From patchwork Sat Nov 11 15:02:50 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34296
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F362CC4167B
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:23 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.52959.1699714993960498332
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=q0J+GTmM;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-1cc1e1e74beso27053075ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699714992;
 x=1700319792; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iNOpgxyGx/G0HaosL/4bSriIk0If/lLzri6xdNhq09c=;
        b=q0J+GTmMxZh+vuloz2RVPHLNsiA6nistAaroz1IMjniHoXrhQjxtJq0z17Xss/zLyP
         huLTRdx0AmsQ179E2ZC5EoZNReaGWRcgKsUUR5EwS4s5NTYvTVa7ZzJs5bizWtrBD9Mj
         soBDvsXS4+9DrDjqnJSkNqpMfsmERpoZdn3Yh9LkiEqI1Ki3WEdS69POXJ3n23dkTAVh
         xf8egzmXBV4h1tngc5ODnQ6w+SgelVPn2gpjOPCy9RjpOsmLuFi1Y/O9AJUDzZ1J/nRB
         8/h59RvxhcMVmTR4m+td/QhmOpBQe2U9q9EaefRYz0k1qEI8jJ1JX1x09kMNiYz2YasT
         gtGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699714992; x=1700319792;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iNOpgxyGx/G0HaosL/4bSriIk0If/lLzri6xdNhq09c=;
        b=EwIk+X61AwnDnvFynsSDqD/eP1Np8KgNyMM1wJP8CFPLXTNc1dQbyjGltEs5Vs/cwB
         CEZD8So6XpHCgNf8cgQUfq1ZyKIwsCKDte5WyagQpnWxutK2QQ7ozWUlnWGLi6+33C7K
         RA2+NM6JLVXmzmYzDtduXtfhJ1no+BVDV2qtpgqSrv+naQhmws0TA8+WO7cL9eWqyOZF
         t6yAbxlQzzyooBUSAim3QHxb+bKZRvLPg+gfqJes8B0xhv2iFaiGBVN3Pm1NUQK9+Ll5
         qyv3eWQNa+kSz4fr/pzJpz+3Or7Y1x0D85lfF28nLa0JZULMz6NlTy+i6DkMrRoYK4tQ
         4dAA==
X-Gm-Message-State: AOJu0YzX3I1REpZdz/VDgVoxk09ET0PGw/iRzPkG/EpSSiwAp9gRbtKM
	d5qq8WLhP8fkKw+wbt5i4n2+s/+UT4QOTs7ChiA6mw==
X-Google-Smtp-Source: 
 AGHT+IGz4ofFjpUrII/0+B4xYqcO2u4vO4sPn4prgQT/VlS4wW/ixz1GFGHAPjVSvB2QudtBTklW8A==
X-Received: by 2002:a17:902:ceca:b0:1cc:5691:5113 with SMTP id
 d10-20020a170902ceca00b001cc56915113mr2948934plg.26.1699714992446;
        Sat, 11 Nov 2023 07:03:12 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.11
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:12 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 01/15] kexec-tools: Ignore Fedora/RedHat specific
 CVE-2021-20269
Date: Sat, 11 Nov 2023 05:02:50 -1000
Message-Id: 
 <d34567be6e87afdec55973f8f75be8d44b4acd1b.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190416

From: Lee Chee Yang <chee.yang.lee@intel.com>

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
index 871b36440f..206c6ccae7 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
@@ -30,6 +30,9 @@ inherit autotools update-rc.d systemd
 export LDFLAGS = "-L${STAGING_LIBDIR}"
 EXTRA_OECONF = " --with-zlib=yes"
 
+# affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
+CVE_CHECK_WHITELIST += "CVE-2021-20269"
+
 do_compile_prepend() {
     # Remove the prepackaged config.h from the source tree as it overrides
     # the same file generated by configure and placed in the build tree

From patchwork Sat Nov 11 15:02:51 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34297
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F2841C4332F
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:23 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web10.52961.1699714995737279629
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:15 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=mjAOTlSo;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-1cc58219376so27051615ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699714994;
 x=1700319794; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FB1rDZKdIyjbZSl67obGJQ9hecyACJqy+Nmr5tVmiRE=;
        b=mjAOTlSoaUXTPmlezz22Q8hZ3mNRmc+pq2AI/qNgDe5zMHgyYexzaSEHQlcu2aiAAz
         T7LyNNYi/fEuioDM5TAwzJZukln3ZJ+5sLo0rTg6VMsG9kQ1305ZzWSrgOgwixCzk5mJ
         FWBIfuhuZR+ORCp0KWogngI2vLxktodbyFaXmIJun1i9VPwuPf/wSwnQHpeOw9oXpuGD
         JaPUYGKvyDeo94nZvTxk6QctY6R5NBuTdwPLmcSOcbxKSJ/IqfSSxBr7kX2mCz5fJPtY
         cW8PPIhI4syStjgF8DCrHQxeyrMQV1aWXrKvdUUu/RtlO8hwmqXMpchz2/3Ozheq48GV
         CyoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699714994; x=1700319794;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=FB1rDZKdIyjbZSl67obGJQ9hecyACJqy+Nmr5tVmiRE=;
        b=Ijwh+715eBOG1wu8BMUkY6JJvjBoHnR5k0LodmAQ79RwpeMMSir2hD9BP436B5ao9N
         6xCjhVb3K1DOHLjqR+6Lmj2MY0Ggy7eE68bJ9pS9TWjywEvxj3xVll8UgPu34hFcp5xR
         QN0oioZMGirzfoUMz/LW9cZ0zNiCdTbOfKKtDnH931SOmboW5O9IOUnekBBqUYhipxOI
         sKENORxwHGuh36GyhwdoRwh7kvEiZKNkQe9+O6IT5Aft9UQeVB/o+nEHGqvbyrm+Yx2C
         TGLZ87+dpGgD7kdSpkStBnz610YrqjmSECHI/C9wSSxKZDKVLX+3L53PXRToKEALqHOy
         v2Hw==
X-Gm-Message-State: AOJu0Yw9ZGQ8CJwsHUpv1NO+AVvYsGFiKLTINEzBbSRY90mp189EhyhL
	eLWJoje5pcvkNwD3T3ZiAcZDPvgPTQYeAw66ye9AAA==
X-Google-Smtp-Source: 
 AGHT+IH6jTxXgOlnH7kyxqiUePEUKsclCjIaeWY4Kom7d+im1q9sbzJI94vCtGSDXwXh+992FWICvA==
X-Received: by 2002:a17:903:278b:b0:1cc:686a:4120 with SMTP id
 jw11-20020a170903278b00b001cc686a4120mr2502564plb.55.1699714994427;
        Sat, 11 Nov 2023 07:03:14 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:14 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 02/15] tiff: CVE patch correction for CVE-2023-3576
Date: Sat, 11 Nov 2023 05:02:51 -1000
Message-Id: 
 <56088368bdd22a939b813c7aefd5ba475c6d4021.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190417

From: Vijay Anusuri <vanusuri@mvista.com>

- The commit [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
fixes CVE-2023-3576
- Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch
- Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576
             https://security-tracker.debian.org/tracker/CVE-2023-3618

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch}      | 3 ++-
 .../files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch}      | 0
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb                 | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} (93%)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} (100%)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
similarity index 93%
rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
index 35ed852519..67837fe142 100644
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
@@ -4,8 +4,9 @@ Date: Tue, 7 Mar 2023 15:02:08 +0800
 Subject: [PATCH] Fix memory leak in tiffcrop.c
 
 Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
-CVE: CVE-2023-3618
+CVE: CVE-2023-3576
 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
 ---
  tools/tiffcrop.c | 7 ++++++-
  1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
similarity index 100%
rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch
rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 6df4244697..d27381b4cd 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -43,8 +43,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-26966.patch \
            file://CVE-2023-2908.patch \
            file://CVE-2023-3316.patch \
-           file://CVE-2023-3618-1.patch \
-           file://CVE-2023-3618-2.patch \
+           file://CVE-2023-3576.patch \
+           file://CVE-2023-3618.patch \
           "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"

