From patchwork Tue Feb 13 21:43:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39262 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63C30C48260 for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.26195.1707860619451489494 for ; Tue, 13 Feb 2024 13:43:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tJbOr3CY; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6e08dd0c7eeso995470b3a.1 for ; Tue, 13 Feb 2024 13:43:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860619; x=1708465419; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=r0gVPT45VySEFHKGAiNZzfxdMnAiOysXhhKudxxzZhY=; b=tJbOr3CYIdWeE5C1Y+/LoSzN2+rXzOZe+8Q4vCn4csB+zWJ3TqyAn7q3MpQVOPnNiR +NHXsSSQuzBwkeyfq3tbIel/W1k7P5GYAQdWmcMCWJlCR7G5RNGicXVbb16XWkAwwcaH 4F4KjuuWNd/9JXNHo860DKysqf4ZYPSR4N7lYsj8ZaDdO+AmUavjhoUMLyi596kIENFi pjG88UHZbJxfWXNNJABX2LzIfhE31Y8wIDt1NI4YdIi6dQgqlNUnnqW+bsaYH34Jvc25 GCjM4VaT0a/+w4+VrSVEdMnX2IiJeX0xn0j6hrCeQ3F2YISmRKBpuoXZTPVJAubyPz6f G02g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860619; x=1708465419; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r0gVPT45VySEFHKGAiNZzfxdMnAiOysXhhKudxxzZhY=; b=NFk6t12InxeV2hVfJXUtHyCG9mPtk40BE4ZqGzeiWNYtfbk/aDmpJqe1Ny2VKKpWJR 1ygLxyyymxEqs3EOYYqDVC6m0JGbKoUrx6uqL74Vr4gTBgmbAIsIV8IvEqg/ow3F1XAK oWdt9HtDKQLudfCA6HcddHru1oN6RcwROqlf+IDZuKDmUsnb52x6oevm3OvppvRT3yZq AB2cOfR5r+xfvT6oqBwqEAATeB71e+vPaYFox69k8HJSuiJNqI1/WUH8juiqjHd4jnYF eULWeMOiAT6dctp5fMlfrZ8WscN0QbKyNjqdydMOw37Yj6VSgmus+FDmk+IWiOp8jBh8 yZ/A== X-Gm-Message-State: AOJu0YybUSCLXy+pfvkZIJgYUop/prTLzfrNPTCElH+vMJnPZDmsRpl0 S7VQ0wz3xuueE4FPUYMAriJJ2M/lhZY38XeOesMxSJBDSmJWZcIZMBzSSvnspMbhKgn/+7pFiU6 n X-Google-Smtp-Source: AGHT+IGSAbrURs6iQ1gxZcHsqeaXNnygh1MHBqUN5XiFPM41+9wU1/lRo4EVNlXi/gGuaWnm4iYm3Q== X-Received: by 2002:a05:6a00:189c:b0:6e0:6a53:e380 with SMTP id x28-20020a056a00189c00b006e06a53e380mr642614pfh.22.1707860618745; Tue, 13 Feb 2024 13:43:38 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:38 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 1/7] curl: ignore CVE-2023-42915 Date: Tue, 13 Feb 2024 11:43:21 -1000 Message-Id: <067740c834a98cd8f5cfff7f73418d18b8e1249a.1707860435.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195430 From: Peter Marko This CVE reports that apple had to upgrade curl because of other already reported CVEs: * CVE-2023-38039: not affected, introduced in 7.84.0 * CVE-2023-38545: patch already backported * CVE-2023-38546: patch already backported * CVE-2023-42915: reference to itself Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-support/curl/curl_7.69.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index a8e6c4f3ee..980b4224a8 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -72,6 +72,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-2021-229 # This CVE issue affects Windows only Hence whitelisting this CVE CVE_CHECK_WHITELIST += "CVE-2021-22897" +# This CVE reports that apple had to upgrade curl because of other already reported CVEs +CVE_CHECK_WHITELIST += "CVE-2023-42915" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" From patchwork Tue Feb 13 21:43:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39264 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87256C48BC4 for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web10.26107.1707860621099112087 for ; Tue, 13 Feb 2024 13:43:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iGo4fqtG; spf=softfail (domain: sakoman.com, ip: 209.85.216.54, mailfrom: steve@sakoman.com) Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-290fb65531eso1017901a91.2 for ; Tue, 13 Feb 2024 13:43:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860620; x=1708465420; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+rRBCSnS1/MmIFDcQt8qtb8ChbMyanMYrOpA40P8BrM=; b=iGo4fqtGYe2t0+yEOc6VOEmlCGKk9fuOrPalPqVukToTNNW2tMsp5Xq8Lbys6Q64Gn z1PsgItMXGvmJN14eEILbb9dwIxLAUTJAq6t+e2djH43g+k4luskDC+OMe63WNMYJEZk 84w5+NbXRzBjPMAviVdwuNzKzeaboFT0bmovE3+ODhzNBdN4Fg0gCxSqyBHHHPUgDf7O PaYk9CCOCrCfuz9f2J1N6iHapX2RdE0flBWB4R06CD/p2GlgN0w7GJ2YJ7WEVwJlcg4p LeI3cKiE1Y+naRzpD6JKmJ6USzy2w13hg8uZKfNE3sKR8pbMUuxufP6gN8K/RgngRqzX kksA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860620; x=1708465420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rRBCSnS1/MmIFDcQt8qtb8ChbMyanMYrOpA40P8BrM=; b=CObuwtu+Nlj+Ow+ggMaVtnwUPZfnSvAlVt9X1BbM+H1gI6TG4/e6a12j6Q2gVnwiY3 