From patchwork Tue Sep 26 21:43:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31182 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E151E7F133 for ; Tue, 26 Sep 2023 21:43:29 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.3545.1695764608330580698 for ; Tue, 26 Sep 2023 14:43:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NFVsLDHU; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1c60a514f3aso55042075ad.3 for ; Tue, 26 Sep 2023 14:43:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764607; x=1696369407; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4kDIuwyuzTBKZo171AaNDE/IpCTCRUbYF5kFYX8/L4k=; b=NFVsLDHUfYdIQwDmdx78W+rp2i6ZBzGpnfey3nvgWw2e4i9f1bYjVpulxVJVFC8bdq RvPt2AmYmxty8xugRT2mV1URAUMvqBY0be2yNMRhdj65PFCp2MDk/AvrTK64tLPdKlGQ VyX1WepWEtjTzio6LElV7WVermCZ5dlSApa8lCGOb15xQ5ifUrs//p+07Pk71upizZRq RZEoo82TKTc0qMzZ0SFz1HS9YR3K0bvxFCnksDnXR8YBuWsd4b5iyhmh1BvA9oMnqeNT +jp+25AvXznXy7fw5MHumhSyzMVqMaL8ecKg16eZysDZuqnHOAQqPwyoLp9XJXnmgmfB W3iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764607; x=1696369407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4kDIuwyuzTBKZo171AaNDE/IpCTCRUbYF5kFYX8/L4k=; b=UpJlELF0CaQVgtJB472Cd4TUpt31WKfxPbdsJuhxQOG+FYThlBO6i8S9MisH/56muY dl2K7tpGljgLl9FG+Ry6W7Qy/dHwrxA9X2ATvtv3Rvnd2aNbbSXM7DS78aRGXwbKBxHi iz9W2gvib/m9eQUoM3m1xzZdpy+JP81ngDctUEDVx/PgpOHAjoxa3DEMFsVTcRFzpTit +es9o524ww4wsRgN7hJNisEpMX1CrVk5LvKG4yj41qGzbbFWMaP7NnBN3u+3Cfi/1d+K SV55N6PECHK9q2sV4fryxvUlRQA9MA1XHAb5ap2wAsXpXhF1WAijwgOjbMqXbEcYyk7s wsPA== X-Gm-Message-State: AOJu0YwPRzjKe5ftbyW9t8LrVOkn4UDkhhKeG4li9cUMbXVO2Nhc/HS2 PfSMwKDWKavtkI7FgS8lJ08mGmoj2MroXfNZFBY= X-Google-Smtp-Source: AGHT+IGITIwUPH0LufDJaxgjSMfo/xSWoZzwXlzdRZ4RjLRj2RdW/e/JGb+i/6/C9LBAA8VEEkGELQ== X-Received: by 2002:a17:902:6b88:b0:1c0:c4be:62ca with SMTP id p8-20020a1709026b8800b001c0c4be62camr19122plk.17.1695764607376; Tue, 26 Sep 2023 14:43:27 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix Date: Tue, 26 Sep 2023 11:43:10 -1000 Message-Id: <5d6d4768693f9baa9b801e87d4d2aed0d9792613.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188269 From: Sanjay Chitroda References: https://nvd.nist.gov/vuln/detail/CVE-2023-28320 https://security-tracker.debian.org/tracker/CVE-2023-28320 Upstream Patch: Introduced by: https://github.com/curl/curl/commit/3c49b405de4f (curl-7_9_8) Fixed by: https://github.com/curl/curl/commit/13718030ad4b (curl-8_1_0) Follow-up: https://github.com/curl/curl/commit/f446258f0269 (curl-8_1_0) Signed-off-by: Sanjay Chitroda Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2023-28320-fol1.patch | 80 +++++++++++++++++++ meta/recipes-support/curl/curl_8.0.1.bb | 1 + 2 files changed, 81 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch new file mode 100644 index 0000000000..3c06d8c518 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch @@ -0,0 +1,80 @@ +From e442feb37ba25c80b8480b908d1c570fd9f41c5e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 16 May 2023 23:40:42 +0200 +Subject: [PATCH] hostip: include easy_lock.h before using + GLOBAL_INIT_IS_THREADSAFE + +Since that header file is the only place that define can be defined. + +Reported-by: Marc Deslauriers + +Follow-up to 13718030ad4b3209 + +Closes #11121 + +CVE: CVE-2023-28320 +Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269] + +(cherry picked from commit f446258f0269a62289cca0210157cb8558d0edc3) +Signed-off-by: Sanjay Chitroda + +--- + lib/hostip.c | 10 ++++------ + lib/hostip.h | 9 --------- + 2 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/lib/hostip.c b/lib/hostip.c +index d6906a2e8..2d26b5628 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -70,6 +70,8 @@ + #include + #endif + ++#include "easy_lock.h" ++ + #if defined(CURLRES_SYNCH) && \ + defined(HAVE_ALARM) && \ + defined(SIGALRM) && \ +@@ -79,10 +81,6 @@ + #define USE_ALARM_TIMEOUT + #endif + +-#ifdef USE_ALARM_TIMEOUT +-#include "easy_lock.h" +-#endif +- + #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */ + + /* +@@ -265,8 +263,8 @@ void Curl_hostcache_prune(struct Curl_easy *data) + /* Beware this is a global and unique instance. This is used to store the + return address that we can jump back to from inside a signal handler. This + is not thread-safe stuff. */ +-sigjmp_buf curl_jmpenv; +-curl_simple_lock curl_jmpenv_lock; ++static sigjmp_buf curl_jmpenv; ++static curl_simple_lock curl_jmpenv_lock; + #endif + + /* lookup address, returns entry if found and not stale */ +diff --git a/lib/hostip.h b/lib/hostip.h +index 4b5481f65..0dd19e87c 100644 +--- a/lib/hostip.h ++++ b/lib/hostip.h +@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, + #define CURL_INADDR_NONE INADDR_NONE + #endif + +-#ifdef HAVE_SIGSETJMP +-/* Forward-declaration of variable defined in hostip.c. Beware this +- * is a global and unique instance. This is used to store the return +- * address that we can jump back to from inside a signal handler. +- * This is not thread-safe stuff. +- */ +-extern sigjmp_buf curl_jmpenv; +-#endif +- + /* + * Function provided by the resolver backend to set DNS servers to use. + */ diff --git a/meta/recipes-support/curl/curl_8.0.1.bb b/meta/recipes-support/curl/curl_8.0.1.bb index bcfe4a6088..708f622fe1 100644 --- a/meta/recipes-support/curl/curl_8.0.1.bb +++ b/meta/recipes-support/curl/curl_8.0.1.bb @@ -18,6 +18,7 @@ SRC_URI = " \ file://CVE-2023-28320.patch \ file://CVE-2023-28321.patch \ file://CVE-2023-32001.patch \ + file://CVE-2023-28320-fol1.patch \ " SRC_URI[sha256sum] = "0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0" From patchwork Tue Sep 26 21:43:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31183 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97959E7F134 for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.3546.1695764610176387204 for ; Tue, 26 Sep 2023 14:43:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Ke0N6CeC; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-578b407045bso7351744a12.0 for ; Tue, 26 Sep 2023 14:43:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764609; x=1696369409; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rEnvX4xzkZ9+C1SogB7KWXhn4Kbzl7uwgvxUjOmjZOE=; b=Ke0N6CeCL9ANd71IMIGzcN80b0BE1fZ/gaWBA3L9tkW3uMnYotS5SjEoQ5SdPk8Qt3 luTdcidQlrucYSB0In6Zu1Qaq8dhFcsKHq1PeAWMywIazWe7P12sf1y7gURnYayvOfm+ Xrd2Ub1q5AMXgE1GIZ4Lwca4PkIr3+ZO3vqs3GAiSCSLqUVZtfIwS+G4iLAXH0sVreop lFlETcmDviXY9oc8R1OjXekAhNBnoDe/eBTyiVAU+W9unfujcFVgGflG2EYXO1fo2+Uq NHTlMZuSgS2uweb/jjJYMhABFnzvVxgsPqsrFi47Er1jOaAbcMNywkw2nf0w/Wf2f1yR 4XtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764609; x=1696369409; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rEnvX4xzkZ9+C1SogB7KWXhn4Kbzl7uwgvxUjOmjZOE=; b=SCOmxh7MBlUOjbZLH0UxQEkQ67HwKHdK2afaalelpaQ/B7MwdLSU6RaO7YrrN2F/ww 0DHtd5DJ00KcpZ5QyziDOkBrRJS0heSBs8zJi6RfdgiEe8w+pi5nBbOroi+3gzcG78G/ uw33Fp/ydNOaqN9xrniwh6b/oJzpgNaO7CTXrJDP6Uq4gHbcjiq5UQyz6P0yBv/5GRT2 TdUd7d7BEG9SKuQLM43FMcDGETTMXRNvfOcpzLuTq21jv6P9opp1UUVzN93SAowv6iMj 5+5wReK8VKJoQiHV+YKpDoI19fo69xnHBnKYYWARSrEbhdsU/LnVIV8eoXtM4bsU/4nX lwXQ== X-Gm-Message-State: AOJu0YzYtLeg+KCA83504MDf5QIORsAXOQ5T/xHYp9W3pT6J1dFrsKn7 aw14TJGq6iP+m11JTJAoW2qeRoYKGukUExodEaQ= X-Google-Smtp-Source: AGHT+IFngqXBTqslX7m5NERHH1MqUOvHGtEr6Wk56AoBpodOZEAN4+t6wL/Ms17ZiNvfAUbC5u5iGQ== X-Received: by 2002:a05:6a21:3388:b0:151:b96f:88b4 with SMTP id yy8-20020a056a21338800b00151b96f88b4mr144935pzb.23.1695764609100; Tue, 26 Sep 2023 14:43:29 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:28 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 02/10] linux-yocto: update CVE exclusions Date: Tue, 26 Sep 2023 11:43:11 -1000 Message-Id: <51ce40e9f994bcce5cd484dff5346b4dd2bff1fc.