From patchwork Sat Nov 11 15:02:52 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34298
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 199AEC4167D
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:24 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web11.53359.1699714997844278449
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:17 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=EzTQlA1L;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-1cc938f9612so20980635ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699714996;
 x=1700319796; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=v4Xwa6amq7gvdpVEjohCCw5Gbba03O0wSQwv9U8y4JM=;
        b=EzTQlA1LJ4ghUbcOgwP6gzH52RJ6pdppYWLSWaBtqGidqKZoW9YbxwmZqaUAem30eS
         q6aBQzJV/Opsm1XXwl2uwHKMnUG+9NgxYvZvKDo4AK5LX7V2Hpx0vKHCmb78WRDUng35
         ciacCKdpabAJeBNUWFyRqdz/XMKDmV76aUkORvjKYXmTz9Rv9CknRJziP8K6M+Bd03su
         VAmFAfjgYrHnObzjfWCYlSq8zbUMhyyLH7mHxTM2LIZoDYncaK6rrWsBpu+iHk3+dvue
         Z35Gxo6XwYXgbGbSUQ/XjeW/vPpoq/mw+H9JZIMCW2+Jq3XWLBTIkXf8ezXBBBcnYA8w
         lHNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699714996; x=1700319796;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=v4Xwa6amq7gvdpVEjohCCw5Gbba03O0wSQwv9U8y4JM=;
        b=Z0xHU5xLL7Ashevjf5cStRe9n7qHn55+BgU8ZVfE5bqCsQe9GDF1VsUmTLekSypf6J
         on0YXcoD14H3LEtKNULJlBLAUs5/4hk4/EDY75GTQ0yw17op1gf6sEgugywQdfbwcqCS
         xuwlVpTU26eykRJyAssNsEZERzkvnb3HsmWMUQBbr0DxzYczfvPB0LtZLnTMyi4UykCd
         s5S9OjiAWDRZ2ULy/+EBEZMqLpYXUcsMPOPofeTjFyXWZa+Rl7C7gug+l8ft2J5L7605
         H+LZxTeDg3g/5WGEpn8p7sH8lZaO497hu/rfIPGpzU8uH/EPm4YNHC+adufcuiMODqUq
         Lzeg==
X-Gm-Message-State: AOJu0YzWzXHvNPrPq+avK8Oh8qt6bMbhACn4J1rdE5hW/96aRsFcQHH/
	GT4zOkwwQCuJUWzqPaCdEQWfGxEoVSNCLN18woKwQQ==
X-Google-Smtp-Source: 
 AGHT+IH2ytWnc6JBpdP6E4hqs/g+wnr+pQsaimfnWJfJ+1N5nqxK36MzcrMKKg8CFIN27HTSxdNFUA==
X-Received: by 2002:a17:902:e5c7:b0:1cc:5db8:7e92 with SMTP id
 u7-20020a170902e5c700b001cc5db87e92mr2137256plf.58.1699714996313;
        Sat, 11 Nov 2023 07:03:16 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.15
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:15 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 03/15] glibc: ignore CVE-2023-4527
Date: Sat, 11 Nov 2023 05:02:52 -1000
Message-Id: 
 <d298a116ac7e9c7546f3ffc046bc807c2de19469.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190418

From: Peter Marko <peter.marko@siemens.com>

This vulnerability was introduced in 2.36, so 2.31 is not vulnerable.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc_2.31.bb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 1862586749..8298088323 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -29,6 +29,13 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010025"
 # https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b
 CVE_CHECK_WHITELIST += "CVE-2021-35942"
 
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527
+# This vulnerability was introduced in 2.36 by commit
+# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option
+# so our version is not yet vulnerable
+# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+CVE_CHECK_WHITELIST += "CVE-2023-4527"
+
 DEPENDS += "gperf-native bison-native make-native"
 
 NATIVESDKFIXES ?= ""

From patchwork Sat Nov 11 15:02:53 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34301
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A31EC072DD
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:24 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web11.53360.1699714999637083317
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:19 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=MA6EygJM;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-1cc30bf9e22so23476315ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699714999;
 x=1700319799; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=R3FJNE8zed0vi1qefQeftmhh9TCmdjxbYyejRWAuxGQ=;
        b=MA6EygJMfAQMNMnt/XUN7PGq+jJ5AIX7mpHijOqjMX7Zo4UJlK8GWpJBJDZVh3s54e
         P07w1msmziecFwOSxBPmpuPzuEQot91tqWSkQkwEodifa/UfeLYxuHrHEIiXAulD6VSO
         FhtuKNcn5FPaoDUMQBqXCKGW1lUhya2TbmrfzivmFvOpEgCMIpalPER7X7XQYAWivh5a
         DKQFbihCnoMQRL+0lolbPl5+PsaJGQF5G2KLWP1TemPyot/mmW2S0Kcu9OwlA5lkGnBG
         RwgP9YNomnH0EtH8wjCdKfGJQT82wDVzu7ceNCeUUvoxN+oK52/omGARWtu2oPc+bHmX
         W8qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699714999; x=1700319799;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=R3FJNE8zed0vi1qefQeftmhh9TCmdjxbYyejRWAuxGQ=;
        b=rUiIxd7FeWdm4nNdnSoHTkbv09HH+WXDARddtt2w3sZjgQQyGNXRVO5O8yI4yQhnEn
         Gp1G26ZWr35vq43bS/cc0DdPJLWSPzl8/K8BjYM27TduTYBF05vK/jQ8sHFV6DOJSJZf
         NIBRT3SPbmc49G9TYB63papPTA2QB+uI5FMff/Awu+Ticm6GQOc2xtrzaEdBWrZq63UH
         Lvzbe69tIEkOZWscMiUIyC8UrXlvq4nuM6Va7l1vn1QIN1XtV3SZ3CMRLVoNta0xBkEy
         PJGEH+k18wYbaMB62XdTWmmibg0VN7l+IfUHdNOiu9EM4cXCSPtOEaNN2lvgUxL/ifgZ
         ta0A==
X-Gm-Message-State: AOJu0YxRBd/QVvPgWmwx2ywHEmL5sfrFCXp//RZk7+V5sTCegt2BX9hb
	snwiP8yZpCoaWYbSIxve5hOU/FQMW4dVN+PixmeDmg==
X-Google-Smtp-Source: 
 AGHT+IHw2mlcZ+SGupjRCZF+ScrZ7TF9Z3nuUSxRki5ZezLQKB1TpYpvfmk1BQD4eZbPPmxUrP9sPw==
X-Received: by 2002:a17:902:c412:b0:1cc:436f:70c2 with SMTP id
 k18-20020a170902c41200b001cc436f70c2mr3498503plk.9.1699714998578;
        Sat, 11 Nov 2023 07:03:18 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.17
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:18 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 04/15] libwebp: Fix CVE-2023-4863
Date: Sat, 11 Nov 2023 05:02:53 -1000
Message-Id: 
 <7e6f1a771785b7d1bb9ab8b9c00e71c4ef71f631.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190419

From: Soumya Sambu <soumya.sambu@windriver.com>

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.

Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.

CVE: CVE-2023-4863

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...23-5129.patch => CVE-2023-4863-0001.patch} | 27 ++++------
 .../webp/files/CVE-2023-4863-0002.patch       | 53 +++++++++++++++++++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |  3 +-
 3 files changed, 66 insertions(+), 17 deletions(-)
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (95%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
similarity index 95%
rename from meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
rename to meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
index ffff068c56..419b12f7d9 100644
--- a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
@@ -1,7 +1,7 @@
-From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001
+From 902bc9190331343b2017211debcec8d2ab87e17a Mon Sep 17 00:00:00 2001
 From: Vincent Rabaud <vrabaud@google.com>
 Date: Thu, 7 Sep 2023 21:16:03 +0200
-Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+Subject: [PATCH 1/2] Fix OOB write in BuildHuffmanTable.
 
 First, BuildHuffmanTable is called to check if the data is valid.
 If it is and the table is not big enough, more memory is allocated.
@@ -12,16 +12,11 @@ codes) streams are still decodable.
 Bug: chromium:1479274
 Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
 
-Notice that it references different CVE id:
-https://nvd.nist.gov/vuln/detail/CVE-2023-5129
-which was marked as a rejected duplicate of:
-https://nvd.nist.gov/vuln/detail/CVE-2023-4863
-but it's the same issue. Hence update CVE ID CVE-2023-4863
+CVE: CVE-2023-4863
 
-CVE: CVE-2023-5129 CVE-2023-4863
-Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
-Signed-off-by: Colin McAllister <colinmca242@gmail.com>
-Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
 ---
  src/dec/vp8l_dec.c        | 46 ++++++++++---------
  src/dec/vp8li_dec.h       |  2 +-
@@ -30,7 +25,7 @@ Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
  4 files changed, 129 insertions(+), 43 deletions(-)
 
 diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
-index 93615d4e..0d38314d 100644
+index 93615d4..0d38314 100644
 --- a/src/dec/vp8l_dec.c
 +++ b/src/dec/vp8l_dec.c
 @@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
@@ -178,7 +173,7 @@ index 93615d4e..0d38314d 100644
    assert(dec->hdr_.num_htree_groups_ > 0);
  
 diff --git a/src/dec/vp8li_dec.h b/src/dec/vp8li_dec.h
-index 72b2e861..32540a4b 100644
+index 72b2e86..32540a4 100644
 --- a/src/dec/vp8li_dec.h
 +++ b/src/dec/vp8li_dec.h
 @@ -51,7 +51,7 @@ typedef struct {
@@ -191,7 +186,7 @@ index 72b2e861..32540a4b 100644
  
  typedef struct VP8LDecoder VP8LDecoder;
 diff --git a/src/utils/huffman_utils.c b/src/utils/huffman_utils.c
-index 0cba0fbb..9efd6283 100644
+index 0cba0fb..9efd628 100644
 --- a/src/utils/huffman_utils.c
 +++ b/src/utils/huffman_utils.c
 @@ -177,21 +177,24 @@ static int BuildHuffmanTable(HuffmanCode* const root_table, int root_bits,
@@ -322,7 +317,7 @@ index 0cba0fbb..9efd6283 100644
 +  }
 +}
 diff --git a/src/utils/huffman_utils.h b/src/utils/huffman_utils.h
-index 13b7ad1a..98415c53 100644
+index 13b7ad1..98415c5 100644
 --- a/src/utils/huffman_utils.h
 +++ b/src/utils/huffman_utils.h
 @@ -43,6 +43,29 @@ typedef struct {
@@ -367,5 +362,5 @@ index 13b7ad1a..98415c53 100644
  
