From patchwork Wed Dec 13 03:34:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36135 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A1AEC4332F for ; Wed, 13 Dec 2023 03:53:58 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.25594.1702439628421583079 for ; Tue, 12 Dec 2023 19:53:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=dOJPNWuQ; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439628; x=1733975628; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=Wz+fKkFmn+CnkLVAxAHlMPLddAm4fDu16XZBr0P57vo=; b=dOJPNWuQrIoCIqRCijKpC0qrLlLzQbDCAXDx48k3Y28S0rHh0UG0DPhr Z3kjs3DYMVY9u0skqHxJHGSUmi5r37v/OK1dhizuFEtnIBCqDnx3trWTf wJNzmM6tfsHYSZ85Px9MKpf+mYOU5378eEIdRgcP4AYgiDX5vobb/MjPg vRMdbALjp1uoWB5K4ASgi9+I37XjDG9sAqF4kRM2SMMjisl4+DQTIDeSv Ypv9QOi0hBMXbKgrxMexup5VQHslzzKupLX9hHt6ENTBA2SqEIWeGZxCt 02bSobcH3PQlOQUkNtnYnTvuy6VB+LsDwXX3HM8swOu5QwT6Z9+rhDLZ/ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109629" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109629" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523919" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523919" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:47 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 1/6] avahi: add CVE-2023-38473.patch to SRC_URL Date: Wed, 13 Dec 2023 11:34:04 +0800 Message-Id: <20231213033409.2101308-1-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192260 From: Lee Chee Yang patch file added since Oe-Core rev a9203c46cd64c3ec5e5b00e381bbac85733f85df but not part of SRC_URI. Signed-off-by: Lee Chee Yang --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index aa395beaf9..bfd945c7ae 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -34,6 +34,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38471-1.patch \ file://CVE-2023-38471-2.patch \ file://CVE-2023-38472.patch \ + file://CVE-2023-38473.patch \ " GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/" From patchwork Wed Dec 13 03:34:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36136 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AD83C4167B for ; Wed, 13 Dec 2023 03:53:58 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.25594.1702439628421583079 for ; Tue, 12 Dec 2023 19:53:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=MNDbFnYD; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439629; x=1733975629; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=6TW7XC40FHIov38tzY+M+if5OgmsHtYUdo21NJ4X5OU=; b=MNDbFnYDMHZt4HhCJ6FWs4NzTnQpqfP9oP9Gr2N91NvPHYamC7eOpWx/ Y0hQxuNJxCw8LqOhPgkLIFcVdmJ+s5a76DlY5SByt7g4ijn3bZ1zfpGA/ k+pHRtUsObEdZZp7v5DOVnlrepgC/hj2MbOkx8/5mlb31QBYlEi5SG32H xfBGtjWWVPNDZUA7J9d+N4Vem8+xiOqBbj0wDT8QBvkgJPjtlOf1GOHTS zwSjkRacTUQZMaOyP5TgOjMzDvFRHR3qxy+FF4qROjXME+ZkURJ6fH+PH 1tCyHrybjGvXbKcu78BkX/HTZxlMjFPHqILHk5qS0G9s2opGnLpm9ADTz A==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109631" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109631" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523926" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523926" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:48 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 2/6] grub: fix CVE-2023-4692 CVE-2023-4693 Date: Wed, 13 Dec 2023 11:34:05 +0800 Message-Id: <20231213033409.2101308-2-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20231213033409.2101308-1-chee.yang.lee@intel.com> References: <20231213033409.2101308-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192261 From: Lee Chee Yang checkout CVE-2023-4692.patch from OE-Core rev: c89835b37366dde6c74f8221fd5a295ecabf8225 checkout CVE-2023-4693.patch from OE-Core rev: 1bbbba098dba85ec1b875512d75f7eca9026e781 Signed-off-by: Lee Chee Yang --- .../grub/files/CVE-2023-4692.patch | 97 +++++++++++++++++++ .../grub/files/CVE-2023-4693.patch | 62 ++++++++++++ meta/recipes-bsp/grub/grub2.inc | 2 + 3 files changed, 161 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch new file mode 100644 index 0000000000..4780e35b7a --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch @@ -0,0 +1,97 @@ +From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Thu, 16 Nov 2023 07:21:50 +0000 +Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST + attribute for the $MFT file + +When parsing an extremely