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188270 From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.1.inc | 157 ++++++++++++++---- 1 file changed, 123 insertions(+), 34 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 4e809940db..1656ffc8b5 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-08-25 16:54:59.886795 for version 6.1.38" +# Generated at 2023-09-23 10:45:45.248445 for version 6.1.46 python check_kernel_cve_status_version() { - this_version = "6.1.38" + this_version = "6.1.46" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4839,6 +4839,8 @@ CVE_CHECK_IGNORE += "CVE-2020-27194" # fixed-version: Fixed after version 5.6rc4 CVE_CHECK_IGNORE += "CVE-2020-2732" +# CVE-2020-27418 has no known resolution + # fixed-version: Fixed after version 5.10rc1 CVE_CHECK_IGNORE += "CVE-2020-27673" @@ -6464,7 +6466,8 @@ CVE_CHECK_IGNORE += "CVE-2022-40768" # fixed-version: Fixed after version 6.0rc4 CVE_CHECK_IGNORE += "CVE-2022-4095" -# CVE-2022-40982 has no known resolution +# cpe-stable-backport: Backported in 6.1.44 +CVE_CHECK_IGNORE += "CVE-2022-40982" # cpe-stable-backport: Backported in 6.1.4 CVE_CHECK_IGNORE += "CVE-2022-41218" @@ -6546,9 +6549,9 @@ CVE_CHECK_IGNORE += "CVE-2022-4382" # fixed-version: Fixed after version 6.1rc1 CVE_CHECK_IGNORE += "CVE-2022-43945" -# CVE-2022-44032 has no known resolution +# CVE-2022-44032 needs backporting (fixed from 6.4rc1) -# CVE-2022-44033 has no known resolution +# CVE-2022-44033 needs backporting (fixed from 6.4rc1) # CVE-2022-44034 has no known resolution @@ -6561,13 +6564,16 @@ CVE_CHECK_IGNORE += "CVE-2022-45869" # CVE-2022-45885 has no known resolution -# CVE-2022-45886 has no known resolution +# cpe-stable-backport: Backported in 6.1.33 +CVE_CHECK_IGNORE += "CVE-2022-45886" -# CVE-2022-45887 has no known resolution +# cpe-stable-backport: Backported in 6.1.33 +CVE_CHECK_IGNORE += "CVE-2022-45887" # CVE-2022-45888 needs backporting (fixed from 6.2rc1) -# CVE-2022-45919 has no known resolution +# cpe-stable-backport: Backported in 6.1.33 +CVE_CHECK_IGNORE += "CVE-2022-45919" # fixed-version: Fixed after version 6.1 CVE_CHECK_IGNORE += "CVE-2022-45934" @@ -6629,7 +6635,8 @@ CVE_CHECK_IGNORE += "CVE-2022-48424" # cpe-stable-backport: Backported in 6.1.33 CVE_CHECK_IGNORE += "CVE-2022-48425" -# CVE-2022-48502 needs backporting (fixed from 6.1.40) +# cpe-stable-backport: Backported in 6.1.40 +CVE_CHECK_IGNORE += "CVE-2022-48502" # fixed-version: Fixed after version 5.0rc1 CVE_CHECK_IGNORE += "CVE-2023-0030" @@ -6643,7 +6650,8 @@ CVE_CHECK_IGNORE += "CVE-2023-0047" # fixed-version: Fixed after version 6.0rc4 CVE_CHECK_IGNORE += "CVE-2023-0122" -# CVE-2023-0160 has no known resolution +# cpe-stable-backport: Backported in 6.1.28 +CVE_CHECK_IGNORE += "CVE-2023-0160" # cpe-stable-backport: Backported in 6.1.7 CVE_CHECK_IGNORE += "CVE-2023-0179" @@ -6726,7 +6734,8 @@ CVE_CHECK_IGNORE += "CVE-2023-1192" # fixed-version: Fixed after version 6.1rc3 CVE_CHECK_IGNORE += "CVE-2023-1195" -# CVE-2023-1206 needs backporting (fixed from 6.1.43) +# cpe-stable-backport: Backported in 6.1.43 +CVE_CHECK_IGNORE += "CVE-2023-1206" # fixed-version: Fixed after version 5.18rc1 CVE_CHECK_IGNORE += "CVE-2023-1249" @@ -6809,11 +6818,14 @@ CVE_CHECK_IGNORE += "CVE-2023-2008" # fixed-version: Fixed after version 6.0rc1 CVE_CHECK_IGNORE += "CVE-2023-2019" -# CVE-2023-20569 has no known resolution +# cpe-stable-backport: Backported in 6.1.44 +CVE_CHECK_IGNORE += "CVE-2023-20569" -# CVE-2023-20588 has no known resolution +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-20588" -# CVE-2023-20593 needs backporting (fixed from 6.1.41) +# cpe-stable-backport: Backported in 6.1.41 +CVE_CHECK_IGNORE += "CVE-2023-20593" # fixed-version: Fixed after version 6.0rc1 CVE_CHECK_IGNORE += "CVE-2023-20928" @@ -6922,7 +6934,7 @@ CVE_CHECK_IGNORE += "CVE-2023-23559" # fixed-version: Fixed after version 5.12rc1 CVE_CHECK_IGNORE += "CVE-2023-23586" -# CVE-2023-2430 needs backporting (fixed from 6.2rc5) +# CVE-2023-2430 needs backporting (fixed from 6.1.50) # cpe-stable-backport: Backported in 6.1.22 CVE_CHECK_IGNORE += "CVE-2023-2483" @@ -6933,6 +6945,8 @@ CVE_CHECK_IGNORE += "CVE-2023-25012" # fixed-version: Fixed after version 6.0rc1 CVE_CHECK_IGNORE += "CVE-2023-2513" +# CVE-2023-25775 needs backporting (fixed from 6.1.53) + # fixed-version: only affects 6.3rc1 onwards CVE_CHECK_IGNORE += "CVE-2023-2598" @@ -6979,7 +6993,8 @@ CVE_CHECK_IGNORE += "CVE-2023-28772" # cpe-stable-backport: Backported in 6.1.22 CVE_CHECK_IGNORE += "CVE-2023-28866" -# CVE-2023-2898 needs backporting (fixed from 6.1.39) +# cpe-stable-backport: Backported in 6.1.39 +CVE_CHECK_IGNORE += "CVE-2023-2898" # cpe-stable-backport: Backported in 6.1.16 CVE_CHECK_IGNORE += "CVE-2023-2985" @@ -7007,7 +7022,7 @@ CVE_CHECK_IGNORE += "CVE-2023-3106" # CVE-2023-31082 has no known resolution -# CVE-2023-31083 has no known resolution +# CVE-2023-31083 needs backporting (fixed from 6.6rc1) # CVE-2023-31084 needs backporting (fixed from 6.4rc3) @@ -7019,7 +7034,8 @@ CVE_CHECK_IGNORE += "CVE-2023-3111" # cpe-stable-backport: Backported in 6.1.35 CVE_CHECK_IGNORE += "CVE-2023-3117" -# CVE-2023-31248 needs backporting (fixed from 6.1.39) +# cpe-stable-backport: Backported in 6.1.39 +CVE_CHECK_IGNORE += "CVE-2023-31248" # cpe-stable-backport: Backported in 6.1.30 CVE_CHECK_IGNORE += "CVE-2023-3141" @@ -7083,7 +7099,8 @@ CVE_CHECK_IGNORE += "CVE-2023-3317" # cpe-stable-backport: Backported in 6.1.22 CVE_CHECK_IGNORE += "CVE-2023-33203" -# CVE-2023-33250 has no known resolution +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_IGNORE += "CVE-2023-33250" # cpe-stable-backport: Backported in 6.1.22 CVE_CHECK_IGNORE += "CVE-2023-33288" @@ -7123,12 +7140,14 @@ CVE_CHECK_IGNORE += "CVE-2023-34255" # cpe-stable-backport: Backported in 6.1.29 CVE_CHECK_IGNORE += "CVE-2023-34256" -# CVE-2023-34319 has no known resolution +# cpe-stable-backport: Backported in 6.1.44 +CVE_CHECK_IGNORE += "CVE-2023-34319" # fixed-version: Fixed after version 5.18rc5 CVE_CHECK_IGNORE += "CVE-2023-3439" -# CVE-2023-35001 needs backporting (fixed from 6.1.39) +# cpe-stable-backport: Backported in 6.1.39 +CVE_CHECK_IGNORE += "CVE-2023-35001" # cpe-stable-backport: Backported in 6.1.11 CVE_CHECK_IGNORE += "CVE-2023-3567" @@ -7161,19 +7180,25 @@ CVE_CHECK_IGNORE += "CVE-2023-3609" # cpe-stable-backport: Backported in 6.1.36 CVE_CHECK_IGNORE += "CVE-2023-3610" -# CVE-2023-3611 needs backporting (fixed from 6.1.40) +# cpe-stable-backport: Backported in 6.1.40 +CVE_CHECK_IGNORE += "CVE-2023-3611" # CVE-2023-3640 has no known resolution -# CVE-2023-37453 has no known resolution +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_IGNORE += "CVE-2023-37453" # CVE-2023-37454 has no known resolution -# CVE-2023-3772 has no known resolution +# CVE-2023-3772 needs backporting (fixed from 6.1.47) -# CVE-2023-3773 has no known resolution +# CVE-2023-3773 needs backporting (fixed from 6.1.47) -# CVE-2023-3776 needs backporting (fixed from 6.1.40) +# cpe-stable-backport: Backported in 6.1.40 +CVE_CHECK_IGNORE += "CVE-2023-3776" + +# cpe-stable-backport: Backported in 6.1.42 +CVE_CHECK_IGNORE += "CVE-2023-3777" # fixed-version: Fixed after version 6.1rc4 CVE_CHECK_IGNORE += "CVE-2023-3812" @@ -7202,25 +7227,89 @@ CVE_CHECK_IGNORE += "CVE-2023-38431" # cpe-stable-backport: Backported in 6.1.36 CVE_CHECK_IGNORE += "CVE-2023-38432" -# CVE-2023-3863 needs backporting (fixed from 6.1.39) +# cpe-stable-backport: Backported in 6.1.39 +CVE_CHECK_IGNORE += "CVE-2023-3863" -# CVE-2023-4004 needs backporting (fixed from 6.1.42) +# cpe-stable-backport: Backported in 6.1.36 +CVE_CHECK_IGNORE += "CVE-2023-3865" + +# cpe-stable-backport: Backported in 6.1.36 +CVE_CHECK_IGNORE += "CVE-2023-3866" + +# cpe-stable-backport: Backported in 6.1.40 +CVE_CHECK_IGNORE += "CVE-2023-3867" + +# cpe-stable-backport: Backported in 6.1.42 +CVE_CHECK_IGNORE += "CVE-2023-4004" # CVE-2023-4010 has no known resolution -# CVE-2023-4128 needs backporting (fixed from 6.5rc5) +# cpe-stable-backport: Backported in 6.1.43 +CVE_CHECK_IGNORE += "CVE-2023-4015" + +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-40283" -# CVE-2023-4132 needs backporting (fixed from 6.1.39) +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-4128" + +# cpe-stable-backport: Backported in 6.1.39 +CVE_CHECK_IGNORE += "CVE-2023-4132" # CVE-2023-4133 needs backporting (fixed from 6.3) # CVE-2023-4134 needs backporting (fixed from 6.5rc1) -# CVE-2023-4147 needs backporting (fixed from 6.1.43) +# cpe-stable-backport: Backported in 6.1.43 +CVE_CHECK_IGNORE += "CVE-2023-4147" + +# cpe-stable-backport: Backported in 6.1.46 +CVE_CHECK_IGNORE += "CVE-2023-4155" + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_IGNORE += "CVE-2023-4194" + +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-4206" + +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-4207" + +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-4208" + +# CVE-2023-4244 needs backporting (fixed from 6.5rc7) + +# cpe-stable-backport: Backported in 6.1.45 +CVE_CHECK_IGNORE += "CVE-2023-4273" + +# fixed-version: Fixed after version 5.19rc1 +CVE_CHECK_IGNORE += "CVE-2023-4385" + +# fixed-version: Fixed after version 5.18 +CVE_CHECK_IGNORE += "CVE-2023-4387" + +# fixed-version: Fixed after version 5.18rc3 +CVE_CHECK_IGNORE += "CVE-2023-4389" + +# fixed-version: Fixed after version 6.0rc3 +CVE_CHECK_IGNORE += "CVE-2023-4394" + +# fixed-version: Fixed after version 5.18 +CVE_CHECK_IGNORE += "CVE-2023-4459" + +# CVE-2023-4563 needs backporting (fixed from 6.5rc6) + +# CVE-2023-4569 needs backporting (fixed from 6.1.47) + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_IGNORE += "CVE-2023-4611" + +# CVE-2023-4622 needs backporting (fixed from 6.5rc1) -# CVE-2023-4155 has no known resolution +# CVE-2023-4623 needs backporting (fixed from 6.1.53) -# CVE-2023-4194 needs backporting (fixed from 6.5rc5) +# CVE-2023-4881 needs backporting (fixed from 6.6rc1) -# CVE-2023-4273 needs backporting (fixed from 6.5rc5) +# CVE-2023-4921 needs backporting (fixed from 6.6rc1) From patchwork Tue Sep 26 21:43:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97C59E7F135 for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.3547.1695764611758541313 for ; Tue, 26 Sep 2023 14:43:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Cz0yly41; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1c47309a8ccso80244935ad.1 for ; Tue, 26 Sep 2023 14:43:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764611; x=1696369411; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TG6t+yzSYTX0rgDh55kGkJg//IriddcQWsSQ2g3B5vg=; b=Cz0yly41un8RqZffLSoH93UkliIuJSqpwlXatq67LVf6bOAm3j5QCHEWKXiX8ltLFC 9XXsdg5VLlqoPgvtBIg0srXJPUTapqzBWFsh4skpgvcu5qZr6hgSwrCfn2UiCrKoseV8 AMgS6w597zcYsrz1GSUb9yAe/dJ+YsZe1JnvrvDhSXQI5mMHrM9P9ucUrZQpySrARorT Z3qvVEIQcpGxez4y/LL35QwlUCDAjjaFrf1i01mzcKkd770+ubCWd8tbvP69yn1boMBR a0ZYZtz1oy7p++jPm6IBsXNBKsBzFgxejmMNmf29cgXzDg39I359PzGSWvV+Uxbm3aOq wNmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764611; x=1696369411; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TG6t+yzSYTX0rgDh55kGkJg//IriddcQWsSQ2g3B5vg=; b=NWC0rS8DVt3HqpF+o1iZBr2O+hZGpMW3E6AunwCgQ1X8yxBA/D2vrB6niZJ1Ek/0Oz BAyeA758xJkynnA5cio5zrnyCSkpefJXFarbNvXKxogzv0Nm5x/GvwsSId6H0e2o9o6G ZcKMTaoODsFIr/Ix4SpAcH0ozpSvg3lM8cXp9oSbdSDgOrOZgEWkwQKOCuDiF1dem+e0 zWH5D2wVisizpVVQbSsZyZQdiPrOHXfurgaHQF6L0y6SsgX7AMsorYkFF9I3fBRMN1h2 DimarnpRV1nY789DP8vUmDkryLwKXE9dhfi2TTYbbYsWOxv/OFspg1A5Tk0RAUlxwy6V WdRw== X-Gm-Message-State: AOJu0Yyw7YF6ZFgVsH3oqDnjNvh9bvNwXZ9euDvUdnZRk+wNwav5tn7m m7wThZEkDHptoYn9YDasRPHw4a3+l7Id2Kaa2lg= X-Google-Smtp-Source: AGHT+IF+wLMJyiCzSCqhZaC7/ws/UzUeBkLyG0eqVchHKFmZuW1lDcCIMm8rRzmv5agT6jKE5J5pyg== X-Received: by 2002:a17:903:22c5:b0:1c5:e207:836e with SMTP id y5-20020a17090322c500b001c5e207836emr5718514plg.26.1695764610769; Tue, 26 Sep 2023 14:43:30 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:30 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 03/10] glibc: fix CVE-2023-4527 Date: Tue, 26 Sep 2023 11:43:12 -1000 Message-Id: <04926dc555a0a75cd2c59729b351a997b018cdbc.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188271 From: Yash Shinde Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../glibc/glibc/0023-CVE-2023-4527.patch | 219 ++++++++++++++++++ meta/recipes-core/glibc/glibc_2.37.bb | 1 + 2 files changed, 220 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch diff --git a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch new file mode 100644 index 0000000000..211249211a --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch @@ -0,0 +1,219 @@ +From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 13 Sep 2023 14:10:56 +0200 +Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses + in no-aaaa mode + +Without passing alt_dns_packet_buffer, __res_context_search can only +store 2048 bytes (what fits into dns_packet_buffer). However, +the function returns the total packet size, and the subsequent +DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end +of the stack-allocated buffer. + +Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa +stub resolver option") and bug 30842. + +(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] +CVE: CVE-2023-4527 + +Signed-off-by: Yash Shinde + +--- + NEWS | 7 ++ + resolv/Makefile | 2 + + resolv/nss_dns/dns-host.c | 2 +- + resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++ + 4 files changed, 139 insertions(+), 1 deletion(-) + create mode 100644 resolv/tst-resolv-noaaaa-vc.c + +diff --git a/NEWS b/NEWS +--- a/NEWS ++++ b/NEWS +@@ -25,6 +25,7 @@ + [30101] gmon: fix memory corruption issues + [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new + symlink for libraries without soname ++ [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) + [30151] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling + [30163] posix: Fix system blocks SIGCHLD erroneously + [30305] x86_64: Fix asm constraints in feraiseexcept +@@ -54,6 +55,12 @@ + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + ++ CVE-2023-4527: If the system is configured in no-aaaa mode via ++ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address ++ family, and a DNS response is received over TCP that is larger than ++ 2048 bytes, getaddrinfo may potentially disclose stack contents via ++ the returned address data, or crash. ++ + The following bugs are resolved with this release: + + [12154] network: Cannot resolve hosts which have wildcard aliases +diff --git a/resolv/Makefile b/resolv/Makefile +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -101,6 +101,7 @@ + tst-resolv-invalid-cname \ + tst-resolv-network \ + tst-resolv-noaaaa \ ++ tst-resolv-noaaaa-vc \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ +@@ -292,6 +293,7 @@ + $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ + $(shared-thread-library) + $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -427,7 +427,7 @@ + { + n = __res_context_search (ctx, name, C_IN, T_A, + dns_packet_buffer, sizeof (dns_packet_buffer), +- NULL, NULL, NULL, NULL, NULL); ++ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL); + if (n >= 0) + status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n, + &abuf, pat, errnop, herrnop, ttlp); +diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c +new file mode 100644 +--- /dev/null ++++ b/resolv/tst-resolv-noaaaa-vc.c +@@ -0,0 +1,129 @@ ++/* Test the RES_NOAAAA resolver option with a large response. ++ Copyright (C) 2022-2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* Used to keep track of the number of queries. */ ++static volatile unsigned int queries; ++ ++/* If true, add a large TXT record at the start of the answer section. */ ++static volatile bool stuff_txt; ++ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ /* If not using TCP, just force its use. */ ++ if (!ctx->tcp) ++ { ++ struct resolv_response_flags flags = {.tc = true}; ++ resolv_response_init (b, flags); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ return; ++ } ++ ++ /* The test needs to send four queries, the first three are used to ++ grow the NSS buffer via the ERANGE handshake. */ ++ ++queries; ++ TEST_VERIFY (queries <= 4); ++ ++ /* AAAA queries are supposed to be disabled. */ ++ TEST_COMPARE (qtype, T_A); ++ TEST_COMPARE (qclass, C_IN); ++ TEST_COMPARE_STRING (qname, "example.com"); ++ ++ struct resolv_response_flags flags = {}; ++ resolv_response_init (b, flags); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ ++ resolv_response_section (b, ns_s_an); ++ ++ if (stuff_txt) ++ { ++ resolv_response_open_record (b, qname, qclass, T_TXT, 60); ++ int zero = 0; ++ for (int i = 0; i <= 15000; ++i) ++ resolv_response_add_data (b, &zero, sizeof (zero)); ++ resolv_response_close_record (b); ++ } ++ ++ for (int i = 0; i < 200; ++i) ++ { ++ resolv_response_open_record (b, qname, qclass, qtype, 60); ++ char ipv4[4] = {192, 0, 2, i + 1}; ++ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); ++ resolv_response_close_record (b); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_test *obj = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response ++ }); ++ ++ _res.options |= RES_NOAAAA; ++ ++ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt) ++ { ++ queries = 0; ++ stuff_txt = do_stuff_txt; ++ ++ struct addrinfo *ai = NULL; ++ int ret; ++ ret = getaddrinfo ("example.com", "80", ++ &(struct addrinfo) ++ { ++ .ai_family = AF_UNSPEC, ++ .ai_socktype = SOCK_STREAM, ++ }, &ai); ++ ++ char *expected_result; ++ { ++ struct xmemstream mem; ++ xopen_memstream (&mem); ++ for (int i = 0; i < 200; ++i) ++ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1); ++ xfclose_memstream (&mem); ++ expected_result = mem.buffer; ++ } ++ ++ check_addrinfo ("example.com", ai, ret, expected_result); ++ ++ free (expected_result); ++ freeaddrinfo (ai); ++ } ++ ++ resolv_test_end (obj); ++ return 0; ++} ++ ++#include diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb index 3387441cad..caf454f368 100644 --- a/meta/recipes-core/glibc/glibc_2.37.bb +++ b/meta/recipes-core/glibc/glibc_2.37.bb @@ -49,6 +49,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ + file://0023-CVE-2023-4527.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" From patchwork Tue Sep 26 21:43:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A236CE7F136 for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.3614.1695764613423317000 for ; Tue, 26 Sep 2023 14:43:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aFlEFMb6; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1c5ff5f858dso44416305ad.2 for ; Tue, 26 Sep 2023 14:43:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764612; x=1696369412; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1LOlMlMRDUcf5ezCWFHTY6LUQszv3C7A0uQQjEytToc=; b=aFlEFMb6UuL9OpGtRahPFZyR2bJWnTMSTLrwmH37rxxPL5hexTXGV2YiP3yt2O1+Mz t9W8UnNaopsEoduDT+p1eWAe4SbCgt/1YF+QULJ7H/aP/UE/OH8MTyKMvWygZTDdeTZA XCtssG+QlexBwfVQ6v95odMXomDCYhry0zOBYHfA25X/Bf3p1D7iuCY54AcYSoJHRAGK NCbgMfpOZ6L8HBnoVsdh4rZ2dcvXQ4xEDhXfxFt6emnlcEKbRfnjSo8qJLr/wgIcTbGK oiJFu91ctbUcUiHGV6pqsHSTY6VAT0Jf9j1XK7p0fuMau5bIJw8weWFnoE2WVGDqt7WP y1Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764612; x=1696369412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1LOlMlMRDUcf5ezCWFHTY6LUQszv3C7A0uQQjEytToc=; b=PHS3ESlvaTHQp3vxncY2GhoT9WYsxj1WXQQHje+kWOuNZNwFedyr3MDVEAgxvGROLJ WH5bXSsiMWpTxV4LM5mF1eciMKqcV8L/xGZH2wuRbz3nnsj91+TL4Pm8wNnmCEf2pCz2 Noqvacbsx/8z+QBHQe4m3SJN66hRuNoJwsH6iZrH1x0/vivqPZTqG5mgmGX7UU492q0L iXBf8r3CYeJew1dwtpdPKgfJ/kA5znnC/tc/1F74Ty1OUSryQE104vH7gEE5GkwCG+MI Unp6oeSZO8ghXq9Vk66dCKP/+LaY7fm9+kfPfkESK8tmxvLgMxytjawLOuW+JoJFkSow kcKQ== X-Gm-Message-State: AOJu0YwC2enzS2SbY/VNYJRq5W7cFImunED6uH9pWCM+aEqvIQeSruro mZHheJ2tQsGM/d+g/+NzOyp5tau3aP+ew+0Ng3Y= X-Google-Smtp-Source: AGHT+IH13IJvIXPsgf/ugd+uygUvkBLFJdecLYo08YxMdvl2KgLNMoLRMQqKLLPR/dweNZ+VoMNMvw== X-Received: by 2002:a17:902:c409:b0:1c4:4a4d:cda with SMTP id k9-20020a170902c40900b001c44a4d0cdamr18709plk.15.1695764612444; Tue, 26 Sep 2023 14:43:32 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 04/10] python3-git: upgrade 3.1.32 -> 3.1.37 Date: Tue, 26 Sep 2023 11:43:13 -1000 Message-Id: <931af3758a2d79aea534ab6d23db392ede7cc1bb.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188272 From: Narpat Mali The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and CVE-2023-41040 fixes and other bugfixes. Changelog: ========== - WIP Quick doc by @LeoDaCoda in #1608 - Partial clean up wrt mypy and black by @bodograumann in #1617 - Disable merge_includes in config writers by @bodograumann in #1618 - feat: full typing for "progress" parameter in Repo class by @madebylydia in #1634 - Fix CVE-2023-40590 by @EliahKagan in #1636 - #1566 Creating a lock now uses python built-in "open()" method to work arou… by @HageMaster3108 in #1619 - util: close lockfile after opening successfully by @skshetry in #1639 - Bump actions/checkout from 3 to 4 by @dependabot in #1643 - Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in #1645 - Fix CVE-2023-41040 by @facutuesca in #1644 - Only make config more permissive in tests that need it by @EliahKagan in #1648 - Added test for PR #1645 submodule path by @CosmosAtlas in #1647 - Fix Windows environment variable upcasing bug by @EliahKagan in #1650 - Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in #1654 - Better document env_case test/fixture and cwd by @EliahKagan in #1657 - Remove spurious executable permissions by @EliahKagan in #1658 - Fix up checks in Makefile and make them portable by @EliahKagan in #1661 - Fix URLs that were redirecting to another license by @EliahKagan in #1662 - Assorted small fixes/improvements to root dir docs by @EliahKagan in #1663 - Use venv instead of virtualenv in test_installation by @EliahKagan in #1664 - Omit py_modules in setup by @EliahKagan in #1665 - Don't track code coverage temporary files by @EliahKagan in #1666 - Configure tox by @EliahKagan in #1667 - Format tests with black and auto-exclude untracked paths by @EliahKagan in #1668 - Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in #1673 - Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in #1675 - Remove @NoEffect annotations by @EliahKagan in #1677 - Add more checks for the validity of refnames by @facutuesca in #1672 Note that the changes to the license file are just removal of excess whitespace (the extra blank line at the end, and spaces appearing at the end of lines). References: https://github.com/gitpython-developers/GitPython/releases https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst https://github.com/gitpython-developers/GitPython/commit/e1af18377fd69f9c1007f8abf6ccb95b3c5a6558 Signed-off-by: Narpat Mali Signed-off-by: Steve Sakoman --- .../python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-git_3.1.32.bb b/meta/recipes-devtools/python/python3-git_3.1.37.bb similarity index 86% rename from meta/recipes-devtools/python/python3-git_3.1.32.bb rename to meta/recipes-devtools/python/python3-git_3.1.37.bb index f217577eb8..56a335a79e 100644 --- a/meta/recipes-devtools/python/python3-git_3.1.32.bb +++ b/meta/recipes-devtools/python/python3-git_3.1.37.bb @@ -6,13 +6,13 @@ access with big-files support." HOMEPAGE = "http://github.com/gitpython-developers/GitPython" SECTION = "devel/python" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5279a7ab369ba336989dcf2a107e5c8e" PYPI_PACKAGE = "GitPython" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6" +SRC_URI[sha256sum] = "f9b9ddc0761c125d5780eab2d64be4873fc6817c2899cbcb34b02344bdc7bc54" DEPENDS += " ${PYTHON_PN}-gitdb" From