From patchwork Mon Nov 22 02:20:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56458C433EF for ; Mon, 22 Nov 2021 02:20:28 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.1369.1637547626744952510 for ; Sun, 21 Nov 2021 18:20:27 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122179" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122179" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:26 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428767" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:25 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 01/16] mirrors: Add uninative mirror on kernel.org Date: Mon, 22 Nov 2021 10:20:05 +0800 Message-Id: X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158537 From: Richard Purdie At the last nas outage, we realised that we don't have good mirrors of the uninative tarball if our main system can't be accessed. kernel.org mirrors some Yocto Project data so we've ensured uninative is there. Add the appropriate mirror url to make use of that. Signed-off-by: Richard Purdie (cherry picked from commit 1833cb0c5841afafb468b963b74b63366b09a134) Signed-off-by: Anuj Mittal --- meta/classes/mirrors.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index 87bba41472..9d0ae1dce4 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -62,6 +62,7 @@ ftp://.*/.* http://sources.openembedded.org/ \n \ npm://.*/?.* http://sources.openembedded.org/ \n \ ${CPAN_MIRROR} http://cpan.metacpan.org/ \n \ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ +https?$://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \n \ " # Use MIRRORS to provide git repo fallbacks using the https protocol, for cases From patchwork Mon Nov 22 02:20:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FE4FC433EF for ; Mon, 22 Nov 2021 02:20:30 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1399.1637547629207164788 for ; Sun, 21 Nov 2021 18:20:29 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122185" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122185" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:28 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428768" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:27 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 02/16] linux-yocto/5.10: update to v5.10.77 Date: Mon, 22 Nov 2021 10:20:06 +0800 Message-Id: <0595d5cdfb0b0d72b484c174b2637baf3ffdac35.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158538 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: 09df347cfd18 Linux 5.10.77 fbb91dadb512 perf script: Check session->header.env.arch before using it 6f416815c505 riscv: Fix asan-stack clang build 7a4cf25d8329 riscv: fix misalgned trap vector base address acb8832f6a1c scsi: ufs: ufs-exynos: Correct timeout value setting registers 8ecddaca7942 KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu e11a7355fb98 KVM: s390: clear kicked_mask before sleeping again 727e5deca802 lan743x: fix endianness when accessing descriptors a7112b8eeb14 sctp: add vtag check in sctp_sf_ootb c2442f721972 sctp: add vtag check in sctp_sf_do_8_5_1_E_sa 14c1e02b11c2 sctp: add vtag check in sctp_sf_violation dad2486414b5 sctp: fix the processing for COOKIE_ECHO chunk 8c50693d25e4 sctp: fix the processing for INIT_ACK chunk ad111d4435d8 sctp: use init_tag from inithdr for ABORT chunk 4509000a2515 phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings 5b88bb9377ee phy: phy_start_aneg: Add an unlocked version 81780b624d1c phy: phy_ethtool_ksettings_set: Move after phy_start_aneg 258c5fea44cf phy: phy_ethtool_ksettings_get: Lock the phy for consistency 58722323d4bc net/tls: Fix flipped sign in async_wait.err assignment 44e8c93e1e49 net: nxp: lpc_eth.c: avoid hang when bringing interface down c2af2092c9bb net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent bfa6fbdb4e39 net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails e81bed557fe7 mlxsw: pci: Recycle received packet upon allocation failure be98be1a17e9 nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST aead02927af3 gpio: xgs-iproc: fix parsing of ngpios property 863a423ee07b RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string 2b7c5eed19d3 net: Prevent infinite while loop in skb_tx_hash() 04121b10cdf0 cfg80211: correct bridge/4addr mode check aed897e96b19 net-sysfs: initialize uid and gid before calling net_ns_get_ownership b0a2cd38553c net: batman-adv: fix error handling 36e911a16b37 regmap: Fix possible double-free in regcache_rbtree_exit() e51371bd687e reset: brcmstb-rescal: fix incorrect polarity of status bit 2cf7d935d6ba arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node 10e40fb2f508 RDMA/mlx5: Set user priority for DCT 24fd8e2f027d octeontx2-af: Display all enabled PF VF rsrc_alloc entries. c63d7f2ca99a nvme-tcp: fix possible req->offset corruption 32f3db20f126 nvme-tcp: fix data digest pointer calculation 4286c72c5321 nvmet-tcp: fix data digest pointer calculation d98883f6c33e IB/hfi1: Fix abba locking issue with sc_disable() c3e17e58f571 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields ee4908f909b3 bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch() dd2260ec643d bpf: Fix potential race in tail call compatibility check 15dec6d8f864 tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function cac6b043cea3 riscv, bpf: Fix potential NULL dereference 01599bf7cc2b cgroup: Fix memory leak caused by missing cgroup_bpf_offline eb3b6805e3e9 drm/amdgpu: fix out of bounds write c21b4002214c drm/ttm: fix memleak in ttm_transfered_destroy 69a7fa5cb0de mm, thp: bail out early in collapse_file for writeback page 8fb858b74ac5 net: lan78xx: fix division by zero in send path 4c22227e39c7 cfg80211: fix management registrations locking fa29cec42c2d cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() db1191a529e4 nvme-tcp: fix H2CData PDU send accounting (again) 5043fbd294f5 ocfs2: fix race between searching chunks and release journal_head from buffer_head 01169a43353d mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit ee3213b117ce mmc: sdhci: Map more voltage level to SDHCI_POWER_330 a95a76fc01a0 mmc: dw_mmc: exynos: fix the finding clock sample value 12a46f72f499 mmc: mediatek: Move cqhci init behind ungate clock 44c2bc2a6bbe mmc: cqhci: clear HALT state after CQE enable efe934629fff mmc: vub300: fix control-message timeouts f3dec7e7ace3 net/tls: Fix flipped sign in tls_err_abort() calls c828115a14ea Revert "net: mdiobus: Fix memory leak in __mdiobus_register" 11c0406b4c33 nfc: port100: fix using -ERRNO as command type mask 0b1b3e086b0a tipc: fix size validations for the MSG_CRYPTO type 5aa5bab57957 ata: sata_mv: Fix the error handling of mv_chip_id() 9a52798dce73 pinctrl: amd: disable and mask interrupts on probe 01c2881bb0e0 Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" 017718dfbb6f usbnet: fix error return code in usbnet_probe() 693ecbe8f799 usbnet: sanity check for maxpacket b663890d8544 ext4: fix possible UAF when remounting r/o a mmp-protected file system d4d9c065988c arm64: Avoid premature usercopy failure e184a21b5ccc powerpc/bpf: Fix BPF_MOD when imm == 1 3f2c12ec8a3f io_uring: don't take uring_lock during iowq cancel 5a768b4d3e1a ARM: 9141/1: only warn about XIP address when not compile testing 15b278f94bbb ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype c06d7d9bfcf6 ARM: 9138/1: fix link warning with XIP + frame-pointer 8a6af97c31be ARM: 9134/1: remove duplicate memcpy() definition 6ad8bbc9d301 ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned 3ceaa85c331d ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit d57bc7281015d09e2ff7a8a028dbf31559ff7331) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 6975bd16ae..3ebb5e979f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "f01089784fd6234111851aad756297e0f258276c" -SRCREV_meta ?= "e1979ceb171bc91ef2cb71cfcde548a101dab687" +SRCREV_machine ?= "3a416eeb4d0bdbba2a133744a465f2c9a46e3a96" +SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.76" +LINUX_VERSION ?= "5.10.77" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 89c4329fc7..169185f685 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.76" +LINUX_VERSION ?= "5.10.77" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "4575e0b8282d99c79dac96a77c03685d66fb0a08" -SRCREV_machine ?= "da50565d028a2d87eabc7a53ee73a53f82f10f39" -SRCREV_meta ?= "e1979ceb171bc91ef2cb71cfcde548a101dab687" +SRCREV_machine_qemuarm ?= "c5c9d2c5c8ce7a84f6aebf02b3ae824a4c5f9d56" +SRCREV_machine ?= "c3e3199c6359736c373aaecc8f447eaec7cf9432" +SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 2c33a04df1..f994cfc2d4 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "da5f8508e569eb5d64a2efe5a5c4aa138c8f2738" -SRCREV_machine_qemuarm64 ?= "a473fe3ad480df6565134d42a95826e71ae77a1a" -SRCREV_machine_qemumips ?= "317762b8a9da49cd12eb51e879b6eba2b7c3a4a4" -SRCREV_machine_qemuppc ?= "8a3eb888460464e612b79ab983c99cf868f82780" -SRCREV_machine_qemuriscv64 ?= "be6faea8fdece878f8cebfda0969df78df07fbf8" -SRCREV_machine_qemuriscv32 ?= "be6faea8fdece878f8cebfda0969df78df07fbf8" -SRCREV_machine_qemux86 ?= "be6faea8fdece878f8cebfda0969df78df07fbf8" -SRCREV_machine_qemux86-64 ?= "be6faea8fdece878f8cebfda0969df78df07fbf8" -SRCREV_machine_qemumips64 ?= "efe59773d3289e7b34d99684547968849a2e6aa9" -SRCREV_machine ?= "be6faea8fdece878f8cebfda0969df78df07fbf8" -SRCREV_meta ?= "e1979ceb171bc91ef2cb71cfcde548a101dab687" +SRCREV_machine_qemuarm ?= "51e48df3dbbc2b03579e95b296bf7b2625cf456b" +SRCREV_machine_qemuarm64 ?= "c437750233de239844757e4c79bfd9e9c56e1b0d" +SRCREV_machine_qemumips ?= "f2acb9e5f819ce240b530851f9e8ed45a8f7d878" +SRCREV_machine_qemuppc ?= "b36a906729ef754c48d730f15a7f079eb4942356" +SRCREV_machine_qemuriscv64 ?= "789500dfe326ab238562529175d99d33a3db1d0c" +SRCREV_machine_qemuriscv32 ?= "789500dfe326ab238562529175d99d33a3db1d0c" +SRCREV_machine_qemux86 ?= "789500dfe326ab238562529175d99d33a3db1d0c" +SRCREV_machine_qemux86-64 ?= "789500dfe326ab238562529175d99d33a3db1d0c" +SRCREV_machine_qemumips64 ?= "1b436658828965d7f96ff5e532ff0bb6b1099cff" +SRCREV_machine ?= "789500dfe326ab238562529175d99d33a3db1d0c" +SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.76" +LINUX_VERSION ?= "5.10.77" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Nov 22 02:20:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 274 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35184C433F5 for ; Mon, 22 Nov 2021 02:20:31 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1399.1637547629207164788 for ; Sun, 21 Nov 2021 18:20:30 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122189" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122189" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:29 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428771" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:28 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 03/16] linux-yocto/5.10: update to v5.10.78 Date: Mon, 22 Nov 2021 10:20:07 +0800 Message-Id: <0ab49e39142a4a38ece75706ca0196ffda34760f.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158539 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: 5040520482a5 Linux 5.10.78 4c7c0243275b ALSA: usb-audio: Add Audient iD14 to mixer map quirk table f3eb44f496ef ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table 68765fc97762 Revert "wcn36xx: Disable bmps when encryption is disabled" f84b791d4c3b ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" bbc920fb320f Revert "drm/ttm: fix memleak in ttm_transfered_destroy" 6d67b2a73b8e mm: khugepaged: skip huge page collapse for special files 5a7957491e31 Revert "usb: core: hcd: Add support for deferring roothub registration" 50f46bd30949 Revert "xhci: Set HCD flag to defer primary roothub registration" d7fc85f61042 media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() b93a70bf2b57 net: ethernet: microchip: lan743x: Fix skb allocation failure b9c85a71e1b4 vrf: Revert "Reset skb conntrack connection..." 0382fdf9ae78 sfc: Fix reading non-legacy supported link modes 748786564a35 Revert "io_uring: reinforce cancel on flush during exit" 7b57c38d12ae scsi: core: Put LLD module refcnt after SCSI device is released Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 7a7d1eed8e3d550ac9bfa301b26095100eeba111) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 3ebb5e979f..93ebccff3d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "3a416eeb4d0bdbba2a133744a465f2c9a46e3a96" -SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" +SRCREV_machine ?= "12f6a7187b3c8abab5e139dbfdf7f58f265f4169" +SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.77" +LINUX_VERSION ?= "5.10.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 169185f685..d3402f3a25 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.77" +LINUX_VERSION ?= "5.10.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "c5c9d2c5c8ce7a84f6aebf02b3ae824a4c5f9d56" -SRCREV_machine ?= "c3e3199c6359736c373aaecc8f447eaec7cf9432" -SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" +SRCREV_machine_qemuarm ?= "cdec5045c5323846adaf2510e539843d0cfe74ae" +SRCREV_machine ?= "344c0c38f5b892312b0a1db7f613d2704dd4942f" +SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index f994cfc2d4..2652d01c26 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "51e48df3dbbc2b03579e95b296bf7b2625cf456b" -SRCREV_machine_qemuarm64 ?= "c437750233de239844757e4c79bfd9e9c56e1b0d" -SRCREV_machine_qemumips ?= "f2acb9e5f819ce240b530851f9e8ed45a8f7d878" -SRCREV_machine_qemuppc ?= "b36a906729ef754c48d730f15a7f079eb4942356" -SRCREV_machine_qemuriscv64 ?