From patchwork Thu Dec 21 02:09:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23F56C4706E for ; Thu, 21 Dec 2023 02:09:26 +0000 (UTC) Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) by mx.groups.io with SMTP id smtpd.web11.42656.1703124559881601662 for ; Wed, 20 Dec 2023 18:09:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Lijj4Y7E; spf=softfail (domain: sakoman.com, ip: 209.85.161.45, mailfrom: steve@sakoman.com) Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-593f6fb21a5so252706eaf.2 for ; Wed, 20 Dec 2023 18:09:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124558; x=1703729358; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nVuw8VQq0P5bZML9ugEKpImWXNOHOr/8gAT0churCL0=; b=Lijj4Y7EpdAnaY24jbzS9XHFO47NJdLhWxsOljwYQ/BXMxgV0jToopuv/Vr6++lfJ5 9efr98BAHOqRpIZYA7Pp6/l1rpP5KVMBLZO+NLxIaq8umW+dliFmNivScw8weq7lN6G2 znlOmV65Y07E+6BSlBGJ7gEi399hyYiZuxIPuuZqHkYmzx9W09EYCuUOjQzqr2gBxYM5 rT6sUbneK0Pzv2Z1XBOouxVYF2cC2z8KaW9A5cwvgFg3T32leB5NyHrqxwsyGb5+mdmw l9I+u/gyOWxQMi9Jdj9gmwf9ORqOs9x+ECmyQkp5PPhh97nZLlNHE411HmTP/8u/Ve6s WhQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124558; x=1703729358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nVuw8VQq0P5bZML9ugEKpImWXNOHOr/8gAT0churCL0=; b=QiNsmBj1s/a3YIEsIJvxP92R2eE//3p/gyjbCWUiDP9H0uMHI0u6WB8WLpFhauICNf QtxX0iKeRDN/14YC4C6kjhpkXmLtBU0KL5Z7OmkBD9uZOHnx7TmhIMCB3gl3REtV/GdV 8sDEDTpYrHN/FPo0YZQVnWy+c0rSxMWm699/mHIjtefZ/wrPdqDwJGyi80AbIELDNX5K aRtHNJPpsnrdlfNUwWjSPSzSUDx+VPAn4hbIbhvEHMCVVBKB53gtEvtKAkwS82b1oUyX VlLcMk3xnKdW6eINw0RFx47YyBiJjrH0Wt19bSagkWcvm3P3lTFJmq9ccAMfmgHubVri odvA== X-Gm-Message-State: AOJu0YxQ7ZzNtEqjIgJCEtzWWolIve7L1GdRMWOdFFCMus1XC1klrYvv /bs+O9Zn5tcghoj/XsO2dZdMlsA+Mcf27jeWH9Cbcw== X-Google-Smtp-Source: AGHT+IEw43Lf2uOaPINTZMQHb1+5PC5IekgJVOZ2+uQYCbvxFjRgl4VsQOJWXQrlhgr0vu+VM+A4Vw== X-Received: by 2002:a05:6358:27a3:b0:170:17eb:9c45 with SMTP id l35-20020a05635827a300b0017017eb9c45mr670113rwb.38.1703124558336; Wed, 20 Dec 2023 18:09:18 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/11] ghostscript: Backport fix for CVE-2023-46751 Date: Wed, 20 Dec 2023 16:09:01 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192813 From: Vijay Anusuri Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2023-46751.patch | 41 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch new file mode 100644 index 0000000000..6fe5590892 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch @@ -0,0 +1,41 @@ +From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 16 Oct 2023 16:49:40 +0100 +Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output + files + +In the device initialization redesign, tiffsep and tiffsep1 lost the requirement +for the output files to be seekable. + +Fixing that highlighted a problem with the error handling in +gdev_prn_open_printer_seekable() where closing the erroring file would leave a +dangling pointer, and lead to a crash. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a] +CVE: CVE-2023-46751 +Signed-off-by: Vijay Anusuri +--- + base/gdevprn.c | 1 + + devices/gdevtsep.c | 1 + + 2 files changed, 2 insertions(+) + +--- a/base/gdevprn.c ++++ b/base/gdevprn.c +@@ -1251,6 +1251,7 @@ gdev_prn_open_printer_seekable(gx_device + && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { + + code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); ++ ppdev->file = NULL; + if (code < 0) + return code; + } +--- a/devices/gdevtsep.c ++++ b/devices/gdevtsep.c +@@ -738,6 +738,7 @@ tiffsep_initialize_device_procs(gx_devic + { + gdev_prn_initialize_device_procs(dev); + ++ set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); + set_dev_proc(dev, open_device, tiffsep_prn_open); + set_dev_proc(dev, close_device, tiffsep_prn_close); + set_dev_proc(dev, map_color_rgb, tiffsep_decode_color); diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 7f4050755c..e0d1e4618f 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -42,6 +42,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2023-36664-0002.patch \ file://CVE-2023-38559.patch \ file://CVE-2023-43115.patch \ + file://CVE-2023-46751.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Thu Dec 21 02:09:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36756 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 010FFC46CD3 for ; Thu, 21 Dec 2023 02:09:25 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web10.43010.1703124561444198602 for ; Wed, 20 Dec 2023 18:09:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ejeFnITN; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-28bc20cb501so1077662a91.1 for ; Wed, 20 Dec 2023 18:09:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124560; x=1703729360; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YZpzs660G6da1Ukof+0K8YYNQ+/MT9mDfNvC3YMbWLA=; b=ejeFnITNDlNg+1rbVJw9fsKii/aJ6jvdYsfsntvr4kMibaAJTzNWi2OYagh4XDk2K1 wp0z+yVgihrNUWREG3WPcaqy8j6hR0J/l24SwVUqBh6HdIxRd6jmWBdGcUjPc50bkjPH pzzfmFR3zTwEf3rUcAtcioGwQeDdaouiNLv/EDmBaPsY6NRGOKmx/sFxzq+oe9CbVvrS vC3J+zkRcnsI3Zp1tVRKGQS4yOMzMNFYV4Kz5ZyiIlGBtT9EWTd+VRhxFGCb6YJFZ7uN xoU8lMEYfGBQnnH5M35vSJHDBe5AatZalYpJ8FIa9CKtO/lsr8Qv5nnFlFmFITGvZDYC viOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124560; x=1703729360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YZpzs660G6da1Ukof+0K8YYNQ+/MT9mDfNvC3YMbWLA=; b=lSimV5NHOwnTSHWCNrXrQapmqvifNSaXboY5dt/Qz1gqWpBwQfgcpta+/54BUe4MRs zPRbeYwn1eaI66t8ldvU/ECBuVAGwPWahUOSBWSRxANLZgyBLrSfMLsDB2gAb4dmi6YG LT36IITXovSPNUSEj9Lu8b+Rjii2FFahBFuLhxT+B8tUVYj+bbtjLQ/qGWNl6j6BMsxs GcZneD30GKAKwN2Kku4zz02eocRGsA7NMYJTYqcWfBrRYw11GBY9RFFvJFuRVbhQX/xb bgeYkDWMtoEnYApljKKb6511CTFkZWjzkP+bdhFSI6ABBbbLhv9IYC1kGjfnH7AU9/r5 OArA== X-Gm-Message-State: AOJu0YyBxY5Z8OpKnPoy4EOFdmybxlpWqmfe5bCsjhdFPYuIsGAsjBiv Lqyl8DKoZKsumWSdl49OdJRlKyLKt/7+DT8UmS7afEDdBnX+rA== X-Google-Smtp-Source: AGHT+IF5Da3dH8xSH47v0La6dgzMm/PirkVSRFFtq9LnRt6K1cguvamhh6gx1aCt2wYWKiR6GNG5FQ== X-Received: by 2002:a17:90b:3554:b0:28b:d358:d50c with SMTP id lt20-20020a17090b355400b0028bd358d50cmr2546033pjb.34.1703124560168; Wed, 20 Dec 2023 18:09:20 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:19 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/11] curl: Fix CVE-2023-46218 Date: Wed, 20 Dec 2023 16:09:02 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192814 From: Poonam Jadhav Add patch to fix CVE-2023-46218 Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.88.1-8ubuntu2.4/curl_7.88.1-8ubuntu2.4.debian.tar.xz https://github.com/curl/curl/commit/2b0994c29a721c91c57 Signed-off-by: Poonam Jadhav Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2023-46218.patch | 52 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-46218.patch b/meta/recipes-support/curl/curl/CVE-2023-46218.patch new file mode 100644 index 0000000000..d7d7908ea0 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-46218.patch @@ -0,0 +1,52 @@ +Backport of: + +From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 + +CVE: CVE-2023-46218 +Upstream-Status: Backport [https://github.com/curl/curl/commit/2b0994c29a721c91c57] +Signed-off-by: Poonam Jadhav +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1044,15 +1044,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain); + } +- else +- acceptable = !bad_domain(domain); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 471bc47f34..a36d03f668 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -54,6 +54,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-32001.patch \ file://CVE-2023-38545.patch \ file://CVE-2023-38546.patch \ + file://CVE-2023-46218.