patchwork Tue Sep 26 21:43:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31186 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2123E7F138 for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.3616.1695764615117947125 for ; Tue, 26 Sep 2023 14:43:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VMIuycma; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1c5cd27b1acso87269485ad.2 for ; Tue, 26 Sep 2023 14:43:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764614; x=1696369414; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GH03L8IWduQ98NEjm2WuYgRGFzggEERXCTxCS85bs6c=; b=VMIuycmarvQ8ttBcsepV6BfHz7BniIaFAJ3GwPcP7mpx2ZzLaXxN861IxYRJSRYpZX uM+bWkK5m0LG9i5WAN5J/QKCDe2gGuFFveGY72zP7ZE6S00MchsFT31rka4b9X51OxdY Ef8hOcA4VRAOeV5Qr+mEQ3fN2m4kFOLldikc6j5J9PR7ID+jHiSb8FVNjVOTjLeZKICV pdQfKOBmemda1QZFduZB7qd03wUO6hmeGkTTX2shf0NUmOfKKX/NYh3Wi1KjN4UW1yju 01xIzn2Cch9g61hn+kJKCNMxNXC3OZIj7gwBm9DE16NI1zZ7QG/3FF6ocHGqGp5f7tQf XFPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764614; x=1696369414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GH03L8IWduQ98NEjm2WuYgRGFzggEERXCTxCS85bs6c=; b=R1/FWvHdeu6YpZwpDEQNiwMUVEoXPcqRjVIlCDWHq6WCLKInUgCuAlEOQRowezL4bE DetsbyNz7rbIEyUEc1Bswx/CwbJDGAUw94rwg8UOPbdYsf6J/0kJ3EXUdps8i3VHHvMW qiIBIupNe+RscpmYdvZ0DxMYhitJSplGBU0F40yGwY8Z7Ci+Dh4qLY9Vp6aaxld1rSb9 zKC4uQJnib4Gw30p4LZqNP0MC0+ulTxf6Q3ZYqffeLNSWM5HF4p+44z96JM5eT3YoVt5 hA1yFcr74uSjkRB3bPU3UCuR3PPuh4q75k4l7RlCj/J9JIuMaEUgvMQem1wpeQgwkxcq D5sw== X-Gm-Message-State: AOJu0YwCbeQdDpwd5vFyVtqhucxiEVI0MCu5J2NYneDGuHliF4pxLwyw NgP83Q6PKdXV30aVMwalF1D+IdANNA6nhGIAEFw= X-Google-Smtp-Source: AGHT+IEOZnV0KKL0w67A24e+VKGBm84g7hzVMTUgklNxiC20JtGevc8oRcGJmyicIbQ9HH54yvBaOA== X-Received: by 2002:a17:902:d506:b0:1c0:b17a:7576 with SMTP id b6-20020a170902d50600b001c0b17a7576mr8634plg.42.1695764614200; Tue, 26 Sep 2023 14:43:34 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 05/10] bind: upgrade 9.18.17 -> 9.18.18 Date: Tue, 26 Sep 2023 11:43:14 -1000 Message-Id: <3cb92c8746f589ef74e337e5866378e04a8133ef.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188273 From: Wang Mingyu Changelog: ============ Deprecate the 'dialup' and 'heartbeat-interval' options. Ignore 'max-zone-ttl' on 'dnssec-policy insecure'. Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured. Mark a primary server as temporarily unreachable if the TCP connection attempt times out. Don't process detach and close netmgr events when the netmgr has been paused. (cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Steve Sakoman --- .../bind/{bind_9.18.17.bb => bind_9.18.18.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.18.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.17.bb b/meta/recipes-connectivity/bind/bind_9.18.18.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.17.bb rename to meta/recipes-connectivity/bind/bind_9.18.18.bb index fa1249b370..b9579ab52a 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.17.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.18.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458" +SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Tue Sep 26 21:43:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31184 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF74DE7F13C for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.3550.1695764616775121808 for ; Tue, 26 Sep 2023 14:43:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=M5Buxi2Z; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1c5bf7871dcso76080275ad.1 for ; Tue, 26 Sep 2023 14:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764616; x=1696369416; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dVycdgI/7LcVGM16kwbUq+D+xh7kwnj+qSIhl5H8p+c=; b=M5Buxi2Z1B6D1NCXiNJH9Ode5zl2tP45fAb6qaRX+Q2/tSJMtzNKFhqwW/W5o1Fj8f V+kMaVLzGO3nQZFpmvRqTYa3QHXo96vZutrEJ3m/AtWUtZr0eZwUfq1cEJALN12rAnoB SqlYUSwzENQiM56YBXqYqaOtZu2yiQOW8xkrmPWJHXh2AsceSGwcDPoaVPM+p4kese3L iBunRiCOncwxH7cYsjESCVMz0NOGI1lqwfsV5L4+JdYcgwcbHvvnLpXAQo6bbSaeKn9S WDuPTbXqvrz9mNB6Sz1qXyu61acra4Uemi/2aH8h+gDRKkMhNrsAnd01lc5pNUcje6Nj 93Wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764616; x=1696369416; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dVycdgI/7LcVGM16kwbUq+D+xh7kwnj+qSIhl5H8p+c=; b=aR3Q13vlbbhNXbXW8dEWrvtsjGi3+PPxLUVGyUYWfgopXJW9Cw1DdOtQmjYcOEfL1y gj5B1bdaebwwb3o3vy2BHieL1e/6gau2pRuE3zQs3zaHfd5r5+sgENMh9VelQq/fvW64 HuoWn73VvtlWM4Qd6fs+bSCQIprFWKtplnIkBYQly91RvNa5UE+iiSb568qK+F3A4O9j +pMOoOw8wE6SOon068W400jAZsbhMiuTfoUTA9YhrBUzZANHBosNJ/czBi9xmr50oNxK KqXYL8Q0sC8bAD6UxyDy3/AsmQitlT7xLcess1FoAYxALeRcD2J3eLUyXGVbKK21qVB5 ZvtA== X-Gm-Message-State: AOJu0YxDejVoGDtVF5jqJlu2IkBeS5r1Uy+J6H2s7K/SfMuNbXmr+Fo6 06Ys98QB4R0l8LtcneJKx7e8n8pWrNflN1knkpE= X-Google-Smtp-Source: AGHT+IEWnF0qkuBexwK9JsJccU/qmKKOEH/rYIebRipMVp6Pf551lfJXGyoH+HhEob+CFswZYBjTXQ== X-Received: by 2002:a17:902:b949:b0:1c4:4c0f:8d91 with SMTP id h9-20020a170902b94900b001c44c0f8d91mr7552416pls.69.1695764615927; Tue, 26 Sep 2023 14:43:35 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:35 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 06/10] bind: update to 9.18.19 Date: Tue, 26 Sep 2023 11:43:15 -1000 Message-Id: <663397edba278184a736e97aa602d3f96d2d937a.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188274 From: Lee Chee Yang release notes: https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19 Security Fixes Previously, sending a specially crafted message over the control channel could cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. This has been fixed. (CVE-2023-3341) ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing this vulnerability to our attention. [GL #4152] A flaw in the networking code handling DNS-over-TLS queries could cause named to terminate unexpectedly due to an assertion failure under significant DNS-over-TLS query load. This has been fixed. (CVE-2023-4236) ISC would like to thank Robert Story from USC/ISI Root Server Operations for bringing this vulnerability to our attention. [GL #4242] Removed Features The dnssec-must-be-secure option has been deprecated and will be removed in a future release. [GL #4263] Feature Changes If the server command is specified, nsupdate now honors the nsupdate -v option for SOA queries by sending both the UPDATE request and the initial query over TCP. [GL #1181] Bug Fixes The value of the If-Modified-Since header in the statistics channel was not being correctly validated for its length, potentially allowing an authorized user to trigger a buffer overflow. Ensuring the statistics channel is configured correctly to grant access exclusively to authorized users is essential (see the statistics-channels block definition and usage section). [GL #4124] This issue was reported independently by Eric Sesterhenn of X41 D-Sec GmbH and Cameron Whitehead. The Content-Length header in the statistics channel was lacking proper bounds checking. A negative or excessively large value could potentially trigger an integer overflow and result in an assertion failure. [GL This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH. Several memory leaks caused by not clearing the OpenSSL error stack were fixed. [GL #4159] This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH. The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs UPDATE policies accidentally caused named to return SERVFAIL responses to deletion requests for non-existent PTR and SRV records. This has been fixed. [GL #4280] The stale-refresh-time feature was mistakenly disabled when the server cache was flushed by rndc flush. This has been fixed. [GL #4278] BIND’s memory consumption has been improved by implementing dedicated jemalloc memory arenas for sending buffers. This optimization ensures that memory usage is more efficient and better manages the return of memory pages to the operating system. [GL #4038] Previously, partial writes in the TLS DNS code were not accounted for correctly, which could have led to DNS message corruption. This has been fixed. [GL #4255] Known Issues There are no new known issues with this release. See above for a list of all known issues affecting this BIND 9 branch. Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../bind/{bind_9.18.18.bb => bind_9.18.19.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb b/meta/recipes-connectivity/bind/bind_9.18.19.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.18.bb rename to meta/recipes-connectivity/bind/bind_9.18.19.bb index b9579ab52a..6936c1c6ad 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.18.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160" +SRC_URI[sha256sum] = "115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Tue Sep 26 21:43:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4D77E7F13D for ; Tue, 26 Sep 2023 21:43:39 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.3620.1695764618763533060 for ; Tue, 26 Sep 2023 14:43:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=P9raO7D7; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1c63164a2b6so16041885ad.0 for ; Tue, 26 Sep 2023 14:43:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764618; x=1696369418; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uq82QcoFeVbYi36S+wB33DVXLf/RiBo3vuDsXm7OLKQ=; b=P9raO7D7twK+UwSBPL0Jt12A37dhLKfxCbDr8Tn7OCfDa6qat/RcoPett9990oZCMw TDk5D27/YRHrlDIDBR7km863DZhVqxR/6qpvXi5tj56U8J78AKUzTVHK9/yCc/HcItuQ /g3wzlekrLQM7l4zCmfCbAbPWqRmNgx6zwZFRDAEv9ODYoMwmtyQXN9FaAqG/fQ5F0Tl k9yvC2VlSzcDUAw2TQLZV3Am9gHopCpKs0XsJZpydAoLu3bRVvw21qlz3etQDBClc0HD 55V24YUjnxezBFnTf9vcq40TAVrpeX5361jwlRhQ7+1ofqM9b7a4SPNzJ9GrZM2+HMB5 YIkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764618; x=1696369418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uq82QcoFeVbYi36S+wB33DVXLf/RiBo3vuDsXm7OLKQ=; b=oUrHQLtYHqmP3MZ1eCzNXyJ1YMCUlmpDtKN/CoO+e5ElpJtT/R2ejfhFPvVShR/YLp 6ylwroluA0fJ6tRxbslwDyPcEtlHR8vhTI7Vt37ymvaOoa5HMP8Z6TCBOlm6YlBywLSZ ZpcYjQhtj5zJ7eDnlyH3U7WukfNq4r9mED8GmZoCj1RYOmeLBmwg20bhsaCGPHM+00VN IJfQqMvheLm8/owzC1pQ93AJFwQ7VtyoRlrYVouhEFkFItnJxehvKcmOwqPyLzzJIjCn kFPL2DKCkk0yBSJA1HpE3G3mZPm1C2+0MMONb3pQ+q8E0KX1hs7PobWJRlENxdl4JDMT 3xeQ== X-Gm-Message-State: AOJu0YzqkwliW9qvEkoziKvDaWwTIechDkS0HZ/lpx0FqDiPgJpqJfWu 3rPaAkj4HsXXXSAZ/Zxwq5v9SeHgzRShBI4BEZk= X-Google-Smtp-Source: AGHT+IGfZT8hj0d8mbBhQC9Ea2/KELa2BWj7xuPUjudoZeXCbawqLI60ijhGltyNURzvO3uOeIkIzA== X-Received: by 2002:a17:902:f7ce:b0:1b2:676d:1143 with SMTP id h14-20020a170902f7ce00b001b2676d1143mr218408plw.15.1695764617691; Tue, 26 Sep 2023 14:43:37 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:37 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 07/10] ffmpeg: 5.1.2 -> 5.1.3 Date: Tue, 26 Sep 2023 11:43:16 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188275 From: Lee Chee Yang drop patch which is already part of 5.1.3. 0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964): https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307 0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965): https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/293dc39bcaa99f213c6b7a703e11f146abf5d3be ffmpeg-fix-vulkan.patch : https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/7268323193d55365f914de39fadd5dbdb1f68976 Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- ...c-stop-accessing-out-of-bounds-frame.patch | 89 --------------- ...c-stop-accessing-out-of-bounds-frame.patch | 108 ------------------ .../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch | 34 ------ .../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} | 5 +- 4 files changed, 1 insertion(+), 235 deletions(-) delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} (96%) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch deleted file mode 100644 index 2775a81cc8..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Sat, 12 Nov 2022 16:12:00 +0100 -Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984] - -Signed-off-by: - ---- - libavcodec/rpzaenc.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c -index d710eb4f82..4ced9523e2 100644 ---- a/libavcodec/rpzaenc.c -+++ b/libavcodec/rpzaenc.c -@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt - - // loop thru and compare pixels - for (y = 0; y < bi->block_height; y++) { -- for (x = 0; x < bi->block_width; x++){ -+ for (x = 0; x < bi->block_width; x++) { - // TODO: optimize - min_r = FFMIN(R(block_ptr[x]), min_r); - min_g = FFMIN(G(block_ptr[x]), min_g); -@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi, - return -1; - - for (i = 0; i < bi->block_height; i++) { -- for (j = 0; j < bi->block_width; j++){ -+ for (j = 0; j < bi->block_width; j++) { - x = GET_CHAN(block_ptr[j], xchannel); - y = GET_CHAN(block_ptr[j], ychannel); - sumx += x; -@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi - int max_err = 0; - - for (i = 0; i < bi->block_height; i++) { -- for (j = 0; j < bi->block_width; j++){ -+ for (j = 0; j < bi->block_width; j++) { - int x_inc, lin_y, lin_x; - x = GET_CHAN(block_ptr[j], xchannel); - y = GET_CHAN(block_ptr[j], ychannel); -@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels, - uint16_t *dest_pixels, - const BlockInfo *bi, int block_counter) - { -- for (int y = 0; y < 4; y++) { -+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4); -+ -+ for (int y = 0; y < y_size; y++) { - memcpy(dest_pixels, src_pixels, 8); - dest_pixels += bi->rowstride; - src_pixels += bi->rowstride; -@@ -730,14 +732,15 @@ post_skip : - - if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK - uint16_t *row_ptr; -- int rgb555; -+ int y_size, rgb555; - - block_offset = get_block_info(&bi, block_counter); - - row_ptr = &src_pixels[block_offset]; -+ y_size = FFMIN(4, bi.image_height - bi.row * 4); - -- for (int y = 0; y < 4; y++) { -- for (int x = 0; x < 4; x++){ -+ for (int y = 0; y < y_size; y++) { -+ for (int x = 0; x < 4; x++) { - rgb555 = row_ptr[x] & ~0x8000; - - put_bits(&s->pb, 16, rgb555); -@@ -745,6 +748,11 @@ post_skip : - row_ptr += bi.rowstride; - } - -+ for (int y = y_size; y < 4; y++) { -+ for (int x = 0; x < 4; x++) -+ put_bits(&s->pb, 16, 0); -+ } -+ - block_counter++; - } else { // FOUR COLOR BLOCK - block_counter += encode_four_color_block(min_color, max_color, --- -2.34.1 - diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch deleted file mode 100644 index 923fc6a9c1..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Sat, 12 Nov 2022 15:19:21 +0100 -Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd] - -Signed-off-by: - ---- - libavcodec/smcenc.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c -index f3d26a4e8d..33549b8ab4 100644 ---- a/libavcodec/smcenc.c -+++ b/libavcodec/smcenc.c -@@ -61,6 +61,7 @@ typedef struct SMCContext { - { \ - row_ptr += stride * 4; \ - pixel_ptr = row_ptr; \ -+ cur_y += 4; \ - } \ - } \ - } -@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0]; - uint8_t *distinct_values = s->distinct_values; - const uint8_t *pixel_ptr, *row_ptr; -+ const int height = frame->height; - const int width = frame->width; - uint8_t block_values[16]; - int block_counter = 0; -@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - int color_octet_index = 0; - int color_table_index; /* indexes to color pair, quad, or octet tables */ - int total_blocks; -+ int cur_y = 0; - - memset(s->color_pairs, 0, sizeof(s->color_pairs)); - memset(s->color_quads, 0, sizeof(s->color_quads)); - memset(s->color_octets, 0, sizeof(s->color_octets)); - - /* Number of 4x4 blocks in frame. */ -- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4); -+ total_blocks = ((width + 3) / 4) * ((height + 3) / 4); - - pixel_ptr = row_ptr = src_pixels; - -@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - int cache_index; - int distinct = 0; - int blocks = 0; -+ int frame_y = cur_y; - - while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) { -+ const int y_size = FFMIN(4, height - cur_y); - int compare = 0; - -- for (int y = 0; y < 4; y++) { -+ for (int y = 0; y < y_size; y++) { - const ptrdiff_t offset = pixel_ptr - src_pixels; - const uint8_t *prev_pixel_ptr = prev_pixels + offset; - -@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - - pixel_ptr = xpixel_ptr; - row_ptr = xrow_ptr; -+ cur_y = frame_y; - - while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) { -+ const int y_size = FFMIN(4, height - cur_y); - const ptrdiff_t offset = pixel_ptr - src_pixels; - const int sy = offset / stride; - const int sx = offset % stride; -@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride; - int compare = 0; - -- for (int y = 0; y < 4; y++) { -+ for (int y = 0; y < y_size; y++) { - compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4); - if (compare) - break; -@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - - pixel_ptr = xpixel_ptr; - row_ptr = xrow_ptr; -+ cur_y = frame_y; - - while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) { -- for (int y = 0; y < 4; y++) -+ const int y_size = FFMIN(4, height - cur_y); -+ for (int y = 0; y < y_size; y++) - memcpy(block_values + y * 4, pixel_ptr + y * stride, 4); - - qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values); -@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame, - - pixel_ptr = xpixel_ptr; - row_ptr = xrow_ptr; -+ cur_y = frame_y; - - blocks = coded_blocks; - distinct = coded_distinct; --- -2.34.1 - diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch deleted file mode 100644 index 95bd608a27..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Lynne -Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100) -Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list -X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690 - -hwcontext_vulkan: remove optional encode/decode extensions from the list - -They're not currently used, so they don't need to be there. -Vulkan stabilized the decode extensions less than a week ago, and their -name prefixes were changed from EXT to KHR. It's a bit too soon to be -depending on it, so rather than bumping, just remove these for now. - -Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690] ---- - -diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c -index f1db1c7291..2a9b5f4aac 100644 ---- a/libavutil/hwcontext_vulkan.c -+++ b/libavutil/hwcontext_vulkan.c -@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = { - { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY }, - { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM }, - #endif -- -- /* Video encoding/decoding */ -- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, -- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, -- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, -- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, -- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, -- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG }, - }; - - /* Converts return values to strings */ diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb similarity index 96% rename from meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb rename to meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb index aa5a8681cf..9899e570ad 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb @@ -23,12 +23,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ - file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ - file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ - file://ffmpeg-fix-vulkan.patch \ " -SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc" +SRC_URI[sha256sum] = "1b113593ff907293be7aed95acdda5e785dd73616d7d4ec90a0f6adbc5a0312e" # CVE-2023-39018 issue belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) # and not ffmepg itself. From patchwork Tue Sep 26 21:43:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3DC4E7F13B for ; Tue, 26 Sep 2023 21:43:49 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web11.3621.1695764620302330132 for ; Tue, 26 Sep 2023 14:43:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nH+iuUg8; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-564b6276941so6954633a12.3 for ; Tue, 26 Sep 2023 14:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764619; x=1696369419; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SJIatVraj87M3QBcTLAliUjGTeKSZowNJfYQJHkQKYo=; b=nH+iuUg8v7sWCMTft8yaxdDYbShpxas5hILQZGYGgISKo/zcFbm8k5VsG8SWuxZfZf Hw1/gRuNdvfdjyoK5/pT843qZw2gX4lxWgkOkmvEoZGfqPOwYeCWZS6Dcxv16vqMiZa4 gmwmYg0wojlQYxYiTH/CfYn0Qmffbx9zYUl87E9Y1OIsQTznOvMzrt8WnVQtiDkGi82i dvFS+V5BUwgz7hwyPkv1iw0GoaIquVZrZOY8EvbwdnS69PeuU1Qsgb+/9xJD4Rz7EG+n Aa1aMUmtRNEQPxWFzwl65sSZRCKHZq181nJtKyWh0GkFHCEDHaZ+rJscE/I5THynfxTn 10UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764619; x=1696369419; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SJIatVraj87M3QBcTLAliUjGTeKSZowNJfYQJHkQKYo=; b=unN+vLHKjn+QPczhxa38hcXT7Bn5ui1G+HD1qMOccvBE6Qq5IUjphGKG4SeBfNt7Ba fAL8tYOKwi34CoGEjrT5gKSXfSzK4xV7XCXFEGhDNVfnF0eGjk5uCGRgmjJoL8w3/yOx 1Byq2PFLNUFlO4LHU7lA4/xnDsUCsWpHnTaIgfqP5HuELmU1uRyKMY04w/yR2pY/fP6k yQuVRF4uK2k+zabqB+K1sb/eIClcOyO9nCT/3qcNmvIlwQWMIoQHORp692gef8dcX8g0 MD4qqknpELXU9HaC896JBCDqXoKwHHPkucOPgKycONbAs5/nWgZdxvrHILEVb6LblqJr lEgw== X-Gm-Message-State: AOJu0YxoWGsmTFFnEerviJjF9H83bCKzgWb/M6LnT6OaDfPdg82bkwyP z8Jr9m4IteF8BZIGaOFrRLrDKoCx/RbCg0xo87k= X-Google-Smtp-Source: AGHT+IFFav0oFWNGxz8p2SH6bKR1lRYfskeR1Ta3cgGNZY6bRCWLbw4BKctZxWYbV2OsAtQTFfpW6g== X-Received: by 2002:a05:6a20:1451:b0:153:63b9:8bf9 with SMTP id a17-20020a056a20145100b0015363b98bf9mr204238pzi.0.1695764619411; Tue, 26 Sep 2023 14:43:39 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:39 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS Date: Tue, 26 Sep 2023 11:43:17 -1000 Message-Id: <8ed254dd5e44d0685e5b952f724af08d75ce3d9d.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188276 From: Chen Qi This patch is to ensure recipes get rebuilt correctly and avoid incorrect sstate cache reuse when toggling multilib. The following steps show one example of such incorrect sstate cache reuse. 1. enable multilib && bitbake -c populate_sdk 2. disable multilib && bitbake -c populate_sdk The error message is as below: Error: Problem: conflicting requests - nothing provides binutils-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk - nothing provides gcc-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk - nothing provides gdb-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk (try to add '--skip-broken' to skip uninstallable packages) We get this error because packagegroup-cross-canadian recipe is not rebuilt when it should be. Current codes have tracked the dependency to MULTILIB_VARIANTS, as shown in the following chain: RDEPENDS:packagegroup-cross-canadian-intel-x86-64 -> all_multilib_tune_values -> MULTILIB_VARIANTS. However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS. See some results from 'bitbake-dumpsigs' below: List of dependencies for variable MULTILIB_VARIANTS is ['extend_variants'] Variable MULTILIB_VARIANTS value is ${@extend_variants(d,'MULTILIBS','multilib')} It's obvious that the value of MULTILIB_VARIANTS depend on the value of MULTILIBS, so let's set this dependency manually. (From OE-Core rev: 9f47d8eb51816d16078a23c0cef4d697555f913f) Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/conf/multilib.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf index 7f3b9463ef..ef3605a73d 100644 --- a/meta/conf/multilib.conf +++ b/meta/conf/multilib.conf @@ -2,6 +2,7 @@ baselib = "${@d.getVar('BASE_LIB:tune-' + (d.getVar('DEFAULTTUNE') or 'INVALID')) or d.getVar('BASELIB')}" MULTILIB_VARIANTS = "${@extend_variants(d,'MULTILIBS','multilib')}" +MULTILIB_VARIANTS[vardeps] += "MULTILIBS" MULTILIB_SAVE_VARNAME = "DEFAULTTUNE TARGET_ARCH TARGET_SYS TARGET_VENDOR" MULTILIBS ??