From patchwork Thu Aug 3 14:04:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC3F2C04A6A for ; Thu, 3 Aug 2023 14:04:28 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.15483.1691071463867136719 for ; Thu, 03 Aug 2023 07:04:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=P6IzGlYU; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-68706d67ed9so698647b3a.2 for ; Thu, 03 Aug 2023 07:04:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071463; x=1691676263; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OfjuUJMCss61aIuL6CLDn5sMcz6Bq8cPfyI12jJPJ2Y=; b=P6IzGlYU5onVsFrcCZkUDHCU4OeGCXEUJrk7jB46EXrs5EiyAmZJAIQVtGfDv4ii6j MNk8KoZ7P8qrsohZT/JpTaBXBcgHwtkAOgllcXNdcxxinnMhIGynrIi81Ob3yp9y97Am BXume6yBbX34V5BX488P16hS/ZQ2SDGtQ5wQ3VKJYmW6BGJZjBlSZuMK5zbYO8XRRAdd zguo+Og8pYWM0X0qy9TGu8fnYC/kR/0iOSdugguTVkWGE3IT2b7cSJfBmoEIjhVKOWuH THIug5rJKb84qcma1b5xYRLQR+4aHD1XdFZHArXIeTtFMRG01xSGHCXObkpUnoz57Fl9 ul0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071463; x=1691676263; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OfjuUJMCss61aIuL6CLDn5sMcz6Bq8cPfyI12jJPJ2Y=; b=QaG+c8dEFafUmSHfOt5nHLnplga3LHDKHEuBBikiThoQLt8p7ujpkFDqolFbpcSKXZ WOXEMduuZWfgWwfKGrTg78VQmorh5IE8zhMj2e2riRUVqcerQt1ndq7gDvTrgvJWcDqS z1IMi3t41++CHhmdSRRGOGj2yRNKtpfe0oj7Q9tEwOi/M5laJSwbaNORdNT4UaF4hh0x OphyqPLxA7BX6YFDctYuOIk3LSwzYrwoXM29qJhV4p4dDYEKvBGtk6MtqoI4frmFZcWb BrA6Hlhg4Nogvf3JHrnWinIU3IbiO6OfIzR6dyzYar30ONRBp8PKv0QXcotLYSuMLqci Yx4Q== X-Gm-Message-State: ABy/qLZNLPP754LVxmw3KH1oEPtXRAMGwByMVEFMTSt21K0krL+6lwsW S5cGBHb3MbEVfZ4BGN4Yl3C2XFSeVzgupgeg9YA= X-Google-Smtp-Source: APBJJlGoUFKlHt08fCrzd+NzYK0J16nqWwFialaZDc+13YssMCdkJz5X3CFTwyoZ8Ab4ElAnfisZFQ== X-Received: by 2002:a05:6a20:659:b0:137:6958:d517 with SMTP id 25-20020a056a20065900b001376958d517mr16605299pzm.24.1691071462568; Thu, 03 Aug 2023 07:04:22 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] libpcre2: patch CVE-2022-41409 Date: Thu, 3 Aug 2023 04:04:05 -1000 Message-Id: <410cdbc70cfba709ec5bef508e772f52514ba28a.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185480 From: Peter Marko Backport commit mentioned in NVD DB links. https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libpcre/libpcre2/CVE-2022-41409.patch | 75 +++++++++++++++++++ .../recipes-support/libpcre/libpcre2_10.40.bb | 1 + 2 files changed, 76 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch new file mode 100644 index 0000000000..833348cdf1 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch @@ -0,0 +1,75 @@ +From 94e1c001761373b7d9450768aa15d04c25547a35 Mon Sep 17 00:00:00 2001 +From: Philip Hazel +Date: Tue, 16 Aug 2022 17:00:45 +0100 +Subject: [PATCH] Diagnose negative repeat value in pcre2test subject line + +CVE: CVE-2022-41409 +Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35] + +Signed-off-by: Peter Marko + +--- + ChangeLog | 3 +++ + src/pcre2test.c | 4 ++-- + testdata/testinput2 | 3 +++ + testdata/testoutput2 | 4 ++++ + 4 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index eab50eb7..276eb57a 100644 +--- a/ChangeLog ++++ b/ChangeLog +index eab50eb7..276eb57a 100644 +@@ -1,6 +1,9 @@ + Change Log for PCRE2 + -------------------- + ++20. A negative repeat value in a pcre2test subject line was not being ++diagnosed, leading to infinite looping. ++ + + Version 10.40 15-April-2022 + --------------------------- +diff --git a/src/pcre2test.c b/src/pcre2test.c +index 08f86096..f6f5d66c 100644 +--- a/src/pcre2test.c ++++ b/src/pcre2test.c +@@ -6781,9 +6781,9 @@ while ((c = *p++) != 0) + } + + i = (int32_t)li; +- if (i-- == 0) ++ if (i-- <= 0) + { +- fprintf(outfile, "** Zero repeat not allowed\n"); ++ fprintf(outfile, "** Zero or negative repeat not allowed\n"); + return PR_OK; + } + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index d37d8f30..717ba2ae 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -5932,4 +5932,7 @@ a)"xI + /[Aa]{2,3}/BI + aabcd + ++-- ++ \[X]{-10} ++ + # End of testinput2 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index ce090f8c..d2188d3c 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -17746,6 +17746,10 @@ Subject length lower bound = 2 + aabcd + 0: aa + ++-- ++ \[X]{-10} ++** Zero or negative repeat not allowed ++ + # End of testinput2 + Error -70: PCRE2_ERROR_BADDATA (unknown error number) + Error -62: bad serialized data diff --git a/meta/recipes-support/libpcre/libpcre2_10.40.bb b/meta/recipes-support/libpcre/libpcre2_10.40.bb index 3843d43b69..74c12ecec2 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.40.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.40.bb @@ -11,6 +11,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=41bfb977e4933c506588724ce69bf5d2" SRC_URI = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${PV}/pcre2-${PV}.tar.bz2 \ + file://CVE-2022-41409.patch \ " UPSTREAM_CHECK_URI = "https://github.com/PhilipHazel/pcre2/releases" From patchwork Thu Aug 3 14:04:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3768C04A94 for ; Thu, 3 Aug 2023 14:04:28 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.15686.1691071465354381488 for ; Thu, 03 Aug 2023 07:04:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=Q7rcxMSG; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-686ea67195dso689641b3a.2 for ; Thu, 03 Aug 2023 07:04:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071464; x=1691676264; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=w7/umV3N+7n8FmJziIsUxY9+J38CBURk/OGT3jPp5xg=; b=Q7rcxMSGWmKs7UTqomw4gkRuD8VaAql5gg+nYqBpsbBAFTk7XZ3N5HwZGGOUK4d/cy +jAD0WbGFStH/VKAH8HEYj4hANRbzKog2+5k1DtbVKZyenSQbp87GKAqHJmReMQF5V7e Tz1k7j77vDQUoM2xVjOi21Bsql8JXbwF76qqbQgAESPHGqnaIdBXcXfT6ZYTOblecoTM BZK5IQcpzOYA9LRb5WQQOdgSbuC6OE/sVmtT6tylxckAvrpvO5bisttRnDJzYqeUZfg0 aaVpZDBzMRx07t5mdrIhwHs/IflFr0y3MwIzzeE1eix43VWKsBssh++D553fSKh1dEtj zfJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071464; x=1691676264; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w7/umV3N+7n8FmJziIsUxY9+J38CBURk/OGT3jPp5xg=; b=AKSto1yql/rgISimSNX5Qtiv6nFzcz5Pz6ptgqJ74NmnLYMp/OixbmOTazll+MNQf1 2jOYsSD1vLVFuiBa+oE9tj7e0169RFxywLwf3t9oU01nXNviyAMImuZC0KFQWLop6psz J+b28uMs+8mV7VX0jPWuHRyO6IUdb9/PRvbeV0V9MoFZCVNecjKKnpPsXZz1VCx+EK6G R4m+nYAPnClIe8aq1eCAp+7YwgmfpsXCeHE5cIA9R0zaMh8CeIdqBRfKgkPCWTMvXpfj ycMnqJaZrXa+G13j98CTb5QOscs7Yc++2D841CJr5EQTOEYhD9XTrhoAZZdgbchVuDu8 FUag== X-Gm-Message-State: ABy/qLZZmYO9mL/8jeNNeW6GlIC/MAg+zPBjPxlGR2pwpfiTNvdMku8/ 3AyX/LkxjAscD5Gp/IUopkiIu94wXl2/oMytKlg= X-Google-Smtp-Source: APBJJlHXj+lNQSvJDGRQ4vxWUTFhPDkgbOsjkRD8GR5kZgro61iQOarT8W6Wz46HgurwTBboIQxoRQ== X-Received: by 2002:a05:6a20:840d:b0:12d:23ea:9ccc with SMTP id c13-20020a056a20840d00b0012d23ea9cccmr22321244pzd.39.1691071464429; Thu, 03 Aug 2023 07:04:24 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] libarchive: ignore CVE-2023-30571 Date: Thu, 3 Aug 2023 04:04:06 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185481 From: Peter Marko This issue was reported and discusses under [1] which is linked in NVD CVE report. It was already documented that some parts or libarchive are thread safe and some not. [2] was now merged to document that also reported function is not thread safe. So this CVE *now* reports thread race condition for non-thread-safe function. And as such the CVE report is now invalid. The issue is still not closed for 2 reasons: * better document what is and what is not thread safe * request to public if someone could make these functions thread safe This should however not invalidate above statment about ignoring this CVE. [1] https://github.com/libarchive/libarchive/issues/1876 [2] https://github.com/libarchive/libarchive/pull/1875 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index ffcc103112..0219ffa720 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -33,6 +33,9 @@ UPSTREAM_CHECK_URI = "http://libarchive.org/" SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3" +# upstream-wontfix: upstream has documented that reported function is not thread-safe +CVE_CHECK_IGNORE += "CVE-2023-30571" + inherit autotools update-alternatives pkgconfig CPPFLAGS += "-I${WORKDIR}/extra-includes" From patchwork Thu Aug 3 14:04:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D2ACEB64DD for ; Thu, 3 Aug 2023 14:04:28 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.15688.1691071467528043062 for ; Thu, 03 Aug 2023 07:04:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=RA9vMuag; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-68706b39c4cso672013b3a.2 for ; Thu, 03 Aug 2023 07:04:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071466; x=1691676266; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yF1zr5sa5N0F036k4zZOVyE+upJae4T5LkRs704LQxo=; b=RA9vMuagyNBH0Xd2uSxGxmTXi40Bhv6BRb+aSjly3QXBANIk139mF+42hpMrqT3VBe HhhEbV8cjsabCNcogoJWsd3dS91DqB0Ut4Yft1I/MpkL9TYPSTrIkr5vxkMEk1vOB6xr 9zPgnkTnNEikLNmvhPPf0JHXPLowEOM5ocAmiwhfNDhAJgyR2GBaUDs1/GEIVYoaV6vD k4AS2BXD7yyObxYgr/O+JxfJ0ifAb2n8Y573/bZi4arOk9A8dI/D2trjfwdqoOvZ9IZw NsEdyf9ePL3KxolfADrFB3KlTvTUtrU7NIf67lCLKIpjc04FfAF/pjSBeYKKCpcV/ZDk QITg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071466; x=1691676266; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yF1zr5sa5N0F036k4zZOVyE+upJae4T5LkRs704LQxo=; b=gxu8/OReOMF2VmIJgZDLgDxAPJad3ybw92Nbd30W3xNSTpEKsqiAmB1h4vdT7V2Yrh y9eqNbMl1trRXZYJ+rCq5ePoSxcedNEH+BqN1b2ilIPxaAk+faifkf5Z+Dkg9hU0IgNU q2SU3ifFzZUJyNOsX+xeMj0JM+2kikIIzhxDiGVod3EUJOk4xyFxKyJx9VARuOjOGqlR OHWsAiUG7Y5+PXlRWhReloByHGZ55LSCIusryxqLof+/qf2kCrzcW+ou6ClA7zn7KQI8 LRWJUHtzVAjZUv+Ol3SoSUl/6wdOC9TB2+gHrr2tboNK2VwY+LSvaAeBfogs1MAG1yDa 3kJA== X-Gm-Message-State: ABy/qLZMgcyOprLwvzhfmROZeMJ6okjEa3dB9b7lVE5METABnq052E2m 6EGTNf2mv65Sv0PPAScTTuBMX3UPoumFF47EyQY= X-Google-Smtp-Source: APBJJlEJlIP8RAadcj1psGFqJNj2jcW0xvTptVQ59l10FMXlygCRhFg/ytJgxOUz4ZZFAnTX7hRFdA== X-Received: by 2002:a05:6a00:1253:b0:687:4fcf:8fcd with SMTP id u19-20020a056a00125300b006874fcf8fcdmr8214034pfi.18.1691071466382; Thu, 03 Aug 2023 07:04:26 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] qemu: fix CVE-2023-3301 Date: Thu, 3 Aug 2023 04:04:07 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185482 From: Archana Polampalli qemu: hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest References: https://nvd.nist.gov/vuln/detail/CVE-2023-3301 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-3301.patch | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3301.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index c6c6e49ebf..d5d210194b 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -94,6 +94,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch \ file://0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ file://CVE-2023-0330.patch \ + file://CVE-2023-3301.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3301.