  #ifdef __cplusplus
 -- 
-2.34.1
+2.40.0
 
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
new file mode 100644
index 0000000000..c1eedb6100
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
@@ -0,0 +1,53 @@
+From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud <vrabaud@google.com>
+Date: Mon, 11 Sep 2023 16:06:08 +0200
+Subject: [PATCH 2/2] Fix invalid incremental decoding check.
+
+The first condition is only necessary if we have not read enough
+(enough being defined by src_last, not src_end which is the end
+of the image).
+The second condition now fits the comment below: "if not
+incremental, and we are past the end of buffer".
+
+BUG=oss-fuzz:62136
+
+Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
+
+CVE: CVE-2023-4863
+
+Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/dec/vp8l_dec.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 0d38314..684a5b6 100644
+--- a/src/dec/vp8l_dec.c
++++ b/src/dec/vp8l_dec.c
+@@ -1237,9 +1237,20 @@ static int DecodeImageData(VP8LDecoder* const dec, uint32_t* const data,
+   }
+
+   br->eos_ = VP8LIsEndOfStream(br);
+-  if (dec->incremental_ && br->eos_ && src < src_end) {
++  // In incremental decoding:
++  // br->eos_ && src < src_last: if 'br' reached the end of the buffer and
++  // 'src_last' has not been reached yet, there is not enough data. 'dec' has to
++  // be reset until there is more data.
++  // !br->eos_ && src < src_last: this cannot happen as either the buffer is
++  // fully read, either enough has been read to reach 'src_last'.
++  // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go
++  // beyond 'src_last' in case the image is cropped and an LZ77 goes further.
++  // The buffer might have been enough or there is some left. 'br->eos_' does
++  // not matter.
++  assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last);
++  if (dec->incremental_ && br->eos_ && src < src_last) {
+     RestoreState(dec);
+-  } else if (!br->eos_) {
++  } else if ((dec->incremental_ && src >= src_last) || !br->eos_) {
+     // Process the remaining rows corresponding to last row-block.
+     if (process_func != NULL) {
+       process_func(dec, row > last_row ? last_row : row);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/webp/libwebp_1.1.0.bb b/meta/recipes-multimedia/webp/libwebp_1.1.0.bb
index 27c5d92c92..88c36cb76c 100644
--- a/meta/recipes-multimedia/webp/libwebp_1.1.0.bb
+++ b/meta/recipes-multimedia/webp/libwebp_1.1.0.bb
@@ -21,7 +21,8 @@ UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html"
 
 SRC_URI += " \
     file://CVE-2023-1999.patch \
-    file://CVE-2023-5129.patch \
+    file://CVE-2023-4863-0001.patch \
+    file://CVE-2023-4863-0002.patch \
 "
 
 EXTRA_OECONF = " \

From patchwork Sat Nov 11 15:02:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34300
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B4F9C41535
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:24 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.52964.1699715002077416170
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=3WWrvDQx;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-1cc3542e328so23548115ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715001;
 x=1700319801; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4e44cLhcXml4x69mZ5XNAr/6o64pHStDuF8PMv1pW4Q=;
        b=3WWrvDQxeaBa+uSI/zT/6lVqtdvvcU9QuYR+38vaojJ7p4T0/HpPN/4MWADdmatkii
         y9JWIJ6q/jv+P6kVAwYX6sprmE+4Vc6MRiDdJDxQspGu3vOMUWvndeA5yXtRujLryYmX
         mofFiNCphQ2Z+97HuCk19NCeH14UGOrGtJAXCpCsjQis/ghPO04efNxqz0vOasOdTG0W
         uWVklAsT0P2Gog/4cHsQZyGKMH6XkXfmTlSJdYJbL1UWYe4QsclmrxbBxnkqU+L95UQf
         aG+46zRLBGARGezXgCUF03ZgHWge1FXKPAXx7bFga/of/fzU3cpwCDBTt1R6tTGLJghX
         /eUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715001; x=1700319801;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4e44cLhcXml4x69mZ5XNAr/6o64pHStDuF8PMv1pW4Q=;
        b=Y5cL3NnZ2KgQIg+97bcmwazsSAKGBSwEDOTu7AybIESCcLPL2vMgCRAt2BEwlFEL7c
         /jEsmGJUusW5Ag4o9HrXpUerZdspnONTUGdVjlzlLOYOECHlqHzLpa0u01ADwCXJPs9i
         5mLmgAt3i7aBS7qn14jSc2mo/xXU5APzGKuy0BDL8xIMPaKEaa1WdYlTNZrEXg+We9fu
         cx61TLRRdvfe/WplTdVkVC7qE2vgCOngpKRcTP2BMNInjmY7TLTgyw/smOW+KnZHK4fo
         Eh7SfISFlZjLuQe/lQzz84kcj3Whhdu5/XuAL4xleJryVOAKe3bqgElV6+SYnE+LRGvk
         oeWw==
X-Gm-Message-State: AOJu0Yy80RGUj938cQcc2JTrM0907+Why56mXAnIZllxd4LtCpR6aU+e
	OjYFKnEKLAgsGSXzrEp7u1Fgycy5km0G/PwWLezhig==
X-Google-Smtp-Source: 
 AGHT+IFIDj+uCnpfAZjJ1BP/SdQaV5BDyIgusUcV/bTaAXLiUveo1qhpLKpVUg1WaBEmBopqWERmFg==
X-Received: by 2002:a17:903:11cd:b0:1cc:7ebe:4db6 with SMTP id
 q13-20020a17090311cd00b001cc7ebe4db6mr2124689plh.39.1699715000503;
        Sat, 11 Nov 2023 07:03:20 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:20 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 05/15] tiff: Security fix for CVE-2023-40745
Date: Sat, 11 Nov 2023 05:02:54 -1000
Message-Id: 
 <19d070e69d2ab683225a0779d75d111cf40d5e5d.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190420

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/files/CVE-2023-40745.patch        | 34 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
new file mode 100644
index 0000000000..6eb286039f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
@@ -0,0 +1,34 @@
+From 4fc16f649fa2875d5c388cf2edc295510a247ee5 Mon Sep 17 00:00:00 2001
+From: Arie Haenel <arie.haenel@jct.ac.il>
+Date: Wed, 19 Jul 2023 19:34:25 +0000
+Subject: [PATCH] tiffcp: fix memory corruption (overflow) on hostile images
+ (fixes #591)
+
+Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5]
+CVE: CVE-2023-40745
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 83b3910..007bd05 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1437,6 +1437,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ 		TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ 		return 0;
+ 	}
++
++	if ( (imagew - tilew * spp) > INT_MAX ){
++        TIFFError(TIFFFileName(in),
++                  "Error, image raster scan line size is too large");
++        return 0;
++	}
++
+ 	iskew = imagew - tilew*spp;
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index d27381b4cd..31e7db19aa 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -45,6 +45,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-3316.patch \
            file://CVE-2023-3576.patch \
            file://CVE-2023-3618.patch \
+           file://CVE-2023-40745.patch \
           "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"

From patchwork Sat Nov 11 15:02:55 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34299
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B002C072AB
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:24 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web10.52965.1699715003746938728
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=wDaG7xeU;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-1cc68c1fac2so26573135ad.0
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715002;
 x=1700319802; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WkZK9M5tj2KC2wgtvXppRw+ZgeYvryLLhaSDeXXceBU=;
        b=wDaG7xeUV9z9K2TsalkVuf+FWyfO9KuTbn4K/y2W9RMchkjRyEZLesciA4uCtvx9m/
         X4Y+XCcaLgWIP/Uu5PcnYDK3Vz6GrzJWy6R5IGmfWNPvEBd2hU3WUVkPzB+M942YiVu0
         odB4zOVImI+x2+sWE8iPThiCyp7bEyH9NRajp2OJpZZbz7hO66K8trxCTagxx8Cq/nBE
         TtfWWqcqCCliprCwUO067DzF2VV2pzVOWJUU0PyY01hzNaL96owED2sBvxfVGPlL+/zI
         pgcXnGWlA+ZS8DdPchSaLx8c4IkDYswaEA9rGIT3AV0Oyn5ir7uL/X2sNIoDf9nGkuhq
         480A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715002; x=1700319802;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=WkZK9M5tj2KC2wgtvXppRw+ZgeYvryLLhaSDeXXceBU=;
        b=qnaL1oZrBSp992bKNog01HkGKFP9E2UdwC5Yo4gJC+i0fUNfmKqrsfawLySSzmO8tL
         znhMWVcsPwp9oMB60JlW2gbGz8Vv8n8w79ez79QORsAxv4k0wYW22/a9mD24K0/3XULE
         X/i5iJmDHdUlEgSdt8D/9JTm19CXJqNgl2gHly3cz0Y0OcW3MyJL9k/MsyRyZlHeozjU
         /KoE1HPHNDNOR5Nr68nKK5NIzDtpWVhGhwCdSTu3/6YqFrTPhCpaz2NGotmpaWPwpTO1
         chPS9PFVenot52qWut31ycvwee9Kuv1Qr58WLpce3eRoztR55IjPq4xge/udPWZ/gseq
         ujrw==
X-Gm-Message-State: AOJu0YyzijqiSKgONmkLCBPl14su6TaR2wHIMMRVFkZukYpRZFInUiZB
	/q5LX0PyfyY9U+TFQTOA9UuPyz2ryTibYDyB87l3zw==
X-Google-Smtp-Source: 
 AGHT+IG3l4HHkg4/AYSpYymvLkR7ckZGFcTWh1zP2+2OpncV7comLVMF9w+iGIEA+abXqocMD0vx5Q==
X-Received: by 2002:a17:902:ecc5:b0:1cc:bfb4:2db8 with SMTP id
 a5-20020a170902ecc500b001ccbfb42db8mr3059118plh.55.1699715002395;
        Sat, 11 Nov 2023 07:03:22 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:22 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 06/15] zlib: Backport fix for CVE-2023-45853
Date: Sat, 11 Nov 2023 05:02:55 -1000
Message-Id: 
 <37daba797d27bd980874e9a633863ba711bfb63f.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190421