= "789500dfe326ab238562529175d99d33a3db1d0c" -SRCREV_machine_qemuriscv32 ?= "789500dfe326ab238562529175d99d33a3db1d0c" -SRCREV_machine_qemux86 ?= "789500dfe326ab238562529175d99d33a3db1d0c" -SRCREV_machine_qemux86-64 ?= "789500dfe326ab238562529175d99d33a3db1d0c" -SRCREV_machine_qemumips64 ?= "1b436658828965d7f96ff5e532ff0bb6b1099cff" -SRCREV_machine ?= "789500dfe326ab238562529175d99d33a3db1d0c" -SRCREV_meta ?= "257ed971bc7fd76ccb27f622df1ef6412f6b340d" +SRCREV_machine_qemuarm ?= "f98b917d7826304daeecf11cc52be2562a9304ff" +SRCREV_machine_qemuarm64 ?= "13ff8a3ae368724e008e3bcd77833611de7962b2" +SRCREV_machine_qemumips ?= "7b94dec2b0f5b582b97cdb3ac97fe153559869e4" +SRCREV_machine_qemuppc ?= "652531fb0cc8eb3607109bb8d878253be2d3d534" +SRCREV_machine_qemuriscv64 ?= "2daa192783edd4974da8e900c0dc93186e57a838" +SRCREV_machine_qemuriscv32 ?= "2daa192783edd4974da8e900c0dc93186e57a838" +SRCREV_machine_qemux86 ?= "2daa192783edd4974da8e900c0dc93186e57a838" +SRCREV_machine_qemux86-64 ?= "2daa192783edd4974da8e900c0dc93186e57a838" +SRCREV_machine_qemumips64 ?= "4c817df0fd06350e18693551699c33361e16a193" +SRCREV_machine ?= "2daa192783edd4974da8e900c0dc93186e57a838" +SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.77" +LINUX_VERSION ?= "5.10.78" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Nov 22 02:20:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 275 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43C35C433FE for ; Mon, 22 Nov 2021 02:20:32 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1399.1637547629207164788 for ; Sun, 21 Nov 2021 18:20:31 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122192" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122192" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:31 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428784" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:30 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 04/16] convert-srcuri.py: use regex to check space in SRC_URI Date: Mon, 22 Nov 2021 10:20:08 +0800 Message-Id: <0a25dbe3912bff88e5c8cbc50302cae3c261dfbc.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158540 From: Kai Kang There may be none, one or more spaces including tab before backslash in SRC_URI. Use regex to check and update. It helps to avoid malformed uri such as recipe open-iscsi-user in meta-openstack: SRC_URI = "git://github.com/open-iscsi/open-iscsi.git;protocol=https ;branch=master \ And help to check more recipes such as concurrent-ruby in the same layer: SRC_URI = "git://github.com/ruby-concurrency/concurrent-ruby.git;protocol=https;tag=v1.1.6\ Signed-off-by: Kai Kang Signed-off-by: Richard Purdie (cherry picked from commit a69a53573b1987ee5834a6fc27763f9bbf5fe5a4) Signed-off-by: Anuj Mittal --- scripts/contrib/convert-srcuri.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/contrib/convert-srcuri.py b/scripts/contrib/convert-srcuri.py index 5b362ea2e8..587392334f 100755 --- a/scripts/contrib/convert-srcuri.py +++ b/scripts/contrib/convert-srcuri.py @@ -35,16 +35,16 @@ def processfile(fn): if ("git://" in line or "gitsm://" in line) and "branch=" not in line and matchline(line): if line.endswith('"\n'): line = line.replace('"\n', ';branch=master"\n') - elif line.endswith(" \\\n"): - line = line.replace(' \\\n', ';branch=master \\\n') + elif re.search('\s*\\\\$', line): + line = re.sub('\s*\\\\$', ';branch=master \\\\', line) modified = True if ("git://" in line or "gitsm://" in line) and "github.com" in line and "protocol=https" not in line and matchline(line): if "protocol=git" in line: line = line.replace('protocol=git', 'protocol=https') elif line.endswith('"\n'): line = line.replace('"\n', ';protocol=https"\n') - elif line.endswith(" \\\n"): - line = line.replace(' \\\n', ';protocol=https \\\n') + elif re.search('\s*\\\\$', line): + line = re.sub('\s*\\\\$', ';protocol=https \\\\', line) modified = True new_file.write(line) if modified: From patchwork Mon Nov 22 02:20:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 276 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BADDC433EF for ; Mon, 22 Nov 2021 02:20:34 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1399.1637547629207164788 for ; Sun, 21 Nov 2021 18:20:33 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122197" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122197" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:33 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428793" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:31 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 05/16] scripts/oe-package-browser: Handle no packages being built Date: Mon, 22 Nov 2021 10:20:09 +0800 Message-Id: <75449f8690bd6d1b40776a208b667cc9691bcb6e.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158541 From: Richard Purdie Give the user a proper error message if there aren't packages built, rather than a less friendly traceback. [YOCTO #14619] Signed-off-by: Richard Purdie (cherry picked from commit b14c176b7dd74b7d63ca0f72e6e00fbf209f5a0b) Signed-off-by: Anuj Mittal --- scripts/oe-pkgdata-browser | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/oe-pkgdata-browser b/scripts/oe-pkgdata-browser index 8d223185a4..65a6ee956e 100755 --- a/scripts/oe-pkgdata-browser +++ b/scripts/oe-pkgdata-browser @@ -236,6 +236,8 @@ class PkgUi(): update_deps("RPROVIDES", "Provides: ", self.provides_label, clickable=False) def load_recipes(self): + if not os.path.exists(pkgdata): + sys.exit("Error: Please ensure %s exists by generating packages before using this tool." % pkgdata) for recipe in sorted(os.listdir(pkgdata)): if os.path.isfile(os.path.join(pkgdata, recipe)): self.recipe_iters[recipe] = self.recipe_store.append([recipe]) From patchwork Mon Nov 22 02:20:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 277 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A49CC433EF for ; Mon, 22 Nov 2021 02:20:36 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1399.1637547629207164788 for ; Sun, 21 Nov 2021 18:20:35 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122202" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122202" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:35 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428810" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:33 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 06/16] scripts/lib/wic/help.py: Update Fedora Kickstart URLs Date: Mon, 22 Nov 2021 10:20:10 +0800 Message-Id: X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158542 From: Jon Mason The URLs describing Kickstart are no longer valid and do not redirect to the correct location. Update them with the correct location. Signed-off-by: Jon Mason Signed-off-by: Richard Purdie (cherry picked from commit e5ac75f93c8128b0761af5fee99e8603ddd1657d) Signed-off-by: Anuj Mittal --- scripts/lib/wic/help.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/lib/wic/help.py b/scripts/lib/wic/help.py index bd3a2b97df..9c2d6991a9 100644 --- a/scripts/lib/wic/help.py +++ b/scripts/lib/wic/help.py @@ -840,8 +840,8 @@ DESCRIPTION meanings. The commands are based on the Fedora kickstart documentation but with modifications to reflect wic capabilities. - http://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition - http://fedoraproject.org/wiki/Anaconda/Kickstart#bootloader + https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#part-or-partition + https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader Commands From patchwork Mon Nov 22 02:20:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 346B3C433F5 for ; Mon, 22 Nov 2021 02:20:54 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.1409.1637547653184145617 for ; Sun, 21 Nov 2021 18:20:53 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122208" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122208" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:36 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428823" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:35 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 07/16] mirrors: Add kernel.org sources mirror for downloads.yoctoproject.org Date: Mon, 22 Nov 2021 10:20:11 +0800 Message-Id: <97b819750b985f080c0e586aba0312bc0f62cdb9.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158543 From: Richard Purdie kernel.org now has a mirror of the downloads.yoctoproject.org sources archive so include this in our mirrors list. Signed-off-by: Richard Purdie (cherry picked from commit f602b6c2046bbc52a95dcc68a754f1cbb2db6761) Signed-off-by: Anuj Mittal --- meta/classes/mirrors.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index 9d0ae1dce4..8a2c153d9b 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -63,6 +63,7 @@ npm://.*/?.* http://sources.openembedded.org/ \n \ ${CPAN_MIRROR} http://cpan.metacpan.org/ \n \ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ https?$://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \n \ +https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \ " # Use MIRRORS to provide git repo fallbacks using the https protocol, for cases From patchwork Mon Nov 22 02:20:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 278 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 352A9C433FE for ; Mon, 22 Nov 2021 02:20:54 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1405.1637547653561434812 for ; Sun, 21 Nov 2021 18:20:53 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122211" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122211" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:38 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428831" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:36 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 08/16] inetutils: fix CVE-2021-40491 Date: Mon, 22 Nov 2021 10:20:12 +0800 Message-Id: <217e5f0857e0a542c4e02bbead4e91edc6eb9ecc.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158544 From: Yi Zhao CVE-2021-40491: The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. References: https://nvd.nist.gov/vuln/detail/CVE-2021-40491 Patch from: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd (From OE-Core rev: 1b857807f1cf8fee3175f8479a0c7cb1850bd9a9) drop changes to NEWS Signed-off-by: Yi Zhao Signed-off-by: Richard Purdie Signed-off-by: Chee Yang Lee Signed-off-by: Anuj Mittal --- .../inetutils/inetutils/CVE-2021-40491.patch | 67 +++++++++++++++++++ .../inetutils/inetutils_2.0.bb | 1 + 2 files changed, 68 insertions(+) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch new file mode 100644 index 0000000000..f05c696929 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch @@ -0,0 +1,67 @@ +From 98ccabf68e5b3f0a177bd1925581753d10041448 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson +Date: Wed, 1 Sep 2021 09:09:50 +0200 +Subject: [PATCH] ftp: check that PASV/LSPV addresses match. + +* NEWS: Mention change. +* ftp/ftp.c (initconn): Validate returned addresses. + +CVE: CVE-2021-40491 + +Upstream-Status: Backport +[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd] + +Signed-off-by: Yi Zhao +--- + ftp/ftp.c | 21 +++++++++++++++++++++ + 1 files changed, 21 insertions(+) + +diff --git a/ftp/ftp.c b/ftp/ftp.c +index d21dbdd..7513539 100644 +--- a/ftp/ftp.c ++++ b/ftp/ftp.c +@@ -1365,6 +1365,13 @@ initconn (void) + uint32_t *pu32 = (uint32_t *) &data_addr_sa4->sin_addr.s_addr; + pu32[0] = htonl ( (h[0] << 24) | (h[1] << 16) | (h[2] << 8) | h[3]); + } ++ if (data_addr_sa4->sin_addr.s_addr ++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* LPSV IPv4 */ + else /* IPv6 */ + { +@@ -1395,6 +1402,13 @@ initconn (void) + pu32[2] = htonl ( (h[8] << 24) | (h[9] << 16) | (h[10] << 8) | h[11]); + pu32[3] = htonl ( (h[12] << 24) | (h[13] << 16) | (h[14] << 8) | h[15]); + } ++ if (data_addr_sa6->sin6_addr.s6_addr ++ != ((struct sockaddr_in6 *) &hisctladdr)->sin6_addr.s6_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* LPSV IPv6 */ + } + else /* !EPSV && !LPSV */ +@@ -1415,6 +1429,13 @@ initconn (void) + | ((a2 & 0xff) << 8) | (a3 & 0xff) ); + data_addr_sa4->sin_port = + htons (((p0 & 0xff) << 8) | (p1 & 0xff)); ++ if (data_addr_sa4->sin_addr.s_addr ++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* PASV */ + else + { +-- +2.17.1 + diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb b/meta/recipes-connectivity/inetutils/inetutils_2.0.bb index a4d05b0542..d299bc359e 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.0.bb @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ + file://CVE-2021-40491.patch \ " SRC_URI[md5sum] = "5e1018502cd131ed8e42339f6b5c98aa" From patchwork Mon Nov 22 02:20:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 282 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A0E2C433EF for ; Mon, 22 Nov 2021 02:20:54 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.1409.1637547653184145617 for ; Sun, 21 Nov 2021 18:20:53 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122213" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122213" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:39 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428835" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:38 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 09/16] mklibs-native: drop deprecated cpp17 exceptions Date: Mon, 22 Nov 2021 10:20:13 +0800 Message-Id: <5f310b5ba647196ad42c3c54b9459db0e22d5b41.