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Dec 21 02:09:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D034C46CD2 for ; Thu, 21 Dec 2023 02:09:26 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.42658.1703124563365572254 for ; Wed, 20 Dec 2023 18:09:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1KjF2EQz; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1d4006b251aso3203035ad.0 for ; Wed, 20 Dec 2023 18:09:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124562; x=1703729362; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LEsivaRXrQmJYX8L/IJon72o5Jufe1SaTNQJmUmL35Q=; b=1KjF2EQz8izxro7RdYfBqXkX7jOiPynQlx+OAyyuT9tnt5c5C8z6y9vPmNqjIiBCeD VslQxumNIZQkAHaNllJUhbdkrWu6aUAY/Tl/NB67WPlTMZPTgHEWuaLJ4PGvYNFbSJ5/ RkK/jksYSDemk+dbmaTiA3dcyo+mZqQZWH1OR2NPVVgldc2UyorP1u+/gLsVx+V/jwlU fryq31z3JtIaY8vYCeQ47g26/O541GfEXKsH8hZ6MoFj7YKpyOffArs0bmvvCtUizhYR cx/+yFYhgmhaTtM5IFWrSy6cprOZ0kQByZfPnBLRNQSkBOMVTAV0UDXh9TD1zPyWo6HJ 0evQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124562; x=1703729362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LEsivaRXrQmJYX8L/IJon72o5Jufe1SaTNQJmUmL35Q=; b=Mk8BrBytY/vt8n3phl4b8yBn1nTXeBXHAj613TRB5Rfjxstlyzu1uXF0JC2r24p/dJ YoS7FZYzVz/kHLHl7zAmsBe1weXaOmXwXkPCq3M0NJh/gcOyhjHMg3IfweluEm5XQ8FX rX24ZfGzr+TTI3+WzCgfne507ivPTD2u38cl+si+SwkLF9itBCpGRxeBvwXFUegWY3Jo frhh+tl2HUVxiZIP62Ai9Td8ykI3oeUDHBV9JuNaSy7Edox/9tL8QCqm0LnZM78kSzsN ksMbG0UhI+J4pNARM04ovL3fMUzsGwWWZV/jqc9vI+EyImr4+TADBcgeQzDgm7lP2zvE UQqw== X-Gm-Message-State: AOJu0YyexmyipBp8o/XYnkTMgnl/asVHCae0SfTzRxDwAccedZpDPEs3 Bv2Dga+sbElefG0qMCuVZ1FqAo9x/aovWCUb+98e8g== X-Google-Smtp-Source: AGHT+IHe2IYWL1VThdksLQKBIBr8m7tSuZ2AO/ppCjxciymlsiCxvWoeNA+hOqH2BdFCr+zLJi5N4Q== X-Received: by 2002:a17:902:ed92:b0:1d3:bc88:59af with SMTP id e18-20020a170902ed9200b001d3bc8859afmr6491979plj.136.1703124561915; Wed, 20 Dec 2023 18:09:21 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/11] qemu: Fix CVE-2023-5088 Date: Wed, 20 Dec 2023 16:09:03 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192815 From: Sourav Pramanik A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This change is to fix CVE-2023-5088. Link: https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e Signed-off-by: Sourav Pramanik Signed-off-by: Sourav Kumar Pramanik Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-5088.patch | 112 ++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-5088.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index c8e4e2e6f3..c5fb9b1eab 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -102,6 +102,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-3180.patch \ file://CVE-2021-3638.patch \ file://CVE-2023-1544.patch \ + file://CVE-2023-5088.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-5088.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-5088.patch new file mode 100644 index 0000000000..c5ea9d739a --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-5088.patch @@ -0,0 +1,112 @@ +From 7d7512019fc40c577e2bdd61f114f31a9eb84a8e Mon Sep 17 00:00:00 2001 +From: Fiona Ebner +Date: Wed, 6 Sep 2023 15:09:21 +0200 +Subject: [PATCH] hw/ide: reset: cancel async DMA operation before resetting + state +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If there is a pending DMA operation during ide_bus_reset(), the fact +that the IDEState is already reset before the operation is canceled +can be problematic. In particular, ide_dma_cb() might be called and +then use the reset IDEState which contains the signature after the +reset. When used to construct the IO operation this leads to +ide_get_sector() returning 0 and nsector being 1. This is particularly +bad, because a write command will thus destroy the first sector which +often contains a partition table or similar. + +Traces showing the unsolicited write happening with IDEState +0x5595af6949d0 being used after reset: + +> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300 +> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port +> ide_reset IDEstate 0x5595af6949d0 +> ide_reset IDEstate 0x5595af694da8 +> ide_bus_reset_aio aio_cancel +> dma_aio_cancel dbs=0x7f64600089a0 +> dma_blk_cb dbs=0x7f64600089a0 ret=0 +> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30 +> ahci_populate_sglist ahci(0x5595af6923f0)[0] +> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512 +> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE +> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1 +> dma_blk_cb dbs=0x7f6420802010 ret=0 + +> (gdb) p *qiov +> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0, +> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000", +> size = 512}}} +> (gdb) bt +> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0, +> cb=0x5595ace6f0b0 , opaque=0x7f6420802010) +> at ../block/block-backend.c:1682 +> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=) +> at ../softmmu/dma-helpers.c:179 +> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0, +> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512, +> io_func=io_func@entry=0x5595ace6ee30 , +> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30, +> cb=0x5595acd40b30 , opaque=0x5595af6949d0, +> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244 +> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30, +> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512, +> cb=cb@entry=0x5595acd40b30 , opaque=opaque@entry=0x5595af6949d0) +> at ../softmmu/dma-helpers.c:280 +> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=) +> at ../hw/ide/core.c:953 +> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0) +> at ../softmmu/dma-helpers.c:107 +> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127 +> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10) +> at ../block/block-backend.c:1527 +> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524 +> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594 +> #10 0x00005595ad258cfb in coroutine_trampoline (i0=, +> i1=) at ../util/coroutine-ucontext.c:177 + +CVE: CVE-2023-5088 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e] + +Signed-off-by: Fiona Ebner +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: simon.rowe@nutanix.com +Message-ID: <20230906130922.142845-1-f.ebner@proxmox.com> +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Sourav Pramanik +--- + hw/ide/core.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index b5e0dcd29b2..63ba665f3d2 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -2515,19 +2515,19 @@ static void ide_dummy_transfer_stop(IDEState *s) + + void ide_bus_reset(IDEBus *bus) + { +- bus->unit = 0; +- bus->cmd = 0; +- ide_reset(&bus->ifs[0]); +- ide_reset(&bus->ifs[1]); +- ide_clear_hob(bus); +- +- /* pending async DMA */ ++ /* pending async DMA - needs the IDEState before it is reset */ + if (bus->dma->aiocb) { + trace_ide_bus_reset_aio(); + blk_aio_cancel(bus->dma->aiocb); + bus->dma->aiocb = NULL; + } + ++ bus->unit = 0; ++ bus->cmd = 0; ++ ide_reset(&bus->ifs[0]); ++ ide_reset(&bus->ifs[1]); ++ ide_clear_hob(bus); ++ + /* reset dma provider too */ + if (bus->dma->ops->reset) { + bus->dma->ops->reset(bus->dma); +-- From patchwork Thu Dec 21 02:09:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 179F5C46CD8 for ; Thu, 21 Dec 2023 02:09:26 +0000 (UTC) Received: from mail-il1-f177.google.com (mail-il1-f177.google.com [209.85.166.177]) by mx.groups.io with SMTP id smtpd.web10.43012.1703124565391102987 for ; Wed, 20 Dec 2023 18:09:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=MhCsHxwt; spf=softfail (domain: sakoman.com, ip: 209.85.166.177, mailfrom: steve@sakoman.com) Received: by mail-il1-f177.google.com with SMTP id e9e14a558f8ab-35fd52f765cso673385ab.2 for ; Wed, 20 Dec 2023 18:09:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124564; x=1703729364; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Jtw+2suuRNorOArMOTLPOmoHpbjSt18gIelirrLLQpw=; b=MhCsHxwtgWZRXB2K0qiN8Eh/tITGo8/s4OI7tToTmlba2xTRmgI819GRxEW02QBa+w yj9p/M5E9NW/Q8UOOYlYuRSJw5o3UBpY26lmQoq7Y3YKa0UENMFuJTwrESuzxEN796cd i50O412+ZjkpUvgolIAxJ+J6hfNuKX1AFnKRqJLUTfTdD4d1meaYnXBMJDeF+b/clfCd 3CZSKIvR4hKkh/2PmBfU0hur7jACspzNDHIWRNGKiZxAJ8sUZj68R+TPKuyEzruBFAMn 6gLEEcuCJhRPCYMlMVlDUEoC5Lotx8g9snRJyp927JqHTINrMDTX2wLyR8BBgwxkgZd/ tyWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124564; x=1703729364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jtw+2suuRNorOArMOTLPOmoHpbjSt18gIelirrLLQpw=; b=W1JfP8y4wXwmmenZPa6TVoI0t95cGI+L6u4sOjaPIFEC4yg6OW2aGbMozkSgaNlvCE auQV0AwYz6FqD0Mph03Ab7G3WNQXBc3aysCgUJXt8Y2atiepm17OqNBfL46YXNO08eir IIV0RxFtMyr01g0LtJ/EnrVGAI8NCkScR45kpbCRZouJ5En4KUmjcUaycxSC56veJhWB h/+4CNaPI/1uYxMsEFEtPKLBOHpqRHCOkbtMwmpDru91HFeezbMzaG0wU4BqIPm/eVvG q1e2UuZd6Mk8XYVITCagyRMZYWiIO+9TgBCgCC2jiDeHOqadspi0DG7QiJahHRn8KFp2 aSIg== X-Gm-Message-State: AOJu0YyN+pwruMZ4gzHmjLHa3rRfOe3VnvUpOkCx2BCp5H1g2YlOsHk5 qkkUpwf+G+hWv1kMfpsTjGsrA5npKfLPQ3FDtu06Og== X-Google-Smtp-Source: AGHT+IF7OwLxWHBMNhRAEPaersUUqf+7S4DE0w5UXpEbeje8VaGSp02VJJgyhY1O7UKIyYL11fMb3g== X-Received: by 2002:a05:6e02:1ca7:b0:35d:59a2:2c1 with SMTP id x7-20020a056e021ca700b0035d59a202c1mr30828245ill.97.1703124563794; Wed, 20 Dec 2023 18:09:23 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/11] ffmpeg: fix for CVE-2022-3964 Date: Wed, 20 Dec 2023 16:09:04 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192816 From: "mark.yang" Without a CVE tag, It will be recognised as Unpatched by cve_check task. Signed-off-by: mark.yang Signed-off-by: Steve Sakoman --- ...001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch index 23573bb6b3..97fcfd993a 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch @@ -4,7 +4,7 @@ Date: Sat, 12 Nov 2022 16:12:00 +0100 Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984] - +CVE: CVE-2022-3964 Signed-off-by: --- From patchwork Thu Dec 21 02:09:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36761 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AE95C3DA6E for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com [209.85.160.51]) by mx.groups.io with SMTP id smtpd.web11.42659.1703124567029936423 for ; Wed, 20 Dec 2023 18:09:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PSeWn2NW; spf=softfail (domain: sakoman.com, ip: 209.85.160.51, mailfrom: steve@sakoman.com) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-1f5bd86ceb3so188969fac.2 for ; Wed, 20 Dec 2023 18:09:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124565; x=1703729365; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=flepK1GccOcpR44IQF/8j4HdRv8CjOBzpT8UaBpq5uI=; b=PSeWn2NWe51PIjw0Agg7+Xphfr6Rsr24vSDtzsFoKkrR68qxRY69o8IBavPGMECMq7 AvJU2gIUDXoKEevaD0Ws/xVLbrwSAP0RiGMdfL0mFYIrfnu6zxOVaLWuU3bdJVdRXEWs pvLKcO75TtI43OJQmdHDa64qWdfi8Oox7VTyQoccSXOR7ct5qASa9w37gtjCdR4f+dMJ bLr+B0vmgbwVSqiXujuex/H6qYtG4JgjptAfrLNm2JrsROTldlpo/ffsWyetKwkP3QoV 4AwcjZHSZcDrTDoms9ER9Zqlw8Sp4b7j6Rsu3CwhcLPpNL4wtKiIR7bsSwgNXoA7+LKl rPcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124565; x=1703729365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=flepK1GccOcpR44IQF/8j4HdRv8CjOBzpT8UaBpq5uI=; b=MQ7EOfI8LcKA3LH/zEa6e9NsNaNQAr+coKfVQOujul9XH55JSoN2kTEDIBI6uwh9wJ +eUDYFm90g7ARYEVd9usJNgZ32MormyJYweEw27CPMi1xA64Q+6qe4+HSNTJkQ998txW CNqxDzlU+EbCOonF07ZYX7u6WUrIinXaAMZeRFK2d6Q5dbQn5b4ui2kbWtipghvgV7y1 4J+qssOq9F75YFtzzDDOUExCO4aw7SfdhKatdE5bIe8sbaXXhsTXEUY3XgqVJLkmEza1 UDYw1Ba0Ts34FSOZiktO6HylYNEE8YRbLSWCgby+cEjcRrJrMXxESG3TydQE8u7/+lKv iCYg== X-Gm-Message-State: AOJu0YyHAlng2uoiTqAHg+vsnHdb17sOuYPCMlFml7VyJKJOIwiGcYKn 6ZZ2NhbAuNI3QJn833Znu0UQV8N5sTTKehW1+RlrUQ== X-Google-Smtp-Source: AGHT+IEA+mIfpt3jqsH8JLz8ryw49pNamQ30CAJAdC4w+3FD4kCB5JWNaUgtAceNGyM8Z86DzDxSEQ== X-Received: by 2002:a05:6870:71d1:b0:203:7ccc:b6e8 with SMTP id p17-20020a05687071d100b002037cccb6e8mr889966oag.25.1703124565582; Wed, 20 Dec 2023 18:09:25 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/11] ffmpeg: fix for CVE-2022-3965 Date: Wed, 20 Dec 2023 16:09:05 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192817 From: "mark.yang" Without a CVE tag, It will be recognised as Unpatched by cve_check task. Signed-off-by: mark.yang Signed-off-by: Steve Sakoman --- .../0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch index 6e237fdd52..8ebf1f69c4 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch @@ -5,6 +5,7 @@ Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd] +CVE: CVE-2022-3965 Signed-off-by: --- From patchwork Thu Dec 21 02:09:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FF60C4706E for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web11.42660.1703124568380438604 for ; Wed, 20 Dec 2023 18:09:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=u9qX88aG; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-28b6218d102so260510a91.0 for ; Wed, 20 Dec 2023 18:09:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124567; x=1703729367; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RRI9Dl7scidx9T2+KxUHxRMpUfHI0H07KV8ZUkJdYEA=; b=u9qX88aGvdG+bq0HYflHjH3/zUxTi4+UiOkDhJSpXHF+Q50mfDBD0HPmrEd1f0t1C6 IITpbUujQDy6hyg+aBaoXnXrc6iAIhKzbyJ3HVEh+EHF2ZcFwSXH8A+4r27H/DiLLCrI I2vdLt3b1yikBRkpFZv0UFoVrWShkSQSkRfuv7bc4UtxDJyoAfxFCHbGVErPEnxWZngm Q2uvuz9lhcnMhz4jGX81Tp5LNSYigLs8NzeOdrc7bGbFfaj+JXzcT4pzDrTkaBXk2D+P ABBOC9b+UGu74prjqgcvNH59K7UoIF+tpdr1AQfa6RjparN5pcTlKKphMPPByqzybdHw LBEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124567; x=1703729367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RRI9Dl7scidx9T2+KxUHxRMpUfHI0H07KV8ZUkJdYEA=; b=I1cT5AFitadSp1t0CwDHGFMbhLfLLyUY5Ys8VlIHvDj3aI3dwsoWxblnv1jIw6fASh 2oJ9oXe0Utp9CtznPTw0ny7T23bdZFf+E+xocwafPJH2LJI11bKrVFP2UVYbubheiGFL XsMCVHRjZczCmhdGyyEBMJ0s7XQ0hFqmtmdfHNfzfFSyJz09HwFxmxZUQqIK8oWnHzjM LBlZw7DmIRoj0t90yZoh3VJfTLnG9Fds+gI/aa0D4MPpL8IpEXVTipj3oXzQ0k78ErT5 3KBNZ3yIqZ9eoWVcpK9H2JyFXgsSTSRyXvURNNh50OL+NNoK1uBMnT/ZBSETu+RgtRuw azVA== X-Gm-Message-State: AOJu0YxBfRALjzD4FJvrDZR7unqahr4uXlfTyluYQHzzYHt86gRNHDRX rO2Ebg+nY4spy5nM45fWT3r7JDXoACCLtbGZFBQJkQ== X-Google-Smtp-Source: AGHT+IFp2cr6iBt1XMkzzrqAR1Iy0pKyIkrBUwmMHgGMB1vBw0gEQB4vG/l3ndaPwV4JkocyNQAF0w== X-Received: by 2002:a17:90b:506:b0:28b:b995:c886 with SMTP id r6-20020a17090b050600b0028bb995c886mr2776600pjz.82.1703124567407; Wed, 20 Dec 2023 18:09:27 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:27 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/11] go: Fix CVE-2023-39326 Date: Wed, 20 Dec 2023 16:09:06 -1000 Message-Id: <448df3bb9277287dd8586987199223b7314fdd01.1703124430.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192818 From: Soumya Sambu A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. References: https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://security-tracker.debian.org/tracker/CVE-2023-39326 Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.20/CVE-2023-39326.patch | 182 ++++++++++++++++++ 2 files changed, 183 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-39326.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index 330f571d22..95c4461d3e 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -47,6 +47,7 @@ SRC_URI += "\ file://CVE-2023-29409.patch \ file://CVE-2023-39319.patch \ file://CVE-2023-39318.patch \ + file://CVE-2023-39326.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.20/CVE-2023-39326.patch b/meta/recipes-devtools/go/go-1.20/CVE-2023-39326.patch new file mode 100644 index 0000000000..ca78e552c2 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.20/CVE-2023-39326.patch @@ -0,0 +1,182 @@ +From 6446af942e2e2b161c4ec1b60d9703a2b55dc4dd Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Tue, 7 Nov 2023 10:47:56 -0800 +Subject: [PATCH] net/http: limit chunked data overhead + +The chunked transfer encoding adds some overhead to +the content transferred. When writing one byte per +chunk, for example, there are five bytes of overhead +per byte of data transferred: "1\r\nX\r\n" to send "X". + +Chunks may include "chunk extensions", +which we skip over and do not use. +For example: "1;chunk extension here\r\nX\r\n". + +A malicious sender can use chunk extensions to add +about 4k of overhead per byte of data. +(The maximum chunk header line size we will accept.) + +Track the amount of overhead read in chunked data, +and produce an error if it seems excessive. + +Updates #64433 +Fixes #64434 +Fixes CVE-2023-39326 + +Change-Id: I40f8d70eb6f9575fb43f506eb19132ccedafcf39 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2076135 +Reviewed-by: Tatiana Bradley +Reviewed-by: Roland Shoemaker +(cherry picked from commit 3473ae72ee66c60744665a24b2fde143e8964d4f) +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2095407 +Run-TryBot: Roland Shoemaker +TryBot-Result: Security TryBots +Reviewed-by: Damien Neil +Reviewed-on: https://go-review.googlesource.com/c/go/+/547355 +Reviewed-by: Dmitri Shuralyov +LUCI-TryBot-Result: Go LUCI + +CVE: CVE-2023-39326 + +Upstream-Status: Backport [https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd] + +Signed-off-by: Soumya Sambu +--- + src/net/http/internal/chunked.go | 36 +++++++++++++--- + src/net/http/internal/chunked_test.go | 59 +++++++++++++++++++++++++++ + 2 files changed, 89 insertions(+), 6 