From: Ashish Sharma <asharma@mvista.com>

Upstream-Status: Backport from [https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../zlib/zlib/CVE-2023-45853.patch            | 40 +++++++++++++++++++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch

diff --git a/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
new file mode 100644
index 0000000000..654579eb81
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
@@ -0,0 +1,40 @@
+From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
+From: Hans Wennborg <hans@chromium.org>
+Date: Fri, 18 Aug 2023 11:05:33 +0200
+Subject: [PATCH] Reject overflows of zip header fields in minizip.
+
+This checks the lengths of the file name, extra field, and comment
+that would be put in the zip headers, and rejects them if they are
+too long. They are each limited to 65535 bytes in length by the zip
+format. This also avoids possible buffer overflows if the provided
+fields are too long.
+
+Upstream-Status: Backport from [https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]
+CVE: CVE-2023-45853
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+---
+ contrib/minizip/zip.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
+index 3d3d4cadd..0446109b2 100644
+--- a/contrib/minizip/zip.c
++++ b/contrib/minizip/zip.c
+@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
+       return ZIP_PARAMERROR;
+ #endif
+ 
++    // The filename and comment length must fit in 16 bits.
++    if ((filename!=NULL) && (strlen(filename)>0xffff))
++        return ZIP_PARAMERROR;
++    if ((comment!=NULL) && (strlen(comment)>0xffff))
++        return ZIP_PARAMERROR;
++    // The extra field length must fit in 16 bits. If the member also requires
++    // a Zip64 extra block, that will also need to fit within that 16-bit
++    // length, but that will be checked for later.
++    if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
++        return ZIP_PARAMERROR;
++
+     zi = (zip64_internal*)file;
+ 
+     if (zi->in_opened_file_inzip == 1)
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index e2fbc12bd8..910fc2ec17 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
            file://CVE-2018-25032.patch \
            file://run-ptest \
 	    file://CVE-2022-37434.patch \
+           file://CVE-2023-45853.patch \
            "
 UPSTREAM_CHECK_URI = "http://zlib.net/"
 

From patchwork Sat Nov 11 15:02:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34306
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 21733C4167B
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:34 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web10.52966.1699715005903663745
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=h5HF+xKI;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-1cc3bb32b5dso26316945ad.3
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715004;
 x=1700319804; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Hh5KHdPyOA7JZ7bycJ6zu8PT5TrYagKQSroxW98XfPI=;
        b=h5HF+xKIW8jGkmVwraBVpGNTmuxxB07oPLChF+H4V2I0i2IdGSJQ3z2hr+lNlKpGYq
         gNkaCidmQmmRX/3QDVrLGC5mSZasrFb0BIKMgHtwapp6jjyWpvDZ5gaEayLdLUOGNEMU
         8swBWeizMNds+SJQVpu9zlpIPUNuo3GIb0DDaAIQM1Lr6TvqyMYzf02hkVAWgd693oan
         bs4uqP42WJHb7yZQJEL7t9kq7iu1fuYfxmFkc1mJ8spkPIGSH/auoxUmGfU2fd6WEzpP
         8s+MVkVtVnmKZY6YX7Qf9BjqNFNp6J9u7K55Cw+SjwxsGkeRBeN55GtVR/uVerzoxH67
         iNcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715004; x=1700319804;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Hh5KHdPyOA7JZ7bycJ6zu8PT5TrYagKQSroxW98XfPI=;
        b=mVdkFZnBtX6lH8ZyQuv90/gGLm7d6O10qZ9NtpaKoCdg0VQ6D2gljmVApob5P5py2m
         0RSdc/IvsfHSarMdSoP2Upo9IMdhezoRLmlvSjvgwYtn1lCIUTLd8kWB2C5On0b8nqQ8
         0LiJB7xxIJ3DffPB7ImsqBtrmqESvhv0I1HIUuhiXTKJSHAkrPvzos3XIvIk87gG71X3
         IeqMO3JGMCJLqYGtybM3NrTLjRX3H1rPP2MEm7UzPnhBF3rWRSCFX1E9W4d74cVS8LnO
         I9YO0dE2erKW5WXUl3F3RWhgW4geAsiS7uiBrSfgZNk7kL1gPGuJ4FLRiQGWqDdBgUq+
         UuoA==
X-Gm-Message-State: AOJu0YwK8YPWO2ySzeB3YW/1ZL+RIsPIA2B67yaGuXqH5xriJaioT3q5
	s8H6DaiftMdyhzavlE/S3JoPePmq+kqLu5Suj+kVtg==
X-Google-Smtp-Source: 
 AGHT+IHEiVQereguXKe1ynYDfF2NaS+5SnM99dbWLgS1wzdQk5s96g8X9DP+MUHYrQGU3UZJfOyCBA==
X-Received: by 2002:a17:902:a9cb:b0:1cc:ef37:663e with SMTP id
 b11-20020a170902a9cb00b001ccef37663emr2349762plr.20.1699715004361;
        Sat, 11 Nov 2023 07:03:24 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.23
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:24 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 07/15] Revert "qemu: Backport fix for
 CVE-2023-0330"
Date: Sat, 11 Nov 2023 05:02:56 -1000
Message-Id: 
 <abc0869c96e810f840a66bbd1ae1c4e3115773c8.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190422

This reverts commit 45ce9885351a2344737170e6e810dc67ab3e7ea9.

Unfortunately this backport results in qemuarmv5 failing to boot with
a qemu lsi hw error.

[YOCTO #15274]

See discussion: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15274

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |   3 +-
 ...-2023-0330_1.patch => CVE-2023-0330.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch           | 135 ------------------
 3 files changed, 1 insertion(+), 137 deletions(-)
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => CVE-2023-0330.patch} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e6b26aba88..a24915c35c 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -137,8 +137,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2021-3409-4.patch \
            file://CVE-2021-3409-5.patch \
            file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
-           file://CVE-2023-0330_1.patch \
-           file://CVE-2023-0330_2.patch \
+           file://CVE-2023-0330.patch \
            file://CVE-2023-3354.patch \
 	   file://CVE-2023-3180.patch \
            file://CVE-2020-24165.patch \
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch
rename to meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
deleted file mode 100644
index 3b45bc0411..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Thu, 27 Apr 2023 17:10:06 -0400
-Subject: [PATCH] memory: prevent dma-reentracy issues
-
-Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
-This flag is set/checked prior to calling a device's MemoryRegion
-handlers, and set when device code initiates DMA.  The purpose of this
-flag is to prevent two types of DMA-based reentrancy issues:
-
-1.) mmio -> dma -> mmio case
-2.) bh -> dma write -> mmio case
-
-These issues have led to problems such as stack-exhaustion and
-use-after-frees.
-
-Summary of the problem from Peter Maydell:
-https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
-Resolves: CVE-2023-0330
-
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Thomas Huth <thuth@redhat.com>
-Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
-[thuth: Replace warn_report() with warn_report_once()]
-Signed-off-by: Thomas Huth <thuth@redhat.com>
-
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380]
-CVE: CVE-2023-0330
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
----
- include/exec/memory.h  |  5 +++++
- include/hw/qdev-core.h |  7 +++++++
- memory.c               | 16 ++++++++++++++++
- 3 files changed, 28 insertions(+)
-
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index 2b8bccdd..0c8cdb8e 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -378,6 +378,8 @@ struct MemoryRegion {
-     bool is_iommu;
-     RAMBlock *ram_block;
-     Object *owner;
-+    /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */
-+    DeviceState *dev;
- 
-     const MemoryRegionOps *ops;
-     void *opaque;
-@@ -400,6 +402,9 @@ struct MemoryRegion {
-     const char *name;
-     unsigned ioeventfd_nb;
-     MemoryRegionIoeventfd *ioeventfds;
-+
-+    /* For devices designed to perform re-entrant IO into their own IO MRs */
-+    bool disable_reentrancy_guard;
- };
- 
- struct IOMMUMemoryRegion {
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index 1518495b..206f0a70 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -138,6 +138,10 @@ struct NamedGPIOList {
-     QLIST_ENTRY(NamedGPIOList) node;
- };
- 
-+typedef struct {
-+    bool engaged_in_io;
-+} MemReentrancyGuard;
-+
- /**
-  * DeviceState:
-  * @realized: Indicates whether the device has been fully constructed.
-@@ -163,6 +167,9 @@ struct DeviceState {
-     int num_child_bus;
-     int instance_id_alias;
-     int alias_required_for_version;
-+
-+    /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
-+    MemReentrancyGuard mem_reentrancy_guard;
- };
- 
- struct DeviceListener {
-diff --git a/memory.c b/memory.c
-index 8cafb86a..94ebcaf9 100644
---- a/memory.c
-+++ b/memory.c
-@@ -531,6 +531,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
-         access_size_max = 4;
-     }
- 
-+    /* Do not allow more than one simultaneous access to a device's IO Regions */
-+    if (mr->dev && !mr->disable_reentrancy_guard &&
-+	!mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
-+	if (mr->dev->mem_reentrancy_guard.engaged_in_io) {
-+	    warn_report_once("Blocked re-entrant IO on MemoryRegion: "
-+			     "%s at addr: 0x%" HWADDR_PRIX,
-+			     memory_region_name(mr), addr);
-+	    return MEMTX_ACCESS_ERROR;
-+	}
-+	mr->dev->mem_reentrancy_guard.engaged_in_io = true;
-+    }
-+
-     /* FIXME: support unaligned access? */
-     access_size = MAX(MIN(size, access_size_max), access_size_min);
-     access_mask = MAKE_64BIT_MASK(0, access_size * 8);
-@@ -545,6 +557,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
-                         access_mask, attrs);
-         }
-     }
-+    if (mr->dev) {
-+	mr->dev->mem_reentrancy_guard.engaged_in_io = false;
-+    }
-     return r;
- }
- 
-@@ -1132,6 +1147,7 @@ static void memory_region_do_init(MemoryRegion *mr,
-     }
-     mr->name = g_strdup(name);
-     mr->owner = owner;
-+    mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
-     mr->ram_block = NULL;
- 
-     if (name) {
--- 
-2.25.1
-