AXCqIJskvRJlI032u5jrxZCpwkgR92NyGoqtaPPGv2SBLNU5XWHCgNnTa3qGeHzp7mCW RzoSv4eCKFz4LQ+Ci2NrpP4zfqE1Kuo/3f3fX0X4UEITPOviiuxW1Yag8TqT3gpMbzIj fPOGNJxnsY8GcFHNaZnRxS/q5kIb9Ot3lELWtKTJ/5Tde957bjHWQWxgVZcEwOijFGcf fdxgfWPwNCaSItYRRXDKsXoyYWDBkxscN0UOmDZYcmVlKD1JqR47nlfnmg4EEfM5XTaS yVaw== X-Gm-Message-State: AOJu0Yy+fIHmO8WnZUm2uDNrUyd1EGT27x14LDrwcnbkMOjEF6b3pqIG cyir09dvGyMoQR7CGmzrpvuRxTAggOl7eCcoHUIdvnLtFtHfgAl4vlVKiClW6sPVoIh8j6U+Jfm l X-Google-Smtp-Source: AGHT+IFzl8eglwopH1f/3x4ucJDCK5Tuz7PFBc1hhZxygWZMo3nbjM1nUr3WmTnO8g7TfWNUvhOORQ== X-Received: by 2002:a05:6a20:9d90:b0:1a0:5c37:9201 with SMTP id mu16-20020a056a209d9000b001a05c379201mr1000464pzb.52.1707860620373; Tue, 13 Feb 2024 13:43:40 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 2/7] perl: Whitelist CVE-2023-47039 Date: Tue, 13 Feb 2024 11:43:22 -1000 Message-Id: <970a0a64ce147970c7743411584c9bd1dc1ce414.1707860435.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195431 From: virendra thakur This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47039 Signed-off-by: virendra thakur Signed-off-by: Steve Sakoman --- meta/recipes-devtools/perl/perl_5.30.1.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/perl/perl_5.30.1.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb index 4b5a4a5619..bf81a023b8 100644 --- a/meta/recipes-devtools/perl/perl_5.30.1.bb +++ b/meta/recipes-devtools/perl/perl_5.30.1.bb @@ -46,6 +46,10 @@ SRC_URI[perl-cross.sha256sum] = "edce0b0c2f725e2db3f203d6d8e9f3f7161256f5d159055 S = "${WORKDIR}/perl-${PV}" +# This is windows only issue. +# https://ubuntu.com/security/CVE-2023-47039 +CVE_CHECK_WHITELIST += "CVE-2023-47039" + inherit upstream-version-is-even update-alternatives DEPENDS += "zlib virtual/crypt" From patchwork Tue Feb 13 21:43:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39266 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 905CFC48BEB for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web10.26108.1707860622710747217 for ; Tue, 13 Feb 2024 13:43:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=exopcT04; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-5ce2aada130so4130449a12.1 for ; Tue, 13 Feb 2024 13:43:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860622; x=1708465422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fmKCpNlDMxzUHuK1VRENusIalaAwmkaA6uT6qe9XjvM=; b=exopcT04ox695bP4KMRqwOv1z3bo7NVmr37PpVNx3eWt4Mn0wdosIKfY4874CyWWco mI0Zjvz8i+pLSWoKqWwe5K1HIQs6cNIOCYG/oMuVDvBEKkZHWzRxmyecq7+wnZ3TrheV X5tWp58rbUC/38xjEzOkQGy/XkYBYGR7Nri3fhEf2LvTFpUO1KPyUzoxKSGdugvyyXGU QuF5Yzx13qsCTIrR/OgIb0eWdEHuEsptcrSWh8eNNX9aoroQpohL3vZPJXJoKycExOjN HICc6hNKzMKycE3WcalcTyPV197Rsr3CqLQRnNyBAbEmVYH/SgfahLmYGyDHkwPc77KI GNWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860622; x=1708465422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fmKCpNlDMxzUHuK1VRENusIalaAwmkaA6uT6qe9XjvM=; b=bQ4Lgc/xoQfdgShO7FiiImRBPccXkz4KhQ+OkwE5s0HcLpn76Nswh9P3bUSoWxq5vk NX3lh7/lQpfI689vPYDaFQuiu8xIr6uuSfPfAmFG2e0WoNIH2S6gBPdybmnbRZyXpdAV bjMNkuvPXWdXWXN3unk6ZSz72+TKYB7NQsdRhxyaon5sCXBz5v8q9vI0M/3RExKO+iu6 tHa2FqHh6fo51+mqEi48SKt7hlqUO6Y/i0qEfiJGxlP9D/RRalHfImZ0ZV19DhsL1z7e TSOzXgG3zX3sIff4RBxmsBc9ns57EG5BIZJmwE1y00lgnGrMH75ACrno/+zNlIVJJ6Xl v7lA== X-Gm-Message-State: AOJu0YxWa9MEh7067Z0gvoDCgVsdaoC5huaSSydQL8Kysv6WKcIvuXD8 t3vCXTLvbG71yY4i044TDM7whRSfcEQszZVDbeWH4xanQqYcX+bBs2oWz5d8fXnFS0/SphTjg8H R X-Google-Smtp-Source: AGHT+IEbuDO3UWheKuNCyw0u+h1Mo+Bw38jBD04vK9dmGjprCtAh3Qfraa7I3ApGDWLYuR9u0lZ/yA== X-Received: by 2002:a05:6a20:d70f:b0:19e:99fd:2946 with SMTP id iz15-20020a056a20d70f00b0019e99fd2946mr1050184pzb.2.1707860621956; Tue, 13 Feb 2024 13:43:41 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 3/7] ghostscript: Backport fix for CVE-2020-36773 Date: Tue, 13 Feb 2024 11:43:23 -1000 Message-Id: <1a25a8ebedf39f1a868fcf646684b2eeaa67301f.1707860435.