fragmented $MFT file, i.e., the file described +using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer +containing bytes read from the underlying drive to store sector numbers, +which are consumed later to read data from these sectors into another buffer. + +These sectors numbers, two 32-bit integers, are always stored at predefined +offsets, 0x10 and 0x14, relative to first byte of the selected entry within +the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. + +However, when parsing a specially-crafted file system image, this may cause +the NTFS code to write these integers beyond the buffer boundary, likely +causing the GRUB memory allocator to misbehave or fail. These integers contain +values which are controlled by on-disk structures of the NTFS file system. + +Such modification and resulting misbehavior may touch a memory range not +assigned to the GRUB and owned by firmware or another EFI application/driver. + +This fix introduces checks to ensure that these sector numbers are never +written beyond the boundary. + +Fixes: CVE-2023-4692 + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper + +CVE: CVE-2023-4692 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea] + +Signed-off-by: Yogita Urade +--- + grub-core/fs/ntfs.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 2f34f76..6009e49 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + if (at->attr_end) + { +- grub_uint8_t *pa; ++ grub_uint8_t *pa, *pa_end; + + at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + if (at->emft_buf == NULL) +@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + at->attr_nxt = at->edat_buf; + at->attr_end = at->edat_buf + u32at (pa, 0x30); ++ pa_end = at->edat_buf + n; + } + else + { + at->attr_nxt = at->attr_end + u16at (pa, 0x14); + at->attr_end = at->attr_end + u32at (pa, 4); ++ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + } + at->flags |= GRUB_NTFS_AF_ALST; + while (at->attr_nxt < at->attr_end) +@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + at->flags |= GRUB_NTFS_AF_GPOS; + at->attr_cur = at->attr_nxt; + pa = at->attr_cur; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + grub_set_unaligned32 ((char *) pa + 0x10, + grub_cpu_to_le32 (at->mft->data->mft_start)); + grub_set_unaligned32 ((char *) pa + 0x14, +@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + { + if (*pa != attr) + break; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + if (read_attr + (at, pa + 0x10, + u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), +-- +2.40.0 diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch new file mode 100644 index 0000000000..1b6013d86d --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch @@ -0,0 +1,62 @@ +From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:32:33 +0300 +Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident + $DATA attribute + +When reading a file containing resident data, i.e., the file data is stored in +the $DATA attribute within the NTFS file record, not in external clusters, +there are no checks that this resident data actually fits the corresponding +file record segment. + +When parsing a specially-crafted file system image, the current NTFS code will +read the file data from an arbitrary, attacker-chosen memory offset and of +arbitrary, attacker-chosen length. + +This allows an attacker to display arbitrary chunks of memory, which could +contain sensitive information like password hashes or even plain-text, +obfuscated passwords from BS EFI variables. + +This fix implements a check to ensure that resident data is read from the +corresponding file record segment only. + +Fixes: CVE-2023-4693 + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94] +CVE: CVE-2023-4693 +Signed-off-by: Hitendra Prajapati +--- + grub-core/fs/ntfs.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 7e43fd6..8f63c83 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, + { + if (ofs + len > u32at (pa, 0x10)) + return grub_error (GRUB_ERR_BAD_FS, "read out of range"); +- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); ++ ++ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); ++ ++ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ if (u16at (pa, 0x14) + u32at (pa, 0x10) > ++ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); + return 0; + } + +-- +2.25.1 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 41839698dc..f594e7d3a4 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -42,6 +42,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-3775.patch \ file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ + file://CVE-2023-4692.patch \ + file://CVE-2023-4693.