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3301.patch new file mode 100644 index 0000000000..ffb5cd3861 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3301.patch @@ -0,0 +1,60 @@ +From a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Mon, 19 Jun 2023 12:22:09 +0530 +Subject: [PATCH] vhost-vdpa: do not cleanup the vdpa/vhost-net structures if + peer nic is present + +When a peer nic is still attached to the vdpa backend, it is too early to free +up the vhost-net and vdpa structures. If these structures are freed here, then +QEMU crashes when the guest is being shut down. The following call chain +would result in an assertion failure since the pointer returned from +vhost_vdpa_get_vhost_net() would be NULL: + +do_vm_stop() -> vm_state_notify() -> virtio_set_status() -> +virtio_net_vhost_status() -> get_vhost_net(). + +Therefore, we defer freeing up the structures until at guest shutdown +time when qemu_cleanup() calls net_cleanup() which then calls +qemu_del_net_client() which would eventually call vhost_vdpa_cleanup() +again to free up the structures. This time, the loop in net_cleanup() +ensures that vhost_vdpa_cleanup() will be called one last time when +all the peer nics are detached and freed. + +All unit tests pass with this change. + +CC: imammedo@redhat.com +CC: jusual@redhat.com +CC: mst@redhat.com +Fixes: CVE-2023-3301 +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929 +Signed-off-by: Ani Sinha +Message-Id: <20230619065209.442185-1-anisinha@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin + +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8] +CVE: CVE-2023-3301 + + +Signed-off-by: Archana Polampalli +--- + net/vhost-vdpa.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/net/vhost-vdpa.c ++++ b/net/vhost-vdpa.c +@@ -140,6 +140,14 @@ static void vhost_vdpa_cleanup(NetClient + { + VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc); + ++ /* ++ * If a peer NIC is attached, do not cleanup anything. ++ * Cleanup will happen as a part of qemu_cleanup() -> net_cleanup() ++ * when the guest is shutting down. ++ */ ++ if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_NIC) { ++ return; ++ } + if (s->vhost_net) { + vhost_net_cleanup(s->vhost_net); + g_free(s->vhost_net); From patchwork Thu Aug 3 14:04:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FFA7C04A94 for ; Thu, 3 Aug 2023 14:04:38 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web10.15485.1691071469484917296 for ; Thu, 03 Aug 2023 07:04:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=ywd55ZfI; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-686d8c8fc65so707302b3a.0 for ; Thu, 03 Aug 2023 07:04:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071468; x=1691676268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=l3q2TvlqBL5E9WSf2WSvGE6v6Xd/MliipGbQrMkq6ZY=; b=ywd55ZfIaTTH5hJq9PKpW7r1PXOl0DhaL26XyObISb+BNKdZqa7VwgybkpYDQoOMzm baxlOjH/lIgCE+nNJP8W21u8gCI4YxMRpuGIO7che0hjurqD7Q+cDLA2f3EZDiI1AiBT K6O0ObCPd1UQSq1xt08jZeqS6mXKH4NPpyR4HeQf31Vji9T4/exBjFIjpZk5yVWlp2BT wgK6odXGjOoPM7gG4QGSTI7++4Wum6u3THVWtu0jJoIaYVvqBmE9tO94ydTXy1IfEFww JuYEzcl6/XYPkzGGqxkyUjCEv/12HsSFE2EqPqwYVmpHZcQiDoxEVTFfON5L0Oh150vf TMOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071468; x=1691676268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l3q2TvlqBL5E9WSf2WSvGE6v6Xd/MliipGbQrMkq6ZY=; b=lC5QSDG2VhcQnju6iOYw/50VDTrl+hmK+UUicee+dmryDlFx7SLXbt2qNPd/YRH4eV qFiGkF8t1WrEgsqR9WiDot2TG2FY2cbkH/Zvx9iom/9R6HdykYVJUrfV0EyQ6UH33fUz 5stsu5o4O1ITlp809Dt35mIwqohjpdSNlWPpce/WNShhODq4FHLFpd/aK9r5YEJr/yu4 T4xsrs59PnicMp0J/IpvBr0ZsKeaL0sChZCwdlN/CWPQvtkxNnqoyIqUy91UX3nTdOAe LSHiG3j7q3WmAVA1RPQxIOM23mLFwjWENH8eNxrRmJAdgbME4L3ul1kdLh3ZoMRDEE2x Cp7w== X-Gm-Message-State: ABy/qLaU1naLW8zytMKRVG5rbY7EE0ZJewYX2Kh0Qkwd9A89GPYC4u6F +hcPgGpGPC+5zBE8os0rP4qMACjSl/NzUz78xLw= X-Google-Smtp-Source: APBJJlFRsVSwNMkjKZ/cplzWiNisX0d4wqw7P6WtpoXM7BrgaGYrLsZCRWiWp7C7/IGJQPzCnaTjBw== X-Received: by 2002:a05:6a21:498e:b0:12f:dc60:2b9e with SMTP id ax14-20020a056a21498e00b0012fdc602b9emr17813802pzc.48.1691071468503; Thu, 03 Aug 2023 07:04:28 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:28 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] qemu: fix CVE-2023-3255 Date: Thu, 3 Aug 2023 04:04:08 -1000 Message-Id: <52711b1392ed0c5cbe4ddf70a94b21be2f4e6e58.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185483 From: Archana Polampalli VNC: infinite loop in inflate_buffer() leads to denial of service References: https://nvd.nist.gov/vuln/detail/CVE-2023-3255 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/d921fea338c1059a27ce7b75309d7a2e485f710b Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-3255.patch | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3255.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index d5d210194b..83959f3c68 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -95,6 +95,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ file://CVE-2023-0330.patch \ file://CVE-2023-3301.patch \ + file://CVE-2023-3255.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3255.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3255.patch new file mode 100644 index 0000000000..f030df111f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3255.patch @@ -0,0 +1,64 @@ +From d921fea338c1059a27ce7b75309d7a2e485f710b Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella +Date: Tue, 4 Jul 2023 10:41:22 +0200 +Subject: [PATCH] ui/vnc-clipboard: fix infinite loop in inflate_buffer + (CVE-2023-3255) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A wrong exit condition may lead to an infinite loop when inflating a +valid zlib buffer containing some extra bytes in the `inflate_buffer` +function. The bug only occurs post-authentication. Return the buffer +immediately if the end of the compressed data has been reached +(Z_STREAM_END). + +Fixes: CVE-2023-3255 +Fixes: 0bf41cab ("ui/vnc: clipboard support") +Reported-by: Kevin Denis +Signed-off-by: Mauro Matteo Cascella +Reviewed-by: Marc-André Lureau +Tested-by: Marc-André Lureau +Message-ID: <20230704084210.101822-1-mcascell@redhat.com> + +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/d921fea338c1059a27ce7b75309d7a2e485f710b] + +CVE: CVE-2023-3255 + +Signed-off-by: Archana Polampalli + +--- + ui/vnc-clipboard.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c +index 8aeadfaa21..c759be3438 100644 +--- a/ui/vnc-clipboard.c ++++ b/ui/vnc-clipboard.c +@@ -50,8 +50,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size) + ret = inflate(&stream, Z_FINISH); + switch (ret) { + case Z_OK: +- case Z_STREAM_END: + break; ++ case Z_STREAM_END: ++ *size = stream.total_out; ++ inflateEnd(&stream); ++ return out; + case Z_BUF_ERROR: + out_len <<= 1; + if (out_len > (1 << 20)) { +@@ -66,11 +69,6 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size) + } + } + +- *size = stream.total_out; +- inflateEnd(&stream); +- +- return out; +- + err_end: + inflateEnd(&stream); + err: +-- +2.40.0 From patchwork Thu Aug 3 14:04:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FFE8C04E69 for ; Thu, 3 Aug 2023 14:04:38 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.15490.1691071471752143375 for ; Thu, 03 Aug 2023 07:04:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=J5xD9OGI; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-686fc0d3c92so683570b3a.0 for ; Thu, 03 Aug 2023 07:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071471; x=1691676271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=orPYditGPciJweCGmUryhRip7kxdPAEDc2yTi2g4Ygc=; b=J5xD9OGIksJiIj4wWG3Jqy/a+leicFHlDrmXQUG+FhY8dcvn/nn/EPxnEy0XsI+elm dkYrd4LpJA4JJbWVmsaMSCgFn5ubTNmgEAy67tsQwTDyJUun4wqlyXRSoZbTPX22JNGY NusZ6kEzuCYKhcazf+Xqgcfg7yTZ+v9miEer3cP5HugBQXKX8xqFl8RTdJQv8H8RF2Zl cdn2LbW7wRO2YwuLdf8fauaEpx5HMSME14b8n7o+e30mgEf3tceMakshmWYsql/oOxy/ aOPnhtCMuY3Q9nA4T3eZZz2kg09Nbt+wnp/tq0RAnew4t0LXlyoOqAjlVI8EOhvdaCz+ pxEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071471; x=1691676271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=orPYditGPciJweCGmUryhRip7kxdPAEDc2yTi2g4Ygc=; b=UlMJtr20grbsM7cKLDyEJwlj4X1SVcT/Zi52aGTuXP5avEAM79atZfu+4V0dXIoiq4 +azQqYxoDgVYdi5Jtkn7ZDoxVYekg8TbsqN6N/7IidIOK6ACHfDGVrcdht0jVse2uWrn 0mvA+UNDofkb/FEkCmC2f1T6Htb8MmS/ncmxUZMMtWtolOhsFWfgrLwKZgpVoNPLAknI LdEO4GsEhi04bozBqrpUY+0DG1pRDL65kbGIjvOe786Y3IVRlQzktzo69XbYFwSfYk3G y7WUgT3gpRWVORMF1GIdqI//cilk3LnbuDjsMJoK5p6NsNBfqRJlVyFGyrmBJ5AuPt52 Hf9w== X-Gm-Message-State: ABy/qLb1V/UrtaMoR1rS/PmtFwTHo7T6qcTR5kOwbDZsa0GsCUBfUsfJ AWjtc1qL4S9Fs3GrTp+imTR2vqs7vcwfYdghU6s= X-Google-Smtp-Source: APBJJlEWbm2HffnSoRRFtOyZfa37LSZtAhdCckR3JvXoe2KiyFshyWxBAdZfvOJnAvu/IQLtMDvfKQ== X-Received: by 2002:a05:6a21:9996:b0:11f:2714:f6f3 with SMTP id ve22-20020a056a21999600b0011f2714f6f3mr19240401pzb.11.1691071470625; Thu, 03 Aug 2023 07:04:30 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] qemu: fix CVE-2023-2861 Date: Thu, 3 Aug 2023 04:04:09 -1000 Message-Id: <9bd4ddeb4b5efc65b0514d50d6991211271924c1.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185484 From: Archana Polampalli 9pfs: prevent opening special files References: https://nvd.nist.gov/vuln/detail/CVE-2023-2861 Upstream patches: https://github.com/qemu/qemu/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-2861.patch | 172 ++++++++++++++++++ 2 files changed, 173 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 83959f3c68..96a1cc93a5 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -96,6 +96,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-0330.patch \ file://CVE-2023-3301.patch \ file://CVE-2023-3255.patch \ + file://CVE-2023-2861.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch new file mode 100644 index 0000000000..48f51f5d03 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch @@ -0,0 +1,172 @@ +From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001 +From: Christian Schoenebeck +Date: Wed Jun 7 18:29:33 2023 +0200 +Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861) The 9p + protocol does not specifically define how server shall behave when client + tries to open a special file, however from security POV it does make sense + for 9p server to prohibit opening any special file on host side in general. A + sane Linux 9p client for instance would never attempt to open a special file + on host side, it would always handle those exclusively on its guest side. A + malicious client however could potentially escape from the exported 9p tree + by creating and opening a device file on host side. + +With QEMU this could only be exploited in the following unsafe setups: + + - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough' + security model. + +or + + - Using 9p 'proxy' fs driver (which is running its helper daemon as + root). + +These setups were already discouraged for safety reasons before, +however for obvious reasons we are now tightening behaviour on this. + +Fixes: CVE-2023-2861 +Reported-by: Yanwu Shen +Reported-by: Jietao Xiao +Reported-by: Jinku Li +Reported-by: Wenbo Shen +Signed-off-by: Christian Schoenebeck +Reviewed-by: Greg Kurz +Reviewed-by: Michael Tokarev +Message-Id: +(cherry picked from commit f6b0de5) +Signed-off-by: Michael Tokarev +(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used) + +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5] + +CVE: CVE-2023-2861 + +Signed-off-by: Archana Polampalli +--- + fsdev/virtfs-proxy-helper.c | 27 ++++++++++++++++++++++++-- + hw/9pfs/9p-util.h | 38 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 63 insertions(+), 2 deletions(-) + +diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c +index 15c0e79b0..f9e4669a5 100644 +--- a/fsdev/virtfs-proxy-helper.c ++++ b/fsdev/virtfs-proxy-helper.c +@@ -26,6 +26,7 @@ + #include "qemu/xattr.h" + #include "9p-iov-marshal.h" + #include "hw/9pfs/9p-proxy.h" ++#include "hw/9pfs/9p-util.h" + #include "fsdev/9p-iov-marshal.h" + + #define PROGNAME "virtfs-proxy-helper" +@@ -338,6 +339,28 @@ static void resetugid(int suid, int sgid) + } + } + ++/* ++ * Open regular file or directory. Attempts to open any special file are ++ * rejected. ++ * ++ * returns file descriptor or -1 on error ++ */ ++static int open_regular(const char *pathname, int flags, mode_t mode) ++{ ++ int fd; ++ ++ fd = open(pathname, flags, mode); ++ if (fd < 