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195432 From: Vijay Anusuri Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;h=8c7bd787defa071c96289b7da9397f673fddb874] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2020-36773.patch | 109 ++++++++++++++++++ .../ghostscript/ghostscript_9.52.bb | 1 + 2 files changed, 110 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch new file mode 100644 index 0000000000..ea8bf26f3f --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch @@ -0,0 +1,109 @@ +From 8c7bd787defa071c96289b7da9397f673fddb874 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Wed, 20 May 2020 16:02:07 +0100 +Subject: [PATCH] txtwrite - address memory problems + +Bug #702229 " txtwrite: use after free in 9.51 on some files (regression from 9.50)" +Also bug #702346 and the earlier report #701877. + +The problems occur because its possible for a single character code in +a PDF file to map to more than a single Unicode code point. In the case +of the file for 701877 the character code maps to 'f' and 'i' (it is an +fi ligature). + +The code should deal with this, but we need to ensure we are using the +correct index. In addition, if we do get more Unicode code points than +we expected, we need to set the widths of the 'extra' code points to +zero (we only want to consider the width of the original character). + +This does mean increasing the size of the Widths array to cater for +the possibility of more entries on output than there were on input. + +While working on it I noticed that the Unicode remapping on little- +endian machines was reversing the order of the Unicode values, when +there was more than a single code point returned, so fixed that at +the same time. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;h=8c7bd787defa071c96289b7da9397f673fddb874] +CVE: CVE-2020-36773 +Signed-off-by: Vijay Anusuri +--- + devices/vector/gdevtxtw.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/devices/vector/gdevtxtw.c b/devices/vector/gdevtxtw.c +index 87f9355..bddce5a 100644 +--- a/devices/vector/gdevtxtw.c ++++ b/devices/vector/gdevtxtw.c +@@ -1812,11 +1812,11 @@ static int get_unicode(textw_text_enum_t *penum, gs_font *font, gs_glyph glyph, + #else + b = (char *)Buffer; + u = (char *)unicode; +- while (l >= 0) { +- *b++ = *(u + l); +- l--; +- } + ++ for (l=0;ldev->memory, unicode, "free temporary unicode buffer"); + return length / sizeof(short); +@@ -1963,7 +1963,7 @@ txtwrite_process_plain_text(gs_text_enum_t *pte) + &penum->text_state->matrix, &wanted); + pte->returned.total_width.x += wanted.x; + pte->returned.total_width.y += wanted.y; +- penum->Widths[pte->index - 1] = wanted.x; ++ penum->Widths[penum->TextBufferIndex] = wanted.x; + + if (pte->text.operation & TEXT_ADD_TO_ALL_WIDTHS) { + gs_point tpt; +@@ -1984,8 +1984,14 @@ txtwrite_process_plain_text(gs_text_enum_t *pte) + pte->returned.total_width.x += dpt.x; + pte->returned.total_width.y += dpt.y; + +- penum->TextBufferIndex += get_unicode(penum, (gs_font *)pte->orig_font, glyph, ch, &penum->TextBuffer[penum->TextBufferIndex]); +- penum->Widths[pte->index - 1] += dpt.x; ++ penum->Widths[penum->TextBufferIndex] += dpt.x; ++ code = get_unicode(penum, (gs_font *)pte->orig_font, glyph, ch, &penum->TextBuffer[penum->TextBufferIndex]); ++ /* If a single text code returned multiple Unicode values, then we need to set the ++ * 'extra' code points' widths to 0. ++ */ ++ if (code > 1) ++ memset(&penum->Widths[penum->TextBufferIndex + 1], 0x00, (code - 1) * sizeof(float)); ++ penum->TextBufferIndex += code; + } + return 0; + } +@@ -2123,7 +2129,7 @@ txt_add_fragment(gx_device_txtwrite_t *tdev, textw_text_enum_t *penum) + if (!penum->text_state->Widths) + return gs_note_error(gs_error_VMerror); + memset(penum->text_state->Widths, 0x00, penum->TextBufferIndex * sizeof(float)); +- memcpy(penum->text_state->Widths, penum->Widths, penum->text.size * sizeof(float)); ++ memcpy(penum->text_state->Widths, penum->Widths, penum->TextBufferIndex * sizeof(float)); + + unsorted_entry->Unicode_Text = (unsigned short *)gs_malloc(tdev->memory->stable_memory, + penum->TextBufferIndex, sizeof(unsigned short), "txtwrite alloc sorted text buffer"); +@@ -2136,7 +2142,7 @@ txt_add_fragment(gx_device_txtwrite_t *tdev, textw_text_enum_t *penum) + if (!unsorted_entry->Widths) + return gs_note_error(gs_error_VMerror); + memset(unsorted_entry->Widths, 0x00, penum->TextBufferIndex * sizeof(float)); +- memcpy(unsorted_entry->Widths, penum->Widths, penum->text.size * sizeof(float)); ++ memcpy(unsorted_entry->Widths, penum->Widths, penum->TextBufferIndex * sizeof(float)); + + unsorted_entry->FontName = (char *)gs_malloc(tdev->memory->stable_memory, + (strlen(penum->text_state->FontName) + 1), sizeof(unsigned char), "txtwrite alloc sorted text buffer"); +@@ -2192,7 +2198,7 @@ textw_text_process(gs_text_enum_t *pte) + if (!penum->TextBuffer) + return gs_note_error(gs_error_VMerror); + penum->Widths = (float *)gs_malloc(tdev->memory->stable_memory, +- pte->text.size, sizeof(float), "txtwrite temporary widths array"); ++ pte->text.size * 4, sizeof(float), "txtwrite temporary widths array"); + if (!penum->Widths) + return gs_note_error(gs_error_VMerror); + } +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 9712871e7f..e57f592892 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -45,6 +45,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2023-36664-1.patch \ file://CVE-2023-36664-2.patch \ file://CVE-2023-43115.patch \ + file://CVE-2020-36773.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Feb 13 21:43:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39267 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E5E6C48BEC for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.26110.1707860624175489214 for ; Tue, 13 Feb 2024 13:43:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=13SpVHcT; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6e08dd0c7eeso995499b3a.1 for ; Tue, 13 Feb 2024 13:43:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860623; x=1708465423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YW+eITsfCeD/Giu+ZojRZdfndphKc+gx3nmZ5CAPBhg=; b=13SpVHcTDxr3tdZaO9eXJCtTecgIG5a+QVRCb9Uf8kR6dQofIrK2IjBQFhZ73kNCBf DOUG3uJJYyJPVcHvraBTBx6GV3JjD+TV6TGcgOosBO2JAZS+tJo8Yg6AOj9WtjXdR1pi SO4+s1BZwkFwXRXuxhboVhMMtOxNnpaQcs71ejSHFZB1Le0Dfm18kRdEfAXy3MgO7AQH uWQ/GVZ0lq3l0eeMqTLy6GrH2HLw2lexe3+YewnI9kNULE8rrslaYYaBHcwLhw/tZ+MF 1u79CrbH8e1CU1rRD56tORYFoI/ayZ24wo/vQqbEybT8UJCS1EndxGgvGxVkyKcM6FGv TpAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860623; x=1708465423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YW+eITsfCeD/Giu+ZojRZdfndphKc+gx3nmZ5CAPBhg=; b=QTv514Uyl1fVIrLi2LRIVcOwMpduf1uSbsvEPH/X/YzdYxrNNRV6UsxUtR+4R0hk2a LXggZtDNTNOj/UKOKvIlxNdQAnhbtU8FCQbx8sCeHmLxpBUeext9Mu1j+qKKzv9wumA2 Ea8LNQMmzwGhZ2KP3YYU9+sfFnnrOt6XNI3JtxV9ftjesO3IGyS4DrAthXQ0ILIQSUuK +NW2zKt5fhx8yKQbyfyPCLp04sF8+HQ5op/X15aCjL9dkXpoKYMfXoCLHyglVNDH36bv oTSBN1HBrMMlA22uysz4iJpTeAmV19q5YPgQAjQq+mMCGWFLmNhIjPOHWjzNIk3xjofU kXxg== X-Gm-Message-State: AOJu0Yy2nl6k67685HXfpo02OFRWXgpGaFVgDHXPLVb8YHFnRr5wvwZN hu59nkdCw5MZqxo+BsdTnBWLBoVjxQVhJlBA4uAvVaL2ukL8xnaG29GLbD4lgx0mKARGHXWHkFX X X-Google-Smtp-Source: AGHT+IFND0nofKE16t55aEIlrmrLRuhya9yXpROXip0l2cLEepFRf405ZcqG3mUhW+jY9wtt2WIxgw== X-Received: by 2002:a05:6a00:d48:b0:6e0:326f:30b1 with SMTP id n8-20020a056a000d4800b006e0326f30b1mr417934pfv.27.1707860623444; Tue, 13 Feb 2024 13:43:43 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 4/7] go: add a complementary fix for CVE-2023-29406 Date: Tue, 13 Feb 2024 11:43:24 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195433 From: Ming Liu The original CVE-2023-29406.patch is not complete, causing docker failures at runtime, backport a complementary fix from golang upstream. Signed-off-by: Ming Liu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 3 +- ...023-29406.patch => CVE-2023-29406-1.patch} | 0 .../go/go-1.14/CVE-2023-29406-2.patch | 114 ++++++++++++++++++ 3 files changed, 116 insertions(+), 1 deletion(-) rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 42a9ac8435..4fbf9d7590 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -71,7 +71,8 @@ SRC_URI += "\ file://CVE-2023-29402.patch \ file://CVE-2023-29404.patch \ file://CVE-2023-29400.patch \ - file://CVE-2023-29406.patch \ + file://CVE-2023-29406-1.patch \ + file://CVE-2023-29406-2.patch \ file://CVE-2023-29409.patch \ file://CVE-2022-41725-pre1.patch \ file://CVE-2022-41725-pre2.patch \ diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29406-1.patch similarity index 100% rename from meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch rename to meta/recipes-devtools/go/go-1.14/CVE-2023-29406-1.patch diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch new file mode 100644 index 0000000000..637f46a537 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch @@ -0,0 +1,114 @@ +From