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158545 From: Andrej Valek gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html. Signed-off-by: Andrej Valek Signed-off-by: Steve Sakoman (cherry picked from commit ef8b7946b4793db653ef7dd716e1d3f919a84725) Signed-off-by: Anuj Mittal --- ...ecated-exception-specification-cpp17.patch | 431 ++++++++++++++++++ .../mklibs/mklibs-native_0.1.44.bb | 1 + 2 files changed, 432 insertions(+) create mode 100644 meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch diff --git a/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch b/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch new file mode 100644 index 0000000000..f96cc7d302 --- /dev/null +++ b/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch @@ -0,0 +1,431 @@ +From 597c7a8333df84a87cc48fb8477b603ffbf372a6 Mon Sep 17 00:00:00 2001 +From: Andrej Valek +Date: Mon, 23 Aug 2021 12:45:11 +0200 +Subject: [PATCH] feat(cpp17): remove deprecated exception specifications for + C++ 17 + +Upstream-Status: Submitted [https://salsa.debian.org/installer-team/mklibs/-/merge_requests/2] + +based on: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html + +Signed-off-by: Andrej Valek +--- + src/mklibs-readelf/elf.cpp | 48 ++++++++++++++++++++--------------------- + src/mklibs-readelf/elf.hpp | 18 ++++++++-------- + src/mklibs-readelf/elf_data.hpp | 36 +++++++++++++++---------------- + 3 files changed, 51 insertions(+), 51 deletions(-) + +diff --git a/src/mklibs-readelf/elf.cpp b/src/mklibs-readelf/elf.cpp +index 0e4c0f3..2e6d0f6 100644 +--- a/src/mklibs-readelf/elf.cpp ++++ b/src/mklibs-readelf/elf.cpp +@@ -36,7 +36,7 @@ file::~file () throw () + delete *it; + } + +-file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_error) ++file *file::open (const char *filename) throw () + { + struct stat buf; + int fd; +@@ -72,7 +72,7 @@ file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_erro + } + + template +-file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error) ++file *file::open_class(uint8_t *mem, size_t len) throw () + { + switch (mem[EI_DATA]) + { +@@ -86,7 +86,7 @@ file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::run + } + + template +-file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error) ++file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw () + : file(mem, len) + { + if (mem[EI_CLASS] != _class::id) +@@ -190,7 +190,7 @@ section_data<_class, _data>::section_data(Shdr *shdr, uint8_t *mem) throw () + } + + template +-void section_data<_class, _data>::update(const file &file) throw (std::bad_alloc) ++void section_data<_class, _data>::update(const file &file) throw () + { + const section_type §ion = + dynamic_cast &>(file.get_section(file.get_shstrndx())); +@@ -204,7 +204,7 @@ section_type::~section_type() throw () + } + + template +-section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_DYNAMIC) +@@ -221,7 +221,7 @@ section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, ui + } + + template +-void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -243,7 +243,7 @@ section_type::~section_type() throw () + } + + template +-section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_DYNSYM) +@@ -260,7 +260,7 @@ section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uin + } + + template +-void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw () + { + section_data<_class, _data>::update (file); + +@@ -285,7 +285,7 @@ const version_definition *section_type::get_version_def + } + + template +-section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_GNU_verdef) +@@ -307,7 +307,7 @@ section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, + } + + template +-void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -333,7 +333,7 @@ const version_requirement_entry *section_type::get_ver + + template + section_real<_class, _data, section_type_GNU_VERNEED>:: +-section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data> (header, mem) + { + if (this->type != SHT_GNU_verneed) +@@ -355,7 +355,7 @@ section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) + } + + template +-void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -372,7 +372,7 @@ void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &f + + template + section_real<_class, _data, section_type_GNU_VERSYM>:: +-section_real (Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real (Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data> (header, mem) + { + if (this->type != SHT_GNU_versym) +@@ -399,7 +399,7 @@ segment_data<_class, _data>::segment_data (Phdr *phdr, uint8_t *mem) throw () + } + + template +-segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw (std::bad_alloc) ++segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw () + : segment_data<_class, _data> (header, mem) + { + if (this->type != PT_INTERP) +@@ -429,13 +429,13 @@ dynamic_data<_class, _data>::dynamic_data (Dyn *dyn) throw () + } + + template +-void dynamic_data<_class, _data>::update_string(const section_type §ion) throw (std::bad_alloc) ++void dynamic_data<_class, _data>::update_string(const section_type §ion) throw () + { + if (is_string) + val_string = section.get_string(val); + } + +-std::string symbol::get_version () const throw (std::bad_alloc) ++std::string symbol::get_version () const throw () + { + if (verneed) + return verneed->get_name(); +@@ -445,7 +445,7 @@ std::string symbol::get_version () const throw (std::bad_alloc) + return "Base"; + } + +-std::string symbol::get_version_file () const throw (std::bad_alloc) ++std::string symbol::get_version_file () const throw () + { + if (verneed) + return verneed->get_file(); +@@ -453,7 +453,7 @@ std::string symbol::get_version_file () const throw (std::bad_alloc) + return "None"; + } + +-std::string symbol::get_name_version () const throw (std::bad_alloc) ++std::string symbol::get_name_version () const throw () + { + std::string ver; + +@@ -478,13 +478,13 @@ symbol_data<_class, _data>::symbol_data (Sym *sym) throw () + } + + template +-void symbol_data<_class, _data>::update_string(const section_type §ion) throw (std::bad_alloc) ++void symbol_data<_class, _data>::update_string(const section_type §ion) throw () + { + name_string = section.get_string(name); + } + + template +-void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw (std::bad_alloc) ++void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw () + { + if (!file.get_section_GNU_VERSYM()) + return; +@@ -531,13 +531,13 @@ version_definition_data<_class, _data>::version_definition_data (Verdef *verdef) + } + + template +-void version_definition_data<_class, _data>::update_string(const section_type §ion) throw (std::bad_alloc) ++void version_definition_data<_class, _data>::update_string(const section_type §ion) throw () + { + for (std::vector::iterator it = names.begin(); it != names.end(); ++it) + names_string.push_back(section.get_string(*it)); + } + +-version_requirement::version_requirement() throw (std::bad_alloc) ++version_requirement::version_requirement() throw () + : file_string("None") + { } + +@@ -561,7 +561,7 @@ version_requirement_data<_class, _data>::version_requirement_data (Verneed *vern + + template + void version_requirement_data<_class, _data>:: +-update_string(const section_type §ion) throw (std::bad_alloc) ++update_string(const section_type §ion) throw () + { + file_string = section.get_string(file); + +@@ -596,7 +596,7 @@ version_requirement_entry_data(Vernaux *vna, const version_requirement &verneed) + + template + void version_requirement_entry_data<_class, _data>:: +-update_string(const section_type §ion) throw (std::bad_alloc) ++update_string(const section_type §ion) throw () + { + name_string = section.get_string(name); + } +diff --git a/src/mklibs-readelf/elf.hpp b/src/mklibs-readelf/elf.hpp +index 70e61cd..afb0c9e 100644 +--- a/src/mklibs-readelf/elf.hpp ++++ b/src/mklibs-readelf/elf.hpp +@@ -49,7 +49,7 @@ namespace Elf + const uint16_t get_shstrndx() const throw () { return shstrndx; } + + const std::vector
get_sections() const throw () { return sections; }; +- const section &get_section(unsigned int i) const throw (std::out_of_range) { return *sections.at(i); }; ++ const section &get_section(unsigned int i) const throw () { return *sections.at(i); }; + const section_type *get_section_DYNAMIC() const throw () { return section_DYNAMIC; }; + const section_type *get_section_DYNSYM() const throw () { return section_DYNSYM; }; + const section_type *get_section_GNU_VERDEF() const throw () { return section_GNU_VERDEF; }; +@@ -59,13 +59,13 @@ namespace Elf + const std::vector get_segments() const throw () { return segments; }; + const segment_type *get_segment_INTERP() const throw () { return segment_INTERP; }; + +- static file *open(const char *filename) throw (std::bad_alloc, std::runtime_error); ++ static file *open(const char *filename) throw (); + + protected: +- file(uint8_t *mem, size_t len) throw (std::bad_alloc) : mem(mem), len(len) { } ++ file(uint8_t *mem, size_t len) throw () : mem(mem), len(len) { } + + template +- static file *open_class(uint8_t *, size_t) throw (std::bad_alloc, std::runtime_error); ++ static file *open_class(uint8_t *, size_t) throw (); + + uint16_t type; + uint16_t machine; +@@ -128,7 +128,7 @@ namespace Elf + class section_type : public virtual section + { + public: +- std::string get_string(uint32_t offset) const throw (std::bad_alloc) ++ std::string get_string(uint32_t offset) const throw () + { + return std::string(reinterpret_cast (mem + offset)); + } +@@ -263,10 +263,10 @@ namespace Elf + uint8_t get_bind () const throw () { return bind; } + uint8_t get_type () const throw () { return type; } + const std::string &get_name_string() const throw () { return name_string; } +- std::string get_version() const throw (std::bad_alloc); +- std::string get_version_file() const throw (std::bad_alloc); ++ std::string get_version() const throw (); ++ std::string get_version_file() const throw (); + uint16_t get_version_data() const throw () { return versym; } +- std::string get_name_version() const throw (std::bad_alloc); ++ std::string get_name_version() const throw (); + + protected: + uint32_t name; +@@ -305,7 +305,7 @@ namespace Elf + class version_requirement + { + public: +- version_requirement() throw (std::bad_alloc); ++ version_requirement() throw (); + virtual ~version_requirement () throw () { } + + const std::string &get_file() const throw () { return file_string; } +diff --git a/src/mklibs-readelf/elf_data.hpp b/src/mklibs-readelf/elf_data.hpp +index 05effee..3871982 100644 +--- a/src/mklibs-readelf/elf_data.hpp ++++ b/src/mklibs-readelf/elf_data.hpp +@@ -94,7 +94,7 @@ namespace Elf + class file_data : public file + { + public: +- file_data(uint8_t *, size_t len) throw (std::bad_alloc, std::runtime_error); ++ file_data(uint8_t *, size_t len) throw (); + + const uint8_t get_class() const throw () { return _class::id; } + const uint8_t get_data() const throw () { return _data::id; } +@@ -109,7 +109,7 @@ namespace Elf + public: + section_data(Shdr *, uint8_t *) throw (); + +- virtual void update(const file &) throw (std::bad_alloc); ++ virtual void update(const file &) throw (); + }; + + template +@@ -133,9 +133,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template +@@ -147,9 +147,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template +@@ -161,9 +161,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template +@@ -175,9 +175,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template +@@ -189,7 +189,7 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + }; + + template +@@ -220,7 +220,7 @@ namespace Elf + typedef typename _elfdef<_class>::Phdr Phdr; + + public: +- segment_real (Phdr *, uint8_t *) throw (std::bad_alloc); ++ segment_real (Phdr *, uint8_t *) throw (); + }; + + template +@@ -232,7 +232,7 @@ namespace Elf + public: + dynamic_data (Dyn *) throw (); + +- void update_string(const section_type &) throw (std::bad_alloc); ++ void update_string(const section_type &) throw (); + }; + + template +@@ -244,8 +244,8 @@ namespace Elf + public: + symbol_data (Sym *) throw (); + +- void update_string(const section_type &) throw (std::bad_alloc); +- virtual void update_version (const file &, uint16_t) throw (std::bad_alloc); ++ void update_string(const section_type &) throw (); ++ virtual void update_version (const file &, uint16_t) throw (); + }; + + template +@@ -257,7 +257,7 @@ namespace Elf + + version_definition_data (Verdef *) throw (); + +- void update_string(const section_type &) throw (std::bad_alloc); ++ void update_string(const section_type &) throw (); + }; + + template +@@ -269,7 +269,7 @@ namespace Elf + + version_requirement_data (Verneed *) throw (); + +- void update_string(const section_type &) throw (std::bad_alloc); ++ void update_string(const section_type &) throw (); + }; + + template +@@ -280,7 +280,7 @@ namespace Elf + + version_requirement_entry_data (Vernaux *, const version_requirement &) throw (); + +- void update_string(const section_type &) throw (std::bad_alloc); ++ void update_string(const section_type &) throw (); + }; + } + +-- +2.11.0 + diff --git a/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb b/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb index 1784af1f4c..07142e57e0 100644 --- a/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb +++ b/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb @@ -12,6 +12,7 @@ SRC_URI = "http://snapshot.debian.org/archive/debian/20180828T214102Z/pool/main/ file://avoid-failure-on-symbol-provided-by-application.patch \ file://show-GNU-unique-symbols-as-provided-symbols.patch \ file://fix_cross_compile.patch \ + file://remove-deprecated-exception-specification-cpp17.patch \ " SRC_URI[md5sum] = "6b6eeb9b4016c6a7317acc28c89e32cc" From patchwork Mon Nov 22 02:20:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 285 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A202C43219 for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1405.1637547653561434812 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122216" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122216" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:41 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428839" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:40 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 10/16] gcc: Fix CVE-2021-35465 Date: Mon, 22 Nov 2021 10:20:14 +0800 Message-Id: <2dae3da5dbb0c8293927f0676fff08437f75d0d2.