0) { ++ return fd; ++ } ++ ++ if (close_if_special_file(fd) < 0) { ++ return -1; ++ } ++ ++ return fd; ++} ++ + /* + * send response in two parts + * 1) ProxyHeader +@@ -682,7 +705,7 @@ static int do_create(struct iovec *iovec) + if (ret < 0) { + goto unmarshal_err_out; + } +- ret = open(path.data, flags, mode); ++ ret = open_regular(path.data, flags, mode); + if (ret < 0) { + ret = -errno; + } +@@ -707,7 +730,7 @@ static int do_open(struct iovec *iovec) + if (ret < 0) { + goto err_out; + } +- ret = open(path.data, flags); ++ ret = open_regular(path.data, flags, 0); + if (ret < 0) { + ret = -errno; + } +diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h +index 546f46dc7..54e270ac6 100644 +--- a/hw/9pfs/9p-util.h ++++ b/hw/9pfs/9p-util.h +@@ -13,6 +13,8 @@ + #ifndef QEMU_9P_UTIL_H + #define QEMU_9P_UTIL_H + ++#include "qemu/error-report.h" ++ + #ifdef O_PATH + #define O_PATH_9P_UTIL O_PATH + #else +@@ -26,6 +28,38 @@ static inline void close_preserve_errno(int fd) + errno = serrno; + } + ++/** ++ * close_if_special_file() - Close @fd if neither regular file nor directory. ++ * ++ * @fd: file descriptor of open file ++ * Return: 0 on regular file or directory, -1 otherwise ++ * ++ * CVE-2023-2861: Prohibit opening any special file directly on host ++ * (especially device files), as a compromised client could potentially gain ++ * access outside exported tree under certain, unsafe setups. We expect ++ * client to handle I/O on special files exclusively on guest side. ++ */ ++static inline int close_if_special_file(int fd) ++{ ++ struct stat stbuf; ++ ++ if (qemu_fstat(fd, &stbuf) < 0) { ++ close_preserve_errno(fd); ++ return -1; ++ } ++ if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) { ++ error_report_once( ++ "9p: broken or compromised client detected; attempt to open " ++ "special file (i.e. neither regular file, nor directory)" ++ ); ++ close(fd); ++ errno = ENXIO; ++ return -1; ++ } ++ ++ return 0; ++} ++ + static inline int openat_dir(int dirfd, const char *name) + { + return openat(dirfd, name, +@@ -56,6 +90,10 @@ again: + return -1; + } + ++ if (close_if_special_file(fd) < 0) { ++ return -1; ++ } ++ + serrno = errno; + /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't + * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat() +-- +2.40.0 From patchwork Thu Aug 3 14:04:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91446C3DA40 for ; Thu, 3 Aug 2023 14:04:38 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.15492.1691071474362111591 for ; Thu, 03 Aug 2023 07:04:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=XD/vtS0Z; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-686f25d045cso721169b3a.0 for ; Thu, 03 Aug 2023 07:04:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071473; x=1691676273; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TEL4/8XSvZYsecvfpwaytM9CaTpP9hSdeS2+jXHvf6o=; b=XD/vtS0ZDByHdT26tOitajbb3LiX3qGREsLDvdUXcRaUGwl4NyUSDY0y72/mth0gaB HZzAo5oE9cNcRTfZzmQP1DmhAae16+9CLLFye0cDcb1L8qNYgwuoWlTdrvcn5jWxcD2R 0PUW/rfVIuQ6yTs58Nr7mHEeGWJDgpKCmL/AGjlQqwRSWULrXKiKzQRrgy9+SyyrJYKu fP+dZ5l0SUp28zpwd8vZ4JOVJ4O3kew5uyFvt7Arp8/gCQZe6vZtJ80IJ00j+sbzSCAX VmYd4rN1CPihIFT0+uEzkXi4mKFyWpe+C8bwpUGPWA595wTXs8GOPyoOWXVOscEBVzZ2 C2bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071473; x=1691676273; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TEL4/8XSvZYsecvfpwaytM9CaTpP9hSdeS2+jXHvf6o=; b=fye8dFIBEeJY00w+SnN1ApAbOjiPBfroDw6UveSFiri63laYJxtftVtcZOrBhQYQrA tA6WHTS0VoMvSbczivSwceGuiBLzKPETN8BpayTKpDYWAKub2vH3pPLcKUNB/uZ4s/Wv jqb4ZqXi1K1u3d01Y4GCGXmuxiIDYB8Y1wW0xZTgsqZcXudYBkFCWagTz3VrGdKt1ZOA r4bf0dz/Ob6uXc86iYpOOiBi58b63f5BGXChl0Gko0nGKyi2/roIc1pZBOkVi2UuiSnz LyvxfxIspXpsgT22VEaT09dQAqVpyBLiPi6f6G719XF2yAQvpdaZMTqc69S9gLmWx9s4 Plcw== X-Gm-Message-State: ABy/qLYLoHPoFULujkjDJK8xXDPzZO325eNAG2G3hixAxi1XWWgA0D4/ JBSucE+dOsBHF/V3CPcFEIU1yAs6SeH45MVkR1U= X-Google-Smtp-Source: APBJJlGjGjojzHxqAl3eWJRD1v9zVRemrsIvb16rX1tRWO0nt8igk24jHc8Y7JRvrX8pajxJEBF4zg== X-Received: by 2002:a05:6a20:7491:b0:134:1b62:fac0 with SMTP id p17-20020a056a20749100b001341b62fac0mr21903731pzd.51.1691071472829; Thu, 03 Aug 2023 07:04:32 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] go: fix CVE-2023-24536 Date: Thu, 3 Aug 2023 04:04:10 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185485 From: Sakib Sajal Backport required patches to fix CVE-2023-24536. Signed-off-by: Sakib Sajal --- meta/recipes-devtools/go/go-1.17.13.inc | 3 + .../go/go-1.19/CVE-2023-24536_1.patch | 137 +++++++ .../go/go-1.19/CVE-2023-24536_2.patch | 187 ++++++++++ .../go/go-1.19/CVE-2023-24536_3.patch | 349 ++++++++++++++++++ 4 files changed, 676 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_1.patch create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_2.patch create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_3.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 36904a92fb..53e09a545c 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -37,6 +37,9 @@ SRC_URI += "\ file://CVE-2023-29402.patch \ file://CVE-2023-29400.patch \ file://CVE-2023-29406.patch \ + file://CVE-2023-24536_1.patch \ + file://CVE-2023-24536_2.patch \ + file://CVE-2023-24536_3.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_1.patch b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_1.patch new file mode 100644 index 0000000000..ff9ba18ec5 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_1.patch @@ -0,0 +1,137 @@ +From f8d691d335c6ac14bcbae6886b5bf8ca8bf1e6a5 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Thu, 16 Mar 2023 14:18:04 -0700 +Subject: [PATCH 1/3] mime/multipart: avoid excessive copy buffer allocations + in ReadForm + +When copying form data to disk with io.Copy, +allocate only one copy buffer and reuse it rather than +creating two buffers per file (one from io.multiReader.WriteTo, +and a second one from os.File.ReadFrom). + +Thanks to Jakob Ackermann (@das7pad) for reporting this issue. + +For CVE-2023-24536 +For #59153 +For #59269 + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802453 +Run-TryBot: Damien Neil +Reviewed-by: Julie Qiu +Reviewed-by: Roland Shoemaker +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802395 +Run-TryBot: Roland Shoemaker +Reviewed-by: Damien Neil +Change-Id: Ie405470c92abffed3356913b37d813e982c96c8b +Reviewed-on: https://go-review.googlesource.com/c/go/+/481983 +Run-TryBot: Michael Knyszek +TryBot-Result: Gopher Robot +Auto-Submit: Michael Knyszek +Reviewed-by: Matthew Dempsky + +CVE: CVE-2023-24536 +Upstream-Status: Backport [ef41a4e2face45e580c5836eaebd51629fc23f15] +Signed-off-by: Sakib Sajal +--- + src/mime/multipart/formdata.go | 15 +++++++-- + src/mime/multipart/formdata_test.go | 49 +++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+), 3 deletions(-) + +diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go +index a7d4ca9..975dcb6 100644 +--- a/src/mime/multipart/formdata.go ++++ b/src/mime/multipart/formdata.go +@@ -84,6 +84,7 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + maxMemoryBytes = math.MaxInt64 + } + } ++ var copyBuf []byte + for { + p, err := r.nextPart(false, maxMemoryBytes) + if err == io.EOF { +@@ -147,14 +148,22 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + } + } + numDiskFiles++ +- size, err := io.Copy(file, io.MultiReader(&b, p)) ++ if _, err := file.Write(b.Bytes()); err != nil { ++ return nil, err ++ } ++ if copyBuf == nil { ++ copyBuf = make([]byte, 32*1024) // same buffer size as io.Copy uses ++ } ++ // os.File.ReadFrom will allocate its own copy buffer if we let io.Copy use it. ++ type writerOnly struct{ io.Writer } ++ remainingSize, err := io.CopyBuffer(writerOnly{file}, p, copyBuf) + if err != nil { + return nil, err + } + fh.tmpfile = file.Name() +- fh.Size = size ++ fh.Size = int64(b.Len()) + remainingSize + fh.tmpoff = fileOff +- fileOff += size ++ fileOff += fh.Size + if !combineFiles { + if err := file.Close(); err != nil { + return nil, err +diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go +index 5cded71..f5b5608 100644 +--- a/src/mime/multipart/formdata_test.go ++++ b/src/mime/multipart/formdata_test.go +@@ -368,3 +368,52 @@ func testReadFormManyFiles(t *testing.T, distinct bool) { + t.Fatalf("temp dir contains %v files; want 0", len(names)) + } + } ++ ++func BenchmarkReadForm(b *testing.B) { ++ for _, test := range []struct { ++ name string ++ form func(fw *Writer, count int) ++ }{{ ++ name: "fields", ++ form: func(fw *Writer, count int) { ++ for i := 0; i < count; i++ { ++ w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i)) ++ fmt.Fprintf(w, "value %v", i) ++ } ++ }, ++ }, { ++ name: "files", ++ form: func(fw *Writer, count int) { ++ for i := 0; i < count; i++ { ++ w, _ := fw.CreateFormFile(fmt.Sprintf("field%v", i), fmt.Sprintf("file%v", i)) ++ fmt.Fprintf(w, "value %v", i) ++ } ++ }, ++ }} { ++ b.Run(test.name, func(b *testing.B) { ++ for _, maxMemory := range []int64{ ++ 0, ++ 1 << 20, ++ } { ++ var buf bytes.Buffer ++ fw := NewWriter(&buf) ++ test.form(fw, 10) ++ if err := fw.Close(); err != nil { ++ b.Fatal(err) ++ } ++ b.Run(fmt.Sprintf("maxMemory=%v", maxMemory), func(b *testing.B) { ++ b.ReportAllocs() ++ for i := 0; i < b.N; i++ { ++ fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary()) ++ form, err := fr.ReadForm(maxMemory) ++ if err != nil { ++ b.Fatal(err) ++ } ++ form.RemoveAll() ++ } ++ ++ }) ++ } ++ }) ++ } ++} +-- +2.35.5 + diff --git a/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_2.patch b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_2.patch new file mode 100644 index 0000000000..704a1fb567 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_2.patch @@ -0,0 +1,187 @@ +From 4174a87b600c58e8cc00d9d18d0c507c67ca5d41 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Thu, 16 Mar 2023 16:56:12 -0700 +Subject: [PATCH 2/3] net/textproto, mime/multipart: improve accounting of + non-file data + +For requests containing large numbers of small parts, +memory consumption of a parsed form could be about 250% +over the estimated size. + +When considering the size of parsed forms, account for the size of +FileHeader structs and increase the estimate of memory consumed by +map entries. + +Thanks to Jakob Ackermann (@das7pad) for reporting this issue. + +For CVE-2023-24536 +For #59153 +For #59269 + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802454 +Run-TryBot: Damien Neil +Reviewed-by: Roland Shoemaker +Reviewed-by: Julie Qiu +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802396 +Run-TryBot: Roland Shoemaker +Reviewed-by: Damien Neil +Change-Id: I31bc50e9346b4eee6fbe51a18c3c57230cc066db +Reviewed-on: https://go-review.googlesource.com/c/go/+/481984 +Reviewed-by: Matthew Dempsky +Auto-Submit: Michael Knyszek +TryBot-Result: Gopher Robot +Run-TryBot: Michael Knyszek + +CVE: CVE-2023-24536 +Upstream-Status: Backport [7a359a651c7ebdb29e0a1c03102fce793e9f58f0] +Signed-off-by: Sakib Sajal +--- + src/mime/multipart/formdata.go | 9 +++-- + src/mime/multipart/formdata_test.go | 55 ++++++++++++----------------- + src/net/textproto/reader.go | 8 ++++- + 3 files changed, 37 insertions(+), 35 deletions(-) + +diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go +index 975dcb6..3f6ff69 100644 +--- a/src/mime/multipart/formdata.go ++++ b/src/mime/multipart/formdata.go +@@ -103,8 +103,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + // Multiple values for the same key (one map entry, longer slice) are cheaper + // than the same number of values for different keys (many map entries), but + // using