c08a5fa413a34111c9a37fd9e545de27ab0978b1 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Wed, 19 Jul 2023 10:30:46 -0700 +Subject: [PATCH] [release-branch.go1.19] net/http: permit requests with + invalid Host headers + +Historically, the Transport has silently truncated invalid +Host headers at the first '/' or ' ' character. CL 506996 changed +this behavior to reject invalid Host headers entirely. +Unfortunately, Docker appears to rely on the previous behavior. + +When sending a HTTP/1 request with an invalid Host, send an empty +Host header. This is safer than truncation: If you care about the +Host, then you should get the one you set; if you don't care, +then an empty Host should be fine. + +Continue to fully validate Host headers sent to a proxy, +since proxies generally can't productively forward requests +without a Host. + +For #60374 +Fixes #61431 +Fixes #61825 + +Change-Id: If170c7dd860aa20eb58fe32990fc93af832742b6 +Reviewed-on: https://go-review.googlesource.com/c/go/+/511155 +TryBot-Result: Gopher Robot +Reviewed-by: Roland Shoemaker +Run-TryBot: Damien Neil +(cherry picked from commit b9153f6ef338baee5fe02a867c8fbc83a8b29dd1) +Reviewed-on: https://go-review.googlesource.com/c/go/+/518855 +Auto-Submit: Dmitri Shuralyov +Run-TryBot: Roland Shoemaker +Reviewed-by: Russ Cox + +Upstream-Status: Backport [https://github.com/golang/go/commit/c08a5fa413a34111c9a37fd9e545de27ab0978b1] +CVE: CVE-2023-29406 +Signed-off-by: Ming Liu +--- + src/net/http/request.go | 23 ++++++++++++++++++++++- + src/net/http/request_test.go | 17 ++++++++++++----- + 2 files changed, 34 insertions(+), 6 deletions(-) + +diff --git a/src/net/http/request.go b/src/net/http/request.go +index 3100037386..91cb8a66b9 100644 +--- a/src/net/http/request.go ++++ b/src/net/http/request.go +@@ -582,8 +582,29 @@ func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitF + if err != nil { + return err + } ++ // Validate that the Host header is a valid header in general, ++ // but don't validate the host itself. This is sufficient to avoid ++ // header or request smuggling via the Host field. ++ // The server can (and will, if it's a net/http server) reject ++ // the request if it doesn't consider the host valid. + if !httpguts.ValidHostHeader(host) { +- return errors.New("http: invalid Host header") ++ // Historically, we would truncate the Host header after '/' or ' '. ++ // Some users have relied on this truncation to convert a network ++ // address such as Unix domain socket path into a valid, ignored ++ // Host header (see https://go.dev/issue/61431). ++ // ++ // We don't preserve the truncation, because sending an altered ++ // header field opens a smuggling vector. Instead, zero out the ++ // Host header entirely if it isn't valid. (An empty Host is valid; ++ // see RFC 9112 Section 3.2.) ++ // ++ // Return an error if we're sending to a proxy, since the proxy ++ // probably can't do anything useful with an empty Host header. ++ if !usingProxy { ++ host = "" ++ } else { ++ return errors.New("http: invalid Host header") ++ } + } + + // According to RFC 6874, an HTTP client, proxy, or other +diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go +index fddc85d6a9..dd1e2dc2a1 100644 +--- a/src/net/http/request_test.go ++++ b/src/net/http/request_test.go +@@ -770,16 +770,23 @@ func TestRequestWriteBufferedWriter(t *testing.T) { + } + } + +-func TestRequestBadHost(t *testing.T) { ++func TestRequestBadHostHeader(t *testing.T) { + got := []string{} + req, err := NewRequest("GET", "http://foo/after", nil) + if err != nil { + t.Fatal(err) + } +- req.Host = "foo.com with spaces" +- req.URL.Host = "foo.com with spaces" +- if err := req.Write(logWrites{t, &got}); err == nil { +- t.Errorf("Writing request with invalid Host: succeded, want error") ++ req.Host = "foo.com\nnewline" ++ req.URL.Host = "foo.com\nnewline" ++ req.Write(logWrites{t, &got}) ++ want := []string{ ++ "GET /after HTTP/1.1\r\n", ++ "Host: \r\n", ++ "User-Agent: " + DefaultUserAgent + "\r\n", ++ "\r\n", ++ } ++ if !reflect.DeepEqual(got, want) { ++ t.Errorf("Writes = %q\n Want = %q", got, want) + } + } + +-- +2.34.1 + From patchwork Tue Feb 13 21:43:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39263 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7088BC4829F