xu7Oksggwf6ae6W5Abexsbd0t/ur1wQrFADS0Fe4cv4+a1uwjf Ejaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VvHYZ9q6GtjuK2oFcnJ5Vg8c/ZXLI784v9B8/Nh5kYo=; b=IQZGh6MziMdrIu/snKSuASb48r+th/7iZp1ExxmjFYQbWORcRg4ZrMrzI8Zf1TSAV2 QjjBFSUtzY6XlqwbYUf7up4Eh2NwhZD0PhHtRXhu/JAEIBYex/OOus83SV6DutGe2UGg ROC8sAfqUh3d/ZtdtlRTZ1R6L7LJyXgTlw2GnQSYssZP8WHtas2/zG038AxDdWoznEAg W4KuwYdo2bdgdYatY1vg97ffpDg77Zx3oMeYN+L+Mr4Pm9CqVog4OczUe6IsqZJgZTu1 S6ePrU77cEPhZszAV+pIZYDtyTBbTtIxNXyYN0IruOjvVGY4pgOPBKoyUk3qKHzkMBmz v1Fg== X-Gm-Message-State: AO0yUKUbeHPeDGcv9kQUw8Ys8iIeseYH1BFYHBtALM+b2c+rBIaqrN6C 3GXY6up6EbBDX+OJYn4vsW7510k6PGpR1Z0eWPM= X-Google-Smtp-Source: AK7set8ww9VvHNeEpcCOZ91ulysiyqzw6Y34K2Dj0InjddAb3vxvJH8gixhqDHkc/v/Oqs06Z7n3BA== X-Received: by 2002:a05:6a20:748b:b0:cd:83b1:4236 with SMTP id p11-20020a056a20748b00b000cd83b14236mr14726770pzd.36.1678229328532; Tue, 07 Mar 2023 14:48:48 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:48 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 17/23] apr-util: Fix CFLAGS used in build Date: Tue, 7 Mar 2023 12:47:51 -1000 Message-Id: <92fb7261a1c7ebe6330832a9a71d1bed82c85a6a.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178139 From: Richard Purdie We need to use CFLAGS with the correct WORKDIR in them, replace those in the sysroot file with the ones appropriate to the current recipe. Signed-off-by: Richard Purdie (cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/reproducible.py | 1 - meta/recipes-support/apr/apr-util_1.6.1.bb | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py index 4b606e7e64..adaabee47b 100644 --- a/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/meta/lib/oeqa/selftest/cases/reproducible.py @@ -39,7 +39,6 @@ exclude_packages = [ 'gstreamer1.0-python', 'hwlatdetect', 'kernel-devsrc', - 'libaprutil', 'libcap-ng', 'libjson', 'libproxy', diff --git a/meta/recipes-support/apr/apr-util_1.6.1.bb b/meta/recipes-support/apr/apr-util_1.6.1.bb index f7d827a1d8..4e183ca374 100644 --- a/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/meta/recipes-support/apr/apr-util_1.6.1.bb @@ -35,6 +35,7 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'" do_configure_append() { if [ "${CLASSOVERRIDE}" = "class-target" ]; then cp ${STAGING_DATADIR}/apr/apr_rules.mk ${B}/build/rules.mk + sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${B}/build/rules.mk fi } do_configure_prepend_class-native() { @@ -49,6 +50,7 @@ do_configure_append_class-native() { do_configure_prepend_class-nativesdk() { cp ${STAGING_DATADIR}/apr/apr_rules.mk ${S}/build/rules.mk + sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${S}/build/rules.mk } do_configure_append_class-nativesdk() { From patchwork Tue Mar 7 22:47:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE6E8C74A5B for ; Tue, 7 Mar 2023 22:48:55 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.8621.1678229309831789921 for ; Tue, 07 Mar 2023 14:48:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=HNsQEMI6; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id ay18so9116631pfb.2 for ; Tue, 07 Mar 2023 14:48:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229330; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GhzP1xUMgOEnGdRH3wHS2uDobWwS6N3Ob1eNaCjNn/A=; b=HNsQEMI6iyCdQ3dp8QPopktSoUJGFXqX0zhK2POc9ntBey6zJt0p98jfjkx9pk9bJF iWip7a91aX7IppOiq5flLk9g7+wXpJfBloBGf5WRQVKVvSR/6iGAcI+rJ0mgSCZep0no Ynl1TyXi14y3FuyEH734XaXTn1rVQ16t/L0BCyqG3BCMJR8qwL08WAaQgYRvoF1ayts+ BxbDhiyNBieFA5FRvs3ee5hNPWrjWiyGWfdoSU8CQBuJW292IJCc/OekHiWUi+tsXot7 LusXaCVC5oTMUrAwMxLuqeLctdfo5MGGFoMuDQvVihd3k66uP7VjBs90/eKluS70wxwo EWsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229330; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GhzP1xUMgOEnGdRH3wHS2uDobWwS6N3Ob1eNaCjNn/A=; b=kA9pHVSclSu0d3SM4aJjKvoS33l/Xu6w6g1blkDClVxbqlFxNxax62Xp3gjoZJWwMb ebwiptsW9ZAOJpT4s8PcLBzHy28J93zTelJ+ERCf2Xh39munf4enAJDX8E4OcnKo9lA+ YW0Ua2XOHfgZtI10ldyj/vrlJqXh4AZ94+11bLCEk0mZhyYl8FlU/u91WT3EZCud6jcC DFk6ZtWH6353/7qR/xc5e2ATNDQgmaS6Ek/u2zmBT1JvUmUCzlkvOsvjN9M4gghMZtqO 1xUyGvBH/A+vzBPwGs8ywrTEdU15vgcJkyTzKcbHxCAGK382Xm6How8eBtiH2p7FM4Qg aedw== X-Gm-Message-State: AO0yUKW6QoLKMJ139qn7CN45MJ1x8WWTawM4ieEutsL+nlnTDuPiTaWM AYmsu4fZfQlIKbgr6W/NGKBL7ZhqNCsTlr0dJ1s= X-Google-Smtp-Source: AK7set/O/9sxW0qX/spaiK0ySY52hXzEKyP26bxMBjFfZAv9HHTTG/IyWrJUldo659wLojQ6a5NvLA== X-Received: by 2002:aa7:9405:0:b0:5aa:4df7:7ef6 with SMTP id x5-20020aa79405000000b005aa4df77ef6mr15204898pfo.7.1678229330367; Tue, 07 Mar 2023 14:48:50 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 18/23] apr-util: update 1.6.1 -> 1.6.3 Date: Tue, 7 Mar 2023 12:47:52 -1000 Message-Id: <9eb027bebb19bfb0fb136169e865ca269890fa6f.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178140 From: Alexander Kanavin Changes with APR-util 1.6.3 *) Correct a packaging issue in 1.6.2. The contents of the release were correct, but the top level directory was misnamed. Changes with APR-util 1.6.2 *) SECURITY: CVE-2022-25147 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. *) Teach configure how to find and build against MariaDB 10.2. PR 61517 [Kris Karas ] *) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that prevented commoncrypto being enabled. [Graham Leggett] *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] *) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work. apr_dbm_gdbm will now also return error codes starting with APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always returning APR_EGENERAL. [Stefan Fritsch] Drop backport. Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125) Signed-off-by: Steve Sakoman (cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8) Signed-off-by: Steve Sakoman (cherry picked from commit e24b38a14b3520648ec418783fb74fcf61df7ff2) Signed-off-by: Steve Sakoman --- .../0001-Fix-error-handling-in-gdbm.patch | 135 ------------------ .../{apr-util_1.6.1.bb => apr-util_1.6.3.bb} | 6 +- 2 files changed, 2 insertions(+), 139 deletions(-) delete mode 100644 meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch rename meta/recipes-support/apr/{apr-util_1.6.1.bb => apr-util_1.6.3.bb} (94%) diff --git a/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch deleted file mode 100644 index 57e7453312..0000000000 --- a/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001 -From: Changqing Li -Date: Wed, 12 Sep 2018 17:16:36 +0800 -Subject: [PATCH] Fix error handling in gdbm - -Only check for gdbm_errno if the return value of the called gdbm_* -function says so. This fixes apr-util with gdbm 1.14, which does not -seem to always reset gdbm_errno. - -Also make the gdbm driver return error codes starting with -APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is -what the berkleydb driver already does. - -Also ensure that dsize is 0 if dptr == NULL. - -Upstream-Status: Backport[https://svn.apache.org/viewvc? -view=revision&revision=1825311] - -Signed-off-by: Changqing Li ---- - dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------ - 1 file changed, 29 insertions(+), 18 deletions(-) - -diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c -index 749447a..1c86327 100644 ---- a/dbm/apr_dbm_gdbm.c -+++ b/dbm/apr_dbm_gdbm.c -@@ -36,13 +36,25 @@ - static apr_status_t g2s(int gerr) - { - if (gerr == -1) { -- /* ### need to fix this */ -- return APR_EGENERAL; -+ if (gdbm_errno == GDBM_NO_ERROR) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; - } - - return APR_SUCCESS; - } - -+static apr_status_t gdat2s(datum d) -+{ -+ if (d.dptr == NULL) { -+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND) -+ return APR_SUCCESS; -+ return APR_OS_START_USEERR + gdbm_errno; -+ } -+ -+ return APR_SUCCESS; -+} -+ - static apr_status_t datum_cleanup(void *dptr) - { - if (dptr) -@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr) - - static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said) - { -- apr_status_t rv = APR_SUCCESS; - -- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */ -+ dbm->errcode = dbm_said; - -- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) { -+ if (dbm_said == APR_SUCCESS) - dbm->errmsg = NULL; -- } -- else { -- dbm->errmsg = gdbm_strerror(gdbm_errno); -- rv = APR_EGENERAL; /* ### need something better */ -- } -- -- /* captured it. clear it now. */ -- gdbm_errno = GDBM_NO_ERROR; -+ else -+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR); - -- return rv; -+ return dbm_said; - } - - /* -------------------------------------------------------------------------- -@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname, - NULL); - - if (file == NULL) -- return APR_EGENERAL; /* ### need a better error */ -+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */ - - /* we have an open database... return it */ - *pdb = apr_pcalloc(pool, sizeof(**pdb)); -@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key, - if (pvalue->dptr) - apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pvalue->dsize = 0; - - /* store the error info into DBM, and return a status code. Also, note - that *pvalue should have been cleared on error. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key, -@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) -@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey) - if (pkey->dptr) - apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup, - apr_pool_cleanup_null); -+ else -+ pkey->dsize = 0; - - /* store any error info into DBM, and return a status code. */ -- return set_error(dbm, APR_SUCCESS); -+ return set_error(dbm, gdat2s(rd)); - } - - static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data) --- -2.7.4 - diff --git a/meta/recipes-support/apr/apr-util_1.6.1.bb b/meta/recipes-support/apr/apr-util_1.6.3.bb similarity index 94% rename from meta/recipes-support/apr/apr-util_1.6.1.bb rename to meta/recipes-support/apr/apr-util_1.6.3.bb index 4e183ca374..3d9d619c7b 100644 --- a/meta/recipes-support/apr/apr-util_1.6.1.bb +++ b/meta/recipes-support/apr/apr-util_1.6.3.bb @@ -13,11 +13,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \ file://configfix.patch \ file://configure_fixes.patch \ file://run-ptest \ - file://0001-Fix-error-handling-in-gdbm.patch \ -" + " -SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f" -SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459" +SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983" EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ --without-odbc \ From patchwork Tue Mar 7 22:47:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04EB1C74A4B for ; Tue, 7 Mar 2023 22:48:56 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web11.8700.1678229316859405297 for ; Tue, 07 Mar 2023 14:48:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=NIz7joKU; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id