deletions(-) + +diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go +index f06e572..ddbaacb 100644 +--- a/src/net/http/internal/chunked.go ++++ b/src/net/http/internal/chunked.go +@@ -39,7 +39,8 @@ type chunkedReader struct { + n uint64 // unread bytes in chunk + err error + buf [2]byte +- checkEnd bool // whether need to check for \r\n chunk footer ++ checkEnd bool // whether need to check for \r\n chunk footer ++ excess int64 // "excessive" chunk overhead, for malicious sender detection + } + + func (cr *chunkedReader) beginChunk() { +@@ -49,10 +50,38 @@ func (cr *chunkedReader) beginChunk() { + if cr.err != nil { + return + } ++ cr.excess += int64(len(line)) + 2 // header, plus \r\n after the chunk data ++ line = trimTrailingWhitespace(line) ++ line, cr.err = removeChunkExtension(line) ++ if cr.err != nil { ++ return ++ } + cr.n, cr.err = parseHexUint(line) + if cr.err != nil { + return + } ++ // A sender who sends one byte per chunk will send 5 bytes of overhead ++ // for every byte of data. ("1\r\nX\r\n" to send "X".) ++ // We want to allow this, since streaming a byte at a time can be legitimate. ++ // ++ // A sender can use chunk extensions to add arbitrary amounts of additional ++ // data per byte read. ("1;very long extension\r\nX\r\n" to send "X".) ++ // We don't want to disallow extensions (although we discard them), ++ // but we also don't want to allow a sender to reduce the signal/noise ratio ++ // arbitrarily. ++ // ++ // We track the amount of excess overhead read, ++ // and produce an error if it grows too large. ++ // ++ // Currently, we say that we're willing to accept 16 bytes of overhead per chunk, ++ // plus twice the amount of real data in the chunk. ++ cr.excess -= 16 + (2 * int64(cr.n)) ++ if cr.excess < 0 { ++ cr.excess = 0 ++ } ++ if cr.excess > 16*1024 { ++ cr.err = errors.New("chunked encoding contains too much non-data") ++ } + if cr.n == 0 { + cr.err = io.EOF + } +@@ -133,11 +162,6 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { + if len(p) >= maxLineLength { + return nil, ErrLineTooLong + } +- p = trimTrailingWhitespace(p) +- p, err = removeChunkExtension(p) +- if err != nil { +- return nil, err +- } + return p, nil + } + +diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go +index 08152ed..5fbeb08 100644 +--- a/src/net/http/internal/chunked_test.go ++++ b/src/net/http/internal/chunked_test.go +@@ -211,3 +211,62 @@ func TestChunkReadPartial(t *testing.T) { + } + + } ++ ++func TestChunkReaderTooMuchOverhead(t *testing.T) { ++ // If the sender is sending 100x as many chunk header bytes as chunk data, ++ // we should reject the stream at some point. ++ chunk := []byte("1;") ++ for i := 0; i < 100; i++ { ++ chunk = append(chunk, 'a') // chunk extension ++ } ++ chunk = append(chunk, "\r\nX\r\n"...) ++ const bodylen = 1 << 20 ++ r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) { ++ if i < bodylen { ++ return chunk, nil ++ } ++ return []byte("0\r\n"), nil ++ }}) ++ _, err := io.ReadAll(r) ++ if err == nil { ++ t.Fatalf("successfully read body with excessive overhead; want error") ++ } ++} ++ ++func TestChunkReaderByteAtATime(t *testing.T) { ++ // Sending one byte per chunk should not trip the excess-overhead detection. ++ const bodylen = 1 << 20 ++ r := NewChunkedReader(&funcReader{f: func(i int) ([]byte, error) { ++ if i < bodylen { ++ return []byte("1\r\nX\r\n"), nil ++ } ++ return []byte("0\r\n"), nil ++ }}) ++ got, err := io.ReadAll(r) ++ if err != nil { ++ t.Errorf("unexpected error: %v", err) ++ } ++ if len(got) != bodylen { ++ t.Errorf("read %v bytes, want %v", len(got), bodylen) ++ } ++} ++ ++type funcReader struct { ++ f func(iteration int) ([]byte, error) ++ i int ++ b []byte ++ err error ++} ++ ++func (r *funcReader) Read(p []byte) (n int, err error) { ++ if len(r.b) == 0 && r.err == nil { ++ r.b, r.err = r.f(r.i) ++ r.i++ ++ } ++ n = copy(p, r.b) ++ r.b = r.b[n:] ++ if len(r.b) > 0 { ++ return n, nil ++ } ++ return n, r.err ++} +-- +2.40.0 From patchwork Thu Dec 21 02:09:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36766 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2EEEDC46CD8 for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.42661.1703124570672274216 for ; Wed, 20 Dec 2023 18:09:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pMaGdtGF; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6d728c75240so312328b3a.1 for ; Wed, 20 Dec 2023 18:09:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124570; x=1703729370; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SDZHvMD1nAlvkam/MPLuXSV7X5Ioehr5t0kQJqwM+XM=; b=pMaGdtGFBQB32rvtKO18IiRQez9p6VfPGQKq+yN+vkEBiIbeoYD9tWkvdsfec37/NS JLCyZ7donyE6sxXQ8SukjXWKyI9wu87qWRoQDIwMNeWwvROMrga8HgBut5b55QgfactG m8ibjA1q/kNA84pkxgjumb+AoD56uHGl/FH4YwJ2wrnvAOjqEogX81pWih0pPnkwNQN2 eSNHOm/Lje2JfTM1TyJkvbuZK1ryuFQE3Z2nNS231KC+ToTpcCvNWMohuHn8GMmq0jPM UhFhIfnq8J7YSgGBC1z6jDKggFgGnZphewx33e9LBDR/B6p2dtRBjW4pk1FPDColxyrs m8yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124570; x=1703729370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SDZHvMD1nAlvkam/MPLuXSV7X5Ioehr5t0kQJqwM+XM=; b=k6B88evg+Ijb8AON3nbs47LBLd2rgpMvzGTXdCRCPyk9y7wy9VidmBjiDRQwCgbtwH WkJVfM/8S9XWr17nn1zvuFJ2G8Q/+d7iPHlQxqFXxdXu+pq1ixrBC9sXOnRu0GrXa8vb XTqU01FYbBWHR9OBN5xAb6azUliieiJWxeNTVl2Z5xZty3LXIU/DlbbvZFZ/cmFOEiZL W1rbbvpeCNXldy5oMPGLuqzHRLelbiPW2ZT02Q8Hj1BeQI5TnUlor7I0QRFNnaTLWfJi B2BMiwaY3jiT1NUZ+QJyTKKncm4gX5WLY6qGbGMW8UzW5ZSk0qkrccvd9LAe2aZ/N2il il7A== X-Gm-Message-State: AOJu0YxFgwR1C08+SXVSOGhyZe4/W7LFQl+QGGYolSONfFaztisMpbTP TRu3ZmEc5GxPqThpgVp9f0RL5LY5J40rLCcUmHXh2Q== X-Google-Smtp-Source: AGHT+IF9QFZoASRCDwWnAXNvVZ6y5oM6iHPDwHJD9VnBnsoV5gmG5Q2eTjL6B1R9ojjmt32+FrfDCA== X-Received: by 2002:a05:6a20:4883:b0:194:b6f2:4d4a with SMTP id fo3-20020a056a20488300b00194b6f24d4amr547912pzb.91.1703124569360; Wed, 20 Dec 2023 18:09:29 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:29 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/11] openssh: backport Debian patch for CVE-2023-48795 Date: Wed, 20 Dec 2023 16:09:07 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192819 From: Vijay Anusuri import patches from ubuntu to fix fix-authorized-principals-command CVE-2023-48795 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/openssh/openssh-portable/commit/fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 & https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5] Reference: https://ubuntu.com/security/CVE-2023-48795 Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../openssh/openssh/CVE-2023-48795.patch | 476 ++++++++++++++++++ .../fix-authorized-principals-command.patch | 30 ++ .../openssh/openssh_8.9p1.bb | 2 + 3 files changed, 508 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/fix-authorized-principals-command.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch new file mode 100644 index 0000000000..6b2f927779 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch @@ -0,0 +1,476 @@ +(modified to not remove ssh_packet_read_expect() and to add to +KexAlgorithms in sshd.c and sshconnect2.c as this version pre-dates +kex_proposal_populate_entries()) + +Backport of: + +From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 18 Dec 2023 14:45:17 +0000 +Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd + +This adds a protocol extension to improve the integrity of the SSH +transport protocol, particular in and around the initial key exchange +(KEX) phase. + +Full details of the extension are in the PROTOCOL file. + +with markus@ + +OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2023-48795.