for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.26199.1707860625596550915 for ; Tue, 13 Feb 2024 13:43:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tyv5HZjk; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-5d42e7ab8a9so2972732a12.3 for ; Tue, 13 Feb 2024 13:43:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860625; x=1708465425; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VxNCwsCF0pcZXY2WbJaH3f16QE/nnEoIdUBaXHVQv9A=; b=tyv5HZjkU7ju0Bn89eisYr9/vRbOVa6dLyDvYjCf0RWcLvYz3vAROrfvx1H7ZZwi4x dIciGQ5731qkZRrv3Cf9IJgEeu5sfX1gbFbqiuB2kaUgal/+Nd/LvNh4jmID8kS4873v NFs0MP1jlVYD0rgYNPdPTO9Y2vYxG6TQO5+3pfY8rY0lQRbQjbFx+ZIf3vznOvKg1qWK b9f1TDtN3IbBj7AA19kKI6LwGiNFCQXwXNLbqXiMfNfnphS4KHBjiSRqfLG1cFiN+5o5 w2ZpW7HujZSA5QxF0hUgd3qX5z+hIPrhZv+oeDnkl6BexfCqhDI4tTAi7rCfRZPbaIPl +KOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860625; x=1708465425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VxNCwsCF0pcZXY2WbJaH3f16QE/nnEoIdUBaXHVQv9A=; b=hONbBHfal9SyuMq8lmY24UbqCthG1BtqrVCjw1lZnKv2OuDuHbtOHWm6ZJVhtN+kp7 xfaVPeU5RTa+A2hICWZurgHtzp8Kq7fRijo1Rkc3TQh3I4rOqRr4ZTgjHPgS7UDABP6Y 2SBc0WFz4kBvIvUgHAprl83m4Modh22uJf1OA4s/nXyizD6CHypoQiNuEMi8rP6g43To rxLkB6z41Ed21zGh+aUPn5u09puEkeWLvvsnmm39Y7ESoMjKHWThyOBxj2nazyKwewnz IKB/4bm4zoy8UQGu3SwYRadwLL7MQLTSfxMiNVPMU2jdBsLAkX+ahG6/WymyGOCMVFVK RjZg== X-Gm-Message-State: AOJu0Yyh+qn9pEKTNKLxiM9Q2zaMZvU7yuzVGuFDbuaNbELOxRrSDyr2 CUxppMwOrJCP7BkHMIDeEjSbzkK3KZGXR89QVFQHjQCLfscvpKtyZBFKxRCP1qcxhE1BUtq1uIX y X-Google-Smtp-Source: AGHT+IEHDEWBi/SzANOj4XD7ZWfityHK2vjvw5iGDozeNKyftUcziTsRg12b3XqTY2oOdKqgNRPwVw== X-Received: by 2002:a05:6a00:10c4:b0:6e0:4b8a:7ab7 with SMTP id d4-20020a056a0010c400b006e04b8a7ab7mr578712pfu.21.1707860624886; Tue, 13 Feb 2024 13:43:44 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 5/7] ncurses: Fix CVE-2023-29491 Date: Tue, 13 Feb 2024 11:43:25 -1000 Message-Id: <041433f0767ae9112f6a74a7d7c93ce9b411792c.1707860435.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195434 From: virendra thakur memory corruption when processing malformed terminfo data entries loaded by setuid/setgid programs CVE-2023-29491.patch change the --disable-root-environ configure option behavior. set --disable-root-environ in configuration options. --disable-root-environ option with a few additional changes to the code allows us to mitigate CVE-2023-29491 and avoid other issues that involve the possibility of malicious use of environment variables through setuid applications, and, therefore, it was the fix chosen in order to resolve this vulnerability. Reference: https://ubuntu.com/security/CVE-2023-29491 https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1 Signed-off-by: virendra thakur Signed-off-by: Steve Sakoman --- .../ncurses/files/CVE-2023-29491.patch | 45 +++++++++++++++++++ meta/recipes-core/ncurses/ncurses_6.2.bb | 3 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2023-29491.patch b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch new file mode 100644 index 0000000000..0a0497723f --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch @@ -0,0 +1,45 @@ +Backport of: + +Author: Sven Joachim +Description: Change the --disable-root-environ configure option behavior + By default, the --disable-root-environ option forbids program run by + the superuser to load custom terminfo entries. This patch changes + that to only restrict programs running with elevated privileges, + matching the behavior of the --disable-setuid-environ option + introduced in the 20230423 upstream patchlevel. +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372#29 +Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00018.html +Forwarded: not-needed +Last-Update: 2023-05-01 + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ncurses/6.2-0ubuntu2.1/ncurses_6.2-0ubuntu2.1.debian.tar.xz] +CVE: CVE-2023-29491 +Signed-off-by: Virendra Thakur + +--- + ncurses/tinfo/access.