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" From patchwork Wed Dec 13 03:34:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87B10C4167D for ; Wed, 13 Dec 2023 03:53:58 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.25594.1702439628421583079 for ; Tue, 12 Dec 2023 19:53:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=mieyZc2c; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439629; x=1733975629; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=kEXbKLKXtljBVWd7ZvY/Bdgxc/s8KRXnsJU/3iT6yKY=; b=mieyZc2c8m2bx9A/KMRq2xL8DzU/2Su5ZXFBazoutKPS78hrK2nFuoME QzL5Jwx+mLaZ+L42RtV8xaYNAICxxjaoXLsD5bNwTl1y3dgKVHgNr4p/+ iqUIzbyaGB6iyIRxvG11G32g6uKZxhDSPfV3gPUJTgD77mP1zFtCl/Bku iT0E/jbQ6oFs9VgIf6STAEdvHmegDa83e7VZBtnh5eTipWg31nLGKBW5/ JSrF3IJ0QMrxJOIHsUtXN5fprXPJ2LD1HLhBFxjU4CiPXXjIMBPV45MxN 0QGRnLtW4DFlYa0/p/HXKUKwZAZHhHg3fS2LddcNtImG6l8AOP6YTvjbl Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109654" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109654" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523936" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523936" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:49 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 3/6] perlcross: update to 1.5.2 Date: Wed, 13 Dec 2023 11:34:06 +0800 Message-Id: <20231213033409.2101308-3-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20231213033409.2101308-1-chee.yang.lee@intel.com> References: <20231213033409.2101308-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192262 From: Lee Chee Yang remove upstreamed 0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch Signed-off-by: Lee Chee Yang --- ...mt.sh-add-32-bit-integer-format-defi.patch | 28 ------------------- .../{perlcross_1.5.bb => perlcross_1.5.2.bb} | 3 +- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch rename meta/recipes-devtools/perl-cross/{perlcross_1.5.bb => perlcross_1.5.2.bb} (86%) diff --git a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch b/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch deleted file mode 100644 index 4de4a5b955..0000000000 --- a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Tue, 5 Sep 2023 19:47:33 +0200 -Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions - -These started to matter in perl 5.38 where they are used to print -line numbers. - -Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143] -Signed-off-by: Alexander Kanavin ---- - cnf/configure_pfmt.sh | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh -index 8f93da1..7bb4b6f 100644 ---- a/cnf/configure_pfmt.sh -+++ b/cnf/configure_pfmt.sh -@@ -52,3 +52,9 @@ else - define uvxformat '"lx"' - define uvXUformat '"lX"' - fi -+ -+define i32dformat 'PRId32' -+define u32uformat 'PRIu32' -+define u32oformat 'PRIo32' -+define u32xformat 'PRIx32' -+define u32XUformat 'PRIX32' diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb similarity index 86% rename from meta/recipes-devtools/perl-cross/perlcross_1.5.bb rename to meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb index 7ca4977b97..b41c182fad 100644 --- a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb +++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb @@ -15,11 +15,10 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \ file://determinism.patch \ file://0001-Makefile-check-the-file-if-patched-or-not.patch \ - file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \ " GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/" -SRC_URI[perl-cross.sha256sum] = "d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211" +SRC_URI[perl-cross.sha256sum] = "584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90" S = "${WORKDIR}/perl-cross-${PV}" From patchwork Wed Dec 13 03:34:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93923C46CA2 for ; Wed, 13 Dec 2023 03:53:58 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.25594.1702439628421583079 for ; Tue, 