a consistent per-value cost for overhead is simpler. ++ const mapEntryOverhead = 200 + maxMemoryBytes -= int64(len(name)) +- maxMemoryBytes -= 100 // map overhead ++ maxMemoryBytes -= mapEntryOverhead + if maxMemoryBytes < 0 { + // We can't actually take this path, since nextPart would already have + // rejected the MIME headers for being too large. Check anyway. +@@ -128,7 +129,10 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + } + + // file, store in memory or on disk ++ const fileHeaderSize = 100 + maxMemoryBytes -= mimeHeaderSize(p.Header) ++ maxMemoryBytes -= mapEntryOverhead ++ maxMemoryBytes -= fileHeaderSize + if maxMemoryBytes < 0 { + return nil, ErrMessageTooLarge + } +@@ -183,9 +187,10 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + } + + func mimeHeaderSize(h textproto.MIMEHeader) (size int64) { ++ size = 400 + for k, vs := range h { + size += int64(len(k)) +- size += 100 // map entry overhead ++ size += 200 // map entry overhead + for _, v := range vs { + size += int64(len(v)) + } +diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go +index f5b5608..8ed26e0 100644 +--- a/src/mime/multipart/formdata_test.go ++++ b/src/mime/multipart/formdata_test.go +@@ -192,10 +192,10 @@ func (r *failOnReadAfterErrorReader) Read(p []byte) (n int, err error) { + // TestReadForm_NonFileMaxMemory asserts that the ReadForm maxMemory limit is applied + // while processing non-file form data as well as file form data. + func TestReadForm_NonFileMaxMemory(t *testing.T) { +- n := 10<<20 + 25 + if testing.Short() { +- n = 10<<10 + 25 ++ t.Skip("skipping in -short mode") + } ++ n := 10 << 20 + largeTextValue := strings.Repeat("1", n) + message := `--MyBoundary + Content-Disposition: form-data; name="largetext" +@@ -203,38 +203,29 @@ Content-Disposition: form-data; name="largetext" + ` + largeTextValue + ` + --MyBoundary-- + ` +- + testBody := strings.ReplaceAll(message, "\n", "\r\n") +- testCases := []struct { +- name string +- maxMemory int64 +- err error +- }{ +- {"smaller", 50 + int64(len("largetext")) + 100, nil}, +- {"exact-fit", 25 + int64(len("largetext")) + 100, nil}, +- {"too-large", 0, ErrMessageTooLarge}, +- } +- for _, tc := range testCases { +- t.Run(tc.name, func(t *testing.T) { +- if tc.maxMemory == 0 && testing.Short() { +- t.Skip("skipping in -short mode") +- } +- b := strings.NewReader(testBody) +- r := NewReader(b, boundary) +- f, err := r.ReadForm(tc.maxMemory) +- if err == nil { +- defer f.RemoveAll() +- } +- if tc.err != err { +- t.Fatalf("ReadForm error - got: %v; expected: %v", err, tc.err) +- } +- if err == nil { +- if g := f.Value["largetext"][0]; g != largeTextValue { +- t.Errorf("largetext mismatch: got size: %v, expected size: %v", len(g), len(largeTextValue)) +- } +- } +- }) ++ // Try parsing the form with increasing maxMemory values. ++ // Changes in how we account for non-file form data may cause the exact point ++ // where we change from rejecting the form as too large to accepting it to vary, ++ // but we should see both successes and failures. ++ const failWhenMaxMemoryLessThan = 128 ++ for maxMemory := int64(0); maxMemory < failWhenMaxMemoryLessThan*2; maxMemory += 16 { ++ b := strings.NewReader(testBody) ++ r := NewReader(b, boundary) ++ f, err := r.ReadForm(maxMemory) ++ if err != nil { ++ continue ++ } ++ if g := f.Value["largetext"][0]; g != largeTextValue { ++ t.Errorf("largetext mismatch: got size: %v, expected size: %v", len(g), len(largeTextValue)) ++ } ++ f.RemoveAll() ++ if maxMemory < failWhenMaxMemoryLessThan { ++ t.Errorf("ReadForm(%v): no error, expect to hit memory limit when maxMemory < %v", maxMemory, failWhenMaxMemoryLessThan) ++ } ++ return + } ++ t.Errorf("ReadForm(x) failed for x < 1024, expect success") + } + + // TestReadForm_MetadataTooLarge verifies that we account for the size of field names, +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index fcbede8..9af4c49 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -503,6 +503,12 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + + m := make(MIMEHeader, hint) + ++ // Account for 400 bytes of overhead for the MIMEHeader, plus 200 bytes per entry. ++ // Benchmarking map creation as of go1.20, a one-entry MIMEHeader is 416 bytes and large ++ // MIMEHeaders average about 200 bytes per entry. ++ lim -= 400 ++ const mapEntryOverhead = 200 ++ + // The first line cannot start with a leading space. + if buf, err := r.R.Peek(1); err == nil && (buf[0] == ' ' || buf[0] == '\t') { + line, err := r.readLineSlice() +@@ -552,7 +558,7 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + vv := m[key] + if vv == nil { + lim -= int64(len(key)) +- lim -= 100 // map entry overhead ++ lim -= mapEntryOverhead + } + lim -= int64(len(value)) + if lim < 0 { +-- +2.35.5 + diff --git a/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_3.patch b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_3.patch new file mode 100644 index 0000000000..6de04e9a61 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.19/CVE-2023-24536_3.patch @@ -0,0 +1,349 @@ +From ec763bc936f76cec0fe71a791c6bb7d4ac5f3e46 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Mon, 20 Mar 2023 10:43:19 -0700 +Subject: [PATCH 3/3] mime/multipart: limit parsed mime message sizes + +The parsed forms of MIME headers and multipart forms can consume +substantially more memory than the size of the input data. +A malicious input containing a very large number of headers or +form parts can cause excessively large memory allocations. + +Set limits on the size of MIME data: + +Reader.NextPart and Reader.NextRawPart limit the the number +of headers in a part to 10000. + +Reader.ReadForm limits the total number of headers in all +FileHeaders to 10000. + +Both of these limits may be set with with +GODEBUG=multipartmaxheaders=. + +Reader.ReadForm limits the number of parts in a form to 1000. +This limit may be set with GODEBUG=multipartmaxparts=. + +Thanks for Jakob Ackermann (@das7pad) for reporting this issue. + +For CVE-2023-24536 +For #59153 +For #59269 + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802455 +Run-TryBot: Damien Neil +Reviewed-by: Roland Shoemaker +Reviewed-by: Julie Qiu +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1801087 +Reviewed-by: Damien Neil +Run-TryBot: Roland Shoemaker +Change-Id: If134890d75f0d95c681d67234daf191ba08e6424 +Reviewed-on: https://go-review.googlesource.com/c/go/+/481985 +Run-TryBot: Michael Knyszek +Auto-Submit: Michael Knyszek +TryBot-Result: Gopher Robot +Reviewed-by: Matthew Dempsky + +CVE: CVE-2023-24536 +Upstream-Status: Backport [7917b5f31204528ea72e0629f0b7d52b35b27538] +Signed-off-by: Sakib Sajal +--- + src/mime/multipart/formdata.go | 19 ++++++++- + src/mime/multipart/formdata_test.go | 61 ++++++++++++++++++++++++++++ + src/mime/multipart/multipart.go | 31 ++++++++++---- + src/mime/multipart/readmimeheader.go | 2 +- + src/net/textproto/reader.go | 19 +++++---- + 5 files changed, 115 insertions(+), 17 deletions(-) + +diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go +index 3f6ff69..4f26aab 100644 +--- a/src/mime/multipart/formdata.go ++++ b/src/mime/multipart/formdata.go +@@ -12,6 +12,7 @@ import ( + "math" + "net/textproto" + "os" ++ "strconv" + ) + + // ErrMessageTooLarge is returned by ReadForm if the message form +@@ -41,6 +42,15 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + numDiskFiles := 0 + multipartFiles := godebug.Get("multipartfiles") + combineFiles := multipartFiles != "distinct" ++ maxParts := 1000 ++ multipartMaxParts := godebug.Get("multipartmaxparts") ++ if multipartMaxParts != "" { ++ if v, err := strconv.Atoi(multipartMaxParts); err == nil && v >= 0 { ++ maxParts = v ++ } ++ } ++ maxHeaders := maxMIMEHeaders() ++ + defer func() { + if file != nil { + if cerr := file.Close(); err == nil { +@@ -86,13 +96,17 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + } + var copyBuf []byte + for { +- p, err := r.nextPart(false, maxMemoryBytes) ++ p, err := r.nextPart(false, maxMemoryBytes, maxHeaders) + if err == io.EOF { + break + } + if err != nil { + return nil, err + } ++ if maxParts <= 0 { ++ return nil, ErrMessageTooLarge ++ } ++ maxParts-- + + name := p.FormName() + if name == "" { +@@ -136,6 +150,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) { + if maxMemoryBytes < 0 { + return nil, ErrMessageTooLarge + } ++ for _, v := range p.Header { ++ maxHeaders -= int64(len(v)) ++ } + fh := &FileHeader{ + Filename: filename, + Header: p.Header, +diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go +index 8ed26e0..c78eeb7 100644 +--- a/src/mime/multipart/formdata_test.go ++++ b/src/mime/multipart/formdata_test.go +@@ -360,6 +360,67 @@ func testReadFormManyFiles(t *testing.T, distinct bool) { + } + } + ++func TestReadFormLimits(t *testing.T) { ++ for _, test := range []struct { ++ values int ++ files int ++ extraKeysPerFile int ++ wantErr error ++ godebug string ++ }{ ++ {values: 1000}, ++ {values: 1001, wantErr: ErrMessageTooLarge}, ++ {values: 500, files: 500}, ++ {values: 501, files: 500, wantErr: ErrMessageTooLarge}, ++ {files: 1000}, ++ {files: 1001, wantErr: ErrMessageTooLarge}, ++ {files: 1, extraKeysPerFile: 9998}, // plus Content-Disposition and Content-Type ++ {files: 1, extraKeysPerFile: 10000, wantErr: ErrMessageTooLarge}, ++ {godebug: "multipartmaxparts=100", values: 100}, ++ {godebug: "multipartmaxparts=100", values: 101, wantErr: ErrMessageTooLarge}, ++ {godebug: "multipartmaxheaders=100", files: 2, extraKeysPerFile: 48}, ++ {godebug: "multipartmaxheaders=100", files: 2, extraKeysPerFile: 50, wantErr: ErrMessageTooLarge}, ++ } { ++ name := fmt.Sprintf("values=%v/files=%v/extraKeysPerFile=%v", test.values, test.files, test.extraKeysPerFile) ++ if test.godebug != "" { ++ name += fmt.Sprintf("/godebug=%v", test.godebug) ++ } ++ t.Run(name, func(t *testing.T) { ++ if test.godebug != "" { ++ t.Setenv("GODEBUG", test.godebug) ++ } ++ var buf bytes.Buffer ++ fw := NewWriter(&buf) ++ for i := 0; i < test.values; i++ { ++ w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i)) ++ fmt.Fprintf(w, "value %v", i) ++ } ++ for i := 0; i < test.files; i++ { ++ h := make(textproto.MIMEHeader) ++ h.Set("Content-Disposition", ++ fmt.Sprintf(`form-data; name="file%v"; filename="file%v"`, i, i)) ++ h.Set("Content-Type", "application/octet-stream") ++ for j := 0; j < test.extraKeysPerFile; j++ { ++ h.Set(fmt.Sprintf("k%v", j), "v") ++ } ++ w, _ := fw.CreatePart(h) ++ fmt.Fprintf(w, "value %v", i) ++ } ++ if err := fw.Close(); err != nil { ++ t.Fatal(err) ++ } ++ fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary()) ++ form, err := fr.ReadForm(1 << 10) ++ if err == nil { ++ defer form.RemoveAll() ++ } ++ if err != test.wantErr { ++ t.Errorf("ReadForm = %v, want %v", err, test.wantErr) ++ } ++ }) ++ } ++} ++ + func BenchmarkReadForm(b *testing.B) { + for _, test := range []struct { + name string +diff --git a/src/mime/multipart/multipart.go b/src/mime/multipart/multipart.go +index 19fe0ea..80acabc 100644 +--- a/src/mime/multipart/multipart.go ++++ b/src/mime/multipart/multipart.go +@@ -16,11 +16,13 @@ import ( + "bufio" + "bytes" + "fmt" ++ "internal/godebug" + "io" + "mime" + "mime/quotedprintable" + "net/textproto" + "path/filepath" ++ "strconv" + "strings" + ) + +@@ -128,12 +130,12 @@ func (r *stickyErrorReader) Read(p []byte) (n int, _ error) { + return n, r.err + } + +-func newPart(mr *Reader, rawPart bool, maxMIMEHeaderSize int64) (*Part, error) { ++func newPart(mr *Reader, rawPart bool, maxMIMEHeaderSize, maxMIMEHeaders