From patchwork Sat Nov 11 15:02:57 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34303
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 29567C072AB
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:34 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.53366.1699715007426633164
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Vk8x2665;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-1cc3388621cso30567405ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715006;
 x=1700319806; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=21gGbJWd0Lovjp8ezUVuuKPIEtQXFSqOb+Huh5281Tk=;
        b=Vk8x2665qqNx3f2NK5IxUf304rTw72t9NJqT7jxpU1DQv/Z3qfk1Fm6t1L/CjVCDFb
         4JwW0GVPKz0bUydY5Ha9sdetyMzeAXDaYuqPTrBZsO48E/Y1HzsWmj97kRHQi4iar5ll
         OPcrVz8vKZnt48rXoN2RZNDP2w24bPk4IB3WvRwsZBqDrFZ6hKXO8/4F4h45HkUwLfWQ
         ziw8qCJuXOJZ5WvnqIFzw7Wnu3Ram5Z02ctK/oDTLhqh8zKmCdJ95C8Gi3SuWpNYj6j1
         IzwUUK5CC2nA1KfR3vsVyvZAVpOpcmuJWBJwiCP2hNSqBcQAwOtCEvetbqDL8XzD2/kw
         ibRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715006; x=1700319806;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=21gGbJWd0Lovjp8ezUVuuKPIEtQXFSqOb+Huh5281Tk=;
        b=DXrUHVORY42nW2qan95GSpESPse6AgSmfUgTK3ylXPLa/hXiH0nh2pAsG+l1Wptcby
         e10MY2HSLArfpIrWI5suRQo5tpBJWOoq64DonGc57oUbJtHanqyuwDqYT8yr8SoemVwa
         Kd8/2t1acFQdG2STM8PlprURVW116ORtw25zJMIziAgv9OXQoQCNqhH4x6605YuJPBuv
         g/KFNh/peExdJ5nBUUaLCjP4Rl0uDOLTVTIRZamVEgiWydocdYq5bfFBMk+9GcSh2qrB
         mAa+DqR2LqUeaqd3K0ZtvUuxiIQez6tX+EQaUqqDpWpSUFt8e+GSN7UjmsYMzp77jSzr
         oN0g==
X-Gm-Message-State: AOJu0YxpUneqWVwoXUEeJ1S2byqhI5qGQtpKqz55HltGTLQNyUqg9Xwh
	29MLszdeONfaivST/177NFAzHu1NHAH/YHtkxAXBBA==
X-Google-Smtp-Source: 
 AGHT+IHGQh49jox8eGZP79OS7ePcly2tJBgwz/3gcY1YBKfZOchrVUrvzL08VWjmX7cAIptlBZLMOQ==
X-Received: by 2002:a17:902:e810:b0:1cc:2be7:c0f2 with SMTP id
 u16-20020a170902e81000b001cc2be7c0f2mr8473005plg.13.1699715006205;
        Sat, 11 Nov 2023 07:03:26 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:25 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 08/15] xserver-xorg: Fix for CVE-2023-5367 and
 CVE-2023-5380
Date: Sat, 11 Nov 2023 05:02:57 -1000
Message-Id: 
 <4aa05deec3b2925d458655df7084e7ea2ed3f3ba.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190423

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2023-5367.patch          |  84 +++++++++++++++
 .../xserver-xorg/CVE-2023-5380.patch          | 102 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.14.bb      |   2 +
 3 files changed, 188 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
new file mode 100644
index 0000000000..508588481e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
@@ -0,0 +1,84 @@
+From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 3 Oct 2023 11:53:05 +1000
+Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
+
+The handling of appending/prepending properties was incorrect, with at
+least two bugs: the property length was set to the length of the new
+part only, i.e. appending or prepending N elements to a property with P
+existing elements always resulted in the property having N elements
+instead of N + P.
+
+Second, when pre-pending a value to a property, the offset for the old
+values was incorrect, leaving the new property with potentially
+uninitalized values and/or resulting in OOB memory writes.
+For example, prepending a 3 element value to a 5 element property would
+result in this 8 value array:
+  [N, N, N, ?, ?, P, P, P ] P, P
+                            ^OOB write
+
+The XI2 code is a copy/paste of the RandR code, so the bug exists in
+both.
+
+CVE-2023-5367, ZDI-CAN-22153
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a]
+CVE: CVE-2023-5367
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/xiproperty.c    | 4 ++--
+ randr/rrproperty.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
+index 066ba21fba..d315f04d0e 100644
+--- a/Xi/xiproperty.c
++++ b/Xi/xiproperty.c
+@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+                 XIDestroyDeviceProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index c2fb9585c6..25469f57b2 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+                 RRDestroyOutputProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
new file mode 100644
index 0000000000..720340d83b
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
@@ -0,0 +1,102 @@
+From 564ccf2ce9616620456102727acb8b0256b7bbd7 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 5 Oct 2023 12:19:45 +1000
+Subject: [PATCH] mi: reset the PointerWindows reference on screen switch
+
+PointerWindows[] keeps a reference to the last window our sprite
+entered - changes are usually handled by CheckMotion().
+
+If we switch between screens via XWarpPointer our
+dev->spriteInfo->sprite->win is set to the new screen's root window.
+If there's another window at the cursor location CheckMotion() will
+trigger the right enter/leave events later. If there is not, it skips
+that process and we never trigger LeaveWindow() - PointerWindows[] for
+the device still refers to the previous window.
+
+If that window is destroyed we have a dangling reference that will
+eventually cause a use-after-free bug when checking the window hierarchy
+later.
+
+To trigger this, we require:
+- two protocol screens
+- XWarpPointer to the other screen's root window
+- XDestroyWindow before entering any other window
+
+This is a niche bug so we hack around it by making sure we reset the
+PointerWindows[] entry so we cannot have a dangling pointer. This
+doesn't handle Enter/Leave events correctly but the previous code didn't
+either.
+
+CVE-2023-5380, ZDI-CAN-21608
+
+This vulnerability was discovered by:
+Sri working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7]
+CVE: CVE-2023-5380
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/enterleave.h   |  2 --
+ include/eventstr.h |  3 +++
+ mi/mipointer.c     | 17 +++++++++++++++--
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/dix/enterleave.h b/dix/enterleave.h
+index 4b833d8..e8af924 100644
+--- a/dix/enterleave.h
++++ b/dix/enterleave.h
+@@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPtr dev,
+ 
+ extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode);
+ 
+-extern void LeaveWindow(DeviceIntPtr dev);
+-
+ extern void CoreFocusEvent(DeviceIntPtr kbd,
+                            int type, int mode, int detail, WindowPtr pWin);
+ 
+diff --git a/include/eventstr.h b/include/eventstr.h
+index bf3b95f..2bae3b0 100644
+--- a/include/eventstr.h
++++ b/include/eventstr.h
+@@ -296,4 +296,7 @@ union _InternalEvent {
+ #endif
+ };
+ 
++extern void
++LeaveWindow(DeviceIntPtr dev);
++
+ #endif
+diff --git a/mi/mipointer.c b/mi/mipointer.c
+index 75be1ae..b12ae9b 100644
+--- a/mi/mipointer.c
++++ b/mi/mipointer.c
+@@ -397,8 +397,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y)
+ #ifdef PANORAMIX
+         && noPanoramiXExtension
+ #endif
+-        )
+-        UpdateSpriteForScreen(pDev, pScreen);
++        ) {
++            DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER);
++            /* Hack for CVE-2023-5380: if we're moving
++             * screens PointerWindows[] keeps referring to the
++             * old window. If that gets destroyed we have a UAF
++             * bug later. Only happens when jumping from a window
++             * to the root window on the other screen.
++             * Enter/Leave events are incorrect for that case but
++             * too niche to fix.
++             */
++            LeaveWindow(pDev);
++            if (master)
++                LeaveWindow(master);
++            UpdateSpriteForScreen(pDev, pScreen);
++    }
+ }
+ 
+ /**
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index 5c604fa86e..eaff93bd09 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -16,6 +16,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2022-46344.patch \
            file://CVE-2023-0494.patch \
            file://CVE-2023-1393.patch \
+           file://CVE-2023-5367.patch \
+           file://CVE-2023-5380.patch \
 "
 SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf"
 SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066"