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5] +CVE: CVE-2023-48795 +Signed-off-by: Vijay Anusuri +--- + PROTOCOL | 26 +++++++++++++++++ + kex.c | 72 +++++++++++++++++++++++++++++++---------------- + kex.h | 1 + + packet.c | 78 ++++++++++++++++++++++++++++++++++++++------------- + sshconnect2.c | 14 +++------ + sshd.c | 7 +++-- + 6 files changed, 142 insertions(+), 56 deletions(-) + +diff --git a/PROTOCOL b/PROTOCOL +index e6a7d60..971f01e 100644 +--- a/PROTOCOL ++++ b/PROTOCOL +@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curve25519 for key exchange as + described at: + http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519 + ++1.9 transport: strict key exchange extension ++ ++OpenSSH supports a number of transport-layer hardening measures under ++a "strict KEX" feature. This feature is signalled similarly to the ++RFC8308 ext-info feature: by including a additional algorithm in the ++initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append ++"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server ++may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms ++are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored ++if they are present in subsequent SSH2_MSG_KEXINIT packets. ++ ++When an endpoint that supports this extension observes this algorithm ++name in a peer's KEXINIT packet, it MUST make the following changes to ++the the protocol: ++ ++a) During initial KEX, terminate the connection if any unexpected or ++ out-of-sequence packet is received. This includes terminating the ++ connection if the first packet received is not SSH2_MSG_KEXINIT. ++ Unexpected packets for the purpose of strict KEX include messages ++ that are otherwise valid at any time during the connection such as ++ SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. ++b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the ++ packet sequence number to zero. This behaviour persists for the ++ duration of the connection (i.e. not just the first ++ SSH2_MSG_NEWKEYS). ++ + 2. Connection protocol changes + + 2.1. connection: Channel write close extension "eow@openssh.com" +diff --git a/kex.c b/kex.c +index 0bcd27d..e7b2d4d 100644 +--- a/kex.c ++++ b/kex.c +@@ -63,7 +63,7 @@ + #include "digest.h" + + /* prototype */ +-static int kex_choose_conf(struct ssh *); ++static int kex_choose_conf(struct ssh *, uint32_t seq); + static int kex_input_newkeys(int, u_int32_t, struct ssh *); + + static const char * const proposal_names[PROPOSAL_MAX] = { +@@ -175,6 +175,18 @@ kex_names_valid(const char *names) + return 1; + } + ++/* returns non-zero if proposal contains any algorithm from algs */ ++static int ++has_any_alg(const char *proposal, const char *algs) ++{ ++ char *cp; ++ ++ if ((cp = match_list(proposal, algs, NULL)) == NULL) ++ return 0; ++ free(cp); ++ return 1; ++} ++ + /* + * Concatenate algorithm names, avoiding duplicates in the process. + * Caller must free returned string. +@@ -182,7 +194,7 @@ kex_names_valid(const char *names) + char * + kex_names_cat(const char *a, const char *b) + { +- char *ret = NULL, *tmp = NULL, *cp, *p, *m; ++ char *ret = NULL, *tmp = NULL, *cp, *p; + size_t len; + + if (a == NULL || *a == '\0') +@@ -199,10 +211,8 @@ kex_names_cat(const char *a, const char *b) + } + strlcpy(ret, a, len); + for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { +- if ((m = match_list(ret, p, NULL)) != NULL) { +- free(m); ++ if (has_any_alg(ret, p)) + continue; /* Algorithm already present */ +- } + if (strlcat(ret, ",", len) >= len || + strlcat(ret, p, len) >= len) { + free(tmp); +@@ -410,7 +420,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) + { + int r; + +- error("kex protocol error: type %d seq %u", type, seq); ++ /* If in strict mode, any unexpected message is an error */ ++ if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) { ++ ssh_packet_disconnect(ssh, "strict KEX violation: " ++ "unexpected packet type %u (seqnr %u)", type, seq); ++ } ++ error_f("type %u seq %u", type, seq); + if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || + (r = sshpkt_put_u32(ssh, seq)) != 0 || + (r = sshpkt_send(ssh)) != 0) +@@ -485,6 +500,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); + if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) + return r; ++ if (ninfo >= 1024) { ++ error("SSH2_MSG_EXT_INFO with too many entries, expected " ++ "<=1024, received %u", ninfo); ++ return dispatch_protocol_error(type, seq, ssh); ++ } + for (i = 0; i < ninfo; i++) { + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) + return r; +@@ -600,7 +620,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) + error_f("no kex"); + return SSH_ERR_INTERNAL_ERROR; + } +- ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ++ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error); + ptr = sshpkt_ptr(ssh, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) + return r; +@@ -636,7 +656,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) + if (!(kex->flags & KEX_INIT_SENT)) + if ((r = kex_send_kexinit(ssh)) != 0) + return r; +- if ((r = kex_choose_conf(ssh)) != 0) ++ if ((r = kex_choose_conf(ssh, seq)) != 0) + return r; + + if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL) +@@ -900,20 +920,14 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) + return (1); + } + +-/* returns non-zero if proposal contains any algorithm from algs */ + static int +-has_any_alg(const char *proposal, const char *algs) ++kexalgs_contains(char **peer, const char *ext) + { +- char *cp; +- +- if ((cp = match_list(proposal, algs, NULL)) == NULL) +- return 0; +- free(cp); +- return 1; ++ return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext); + } + + static int +-kex_choose_conf(struct ssh *ssh) ++kex_choose_conf(struct ssh *ssh, uint32_t seq) + { + struct kex *kex = ssh->kex; + struct newkeys *newkeys; +@@ -938,13 +952,23 @@ kex_choose_conf(struct ssh *ssh) + sprop=peer; + } + +- /* Check whether client supports ext_info_c */ +- if (kex->server && (kex->flags & KEX_INITIAL)) { +- char *ext; +- +- ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); +- kex->ext_info_c = (ext != NULL); +- free(ext); ++ /* Check whether peer supports ext_info/kex_strict */ ++ if ((kex->flags & KEX_INITIAL) != 0) { ++ if (kex->server) { ++ kex->ext_info_c = kexalgs_contains(peer, "ext-info-c"); ++ kex->kex_strict = kexalgs_contains(peer, ++ "kex-strict-c-v00@openssh.com"); ++ } else { ++ kex->kex_strict = kexalgs_contains(peer, ++ "kex-strict-s-v00@openssh.com"); ++ } ++ if (kex->kex_strict) { ++ debug3_f("will use strict KEX ordering"); ++ if (seq != 0) ++ ssh_packet_disconnect(ssh, ++ "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ } + } + + /* Check whether client supports rsa-sha2 algorithms */ +diff --git a/kex.h b/kex.h +index c353295..d97323e 100644 +--- a/kex.h ++++ b/kex.h +@@ -148,6 +148,7 @@ struct kex { + u_int kex_type; + char *server_sig_algs; + int ext_info_c; ++ int kex_strict; + struct sshbuf *my; + struct sshbuf *peer; + struct sshbuf *client_version; +diff --git a/packet.c b/packet.c +index bde6c10..28f3729 100644 +--- a/packet.c ++++ b/packet.c +@@ -1205,8 +1205,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh) + sshbuf_dump(state->output, stderr); + #endif + /* increment sequence number for outgoing packets */ +- if (++state->p_send.seqnr == 0) ++ if (++state->p_send.seqnr == 0) { ++ if ((ssh->kex->flags & KEX_INITIAL) != 0) { ++ ssh_packet_disconnect(ssh, "outgoing sequence number " ++ "wrapped during initial key exchange"); ++ } + logit("outgoing seqnr wraps around"); ++ } + if (++state->p_send.packets == 0) + if (!(ssh->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; +@@ -1214,6 +1219,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh) + state->p_send.bytes += len; + sshbuf_reset(state->outgoing_packet); + ++ if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { ++ debug_f("resetting send seqnr %u", state->p_send.seqnr); ++ state->p_send.seqnr = 0; ++ } ++ + if (type == SSH2_MSG_NEWKEYS) + r = ssh_set_newkeys(ssh, MODE_OUT); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side) +@@ -1342,8 +1352,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + /* Stay in the loop until we have received a complete packet. */ + for (;;) { + /* Try to read a packet from the buffer. */ +- r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p); +- if (r != 0) ++ if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0) + break; + /* If we got a packet, return it. */ + if (*typep != SSH_MSG_NONE) +@@ -1627,10 +1636,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) + goto out; + } ++ + if (seqnr_p != NULL) + *seqnr_p = state->p_read.seqnr; +- if (++state->p_read.seqnr == 0) ++ if (++state->p_read.seqnr == 0) { ++ if ((ssh->kex->flags & KEX_INITIAL) != 0) { ++ ssh_packet_disconnect(ssh, "incoming sequence number " ++ "wrapped during initial key exchange"); ++ } + logit("incoming seqnr wraps around"); ++ } + if (++state->p_read.packets == 0) + if (!