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158546 From: Pgowda source : https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102035 Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7] Signed-off-by: Pgowda Signed-off-by: Anuj Mittal --- meta/recipes-devtools/gcc/gcc-10.2.inc | 4 + .../gcc/gcc/0001-CVE-2021-35465.patch | 138 ++++++++ .../gcc/gcc/0002-CVE-2021-35465.patch | 40 +++ .../gcc/gcc/0003-CVE-2021-35465.patch | 103 ++++++ .../gcc/gcc/0004-CVE-2021-35465.patch | 304 ++++++++++++++++++ 5 files changed, 589 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch create mode 100644 meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch create mode 100644 meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch create mode 100644 meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch diff --git a/meta/recipes-devtools/gcc/gcc-10.2.inc b/meta/recipes-devtools/gcc/gcc-10.2.inc index c0cd8b31d5..248e002106 100644 --- a/meta/recipes-devtools/gcc/gcc-10.2.inc +++ b/meta/recipes-devtools/gcc/gcc-10.2.inc @@ -70,6 +70,10 @@ SRC_URI = "\ file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \ file://0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch \ file://0001-libatomic-libgomp-libitc-Fix-bootstrap-PR70454.patch \ + file://0001-CVE-2021-35465.patch \ + file://0002-CVE-2021-35465.patch \ + file://0003-CVE-2021-35465.patch \ + file://0004-CVE-2021-35465.patch \ " SRC_URI[sha256sum] = "b8dd4368bb9c7f0b98188317ee0254dd8cc99d1e3a18d0ff146c855fe16c1d8c" diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch new file mode 100644 index 0000000000..b9bca49dd8 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch @@ -0,0 +1,138 @@ +From 3929bca9ca95de9d35e82ae8828b188029e3eb70 Mon Sep 17 00:00:00 2001 +From: Richard Earnshaw +Date: Fri, 11 Jun 2021 16:02:05 +0100 +Subject: [PATCH] arm: Add command-line option for enabling CVE-2021-35465 + mitigation [PR102035] + +Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it +automatically for cortex-m33, cortex-m35p and cortex-m55. + +gcc: + PR target/102035 + * config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option. + * doc/invoke.texi (Arm Options): Document it. + * config/arm/arm-cpus.in (quirk_vlldm): New feature bit. + (ALL_QUIRKS): Add quirk_vlldm. + (cortex-m33): Add quirk_vlldm. + (cortex-m35p, cortex-m55): Likewise. + * config/arm/arm.c (arm_option_override): Enable fix_vlldm if + targetting an affected CPU and not explicitly controlled on + the command line. + +CVE: CVE-2021-35465 +Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70] +Signed-off-by: Pgowda + +--- + gcc/config/arm/arm-cpus.in | 9 +++++++-- + gcc/config/arm/arm.c | 9 +++++++++ + gcc/config/arm/arm.opt | 4 ++++ + gcc/doc/invoke.texi | 9 +++++++++ + 4 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c +--- a/gcc/config/arm/arm.c 2020-07-22 23:35:17.344384552 -0700 ++++ b/gcc/config/arm/arm.c 2021-11-11 20:16:19.761241867 -0800 +@@ -3595,6 +3595,15 @@ arm_option_override (void) + fix_cm3_ldrd = 0; + } + ++ /* Enable fix_vlldm by default if required. */ ++ if (fix_vlldm == 2) ++ { ++ if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm)) ++ fix_vlldm = 1; ++ else ++ fix_vlldm = 0; ++ } ++ + /* Hot/Cold partitioning is not currently supported, since we can't + handle literal pool placement in that case. */ + if (flag_reorder_blocks_and_partition) +diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in +--- a/gcc/config/arm/arm-cpus.in 2020-07-22 23:35:17.340384509 -0700 ++++ b/gcc/config/arm/arm-cpus.in 2021-11-11 20:17:01.364573561 -0800 +@@ -190,6 +190,9 @@ define feature quirk_armv6kz + # Cortex-M3 LDRD quirk. + define feature quirk_cm3_ldrd + ++# v8-m/v8.1-m VLLDM errata. ++define feature quirk_vlldm ++ + # Don't use .cpu assembly directive + define feature quirk_no_asmcpu + +@@ -314,7 +317,7 @@ define fgroup DOTPROD NEON dotprod + # architectures. + # xscale isn't really a 'quirk', but it isn't an architecture either and we + # need to ignore it for matching purposes. +-define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu ++define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu + + # Architecture entries + # format: +@@ -1492,6 +1495,7 @@ begin cpu cortex-m33 + architecture armv8-m.main+dsp+fp + option nofp remove ALL_FP + option nodsp remove armv7em ++ isa quirk_vlldm + costs v7m + end cpu cortex-m33 + +@@ -1501,6 +1505,7 @@ begin cpu cortex-m35p + architecture armv8-m.main+dsp+fp + option nofp remove ALL_FP + option nodsp remove armv7em ++ isa quirk_vlldm + costs v7m + end cpu cortex-m35p + +@@ -1508,7 +1513,7 @@ begin cpu cortex-m55 + cname cortexm55 + tune flags LDSCHED + architecture armv8.1-m.main+mve.fp+fp.dp +- isa quirk_no_asmcpu ++ isa quirk_no_asmcpu quirk_vlldm + costs v7m + vendor 41 + end cpu cortex-m55 +diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt +--- a/gcc/config/arm/arm.opt 2020-07-22 23:35:17.344384552 -0700 ++++ b/gcc/config/arm/arm.opt 2021-11-11 20:16:19.761241867 -0800 +@@ -271,6 +271,10 @@ Target Report Var(fix_cm3_ldrd) Init(2) + Avoid overlapping destination and address registers on LDRD instructions + that may trigger Cortex-M3 errata. + ++mfix-cmse-cve-2021-35465 ++Target Var(fix_vlldm) Init(2) ++Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465). ++ + munaligned-access + Target Report Var(unaligned_access) Init(2) Save + Enable unaligned word and halfword accesses to packed data. +diff -upr a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +--- a/gcc/doc/invoke.texi 2021-11-11 19:30:56.264523105 -0800 ++++ b/gcc/doc/invoke.texi 2021-11-11 20:16:19.769241739 -0800 +@@ -773,6 +773,7 @@ Objective-C and Objective-C++ Dialects}. + -mverbose-cost-dump @gol + -mpure-code @gol + -mcmse @gol ++-mfix-cmse-cve-2021-35465 @gol + -mfdpic} + + @emph{AVR Options} +@@ -21233,6 +21234,14 @@ Use multiply and add/subtract instructio + + Do not use multiply and add/subtract instructions. + ++@item -mfix-cmse-cve-2021-35465 ++@opindex mfix-cmse-cve-2021-35465 ++Mitigate against a potential security issue with the @code{VLLDM} instruction ++in some M-profile devices when using CMSE (CVE-2021-365465). This option is ++enabled by default when the option @option{-mcpu=} is used with ++@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option ++@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation. ++ + @item -mfdpic + @opindex mfdpic + diff --git a/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch new file mode 100644 index 0000000000..38d02dc770 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch @@ -0,0 +1,40 @@ +From 574e7950bd6b34e9e2cacce18c802b45505d1d0a Mon Sep 17 00:00:00 2001 +From: Richard Earnshaw +Date: Fri, 18 Jun 2021 17:16:25 +0100 +Subject: [PATCH] arm: add erratum mitigation to __gnu_cmse_nonsecure_call + [PR102035] + +Add the recommended erratum mitigation sequence to +__gnu_cmse_nonsecure_call for use on Armv8-m.main devices. Since this +is in the library code we cannot know in advance whether the core we +are running on will be affected by this, so always enable it. + +libgcc: + PR target/102035 + * config/arm/cmse_nonsecure_call.S (__gnu_cmse_nonsecure_call): + Add vlldm erratum work-around. + +CVE: CVE-2021-35465 +Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a] +Signed-off-by: Pgowda + +--- + libgcc/config/arm/cmse_nonsecure_call.S | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libgcc/config/arm/cmse_nonsecure_call.S b/libgcc/config/arm/cmse_nonsecure_call.S +index 00830ade98e..c8e0fbbe665 100644 +--- a/libgcc/config/arm/cmse_nonsecure_call.S ++++ b/libgcc/config/arm/cmse_nonsecure_call.S +@@ -102,6 +102,11 @@ blxns r4 + #ifdef __ARM_PCS_VFP + vpop.f64 {d8-d15} + #else ++/* VLLDM erratum mitigation sequence. */ ++mrs r5, control ++tst r5, #8 /* CONTROL_S.SFPA */ ++it ne ++.inst.w 0xeeb00a40 /* vmovne s0, s0 */ + vlldm sp /* Lazy restore of d0-d16 and FPSCR. */ + add sp, sp, #0x88 /* Free space used to save floating point registers. */ + #endif /* __ARM_PCS_VFP */ diff --git a/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch new file mode 100644 index 0000000000..d87be19866 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch @@ -0,0 +1,103 @@ +From 30461cf8dba3d3adb15a125e4da48800eb2b9b8f Mon Sep 17 00:00:00 2001 +From: Richard Earnshaw +Date: Fri, 18 Jun 2021 17:18:37 +0100 +Subject: [PATCH] arm: fix vlldm erratum for Armv8.1-m [PR102035] + +For Armv8.1-m we generate code that emits VLLDM directly and do not +rely on support code in the library, so emit the mitigation directly +as well, when required. In this case, we can use the compiler options +to determine when to apply the fix and when it is safe to omit it. + +gcc: + PR target/102035 + * config/arm/arm.md (attribute arch): Add fix_vlldm. + (arch_enabled): Use it. + * config/arm/vfp.md (lazy_store_multiple_insn): Add alternative to + use when erratum mitigation is needed. + +CVE: CVE-2021-35465 +Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f] +Signed-off-by: Pgowda + +--- + gcc/config/arm/arm.md | 11 +++++++++-- + gcc/config/arm/vfp.md | 10 +++++++--- + 2 files changed, 16 insertions(+), 5 deletions(-) + +diff -upr a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md +--- a/gcc/config/arm/arm.md 2020-07-22 23:35:17.344384552 -0700 ++++ b/gcc/config/arm/arm.md 2021-11-11 20:33:58.431543947 -0800 +@@ -132,9 +132,12 @@ + ; TARGET_32BIT, "t1" or "t2" to specify a specific Thumb mode. "v6" + ; for ARM or Thumb-2 with arm_arch6, and nov6 for ARM without + ; arm_arch6. "v6t2" for Thumb-2 with arm_arch6 and "v8mb" for ARMv8-M +-; Baseline. This attribute is used to compute attribute "enabled", ++; Baseline. "fix_vlldm" is for fixing the v8-m/v8.1-m VLLDM erratum. ++; This attribute is used to compute attribute "enabled", + ; use type "any" to enable an alternative in all cases. +-(define_attr "arch" "any,a,t,32,t1,t2,v6,nov6,v6t2,v8mb,iwmmxt,iwmmxt2,armv6_or_vfpv3,neon,mve" ++(define_attr "arch" "any, a, t, 32, t1, t2, v6,nov6, v6t2, \ ++ v8mb, fix_vlldm, iwmmxt, iwmmxt2, armv6_or_vfpv3, \ ++ neon, mve" + (const_string "any")) + + (define_attr "arch_enabled" "no,yes" +@@ -177,6 +180,10 @@ + (match_test "TARGET_THUMB1 && arm_arch8")) + (const_string "yes") + ++ (and (eq_attr "arch" "fix_vlldm") ++ (match_test "fix_vlldm")) ++ (const_string "yes") ++ + (and (eq_attr "arch" "iwmmxt2") + (match_test "TARGET_REALLY_IWMMXT2")) + (const_string "yes") +diff -upr a/gcc/config/arm/vfp.md b/gcc/config/arm/vfp.md +--- a/gcc/config/arm/vfp.md 2020-07-22 23:35:17.356384684 -0700 ++++ b/gcc/config/arm/vfp.md 2021-11-11 20:33:58.431543947 -0800 +@@ -1703,12 +1703,15 @@ + (set_attr "type" "mov_reg")] + ) + ++;; Both this and the next instruction are treated by GCC in the same ++;; way as a blockage pattern. That's perhaps stronger than it needs ++;; to be, but we do not want accesses to the VFP register bank to be ++;; moved across either instruction. ++ + (define_insn "lazy_store_multiple_insn" +- [(set (match_operand:SI 0 "s_register_operand" "+&rk") +- (post_dec:SI (match_dup 0))) +- (unspec_volatile [(const_int 0) +- (mem:SI (post_dec:SI (match_dup 0)))] +- VUNSPEC_VLSTM)] ++ [(unspec_volatile ++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk"))] ++ VUNSPEC_VLSTM)] + "use_cmse && reload_completed" + "vlstm%?\\t%0" + [(set_attr "predicable" "yes") +@@ -1716,14 +1719,16 @@ + ) + + (define_insn "lazy_load_multiple_insn" +- [(set (match_operand:SI 0 "s_register_operand" "+&rk") +- (post_inc:SI (match_dup 0))) +- (unspec_volatile:SI [(const_int 0) +- (mem:SI (match_dup 0))] +- VUNSPEC_VLLDM)] ++ [(unspec_volatile ++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk,rk"))] ++ VUNSPEC_VLLDM)] + "use_cmse && reload_completed" +- "vlldm%?\\t%0" +- [(set_attr "predicable" "yes") ++ "@ ++ vscclrm\\t{vpr}\;vlldm\\t%0 ++ vlldm\\t%0" ++ [(set_attr "arch" "fix_vlldm,*") ++ (set_attr "predicable" "no") ++ (set_attr "length" "8,4") + (set_attr "type" "load_4")] + ) + diff --git a/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch new file mode 100644 index 0000000000..9f7a38ed2e --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch @@ -0,0 +1,304 @@ +From 809330ab8450261e05919b472783bf15e4b000f7 Mon Sep 17 00:00:00 2001 +From: Richard Earnshaw +Date: Tue, 6 Jul 2021 15:10:18 +0100 +Subject: [PATCH] arm: Add tests for VLLDM mitigation [PR102035] + +New tests for the erratum mitigation. + +gcc/testsuite: + PR target/102035 + * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c: New test. + * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c: Likewise. + * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c: Likewise. + +CVE: CVE-2021-35465 +Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7] +Signed-off-by: Pgowda + +--- + .../arm/cmse/mainline/8_1m/soft/cmse-13a.c | 31 +++++++++++++++++++ + .../arm/cmse/mainline/8_1m/soft/cmse-7a.c | 28 +++++++++++++++++ + .../arm/cmse/mainline/8_1m/soft/cmse-8a.c | 30 ++++++++++++++++++ + .../cmse/mainline/8_1m/softfp-sp/cmse-7a.c | 27 ++++++++++++++++ + .../cmse/mainline/8_1m/softfp-sp/cmse-8a.c | 29 +++++++++++++++++ + .../arm/cmse/mainline/8_1m/softfp/cmse-13a.c | 30 ++++++++++++++++++ + .../arm/cmse/mainline/8_1m/softfp/cmse-7a.c | 27 ++++++++++++++++ + .../arm/cmse/mainline/8_1m/softfp/cmse-8a.c | 29 +++++++++++++++++ + 8 files changed, 231 insertions(+) + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c + create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c + +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,31 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */ ++ ++#include "../../../cmse-13.