= "multilib:lib32" From patchwork Tue Sep 26 21:43:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31190 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3D93E7F138 for ; Tue, 26 Sep 2023 21:43:49 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.3554.1695764621950657896 for ; Tue, 26 Sep 2023 14:43:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qD8tYuR9; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1c62d61dc96so21485365ad.0 for ; Tue, 26 Sep 2023 14:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764621; x=1696369421; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sJnrAQHJUw6VJW61xXzxbTEC0uXKIwdjtalzIWz7R3M=; b=qD8tYuR94p87wd4Hlep6OEalurZyB3OoCTNKUS91q4RNnvvwOoKag8eZMEuEACiNUS ZJAxPInLyGZQ/fLilZwn5GkSTCgW3lYsGapkMgLIF5FrJscpMw9Cv3Mn1OgdwsS1GnJh FnljuF/Zpt/QnJp0dj7qXCkQWizueuAprRwWlMXVuyhBRxt/N8Fk7XCWnqEI49c57fy8 6LuNB5Je1Xh2O6bdAJaIkteqmLfnMA8RjJlz0S7XNnlS/K/rHKSNYwgwthaO0Phkjapf K0o3l+gRA+4gn4K+G7o2oW2ekcbdYSfV8M4Gg2orVWbc1dzpBorNm0VXo2/gDXokikH0 AtIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764621; x=1696369421; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sJnrAQHJUw6VJW61xXzxbTEC0uXKIwdjtalzIWz7R3M=; b=MddVT5p1BWRIMn1DUaMOqK4j/tDB16rtQ7mY6SYTPyKFDtlLtz+rIzuXYVomgaIAjw zhU/iTEDzHmX21zbhesJetdjg+XOGBubadqvz6+XpyDek5tVpUZarR6HMBQ/w3Qwtbol D3xI8gMvW+xi72xKsuCD7OYKoiHVtXicFt7SVV6mmNNSxn0EuReDzQ0h0klV9wcvoNGw /n/aIpbP6qmBSPjOJsN/yBmEVxf8xOU1Rbidv7/o5hyYY4TiHlwL21hV1ZMZeOdVq+HG ggN+0ke8sT6Ik4TxGrfifWpAE2b1w4x7hdvyIgWggpfhYnmLIL4rawOXLSDM8EcMo9/3 ZKBg== X-Gm-Message-State: AOJu0Yx1rxLeie1A1tPy8U6JwKDQqY9P8l6MShnV6W3YkOtRUBep6Mu6 mfIb87KZALwnro26UEqCCcvWobpi1MoW4NTSNrk= X-Google-Smtp-Source: AGHT+IE3CziRgfvl34kZ1+uOlHMq11RntQQdWn90PawLSVx8qZqubsmNAAAUJWtoxhOY5W84SgM8zw== X-Received: by 2002:a17:902:f693:b0:1bf:13a7:d3ef with SMTP id l19-20020a170902f69300b001bf13a7d3efmr9294374plg.66.1695764621139; Tue, 26 Sep 2023 14:43:41 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation Date: Tue, 26 Sep 2023 11:43:18 -1000 Message-Id: <6b87f7c9e955abe5833820ee7eda9d525c77d2ea.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188277 From: Chen Qi The gcc_multilib_setup function is a function that is run at the do_configure step, so it's counted into the signature computation. The MULTILIB_VARIANTS this function uses is also extracted to be taken into consideration. After the change of setting MULTILIB_VARIANTS explictly vardeps on MULTILIBS, the change of MULTILIBS changes the signature, thus causing rebuilding. However, in case of gcc-crosssdk, the setting of multilib should have no effect on it, as it's used to build nativesdk packages, not the target packages. So ignore MULTILIB_VARIANTS in signature computation. This fixes oe-selftest case sstatetests.SStateHashSameSigs2.test_sstate_nativesdk_samesigs_multilib. (From OE-Core rev: 537c71162a711dec32a63a657c4b101269a3e267) Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-crosssdk.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk.inc b/meta/recipes-devtools/gcc/gcc-crosssdk.inc index bd2e71d63f..74c4537f4f 100644 --- a/meta/recipes-devtools/gcc/gcc-crosssdk.inc +++ b/meta/recipes-devtools/gcc/gcc-crosssdk.inc @@ -10,3 +10,5 @@ GCCMULTILIB = "--disable-multilib" DEPENDS = "virtual/${TARGET_PREFIX}binutils-crosssdk gettext-native ${NATIVEDEPS}" PROVIDES = "virtual/${TARGET_PREFIX}gcc-crosssdk virtual/${TARGET_PREFIX}g++-crosssdk" + +gcc_multilib_setup[vardepsexclude] = "MULTILIB_VARIANTS" From patchwork Tue Sep 26 21:43:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 31191 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0CE9E7F13D for ; Tue, 26 Sep 2023 21:43:49 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.3622.1695764623691957368 for ; Tue, 26 Sep 2023 14:43:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Me2MfZX7; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1c5bbb205e3so87772175ad.0 for ; Tue, 26 Sep 2023 14:43:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1695764623; x=1696369423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g6WTR5PO+yDw5EJFycmJLdu9Xw5IzuOBcdvea2InLNw=; b=Me2MfZX7ynLBDo9vmtX+FFLKPhhaOK1oq/qWXGp4Q3mKjuL+tqFJxGMxpDyjzGyPHD +HZrbpU61/w7mF00eaNBIm9nVTIw6oU7WdtS4ozvF4fgPnnjPldGKcjWFhl8j9ix1z6e guWI7DT5/qPPSmN65NinMxSRyXoZJxA3bvhdbO6NH7VdsLnu0tJc9AkKe7PfpQuye/vo l14EJNu4DNULsQ6S07rmSMPf9nXxE2X/ZI5egUdexppMTDFX3HovNVFUB8S69relx5ai z/IiZXwpAdECP1WouqEP83GCeQagbrhKelhNjD5jgq5GuF4ifi0AhidS4eIie++qoY61 TJOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695764623; x=1696369423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g6WTR5PO+yDw5EJFycmJLdu9Xw5IzuOBcdvea2InLNw=; b=ql4G4PU0vwidJWvusZaYE0w996rh/I6uBEA1md6YyWlUT5zSrGDSoHKNpNj8V3fNDM hNLhEg1prZ8+tEgfJNZGtz4edvEQCVGh2bYPwKZ3IPnC3khRs3/K1C6BvYV5PbvhW7s4 FT42FkuNy8tYWKSAQ1ImD6opjplem+LGH8lB7788sOvKttfxWsDMiscS4vjyNz9/PxRD 6BKrWTKGo2rlM5r/BRj41ZpT+MdAEA0Hf2ME6fjSkmktL8u6yy++jmcqPFnSER+Ql5jR MsVO0BKb6BgwonjQSOBi/PneMa4A7jN5JH/LsUY00mHkOtutcv4ACj3Q8zs2qb123U+c PR+g== X-Gm-Message-State: AOJu0YyUsLCc2Fp5Sy1v7FXDSdYUhvNYP0Puu5d+l3oYFeWwiCLLRZIc N5prTsvikzjbNn+Xd5quDFxlFG6Ii9sOGKyKMkU= X-Google-Smtp-Source: AGHT+IFY/Cw1JVqvwPUO9XqsbsP9fUgpdqCx5hTjc0YfExp0pJ403RMsGn51OnHvni53nm97EFzEQA== X-Received: by 2002:a17:902:b90c:b0:1c5:b855:38f with SMTP id bf12-20020a170902b90c00b001c5b855038fmr16281plb.24.1695764622871; Tue, 26 Sep 2023 14:43:42 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id 19-20020a170902c11300b001b5247cac3dsm11487713pli.110.2023.09.26.14.43.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:43:42 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Date: Tue, 26 Sep 2023 11:43:19 -1000 Message-Id: <75f8485d7862b08e2f96f919e992d203df6c8d9c.1695764457.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Sep 2023 21:43:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/188278 From: Jaeyoon Jung Variable overrides in KCONFIG_CONFIG_COMMAND do not work as expected due to double quote mismatches. The issue is reproducible in an environment where gold is the default linker. Below is an example snippet of run.do_terminal generated by do_menuconfig. do_terminal() { exec sh -c "make menuconfig CC="aarch64-webos-linux-gcc ..." LD="aarch64-webos-linux-ld.bfd ..." ... } Although LD override is set to bfd correctly, it is not passed to make and make menuconfig ends up with messages like: | gold linker is not supported as it is not capable of linking the kernel proper. | scripts/Kconfig.include:56: Sorry, this linker is not supported. (From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7) Signed-off-by: Jaeyoon Jung Signed-off-by: Richard Purdie (cherry picked from commit d4664d2b7974354e73d891762ebb2c8a12d62438) Signed-off-by: Yoann Congal Signed-off-by: Steve Sakoman --- meta/classes-recipe/cml1.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/cml1.bbclass b/meta/classes-recipe/cml1.bbclass index a09a042c3f..73c22f81d6 100644 --- a/meta/classes-recipe/cml1.bbclass +++ b/meta/classes-recipe/cml1.bbclass @@ -53,7 +53,7 @@ python do_menuconfig() { # ensure that environment variables are overwritten with this tasks 'd' values d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR") - oe_terminal("sh -c \"make %s; if [ \\$? -ne 0 ]; then echo 'Command failed.'; printf 'Press any key to continue... '; read r; fi\"" % d.getVar('KCONFIG_CONFIG_COMMAND'), + oe_terminal("sh -c 'make %s; if [ \\$? -ne 0 ]; then echo \"Command failed.\"; printf \"Press any key to continue... \"; read r; fi'" % d.getVar('KCONFIG_CONFIG_COMMAND'), d.getVar('PN') + ' Configuration', d) # FIXME this check can be removed when the minimum bitbake version has been bumped