y19so8566903pgk.5 for ; Tue, 07 Mar 2023 14:48:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229332; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LTj8zWma5mXrgfVow+CDMRxnPTfqmfBWH7rdKjdL2LI=; b=NIz7joKUhIx4OEKAm2Y+uDsy6oR6PM3VmpVmLxsSp85e2PbDSlRASqEFhuin/1ujQJ 3wD3G0UJYf262gP0s0/L2D5eJGpCZTId+VXfYWLWnnjVsZkipKPTGdqS9Gq1Hv8mRN8Z taSqW94dPzZxksywfT/XRisQ/Cl3Y+u68yERkukW1L21h1woLxcT3LOqEGpV/cSd8RgU JaaewCrFuWu0e5zfxTEDTk665je31+GMh0czNwk8yXlePSnxAAsqB8ZWm34bdVdkzkRQ k+GD+BQ+IQfvVGIVEFj4yetOfQ37gP+QWu/J6tRhBMESPv9r1XUeqvdLromVfo9NaZpt LPGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229332; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LTj8zWma5mXrgfVow+CDMRxnPTfqmfBWH7rdKjdL2LI=; b=0ziSN+n1I2J09Bkq2CT1G0bFZNMu5cv5YbI0jkKEqiEHdF9tEG9mqGNMOt5kRcu2SM ubFYaljcpm2HClo2ksTFTdaP7gkEDGnX0sCzM+cxr5AZMAIv5OrMdG+3DuC2ngsN7oPl 7KmCspb8UfyhxeP/J+fT3OPU9Pu9y/Ffe77ngXFE/XXpU5tnLc8rrJoKEjQT2/Am/rq1 AHX568x3Nv9PWWGgq5tXVOwDsNz9Eeo44hmqNQdqO5vHJP1M3CFfxzrZSuJBjww6uyVt ny0gEeb9F5EYe2iLKgnKrvOipSELHRKFSt1b4BF+PAxfqQBLozOYF7vji033AIJiH3Sm OyFw== X-Gm-Message-State: AO0yUKWWmCrHqLKs9aoa/9aYpcDn/AcWs6sKxK+CWrWo2kv5kbKpprro hDDa3cADVNrHc3soIf2v1CCUXOcMpv8Gcq9dql0= X-Google-Smtp-Source: AK7set+dk9K9wFWPC8QpHl2og2kgz0facfqyYrEKVwr75Ryu/prlQjQDDV5ivKZDF39I7j+OtNml1g== X-Received: by 2002:aa7:9e44:0:b0:5d9:27a5:60bf with SMTP id z4-20020aa79e44000000b005d927a560bfmr13602078pfq.28.1678229332118; Tue, 07 Mar 2023 14:48:52 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 19/23] openssl: upgrade 1.1.1s to 1.1.1t Date: Tue, 7 Mar 2023 12:47:53 -1000 Message-Id: <22de5ecae3ebb04a4bab05010c04b205c52ee888.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178141 From: Hugo SIMELIERE Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] * Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215) * Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450) * Fixed Timing Oracle in RSA Decryption (CVE-2022-4304) Signed-off-by: Hugo SIMELIERE Signed-off-by: Steve Sakoman --- .../openssl/{openssl_1.1.1s.bb => openssl_1.1.1t.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/openssl/{openssl_1.1.1s.bb => openssl_1.1.1t.bb} (98%) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1s.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1t.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_1.1.1s.bb rename to meta/recipes-connectivity/openssl/openssl_1.1.1t.bb index 6c8f285996..a1956ad8c2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1s.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1t.bb @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa" +SRC_URI[sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" From patchwork Tue Mar 7 22:47:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20560 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E136EC678D5 for ; Tue, 7 Mar 2023 22:48:55 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.8617.1678229299776983764 for ; Tue, 07 Mar 2023 14:48:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=vpkCSKLd; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id y10so9089782pfi.8 for ; Tue, 07 Mar 2023 14:48:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229334; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pfBPE8YuWr4rqVgNiMq6+BVek+6vBM0UelkUp5HypZU=; b=vpkCSKLdJbxj35XfWwkEsJU20MIegt7Xm7tIAonbz6xBCjuoTNWbVojSQpdjx8t8qx pihJi8UHAb8MWgr/XCxMq1Fahqxfp0yel9X5QNk9izOMOU86U+mnOf4AhikWnR7mfeq6 oCwDpARP8Fdax9uueEYf1ajy7KTsN31DlZVU3MXz0+r4r9zlAPDjyUQTDzfEVT2J9l95 XM3Z/Y02EIg1MrGm1cGmLJZMStJAtrMIQU0Xd0MwRhlRkm88mSL8JKIGk8rz0vcU0As3 AAo5M08FkHapWnFQh08Urkm3cgKECe5wVRMFfHH2x6sBOjuo4N80NWOuhLdUyoVxhpy0 4T+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229334; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pfBPE8YuWr4rqVgNiMq6+BVek+6vBM0UelkUp5HypZU=; b=PYs11pB9sdNLe3ltQyy9ECH0oKrVq1NQH5aWfpKfMqBVEhc7uaW8LPClBGOhMTPYiw ovL+xHwOApXVrKvASG8KIJtCGE/Wu5WNiXumJ3WuGIx3ECMUk8aYpGOqYufYc7EWi28u Q5zyfgfD/f5Ba5LVbxozLOxwEJkeAUYcUdJJlMWvefbIbnjXSpbUCDp+aKZERYPu8z88 jS8oq7AR086e5m0iYZPvmHivHScHlhcJlz8bfhcs5kW+gUB+VqLNR0fb0XsMl/VgVt27 xjmahfYRCaKGla/BafJ2vblJK1eZVguzzXnwJb/FoIklqPLR+CbrTwcp4iX5WfiwXn5y Q6Gg== X-Gm-Message-State: AO0yUKUFLwKftte3KwIcufa+5r92Mw3uVTNIvE0ELoJ6l55yryuiCY9N jzIWDyFeuweam4z2eeD+XYacbM/QbKB5XaYXL6E= X-Google-Smtp-Source: AK7set9DJVxt9tu83Q6wQevwTs9yXgtpcmX+o/C/TpCAVxhxF/Y3Mq+E3Hjbj9OqUUyV08Ueuw/CGQ== X-Received: by 2002:a62:1dd4:0:b0:5aa:6125:dbf4 with SMTP id d203-20020a621dd4000000b005aa6125dbf4mr17150534pfd.11.1678229333828; Tue, 07 Mar 2023 14:48:53 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:53 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 20/23] gcc: Fix inconsistent noexcept specifier for valarray in libstdc++ Date: Tue, 7 Mar 2023 12:47:54 -1000 Message-Id: <9779b66162a014f26594bdde43afdc4332617240.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:48:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178142 From: Virendra Thakur Backport of gcc upstream commit 2b2d97fc545635a0f6aa9c9ee3b017394bc494bf to gcc release 9.5.0. This fix is available to all release-branches except releases/gcc-9 because upstream do not support gcc-9 now. Signed-off-by: Virendra Thakur Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-9.5.inc | 1 + ...nsistent-noexcept-specific-for-valar.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.5.inc b/meta/recipes-devtools/gcc/gcc-9.5.inc index 6a0a892b10..ec28246bf3 100644 --- a/meta/recipes-devtools/gcc/gcc-9.5.inc +++ b/meta/recipes-devtools/gcc/gcc-9.5.inc @@ -69,6 +69,7 @@ SRC_URI = "\ file://0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch \ file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \ file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \ + file://0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch \ " S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}" SRC_URI[sha256sum] = "27769f64ef1d4cd5e2be8682c0c93f9887983e6cfd1a927ce5a0a2915a95cf8f" diff --git a/meta/recipes-devtools/gcc/gcc-9.5/0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch b/meta/recipes-devtools/gcc/gcc-9.5/0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch new file mode 100644 index 0000000000..506064bfc2 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-9.5/0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch @@ -0,0 +1,44 @@ +From 60d966708d7cf105dccf128d2b7a38b0b2580a1a Mon Sep 17 00:00:00 2001 +From: Jonathan Wakely +Date: Fri, 5 Nov 2021 21:42:20 +0000 +Subject: [PATCH] libstdc++: Fix inconsistent noexcept-specific for valarray + begin/end + +These declarations should be noexcept after I added it to the +definitions in . + +libstdc++-v3/ChangeLog: + + * include/bits/range_access.h (begin(valarray), end(valarray)): + Add noexcept. + +(cherry picked from commit 2b2d97fc545635a0f6aa9c9ee3b017394bc494bf) + +Upstream-Status: Backport [https://github.com/hkaelber/gcc/commit/2b2d97fc545635a0f6aa9c9ee3b017394bc494bf] +Signed-off-by: Virendra Thakur + +--- + libstdc++-v3/include/bits/range_access.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libstdc++-v3/include/bits/range_access.h b/libstdc++-v3/include/bits/range_access.h +index 3d99ea92027..4736e75fda1 100644 +--- a/libstdc++-v3/include/bits/range_access.h ++++ b/libstdc++-v3/include/bits/range_access.h +@@ -101,10 +101,10 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION + + template class valarray; + // These overloads must be declared for cbegin and cend to use them. +- template _Tp* begin(valarray<_Tp>&); +- template const _Tp* begin(const valarray<_Tp>&); +- template _Tp* end(valarray<_Tp>&); +- template const _Tp* end(const valarray<_Tp>&); ++ template _Tp* begin(valarray<_Tp>&) noexcept; ++ template const _Tp* begin(const valarray<_Tp>&) noexcept; ++ template _Tp* end(valarray<_Tp>&) noexcept; ++ template const _Tp* end(const valarray<_Tp>&) noexcept; + + /** + * @brief Return an iterator pointing to the first element of +-- +2.25.1 \ No newline at end of file From patchwork Tue Mar 7 22:47:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20564 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3FCFC6FD1E for ; Tue, 7 Mar 2023 22:49:05 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.web10.8648.1678229336431046166 for ; Tue, 07 Mar 2023 14:48:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=FAJJn1UC; spf=softfail (domain: sakoman.com, ip: 209.85.216.42, mailfrom: steve@sakoman.com) Received: by mail-pj1-f42.google.com with SMTP id y2so14784376pjg.3 for ; Tue, 07 Mar 2023 14:48:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=diMIx4q9yIWjmOVdIJU4BmXcUxLF0fzLFgvNjCl+Pak=; b=FAJJn1UCHDvkyr61UQUfLTO+FH93kzaiYS6xTD+Q1hxgZ4pgRIHjaUbV4KxQRJTbV9 NtHIde+RxbyIImbx5slIPxrPrTWpvp5PcqcqhvCS6nlWtYj/kSHLsjC34g7EAX4Pwt3B 9Bm4LGtHX21/OoDj5yMf4C6ypqpC0Gut7Fh7x+JAEm7U7MZNeofT0VN5PGG6g/C2Fv7X aWPb06yi3ptHc4fH/USTQmXoQmoLrgBJ2PHMobtXdwCntMeoEYRWxIeDzwRxTx53foof Yg1yBvLc4SQVq0JGw2K8DQC0tfHRfZ7aOBnb0CvLU6Bx3PozEKSMn0MDF2Qgrfm2Ztfk OKqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=diMIx4q9yIWjmOVdIJU4BmXcUxLF0fzLFgvNjCl+Pak=; b=owIjfBS1Fa1eJZDuspFlg0oivnwg/RUQxNVVbMrYArI26n4VwhcuFeAlO8vS4quDH3 gC+oo4Sw2Y1Rg6dvgods2rGHZsQgMqrVTOiNR+HzwFhsAMKoyt/Bh+EdmUFwNdyQC87G 07x3u6ZUEqHX1atpuzh1FLiWlgTErjMOG0YwpQu7Tm7e+iTWurGcAgD7/HvTXpecR96v /9QAzEulxx26PkY5WDwr+vLrQAbupg8b+lMqSsA6kraENRPVNu42DMlkYgMvBBF2MTXz HMcWgMaKRdwSOkb+GI54dasqFypXD6ixFyHq77OIgrmXZy34MPgpF9+r7KQi+qL9sJBi bCpQ== X-Gm-Message-State: AO0yUKX43+U0gUCyepAh1i6xB8HD/QDqLjam6pjLUt4QqGH/AI52ZFdK Y2FnqtrUyrpiD7eExbzUVBsL/kwRtr7AS2KNA7Q= X-Google-Smtp-Source: AK7set/yWTo35LCDZlv8vSHhnF7emRhSpvdnHvrl09neYefpgHqR6BJPnd9H6ujHaDwqll4uAT7Oug== X-Received: by 2002:a05:6a20:144b:b0:bc:c663:41bd with SMTP id a11-20020a056a20144b00b000bcc66341bdmr18649571pzi.4.1678229335514; Tue, 07 Mar 2023 14:48:55 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:55 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 21/23] kernel-yocto: fix kernel-meta data detection Date: Tue, 7 Mar 2023 12:47:55 -1000 Message-Id: <4533e8363549f87a0484d7c0a43a162c918f33bc.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:49:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178143 From: Ulrich Ölmann Fixes: 7ef7af5c03ba ("kernel-yocto: restore kernel-meta data detection for SRC_URI elements") Signed-off-by: Ulrich Ölmann Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c77754f23e3fb49a62602a6c6a04d5525d1cf457) Signed-off-by: Steve Sakoman --- meta/classes/kernel-yocto.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass index 2a6231803b..2abbc2ff66 100644 --- a/meta/classes/kernel-yocto.bbclass +++ b/meta/classes/kernel-yocto.bbclass @@ -194,7 +194,7 @@ do_kernel_metadata() { # SRC_URI. If they were supplied, we convert them into include directives # for the update part of the process for f in ${feat_dirs}; do - if [ -d "${WORKDIR}/$f/meta" ]; then + if [ -d "${WORKDIR}/$f/kernel-meta" ]; then includes="$includes -I${WORKDIR}/$f/kernel-meta" elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then includes="$includes -I${WORKDIR}/../oe-local-files/$f" From patchwork Tue Mar 7 22:47:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20565 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F411FC742A7 for ; Tue, 7 Mar 2023 22:49:05 +0000 (UTC) Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web10.8649.1678229338482556140 for ; Tue, 07 Mar 2023 14:48:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=FCV+9lLD; spf=softfail (domain: sakoman.com, ip: 209.85.216.47, mailfrom: steve@sakoman.com) Received: by mail-pj1-f47.google.com with SMTP id x34so14833735pjj.0 for ; Tue, 07 Mar 2023 14:48:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229337; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=J9JbCtqZmwTjDmmV3CXF3p0QEBMyeH8WTNR79vhT+bY=; b=FCV+9lLDIw0yukNAvARQ+9GD2efGdqr0oMaQuAd8/wSWn6hgPab+w7m94mksiztqE8 pCxa+dmT+Fav8Ask1wNjt9t8hZYkCFXQe0DgXjg0A3knNlxG+BFa2rzRM8+8CiZeunKX KBeEnbPcfr32+yIXVxHUEHHqyptPAIDEESn/gurF7m8xhMJK57MJV26v3hYTdIV6dA5Z OptS/nOQ9eqzQ0w89OrLDYUGjUE6onwWKDR0I8CaH5lCNyFUg/Fe63K8a7wsojz8Clm7 Ebm8hLgVZc5glbOXYtlqF5bCRcNUcBYBcSVIo70J2i0T3vmvZhgwRDuaCRFxWA8oc3bN 11ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229337; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J9JbCtqZmwTjDmmV3CXF3p0QEBMyeH8WTNR79vhT+bY=; b=DUrs2s8TIdcw1ZkM6veGlehr4S8TrNynE/ELY9UCt0AkVkA1Z7IBP4e7mjtjPcKkJK vy/HEIESDzFHO9AmL2eeNneQJIIZ7j06GdrDoePcyB39mogbOT/e0740D4zcgGdu5m+w Y18vxSne/YwbnNFCkbj5/GNRCUvYCx21DnLC5EUHGy7Yc2h+0QxeQYovNsbMFxdT7t8b 23HZG6jV0t+4bbsNw/3P3QDMLkP0T9O7hjXnsLLgwp1DgjO2OSOpZ4MB7L4ge19z4RxB 19xX4QSdM1qWyLzKFdNovO8T6Y4TiIpZXMGHoj+Wt9JDFZa0D1Y71WWw205blEkinqRG 7ivQ== X-Gm-Message-State: AO0yUKVpFB4uzR0cEKY/umZaKHvxl14NeCsy3VcYmlobSNGgtxnDrwrB QSIQxgq/AsacFa0PaTxhrfb7TTzC1DWDs2LxoC8= X-Google-Smtp-Source: AK7set/0d7qxrgJEyNS8FDclwjWPvWqWt8QIRe95Rhg+cCa0XGF9p4v6OIV/hu3UGiGJpzLdVZORdA== X-Received: by 2002:a05:6a20:bc98:b0:d0:76e3:16e5 with SMTP id fx24-20020a056a20bc9800b000d076e316e5mr1366330pzb.2.1678229337487; Tue, 07 Mar 2023 14:48:57 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:57 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 22/23] image.bbclass: print all QA functions exceptions Date: Tue, 7 Mar 2023 12:47:56 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:49:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178144 From: Mauro Queiros For the QA checks in `image.bbclass`, all exceptions other than `oe.utils.ImageQAFailed` always print the following generic message: "Image QA function func_name failed" This can be very misleading, as it may hide python syntax errors and other kind of issues that are hard to detect without more explicit error messages. This change makes sure that the error message of all exceptions are displayed. Before this change: "Image QA function func_name failed" After this change: "Image QA function func_name failed: f-string: empty expression not allowed (, line 13)" Signed-off-by: Mauro Queiros Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 3d85b30d8704d38b86f5b006748cebc74bd2a4fa) Signed-off-by: Steve Sakoman --- meta/classes/image.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index a241543ff2..fbf7206d04 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -311,7 +311,7 @@ fakeroot python do_image_qa () { except oe.utils.ImageQAFailed as e: qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description) except Exception as e: - qamsg = qamsg + '\tImage QA function %s failed\n' % cmd + qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e) if qamsg: imgname = d.getVar('IMAGE_NAME') From patchwork Tue Mar 7 22:47:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 20563 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EED1EC6FA99 for ; Tue, 7 Mar 2023 22:49:05 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web11.8713.1678229340136585423 for ; Tue, 07 Mar 2023 14:49:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=07Og1NQ/; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id s17so8574380pgv.4 for ; Tue, 07 Mar 2023 14:49:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; t=1678229339; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/mTkJNhyoS6XT8aTqjMXoFS52gzoAAunZL3zbh3PPVI=; b=07Og1NQ/a5SorCSeC6b+4bVvMwo/Y4DvzpyGyTou0vMOS4ZX1klr4zNtSJ8Ko5/fTH E/K66uNmh08lsgGQ1amAd/Q+rQDOIYiEvCEIFnDW0PTSH4KeKCsFz/N0J9OcSa99sAGR FGI1YmvA8CucMkcRUBJeXBjFORcXunLxmgJ0i2/lKbG+csNu0JB4eRBeEqd4xn7XU4oo K2SVth3tVDQe9dHu0Fps1/CdQqacR/d03tzCtb2buBdU81FKYtND4miXEb5sGsLRaRVP yib+VaAKqBvpBR0/4Kn8iigZOAz6/UAmCZLGsSjGDS8TLzVhvOXD7uUhjZ/Ar9o0vHax y59A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678229339; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/mTkJNhyoS6XT8aTqjMXoFS52gzoAAunZL3zbh3PPVI=; b=DbS0THNUHkFaoqGTjuEoI1FHQMGA1HU4TsXAutxGNRxDp7/XGl0tLcwJOh/fzmKG5j hJmgF0LWhx2N7hNl6JJwT3rHnfVs8FH07OOlnpehFq+a3N8OsbUPH8TQXiDc40xHZAjZ zZOo9eYc628R14wOgzxIZVRVj3J775J/gKQaEpXj8eGZ0Iw12xKTPEhSB4wNfmntsB6X pP8XaVCKLF2l7B+BtT7+hIYqSaDYasT/kDTjOf4Qz4PBnq/bxDadXku9zNIA6q0xS6r1 x7TVDTpJoiJIqyEku3H4TC1BuhPPgKQJJBKaTW/wwQsKT9NUT0o92esWwXAymXtGZdOM r/og== X-Gm-Message-State: AO0yUKVWqI+opV4vdAjocSTaqfYtYsxeqJgqVDPwNmZ0F0XBrkoCd72s YkeddZRwVKP69NBRbYQ2hTdt3MwEii91DuvD4hM= X-Google-Smtp-Source: AK7set9fcq+RO+ID+sNROCfwM6BHZkspstAcR4+VdbDr+ilzwxy+k8i96CAgSVPZ1k74ENq06/uZ7g== X-Received: by 2002:aa7:9537:0:b0:5a8:abd2:2beb with SMTP id c23-20020aa79537000000b005a8abd22bebmr12931183pfp.30.1678229339200; Tue, 07 Mar 2023 14:48:59 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id k1-20020aa78201000000b005cdbd9c8825sm8388958pfi.195.2023.03.07.14.48.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 14:48:58 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 23/23] devshell: Do not add scripts/git-intercept to PATH Date: Tue, 7 Mar 2023 12:47:57 -1000 Message-Id: <51424b9955374196307aaf73cf4b6c184ce4fb6d.1678228988.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Mar 2023 22:49:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/178145 From: Peter Kjellerstedt The use of scripts/git-intercept was introduced in commit 3266c327df (install/devshell: Introduce git intercept script due to fakeroot issues) and later reverted in commit af27c81eaf (scripts: Make git intercept global). Signed-off-by: Peter Kjellerstedt Signed-off-by: Luca Ceresoli (cherry picked from commit f6c260c8e2a33e282a35afc99de4ef8cc1791b08) Signed-off-by: Steve Sakoman --- meta/classes/devshell.bbclass | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta/classes/devshell.bbclass b/meta/classes/devshell.bbclass index b6212ebd89..76dd0b42ee 100644 --- a/meta/classes/devshell.bbclass +++ b/meta/classes/devshell.bbclass @@ -2,8 +2,6 @@ inherit terminal DEVSHELL = "${SHELL}" -PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:" - python do_devshell () { if d.getVarFlag("do_devshell", "manualfakeroot"): d.prependVar("DEVSHELL", "pseudo ")