int64) (*Part, error) { + bp := &Part{ + Header: make(map[string][]string), + mr: mr, + } +- if err := bp.populateHeaders(maxMIMEHeaderSize); err != nil { ++ if err := bp.populateHeaders(maxMIMEHeaderSize, maxMIMEHeaders); err != nil { + return nil, err + } + bp.r = partReader{bp} +@@ -149,9 +151,9 @@ func newPart(mr *Reader, rawPart bool, maxMIMEHeaderSize int64) (*Part, error) { + return bp, nil + } + +-func (bp *Part) populateHeaders(maxMIMEHeaderSize int64) error { ++func (bp *Part) populateHeaders(maxMIMEHeaderSize, maxMIMEHeaders int64) error { + r := textproto.NewReader(bp.mr.bufReader) +- header, err := readMIMEHeader(r, maxMIMEHeaderSize) ++ header, err := readMIMEHeader(r, maxMIMEHeaderSize, maxMIMEHeaders) + if err == nil { + bp.Header = header + } +@@ -313,6 +315,19 @@ type Reader struct { + // including header keys, values, and map overhead. + const maxMIMEHeaderSize = 10 << 20 + ++func maxMIMEHeaders() int64 { ++ // multipartMaxHeaders is the maximum number of header entries NextPart will return, ++ // as well as the maximum combined total of header entries Reader.ReadForm will return ++ // in FileHeaders. ++ multipartMaxHeaders := godebug.Get("multipartmaxheaders") ++ if multipartMaxHeaders != "" { ++ if v, err := strconv.ParseInt(multipartMaxHeaders, 10, 64); err == nil && v >= 0 { ++ return v ++ } ++ } ++ return 10000 ++} ++ + // NextPart returns the next part in the multipart or an error. + // When there are no more parts, the error io.EOF is returned. + // +@@ -320,7 +335,7 @@ const maxMIMEHeaderSize = 10 << 20 + // has a value of "quoted-printable", that header is instead + // hidden and the body is transparently decoded during Read calls. + func (r *Reader) NextPart() (*Part, error) { +- return r.nextPart(false, maxMIMEHeaderSize) ++ return r.nextPart(false, maxMIMEHeaderSize, maxMIMEHeaders()) + } + + // NextRawPart returns the next part in the multipart or an error. +@@ -329,10 +344,10 @@ func (r *Reader) NextPart() (*Part, error) { + // Unlike NextPart, it does not have special handling for + // "Content-Transfer-Encoding: quoted-printable". + func (r *Reader) NextRawPart() (*Part, error) { +- return r.nextPart(true, maxMIMEHeaderSize) ++ return r.nextPart(true, maxMIMEHeaderSize, maxMIMEHeaders()) + } + +-func (r *Reader) nextPart(rawPart bool, maxMIMEHeaderSize int64) (*Part, error) { ++func (r *Reader) nextPart(rawPart bool, maxMIMEHeaderSize, maxMIMEHeaders int64) (*Part, error) { + if r.currentPart != nil { + r.currentPart.Close() + } +@@ -357,7 +372,7 @@ func (r *Reader) nextPart(rawPart bool, maxMIMEHeaderSize int64) (*Part, error) + + if r.isBoundaryDelimiterLine(line) { + r.partsRead++ +- bp, err := newPart(r, rawPart, maxMIMEHeaderSize) ++ bp, err := newPart(r, rawPart, maxMIMEHeaderSize, maxMIMEHeaders) + if err != nil { + return nil, err + } +diff --git a/src/mime/multipart/readmimeheader.go b/src/mime/multipart/readmimeheader.go +index 6836928..25aa6e2 100644 +--- a/src/mime/multipart/readmimeheader.go ++++ b/src/mime/multipart/readmimeheader.go +@@ -11,4 +11,4 @@ import ( + // readMIMEHeader is defined in package net/textproto. + // + //go:linkname readMIMEHeader net/textproto.readMIMEHeader +-func readMIMEHeader(r *textproto.Reader, lim int64) (textproto.MIMEHeader, error) ++func readMIMEHeader(r *textproto.Reader, maxMemory, maxHeaders int64) (textproto.MIMEHeader, error) +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index 9af4c49..c6569c8 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -483,12 +483,12 @@ func (r *Reader) ReadDotLines() ([]string, error) { + // } + // + func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) { +- return readMIMEHeader(r, math.MaxInt64) ++ return readMIMEHeader(r, math.MaxInt64, math.MaxInt64) + } + + // readMIMEHeader is a version of ReadMIMEHeader which takes a limit on the header size. + // It is called by the mime/multipart package. +-func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { ++func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error) { + // Avoid lots of small slice allocations later by allocating one + // large one ahead of time which we'll cut up into smaller + // slices. If this isn't big enough later, we allocate small ones. +@@ -506,7 +506,7 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + // Account for 400 bytes of overhead for the MIMEHeader, plus 200 bytes per entry. + // Benchmarking map creation as of go1.20, a one-entry MIMEHeader is 416 bytes and large + // MIMEHeaders average about 200 bytes per entry. +- lim -= 400 ++ maxMemory -= 400 + const mapEntryOverhead = 200 + + // The first line cannot start with a leading space. +@@ -538,6 +538,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + continue + } + ++ maxHeaders-- ++ if maxHeaders < 0 { ++ return nil, errors.New("message too large") ++ } ++ + // backport 5c55ac9bf1e5f779220294c843526536605f42ab + // + // value is computed as +@@ -557,11 +562,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + + vv := m[key] + if vv == nil { +- lim -= int64(len(key)) +- lim -= mapEntryOverhead ++ maxMemory -= int64(len(key)) ++ maxMemory -= mapEntryOverhead + } +- lim -= int64(len(value)) +- if lim < 0 { ++ maxMemory -= int64(len(value)) ++ if maxMemory < 0 { + // TODO: This should be a distinguishable error (ErrMessageTooLarge) + // to allow mime/multipart to detect it. + return m, errors.New("message too large") +-- +2.35.5 + From patchwork Thu Aug 3 14:04:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8102FEB64DD for ; Thu, 3 Aug 2023 14:04:38 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.15494.1691071476068626198 for ; Thu, 03 Aug 2023 07:04:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=3GbNQ0gr; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-686f0d66652so873591b3a.2 for ; Thu, 03 Aug 2023 07:04:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071475; x=1691676275; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vOLOzknA2k+OWpscwG/tulLhQT1HHXWIswFt2KeUk7U=; b=3GbNQ0grhqCmHjedOj6jV5qcnnCxlilLi0sF6EvDHxkwdCjJQrTulq6vwrJNKRPeUt w/I/XM0nfBWN+oABX65c0FDeJ1p9PhbjNeRbV8bKwfW8KYWyaObXYx/qr3e2oDTvB8Sr zHAM/HvCMvIKyR1ZsvwOWtPotP4Lki1H1g3JvdMf1Dzt9ES6CUgdGJZcESOrtiFxnV7W yA51xLbqbMUS3QPZ1CJyCDnSgGOmjMIpvyrwUq1WZVXwWuzqOreANZ+Z3nUHQ/XVz4z9 Mg3EPwHHj0DKe3V4xlsAa2/6zXfCRLC9tvDdM7laB7QMAi4ojw39T89IChhA7bgUDLoh 7d1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071475; x=1691676275; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vOLOzknA2k+OWpscwG/tulLhQT1HHXWIswFt2KeUk7U=; b=kKIxi/HBtksj0G4skcESWbiPIueIz95Q+z/PrICqOpa43QnF787i7Mn1V+NIPzmLy1 jseCTDr1BM6HHGSM4Qqb91og+yzUCLwQP6Or0pWnBOGCnBNkpUcwBJY5M09gbBK7UWhU F0tCIjUZ1FgeDuNJ0SvSU2dII+LekdK/KtOtsmy/M2Uv9y/zpG7/AuIwP6/GB2vKHRFb KrfnyLGT3Y9iBFfFLjoLCVB8GC+tosgkrtkjWn6Plxn6BZNlNC0UaF2UmZtZupeX4zKs i4i8CeBczRpOwD0BntNNx/fmRbfJ1hpwMrwwy786XoEAQSjTeBU/u8nML9s1tV8rnDDF MjOw== X-Gm-Message-State: ABy/qLY25dTpJf71d3vB8lOM5KFezr2pis3PEfUHbknqrR4oXozW7tvq EJVXKlPHGem2fEuvxtXkb6ZWo2KApAxxNcT0EUk= X-Google-Smtp-Source: APBJJlHn3F+dQ4Mk2EnfkYH7jynG15Bbsp8D2pqOfGUGULtHZXhyWz3eY/r/hQtgeyLgrI2EWFgOkA== X-Received: by 2002:a05:6a20:dd9c:b0:12f:9e13:12b1 with SMTP id kw28-20020a056a20dd9c00b0012f9e1312b1mr18079005pzb.15.1691071474938; Thu, 03 Aug 2023 07:04:34 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] go: fix CVE-2023-24531 Date: Thu, 3 Aug 2023 04:04:11 -1000 Message-Id: <6d892c52bd5806507a05e8b6f749c54bbd9e9da6.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185486 From: Sakib Sajal Backport required patches from go1.21 to fix CVE-2023-24531. Signed-off-by: Sakib Sajal --- meta/recipes-devtools/go/go-1.17.13.inc | 4 +- .../go/go-1.21/CVE-2023-24531_1.patch | 252 ++++++++++++++++++ .../go/go-1.21/CVE-2023-24531_2.patch | 47 ++++ 3 files changed, 302 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-24531_1.patch create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 53e09a545c..e0f02f3e28 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -1,6 +1,6 @@ require go-common.inc -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.19:${FILE_DIRNAME}/go-1.18:" +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.21:${FILE_DIRNAME}/go-1.19:${FILE_DIRNAME}/go-1.18:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -40,6 +40,8 @@ SRC_URI += "\ file://CVE-2023-24536_1.patch \ file://CVE-2023-24536_2.patch \ file://CVE-2023-24536_3.patch \ + file://CVE-2023-24531_1.patch \ + file://CVE-2023-24531_2.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_1.patch b/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_1.patch new file mode 100644 index 0000000000..5f6d7e16a8 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_1.patch @@ -0,0 +1,252 @@ +From 0f717b5f7d32bb660c01ec0366bd53c9b4c5ab5d Mon Sep 17 00:00:00 2001 +From: Michael Matloob +Date: Mon, 24 Apr 2023 16:57:28 -0400 +Subject: [PATCH 1/2] cmd/go: sanitize go env outputs + +go env, without any arguments, outputs the environment variables in +the form of a script that can be run on the host OS. On Unix, single +quote the strings and place single quotes themselves outside the +single quoted strings. On windows use the set "var=val" syntax with +the quote starting before the variable. + +Fixes #58508 + +Change-Id: Iecd379a4af7285ea9b2024f0202250c74fd9a2bd +Reviewed-on: https://go-review.googlesource.com/c/go/+/488375 +TryBot-Result: Gopher Robot +Reviewed-by: Michael Matloob +Reviewed-by: Damien Neil +Run-TryBot: Michael Matloob +Reviewed-by: Bryan Mills +Reviewed-by: Quim Muntal + +CVE: CVE-2023-24531 +Upstream-Status: Backport [f379e78951a405e7e99a60fb231eeedbf976c108] + +Signed-off-by: Sakib Sajal +--- + src/cmd/go/internal/envcmd/env.go | 60 ++++++++++++- + src/cmd/go/internal/envcmd/env_test.go | 94 +++++++++++++++++++++ + src/cmd/go/testdata/script/env_sanitize.txt | 5 ++ + 3 files changed, 157 insertions(+), 2 deletions(-) + create mode 100644 src/cmd/go/internal/envcmd/env_test.go + create mode 100644 src/cmd/go/testdata/script/env_sanitize.txt + +diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go +index 43b94e7..0ce8843 100644 +--- a/src/cmd/go/internal/envcmd/env.go ++++ b/src/cmd/go/internal/envcmd/env.go +@@ -6,6 +6,7 @@ + package envcmd + + import ( ++ "bytes" + "context" + "encoding/json" + "fmt" +@@ -17,6 +18,7 @@ import ( + "runtime" + "sort" + "strings" ++ "unicode" + "unicode/utf8" + + "cmd/go/internal/base" +@@ -379,9 +381,12 @@ func checkBuildConfig(add map[string]string, del map[string]bool) error { + func PrintEnv(w io.Writer, env []cfg.EnvVar) { + for _, e := range env { + if e.Name != "TERM" { ++ if runtime.GOOS != "plan9" && bytes.Contains([]byte(e.Value), []byte{0}) { ++ base.Fatalf("go: internal error: encountered null byte in environment variable %s on non-plan9 platform", e.Name) ++ } + switch runtime.GOOS { + default: +- fmt.Fprintf(w, "%s=\"%s\"\n", e.Name, e.Value) ++ fmt.Fprintf(w, "%s=%s\n", e.Name, shellQuote(e.Value)) + case "plan9": + if strings.IndexByte(e.Value, '\x00') < 0 { + fmt.Fprintf(w, "%s='%s'\n", e.Name, strings.ReplaceAll(e.Value, "'", "''")) +@@ -392,17 +397,68 @@ func PrintEnv(w io.Writer, env []cfg.EnvVar) { + if x > 0 { + fmt.Fprintf(w, " ") + } ++ // TODO(#59979): Does this need to be quoted like above? + fmt.Fprintf(w, "%s", s) + } + fmt.Fprintf(w, ")\n") + } + case "windows": +- fmt.Fprintf(w, "set %s=%s\n", e.Name, e.Value) ++ if hasNonGraphic(e.Value) { ++ base.Errorf("go: stripping unprintable or unescapable characters from %%%q%%", e.Name) ++ } ++ fmt.Fprintf(w, "set %s=%s\n", e.Name, batchEscape(e.Value)) + } + } + } + } + ++func hasNonGraphic(s string) bool { ++ for _, c := range []byte(s) { ++ if c == '\r' || c == '\n' || (!unicode.IsGraphic(rune(c)) && !unicode.IsSpace(rune(c))) { ++ return true ++ } ++ } ++ return false ++} ++ ++func shellQuote(s string) string { ++ var b bytes.Buffer ++ b.WriteByte('\'') ++ for _, x := range []byte(s) { ++ if x == '\'' { ++ // Close the single quoted string, add an escaped single quote, ++ // and start another single quoted string. ++ b.WriteString(`'\''`) ++ } else { ++ b.WriteByte(x) ++ } ++ } ++ b.WriteByte('\'') ++ return b.String() ++} ++ ++func batchEscape(s string) string { ++ var b bytes.Buffer ++ for _, x := range []byte(s) { ++ if x == '\r' || x == '\n' || (!unicode.IsGraphic(rune(x)) && !unicode.IsSpace(rune(x))) { ++ b.WriteRune(unicode.ReplacementChar) ++ continue ++ } ++ switch x { ++ case '%': ++ b.WriteString("%%") ++ case '<', '>', '|', '&', '^': ++ // These are special characters that need to be escaped with ^. See ++ // https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/set_1. ++ b.WriteByte('^') ++ b.WriteByte(x) ++ default: ++ b.WriteByte(x) ++ } ++ } ++ return b.String() ++} ++ + func printEnvAsJSON(env []cfg.EnvVar) { + m := make(map[string]string) + for _, e := range env { +diff --git a/src/cmd/go/internal/envcmd/env_test.go b/src/cmd/go/internal/envcmd/env_test.go +new file mode 100644 +index 0000000..32d99fd +--- /dev/null ++++ b/src/cmd/go/internal/envcmd/env_test.go +@@ -0,0 +1,94 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build unix || windows ++ ++package envcmd ++ ++import ( ++ "bytes" ++ "cmd/go/internal/cfg" ++ "fmt" ++ "internal/testenv" ++ "os" ++ "os/exec" ++ "path/filepath" ++ "runtime" ++ "testing" ++ "unicode" ++) ++ ++func FuzzPrintEnvEscape(f *testing.F) { ++ f.Add(`$(echo 'cc"'; echo 'OOPS="oops')`) ++ f.Add("$(echo shell expansion 1>&2)") ++ f.Add("''") ++ f.Add(`C:\"Program Files"\`) ++ f.Add(`\\"Quoted Host"\\share`) ++ f.Add("\xfb") ++ f.Add("0") ++ f.Add("") ++ f.Add("''''''''") ++ f.Add("\r") ++ f.Add("\n") ++ f.Add("E,%") ++ f.Fuzz(func(t *testing.T, s string) { ++ t.Parallel() ++ ++ for _, c := range []byte(s) { ++ if c == 0 { ++ t.Skipf("skipping %q: contains a null byte. Null bytes can't occur in the environment"+ ++ " outside of Plan 9, which has different code path than Windows and Unix that this test"+ ++ " isn't testing.", s) ++ } ++ if c > unicode.MaxASCII { ++ t.Skipf("skipping %#q: contains a non-ASCII character %q", s, c) ++ } ++ if !unicode.IsGraphic(rune(c)) && !unicode.IsSpace(rune(c)) { ++ t.Skipf("skipping %#q: contains non-graphic character %q", s, c) ++ } ++ if runtime.GOOS == "windows" && c == '\r' || c == '\n' { ++ t.Skipf("skipping %#q on Windows: contains unescapable character %q", s, c) ++ } ++ } ++ ++ var b bytes.Buffer ++ if runtime.GOOS == "windows" { ++ b.WriteString("@echo off\n") ++ } ++ PrintEnv(&b, []cfg.EnvVar{{Name: "var", Value: s}}) ++ var want string ++ if runtime.GOOS == "windows" { ++ fmt.Fprintf(&b, "echo \"%%var%%\"\n") ++ want += "\"" + s + "\"\r\n" ++ } else { ++ fmt.Fprintf(&b, "printf '%%s\\n' \"$var\"\n") ++ want += s + "\n" ++ } ++ scriptfilename := "script.sh" ++ if runtime.GOOS == "windows" { ++ scriptfilename = "script.bat" ++ } ++ scriptfile := filepath.Join(t.TempDir(), scriptfilename) ++ if err := os.WriteFile(scriptfile, b.Bytes(), 0777); err != nil { ++ t.Fatal(err) ++ } ++ t.Log(b.String()) ++ var cmd *exec.Cmd ++ if runtime.GOOS == "windows" { ++ cmd = testenv.Command(t, "cmd.exe", "/C", scriptfile) ++ } else { ++ cmd = testenv.Command(t, "sh", "-c", scriptfile) ++ } ++ out, err := cmd.Output() ++ t.Log(string(out)) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ if string(out) != want { ++ t.Fatalf("output of running PrintEnv script and echoing variable: got: %q, want: %q", ++ string(out), want) ++ } ++ }) ++} +diff --git a/src/cmd/go/testdata/script/env_sanitize.txt b/src/cmd/go/testdata/script/env_sanitize.txt +new file mode 100644 +index 0000000..cc4d23a +--- /dev/null ++++ b/src/cmd/go/testdata/script/env_sanitize.txt +@@ -0,0 +1,5 @@ ++env GOFLAGS='$(echo ''cc"''; echo ''OOPS="oops'')' ++go env ++[GOOS:darwin] stdout 'GOFLAGS=''\$\(echo ''\\''''cc"''\\''''; echo ''\\''''OOPS="oops''\\''''\)''' ++[GOOS:linux] stdout 'GOFLAGS=''\$\(echo ''\\''''cc"''\\''''; echo ''\\''''OOPS="oops''\\''''\)''' ++[GOOS:windows] stdout 'set GOFLAGS=\$\(echo ''cc"''; echo ''OOPS="oops''\)' +-- +2.35.5 + diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch b/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch new file mode 100644 index 0000000000..eecc04c2e3 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch @@ -0,0 +1,47 @@ +From b2624f973692ca093348395c2418d1c422f2a162 Mon Sep 17 00:00:00 2001 +From: miller +Date: Mon, 8 May 2023 16:56:21 +0100 +Subject: [PATCH 2/2] cmd/go: quote entries in list-valued variables for go env + in plan9 + +When 'go env' without an argument prints environment variables as +a script which can be executed by the shell, variables with a +list value in Plan 9 (such as GOPATH) need to be printed with each +element enclosed in single quotes in case it contains characters +significant to the Plan 9 shell (such as ' ' or '='). + +For #58508 + +Change-Id: Ia30f51307cc6d07a7e3ada6bf9d60bf9951982ff +Reviewed-on: https://go-review.googlesource.com/c/go/+/493535 +Run-TryBot: Cherry Mui +Reviewed-by: Cherry Mui +Reviewed-by: Russ Cox +TryBot-Result: Gopher Robot +Auto-Submit: Dmitri Shuralyov + +CVE: CVE-2023-24531 +Upstream-Status: Backport [05cc9e55876874462a4726ca0101c970838c80e5] + +Signed-off-by: Sakib Sajal +--- + src/cmd/go/internal/envcmd/env.go | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go +index 0ce8843..b48d0bd 100644 +--- a/src/cmd/go/internal/envcmd/env.go ++++ b/src/cmd/go/internal/envcmd/env.go +@@ -397,8 +397,7 @@ func PrintEnv(w io.Writer, env []cfg.EnvVar) { + if x > 0 { + fmt.Fprintf(w, " ") + } +- // TODO(#59979): Does this need to be quoted like above? +- fmt.Fprintf(w, "%s", s) ++ fmt.Fprintf(w, "'%s'", strings.ReplaceAll(s, "'", "''")) + } + fmt.Fprintf(w, ")\n") + } +-- +2.35.5 + From patchwork Thu Aug 3 14:04:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28366 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8105BC41513 for ; Thu, 3 Aug 2023 14:04:38 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.15497.1691071477987379560 for ; Thu, 03 Aug 2023 07:04:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=caOpSH9h; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-686f090310dso912104b3a.0 for ; Thu, 03 Aug 2023 07:04:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071477; x=1691676277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WOa7PDJ3FLLFj5CqJb7EZ2kH1HjlXGrArLuMP1Ci5/g=; b=caOpSH9hoeH+DFa3kPBBOx3lCmpL0R8H70Xd1V7t74ZTKCi59gGIzCANPhr46T2TWz 2ov/mVvpbPDWJOzQoSrieYDNO3y0uUC55sQNB30zKqgLQNGbIRhBerDmm9/2XdFurt7w zlbiLakKHDl3VSkYXbSVNGj0Mf2NuLW0KW4WNMBB/VxG4OP+7ZGa5LV8PzpkhjxT0pUZ K5kG1e+yS9x+cgcVBlS1J+iVY45eOfwUILi7Y0UQtmNx6KSQz4jwBNp7Poj+rooojNG3 KhzXpXO5pqj0FzJgynQ7NybaE9x4NyowClvJShq4ABnkyPGnql61LXS/WCx4xJ3su47j YAlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071477; x=1691676277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WOa7PDJ3FLLFj5CqJb7EZ2kH1HjlXGrArLuMP1Ci5/g=; b=Nuw1tqiey1zD7P86PHs47G0n5W99GObzpAk1rQR/I+C+RZbKq47yh+9rCGUdVzmd7b G0Mg7Q6Rn/yhB/ZrtY/7VSrdkRJFPG15+iapZ98kE/kQVm3JujSH/qwm9yt25GNWii7K a5+Ux3Mew4RVY1PSLM0a9zKaryzxq+JGplOiggvadmTQ2wZkHZZoV3gvecvcqY4XCwJ4 tib3Q3rRkF8FrKtONaGJ9iE47LNqA8BVttpsFY0YfA3ojL17y97lBnoKRLf4gA42nNO9 IjwQuB43P0JjLJy+tpXBItWwg8/Pp+CzVPoepbFtdJH9Xcp0612IjaOW7Q++ZcYAuJaO gKFg== X-Gm-Message-State: ABy/qLZfkVcseFTBrMEl4gtVwCcsjBPxIfBgXarRLFM3lGX3puPOByQg dNcz8CDKaC7hOc/qAOFLhuvsSKY7RZ28aR9Kozc= X-Google-Smtp-Source: APBJJlGBLqvwT0vlzjK8ejspHyRI7ryW1WIKBp9jpd84BA9fo3vMOETJ8u5LfjiJ4wC7ucgTFMX0Ig== X-Received: by 2002:a05:6a00:1484:b0:66c:a45:f00b with SMTP id v4-20020a056a00148400b0066c0a45f00bmr23089790pfu.23.1691071476980; Thu, 03 Aug 2023 07:04:36 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/10] cve-update-nvd2-native: always pass str for json.loads() Date: Thu, 3 Aug 2023 04:04:12 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185487 From: Yuta Hayama Currently json.loads() accepts one of the types str, bytes, or bytearray as an argument, but bytes and bytearrays have only been allowed since python 3.6. The version of Python3 provided by default on Ubuntu 16.04 and Debian 9.x is 3.5, so make raw_data type str to work correctly on these build hosts. Signed-off-by: Yuta Hayama Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 2f7dad7e82..67d76f75dd 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -136,7 +136,7 @@ def nvd_request_next(url, api_key, args): if (r.headers['content-encoding'] == 'gzip'): buf = r.read() - raw_data = gzip.decompress(buf) + raw_data = gzip.decompress(buf).decode("utf-8") else: raw_data = r.read().decode("utf-8") From patchwork Thu Aug 3 14:04:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 897D4C04A94 for ; Thu, 3 Aug 2023 14:04:48 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.15498.1691071480803557731 for ; Thu, 03 Aug 2023 07:04:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=25OBO4ZK; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-687087d8ddaso860671b3a.1 for ; Thu, 03 Aug 2023 07:04:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071479; x=1691676279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0qIPm35JUU6y0T8URTY6s/NfhzjouvCjcr68qVTHNtU=; b=25OBO4ZKhj666b2hb+hASGpjDC69yB8g987Sr2Ivscx28Eaiz1XyBwUA/PC605VbuZ P1aXMR9nyVpUP7rde93eNww46JZgv5rfnsyswE8malLovlu7kAzY2ZbX3zx5i+UngNP5 NrpPNE++lFWszMm4FH/nElRtYotnv9mnFjMbsk7gagkpWmGo6qCXcTz8Yt3dl0zj8GjX gNltykfPWCq69/uhGbNoOLqbDoso1gArw1LsCMNQV4ssQVhqCBbeCaKCzfoHSKLf4n4n KXTLe1iIb8Ax7RwlUUsoFJvVn8H0P3FVgjAHn97IY64s7eGv98pYd6YVAAQYB3d2kOW8 NNLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071479; x=1691676279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0qIPm35JUU6y0T8URTY6s/NfhzjouvCjcr68qVTHNtU=; b=NKmuX7qd69VeH2rBmUzF52TF47vzNW6QEsf+mh+aMmS3v3YwlMWLD6uojSJm+9t0BH fVQR/SzznDIIei66wTPO5rSzNLrjEytOUbeik5dJgS7BwHTPlboNylVmd/yYeYxSAqIf +dqiiee+A8OHj5eulG2/KQcfzRim/DDUUwxGa4zB8daP36CKUYjLONyIyHklmrHwx2rZ iJWg6Vy4zlea+Edxapv7X5464wmbDjShZezuQ6lVOyZrnkm529G25cBVL5j3KxQ6CGBz zIJhr3KE48RMYPin5Zf21WBhK0dnkNgGFQ0ns4QoUNpqGRU23nmKXFdgOQQa8fU78OBa LPtA== X-Gm-Message-State: ABy/qLb7WYSxqQ3nPjtFxCcknAspwVwpMzHvcV2shi/Qe+4v/raZNFUS bU2kEhzemjCepbBCMSmt+e8kNw8eiYYThnQ2hGk= X-Google-Smtp-Source: APBJJlHMaVJPB7ugjSYuFQ74ZfmrSboIM4cUBbXljMy48DnZaiUe2xOBbRQnuKxtO9iS56JFHIe5vQ== X-Received: by 2002:a05:6a20:9681:b0:134:dc23:2994 with SMTP id hp1-20020a056a20968100b00134dc232994mr17103891pzc.31.1691071478956; Thu, 03 Aug 2023 07:04:38 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/10] gcc : upgrade to v11.4 Date: Thu, 3 Aug 2023 04:04:13 -1000 Message-Id: <4fd7e5951c42336729f12cde71450ec298f2078b.