From patchwork Sat Nov 11 15:02:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34305
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3A0D9C4167D
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:34 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web10.52967.1699715009547017311
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=wZYIaaGS;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-1cc37fb1310so23825255ad.1
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715008;
 x=1700319808; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DV81cWH/8wfZf7UR9Qb6h71srl3O92Jsl4T+8ZSsUCU=;
        b=wZYIaaGSpuOLeFW50pC/6qK5gMdMz9FXjHAC8W/j4SvZuQiJdL11+tp7KTKGWzRivs
         MH+Ob+YnNM3G+3hozClnEBnAJXe8a/UJNyCYz0WGgxa1yflVLCxbcOF0kTkRegiht8Ei
         cKN4xwJ7e5Mqjyptl3tD+os0mVLYSApF+vMOFH88Os1kxzk80/gm2YFpdpVJeuJw0FQu
         9r2X+a5A3EPsWmJg+05zRIKwe0d9n75gsViLvoVZA8zDBLVKWcSTDf07qcdXK81ii2aL
         xN+p5/08C4YPh4V7kZFK4PC6b8aL4+0GBftzC2PETA4/7i25DJcI+4GDxxghOaWkSDbS
         Vlew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715008; x=1700319808;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=DV81cWH/8wfZf7UR9Qb6h71srl3O92Jsl4T+8ZSsUCU=;
        b=D9D+vBfYUkCwIS00JJRrVf+xZnND63yd3NQNl8AaGZnJG5fqmeaDH7rmd0f3R0RuVW
         qBzOj725EJN/+Mz36JyxGJtrJNpVU18gHIhnIFtnLSTqlOCDblebH/3wCJ7+It1sUVHL
         qHamGAHjLeXtLN5eTBoKp6jn481MymVg50K1uygkQaEWjLXxT/15i/t3OwCC1AgCND+A
         A7MrZ43Y5HbFjA3nWu4fEG3WCR6ST54lz1hDZGNhRrjPQIgAb0HWmq+NeSm7ogDPIsWH
         vgewgcekrXPZEu2YZQrbLELvTku8uUINZgyD0P67zoC1J3t9Q2B38rFsFgYlDNIAMdAB
         XP+g==
X-Gm-Message-State: AOJu0YzLf1WGCdMd4VM9DoicfHTg8go2CeWdXb9L87rM4tP8XykS4oZS
	I8rsaVTm0yKYrUP4+RRqg0lBXsln2R+tw9yWpb/Afg==
X-Google-Smtp-Source: 
 AGHT+IGizR0LSoTwKDV/fZ0CCZLE/T0ZQUpOi8SGWxhTbSsllAGI/G5ZNMzg9uWenHcsH5dhg6LA4Q==
X-Received: by 2002:a17:903:249:b0:1cc:51b8:8100 with SMTP id
 j9-20020a170903024900b001cc51b88100mr1959412plh.7.1699715008202;
        Sat, 11 Nov 2023 07:03:28 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.27
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:27 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 09/15] cve-check: sort the package list in the JSON
 report
Date: Sat, 11 Nov 2023 05:02:58 -1000
Message-Id: 
 <1461db690d01bdfc46d77a38aa040736139bfccb.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190424

From: Ross Burton <ross.burton@arm.com>

The JSON report generated by the cve-check class is basically a huge
list of packages.  This list of packages is, however, unsorted.

To make things easier for people comparing the JSON, or more
specifically for git when archiving the JSON over time in a git
repository, we can sort the list by package name.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b0ccefc84d..5e6bae1757 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -97,6 +97,8 @@ def generate_json_report(d, out_path, link_path):
                     cve_check_merge_jsons(summary, data)
                 filename = f.readline()
 
+        summary["package"].sort(key=lambda d: d['name'])
+
         with open(out_path, "w") as f:
             json.dump(summary, f, indent=2)
 

From patchwork Sat Nov 11 15:02:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34304
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4080CC41535
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:34 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.52970.1699715012200770790
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=zRlLCW/O;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-1cc0d0a0355so23990575ad.3
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715011;
 x=1700319811; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=POKhWiqkmQntmZSVMEM5kZYSfSHrbNcT8JeTiFntHs8=;
        b=zRlLCW/Of1lsfWDUDP/2Bx+YaK7/zq4bEZ2ZJNPJWjrcCeNZ9hbUihNTa0IF12JsI6
         CCPE6Smz1maRiKc/C16ZELJvRcHKlnqdT0lzeWqItmvEiUbyfESdJn5EvvFjQOh6Itg6
         Uc9BB6HsBidt7hjAqfdviok38arDQv/ZhNVDJCo3Kh2XvpK9ZYe3TfyI6rFnAAKguavN
         LREAu42AAxeOyXXssyWc2wQOhdd2+F6M0n8ktLuFEvxwyz68GM5K6SXxg4hc/7TJg984
         zHyXk/Y5d3m7ylBgSdBvvnnRNX41SnfmLXa5gT7CCe3MYduEI3Q0RbRhHP5uM1l+T/65
         /vwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715011; x=1700319811;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=POKhWiqkmQntmZSVMEM5kZYSfSHrbNcT8JeTiFntHs8=;
        b=MQvEVbZ0aHj5UMa/3M/TFASQxHmGFb6sNopsqiDOmYqfY9pcvlFwi1uTe+rXyAjP4n
         2zX+cyPnbmPHhh159evt5m2YIim4s+QDTK5wFYxyqS1of3vjr5MCCR3g7gNvJ8RRk33S
         Rn27sSbaeG9mAQa3Yg5oVd7IpnTWSZkZkEgb/EJcy3RqiNHhhR/ygIbGNKU2Ag7qj//1
         D98Q7fP15N5U+X5p8zxdvWvw7QPn9XU/57c96en+n1CjX7f6kFChPZ4M+AXFZSLig1fn
         ias9I2N0FKcRYTZxAE/yVUC39EQx0YpxrsBoew29M6ai1tYS6kli5EAaPyMwZFm0wtVo
         edsg==
X-Gm-Message-State: AOJu0YxLZZlRTZkC0MHSVFW1ktPPmooVnZ2bhV+1ZWg925iB69t7DJL9
	ZNYbSpyc5K/mCSIDdebPaljD1tM/MQJDLq3RirQpSA==
X-Google-Smtp-Source: 
 AGHT+IFqfLOwA2vnZkz5Xk/fW34qc5N+WjMRwYr1v/cBNwbvSIYXKDw72Ix+n96JGxxtn/xlQMMtHg==
X-Received: by 2002:a17:902:6903:b0:1cc:2091:150f with SMTP id
 j3-20020a170902690300b001cc2091150fmr1563507plk.1.1699715010988;
        Sat, 11 Nov 2023 07:03:30 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:30 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 10/15] cve-check: slightly more verbose warning
 when adding the same package twice
Date: Sat, 11 Nov 2023 05:02:59 -1000
Message-Id: 
 <ef6b9c84a786974cb3b24706d8afd9ae809a6f8d.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190425

From: Ross Burton <ross.burton@arm.com>

Occasionally the cve-check tool will warn that it is adding the same
package twice.  Knowing what this package is might be the first step
towards understanding where this message comes from.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c1179faec8583a8b7df192cf1cbf221f0e3001fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/cve_check.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index c508865738..a91d691c30 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -75,7 +75,7 @@ def cve_check_merge_jsons(output, data):
 
     for product in output["package"]:
         if product["name"] == data["package"][0]["name"]:
-            bb.error("Error adding the same package twice")
+            bb.error("Error adding the same package %s twice" % product["name"])
             return
 
     output["package"].append(data["package"][0])

From patchwork Sat Nov 11 15:03:00 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34302
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 20C0BC4332F
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:34 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web10.52972.1699715013720299039
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:33 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Jx3j6RCD;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-1cc5b7057d5so26922575ad.2
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715013;
 x=1700319813; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ArKgE67eBur1QH7o35YJ2kR0QyNgk9KdWPhF9xHxzt8=;
        b=Jx3j6RCD8EiZrunma+uB1nkBbVLRe6wnvDT8ApXt5JHUs76+1Enw9A3WWd74PuH8sc
         PTt+LOzRx4NYGRF4zL8qfYrdRwHD+AOfIS3eMKTS2pDork2BpViKaluz0LiIaFT2Z1SX
         PSCP9uNRVfV81ucc6ZsR/gdAYwXeFiI+76LcbYhPuI11hoUnLAl2l+tiygxCZFKtaQ+Z
         NIlo9l4MdWcrZMI14kLAr2Nvlqq800xJ05yfJUHlWPU/+z6cSDpTO1yw8wt3SqggpPRd
         nETRCxNutWeIgGotuFlLdpkRvMeBB7z7DThqTC5YUuIu2cLadaSqrIo24ybFTHzlC8ZU
         06kQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715013; x=1700319813;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ArKgE67eBur1QH7o35YJ2kR0QyNgk9KdWPhF9xHxzt8=;
        b=JiVgdHuYzivJh3e3SJItWFUPPX+JalgZ6z6InrB5MOBxfIJMJWOA5/prEP1NPylMAl
         b8b0HV71t+f4Y0bHrBYFdFov1lR9O84Z5KQlOTZwUs2Zqmm8R1pFZclvxj8MZBb76erC
         GyCTPYQ4FZePg5isghqBhmpJwd0fY0ZLcPxEnDCpU2WylWk3GfehBl4RDdxl5xQsGH01
         fclE8WJZ/ckcso8K3OzJc09M6Xqjf9hjVFxI88P3B5Tb8Y5WQqC95d20hbXK8zm/MPRd
         1kkBXdDeaJaI+DyRkJ0MXFRMBc5U32i+enFATRG/xWKpRw5LAi/WfYMVpTIdouWRx/9Y
         maXg==
X-Gm-Message-State: AOJu0YwBlIFWeMB7Z2jVJURRMtdSC74rXRcKikoSmsxg6QMev1w5xQku
	J0NTG7uHX/UpRYXBHHCM2hem6qmc2cpD/0iF/iwXgw==
X-Google-Smtp-Source: 
 AGHT+IFbszc7rlZm4RFVdYursC5FcDq7Pods47hCuIAXtKkHvg01AMaSpubwiwhVZgrZKWN23OccMw==
X-Received: by 2002:a17:902:d482:b0:1cc:520a:544 with SMTP id
 c2-20020a170902d48200b001cc520a0544mr3021226plg.48.1699715012845;
        Sat, 11 Nov 2023 07:03:32 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:32 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 11/15] cve-check: don't warn if a patch is remote
Date: Sat, 11 Nov 2023 05:03:00 -1000
Message-Id: 
 <bf837a11339a3554a549c1ed632bea013ee58b72.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190426