12 Dec 2023 19:53:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=F32GPDNb; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439632; x=1733975632; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=DAwEbuU9ovDFmNb9nb0pMauGfTnUCj3jpjvCsKLMAJc=; b=F32GPDNbW4ER6eZ3bwYfR26GC/7DF2qJJwWHY34DEzDmezMDcbHTDSy2 LUTYAGpNvyau7OvHJGwqjwbGGOfZKW5V1rG0QsTgBCINxqe/o7Ifhnc8B UoWruyo360R3ncRbhDhbu10y9TDu/mTrOOU2re1Ia23AIroyk0Fg6W2al U4TPRJh/YoiRlW47TUsf7fzva3YP8Y0kKERj8ZfDrWHP7xkuHMjj7ByPJ qcUcygngGRMHIHjDqS/tmHAFk9CpKYqyQzJiQIpVckhKyYkbhA9O9gEj9 ZnWi3VzV1JDiNCQxCLOlU11VWI633K6vVcVQG1ltDVTc9UtBVw92Yq6pZ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109683" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109683" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:50 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523941" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523941" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:49 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 4/6] perl: 5.38.0 -> 5.38.2 Date: Wed, 13 Dec 2023 11:34:07 +0800 Message-Id: <20231213033409.2101308-4-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20231213033409.2101308-1-chee.yang.lee@intel.com> References: <20231213033409.2101308-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192263 From: Lee Chee Yang update include fix for CVE-2023-47100. Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} (99%) diff --git a/meta/recipes-devtools/perl/perl_5.38.0.bb b/meta/recipes-devtools/perl/perl_5.38.2.bb similarity index 99% rename from meta/recipes-devtools/perl/perl_5.38.0.bb rename to meta/recipes-devtools/perl/perl_5.38.2.bb index 639664e355..a9d684cfc5 100644 --- a/meta/recipes-devtools/perl/perl_5.38.0.bb +++ b/meta/recipes-devtools/perl/perl_5.38.2.bb @@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517" +SRC_URI[perl.sha256sum] = "a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e" B = "${WORKDIR}/perl-${PV}-build" From patchwork Wed Dec 13 03:34:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 938F0C41535 for ; Wed, 13 Dec 2023 03:53:58 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.25594.1702439628421583079 for ; Tue, 12 Dec 2023 19:53:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=TpvvSyJM; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439635; x=1733975635; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gFyuvrmK9CZ4o896kfTSHtsmMko8KJkcFK3msaPPvz0=; b=TpvvSyJMxu/fvOG+aWAwo50kn++yAvQWSmsL0F3MDinbnpRpXwh9JyZ+ ciXOkiQyrYyaqTHzmxFxU6hcb6hJrOiqeKRf8OEltNyv/aL8c6dLn29Jr sRaVB8Mv/jVSVZFD0PtEB3dKBJmqFLXwT+nak5LOsQPweBEDGYP4OiPvD oz0C09ptGo23dRnI6vBnXoqSjlHY7UoiMB1pHOYFN4j3224VptR+ZxeWA YAFOcyYjVjLNpCWjKXSkENXT4ctOZVdWliZeMA4OsKmnZs32+ab75tM1v GzDjCmXFZYzN2JLax5cf0+X6Hj+Rlp84j67zf4KvvEoj+Jdis3R0uAxFD w==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109713" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109713" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523943" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523943" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:50 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 5/6] ghostscript: upgrade 10.02.0 -> 10.02.1 Date: Wed, 13 Dec 2023 11:34:08 +0800 Message-Id: <20231213033409.2101308-5-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20231213033409.2101308-1-chee.yang.lee@intel.com> References: <20231213033409.2101308-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192264 From: Wang Mingyu upgrade include CVE-2023-46751. (cherry pick from Oe-Core rev: 9492c2d51a08fbd4c107540a5a833b1a3fb70504 ) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Lee Chee Yang --- .../{ghostscript_10.02.0.bb => ghostscript_10.02.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-extended/ghostscript/{ghostscript_10.02.0.bb => ghostscript_10.02.1.bb} (97%) diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb similarity index 97% rename from meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb rename to meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb index 4bad0f86e1..18c296128a 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb @@ -28,7 +28,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://configure.ac-add-option-to-explicitly-disable-neon.patch \ " -SRC_URI[sha256sum] = "e54062f166708d84ca82de9f8304a04344466080f936118b88082bd55ed6dc97" +SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" From patchwork Wed Dec 13 03:34:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 36140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8EF9FC4332F for ; Wed, 13 Dec 2023 03:54:08 +0000 (UTC) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.25923.1702439641288059366 for ; Tue, 12 Dec 2023 19:54:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=Intel header.b=Gg9xBfnz; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702439641; x=1733975641; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=VN2WXfF6TIx6p4sJD4hNbpBVY6daqCT2JpS3HKX1GwE=; b=Gg9xBfnz+bXDWsZANisGBj4jFCB2JCCEMAJBNF9+0KWlJWQcmJ12kfQo JDiOqSvuzBhMalVBWH+ELT6sLP42505vJh1WtM+zrqKEsJx8O+QS+9f6s /DjFk8qXRqP3pn0NzvNolvzN0K2J3n8CkWzgJJrIPKjJzG7P9bMA75Xxf /S6ipoe1cDn8D6cSjIGlHgrO1Qp8FoidMhpg1UOEvZIp3HarX8vZcwEwa 2QQ8/Q6f7AnmNidr9sXM5ro1MvEbeLMrRdgn6rvQB6Gu0yAcWila4lCYX dP3tZ2hHAkHYlc6Z6NxoKrN15JFe4KG9O3VeUB6ownTkk87dsBCxsYj51 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="481109799" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="481109799" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 19:53:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10922"; a="917523944" X-IronPort-AV: E=Sophos;i="6.04,272,1695711600"; d="scan'208";a="917523944" Received: from andromeda02.png.intel.com ([10.221.253.198]) by fmsmga001.fm.intel.com with ESMTP; 12 Dec 2023 19:53:51 -0800 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [nanbield][patch 6/6] perf: lift TARGET_CC_ARCH modification out of security_flags.inc Date: Wed, 13 Dec 2023 11:34:09 +0800 Message-Id: <20231213033409.2101308-6-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20231213033409.2101308-1-chee.yang.lee@intel.com> References: <20231213033409.2101308-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Dec 2023 03:54:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192265 From: Rasmus Villemoes Building perf without security_flags.inc being included in one's distro results in the buildpaths warning WARNING: perf-1.0-r9 do_package_qa: QA Issue: File /usr/bin/trace in package perf contains reference to TMPDIR because the ${DEBUG_PREFIX_MAP} does not get used. Most recipes get that from CFLAGS, but the perf recipe explicitly unsets that. Now ${SELECTED_OPTIMIZATION} of course contains more than just ${DEBUG_FLAGS}/${DEBUG_PREFIX_MAP}. For most TUs, perf's build system adds its own optimization flags (-O6 for odd reasons), so for those including the -O2 or -Og doesn't change anything. But looking at the .o.cmd files show that there are some TUs which currently get built without any -O flag. So for those adding the distro's SELECTED_OPTIMIZATION seem to be the right thing to do. (cherry-picked from Oe-Core rev: aa01c9122ef4a2159df503ef6ed25e802277f13a) Signed-off-by: Rasmus Villemoes Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie Signed-off-by: Lee Chee Yang --- meta/conf/distro/include/security_flags.inc | 1 - meta/recipes-kernel/perf/perf.bb | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 2972f05b4e..d97a6edb0f 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -69,4 +69,3 @@ SECURITY_LDFLAGS:pn-xserver-xorg = "${SECURITY_X_LDFLAGS}" TARGET_CC_ARCH:append:pn-binutils = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gcc = " ${SELECTED_OPTIMIZATION}" TARGET_CC_ARCH:append:pn-gdb = " ${SELECTED_OPTIMIZATION}" -TARGET_CC_ARCH:append:pn-perf = " ${SELECTED_OPTIMIZATION}" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 675acfaf26..a392166e73 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -73,6 +73,15 @@ SPDX_S = "${S}/tools/perf" # supported kernel. LDFLAGS="-ldl -lutil" +# Perf's build system adds its own optimization flags for most TUs, +# overriding the flags included here. But for some, perf does not add +# any -O option, so ensure the distro's chosen optimization gets used +# for those. Since ${SELECTED_OPTIMIZATION} always includes +# ${DEBUG_FLAGS} which in turn includes ${DEBUG_PREFIX_MAP}, this also +# ensures perf is built with appropriate -f*-prefix-map options, +# avoiding the 'buildpaths' QA warning. +TARGET_CC_ARCH += "${SELECTED_OPTIMIZATION}" + EXTRA_OEMAKE = '\ V=1 \ VF=1 \