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185488 From: Sundeep KOKKONDA gcc stable version upgraded from v11.3 to v11.4 For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html Below is the bug fix list for v11.4 https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&query_format=advanced&resolution=FIXED&target_milestone=11.4 There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes. ID Product Comp Resolution Summary▲ 108199 gcc tree-opt FIXE Bitfields, unions and SRA and storage_order_attribute 107801 gcc libstdc+ FIXE Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc) 108265 gcc libstdc+ FIXE chrono::hh_mm_ss can't be constructed from unsigned durations 104443 gcc libstdc+ FIXE common_iterator::operator-> is not correctly implemented 98056 gcc c++ FIXE coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668 107061 gcc target FIXE ENCODEKEY128 clobbers xmm4-xmm6 105433 gcc testsuit FIXE FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c 105095 gcc testsuit FIXE gcc.dg/vect/complex/fast-math-complex-* tests are not executed 100474 gcc c++ FIXE ICE: in diagnose_trait_expr, at cp/constraint.cc:3706 105854 gcc target FIXE ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3) 104462 gcc target FIXE ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave 106045 gcc libgomp FIXE Incorrect testcase in libgomp.c/target-31.c at -O0 56189 gcc c++ FIXE Infinite recursion with noexcept when instantiating function template 100295 gcc c++ FIXE Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr 100613 gcc jit FIXE libgccjit should produce dylib on macOS 104875 gcc libstdc+ FIXE libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of type 107471 gcc libstdc+ FIXE mismatching constraints in common_iterator 105284 gcc libstdc+ FIXE missing syncstream and spanstream forward decl. in 98821 gcc c++ FIXE modules : c++tools configures with CC but code fragments assume CXX. 109846 gcc fortran FIXE Pointer-valued function reference rejected as actual argument 101324 gcc target FIXE powerpc64le: hashst appears before mflr at -O1 or higher 102479 gcc c++ FIXE segfault when deducing class template arguments for tuple with libc++-14 105128 gcc libstdc+ FIXE source_location compile error for latest clang 15 106183 gcc libstdc+ FIXE std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait() 102994 gcc libstdc+ FIXE std::atomic::wait is not marked const 105324 gcc libstdc+ FIXE std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111.... 105375 gcc libstdc+ FIXE std::packaged_task has no deduction guide. 104602 gcc libstdc+ FIXE std::source_location::current uses cast from void* 106808 gcc libstdc+ FIXE std::string_view range concept requirement causes compile error with Boost.Filesystem 105725 gcc c++ FIXE [ICE] segfault with `-Wmismatched-tags` 105920 gcc target FIXE __builtin_cpu_supports ("f16c") should check AVX Signed-off-by: Sundeep KOKKONDA Signed-off-by: Steve Sakoman --- meta/conf/distro/include/maintainers.inc | 2 +- .../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +- ...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0 .../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0 ...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0 ...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0 ...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0 ...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0 ...rch64-Update-Neoverse-N2-core-defini.patch | 20 ++-- ...rm-add-armv9-a-architecture-to-march.patch | 54 +++++----- ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +++++++++--------- ...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +- .../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0 ...initial_11.3.bb => libgcc-initial_11.4.bb} | 0 .../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0 ...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0 16 files changed, 93 insertions(+), 97 deletions(-) rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%) rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%) rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 1d5e070223..bfc14951fe 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -189,7 +189,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj gcc/testsuite/lib/target-supports.exp | 3 ++- 9 files changed, 79 insertions(+), 8 deletions(-) -Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in +Index: gcc/gcc/config/arm/arm-cpus.in =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in -+++ gcc-11.3.0/gcc/config/arm/arm-cpus.in +--- a/gcc/config/arm/arm-cpus.in ++++ b/gcc/config/arm/arm-cpus.in @@ -132,6 +132,9 @@ define feature cmse # Architecture rel 8.1-M. define feature armv8_1m_main @@ -87,10 +87,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in begin arch iwmmxt tune for iwmmxt tune flags LDSCHED STRONG XSCALE -Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt +Index: gcc/gcc/config/arm/arm-tables.opt =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt -+++ gcc-11.3.0/gcc/config/arm/arm-tables.opt +--- a/gcc/config/arm/arm-tables.opt ++++ b/gcc/config/arm/arm-tables.opt @@ -380,10 +380,13 @@ EnumValue Enum(arm_arch) String(armv8.1-m.main) Value(30) @@ -107,10 +107,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt Enum Name(arm_fpu) Type(enum fpu_type) -Index: gcc-11.3.0/gcc/config/arm/arm.h +Index: gcc/gcc/config/arm/arm.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/arm.h -+++ gcc-11.3.0/gcc/config/arm/arm.h +--- a/gcc/config/arm/arm.h ++++ b/gcc/config/arm/arm.h @@ -456,7 +456,8 @@ enum base_architecture BASE_ARCH_8A = 8, BASE_ARCH_8M_BASE = 8, @@ -121,10 +121,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm.h }; /* The major revision number of the ARM Architecture implemented by the target. */ -Index: gcc-11.3.0/gcc/config/arm/t-aprofile +Index: gcc/gcc/config/arm/t-aprofile =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/t-aprofile -+++ gcc-11.3.0/gcc/config/arm/t-aprofile +--- a/gcc/config/arm/t-aprofile ++++ b/gcc/config/arm/t-aprofile @@ -26,8 +26,8 @@ # Arch and FPU variants to build libraries with @@ -180,10 +180,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-aprofile - $(foreach ARCH, armv7-a armv8-a, \ + $(foreach ARCH, armv7-a armv8-a armv9-a, \ mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp)) -Index: gcc-11.3.0/gcc/config/arm/t-arm-elf +Index: gcc/gcc/config/arm/t-arm-elf =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/t-arm-elf -+++ gcc-11.3.0/gcc/config/arm/t-arm-elf +--- a/gcc/config/arm/t-arm-elf ++++ b/gcc/config/arm/t-arm-elf @@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp # it seems to work ok. v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml @@ -214,10 +214,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-arm-elf MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \ march?armv7+fp=march?$(ARCH)+fp.dp) -Index: gcc-11.3.0/gcc/config/arm/t-multilib +Index: gcc/gcc/config/arm/t-multilib =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/t-multilib -+++ gcc-11.3.0/gcc/config/arm/t-multilib +--- a/gcc/config/arm/t-multilib ++++ b/gcc/config/arm/t-multilib @@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_ v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) @@ -244,10 +244,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-multilib endif # Not APROFILE. # Use Thumb libraries for everything. -Index: gcc-11.3.0/gcc/doc/invoke.texi +Index: gcc/gcc/doc/invoke.texi =================================================================== ---- gcc-11.3.0.orig/gcc/doc/invoke.texi -+++ gcc-11.3.0/gcc/doc/invoke.texi +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi @@ -19701,6 +19701,7 @@ Permissible names are: @samp{armv7-m}, @samp{armv7e-m}, @samp{armv8-m.base}, @samp{armv8-m.main}, @@ -256,10 +256,10 @@ Index: gcc-11.3.0/gcc/doc/invoke.texi @samp{iwmmxt} and @samp{iwmmxt2}. Additionally, the following architectures, which lack support for the -Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp +Index: gcc/gcc/testsuite/gcc.target/arm/multilib.exp =================================================================== ---- gcc-11.3.0.orig/gcc/testsuite/gcc.target/arm/multilib.exp -+++ gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp +--- a/gcc/testsuite/gcc.target/arm/multilib.exp ++++ b/gcc/testsuite/gcc.target/arm/multilib.exp @@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } { {-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp" {-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" @@ -275,10 +275,10 @@ Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp {-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard" {-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" {-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard" -Index: gcc-11.3.0/gcc/testsuite/lib/target-supports.exp +Index: gcc/gcc/testsuite/lib/target-supports.exp =================================================================== ---- gcc-11.3.0.orig/gcc/testsuite/lib/target-supports.exp -+++ gcc-11.3.0/gcc/testsuite/lib/target-supports.exp +--- a/gcc/testsuite/lib/target-supports.exp ++++ b/gcc/testsuite/lib/target-supports.exp @@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } { v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft" __ARM_ARCH_8M_BASE__ diff --git a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch index b3515c9734..ece5873258 100644 --- a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch +++ b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch @@ -39,10 +39,10 @@ Signed-off-by: Pavel Zhukov gcc/config/sparc/linux64.h | 4 ++-- 17 files changed, 53 insertions(+), 58 deletions(-) -Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h +Index: gcc/gcc/config/aarch64/aarch64-linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/aarch64/aarch64-linux.h -+++ gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h +--- a/gcc/config/aarch64/aarch64-linux.h ++++ b/gcc/config/aarch64/aarch64-linux.h @@ -21,10 +21,10 @@ #ifndef GCC_AARCH64_LINUX_H #define GCC_AARCH64_LINUX_H @@ -56,10 +56,10 @@ Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h #undef ASAN_CC1_SPEC #define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}" -Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h +Index: gcc/gcc/config/alpha/linux-elf.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/alpha/linux-elf.h -+++ gcc-11.3.0/gcc/config/alpha/linux-elf.h +--- a/gcc/config/alpha/linux-elf.h ++++ b/gcc/config/alpha/linux-elf.h @@ -23,8 +23,8 @@ along with GCC; see the file COPYING3. #define EXTRA_SPECS \ { "elf_dynamic_linker", ELF_DYNAMIC_LINKER }, @@ -71,10 +71,10 @@ Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h #if DEFAULT_LIBC == LIBC_UCLIBC #define CHOOSE_DYNAMIC_LINKER(G, U) "%{mglibc:" G ";:" U "}" #elif DEFAULT_LIBC == LIBC_GLIBC -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h +Index: gcc/gcc/config/arm/linux-eabi.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h +--- a/gcc/config/arm/linux-eabi.h ++++ b/gcc/config/arm/linux-eabi.h @@ -65,8 +65,8 @@ GLIBC_DYNAMIC_LINKER_DEFAULT and TARGET_DEFAULT_FLOAT_ABI. */ @@ -95,10 +95,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h /* At this point, bpabi.h will have clobbered LINK_SPEC. We want to use the GNU/Linux version, not the generic BPABI version. */ -Index: gcc-11.3.0/gcc/config/arm/linux-elf.h +Index: gcc/gcc/config/arm/linux-elf.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/linux-elf.h -+++ gcc-11.3.0/gcc/config/arm/linux-elf.h +--- a/gcc/config/arm/linux-elf.h ++++ b/gcc/config/arm/linux-elf.h @@ -60,7 +60,7 @@ #define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc" @@ -108,10 +108,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-elf.h #define LINUX_TARGET_LINK_SPEC "%{h*} \ %{static:-Bstatic} \ -Index: gcc-11.3.0/gcc/config/i386/linux.h +Index: gcc/gcc/config/i386/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/i386/linux.h -+++ gcc-11.3.0/gcc/config/i386/linux.h +--- a/gcc/config/i386/linux.h ++++ b/gcc/config/i386/linux.h @@ -20,7 +20,7 @@ along with GCC; see the file COPYING3. . */ @@ -122,10 +122,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux.h #undef MUSL_DYNAMIC_LINKER -#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-i386.so.1" +#define MUSL_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-musl-i386.so.1" -Index: gcc-11.3.0/gcc/config/i386/linux64.h +Index: gcc/gcc/config/i386/linux64.