(ssh->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; +@@ -1696,6 +1711,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + #endif + /* reset for next packet */ + state->packlen = 0; ++ if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { ++ debug_f("resetting read seqnr %u", state->p_read.seqnr); ++ state->p_read.seqnr = 0; ++ } + + if ((r = ssh_packet_check_rekey(ssh)) != 0) + return r; +@@ -1716,10 +1735,39 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + r = ssh_packet_read_poll2(ssh, typep, seqnr_p); + if (r != 0) + return r; +- if (*typep) { +- state->keep_alive_timeouts = 0; +- DBG(debug("received packet type %d", *typep)); ++ if (*typep == 0) { ++ /* no message ready */ ++ return 0; ++ } ++ state->keep_alive_timeouts = 0; ++ DBG(debug("received packet type %d", *typep)); ++ ++ /* Always process disconnect messages */ ++ if (*typep == SSH2_MSG_DISCONNECT) { ++ if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || ++ (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) ++ return r; ++ /* Ignore normal client exit notifications */ ++ do_log2(ssh->state->server_side && ++ reason == SSH2_DISCONNECT_BY_APPLICATION ? ++ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ++ "Received disconnect from %s port %d:" ++ "%u: %.400s", ssh_remote_ipaddr(ssh), ++ ssh_remote_port(ssh), reason, msg); ++ free(msg); ++ return SSH_ERR_DISCONNECTED; + } ++ ++ /* ++ * Do not implicitly handle any messages here during initial ++ * KEX when in strict mode. They will be need to be allowed ++ * explicitly by the KEX dispatch table or they will generate ++ * protocol errors. ++ */ ++ if (ssh->kex != NULL && ++ (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) ++ return 0; ++ /* Implicitly handle transport-level messages */ + switch (*typep) { + case SSH2_MSG_IGNORE: + debug3("Received SSH2_MSG_IGNORE"); +@@ -1734,19 +1782,6 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + debug("Remote: %.900s", msg); + free(msg); + break; +- case SSH2_MSG_DISCONNECT: +- if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || +- (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) +- return r; +- /* Ignore normal client exit notifications */ +- do_log2(ssh->state->server_side && +- reason == SSH2_DISCONNECT_BY_APPLICATION ? +- SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, +- "Received disconnect from %s port %d:" +- "%u: %.400s", ssh_remote_ipaddr(ssh), +- ssh_remote_port(ssh), reason, msg); +- free(msg); +- return SSH_ERR_DISCONNECTED; + case SSH2_MSG_UNIMPLEMENTED: + if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0) + return r; +@@ -2211,6 +2246,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) + (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || + (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || + (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || ++ (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 || + (r = sshbuf_put_stringb(m, kex->my)) != 0 || + (r = sshbuf_put_stringb(m, kex->peer)) != 0 || + (r = sshbuf_put_stringb(m, kex->client_version)) != 0 || +@@ -2373,6 +2409,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || + (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || ++ (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 || + (r = sshbuf_get_stringb(m, kex->my)) != 0 || + (r = sshbuf_get_stringb(m, kex->peer)) != 0 || + (r = sshbuf_get_stringb(m, kex->client_version)) != 0 || +@@ -2701,6 +2738,7 @@ sshpkt_disconnect(struct ssh *ssh, const char *fmt,...) + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ++ debug2_f("sending SSH2_MSG_DISCONNECT: %s", buf); + if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || + (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 || + (r = sshpkt_put_cstring(ssh, buf)) != 0 || +diff --git a/sshconnect2.c b/sshconnect2.c +index b25225e..83ae4a4 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -241,7 +241,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + fatal_fr(r, "kex_assemble_namelist"); + free(all_key); + +- if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) ++ if ((s = kex_names_cat(options.kex_algorithms, ++ "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) + fatal_f("kex_names_cat"); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = +@@ -363,7 +364,6 @@ struct cauthmethod { + }; + + static int input_userauth_service_accept(int, u_int32_t, struct ssh *); +-static int input_userauth_ext_info(int, u_int32_t, struct ssh *); + static int input_userauth_success(int, u_int32_t, struct ssh *); + static int input_userauth_failure(int, u_int32_t, struct ssh *); + static int input_userauth_banner(int, u_int32_t, struct ssh *); +@@ -477,7 +477,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + + ssh->authctxt = &authctxt; + ssh_dispatch_init(ssh, &input_userauth_error); +- ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ++ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info); + ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ + pubkey_cleanup(ssh); +@@ -529,13 +529,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) + return r; + } + +-/* ARGSUSED */ +-static int +-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) +-{ +- return kex_input_ext_info(type, seqnr, ssh); +-} +- + void + userauth(struct ssh *ssh, char *authlist) + { +@@ -617,6 +610,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) + free(authctxt->methoddata); + authctxt->methoddata = NULL; + authctxt->success = 1; /* break out */ ++ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error); + return 0; + } + +diff --git a/sshd.c b/sshd.c +index ef18ba4..652bdc3 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -2354,11 +2354,13 @@ static void + do_ssh2_kex(struct ssh *ssh) + { + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; ++ char *s; + struct kex *kex; + int r; + +- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, +- options.kex_algorithms); ++ if ((s = kex_names_cat(options.kex_algorithms, "kex-strict-s-v00@openssh.com")) == NULL) ++ fatal_f("kex_names_cat"); ++ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh, + options.ciphers); + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh, +@@ -2411,6 +2413,7 @@ do_ssh2_kex(struct ssh *ssh) + (r = ssh_packet_write_wait(ssh)) != 0) + fatal_fr(r, "send test"); + #endif ++ free(s); + debug("KEX done"); + } + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssh/openssh/fix-authorized-principals-command.patch b/meta/recipes-connectivity/openssh/openssh/fix-authorized-principals-command.patch new file mode 100644 index 0000000000..3790774f15 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/fix-authorized-principals-command.patch @@ -0,0 +1,30 @@ +From fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 24 May 2023 23:01:06 +0000 +Subject: [PATCH] upstream: fix AuthorizedPrincipalsCommand when + AuthorizedKeysCommand +Description: Fix the wrong code as the Subject suggests + I added that description to mention, that the file header change was + incompatible with the proposed code below and failed to apply, + therefore I dropped that chunk of the code. +Origin: backport, https://github.com/openssh/openssh-portable/commit/fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 +Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3574 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2031942 +Last-Update: 2023-09-01 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/fix-authorized-principals-command.