From: Ross Burton <ross.burton@arm.com>

We don't make do_cve_check depend on do_unpack because that would be a
waste of time 99% of the time.  The compromise here is that we can't
scan remote patches for issues, but this isn't a problem so downgrade
the warning to a note.

Also move the check for CVEs in the filename before the local file check
so that even with remote patches, we still check for CVE references in
the name.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0251cad677579f5b4dcc25fa2f8552c6040ac2cf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/cve_check.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index a91d691c30..ed4af18ced 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -114,11 +114,6 @@ def get_patched_cves(d):
     for url in oe.patch.src_patches(d):
         patch_file = bb.fetch.decodeurl(url)[2]
 
-        # Remote compressed patches may not be unpacked, so silently ignore them
-        if not os.path.isfile(patch_file):
-            bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
-            continue
-
         # Check patch file name for CVE ID
         fname_match = cve_file_name_match.search(patch_file)
         if fname_match:
@@ -126,6 +121,12 @@ def get_patched_cves(d):
             patched_cves.add(cve)
             bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
 
+        # Remote patches won't be present and compressed patches won't be
+        # unpacked, so say we're not scanning them
+        if not os.path.isfile(patch_file):
+            bb.note("%s is remote or compressed, not scanning content" % patch_file)
+            continue
+
         with open(patch_file, "r", encoding="utf-8") as f:
             try:
                 patch_text = f.read()

From patchwork Sat Nov 11 15:03:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34307
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3E44BC4167D
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:44 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web10.52975.1699715015993163495
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:36 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=gUE1Cj2E;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-1c9b7c234a7so26914265ad.3
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715014;
 x=1700319814; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=maJummaCH/YIjMqoCIuVO+Gjw+QXYVkapUXhhycRuY4=;
        b=gUE1Cj2EM0mQDg2P8Od8p2LAMTzcs6CHwf0E+rDrA26qQ4VkjAP48pCvKt+c5QdaIb
         jBxDxxGKoczTnk3wejagGAYP9/Ai1RL4Kr2gfYo86YYVUjT569URkNh1L97rLl5e67Rr
         eYaZyEDsCekmLmjnHEKmcSs+WUPOYY4inM9N5bbZqxmXv9bWzz/CFNgbkvAYCmG2n+kW
         366ktDsl0hqkFEcS1c1ziN6xzs/ZBvQ6mdiV2vRUiBQo38Kxs83h1HjXxRSVVBm3tNlh
         akX5A5cCGAm6RDc5HQ9cbSy9SRwqNCHchrOH8JiS19yRKgpx5jUxDGnzdF3n+UKIeJ0t
         cL8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715014; x=1700319814;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=maJummaCH/YIjMqoCIuVO+Gjw+QXYVkapUXhhycRuY4=;
        b=rQ41gRKFwzMKK3Ai+WVzIeX9gnRpl20AlusCbS4w4rKOgXLVdFH1ykefNk6K7U/Srt
         s/XEeywVrNs9YVojhz+DtVJu3Tfwd4TpU+iS8WMS+5UH9YOPNC1wJm2NTRAlhV+QNRZB
         qetN06FOSqQVeCPLuMnFvw3tKR5uYoxfdowfMKSihTjhuKMuTiZzAFhz8rj89jwxZxuG
         ot+dvB6Jsrn4Q2yxgy5pJ3w1zC1VIu3jLpaW28MAwH+fE5F8I9GaVpzBTBnyJqm7BhCk
         v0jWGwA2Ny99Cp00d2G6xZytLcgM6Pqf2ijF2NgCSgeCSnSZfXFpe9pmHqKYucF08hLQ
         JH3g==
X-Gm-Message-State: AOJu0YwhHAiPIRXaa8w1qLiyePQYmYJgGbddnk4cuCcFHdErnzC6BUMY
	2TQQ6QbHtoQEmtD4ULOxjuy4ntfvRaD0OGmb6Mwi3Q==
X-Google-Smtp-Source: 
 AGHT+IH6qnS1QaMlA/VwhwUrRkYnXHtcIpe1dl0W99W7RW+GX6s9iec7x0+jY/t61QNHhxBkfty4pg==
X-Received: by 2002:a17:902:e9cd:b0:1c9:c6f4:e0c3 with SMTP id
 13-20020a170902e9cd00b001c9c6f4e0c3mr2494664plk.62.1699715014628;
        Sat, 11 Nov 2023 07:03:34 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.33
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:34 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 12/15] assimp: Explicitly use nobranch=1 in SRC_URI
Date: Sat, 11 Nov 2023 05:03:01 -1000
Message-Id: 
 <ffdaaab9f5a5d4172593b80ded2248b48c22d3a3.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190427

From: Naveen Saini <naveen.kumar.saini@intel.com>

Branch 'assimp_5.0_release' is not present in repo.

Error:
assimp-5.0.1-r0 do_fetch: Fetcher failure: Unable to find revision 8f0c6b04b2257a520aaab38421b2e090204b69df in branch assimp_5.0_release even from upstream

Set nobranch=1, to fetch from v5.0.1 tag.

Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/vulkan/assimp_5.0.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
index 295ac12fc5..0774f37e31 100644
--- a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
+++ b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2119edef0916b0bd511cb3c731076271"
 
 DEPENDS = "zlib"
 
-SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \
+SRC_URI = "git://github.com/assimp/assimp.git;nobranch=1;protocol=https \
            file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \
            file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \
            "

From patchwork Sat Nov 11 15:03:02 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34308
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37F26C4332F
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:44 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web11.53374.1699715017307026577
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:37 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ljzK8Nw7;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-1cc53d0030fso23662475ad.0
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715016;
 x=1700319816; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pLI4Ab2c61bGJmlpV94OlDnyW4FyFGMJyyA1fnGvw6s=;
        b=ljzK8Nw7L0D1Ou8rDxdaUX3ryuMMHQoTs7BDL4403iyhPh9OKhOBY757ft8YSNLvZY
         A5JG5jHeplWtbVWPQTJMRblf53Lj2MgKeWvTP++OLfcz6UQhRZXdR5ceeUnLz+gvbGFF
         ORhIijXaP2DhfccmNBmeEeQRJPpREU64UN2lWnviAMWuRYBu0Um8AQ/BLSb/1fHqkWLn
         gWto1ZBIVdY7o0ytCEDR70bczfP5FNh1E94StU/vQVLSj+l+dGeW32B60v+2Fh/rlPiS
         ny7A34TfPPzr9QzojYeeWninEp3m6HmZYbAOefnd+dje/4X7kYsHzp+WeTjBuR+f043l
         Yh3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715016; x=1700319816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pLI4Ab2c61bGJmlpV94OlDnyW4FyFGMJyyA1fnGvw6s=;
        b=PQpgRT0LRzuQw0S62UksVHTvKooR54ezR15cJa58iuj2mN7byJS64dEo0B63uOz6v1
         OKuckUZZtB2PXYlzBGw9nJAVsmz8+Rx4CZuq6EQXlVXxurQML7aBJz84HqikdRcc9tCM
         i4TlaecqhSidQkzrvliYm0HSije9uAZEqCs2rrWnyjJjk/w9zR5yG6DlmMnSALzOJBYT
         pB0Q5bFvLaaTVjXGRQ/uVFQAXwPBc+Fo2VLZr6QiKFp1qnMQMEvsDgm75cygsI0YPXel
         VS8aTl2re6hOWhOEHVgjaSQLfFA7/RhtdoJxY/B2G9kTDjEWAUfXb9WkxsxT+XenOjtO
         9mjw==
X-Gm-Message-State: AOJu0YyE1ghlVHWRphogS6ZaXGPOPSZ2QTyImU6QWKdayF3NxrbZ2IlX
	MaZPv6RwIF0wcDkZZ85pfWvAa4wmzcSM3VOxjj6zPg==
X-Google-Smtp-Source: 
 AGHT+IGb1N9CffPRwfAQE+8GS6anJLbnP3HJ/dsjDvGT17/9GfeZGU0SQYNySB5hGyhkJO0h7IG2Vg==
X-Received: by 2002:a17:902:d501:b0:1cc:33e7:95f5 with SMTP id
 b1-20020a170902d50100b001cc33e795f5mr8384673plg.33.1699715016397;
        Sat, 11 Nov 2023 07:03:36 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.35
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:36 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 13/15] resolvconf: Fix fetch error
Date: Sat, 11 Nov 2023 05:03:02 -1000
Message-Id: 
 <e824891904358a385f90490bac7098c58cda41e4.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190428

From: Naveen Saini <naveen.kumar.saini@intel.com>

Branch 'master' renamed to 'unstable', which causing following failure.