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler-not "vmov" } } */ ++/* { dg-final { scan-assembler-not "vmsr" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,28 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */ ++ ++#include "../../../cmse-7.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler-not "vmov" } } */ ++/* { dg-final { scan-assembler-not "vmsr" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,30 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */ ++ ++#include "../../../cmse-8.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler-not "vmov" } } */ ++/* { dg-final { scan-assembler-not "vmsr" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,30 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */ ++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */ ++ ++#include "../../../cmse-13.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,27 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */ ++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */ ++ ++#include "../../../cmse-7.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 2021-11-11 20:38:44.290766017 -0800 +@@ -0,0 +1,29 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */ ++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */ ++ ++#include "../../../cmse-8.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,27 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */ ++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */ ++ ++#include "../../../cmse-7.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ +diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c +--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 2021-11-11 20:38:44.286766084 -0800 +@@ -0,0 +1,29 @@ ++/* { dg-do compile } */ ++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */ ++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */ ++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */ ++ ++#include "../../../cmse-8.x" ++ ++/* Checks for saving and clearing prior to function call. */ ++/* Shift on the same register as blxns. */ ++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */ ++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */ ++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */ ++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++/* { dg-final { scan-assembler "vlstm\tsp" } } */ ++/* Check the right registers are cleared and none appears twice. */ ++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */ ++/* Check that the right number of registers is cleared and thus only one ++ register is missing. */ ++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */ ++/* Check that no cleared register is used for blxns. */ ++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */ ++/* Check for v8.1-m variant of erratum work-around. */ ++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */ ++/* { dg-final { scan-assembler "vlldm\tsp" } } */ ++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */ ++ ++/* Now we check that we use the correct intrinsic to call. */ ++/* { dg-final { scan-assembler "blxns" } } */ From patchwork Mon Nov 22 02:20:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 286 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5934CC4167D for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1405.1637547653561434812 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122218" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122218" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:43 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428844" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:41 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 11/16] rpm: fix CVE-2021-3521 Date: Mon, 22 Nov 2021 10:20:15 +0800 Message-Id: <68c20b12fca2c20439b18c5fd9757c2c1f1746a1.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158549 From: Changqing Li Signed-off-by: Changqing Li Signed-off-by: Anuj Mittal --- .../rpm/files/0001-CVE-2021-3521.patch | 57 +++ .../rpm/files/0002-CVE-2021-3521.patch | 62 ++++ .../rpm/files/0003-CVE-2021-3521.patch | 332 ++++++++++++++++++ meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 3 + 4 files changed, 454 insertions(+) create mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch create mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch create mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch new file mode 100644 index 0000000000..b374583017 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch @@ -0,0 +1,57 @@ +From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 30 Sep 2021 09:56:20 +0300 +Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function + +No functional changes, just to reduce code duplication and needed by +the following commits. + +CVE: CVE-2021-3521 +Upstream-Staus: Backport[https://github.com/rpm-software-management/rpm/commit/9f03f42e2] + +Signed-off-by: Changqing Li +--- + rpmio/rpmpgp.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index d0688ebe9a..e472b5320f 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) + return algo; + } + ++static pgpDigParams pgpDigParamsNew(uint8_t tag) ++{ ++ pgpDigParams digp = xcalloc(1, sizeof(*digp)); ++ digp->tag = tag; ++ return digp; ++} ++ + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + pgpDigParams * ret) + { +@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + if (pkttype && pkt.tag != pkttype) { + break; + } else { +- digp = xcalloc(1, sizeof(*digp)); +- digp->tag = pkt.tag; ++ digp = pgpDigParamsNew(pkt.tag); + } + } + +@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, + digps = xrealloc(digps, alloced * sizeof(*digps)); + } + +- digps[count] = xcalloc(1, sizeof(**digps)); +- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; ++ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); + /* Copy UID from main key to subkey */ + digps[count]->userid = xstrdup(mainkey->userid); + +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch new file mode 100644 index 0000000000..a8ff98fa26 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch @@ -0,0 +1,62 @@ +From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 30 Sep 2021 09:51:10 +0300 +Subject: [PATCH 2/3] Process MPI's from all kinds of signatures + +No immediate effect but needed by the following commits. + +CVE: CVE-2021-3521 +Upstream-Status: Backport[https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] + +Signed-off-by: Changqing Li +--- + rpmio/rpmpgp.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index e472b5320f..57d411d1e0 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -515,7 +515,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) + return NULL; + } + +-static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, ++static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, + const uint8_t *p, const uint8_t *h, size_t hlen, + pgpDigParams sigp) + { +@@ -528,10 +528,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, + int mpil = pgpMpiLen(p); + if (p + mpil > pend) + break; +- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { +- if (sigalg->setmpi(sigalg, i, p)) +- break; +- } ++ if (sigalg->setmpi(sigalg, i, p)) ++ break; + p += mpil; + } + +@@ -604,7 +602,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + } + + p = ((uint8_t *)v) + sizeof(*v); +- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); ++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); + } break; + case 4: + { pgpPktSigV4 v = (pgpPktSigV4)h; +@@ -662,7 +660,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + if (p > (h + hlen)) + return 1; + +- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); ++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); + } break; + default: + rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version); +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch new file mode 100644 index 0000000000..d39ea7dacd --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch @@ -0,0 +1,332 @@ +From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 30 Sep 2021 09:59:30 +0300 +Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP + public keys + +All subkeys must be followed by a binding signature by the primary key +as per the OpenPGP RFC, enforce the presence and validity in the parser. + +The implementation is as kludgey as they come to work around our +simple-minded parser structure without touching API, to maximise +backportability. Store all the raw packets internally as we decode them +to be able to access previous elements at will, needed to validate ordering +and access the actual data. Add testcases for manipulated keys whose +import previously would succeed. + +Depends on the two previous commits: +7b399fcb8f52566e6f3b4327197a85facd08db91 and +236b802a4aa48711823a191d1b7f753c82a89ec5 + +Fixes CVE-2021-3521. + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] +CVE:CVE-2021-3521 + +Signed-off-by: Changqing Li +--- + rpmio/rpmpgp.c | 100 ++++++++++++++++-- + tests/Makefile.am | 3 + + tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ + .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ + tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ + tests/rpmsigdig.at | 28 +++++ + 6 files changed, 211 insertions(+), 7 deletions(-) + create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc + create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc + create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 57d411d1e0..b12410d671 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1046,35 +1046,121 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) + return digp; + } + ++static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) ++{ ++ int rc = -1; ++ if (pkt->tag == exptag) { ++ uint8_t head[] = { ++ 0x99, ++ (pkt->blen >> 8), ++ (pkt->blen ), ++ }; ++ ++ rpmDigestUpdate(hash, head, 3); ++ rpmDigestUpdate(hash, pkt->body, pkt->blen); ++ rc = 0; ++ } ++ return rc; ++} ++ ++static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, ++ const struct pgpPkt *all, int i) ++{ ++ int rc = -1; ++ DIGEST_CTX hash = NULL; ++ ++ switch (selfsig->sigtype) { ++ case PGPSIGTYPE_SUBKEY_BINDING: ++ hash = rpmDigestInit(selfsig->hash_algo, 0); ++ if (hash) { ++ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); ++ if (!rc) ++ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); ++ } ++ break; ++ default: ++ /* ignore types we can't handle */ ++ rc = 0; ++ break; ++ } ++ ++ if (hash && rc == 0) ++ rc = pgpVerifySignature(key, selfsig, hash); ++ ++ rpmDigestFinal(hash, NULL, NULL, 0); ++ ++ return rc; ++} ++ + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + pgpDigParams * ret) + { + const uint8_t *p = pkts; + const uint8_t *pend = pkts + pktlen; + pgpDigParams digp = NULL; +- struct pgpPkt pkt; ++ pgpDigParams selfsig = NULL; ++ int i = 0; ++ int alloced = 16; /* plenty for normal cases */ ++ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); + int rc = -1; /* assume failure */ ++ int expect = 0; ++ int prevtag = 0; + + while (p < pend) { +- if (decodePkt(p, (pend - p), &pkt)) ++ struct pgpPkt *pkt = &all[i]; ++ if (decodePkt(p, (pend - p), pkt)) + break; + + if (digp == NULL) { +- if (pkttype && pkt.tag != pkttype) { ++ if (pkttype && pkt->tag != pkttype) { + break; + } else { +- digp = pgpDigParamsNew(pkt.tag); ++ digp = pgpDigParamsNew(pkt->tag); + } + } + +- if (pgpPrtPkt(&pkt, digp)) ++ if (expect) { ++ if (pkt->tag != expect) ++ break; ++ selfsig = pgpDigParamsNew(pkt->tag); ++ } ++ ++ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) + break; + +- p += (pkt.body - pkt.head) + pkt.blen; ++ if (selfsig) { ++ /* subkeys must be followed by binding signature */ ++ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { ++ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) ++ break; ++ } ++ ++ int xx = pgpVerifySelf(digp, selfsig, all, i); ++ ++ selfsig = pgpDigParamsFree(selfsig); ++ if (xx) ++ break; ++ expect = 0; ++ } ++ ++ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) ++ expect = PGPTAG_SIGNATURE; ++ prevtag = pkt->tag; ++ ++ i++; ++ p += (pkt->body - pkt->head) + pkt->blen; ++ if (pkttype == PGPTAG_SIGNATURE) ++ break; ++ ++ if (alloced <= i) { ++ alloced *= 2; ++ all = xrealloc(all, alloced * sizeof(*all)); ++ } + } + +- rc = (digp && (p == pend)) ? 0 : -1; ++ rc = (digp && (p == pend) && expect == 0) ? 