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/i386/linux64.h -+++ gcc-11.3.0/gcc/config/i386/linux64.h +--- a/gcc/config/i386/linux64.h ++++ b/gcc/config/i386/linux64.h @@ -27,13 +27,13 @@ see the files COPYING3 and COPYING.RUNTI #define GNU_USER_LINK_EMULATION64 "elf_x86_64" #define GNU_USER_LINK_EMULATIONX32 "elf32_x86_64" @@ -146,10 +146,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux64.h #undef MUSL_DYNAMIC_LINKERX32 -#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-x32.so.1" +#define MUSL_DYNAMIC_LINKERX32 SYSTEMLIBS_DIR "ld-musl-x32.so.1" -Index: gcc-11.3.0/gcc/config/linux.h +Index: gcc/gcc/config/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/linux.h -+++ gcc-11.3.0/gcc/config/linux.h +--- a/gcc/config/linux.h ++++ b/gcc/config/linux.h @@ -94,10 +94,10 @@ see the files COPYING3 and COPYING.RUNTI GLIBC_DYNAMIC_LINKER must be defined for each target using them, or GLIBC_DYNAMIC_LINKER32 and GLIBC_DYNAMIC_LINKER64 for targets @@ -165,10 +165,10 @@ Index: gcc-11.3.0/gcc/config/linux.h #define BIONIC_DYNAMIC_LINKER "/system/bin/linker" #define BIONIC_DYNAMIC_LINKER32 "/system/bin/linker" #define BIONIC_DYNAMIC_LINKER64 "/system/bin/linker64" -Index: gcc-11.3.0/gcc/config/microblaze/linux.h +Index: gcc/gcc/config/microblaze/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/microblaze/linux.h -+++ gcc-11.3.0/gcc/config/microblaze/linux.h +--- a/gcc/config/microblaze/linux.h ++++ b/gcc/config/microblaze/linux.h @@ -28,7 +28,7 @@ #undef TLS_NEEDS_GOT #define TLS_NEEDS_GOT 1 @@ -187,10 +187,10 @@ Index: gcc-11.3.0/gcc/config/microblaze/linux.h #undef SUBTARGET_EXTRA_SPECS #define SUBTARGET_EXTRA_SPECS \ -Index: gcc-11.3.0/gcc/config/mips/linux.h +Index: gcc/gcc/config/mips/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/mips/linux.h -+++ gcc-11.3.0/gcc/config/mips/linux.h +--- a/gcc/config/mips/linux.h ++++ b/gcc/config/mips/linux.h @@ -22,29 +22,29 @@ along with GCC; see the file COPYING3. #define GNU_USER_LINK_EMULATIONN32 "elf32%{EB:b}%{EL:l}tsmipn32" @@ -230,10 +230,10 @@ Index: gcc-11.3.0/gcc/config/mips/linux.h #define BIONIC_DYNAMIC_LINKERN32 "/system/bin/linker32" #define GNU_USER_DYNAMIC_LINKERN32 \ -Index: gcc-11.3.0/gcc/config/nios2/linux.h +Index: gcc/gcc/config/nios2/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/nios2/linux.h -+++ gcc-11.3.0/gcc/config/nios2/linux.h +--- a/gcc/config/nios2/linux.h ++++ b/gcc/config/nios2/linux.h @@ -29,7 +29,7 @@ #undef CPP_SPEC #define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}" @@ -243,10 +243,10 @@ Index: gcc-11.3.0/gcc/config/nios2/linux.h #undef LINK_SPEC #define LINK_SPEC LINK_SPEC_ENDIAN \ -Index: gcc-11.3.0/gcc/config/riscv/linux.h +Index: gcc/gcc/config/riscv/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/riscv/linux.h -+++ gcc-11.3.0/gcc/config/riscv/linux.h +--- a/gcc/config/riscv/linux.h ++++ b/gcc/config/riscv/linux.h @@ -22,7 +22,7 @@ along with GCC; see the file COPYING3. GNU_USER_TARGET_OS_CPP_BUILTINS(); \ } while (0) @@ -265,10 +265,10 @@ Index: gcc-11.3.0/gcc/config/riscv/linux.h /* Because RISC-V only has word-sized atomics, it requries libatomic where others do not. So link libatomic by default, as needed. */ -Index: gcc-11.3.0/gcc/config/rs6000/linux64.h +Index: gcc/gcc/config/rs6000/linux64.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/rs6000/linux64.h -+++ gcc-11.3.0/gcc/config/rs6000/linux64.h +--- a/gcc/config/rs6000/linux64.h ++++ b/gcc/config/rs6000/linux64.h @@ -336,24 +336,19 @@ extern int dot_symbols; #undef LINK_OS_DEFAULT_SPEC #define LINK_OS_DEFAULT_SPEC "%(link_os_linux)" @@ -299,10 +299,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/linux64.h #undef DEFAULT_ASM_ENDIAN #if (TARGET_DEFAULT & MASK_LITTLE_ENDIAN) -Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h +Index: gcc/gcc/config/rs6000/sysv4.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/rs6000/sysv4.h -+++ gcc-11.3.0/gcc/config/rs6000/sysv4.h +--- a/gcc/config/rs6000/sysv4.h ++++ b/gcc/config/rs6000/sysv4.h @@ -780,10 +780,10 @@ GNU_USER_TARGET_CC1_SPEC #define MUSL_DYNAMIC_LINKER_E ENDIAN_SELECT("","le","") @@ -316,10 +316,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h #ifndef GNU_USER_DYNAMIC_LINKER #define GNU_USER_DYNAMIC_LINKER GLIBC_DYNAMIC_LINKER -Index: gcc-11.3.0/gcc/config/s390/linux.h +Index: gcc/gcc/config/s390/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/s390/linux.h -+++ gcc-11.3.0/gcc/config/s390/linux.h +--- a/gcc/config/s390/linux.h ++++ b/gcc/config/s390/linux.h @@ -72,13 +72,13 @@ along with GCC; see the file COPYING3. #define MULTILIB_DEFAULTS { "m31" } #endif @@ -338,10 +338,10 @@ Index: gcc-11.3.0/gcc/config/s390/linux.h #undef LINK_SPEC #define LINK_SPEC \ -Index: gcc-11.3.0/gcc/config/sh/linux.h +Index: gcc/gcc/config/sh/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/sh/linux.h -+++ gcc-11.3.0/gcc/config/sh/linux.h +--- a/gcc/config/sh/linux.h ++++ b/gcc/config/sh/linux.h @@ -61,10 +61,10 @@ along with GCC; see the file COPYING3. #undef MUSL_DYNAMIC_LINKER @@ -355,10 +355,10 @@ Index: gcc-11.3.0/gcc/config/sh/linux.h #undef SUBTARGET_LINK_EMUL_SUFFIX #define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}" -Index: gcc-11.3.0/gcc/config/sparc/linux.h +Index: gcc/gcc/config/sparc/linux.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/sparc/linux.h -+++ gcc-11.3.0/gcc/config/sparc/linux.h +--- a/gcc/config/sparc/linux.h ++++ b/gcc/config/sparc/linux.h @@ -78,7 +78,7 @@ extern const char *host_detect_local_cpu When the -shared link option is used a final link is not being done. */ @@ -368,10 +368,10 @@ Index: gcc-11.3.0/gcc/config/sparc/linux.h #undef LINK_SPEC #define LINK_SPEC "-m elf32_sparc %{shared:-shared} \ -Index: gcc-11.3.0/gcc/config/sparc/linux64.h +Index: gcc/gcc/config/sparc/linux64.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/sparc/linux64.h -+++ gcc-11.3.0/gcc/config/sparc/linux64.h +--- a/gcc/config/sparc/linux64.h ++++ b/gcc/config/sparc/linux64.h @@ -78,8 +78,8 @@ along with GCC; see the file COPYING3. When the -shared link option is used a final link is not being done. */ diff --git a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch index 0f94936140..1ec942e977 100644 --- a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch +++ b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch @@ -18,10 +18,10 @@ Upstream-Status: Pending gcc/config/arm/linux-eabi.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h +Index: gcc/gcc/config/arm/linux-eabi.h =================================================================== ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h +--- a/gcc/config/arm/linux-eabi.h ++++ b/gcc/config/arm/linux-eabi.h @@ -91,10 +91,14 @@ #define MUSL_DYNAMIC_LINKER \ SYSTEMLIBS_DIR "ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1" diff --git a/meta/recipes-devtools/gcc/gcc_11.3.bb b/meta/recipes-devtools/gcc/gcc_11.4.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc_11.3.bb rename to meta/recipes-devtools/gcc/gcc_11.4.bb diff --git a/meta/recipes-devtools/gcc/libgcc-initial_11.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_11.4.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgcc-initial_11.3.bb rename to meta/recipes-devtools/gcc/libgcc-initial_11.4.bb diff --git a/meta/recipes-devtools/gcc/libgcc_11.3.bb b/meta/recipes-devtools/gcc/libgcc_11.4.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgcc_11.3.bb rename to meta/recipes-devtools/gcc/libgcc_11.4.bb diff --git a/meta/recipes-devtools/gcc/libgfortran_11.3.bb b/meta/recipes-devtools/gcc/libgfortran_11.4.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgfortran_11.3.bb rename to meta/recipes-devtools/gcc/libgfortran_11.4.bb From patchwork Thu Aug 3 14:04:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 28370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B12DEB64DD for ; Thu, 3 Aug 2023 14:04:48 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.15499.1691071482127011301 for ; Thu, 03 Aug 2023 07:04:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=LAQYfml8; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-68706b39c4cso672342b3a.2 for ; Thu, 03 Aug 2023 07:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1691071481; x=1691676281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=l3DgI0JCdOiilUJTej6pxpsctXSEqGfNT1ReRsOTsl4=; b=LAQYfml8EylqEqghhw04S5YiIPLrZ8ioiUB04yKP/ocAbuQYSn9Nj/OjZuzVG1/mWp HGUD5nzCgjspjVmv9e2bhbPGufQlJxw7EFTEkMcLx9lgShpkC4jMz2wKNluIMdowHB+1 Wbg9fRc77r7MxmJlAP6DrjOCLGTJFwxShUKMTYh8rja8CjFnUN+vyYgqmGbZOkOGIFMe TaPsvA9feWR4bIiKqSWw8wueTZIyBcOezlUNzzqSEbVA1r312DGLgCP9rmrflRXSGvFJ /eNgEIkdALlV0FoftdQkwV+a1m5xn3Fu2Fa6mcgzgXxJV9f7H48aNpwyYbhHRrfsXmBt DUtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691071481; x=1691676281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l3DgI0JCdOiilUJTej6pxpsctXSEqGfNT1ReRsOTsl4=; b=Enj3MZuc/PrZnOGYPdxv8UbGVrB5Tw1RQsJT8xQg9X2Bhq8CBBDfxyYTgWf+c5r1Ya sUnuQWH1LL9zgnBLYLjQXVmknpfL8VUYD3hkx+fUNOABByXNw8cqhtHTDwGZxi8wwoGY +xcXv/bFrmM5wq5EYMibOvVw154xqiAaJ1w+EpWGKc7f0xa9Tz3mHosbd7MxPfcCHVh4 wzdlfYqTXO11kQT0v8MPe6xV+R9Ca4jvwzm4MF4acQ7hQrxywLEULioYF8V5tjBoTLND 8aboeiAEqIuLC4/2XW1/jXtJcHTt+TlBhejaLVwHNyZvulk4SqHfQXUevCGimdZpjLOq 94Ew== X-Gm-Message-State: ABy/qLYHuKXcOYGSL0wzbnUsJWXHOerfjvVS3KKWGeSEKiEvqqCBO4WJ 2OTizyOWDJ16AyKCuUZXowl9fb2eEjixdDhxeS4= X-Google-Smtp-Source: APBJJlG234VNZkx2RG0ebEP0+tuB3BUVk2Y+7OyGggOnRZqvulkdCJD9JKnI28bSqDCsW8PXYTFCZA== X-Received: by 2002:a05:6a00:a0f:b0:686:2ad5:d11c with SMTP id p15-20020a056a000a0f00b006862ad5d11cmr21543432pfh.33.1691071480983; Thu, 03 Aug 2023 07:04:40 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id j8-20020aa78d08000000b006828e49c04csm12866242pfe.75.2023.08.03.07.04.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 07:04:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/10] openssl: Upgrade 3.0.9 -> 3.0.10 Date: Thu, 3 Aug 2023 04:04:14 -1000 Message-Id: <94ce10791ce10aa30d3a3bdef53f9b2f3c1b331a.1691071255.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Aug 2023 14:04:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/185489 From: Peter Marko https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-309-and-openssl-3010-1-aug-2023 Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023] * Fix excessive time spent checking DH q parameter value (CVE-2023-3817) * Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) * Do not ignore empty associated data entries with AES-SIV (CVE-2023-2975) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/{openssl_3.0.9.bb => openssl_3.0.10.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/openssl/{openssl_3.0.9.bb => openssl_3.0.10.bb} (99%) diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb b/meta/recipes-connectivity/openssl/openssl_3.0.10.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.0.9.bb rename to meta/recipes-connectivity/openssl/openssl_3.0.10.bb index 9738d36902..c770f1c712 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.10.bb @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" +SRC_URI[sha256sum] = "1761d4f5b13a1028b9b6f3d4b8e17feb0cedc9370f6afe61d7193d2cdce83323" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"