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/ncurses/tinfo/access.c ++++ b/ncurses/tinfo/access.c +@@ -178,15 +178,16 @@ _nc_is_file_path(const char *path) + NCURSES_EXPORT(int) + _nc_env_access(void) + { ++ int result = TRUE; ++ + #if HAVE_ISSETUGID + if (issetugid()) +- return FALSE; ++ result = FALSE; + #elif HAVE_GETEUID && HAVE_GETEGID + if (getuid() != geteuid() + || getgid() != getegid()) +- return FALSE; ++ result = FALSE; + #endif +- /* ...finally, disallow root */ +- return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID); ++ return result; + } + #endif diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index 451bfbcb5d..33285bcb5b 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb @@ -5,11 +5,12 @@ SRC_URI += "file://0001-tic-hang.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ file://CVE-2021-39537.patch \ file://CVE-2022-29458.patch \ + file://CVE-2023-29491.patch \ " # commit id corresponds to the revision in package version SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" S = "${WORKDIR}/git" -EXTRA_OECONF += "--with-abi-version=5" +EXTRA_OECONF += "--with-abi-version=5 --disable-root-environ" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+(\+\d+)*)" # This is needed when using patchlevel versions like 6.1+20181013 From patchwork Tue Feb 13 21:43:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39265 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F9EEC4829A for ; Tue, 13 Feb 2024 21:43:47 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.26201.1707860627247652008 for ; Tue, 13 Feb 2024 13:43:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QnN7wLFy; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6e08dd0fa0bso138843b3a.1 for ; Tue, 13 Feb 2024 13:43:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860626; x=1708465426; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YMLCsOZVXvEU4p+mmDBVNpHaMRYnfo9qFmdmuxcQjoE=; b=QnN7wLFy45x9LgRU/hixuexjzZKFSSTbOxC/Rm2nzVkbTwoJkXiUvkCaZzBiAnTSe1 wwWErH1Wn2WgduuysDazHE+COXS+Fd2R+rGO/zJgNajW4VTE7Ltm87gNxOcIaIzrqw5F pNA12ZcnRpMClNjD0JdAhpWe+a63SWj5VvxFQLVi1LZlJFDti/mcK5wyPJgHgKYCXiEN SPOSO0qH/9O+wdcFc54+SIOj0mnzCASps5z/QbpUAZcC1652IsEAb/zOkMfofDmEFRge u8MG+uUqzQDVbnjOEV7tPv2FgAR7oli5nuo9Q5HTI9SSyFQt+Jqzm/AN5ik8gAz/TrFT GhSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860626; x=1708465426; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YMLCsOZVXvEU4p+mmDBVNpHaMRYnfo9qFmdmuxcQjoE=; b=F0COogrMSHDX5K6P1lckS5szL/Qe6wL8fJLb0zplLiqwAk9Z138UFxLxkNBjaBH4dl 9INQu/JN3miioM+AydXv70qX7tNWTDXTxS5Ny1jT6Vix+FBqFfxbqXQzt1BumoSwe1kX 4SxCWTygP7GjmWSznCHXG+NbFf05uDaUJJ9zDzvh+ymEIzJ3/RxbnCandGpBtrcszkmA CXr2B9qrTqcC4+l8RbtnpGpcWocHe0dzcIJa7rjqV8sInuedx3h6Wx2cPW5RYjesZv8a 6vu7zhRkrYdlpmI/EnMAFRhwTXnpV7spEw7e4CMxxqupecFlEhzqbXjZENPxal6A8jvf GruQ== X-Gm-Message-State: AOJu0YytkJfxMI9VRCgdqkFmt5gi53cA2sT5x/SV9UBdJ4WOLHbtonny 4KweDGLhXxKOXxua/ipZOeIsdQJ8hWuEwFNn4B6gHi/lcT+Ifnmq99eUifcS+850f5JpM4eE5WY p X-Google-Smtp-Source: AGHT+IHsLiQhs0uVi7+EEOy8qUCS+xWMzx0mIZaThHwEOrjrzQmDbiZvA0e9WiqxGG4bzKqbbMBdVg== X-Received: by 2002:a05:6a00:2d1d:b0:6e0:3d93:1bea with SMTP id fa29-20020a056a002d1d00b006e03d931beamr207497pfb.0.1707860626370; Tue, 13 Feb 2024 13:43:46 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 6/7] rsync: Fix rsync hanging when used with --relative Date: Tue, 13 Feb 2024 11:43:26 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195435 From: Matthias Schmitz Fixes [YOCTO #15383] This bug was introduced into upstream when fixing CVE-2022-29154. It was later discovered and fixed upstream but this fix didn't make it into poky yet. The added patch is taken from upstreams git repository: https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf Signed-off-by: Matthias Schmitz Signed-off-by: Steve Sakoman --- ...lative-when-copying-an-absolute-path.patch | 31 +++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch diff --git a/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch new file mode 100644 index 0000000000..b2e02dba97 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch @@ -0,0 +1,31 @@ +From fabef23bea6e9963c06e218586fda1a823e3c6bf Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Mon, 8 Aug 2022 21:30:21 -0700 +Subject: [PATCH] Fix --relative when copying an absolute path. + +CVE: CVE-2022-29154 +Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf] +Signed-off-by: Matthias Schmitz +--- + exclude.