0 : -1; + ++ free(all); + if (ret && rc == 0) { + *ret = digp; + } else { +diff --git a/tests/Makefile.am b/tests/Makefile.am +index f742a9e1d2..328234278a 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec + EXTRA_DIST += data/SPECS/hello-cd.spec + EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub + EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret ++EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc ++EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig.asc ++EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig-last.asc + EXTRA_DIST += data/macros.testfile + EXTRA_DIST += data/macros.debug + EXTRA_DIST += data/SOURCES/foo.c +diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc +new file mode 100644 +index 0000000000..aea00f9d7a +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-badbind.asc +@@ -0,0 +1,25 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= ++=WCfs ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc +new file mode 100644 +index 0000000000..aea00f9d7a +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc +@@ -0,0 +1,25 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= ++=WCfs ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc +new file mode 100644 +index 0000000000..3a2e7417f8 +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc +@@ -0,0 +1,37 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 ++VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En ++uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ ++8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF ++v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ ++qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB ++Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j ++mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos ++3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ ++zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX ++Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ ++gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ ++E4XX4jtDmdZPreZALsiB ++=rRop ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index e1a3ab062a..705fc58705 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -240,6 +240,34 @@ gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918 + []) + AT_CLEANUP + ++AT_SETUP([rpmkeys --import invalid keys]) ++AT_KEYWORDS([rpmkeys import]) ++RPMDB_INIT ++ ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] ++) ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] ++) ++ ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] ++) ++AT_CLEANUP ++ + # ------------------------------ + # Test pre-built package verification + AT_SETUP([rpmkeys -K 1]) +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb index 62da3d2095..5a347953fa 100644 --- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb +++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb @@ -41,6 +41,9 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x;protoc file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ file://0001-tools-Add-error.h-for-non-glibc-case.patch \ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ + file://0001-CVE-2021-3521.patch \ + file://0002-CVE-2021-3521.patch \ + file://0003-CVE-2021-3521.patch \ " PE = "1" From patchwork Mon Nov 22 02:20:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 14134 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Anuj Mittal" Subject: [hardknott][PATCH 12/16] vim: fix CVE-2021-3872 and CVE-2021-3903 Date: Mon, 22 Nov 2021 10:20:16 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Mingli Yu Backport 2 patches to fix below CVEs: - CVE-2021-3872 - CVE-2021-3903 Signed-off-by: Mingli Yu Signed-off-by: Anuj Mittal --- .../vim/files/CVE-2021-3872.patch | 57 +++++++++++++++++++ .../vim/files/CVE-2021-3903.patch | 38 +++++++++++++ meta/recipes-support/vim/vim.inc | 2 + 3 files changed, 97 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2021-3872.patch create mode 100644 meta/recipes-support/vim/files/CVE-2021-3903.patch diff --git a/meta/recipes-support/vim/files/CVE-2021-3872.patch b/meta/recipes-support/vim/files/CVE-2021-3872.patch new file mode 100644 index 0000000000..f0f30933fa --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3872.patch @@ -0,0 +1,57 @@ +From 132d060ffbb9651f0d79bd0b6d80cab460235a99 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Fri, 12 Nov 2021 02:56:51 +0000 +Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very + long + +Problem: Illegal memory access if buffer name is very long. +Solution: Make sure not to go over the end of the buffer. + +CVE: CVE-2021-3872 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b] + +Signed-off-by: Mingli Yu +--- + src/drawscreen.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/drawscreen.c b/src/drawscreen.c +index 3a88ee979..9acb70552 100644 +--- a/src/drawscreen.c ++++ b/src/drawscreen.c +@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +- STRCPY(p + len, _("[Help]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); + len += (int)STRLEN(p + len); + } + #ifdef FEAT_QUICKFIX + if (wp->w_p_pvw) + { +- STRCPY(p + len, _("[Preview]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); + len += (int)STRLEN(p + len); + } + #endif +@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + #endif + ) + { +- STRCPY(p + len, "[+]"); +- len += 3; ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ++ len += (int)STRLEN(p + len); + } + if (wp->w_buffer->b_p_ro) + { +- STRCPY(p + len, _("[RO]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); + len += (int)STRLEN(p + len); + } + +-- +2.31.1 + diff --git a/meta/recipes-support/vim/files/CVE-2021-3903.patch b/meta/recipes-support/vim/files/CVE-2021-3903.patch new file mode 100644 index 0000000000..fb45857de8 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3903.patch @@ -0,0 +1,38 @@ +From a366598006f4d7bf9b4fbcd334a2e5078dcb6ad8 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Fri, 12 Nov 2021 02:23:38 +0000 +Subject: [PATCH] =?UTF-8?q?patch=208.2.3564:=20invalid=20memory=20access?= + =?UTF-8?q?=20when=20scrolling=20without=20valid=20sc=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +…reen + +Problem: Invalid memory access when scrolling without a valid screen. +Solution: Do not set VALID_BOTLINE in w_valid. + +CVE: CVE-2021-3903 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43] + +Signed-off-by: Mingli Yu +--- + src/move.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/move.c b/src/move.c +index 8e53d8bcb..10165ef4d 100644 +--- a/src/move.c ++++ b/src/move.c +@@ -198,7 +198,6 @@ update_topline(void) + { + curwin->w_topline = curwin->w_cursor.lnum; + curwin->w_botline = curwin->w_topline; +- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; + curwin->w_scbind_pos = 1; + return; + } +-- +2.31.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index db4741ba4f..1841498b74 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,6 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2021-3778.patch \ file://CVE-2021-3796.patch \ file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ + file://CVE-2021-3903.patch \ + file://CVE-2021-3872.patch \ " SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" From patchwork Mon Nov 22 02:20:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 283 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EBC7C4167B for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.1409.1637547653184145617 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122220" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122220" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:45 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428859" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:44 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 13/16] vim: fix CVE-2021-3875 Date: Mon, 22 Nov 2021 10:20:17 +0800 Message-Id: X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158547 From: Mingli Yu Backport a patch to fix CVE-2021-3875. Signed-off-by: Mingli Yu Signed-off-by: Anuj Mittal --- .../vim/files/CVE-2021-3875.patch | 37 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2021-3875.patch diff --git a/meta/recipes-support/vim/files/CVE-2021-3875.patch b/meta/recipes-support/vim/files/CVE-2021-3875.patch new file mode 100644 index 0000000000..d62d875f8e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3875.patch @@ -0,0 +1,37 @@ +From 40aa9802ef56d3cdbe256b4c9e58049953051a2d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Mon, 15 Nov 2021 14:34:50 +0800 +Subject: [PATCH] patch 8.2.3489: ml_get error after search with range + +Problem: ml_get error after search with range. +Solution: Limit the line number to the buffer line count. + +CVE: CVE-2021-3875 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f] + +Signed-off-by: Mingli Yu +--- + src/ex_docmd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fb07450f8..89d33ba90 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -3586,8 +3586,10 @@ get_address( + + // When '/' or '?' follows another address, start from + // there. +- if (lnum != MAXLNUM) +- curwin->w_cursor.lnum = lnum; ++ if (lnum > 0 && lnum != MAXLNUM) ++ curwin->w_cursor.lnum = ++ lnum > curbuf->b_ml.ml_line_count ++ ? curbuf->b_ml.ml_line_count : lnum; + + // Start a forward search at the end of the line (unless + // before the first line). +-- +2.17.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1841498b74..65b0b2e330 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -22,6 +22,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ file://CVE-2021-3903.patch \ file://CVE-2021-3872.patch \ + file://CVE-2021-3875.patch \ " SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" From patchwork Mon Nov 22 02:20:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 281 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56ABAC4321E for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.1409.1637547653184145617 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122221" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122221" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:46 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428862" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:45 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 14/16] bind: fix CVE-2021-25219 Date: Mon, 22 Nov 2021 10:20:18 +0800 Message-Id: <918660a2d4bc89a763a5934765ff6a1647709fcc.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158550 From: Mingli Yu Backport patches to fix CVE-2021-25219. Signed-off-by: Mingli Yu Signed-off-by: Anuj Mittal --- .../bind/bind-9.16.16/CVE-2021-25219-1.patch | 76 +++++++++++++++++++ .../bind/bind-9.16.16/CVE-2021-25219-2.patch | 65 ++++++++++++++++ .../recipes-connectivity/bind/bind_9.16.16.bb | 2 + 3 files changed, 143 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch create mode 100644 meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch new file mode 100644 index 0000000000..f63c333264 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch @@ -0,0 +1,76 @@ +From 011e9418ce9bb25675de6ac8d47536efedeeb312 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Fri, 24 Sep 2021 09:35:11 +0200 +Subject: [PATCH] Disable lame-ttl cache + +The lame-ttl cache is implemented in ADB as per-server locked +linked-list "indexed" with . This list has to be walked +every time there's a new query or new record added into the lame cache. +Determined attacker can use this to degrade performance of the resolver. + +Resolver testing has shown that disabling the lame cache has little +impact on the resolver performance and it's a minimal viable defense +against this kind of attack. + +CVE: CVE-2021-25219 + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/8fe18c0566c41228a568157287f5a44f96d37662] + +Signed-off-by: Mingli Yu +--- + bin/named/config.c | 2 +- + bin/named/server.c | 7 +++++-- + doc/arm/reference.rst | 6 +++--- + 3 files changed, 9 insertions(+), 6 deletions(-) + +diff --git a/bin/named/config.c b/bin/named/config.c +index fa8473db7c..b6453b814e 100644 +--- a/bin/named/config.c ++++ b/bin/named/config.c +@@ -151,7 +151,7 @@ options {\n\ + fetches-per-server 0;\n\ + fetches-per-zone 0;\n\ + glue-cache yes;\n\ +- lame-ttl 600;\n" ++ lame-ttl 0;\n" + #ifdef HAVE_LMDB + " lmdb-mapsize 32M;\n" + #endif /* ifdef HAVE_LMDB */ +diff --git a/bin/named/server.c b/bin/named/server.c +index 638703e8c2..35ad6a0b7f 100644 +--- a/bin/named/server.c ++++ b/bin/named/server.c +@@ -4806,8 +4806,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, + result = named_config_get(maps, "lame-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + lame_ttl = cfg_obj_asduration(obj); +- if (lame_ttl > 1800) { +- lame_ttl = 1800; ++ if (lame_ttl > 0) { ++ cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING, ++ "disabling lame cache despite lame-ttl > 0 as it " ++ "may cause performance issues"); ++ lame_ttl = 0; + } + dns_resolver_setlamettl(view->resolver, lame_ttl); + +diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst +index 3bc4439745..fea854f3d1 100644 +--- a/doc/arm/reference.rst ++++ b/doc/arm/reference.rst +@@ -3358,9 +3358,9 @@ Tuning + ^^^^^^ + + ``lame-ttl`` +- This sets the number of seconds to cache a lame server indication. 