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/openssh/openssh-portable/commit/fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290] +Signed-off-by: Vijay Anusuri +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/servconf.c ++++ b/servconf.c +@@ -2372,7 +2372,7 @@ process_server_config_line_depth(ServerO + fatal("%.200s line %d: %s must be an absolute path", + filename, linenum, keyword); + } +- if (*activep && options->authorized_keys_command == NULL) ++ if (*activep && *charptr == NULL) + *charptr = xstrdup(str + len); + argv_consume(&ac); + break; diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 32761b8bb8..7ad9bced1b 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -32,6 +32,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2023-38408-0002.patch \ file://CVE-2023-38408-0003.patch \ file://CVE-2023-38408-0004.patch \ + file://fix-authorized-principals-command.patch \ + file://CVE-2023-48795.patch \ " SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" From patchwork Thu Dec 21 02:09:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2EF9DC4706C for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web11.42664.1703124572396345883 for ; Wed, 20 Dec 2023 18:09:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=T5c5UaHk; spf=softfail (domain: sakoman.com, ip: 209.85.216.54, mailfrom: steve@sakoman.com) Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-28ad7a26f4aso275336a91.0 for ; Wed, 20 Dec 2023 18:09:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124571; x=1703729371; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9BIo0Q0tZ+kpNzOJKd3Xc7nojkiUBHVj0OqKM7cLcoE=; b=T5c5UaHkfs/4Nl37sDGLBTK16lxXydiZiW/OoKcu3aDGwTrpugFAh1A5Rnxdy5DYrT Ewhy2PDNGnJHv1RbUpsHrjwBKUZL3Xv7nxWtYodIcQXaldp4W2j9mvQjnyD+2j/FQp0N +RxQE5WJRmHuQbr+VQ9ZjA+NiFv0j8Z2U82Ezih/VJmfAnPZ6lhzUTGyAtnFKLDZ3ztA Jj0UtfMnhZPmFRm3nFdtP3BlDy4frCu9pZR+jmNbkbTkNf6mpJVvyCMk93C+24AGTM6p VdIe8zlE6wpfs8vr+8opkuGjAbCDbJ5YcgjhPclPH3MlweOARS62l16CHGDaLb4wSteR ktgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124571; x=1703729371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9BIo0Q0tZ+kpNzOJKd3Xc7nojkiUBHVj0OqKM7cLcoE=; b=MtMn5lQUN0SDOmTrjKbjdGgTi5s4bRR2dyK4mnz67sj0GQ7BwCfzpkpIukUSWt36ew hz4LaZEUMGzmRxxbafrXpis3Fo9/TVh1CQmPcYiU/yC5CIqeDNU8ruYGwnPSFny5d9H+ mAwbdNDSZXy5w2nbwUfOjeEgwWjmtWfUjxxRK4XCww565gtBLcQFYriPf90b9jWIZzOo kQGO2brXU/hcmngByb8jFbutldTRL+7T6kSeBkYZ4Yt3mTib8DsAn71q8cYp86BdyZ2p GiIbX5mgyyGz+ZmMCoegQTa/XCtOjVze1UaV0q7Bzaugdxr1W8Votk8jm4BVg01Q/O88 cUbg== X-Gm-Message-State: AOJu0YzRgAf2JKeyflR3KIAyz8XBgLDTCzR3IKTbZt30Uw8HZj8jamOk g/VCsjzVIPhEoo8gsmmm81OluFghhuM+EvWy+9AFVw== X-Google-Smtp-Source: AGHT+IEgq0/ODsbvUxuoO9V0OfrYKOXne0U3V7GEwxttaN+IwiaEkaSKMjDClVadmUzJnh+9jLEHMQ== X-Received: by 2002:a17:90a:744f:b0:28b:d124:34 with SMTP id o15-20020a17090a744f00b0028bd1240034mr1880916pjk.45.1703124571129; Wed, 20 Dec 2023 18:09:31 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/11] perl: update 5.34.1 -> 5.34.3 Date: Wed, 20 Dec 2023 16:09:08 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192820 From: Soumya Sambu This includes security fix for CVE-2023-47038 Changes: https://metacpan.org/release/PEVANS/perl-5.34.3/changes Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- .../0001-Makefile-check-the-file-if-patched-or-not.patch | 4 ++-- .../perl-cross/{perlcross_1.3.7.bb => perlcross_1.5.2.bb} | 2 +- meta/recipes-devtools/perl/{perl_5.34.1.bb => perl_5.34.3.bb} | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/perl-cross/{perlcross_1.3.7.bb => perlcross_1.5.2.bb} (92%) rename meta/recipes-devtools/perl/{perl_5.34.1.bb => perl_5.34.3.bb} (99%) diff --git a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch index 8c8f3b717c..0ef9b27439 100644 --- a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch +++ b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch @@ -21,8 +21,8 @@ index f4a26f5..7bc748e 100644 # Original versions are not saved anymore; patch generally takes care of this, # and if that fails, reaching for the source tarball is the safest option. $(CROSSPATCHED): %.applied: %.patch -- patch -p1 -i $< && touch $@ -+ test ! -f $@ && (patch -p1 -i $< && touch $@) || echo "$@ exist" +- $(cpatch) -p1 -i $< && touch $@ ++ test ! -f $@ && ($(cpatch) -p1 -i $< && touch $@) || echo "$@ exist" # ---[ common ]----------------------------------------------------------------- diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.3.7.bb b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb similarity index 92% rename from meta/recipes-devtools/perl-cross/perlcross_1.3.7.bb rename to meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb index 99a9ca1027..ac4dff33bb 100644 --- a/meta/recipes-devtools/perl-cross/perlcross_1.3.7.bb +++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb @@ -18,7 +18,7 @@ SRC_URI = "https://github.com/arsv/perl-cross/releases/download/${PV}/perl-cross " UPSTREAM_CHECK_URI = "https://github.com/arsv/perl-cross/releases/" -SRC_URI[perl-cross.sha256sum] = "77f13ca84a63025053852331b72d4046c1f90ded98bd45ccedea738621907335" +SRC_URI[perl-cross.sha256sum] = "584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90" S = "${WORKDIR}/perl-cross-${PV}" diff --git a/meta/recipes-devtools/perl/perl_5.34.1.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb similarity index 99% rename from meta/recipes-devtools/perl/perl_5.34.1.bb rename to meta/recipes-devtools/perl/perl_5.34.3.bb index db306d0be3..e8b518adc9 100644 --- a/meta/recipes-devtools/perl/perl_5.34.1.bb +++ b/meta/recipes-devtools/perl/perl_5.34.3.bb @@ -29,7 +29,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "357951a491b0ba1ce3611263922feec78ccd581dddc24a446b033e25acf242a1" +SRC_URI[perl.sha256sum] = "5b12f62863332b2a5f54102af9cdf8c010877e4bf3294911edbd594b2a1e8ede" S = "${WORKDIR}/perl-${PV}" From patchwork Thu Dec 21 02:09:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E8E4C46CD3 for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.43018.1703124574303589435 for ; Wed, 20 Dec 2023 18:09:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rX5AN6S0; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-28bd623c631so252609a91.3 for ; Wed, 20 Dec 2023 18:09:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124573; x=1703729373; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=F7L0wrhOmu4E+V/0h+cPJzKVStfY9MlaY4tIEUV/S8k=; b=rX5AN6S0HsGDs4LKG2rtjz1dwlSLpvGJBA4ynmDiaAgFkuwhool3YDiyneKcnULj07 39Xiug8zARE8ZmzIS3FAz8HqpRCYsEGCL//2XdzgLshT1orTaEFizz2OaJ7h+j/caQAa u29JJDISD+3hpwncLNchRF0B2GrJNyB+eiDKiGRs8OhIbD3UhaRCmpv/CiI59I8+3+8P rTnHEFFqMJvwdEN82T6m68+uGpJoVFpjZMD/tleASssaNhp7+AXLC36PGwtoZRRFayzR ViCUJuW7ZOu5ks/kHlwVSr0wDP3iPhHVXbbGC667GhOFcvoTGHhGRNGirOwIEaHmnUBt 6iAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124573; x=1703729373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F7L0wrhOmu4E+V/0h+cPJzKVStfY9MlaY4tIEUV/S8k=; b=dA4iO+wSmVywTzimBZ0EOWvfBbTCyk8gQuDj1kIhul9J6VryA0qItlwLzsLsrAj4XE AXx4Q5yuJHEW3lOBgw9jsFHS2lF8St7z8bzlNTJkeMQaROt50zBRBHfRtUcIXs/7kNAe B2M63O1K55c+vAz4bzkem0OnAC6rYgJG5sxW8gJKJSb0j//R9oCtsFXTxYCJySotQqiJ RqAt1sOXiFuylLifnBDQhAt9j8HLdLyx/JvpR/OPP1Xct9TrDfakr1B+mMeoZPY3KxKJ S4Oi81hqyGtwZ+cObaWkUiBFR2q1sJUzhrcPfr5+98OxZMZZlst7SuJOs2fbaW/ID3Nk ga2A== X-Gm-Message-State: AOJu0YzOjszD9/LgINbSYnOcwUmkFCOGCGgyzf10E3iUaLYLgO1vklof TxQT/2kSjfxf34yJ04VOMo5viAe92tepJ7ordVn7ig== X-Google-Smtp-Source: AGHT+IH9vCvQtSFZpuhW4eUf1yN8yXKYg6NPc1ZV/5ddFbGw45daKg2LPTnxPYCmDiqSF/EPPaA0RQ== X-Received: by 2002:a17:90a:6407:b0:28b:d596:39d9 with SMTP id g7-20020a17090a640700b0028bd59639d9mr1521026pjj.82.1703124573062; Wed, 20 Dec 2023 18:09:33 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:32 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/11] externalsrc: Ensure SRCREV is processed before accessing SRC_URI Date: Wed, 20 Dec 2023 16:09:09 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192821 From: Yoann Congal When SRCREV is used, call bb.fetch.get_srcrev() before accessing SRC_URI. Without this new bb.fetch.get_srcrev() call, SRC_URI might be accessed before SRCREV had a chance to be processed. In master, this is fixed by https://git.yoctoproject.org/poky/commit/?id=62afa02d01794376efab75623f42e7e08af08526 However, this commit is not suited for backport since it is quite invasive. The part of the commit that fix the bug is: --- a/meta/classes/externalsrc.bbclass +++ b/meta/classes/externalsrc.bbclass @@ -63,6 +63,7 @@ python () { else: d.setVar('B', '${WORKDIR}/${BPN}-${PV}') + bb.fetch.get_hashvalue(d) local_srcuri = [] fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d) for url in fetch.urls: NB: bb.fetch.get_hashvalue() does not exist in kirkstone but is equivalent to bb.fetch.get_srcrev(). Fixes [YOCTO #14918] Signed-off-by: Yoann Congal Suggested-by: Chris Wyse Signed-off-by: Steve Sakoman --- meta/classes/externalsrc.bbclass | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass index 97d7379d9f..a209730240 100644 --- a/meta/classes/externalsrc.bbclass +++ b/meta/classes/externalsrc.bbclass @@ -62,6 +62,10 @@ python () { else: d.setVar('B', '${WORKDIR}/${BPN}-${PV}') + if d.getVar('SRCREV', "INVALID") != "INVALID": + # Ensure SRCREV has been processed before accessing SRC_URI + bb.fetch.get_srcrev(d) + local_srcuri = [] fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d) for url in fetch.urls: From patchwork Thu Dec 21 02:09:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36762 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20662C46CD2 for ; Thu, 21 Dec 2023 02:09:36 +0000 (UTC) Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) by mx.groups.io with SMTP id smtpd.web10.43020.1703124575903327552 for ; Wed, 20 Dec 2023 18:09:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=FonQKsS5; spf=softfail (domain: sakoman.com, ip: 209.85.161.45, mailfrom: steve@sakoman.com) Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-58e256505f7so238497eaf.3 for ; Wed, 20 Dec 2023 18:09:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124575; x=1703729375; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BYVdPleRXkp1y/WGdGNGt51S2v9KZzQno2ZeM2HRfMQ=; b=FonQKsS5yorUfo5NZW5kMZ2UVJzplguRjvBEg35gKu+HAtVrvGbhNbSfc7iugEw/i4 A3nHtXnRkYkRqQM6GlyJ8o3rHiNJOBvWNiWw9ylvt61iWp0VF6jLz0fpqBK7Uz4JGexS M9otRDybtJjZGDJMvjIc3nfyVzrsbHK0hgzHsy8ZAyEQcznQSWXusZBpv7TfsOZHfJkX 7h9Xym2sZkN5Yd0SO6/Nop0+e2TMglc/nIBoMOxG3QrtKEmWJbGkxcd0EBSPikAYrNnv 9DYIO0l8RkTv9+Um2Ei8u6nyr+Bt0y5Ql9JUNKfn5beEYH9eQZu6pb1GUuHa2yxsubf6 Hh2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124575; x=1703729375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BYVdPleRXkp1y/WGdGNGt51S2v9KZzQno2ZeM2HRfMQ=; b=GRz83efBEWQPLDa+hSsQIfSA8+BQ7+Qm7AbTH2qwjUpmPqhDIxwEjb8oJUmyUxqopD t+VeviIZrRBo89lI0UtAnYAnPOtPZ0yU0NCOKgoe/IkQMeEaRInYPHvCHepFlQmKn8Sr gntrtWDZWTRBi18Z0VUKL+iZcQOqhYy/OYQFOpWtA1XJEYeYCDm8aipoWTRPZeOM0ffW iBjssjlfPFuQjajfpEJCNDUelYjFo5UCqMCUq/PWHuTDNN8Y6qE/2CdDdCcU35O8iI9P d3k7DpNZvepuQnCLRKtHIuzPYgwDwaaIXvVft4OlLJ5sC480oQu+iT5um+MyOn4FGlyf W/dg== X-Gm-Message-State: AOJu0YySk/pl1in1qWLQkkdo3MAc5+5rk6GwizFIVmdIG5cNo1t37tdG ihEqlD1MXz0HOBJXEdv6fn50xzTt2CmGY38bV0j9/Q== X-Google-Smtp-Source: AGHT+IE5sLaV9sTCf5SSb2iy2ZdgMjkpQeHT3DJ5pIcRzApLE8Zlv6hvA/TuHX766joZ52uBCQKAPg== X-Received: by 2002:a05:6358:339a:b0:174:aaff:4a29 with SMTP id i26-20020a056358339a00b00174aaff4a29mr832431rwd.7.1703124574831; Wed, 20 Dec 2023 18:09:34 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:34 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/11] python3-ptest: skip test_storlines Date: Wed, 20 Dec 2023 16:09:10 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192822 From: Trevor Gamblin [YOCTO #14933] test_storlines is yet another Python ptest that fails intermittently on the Yocto AB, so disable it during ptests for now. Signed-off-by: Trevor Gamblin Signed-off-by: Alexandre Belloni (cherry picked from commit d7b9f8157e6214a83b5495e8a32e11540ae65ff8) Signed-off-by: Steve Sakoman --- ...orlines-skip-due-to-load-variability.patch | 32 +++++++++++++++++++ .../python/python3_3.10.13.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch new file mode 100644 index 0000000000..199031d42a --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch @@ -0,0 +1,32 @@ +From 013ff01fdf2aa6ca69a7c80a2a2996630877e4ea Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin +Date: Fri, 6 Oct 2023 10:59:44 -0400 +Subject: [PATCH] test_storlines: skip due to load variability + +This is yet another test that intermittently fails on the Yocto AB when +a worker is under heavy load, so skip it during testing. + +Upstream-Status: Inappropriate [OE-Specific] + +[YOCTO #14933] + +Signed-off-by: Trevor Gamblin +--- + Lib/test/test_ftplib.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py +index 082a90d46b..508814d56a 100644 +--- a/Lib/test/test_ftplib.py ++++ b/Lib/test/test_ftplib.py +@@ -629,6 +629,7 @@ def test_storbinary_rest(self): + self.client.storbinary('stor', f, rest=r) + self.assertEqual(self.server.handler_instance.rest, str(r)) + ++ @unittest.skip('timing related test, dependent on load') + def test_storlines(self): + data = RETR_DATA.replace('\r\n', '\n').encode(self.client.encoding) + f = io.BytesIO(data) +-- +2.41.0 + diff --git a/meta/recipes-devtools/python/python3_3.10.13.bb b/meta/recipes-devtools/python/python3_3.10.13.bb index ba53a09ef5..76e37e42a1 100644 --- a/meta/recipes-devtools/python/python3_3.10.13.bb +++ b/meta/recipes-devtools/python/python3_3.10.13.bb @@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \ file://deterministic_imports.patch \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ + file://0001-test_storlines-skip-due-to-load-variability.patch \ " SRC_URI:append:class-native = " \ From patchwork Thu Dec 21 02:09:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 36767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D7F6C3DA6E for ; Thu, 21 Dec 2023 02:09:46 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.42667.1703124577755729535 for ; Wed, 20 Dec 2023 18:09:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Zc0e25+X; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5cd84c5442cso1059770a12.1 for ; Wed, 20 Dec 2023 18:09:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1703124576; x=1703729376; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/gv6hfLq5RoOmESx5GqrdynedTd/tqSYbtItmiRiImE=; b=Zc0e25+X0pzm9JVPEhUBdlrplOZW8+9OLM2XnDnxDYrmGbV0uUImawrQyxzjcoELC6 AskuZYGgkf5K4v1bzotyZBaXtOthcwizYgqFf0IEp8rBswOuWly4T6zOOLgQDLbYomyW 4C6E/SVAR8vzJMTH/pj+axnPUCqTADo/91CO/mXHZvkeJxvegjGJF4zEQW262dCQto+K Iss+RG4bSPYvb+RMo/EsF45r2h1A43NCI8VXCVpq07fhELvqGTo/UfTz74diVw5Ibfiw zJF2jU94l5eB8vTCIFIWDakRbULGnhinsLpSg7GC0ge8mqVzFPIYXCfVOxgHmR6dR6D4 VBlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703124576; x=1703729376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/gv6hfLq5RoOmESx5GqrdynedTd/tqSYbtItmiRiImE=; b=SOKxDTJdwc1ew1Hqoii/PNIhT9HebiFLNgVmhEl+pYH1atfWijnjB6Rchd2KWNQynw 4feulBRhJfe5wX+MuJbpg46Q+Y7dqiOcRfq4XXTleQgyDNNKMvQ5+eIgcMyAFA3Jq4yA 0qXPmeSojWv7WJaMTsgo7lToJBeUn4Lcu8kRo0HRgIkdSzUWci0QKGZgs6XksgmvFvqA H2wK9FKej6o0ktwXK0MJpZf1B84Oviwx59EpLX3pV0w/vSqDr5cSbfgR5RP3h17UOCvQ RO/bKSf5km7UuOukB+0S0T/G5y6v3V37L2TaY7asLrWZXWEAk96t3QoaPeObVyY2Gz4U lCmw== X-Gm-Message-State: AOJu0YzfAvqULpTm8bRy2362FI3D4tL/hiyIREMY73nFacUYF9AYuf8+ JS7IObXkY7HqEC4auA/wzvKi0P1TkfdC+r2HjWHU9T2DR5ZOqQ== X-Google-Smtp-Source: AGHT+IFib23yIWwlyJ9yth+7J/JyOH3az/CUs6GAkqbFH3UC0TGl8y78/eonz0+tSwo48FvzR9Logg== X-Received: by 2002:a17:90a:12c9:b0:28b:d5bb:ebd3 with SMTP id b9-20020a17090a12c900b0028bd5bbebd3mr2245721pjg.30.1703124576453; Wed, 20 Dec 2023 18:09:36 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id qb4-20020a17090b280400b0028aecd6b29fsm4447297pjb.3.2023.12.20.18.09.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 18:09:36 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/11] testimage: Exclude wtmp from target-dumper commands Date: Wed, 20 Dec 2023 16:09:11 -1000 Message-Id: <2afd9a6002cba2a23dd62a1805b4be04083c041b.1703124430.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Dec 2023 02:09:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/192823 From: Richard Purdie wtmp is filled with binary data which the run_serial command can't cope with. Catting this results in confusion of the serial interface and potentially large backlogs of data in the buffers which can hang qemu. Exclude the problematic files from the command. Signed-off-by: Richard Purdie (cherry picked from commit 599ac08a6f6fb3f6a89a897c8e06367c63c2f979) Signed-off-by: Steve Sakoman --- meta/classes/testimage.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 34173ce68d..6864eeed2f 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -112,7 +112,7 @@ testimage_dump_target () { netstat -an ip address # Next command will dump logs from /var/log/ - find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \; + find /var/log/ -type f -name !wtmp* 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \; } testimage_dump_host () {