Error:
Fetcher failure: Unable to find revision cb19bbfbe7e52174332f68bf2f295b39d119fad3 in branch master even from upstream

Switch to 'unstanble' branch.

Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
index f482bd297f..5f0a5eac70 100644
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
@@ -11,7 +11,7 @@ AUTHOR = "Thomas Hood"
 HOMEPAGE = "http://packages.debian.org/resolvconf"
 RDEPENDS_${PN} = "bash"
 
-SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=master \
+SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
            file://fix-path-for-busybox.patch \
            file://99_resolvconf \
           "

From patchwork Sat Nov 11 15:03:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34309
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 44EBFC4167B
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:44 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web10.52977.1699715019522856763
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:39 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Bi0mqTAO;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-1cc29f39e7aso20639815ad.0
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715018;
 x=1700319818; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CoQYmkKbFuL+X2G2ota++Axb2enhm9OWpjYjt2vqt5o=;
        b=Bi0mqTAOkk9vYdqxFMTXr8boI4Ku5niOVdN7zTzDb6vn9d0sA8UWxf7GHrj9ok9Yau
         UKa07DOmgtX3Xx7izyTrUXzhbUQr/Q35scaVNL6hLtuwHu1Z9kdbtjH918OrSY/D0GFu
         kHX0GNW95dsRfUqeqXczom52+m2Q+we+SiqjExnP/rnB425nrwqoMzXVyoQ3N+zhFtLi
         QmnLAX03PHPo3Jhqz/hUj6EoS2S2ICMDZkM6GpX1X+iFf1D2bZwt9egm9tG8VRhP/hyO
         3yCbb1u2XjppWn2hRGsvkOlEa6c/EWidX8TLxQZn3VPn1UTW11laaMBBb4tsgQunlvzN
         GRGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715018; x=1700319818;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CoQYmkKbFuL+X2G2ota++Axb2enhm9OWpjYjt2vqt5o=;
        b=faw0y2QItRhrFJ4JzGoacwg1NcIBcNMJSnh22h4l3T/JvRH5o3XZeh3C1A0cywGAvS
         VaAFdPCEbZ3mRVa6zITT05q7ceMXVr2MBWoYkM7rYe196tNp+vqIfLVC2NHAByCeljC6
         7nymBRo7SayHcWt5e1xWLjtnEE6vG3lSsCHx/9V+VKnmtHZ4pzoKHQt8nT2srVnhiQfG
         516wh4ZZiuDQRAaNV+yFPDwAss37UFQaM5khyFS7vs408F0VyxwTCv/zGZn6uinM7B66
         lIcUwPxActP4oJKYBsycspUZYm1Ggsomb+3W6mEoDmH/sutW1iePB0yo8AiXURXWzP32
         oVxA==
X-Gm-Message-State: AOJu0YziEpCO4rXIDidPBTJan3ijKp7zUiihq1lCHw1fNnt4Pejg1WuN
	vuO0c8N9DqcrZeIi1DLBwNRbFdCTYq8YE88dIoSujA==
X-Google-Smtp-Source: 
 AGHT+IF7/p1O7FrDGmuyEgoKTgP/80RcY8w+YQCbOE/VSMl8OyCSqeSgD38RcnDFa8/rSYkyiv+bLA==
X-Received: by 2002:a17:903:26c9:b0:1cc:2eda:bde6 with SMTP id
 jg9-20020a17090326c900b001cc2edabde6mr1419072plb.34.1699715018239;
        Sat, 11 Nov 2023 07:03:38 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.37
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:37 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 14/15] lz4: use CFLAGS from bitbake
Date: Sat, 11 Nov 2023 05:03:03 -1000
Message-Id: 
 <24b9da1a2332dd1dbc80006e36af693ed1161ee3.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190429

From: Mikko Rapeli <mikko.rapeli@bmw.de>

Currently lz4 uses it's own defaults which include O3 optimization.
Switch from O3 to bitbake default O2 reduces binary package size
from 467056 to 331888 bytes. Enables also building with Os if needed.

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit abaaf8c6bcd368728d298937a9406eb2aebc7a7d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/lz4/lz4_1.9.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb
index 0c4a0ac807..c2e24b518c 100644
--- a/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -23,7 +23,7 @@ S = "${WORKDIR}/git"
 # Fixed in r118, which is larger than the current version.
 CVE_CHECK_WHITELIST += "CVE-2014-4715"
 
-EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
+EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
 
 do_install() {
 	oe_runmake install

From patchwork Sat Nov 11 15:03:04 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 34310
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4BBC0C41535
	for <webhook@archiver.kernel.org>; Sat, 11 Nov 2023 15:03:44 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web11.53376.1699715021740197430
 for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:41 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=3bwDOCSL;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-1ccbb7f79cdso23936135ad.3
        for <openembedded-core@lists.openembedded.org>;
 Sat, 11 Nov 2023 07:03:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1699715020;
 x=1700319820; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Z3V724EwI/qKPAMf9RyM4vGt8ZqUGM8Nnuw1wHp0zS4=;
        b=3bwDOCSLdEdTi/IsUjF4bVcGML3n4VnBvmEyR3tXOboVzmGFUWAxeV/bK93hesusrR
         u6U2xy8bm72zk9TvRzhMlDJWPBZRD3h0cHvKU77C35ByAsRxUp1T/gxt+K9Ix+m2wu6Q
         siCKJHY2mBQxB7+ChQyxBAeLfLObYkBnZ+I9FTnjPidJU8vZSjmrg6VlxccL6V0i98a+
         JDgKsCrs8cEI1aQOn6Z8ih5J6Ml/5J6S5mhNVQB0Ac67jbN6XW6BPjOX4KNXodo5TCMT
         uxMYtszSNVEZTq+oXlnkw9QFa/hN9TyMO87+PAAcEGrWT/plcJYwAhEIGEgzZwAk9OzE
         MTVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699715020; x=1700319820;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Z3V724EwI/qKPAMf9RyM4vGt8ZqUGM8Nnuw1wHp0zS4=;
        b=tCRvKwU90TDlbUzer29T+deEwiJ3dQnmCZcoEhCUHT0w7FDbxpLqrL7GSMa+olC8pa
         4SjPdKrO85csjhsQziKcF7YRcG4YPcKpMc9FvGgp9hy0fSgWOBdktwh2A4OmQcsabz1y
         41xNTrSKZBtuW2GpFrxqymrd1c/uZJGA2RhcTP1LNwxVJE1w5TMp4zmQUjVvsrM45Bo8
         PDw+ZSR2I+TK7k7jgOKVBKFmh7F2H9G4AhX/yTRXQZZFzx8YSKQO0fqE6oLvg1qKdqqG
         gUz3wXGV9U5pbFOQs56J7Haycn2Ee+V3qIMhYmR3pjVwTStr9Jb1wTQbWmOV56ceg/jS
         hFnQ==
X-Gm-Message-State: AOJu0YwWEihbJscy5Pyvt7/MA995yUpnkqIs9KMSqKOtZwlDFG9nYZoV
	KyHJ4FI9+nVNicYcRtI90WvgkVwBKBaA9zk07TkOzQ==
X-Google-Smtp-Source: 
 AGHT+IEd5qONpAzMjM1Yhfp3bEKeQbm7oHQn3cYgKbTFhBdweSFB6motUqSn6IZDmOjsa1vXc2dEmw==
X-Received: by 2002:a17:903:2387:b0:1cc:6597:f41e with SMTP id
 v7-20020a170903238700b001cc6597f41emr2054919plh.0.1699715020270;
        Sat, 11 Nov 2023 07:03:40 -0800 (PST)
Received: from hexa.lan (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 y18-20020a1709027c9200b001b53c8659fesm1379200pll.30.2023.11.11.07.03.39
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 07:03:39 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 15/15] lz4: specify gnu17 in CFLAGS to fix
 reproducibility issues
Date: Sat, 11 Nov 2023 05:03:04 -1000
Message-Id: 
 <ce826b01d93ac99ce089c2212cb0cbff61cee1e4.1699714834.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1699714834.git.steve@sakoman.com>
References: <cover.1699714834.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sat, 11 Nov 2023 15:03:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/190430

We are seeing reproducibility issues where gcc-cross sometimes defaults
to gnu11 and other times to gnu17.

Specify std=gnu17 rather than leave this to chance.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-support/lz4/lz4_1.9.2.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb
index c2e24b518c..8cf71fdc04 100644
--- a/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -23,6 +23,7 @@ S = "${WORKDIR}/git"
 # Fixed in r118, which is larger than the current version.
 CVE_CHECK_WHITELIST += "CVE-2014-4715"
 
+CFLAGS_append = " -std=gnu17"
 EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
 
 do_install() {