0 +- disables caching. (This is **NOT** recommended.) The default is +- ``600`` (10 minutes) and the maximum value is ``1800`` (30 minutes). ++ This is always set to 0. More information is available in the ++ `security advisory for CVE-2021-25219 ++ `_. + + ``servfail-ttl`` + This sets the number of seconds to cache a SERVFAIL response due to DNSSEC +-- +2.17.1 + diff --git a/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch new file mode 100644 index 0000000000..1217f7f186 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch @@ -0,0 +1,65 @@ +From 117cf776a7add27ac6d236b4062258da0d068486 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Mon, 15 Nov 2021 16:26:52 +0800 +Subject: [PATCH] Enable lame response detection even with disabled lame cache + +Previously, when lame cache would be disabled by setting lame-ttl to 0, +it would also disable lame answer detection. In this commit, we enable +the lame response detection even when the lame cache is disabled. This +enables stopping answer processing early rather than going through the +whole answer processing flow. + +CVE: CVE-2021-25219 + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787] + +Signed-off-by: Mingli Yu +--- + lib/dns/resolver.c | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 50fadc0..9291bd4 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -10217,25 +10217,26 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) { + */ + static isc_result_t + rctx_lameserver(respctx_t *rctx) { +- isc_result_t result; ++ isc_result_t result = ISC_R_SUCCESS; + fetchctx_t *fctx = rctx->fctx; + resquery_t *query = rctx->query; + +- if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) || +- !is_lame(fctx, query->rmessage)) +- { ++ if (ISFORWARDER(query->addrinfo) || !is_lame(fctx, query->rmessage)) { + return (ISC_R_SUCCESS); + } + + inc_stats(fctx->res, dns_resstatscounter_lame); + log_lame(fctx, query->addrinfo); +- result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name, +- fctx->type, rctx->now + fctx->res->lame_ttl); +- if (result != ISC_R_SUCCESS) { +- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, +- DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR, +- "could not mark server as lame: %s", +- isc_result_totext(result)); ++ if (fctx->res->lame_ttl != 0) { ++ result = dns_adb_marklame(fctx->adb, query->addrinfo, ++ &fctx->name, fctx->type, ++ rctx->now + fctx->res->lame_ttl); ++ if (result != ISC_R_SUCCESS) { ++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, ++ DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR, ++ "could not mark server as lame: %s", ++ isc_result_totext(result)); ++ } + } + rctx->broken_server = DNS_R_LAME; + rctx->next_server = true; +-- +2.17.1 + diff --git a/meta/recipes-connectivity/bind/bind_9.16.16.bb b/meta/recipes-connectivity/bind/bind_9.16.16.bb index b152598402..4bfdeca9ce 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.16.bb +++ b/meta/recipes-connectivity/bind/bind_9.16.16.bb @@ -18,6 +18,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ file://0001-avoid-start-failure-with-bind-user.patch \ + file://CVE-2021-25219-1.patch \ + file://CVE-2021-25219-2.patch \ " SRC_URI[sha256sum] = "6c913902adf878e7dc5e229cea94faefc9d40f44775a30213edd08860f761d7b" From patchwork Mon Nov 22 02:20:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 280 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3461FC4332F for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web08.1452.1637547654753978524 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122222" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122222" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:48 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428868" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:47 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 15/16] vim: fix CVE-2021-3927 and CVE-2021-3928 Date: Mon, 22 Nov 2021 10:20:19 +0800 Message-Id: <41ba5054fc4d014ab3a2af0cc7673e275aaecee0.1637546583.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158551 From: Mingli Yu Backport patches to fix CVE-2021-3927 and CVE-2021-3928. Signed-off-by: Mingli Yu Signed-off-by: Anuj Mittal --- .../vim/files/CVE-2021-3927.patch | 32 +++++++++++++++++ .../vim/files/CVE-2021-3928.patch | 34 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 2 ++ 3 files changed, 68 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2021-3927.patch create mode 100644 meta/recipes-support/vim/files/CVE-2021-3928.patch diff --git a/meta/recipes-support/vim/files/CVE-2021-3927.patch b/meta/recipes-support/vim/files/CVE-2021-3927.patch new file mode 100644 index 0000000000..90b1b6b82e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3927.patch @@ -0,0 +1,32 @@ +From f334a87204b4aab76536063b37b4d4a10be46a3a Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Wed, 17 Nov 2021 11:09:48 +0800 +Subject: [PATCH] patch 8.2.3581: reading character past end of line + +Problem: Reading character past end of line. +Solution: Correct the cursor column. + +CVE: CVE-2021-3927 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e] + +Signed-off-by: Mingli Yu +--- + src/ex_docmd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index 89d33ba90..54d7f4cb3 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap) + eap->forceit = TRUE; + } + curwin->w_cursor.lnum = eap->line2; ++ check_cursor_col(); + do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L, + PUT_LINE|PUT_CURSLINE); + } +-- +2.17.1 + diff --git a/meta/recipes-support/vim/files/CVE-2021-3928.patch b/meta/recipes-support/vim/files/CVE-2021-3928.patch new file mode 100644 index 0000000000..8672367ab9 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3928.patch @@ -0,0 +1,34 @@ +From ad7f7a3f81077ddfac451acd33ca049b9f2a5178 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Wed, 17 Nov 2021 11:22:21 +0800 +Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving + spell suggestions + +Problem: Reading uninitialized memory when giving spell suggestions. +Solution: Check that preword is not empty. + +CVE: CVE-2021-3928 + +Upstream-Status: Backport [https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732] + +Signed-off-by: Mingli Yu +--- + src/spellsuggest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/spellsuggest.c b/src/spellsuggest.c +index 9d6df7930..88307b203 100644 +--- a/src/spellsuggest.c ++++ b/src/spellsuggest.c +@@ -1600,7 +1600,7 @@ suggest_trie_walk( + // char, e.g., "thes," -> "these". + p = fword + sp->ts_fidx; + MB_PTR_BACK(fword, p); +- if (!spell_iswordp(p, curwin)) ++ if (!spell_iswordp(p, curwin) && *preword != NUL) + { + p = preword + STRLEN(preword); + MB_PTR_BACK(preword, p); +-- +2.17.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 65b0b2e330..864006192b 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -23,6 +23,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2021-3903.patch \ file://CVE-2021-3872.patch \ file://CVE-2021-3875.patch \ + file://CVE-2021-3927.patch \ + file://CVE-2021-3928.patch \ " SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" From patchwork Mon Nov 22 02:20:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 284 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D78DC43217 for ; Mon, 22 Nov 2021 02:20:55 +0000 (UTC) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1405.1637547653561434812 for ; Sun, 21 Nov 2021 18:20:54 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: anuj.mittal@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10175"; a="298122226" X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="298122226" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:50 -0800 X-IronPort-AV: E=Sophos;i="5.87,253,1631602800"; d="scan'208";a="739428872" Received: from kkleong1-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.239.135]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2021 18:20:48 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 16/16] squashfs-tools: fix CVE-2021-41072 Date: Mon, 22 Nov 2021 10:20:20 +0800 Message-Id: X-Mailer: git-send-email 2.33.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Nov 2021 02:20:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/158552 From: Kai Kang Backport patches to fix CVE-2021-41072. And update context for verison 4.4 at same time. CVE: CVE-2021-41072 Ref: * https://nvd.nist.gov/vuln/detail/CVE-2021-41072 Signed-off-by: Kai Kang Signed-off-by: Anuj Mittal --- .../files/CVE-2021-41072-requisite-1.patch | 135 +++++++ .../files/CVE-2021-41072-requisite-2.patch | 109 ++++++ .../files/CVE-2021-41072-requisite-3.patch | 330 ++++++++++++++++++ .../squashfs-tools/files/CVE-2021-41072.patch | 316 +++++++++++++++++ .../squashfs-tools/squashfs-tools_git.bb | 4 + 5 files changed, 894 insertions(+) create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch new file mode 100644 index 0000000000..d01b5c6871 --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch @@ -0,0 +1,135 @@ +The commit is required by the fix for CVE-2021-41072. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441] + +Signed-off-by: Kai Kang + +From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 19:58:19 +0100 +Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 3 +-- + squashfs-tools/unsquash-1234.c | 11 +++++++++-- + squashfs-tools/unsquash-2.c | 3 +-- + squashfs-tools/unsquash-3.c | 3 +-- + squashfs-tools/unsquash-4.c | 3 +-- + squashfs-tools/unsquashfs.c | 7 ------- + squashfs-tools/unsquashfs.h | 1 + + 7 files changed, 14 insertions(+), 17 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index acba821..7598499 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index c2d4f42..0c8dfbb 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -25,8 +25,8 @@ + * unsquash-4. + */ + +-#define TRUE 1 +-#define FALSE 0 ++#include "unsquashfs.h" ++ + /* + * Check name for validity, name should not + * - be ".", "./", or +@@ -56,3 +56,10 @@ int check_name(char *name, int size) + + return TRUE; + } ++ ++ ++void squashfs_closedir(struct dir *dir) ++{ ++ free(dir->dirs); ++ free(dir); ++} +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 0746b3d..86f62ba 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 094caaa..c04aa9e 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 3a1b9e1..ff62dcc 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c +index 7b590bd..04be53c 100644 +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type) + } + + +-void squashfs_closedir(struct dir *dir) +-{ +- free(dir->dirs); +- free(dir); +-} +- +- + char *get_component(char *target, char **targname) + { + char *start; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 2e9201c..5ecb2ab 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -291,4 +291,5 @@ extern long long *alloc_index_table(int); + + /* unsquash-1234.c */ + extern int check_name(char *, int); ++extern void squashfs_closedir(struct dir *); + #endif +-- +2.17.1 + diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch new file mode 100644 index 0000000000..0b80d07b3b --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch @@ -0,0 +1,109 @@ +The commit is required by the fix for CVE-2021-41072. Update context for +version 4.4. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] + +Signed-off-by: Kai Kang + +From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 20:09:13 +0100 +Subject: [PATCH] unsquashfs: dynamically allocate name + +Dynamically allocate name rather than store it +directly in structure. + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 2 +- + squashfs-tools/unsquash-1234.c | 5 +++++ + squashfs-tools/unsquash-2.c | 2 +- + squashfs-tools/unsquash-3.c | 2 +- + squashfs-tools/unsquash-4.c | 2 +- + squashfs-tools/unsquashfs.h | 2 +- + 6 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index 7598499..d0121c6 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -303,7 +303,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index 0c8dfbb..ac46d9d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,6 +60,11 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { ++ int i; ++ ++ for(i = 0; i < dir->dir_count; i++) ++ free(dir->dirs[i].name); ++ + free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 86f62ba..e847980 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -404,7 +404,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index c04aa9e..8223f27 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -431,7 +431,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ff62dcc..1e199a7 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -367,7 +367,7 @@ static struct dir *squashfs_opendir(unsi + "realloc failed!\n"); + dir->dirs = new_dir; + } +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 5ecb2ab..583fbe4 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -165,7 +165,7 @@ struct queue { + #define DIR_ENT_SIZE 16 + + struct dir_ent { +- char name[SQUASHFS_NAME_LEN + 1]; ++ char *name; + unsigned int start_block; + unsigned int offset; + unsigned int type; +-- +2.17.1 + diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch new file mode 100644 index 0000000000..fad5898f13 --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch @@ -0,0 +1,330 @@ +The commit is required by the fix for CVE-2021-41072. Update context for +version 4.4. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/9938154] + +Signed-off-by: Kai Kang + +From 9938154174756ee48a94ea0b076397a2944b028d Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 22:58:11 +0100 +Subject: [PATCH] unsquashfs: use linked list to store directory names + +This should bring higher performance, and it allows sorting +if necessary (1.x and 2.0 filesystems). + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 30 +++++++++++++++--------------- + squashfs-tools/unsquash-1234.c | 12 ++++++++---- + squashfs-tools/unsquash-2.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquash-3.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquash-4.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquashfs.c | 16 ++++++++++------ + squashfs-tools/unsquashfs.h | 3 ++- + 7 files changed, 80 insertions(+), 68 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index d0121c6..b604434 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -207,7 +207,7 @@ static struct dir *squashfs_opendir(unsi + long long start; + int bytes; + int dir_count, size; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -220,7 +220,7 @@ static struct dir *squashfs_opendir(unsi + EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n"); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -295,19 +295,20 @@ static struct dir *squashfs_opendir(unsi + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- EXIT_UNSQUASH("squashfs_opendir: " +- "realloc failed!\n"); +- dir->dirs = new_dir; +- } +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); ++ ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index ac46d9d..e389f8d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,11 +60,15 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { +- int i; ++ struct dir_ent *ent = dir->dirs; + +- for(i = 0; i < dir->dir_count; i++) +- free(dir->dirs[i].name); ++ while(ent) { ++ struct dir_ent *tmp = ent; ++ ++ ent = ent->next; ++ free(tmp->name); ++ free(tmp); ++ } + +- free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index e847980..956f96f 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -308,7 +308,7 @@ static struct dir *squashfs_opendir(unsi + long long start; + int bytes; + int dir_count, size; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -321,7 +321,7 @@ static struct dir *squashfs_opendir(unsi + EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n"); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -396,19 +396,20 @@ static struct dir *squashfs_opendir(unsi + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- EXIT_UNSQUASH("squashfs_opendir: " +- "realloc failed!\n"); +- dir->dirs = new_dir; +- } +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); ++ ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 8223f27..835a574 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -334,7 +334,7 @@ static struct dir *squashfs_opendir(unsi + long long start; + int bytes; + int dir_count, size; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -347,7 +347,7 @@ static struct dir *squashfs_opendir(unsi + EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n"); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -423,19 +423,20 @@ static struct dir *squashfs_opendir(unsi + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- EXIT_UNSQUASH("squashfs_opendir: " +- "realloc failed!\n"); +- dir->dirs = new_dir; +- } +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); ++ ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 1e199a7..694783d 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -281,7 +281,7 @@ static struct dir *squashfs_opendir(unsi + long long start; + long long bytes; + int dir_count, size; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -294,7 +294,7 @@ static struct dir *squashfs_opendir(unsi + EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n"); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -359,19 +359,20 @@ static struct dir *squashfs_opendir(unsi + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- EXIT_UNSQUASH("squashfs_opendir: " +- "realloc failed!\n"); +- dir->dirs = new_dir; +- } +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); ++ ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c +index 04be53c..fee28ec 100644 +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1277,14 +1277,18 @@ failed: + int squashfs_readdir(struct dir *dir, char **name, unsigned int *start_block, + unsigned int *offset, unsigned int *type) + { +- if(dir->cur_entry == dir->dir_count) ++ if(dir->cur_entry == NULL) ++ dir->cur_entry = dir->dirs; ++ else ++ dir->cur_entry = dir->cur_entry->next; ++ ++ if(dir->cur_entry == NULL) + return FALSE; + +- *name = dir->dirs[dir->cur_entry].name; +- *start_block = dir->dirs[dir->cur_entry].start_block; +- *offset = dir->dirs[dir->cur_entry].offset; +- *type = dir->dirs[dir->cur_entry].type; +- dir->cur_entry ++; ++ *name = dir->cur_entry->name; ++ *start_block = dir->cur_entry->start_block; ++ *offset = dir->cur_entry->offset; ++ *type = dir->cur_entry->type; + + return TRUE; + } +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 583fbe4..f8cf78c 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -169,17 +169,18 @@ struct dir_ent { + unsigned int start_block; + unsigned int offset; + unsigned int type; ++ struct dir_ent *next; + }; + + struct dir { + int dir_count; +- int cur_entry; + unsigned int mode; + uid_t uid; + gid_t guid; + unsigned int mtime; + unsigned int xattr; + struct dir_ent *dirs; ++ struct dir_ent *cur_entry; + }; + + struct file_entry { +-- +2.17.1 + diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch new file mode 100644 index 0000000000..29ec3bbeab --- /dev/null +++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch @@ -0,0 +1,316 @@ +CVE: CVE-2021-41072 +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/e048580] + +Backport commit to fix CVE-2021-41072. And squash a follow-up fix for +CVE-2021-41072 from upstream: +https://github.com/plougher/squashfs-tools/commit/19fcc93 + +Update context for version 4.4. + +Signed-off-by: Kai Kang + +From e0485802ec72996c20026da320650d8362f555bd Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 23:50:06 +0100 +Subject: [PATCH] Unsquashfs: additional write outside destination directory + exploit fix + +An issue on github (https://github.com/plougher/squashfs-tools/issues/72) +showed how some specially crafted Squashfs filesystems containing +invalid file names (with '/' and '..') can cause Unsquashfs to write +files outside of the destination directory. + +Since then it has been shown that specially crafted Squashfs filesystems +that contain a symbolic link pointing outside of the destination directory, +coupled with an identically named file within the same directory, can +cause Unsquashfs to write files outside of the destination directory. + +Specifically the symbolic link produces a pathname pointing outside +of the destination directory, which is then followed when writing the +duplicate identically named file within the directory. + +This commit fixes this exploit by explictly checking for duplicate +filenames within a directory. As directories in v2.1, v3.x, and v4.0 +filesystems are sorted, this is achieved by checking for consecutively +identical filenames. Additionally directories are checked to +ensure they are sorted, to avoid attempts to evade the duplicate +check. + +Version 1.x and 2.0 filesystems (where the directories were unsorted) +are sorted and then the above duplicate filename check is applied. + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/Makefile | 6 +- + squashfs-tools/unsquash-1.c | 6 ++ + squashfs-tools/unsquash-12.c | 110 +++++++++++++++++++++++++++++++++ + squashfs-tools/unsquash-1234.c | 21 +++++++ + squashfs-tools/unsquash-2.c | 16 +++++ + squashfs-tools/unsquash-3.c | 6 ++ + squashfs-tools/unsquash-4.c | 6 ++ + squashfs-tools/unsquashfs.h | 4 ++ + 8 files changed, 173 insertions(+), 2 deletions(-) + create mode 100644 squashfs-tools/unsquash-12.c + +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile +index 7262a2e..1b544ed 100755 +--- a/squashfs-tools/Makefile ++++ b/squashfs-tools/Makefile +@@ -156,8 +156,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o + caches-queues-lists.o + + UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \ +- unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \ +- compressor.o unsquashfs_info.o ++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o unsquash-12.o \ ++ swap.o compressor.o unsquashfs_info.o + + CFLAGS ?= -O2 + CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \ +@@ -353,6 +353,8 @@ unsquash-34.o: unsquashfs.h unsquash-34.c unsquashfs_error.h + + unsquash-1234.o: unsquash-1234.c + ++unsquash-12.o: unsquash-12.c unsquashfs.h ++ + unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h + + unsquashfs_info.o: unsquashfs.h squashfs_fs.h +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -314,6 +314,12 @@ static struct dir *squashfs_opendir(unsi + } + } + ++ /* check directory for duplicate names. Need to sort directory first */ ++ sort_directory(dir); ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names\n"); ++ goto corrupted; ++ } + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquash-12.c b/squashfs-tools/unsquash-12.c +new file mode 100644 +index 0000000..61bf128 +--- /dev/null ++++ b/squashfs-tools/unsquash-12.c +@@ -0,0 +1,110 @@ ++/* ++ * Unsquash a squashfs filesystem. This is a highly compressed read only ++ * filesystem. ++ * ++ * Copyright (c) 2021 ++ * Phillip Lougher ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * unsquash-12.c ++ * ++ * Helper functions used by unsquash-1 and unsquash-2. ++ */ ++ ++#include "unsquashfs.h" ++ ++/* ++ * Bottom up linked list merge sort. ++ * ++ */ ++void sort_directory(struct dir *dir) ++{ ++ struct dir_ent *cur, *l1, *l2, *next; ++ int len1, len2, stride = 1; ++ ++ if(dir->dir_count < 2) ++ return; ++ ++ /* ++ * We can consider our linked-list to be made up of stride length ++ * sublists. Eacn iteration around this loop merges adjacent ++ * stride length sublists into larger 2*stride sublists. We stop ++ * when stride becomes equal to the entire list. ++ * ++ * Initially stride = 1 (by definition a sublist of 1 is sorted), and ++ * these 1 element sublists are merged into 2 element sublists, which ++ * are then merged into 4 element sublists and so on. ++ */ ++ do { ++ l2 = dir->dirs; /* head of current linked list */ ++ cur = NULL; /* empty output list */ ++ ++ /* ++ * Iterate through the linked list, merging adjacent sublists. ++ * On each interation l2 points to the next sublist pair to be ++ * merged (if there's only one sublist left this is simply added ++ * to the output list) ++ */ ++ while(l2) { ++ l1 = l2; ++ for(len1 = 0; l2 && len1 < stride; len1 ++, l2 = l2->next); ++ len2 = stride; ++ ++ /* ++ * l1 points to first sublist. ++ * l2 points to second sublist. ++ * Merge them onto the output list ++ */ ++ while(len1 && l2 && len2) { ++ if(strcmp(l1->name, l2->name) <= 0) { ++ next = l1; ++ l1 = l1->next; ++ len1 --; ++ } else { ++ next = l2; ++ l2 = l2->next; ++ len2 --; ++ } ++ ++ if(cur) { ++ cur->next = next; ++ cur = next; ++ } else ++ dir->dirs = cur = next; ++ } ++ /* ++ * One sublist is now empty, copy the other one onto the ++ * output list ++ */ ++ for(; len1; len1 --, l1 = l1->next) { ++ if(cur) { ++ cur->next = l1; ++ cur = l1; ++ } else ++ dir->dirs = cur = l1; ++ } ++ for(; l2 && len2; len2 --, l2 = l2->next) { ++ if(cur) { ++ cur->next = l2; ++ cur = l2; ++ } else ++ dir->dirs = cur = l2; ++ } ++ } ++ cur->next = NULL; ++ stride = stride << 1; ++ } while(stride < dir->dir_count); ++} +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index e389f8d..98a81ed 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -72,3 +72,24 @@ void squashfs_closedir(struct dir *dir) + + free(dir); + } ++ ++ ++/* ++ * Check directory for duplicate names. As the directory should be sorted, ++ * duplicates will be consecutive. Obviously we also need to check if the ++ * directory has been deliberately unsorted, to evade this check. ++ */ ++int check_directory(struct dir *dir) ++{ ++ int i; ++ struct dir_ent *ent; ++ ++ if(dir->dir_count < 2) ++ return TRUE; ++ ++ for(ent = dir->dirs, i = 0; i < dir->dir_count - 1; ent = ent->next, i++) ++ if(strcmp(ent->name, ent->next->name) >= 0) ++ return FALSE; ++ ++ return TRUE; ++} +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 956f96f..0e36f7d 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -29,6 +29,7 @@ static squashfs_fragment_entry_2 *fragme + static unsigned int *uid_table, *guid_table; + static char *inode_table, *directory_table; + static squashfs_operations ops; ++static int needs_sorting = FALSE; + + static void read_block_list(unsigned int *block_list, char *block_ptr, int blocks) + { +@@ -415,6 +416,17 @@ static struct dir *squashfs_opendir(unsi + } + } + ++ if(needs_sorting) ++ sort_directory(dir); ++ ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ if(needs_sorting) ++ ERROR("File system corrupted: directory has duplicate names\n"); ++ else ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } + return dir; + + corrupted: +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -442,6 +442,12 @@ static struct dir *squashfs_opendir(unsi + } + } + ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } ++ + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 694783d..c615bb8 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -378,6 +378,12 @@ static struct dir *squashfs_opendir(unsi + } + } + ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } ++ + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index f8cf78c..bf2a80d 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -266,4 +266,8 @@ extern long long *alloc_index_table(int) + /* unsquash-1234.c */ + extern int check_name(char *, int); + extern void squashfs_closedir(struct dir *); ++extern int check_directory(struct dir *); ++ ++/* unsquash-12.c */ ++extern void sort_directory(struct dir *); + #endif +-- +2.17.1 + diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index 5d754b20b3..caa5417ed0 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -12,6 +12,10 @@ SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67" SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \ file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \ file://CVE-2021-40153.patch;striplevel=2 \ + file://CVE-2021-41072-requisite-1.patch;striplevel=2 \ + file://CVE-2021-41072-requisite-2.patch;striplevel=2 \ + file://CVE-2021-41072-requisite-3.patch;striplevel=2 \ + file://CVE-2021-41072.patch;striplevel=2 \ " S = "${WORKDIR}/git/squashfs-tools"