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/exclude.c b/exclude.c +index 2394023f..ba5ca5a3 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -434,8 +434,10 @@ void add_implied_include(const char *arg) + *p++ = *cp++; + break; + case '/': +- if (p[-1] == '/') /* This is safe because of the initial slash. */ ++ if (p[-1] == '/') { /* This is safe because of the initial slash. */ ++ cp++; + break; ++ } + if (relative_paths) { + filter_rule const *ent; + int found = 0; +-- +2.39.2 + diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb index a5c20dee34..c744503227 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2016-9842.patch \ file://CVE-2016-9843.patch \ file://CVE-2022-29154.patch \ + file://0001-Fix-relative-when-copying-an-absolute-path.patch \ " SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" From patchwork Tue Feb 13 21:43:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39268 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93574C4829A for ; Tue, 13 Feb 2024 21:43:57 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.26115.1707860628733275509 for ; Tue, 13 Feb 2024 13:43:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oZXShYzu; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso3610102a12.3 for ; Tue, 13 Feb 2024 13:43:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1707860628; x=1708465428; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=T8D0jCGwzeuNwf68ZYCz2O3SADzT0hxa0Ml9kpp5ySQ=; b=oZXShYzuiK/lqNp+XCBnzIzjqjjp24qUicNPFHViIHBkmvUnmzB23iQOU6qMsbiBtG cVyBpVj4/t7ga519J4zdQqc56hAMmlwnJgyere4Or9keNz4D6dcuItM5Q5nfd96wmul3 c3gkfz69/B+F6wpEHLpmd1Mj1nvoF8wyZOocmwJoVCO9e8Q9Q5ttz7m6OLhKIpJQg7wQ nbE7Ro7JY00jkUR08nqAV+WJs15PsmptsEG9fN+Gnlhiy42gTV0DSCXn9Sd2heEIkiu3 QGJbEj9ptEEpJlufsRuhDClZha42zZmJAnCpsub3yzrq4TLfrJvZflFfYaOyVwk4mrlK WTGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707860628; x=1708465428; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T8D0jCGwzeuNwf68ZYCz2O3SADzT0hxa0Ml9kpp5ySQ=; b=MscQ2xbyvV/mf10rB/37LoxC8c7NIC9bQTSkifXkLJmPn4kbk1qmZEnPtkpSmbWzjU dPhpmYJATuxTVVRR3C8vYlMIAZLRUDmzwWtq+r216bHvKTw0k1Vc7SME+cYZSr+1n7va t9kZk/7MzsQpnn1AOAV+ATZ4VbcHEcLP8ewTtfv/SFmKP3WFsmsYKLPZQvdqJdCvyqdd GGrTA9P6BIcHxX36l9/H4TlY/2KvkWne/8t1+cqFJIpxQiwvtyMhjV/fnzg1X+Xu3xU7 Cf0y5a6GFIcwRdCzSRVsT5Mg9k4/ERG6Z65P+cK8xQCyf0NYmtJEY9ji95lQlRQhWANG hr3A== X-Gm-Message-State: AOJu0Yy1f1TNntJVx9xPchm2TFGFy4Yk1Szd+CwFeAt9Mo4LzUfc+sEw xy22+pT6EERpMCvWoKHQpnj/h/COE81KC4FmavAhqmOgTplYwHWysvpFiOJd8gl4m6zVYiG7l2M s X-Google-Smtp-Source: AGHT+IE4g1wnOI5Q1iCiHvUjnm4+Chztu9b1pgAFaJOe620dqAzHiQXNqzj0eOn29UJDLMYzn7XygA== X-Received: by 2002:a05:6a00:1d0b:b0:6e0:7f22:81bd with SMTP id a11-20020a056a001d0b00b006e07f2281bdmr609591pfx.20.1707860627921; Tue, 13 Feb 2024 13:43:47 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id x37-20020a056a0018a500b006e04efcfbc2sm7767327pfh.74.2024.02.13.13.43.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 13:43:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 7/7] cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES Date: Tue, 13 Feb 2024 11:43:27 -1000 Message-Id: <7ab6087536bc67c63094f08f863dcd3d5e35b8e7.1707860435.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 Feb 2024 21:43:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195436 From: Zahir Hussain As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake file to configure the toolchain correctly in cross-compile build for recipes using cmake. The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly during do_compile the code. Due to this getting sporadic error like below, fatal error: stdlib.h: No such file or directory | 75 | #include_next | | ^~~~~~~~~~ | compilation terminated. | ninja: build stopped: subcommand failed. | WARNING: exit code 1 from a shell command. As cmake already correctly initializes the variable from environment, So we have to unset it in the toolchain file to avoid overwriting the variable definition again. Signed-off-by: aszh07 Signed-off-by: Zahir Hussain Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake index a7020da9c7..870009c2ba 100644 --- a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake +++ b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -19,3 +19,6 @@ file( GLOB toolchain_config_files "${CMAKE_TOOLCHAIN_FILE}.d/*.cmake" ) foreach(config ${toolchain_config_files}) include(${config}) endforeach() + +unset(CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES) +unset(CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES)