From patchwork Thu Feb 15 16:17:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39321 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39CE3C48BC4 for ; Thu, 15 Feb 2024 16:18:18 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.18114.1708013894904612502 for ; Thu, 15 Feb 2024 08:18:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=eepN0fDE; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1db5212e2f6so7760555ad.1 for ; Thu, 15 Feb 2024 08:18:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013894; x=1708618694; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0TmshoxHMtKkNQLvYRz6Taw/7IYqklWph3EloalJQ/I=; b=eepN0fDEqepyQTt6hmqxH7qaiM/oP/TPSSr0+OUX8STWLG/ol+R8YqW8V5i+3IaKws c320mKbyolEKxJFT5Sdq82F1d+CjwCEsA0wbVAs80Y1oHg7R5d9jXO591jgilTnShtAX t+ljBgIt26PPmiNszOpW7zXPGzmLmDtDP2QugKZzOLC0pKcP/gpujmxQolyeNEEsPMwX omLsyOW0gmO4vkg6KMqwq2VIiZ+HCEmOafbLQpxIFsVx8vmgW4gi8UPUCdvef4jmlyBG RSh+g0Fh8wSnqXJj6TnYKdYXsCtrjdh429HdzrHKwz2TqNumX2UtkrDKpSXnjJumq55n MokQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013894; x=1708618694; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0TmshoxHMtKkNQLvYRz6Taw/7IYqklWph3EloalJQ/I=; b=QEXpnWNXBzkLUYUAqBoAa4zW2LraJ19uPjUthDGWHEyZbKZhLDCLjcP/J5vh6tVjKQ fuSSahoojDNqJPZ4vqkigFeBpJzh4bJPvrursV2ffMRYJb9reHaO/LD2hzgIsD5wgxKP YIESWVcfGJqJP9xyHfZwZaOyXZWFpUn8CbkEK1mjjmRDH3g0sK8acvAOZmIfQS9YviLd UqrO72pLpy3k8ZqRnw7TAUggojhN9O88fzkNkRKBU/xpNGiW23WRU64E1QSJz7u+zdJo lwrgoTz5Qj0F/+KXpmQnd0OUergBtullWmnbVVa9B08V8OS4iTCAwLfWpjeAPur8UsGz 9U1g== X-Gm-Message-State: AOJu0YwtXcsw7PW+byakPbOO51ppm7rwV0t3/1uYlHbhXOWKmxZ/gcCQ F5hl+puci14K5rDo5BZoyPkXkOO6sly8uD+ZkZyJdQ5xT+O7uOnIOQKNDLb4wjxsROyalc+mwuB iEhI= X-Google-Smtp-Source: AGHT+IE2Yp+rIWJmjhJOw3wja0f03MoTklMuzFnQkcCpGZAi0rSAIn0OVhHsKvy3JPz7Kp5Ewy4YhA== X-Received: by 2002:a17:902:e5c8:b0:1db:2ad2:8ee3 with SMTP id u8-20020a170902e5c800b001db2ad28ee3mr3519821plf.15.1708013894133; Thu, 15 Feb 2024 08:18:14 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 01/21] tiff: fix CVE-2023-6228 Date: Thu, 15 Feb 2024 06:17:44 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195521 From: Yogita Urade CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. References: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://gitlab.com/libtiff/libtiff/-/issues/606 Signed-off-by: Yogita Urade Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 55735e0d75820d59e569a630679f9ac403c7fdbe) Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2023-6228.patch | 31 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch new file mode 100644 index 0000000000..2020508fdf --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch @@ -0,0 +1,31 @@ +From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Wed, 17 Jan 2024 06:57:08 +0000 +Subject: [PATCH] codec of input image is available, independently from codec + check of output image and return with error if not. + +Fixes #606. + +CVE: CVE-2023-6228 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a] + +Signed-off-by: Yogita Urade +--- + tools/tiffcp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index aff0626..a4f7f6b 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out) + if (!TIFFIsCODECConfigured(compression)) + return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); ++ if (!TIFFIsCODECConfigured(input_compression)) ++ return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); + if (input_compression == COMPRESSION_JPEG) + { +-- +2.40.0 diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index 4c472f8ef6..eb8a096f19 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb @@ -12,6 +12,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch \ file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch \ file://CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch \ + file://CVE-2023-6228.patch \ " SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" From patchwork Thu Feb 15 16:17:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39322 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42DEDC4829E for ; Thu, 15 Feb 2024 16:18:18 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.17930.1708013897085378941 for ; Thu, 15 Feb 2024 08:18:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=b49DkYct; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1d94b222a3aso9578485ad.2 for ; Thu, 15 Feb 2024 08:18:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013896; x=1708618696; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cb7BnGxnKp2cid32BcjzlWGoafgsohgT9gPVCZ5iS7Y=; b=b49DkYct1pdLQoQ5WDBE+bic6yuV4Ws8hROWAiUYqhIfrR6KAppS152DbKPFiAh2+N 9WTzlwnGfa1+puxnYiD4XvtQ5bWGM+dhqEmu6/F6PZZJsJx4plpsJlcQojBrAVy6dagI hpdPCEC/T2WqZFI4ylGnUziWjb7UC9CrRD82Y+U01VZiq3+3sqAGFhQCyJf9qnoZLCY3 HnI0Y/tqbmjQKWePO87O1ndnQCdYEQ5vivcx9fuZDF2C9q+JRpNt3nxni4p4R4laZx22 DkMLPhlSMN9xEWLn35NWEzj63E+OzL3YBaUJwcQQH6qRuvz4EN0vZhPcfAP5cYBdu0AB l4VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013896; x=1708618696; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cb7BnGxnKp2cid32BcjzlWGoafgsohgT9gPVCZ5iS7Y=; b=QcOFUVLPOHv3ayc+sdUhhManVD2DxSYBq2/GojnLyctnAjgkgeP0m2GgU3HuLVMrz3 Pmcn8s3WxzUm8VzAdfR6cvKAiSkgUjwiTAoGy1ZaSpqh0lYmTCQq5+BIRhFYRTZbu008 x2e8iRYLTCBow89lQKb4vdzjC23trYmFeXmd7/TIeqg00yNGHKh1I4SoM9hMADwRQBah WV/+jHHTE5qvhKH71BwUKF0bZ9cP5a9T5Y5oE4znOfUKEcc8h/8V0TDVOBiaXpcyr3XX uhSH6Sy3VbXKPhJ4NSe8Ou/MsB/yjxgvlkP652N/m6ZSbi2wSVdafOYiIvV/mVBBtHx6 jb/Q== X-Gm-Message-State: AOJu0Yxe3K06EIE0CjdrLitWaxoJ6qtJOak6xfrM9gDQmpPFStIxPLy3 uPiWJbKY0q3bP/fVUY9W6OXzyVQs6gpLW8gBzNhdmx60ueAXoqjij7jvFG9JbUWSD9dGVhrbDdl 7yYA= X-Google-Smtp-Source: AGHT+IEJRikCKkV0thpfxNDA/IeWWTo0ajz/ZCc+tGd/u7y8d2+YZ8PRod1EL4c8/kK3fXzMhfLwYw== X-Received: by 2002:a17:902:8218:b0:1db:5eaa:e9a2 with SMTP id x24-20020a170902821800b001db5eaae9a2mr2048389pln.64.1708013896066; Thu, 15 Feb 2024 08:18:16 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 02/21] tiff: fix CVE-2023-52355 and CVE-2023-52356 Date: Thu, 15 Feb 2024 06:17:45 -1000 Message-Id: <71348662169be9737b10fbd305646df9295a07f6.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195522 From: Yogita Urade CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 Signed-off-by: Yogita Urade Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2023-52355-0001.patch | 238 ++++++++++++++++++ .../libtiff/tiff/CVE-2023-52355-0002.patch | 28 +++ .../libtiff/tiff/CVE-2023-52356.patch | 49 ++++ meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 3 + 4 files changed, 318 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0001.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0002.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0001.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0001.patch new file mode 100644 index 0000000000..f5520fcafd --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0001.patch @@ -0,0 +1,238 @@ +From 335947359ce2dd3862cd9f7c49f92eba065dfed4 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Thu, 1 Feb 2024 13:06:08 +0000 +Subject: [PATCH] manpage: Update TIFF documentation about TIFFOpenOptions.rst + and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes. + +CVE: CVE-2023-52355 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4] + +Signed-off-by: Yogita Urade +--- + doc/functions/TIFFDeferStrileArrayWriting.rst | 5 +++ + doc/functions/TIFFError.rst | 3 ++ + doc/functions/TIFFOpen.rst | 13 +++--- + doc/functions/TIFFOpenOptions.rst | 44 ++++++++++++++++++- + doc/functions/TIFFStrileQuery.rst | 5 +++ + doc/libtiff.rst | 31 ++++++++++++- + 6 files changed, 91 insertions(+), 10 deletions(-) + +diff --git a/doc/functions/TIFFDeferStrileArrayWriting.rst b/doc/functions/TIFFDeferStrileArrayWriting.rst +index 60ee746..705aebc 100644 +--- a/doc/functions/TIFFDeferStrileArrayWriting.rst ++++ b/doc/functions/TIFFDeferStrileArrayWriting.rst +@@ -61,6 +61,11 @@ Diagnostics + All error messages are directed to the :c:func:`TIFFErrorExtR` routine. + Likewise, warning messages are directed to the :c:func:`TIFFWarningExtR` routine. + ++Note ++---- ++ ++This functionality was introduced with libtiff 4.1. ++ + See also + -------- + +diff --git a/doc/functions/TIFFError.rst b/doc/functions/TIFFError.rst +index 99924ad..cf4b37c 100644 +--- a/doc/functions/TIFFError.rst ++++ b/doc/functions/TIFFError.rst +@@ -65,6 +65,9 @@ or :c:func:`TIFFClientOpenExt`. + Furthermore, a **custom defined data structure** *user_data* for the + error handler can be given along. + ++Please refer to :doc:`/functions/TIFFOpenOptions` for how to setup the ++application-specific handler introduced with libtiff 4.5. ++ + Note + ---- + +diff --git a/doc/functions/TIFFOpen.rst b/doc/functions/TIFFOpen.rst +index db79d7b..adc474f 100644 +--- a/doc/functions/TIFFOpen.rst ++++ b/doc/functions/TIFFOpen.rst +@@ -94,8 +94,9 @@ TIFF structure without closing the file handle and afterwards the + file should be closed using its file descriptor *fd*. + + :c:func:`TIFFOpenExt` (added in libtiff 4.5) is like :c:func:`TIFFOpen`, +-but options, such as re-entrant error and warning handlers may be passed +-with the *opts* argument. The *opts* argument may be NULL. ++but options, such as re-entrant error and warning handlers and a limit in byte ++that libtiff internal memory allocation functions are allowed to request per call ++may be passed with the *opts* argument. The *opts* argument may be NULL. + Refer to :doc:`TIFFOpenOptions` for allocating and filling the *opts* argument + parameters. The allocated memory for :c:type:`TIFFOpenOptions` + can be released straight after successful execution of the related +@@ -105,9 +106,7 @@ can be released straight after successful execution of the related + but opens a TIFF file with a Unicode filename. + + :c:func:`TIFFFdOpenExt` (added in libtiff 4.5) is like :c:func:`TIFFFdOpen`, +-but options, such as re-entrant error and warning handlers may be passed +-with the *opts* argument. The *opts* argument may be NULL. +-Refer to :doc:`TIFFOpenOptions` for filling the *opts* argument. ++but options argument *opts* like for :c:func:`TIFFOpenExt` can be passed. + + :c:func:`TIFFSetFileName` sets the file name in the tif-structure + and returns the old file name. +@@ -326,5 +325,5 @@ See also + + :doc:`libtiff` (3tiff), + :doc:`TIFFClose` (3tiff), +-:doc:`TIFFStrileQuery`, +-:doc:`TIFFOpenOptions` +\ No newline at end of file ++:doc:`TIFFStrileQuery` (3tiff), ++:doc:`TIFFOpenOptions` +diff --git a/doc/functions/TIFFOpenOptions.rst b/doc/functions/TIFFOpenOptions.rst +index 5c67566..23f2975 100644 +--- a/doc/functions/TIFFOpenOptions.rst ++++ b/doc/functions/TIFFOpenOptions.rst +@@ -38,12 +38,17 @@ opaque structure and returns a :c:type:`TIFFOpenOptions` pointer. + :c:func:`TIFFOpenOptionsFree` releases the allocated memory for + :c:type:`TIFFOpenOptions`. The allocated memory for :c:type:`TIFFOpenOptions` + can be released straight after successful execution of the related +-TIFF open"Ext" functions like :c:func:`TIFFOpenExt`. ++TIFFOpen"Ext" functions like :c:func:`TIFFOpenExt`. + + :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc` sets parameter for the + maximum single memory limit in byte that ``libtiff`` internal memory allocation + functions are allowed to request per call. + ++.. note:: ++ However, the ``libtiff`` external functions :c:func:`_TIFFmalloc` ++ and :c:func:`_TIFFrealloc` **do not apply** this internal memory ++ allocation limit set by :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc`! ++ + :c:func:`TIFFOpenOptionsSetErrorHandlerExtR` sets the function pointer to + an application-specific and per-TIFF handle (re-entrant) error handler. + Furthermore, a pointer to a **custom defined data structure** *errorhandler_user_data* +@@ -55,6 +60,43 @@ The *errorhandler_user_data* argument may be NULL. + :c:func:`TIFFOpenOptionsSetErrorHandlerExtR` but for the warning handler, + which is invoked through :c:func:`TIFFWarningExtR` + ++Example ++------- ++ ++:: ++ ++ #include "tiffio.h" ++ ++ typedef struct MyErrorHandlerUserDataStruct ++ { ++ /* ... any user data structure ... */ ++ } MyErrorHandlerUserDataStruct; ++ ++ static int myErrorHandler(TIFF *tiff, void *user_data, const char *module, ++ const char *fmt, va_list ap) ++ { ++ MyErrorHandlerUserDataStruct *errorhandler_user_data = ++ (MyErrorHandlerUserDataStruct *)user_data; ++ /*... code of myErrorHandler ...*/ ++ return 1; ++ } ++ ++ ++ main() ++ { ++ tmsize_t limit = (256 * 1024 * 1024); ++ MyErrorHandlerUserDataStruct user_data = { /* ... any data ... */}; ++ ++ TIFFOpenOptions *opts = TIFFOpenOptionsAlloc(); ++ TIFFOpenOptionsSetMaxSingleMemAlloc(opts, limit); ++ TIFFOpenOptionsSetErrorHandlerExtR(opts, myErrorHandler, &user_data); ++ TIFF *tif = TIFFOpenExt("foo.tif", "r", opts); ++ TIFFOpenOptionsFree(opts); ++ /* ... go on here ... */ ++ ++ TIFFClose(tif); ++ } ++ + Note + ---- + +diff --git a/doc/functions/TIFFStrileQuery.rst b/doc/functions/TIFFStrileQuery.rst +index f8631af..7931fe4 100644 +--- a/doc/functions/TIFFStrileQuery.rst ++++ b/doc/functions/TIFFStrileQuery.rst +@@ -66,6 +66,11 @@ Diagnostics + All error messages are directed to the :c:func:`TIFFErrorExtR` routine. + Likewise, warning messages are directed to the :c:func:`TIFFWarningExtR` routine. + ++Note ++---- ++ ++This functionality was introduced with libtiff 4.1. ++ + See also + -------- + +diff --git a/doc/libtiff.rst b/doc/libtiff.rst +index 6a0054c..d96a860 100644 +--- a/doc/libtiff.rst ++++ b/doc/libtiff.rst +@@ -90,11 +90,15 @@ compatibility on machines with a segmented architecture. + :c:func:`realloc`, and :c:func:`free` routines in the C library.) + + To deal with segmented pointer issues ``libtiff`` also provides +-:c:func:`_TIFFmemcpy`, :c:func:`_TIFFmemset`, and :c:func:`_TIFFmemmove` ++:c:func:`_TIFFmemcpy`, :c:func:`_TIFFmemset`, and :c:func:`_TIFFmemcmp` + routines that mimic the equivalent ANSI C routines, but that are + intended for use with memory allocated through :c:func:`_TIFFmalloc` + and :c:func:`_TIFFrealloc`. + ++With ``libtiff`` 4.5 a method was introduced to limit the internal ++memory allocation that functions are allowed to request per call ++(see :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc` and :c:func:`TIFFOpenExt`). ++ + Error Handling + -------------- + +@@ -106,6 +110,10 @@ routine that can be specified with a call to :c:func:`TIFFSetErrorHandler`. + Likewise warning messages are directed to a single handler routine + that can be specified with a call to :c:func:`TIFFSetWarningHandler` + ++Further application-specific and per-TIFF handle (re-entrant) error handler ++and warning handler can be set. Please refer to :doc:`/functions/TIFFError` ++and :doc:`/functions/TIFFOpenOptions`. ++ + Basic File Handling + ------------------- + +@@ -139,7 +147,7 @@ a ``"w"`` argument: + main() + { + TIFF* tif = TIFFOpen("foo.tif", "w"); +- ... do stuff ... ++ /* ... do stuff ... */ + TIFFClose(tif); + } + +@@ -157,6 +165,25 @@ to always call :c:func:`TIFFClose` or :c:func:`TIFFFlush` to flush any + buffered information to a file. Note that if you call :c:func:`TIFFClose` + you do not need to call :c:func:`TIFFFlush`. + ++.. warning:: ++ ++ In order to prevent out-of-memory issues when opening a TIFF file ++ :c:func:`TIFFOpenExt` can be used and then the maximum single memory ++ limit in byte that ``libtiff`` internal memory allocation functions ++ are allowed to request per call can be set with ++ :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc`. ++ ++Example ++ ++:: ++ ++ tmsize_t limit = (256 * 1024 * 1024); ++ TIFFOpenOptions *opts = TIFFOpenOptionsAlloc(); ++ TIFFOpenOptionsSetMaxSingleMemAlloc(opts, limit); ++ TIFF *tif = TIFFOpenExt("foo.tif", "w", opts); ++ TIFFOpenOptionsFree(opts); ++ /* ... go on here ... */ ++ + TIFF Directories + ---------------- + +-- +2.40.0 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0002.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0002.patch new file mode 100644 index 0000000000..19a1ef727a --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0002.patch @@ -0,0 +1,28 @@ +From 16ab4a205cfc938c32686e8d697d048fabf97ed4 Mon Sep 17 00:00:00 2001 +From: Timothy Lyanguzov +Date: Thu, 1 Feb 2024 11:19:06 +0000 +Subject: [PATCH] Fix typo. + +CVE: CVE-2023-52355 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/16ab4a205cfc938c32686e8d697d048fabf97ed4] + +Signed-off-by: Yogita Urade +--- + doc/libtiff.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/libtiff.rst b/doc/libtiff.rst +index d96a860..4fedc3e 100644 +--- a/doc/libtiff.rst ++++ b/doc/libtiff.rst +@@ -169,7 +169,7 @@ you do not need to call :c:func:`TIFFFlush`. + + In order to prevent out-of-memory issues when opening a TIFF file + :c:func:`TIFFOpenExt` can be used and then the maximum single memory +- limit in byte that ``libtiff`` internal memory allocation functions ++ limit in bytes that ``libtiff`` internal memory allocation functions + are allowed to request per call can be set with + :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc`. + +-- +2.40.0 diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch new file mode 100644 index 0000000000..75f5d8946a --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch @@ -0,0 +1,49 @@ +From 51558511bdbbcffdce534db21dbaf5d54b31638a Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Thu, 1 Feb 2024 11:38:14 +0000 +Subject: [PATCH] TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of + col/row (fixes #622) + +CVE: CVE-2023-52356 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a] + +Signed-off-by: Yogita Urade +--- + libtiff/tif_getimage.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index 41f7dfd..9cd6eee 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint32_t row, uint32_t *raster, + if (TIFFRGBAImageOK(tif, emsg) && + TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg)) + { ++ if (row >= img.height) ++ { ++ TIFFErrorExtR(tif, TIFFFileName(tif), ++ "Invalid row passed to TIFFReadRGBAStrip()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } + + img.row_offset = row; + img.col_offset = 0; +@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint32_t col, uint32_t row, uint32_t *raster, + return (0); + } + ++ if (col >= img.width || row >= img.height) ++ { ++ TIFFErrorExtR(tif, TIFFFileName(tif), ++ "Invalid row/col passed to TIFFReadRGBATile()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } ++ + /* + * The TIFFRGBAImageGet() function doesn't allow us to get off the + * edge of the image, even to fill an otherwise valid tile. So we +-- +2.40.0 diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index eb8a096f19..a26e4694f6 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb @@ -13,6 +13,9 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch \ file://CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch \ file://CVE-2023-6228.patch \ + file://CVE-2023-52355-0001.patch \ + file://CVE-2023-52355-0002.patch \ + file://CVE-2023-52356.patch \ " SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" From patchwork Thu Feb 15 16:17:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39324 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23992C48BEB for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web10.17931.1708013898626828910 for ; Thu, 15 Feb 2024 08:18:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wke0NsHA; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d72f71f222so8514995ad.1 for ; Thu, 15 Feb 2024 08:18:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013898; x=1708618698; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6uVwpMArWSqMSvGcOn+nGVZ48Sog1wBAS9gkumxo/2o=; b=wke0NsHAKepoMEohsw5ddkiT1LtqEtRN+4GsKLC5AGnzGznQ+OZrVJgm1MAsN1AMR2 GEa5Sb1SkqGcbCzI8lffTNdsl+prK8WAXRznXaFOOXxNJ+lx/v4OsVqA/ERSgt4KkXKM oCHpDtNHnFGfSZwF9uRtddSHpKjzlgLNMf9T5j2Wwq5jo8yUiARg3ifkIbGf99Mu36j4 sNyZImMqp7VHZhH9qIqlKArNjqNBdLdma7oP1uxbTD60JYsfV7e15mIakw2qsSvBFEEI QOnyvmaPWOo+04sWycLowVwahxAOft4y5cFDGXPzmg4MXspU152JlKwlrdafu6+alSeI klAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013898; x=1708618698; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6uVwpMArWSqMSvGcOn+nGVZ48Sog1wBAS9gkumxo/2o=; b=viG3OsJV9Y/MI2QbuBca9tvinnohHdlXcGlxgSH699q7G2ufOrZzabGUlREZzX0pKB du8Bf4kNH5ahnXY1/a0LAUq/wxUj312SI4Ym4uA+AxwsbnEuZduQikbRBPuf6eaQStBX mDbDyGf1lxnPhBxp6lTyPDTzO0ttQEdgNJEiB+9M0TVqS/ShHjLe4z0Gfu7TjQuw2yGB pYErOfY3vvBOHfLks+r7X3KT7jM9E4AcOy7BI+QwEdenbi3TMOw+ONs4RtTxvA4nq+fA A94yN80K2bTnNuyXypvu5SbVlIAO5l6e9SoWElxvbUsM05se9WByo50VPp4U1YMW7UYR /DQg== X-Gm-Message-State: AOJu0Yz0BqvSbYMDAnCEMcFpllkbvOxpCNk9SKvoEv9Smw6cSleOApYa gv6FipBOdomMVu9QszdMiWo3A7enbOkyL+tAEeaTRzsGRyDcg07OM5MDS6DdaohKeu/saeLFzXv l2l8= X-Google-Smtp-Source: AGHT+IEkKFIlRFs5I93v+2djtxvGEJBwEvC5oZJi0Ueg3EDLs/iVkE0uD2imCtS5mOnbcYeqI9+KUg== X-Received: by 2002:a17:902:6f10:b0:1db:9fa4:c770 with SMTP id w16-20020a1709026f1000b001db9fa4c770mr360023plk.34.1708013897902; Thu, 15 Feb 2024 08:18:17 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 03/21] zlib: ignore CVE-2023-6992 Date: Thu, 15 Feb 2024 06:17:46 -1000 Message-Id: <7523c7b3609220b4dfc2bb0a83c552db60e1dc7e.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195523 From: Peter Marko This CVE is for iCPE cloudflare:zlib. Alternative to ignoring would be to limit CVE_PRODUCT, but historic CVEs already have two - gnu:zlib and zlib:zlib. So limiting it could miss future CVEs. Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit 9f953a1cd832f03f0b3666168addf45fd4fc8d14) Signed-off-by: Steve Sakoman --- meta/recipes-core/zlib/zlib_1.3.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb index 1ed18172fa..ede75f90bd 100644 --- a/meta/recipes-core/zlib/zlib_1.3.bb +++ b/meta/recipes-core/zlib/zlib_1.3.bb @@ -47,3 +47,4 @@ do_install_ptest() { BBCLASSEXTEND = "native nativesdk" CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip" +CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib" From patchwork Thu Feb 15 16:17:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39329 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47285C48BF1 for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web10.17933.1708013900671019309 for ; Thu, 15 Feb 2024 08:18:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=g2U2otoB; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1db562438e0so8822125ad.3 for ; Thu, 15 Feb 2024 08:18:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013900; x=1708618700; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CY5uDe1cOJuxpGWHRzVbXkViOlraQq48PDzxALD0chs=; b=g2U2otoBR5BzwWPQQWvO2k1nXtm5QAUkdhn5fh0+OzL2RUuBfVk4+llTL1BQSaTESQ cavJTWOwJoysvpO6HgOYuNQGuwh1MXVKw9AvzrkI0hHp2ry+XGhg9aGuiuLkmssg5eJi gD1fdQ5c45oJZ41YbPpzAQFTke0XGKc7w0pIujTdU/z3VLoxCfIBW7jKWgIg7/LRyBCe KIg3ejMjFiM0q6mW4kCkY27/rozbTE1CrNZKZrezQk9yCN/BBTc5Mh2nyE3r8XFIcBNo ovML7+73lSOkdoAuPeyASTvz8oFeebZoKYKiFNFE+nd6+XnOZ8eh4vzfEfZ5iQKtibvA TYLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013900; x=1708618700; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CY5uDe1cOJuxpGWHRzVbXkViOlraQq48PDzxALD0chs=; b=PbVq0/okWaR9hbiZh0cntFvLN4RAcYLUtcRE1yVR9j60CmBJ5cxEQyltISwLQI6zlS 651menmI1UzJuGq5Pwkfsq+0vIZtaZ4FOqElEOsh4Bqyax5tnz2A4Guobjsz7jSQr50c d0WeEpu7CJxBcR0l65WpOd7ISXlERMRtXH1sLzbZDJ0tOd97SQJK7cUWi1QTLOuTfcUl hj+tOUDHhkkXWCmHzVuR39jkdUsu8cGT3Gi1hDWanpktxqX7MB70awGvkrKZSxBRXwJl ElQS2L3isn2SL93mTkKNE23l72PmUvlgpGb11zLPlNwmiTgSKJKCS2En+jI2OoyVa5TN YuFw== X-Gm-Message-State: AOJu0Yw36BLoFoMr9i4LLPIVIFvPWNnRMDiYL53Lv1pytn5elTkAQFaN 2DsuRxLvr7q/ma+Q3XaDLnVlkNBXnCNBVUZeMXjNyXegjTyVD6kvCLhfO8Ez20YsF2XIqTyleF7 YSGM= X-Google-Smtp-Source: AGHT+IEQaL4bqydBgViqE03rGKSeJiLfXgFtvyKoTHXC5mBW1KmETA+rfxWhI3sRCI9nh8VwWcDM9g== X-Received: by 2002:a17:903:2301:b0:1d9:7095:7e1f with SMTP id d1-20020a170903230100b001d970957e1fmr2835892plh.67.1708013899764; Thu, 15 Feb 2024 08:18:19 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:19 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 04/21] libssh2: backport fix for CVE-2023-48795 Date: Thu, 15 Feb 2024 06:17:47 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195524 From: Ross Burton Backport the upstream fix for CVE-2023-48795. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 314fa19c5e07fa632ff0434a6adbb97de1319a02) Signed-off-by: Steve Sakoman --- .../libssh2/libssh2/CVE-2023-48795.patch | 466 ++++++++++++++++++ .../recipes-support/libssh2/libssh2_1.11.0.bb | 1 + 2 files changed, 467 insertions(+) create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch b/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch new file mode 100644 index 0000000000..ab0f419ac5 --- /dev/null +++ b/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch @@ -0,0 +1,466 @@ +From d4634630432594b139b3af6b9f254b890c0f275d Mon Sep 17 00:00:00 2001 +From: Michael Buckley +Date: Thu, 30 Nov 2023 15:08:02 -0800 +Subject: [PATCH] src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" + +Refs: +https://terrapin-attack.com/ +https://seclists.org/oss-sec/2023/q4/292 +https://osv.dev/list?ecosystem=&q=CVE-2023-48795 +https://github.com/advisories/GHSA-45x7-px36-x8w8 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 + +Fixes #1290 +Closes #1291 + +CVE: CVE-2023-48795 +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + src/kex.c | 63 +++++++++++++++++++++++------------ + src/libssh2_priv.h | 18 +++++++--- + src/packet.c | 83 +++++++++++++++++++++++++++++++++++++++++++--- + src/packet.h | 2 +- + src/session.c | 3 ++ + src/transport.c | 12 ++++++- + 6 files changed, 149 insertions(+), 32 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index d4034a0a..b4b748ca 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -3037,6 +3037,13 @@ kex_method_extension_negotiation = { + 0, + }; + ++static const LIBSSH2_KEX_METHOD ++kex_method_strict_client_extension = { ++ "kex-strict-c-v00@openssh.com", ++ NULL, ++ 0, ++}; ++ + static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + #if LIBSSH2_ED25519 + &kex_method_ssh_curve25519_sha256, +@@ -3055,6 +3062,7 @@ static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + &kex_method_diffie_helman_group1_sha1, + &kex_method_diffie_helman_group_exchange_sha1, + &kex_method_extension_negotiation, ++ &kex_method_strict_client_extension, + NULL + }; + +@@ -3307,13 +3315,13 @@ static int kexinit(LIBSSH2_SESSION * session) + return 0; + } + +-/* kex_agree_instr ++/* _libssh2_kex_agree_instr + * Kex specific variant of strstr() + * Needle must be preceded by BOL or ',', and followed by ',' or EOL + */ +-static unsigned char * +-kex_agree_instr(unsigned char *haystack, size_t haystack_len, +- const unsigned char *needle, size_t needle_len) ++unsigned char * ++_libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len, ++ const unsigned char *needle, size_t needle_len) + { + unsigned char *s; + unsigned char *end_haystack; +@@ -3398,7 +3406,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + while(s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- if(kex_agree_instr(hostkey, hostkey_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(hostkey, hostkey_len, s, method_len)) { + const LIBSSH2_HOSTKEY_METHOD *method = + (const LIBSSH2_HOSTKEY_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3432,9 +3440,9 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session, + } + + while(hostkeyp && (*hostkeyp) && (*hostkeyp)->name) { +- s = kex_agree_instr(hostkey, hostkey_len, +- (unsigned char *) (*hostkeyp)->name, +- strlen((*hostkeyp)->name)); ++ s = _libssh2_kex_agree_instr(hostkey, hostkey_len, ++ (unsigned char *) (*hostkeyp)->name, ++ strlen((*hostkeyp)->name)); + if(s) { + /* So far so good, but does it suit our purposes? (Encrypting vs + Signing) */ +@@ -3468,6 +3476,12 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + { + const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods; + unsigned char *s; ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ ++ if(_libssh2_kex_agree_instr(kex, kex_len, strict, 28)) { ++ session->kex_strict = 1; ++ } + + if(session->kex_prefs) { + s = (unsigned char *) session->kex_prefs; +@@ -3475,7 +3489,7 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + while(s && *s) { + unsigned char *q, *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); +- q = kex_agree_instr(kex, kex_len, s, method_len); ++ q = _libssh2_kex_agree_instr(kex, kex_len, s, method_len); + if(q) { + const LIBSSH2_KEX_METHOD *method = (const LIBSSH2_KEX_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3509,9 +3523,9 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + } + + while(*kexp && (*kexp)->name) { +- s = kex_agree_instr(kex, kex_len, +- (unsigned char *) (*kexp)->name, +- strlen((*kexp)->name)); ++ s = _libssh2_kex_agree_instr(kex, kex_len, ++ (unsigned char *) (*kexp)->name, ++ strlen((*kexp)->name)); + if(s) { + /* We've agreed on a key exchange method, + * Can we agree on a hostkey that works with this kex? +@@ -3555,7 +3569,7 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(crypt, crypt_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) { + const LIBSSH2_CRYPT_METHOD *method = + (const LIBSSH2_CRYPT_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3577,9 +3591,9 @@ static int kex_agree_crypt(LIBSSH2_SESSION * session, + } + + while(*cryptp && (*cryptp)->name) { +- s = kex_agree_instr(crypt, crypt_len, +- (unsigned char *) (*cryptp)->name, +- strlen((*cryptp)->name)); ++ s = _libssh2_kex_agree_instr(crypt, crypt_len, ++ (unsigned char *) (*cryptp)->name, ++ strlen((*cryptp)->name)); + if(s) { + endpoint->crypt = *cryptp; + return 0; +@@ -3619,7 +3633,7 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(mac, mac_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(mac, mac_len, s, method_len)) { + const LIBSSH2_MAC_METHOD *method = (const LIBSSH2_MAC_METHOD *) + kex_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) +@@ -3640,8 +3654,9 @@ static int kex_agree_mac(LIBSSH2_SESSION * session, + } + + while(*macp && (*macp)->name) { +- s = kex_agree_instr(mac, mac_len, (unsigned char *) (*macp)->name, +- strlen((*macp)->name)); ++ s = _libssh2_kex_agree_instr(mac, mac_len, ++ (unsigned char *) (*macp)->name, ++ strlen((*macp)->name)); + if(s) { + endpoint->mac = *macp; + return 0; +@@ -3672,7 +3687,7 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s)); + +- if(kex_agree_instr(comp, comp_len, s, method_len)) { ++ if(_libssh2_kex_agree_instr(comp, comp_len, s, method_len)) { + const LIBSSH2_COMP_METHOD *method = + (const LIBSSH2_COMP_METHOD *) + kex_get_method_by_name((char *) s, method_len, +@@ -3694,8 +3709,9 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + } + + while(*compp && (*compp)->name) { +- s = kex_agree_instr(comp, comp_len, (unsigned char *) (*compp)->name, +- strlen((*compp)->name)); ++ s = _libssh2_kex_agree_instr(comp, comp_len, ++ (unsigned char *) (*compp)->name, ++ strlen((*compp)->name)); + if(s) { + endpoint->comp = *compp; + return 0; +@@ -3876,6 +3892,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3901,6 +3918,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + return -1; +@@ -3949,6 +3967,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + session->remote.kexinit = NULL; + } + ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_KEX_ACTIVE; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + +diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h +index 82c3afe2..ee1d8b5c 100644 +--- a/src/libssh2_priv.h ++++ b/src/libssh2_priv.h +@@ -699,6 +699,9 @@ struct _LIBSSH2_SESSION + /* key signing algorithm preferences -- NULL yields server order */ + char *sign_algo_prefs; + ++ /* Whether to use the OpenSSH Strict KEX extension */ ++ int kex_strict; ++ + /* (remote as source of data -- packet_read ) */ + libssh2_endpoint_data remote; + +@@ -870,6 +873,7 @@ struct _LIBSSH2_SESSION + int fullpacket_macstate; + size_t fullpacket_payload_len; + int fullpacket_packet_type; ++ uint32_t fullpacket_required_type; + + /* State variables used in libssh2_sftp_init() */ + libssh2_nonblocking_states sftpInit_state; +@@ -910,10 +914,11 @@ struct _LIBSSH2_SESSION + }; + + /* session.state bits */ +-#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000001 +-#define LIBSSH2_STATE_NEWKEYS 0x00000002 +-#define LIBSSH2_STATE_AUTHENTICATED 0x00000004 +-#define LIBSSH2_STATE_KEX_ACTIVE 0x00000008 ++#define LIBSSH2_STATE_INITIAL_KEX 0x00000001 ++#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000002 ++#define LIBSSH2_STATE_NEWKEYS 0x00000004 ++#define LIBSSH2_STATE_AUTHENTICATED 0x00000008 ++#define LIBSSH2_STATE_KEX_ACTIVE 0x00000010 + + /* session.flag helpers */ + #ifdef MSG_NOSIGNAL +@@ -1144,6 +1149,11 @@ ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer, + int _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + key_exchange_state_t * state); + ++unsigned char *_libssh2_kex_agree_instr(unsigned char *haystack, ++ size_t haystack_len, ++ const unsigned char *needle, ++ size_t needle_len); ++ + /* Let crypt.c/hostkey.c expose their method structs */ + const LIBSSH2_CRYPT_METHOD **libssh2_crypt_methods(void); + const LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void); +diff --git a/src/packet.c b/src/packet.c +index b5b41981..35d4d39e 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -605,14 +605,13 @@ authagent_exit: + * layer when it has received a packet. + * + * The input pointer 'data' is pointing to allocated data that this function +- * is asked to deal with so on failure OR success, it must be freed fine. +- * The only exception is when the return code is LIBSSH2_ERROR_EAGAIN. ++ * will be freed unless return the code is LIBSSH2_ERROR_EAGAIN. + * + * This function will always be called with 'datalen' greater than zero. + */ + int + _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate) ++ size_t datalen, int macstate, uint32_t seq) + { + int rc = 0; + unsigned char *message = NULL; +@@ -657,6 +656,70 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + break; + } + ++ if(session->state & LIBSSH2_STATE_INITIAL_KEX) { ++ if(msg == SSH_MSG_KEXINIT) { ++ if(!session->kex_strict) { ++ if(datalen < 17) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Data too short extracting kex"); ++ } ++ else { ++ const unsigned char *strict = ++ (unsigned char *)"kex-strict-s-v00@openssh.com"; ++ struct string_buf buf; ++ unsigned char *algs = NULL; ++ size_t algs_len = 0; ++ ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 17; /* advance past type and cookie */ ++ ++ if(_libssh2_get_string(&buf, &algs, &algs_len)) { ++ LIBSSH2_FREE(session, data); ++ session->packAdd_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_BUFFER_TOO_SMALL, ++ "Algs too short"); ++ } ++ ++ if(algs_len == 0 || ++ _libssh2_kex_agree_instr(algs, algs_len, strict, 28)) { ++ session->kex_strict = 1; ++ } ++ } ++ } ++ ++ if(session->kex_strict && seq) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ } ++ } ++ ++ if(session->kex_strict && session->fullpacket_required_type && ++ session->fullpacket_required_type != msg) { ++ LIBSSH2_FREE(session, data); ++ session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; ++ session->packAdd_state = libssh2_NB_state_idle; ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } ++ } ++ + if(session->packAdd_state == libssh2_NB_state_allocated) { + /* A couple exceptions to the packet adding rule: */ + switch(msg) { +@@ -1341,6 +1404,15 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type, + + return 0; + } ++ else if(session->kex_strict && ++ (session->state & LIBSSH2_STATE_INITIAL_KEX)) { ++ libssh2_session_disconnect(session, "strict KEX violation: " ++ "unexpected packet type"); ++ ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ++ "strict KEX violation: " ++ "unexpected packet type"); ++ } + packet = _libssh2_list_next(&packet->node); + } + return -1; +@@ -1402,7 +1474,10 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type, + } + + while(session->socket_state == LIBSSH2_SOCKET_CONNECTED) { +- int ret = _libssh2_transport_read(session); ++ int ret; ++ session->fullpacket_required_type = packet_type; ++ ret = _libssh2_transport_read(session); ++ session->fullpacket_required_type = 0; + if(ret == LIBSSH2_ERROR_EAGAIN) + return ret; + else if(ret < 0) { +diff --git a/src/packet.h b/src/packet.h +index 79018bcf..6ea100a5 100644 +--- a/src/packet.h ++++ b/src/packet.h +@@ -71,6 +71,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session, + int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len); + int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, +- size_t datalen, int macstate); ++ size_t datalen, int macstate, uint32_t seq); + + #endif /* __LIBSSH2_PACKET_H */ +diff --git a/src/session.c b/src/session.c +index a4d602ba..f4bafb57 100644 +--- a/src/session.c ++++ b/src/session.c +@@ -464,6 +464,8 @@ libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), + session->abstract = abstract; + session->api_timeout = 0; /* timeout-free API by default */ + session->api_block_mode = 1; /* blocking API by default */ ++ session->state = LIBSSH2_STATE_INITIAL_KEX; ++ session->fullpacket_required_type = 0; + session->packet_read_timeout = LIBSSH2_DEFAULT_READ_TIMEOUT; + session->flag.quote_paths = 1; /* default behavior is to quote paths + for the scp subsystem */ +@@ -1186,6 +1188,7 @@ libssh2_session_disconnect_ex(LIBSSH2_SESSION *session, int reason, + const char *desc, const char *lang) + { + int rc; ++ session->state &= ~LIBSSH2_STATE_INITIAL_KEX; + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + BLOCK_ADJUST(rc, session, + session_disconnect(session, reason, desc, lang)); +diff --git a/src/transport.c b/src/transport.c +index 6d902d33..3b30ff84 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -187,6 +187,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + struct transportpacket *p = &session->packet; + int rc; + int compressed; ++ uint32_t seq = session->remote.seqno; + + if(session->fullpacket_state == libssh2_NB_state_idle) { + session->fullpacket_macstate = LIBSSH2_MAC_CONFIRMED; +@@ -318,7 +319,7 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + if(session->fullpacket_state == libssh2_NB_state_created) { + rc = _libssh2_packet_add(session, p->payload, + session->fullpacket_payload_len, +- session->fullpacket_macstate); ++ session->fullpacket_macstate, seq); + if(rc == LIBSSH2_ERROR_EAGAIN) + return rc; + if(rc) { +@@ -329,6 +330,11 @@ fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) + + session->fullpacket_state = libssh2_NB_state_idle; + ++ if(session->kex_strict && ++ session->fullpacket_packet_type == SSH_MSG_NEWKEYS) { ++ session->remote.seqno = 0; ++ } ++ + return session->fullpacket_packet_type; + } + +@@ -1091,6 +1097,10 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session, + + session->local.seqno++; + ++ if(session->kex_strict && data[0] == SSH_MSG_NEWKEYS) { ++ session->local.seqno = 0; ++ } ++ + ret = LIBSSH2_SEND(session, p->outbuf, total_length, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + if(ret < 0) +-- +2.34.1 + diff --git a/meta/recipes-support/libssh2/libssh2_1.11.0.bb b/meta/recipes-support/libssh2/libssh2_1.11.0.bb index edc25db1b1..5100e6f7f9 100644 --- a/meta/recipes-support/libssh2/libssh2_1.11.0.bb +++ b/meta/recipes-support/libssh2/libssh2_1.11.0.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=24a33237426720395ebb1dd1349ca225" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://run-ptest \ + file://CVE-2023-48795.patch \ " SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461" From patchwork Thu Feb 15 16:17:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39325 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38D81C48BF0 for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web11.18122.1708013907120792680 for ; Thu, 15 Feb 2024 08:18:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PacoFWk5; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d95d67ff45so8108725ad.2 for ; Thu, 15 Feb 2024 08:18:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013901; x=1708618701; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XVDGHwyPoszr/LrOM2j8jBmWFTMG6lsaS32jrKGdHSQ=; b=PacoFWk5jKGj+nSs18AYIjRdlId7muUh/7sP91zGNnFRlmC3PClznOLcOqe7T+Vp8A 9nWr0KGeX1NKjYcXYXbxWxTjg4pcnDlijs1C/mYzkaXdF14Mzra9QBVUT/QuqQFdPJUv I0TLOl/6G6l1QgnLPGg8hdTF26pO7XzXZjpgvvDjaFX1zfFZbakl137Zg7zhrsNbXtaS u4U+CiZKDmKV8AZGbKi49TLaEWKIaa+fbyFoyLXtxrNBOmNu0z3XeIaLg8IzKwlFWMV5 rYLDGvMPVRDRk40bIMU9AzZdG1oj7tRo/2dh3n0EMc7YEJkCpxncYpnbEWhpRLW/ecdj mQOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013901; x=1708618701; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XVDGHwyPoszr/LrOM2j8jBmWFTMG6lsaS32jrKGdHSQ=; b=DBjmEt6NCspqmzf/z98hn3Tvl8djZYnn2PW6g+TLVRKdIbGMd3O/Gn2Y7YI6jfbZwP nfavORFQVHyQwqPRNqY1T98yo/JwQzoFu4imO0wp+qpTai0a9SCF5zbKqSg0/SBZyznT y4Us7Ib6JhIrkuW/+UrHiGGZ2RycKq4QKDDosd4Pvv0M9BmWRDiGMPx+/hvnVGs5kLwN y4R5zMBPRf6hQhnFig5IvFFDPaWnn+vWXlrahuEswM9geOlPSV/8RryyFmLFVD5pF1rm E4IA7u2JsQGsNitsghby5PsDn7JT7vPDrzBD3EovfjxZ3GdgPstcV1iq0CMxwrNLshvR oIGg== X-Gm-Message-State: AOJu0Yx0oT1XN1r8VQQQXvMgzcBuORtQi8Nbc4pDAuKH4dMgoGqojTgK qxNG06q225yIQ2WkZPcTzR04o3RJGpNjiNG5nrqVpSXQAgOy3fU5sPmwY9mgtsFbRjN9GZGS5xe OzWI= X-Google-Smtp-Source: AGHT+IHwghaT/qwBJs/ulbLruw+O+OOkTOJ2Yx9p4wQG0osgkAboKiUwfDK7NfT83mTOnRx8KwQcvQ== X-Received: by 2002:a17:903:449:b0:1db:8fd9:ba0d with SMTP id iw9-20020a170903044900b001db8fd9ba0dmr1532415plb.23.1708013901600; Thu, 15 Feb 2024 08:18:21 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 05/21] gcc: Update status of CVE-2023-4039 Date: Thu, 15 Feb 2024 06:17:48 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195527 From: Simone Weiß This is fixed via a patch added in gcc-13.2.inc already, but still reported e.g. for libgcc as it is not defining an own source but use the shared gcc-source. Signed-off-by: Simone Weiß Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 301d45eacfd4ae6bddfb13207e2af9e8b4662bc8) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-13.2.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc b/meta/recipes-devtools/gcc/gcc-13.2.inc index 359db1e278..32fddd11c2 100644 --- a/meta/recipes-devtools/gcc/gcc-13.2.inc +++ b/meta/recipes-devtools/gcc/gcc-13.2.inc @@ -115,3 +115,4 @@ EXTRA_OECONF_PATHS = "\ " CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc" +CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch included here. Set the status explictly to deal with all recipes that share the gcc-source" From patchwork Thu Feb 15 16:17:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39327 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 552B7C48BF3 for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.18118.1708013904159971627 for ; Thu, 15 Feb 2024 08:18:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TbLVz8yD; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1d94b222a3aso9579425ad.2 for ; Thu, 15 Feb 2024 08:18:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013903; x=1708618703; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4boQPIRK1J2pp8nsopD9uWd8tfzQKOWT1EKWfEUlOxM=; b=TbLVz8yDl1/rN+GXgyGKbNO1+dqV6Ne79z3f/QZWrw3Q2fZS2K9zVk7GvRv7dt3vho jWU4lQUe+6T6lvsgsR49HBnOoSQ9UdNMf0bzqcRtKRIV0w+Us2dQPq+RgJL20ET6gt21 OMRVDUZ923AIU1JWOEAs6BBEUiRtOhcLfenVhBC28dekMyyJKoVEHz3IxW4O+ANJFORZ m/lxjaXxWu66jo9dJNr+oIe5XoLybD8sbI4KmD0vci7DDVGK2sI13SSigdWAEi2+JccU leWG4zlmgdt6FfAODbQocseguxy+QIBbVPhIIr3h0HlzmXjJOREyduQ9v0FixgfRhSHq B+/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013903; x=1708618703; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4boQPIRK1J2pp8nsopD9uWd8tfzQKOWT1EKWfEUlOxM=; b=QyqHEgBZTzR0cDFOdcFUrJPQlZZgcUJsnNoT+IBSk3TdFAbBH+PJnVUXpdzIpXby1b 3gYZjyNts7lC43QMlvUNHoGtF3kXBRXpldmScLM0QSq494mKppI3vhaWQXWsaQo5SoJo P54pLFlZ08wVl4+IcfBMpeBgEwgJzaefoCOjUMTcEnH/PXpvgK3bLMBWPOVKRj0Cm5Qn WypRegXrcc7dQHFflkJH1aEE0nAlv3AOxcBzuyVpUOu1T871d6NipoG+bjl0APT/XYYr ioOCzf7AMnbQuhSW7UObhg4o7BsX7m+LgbxMDohCnJUcY0TQoScOnh80+/7HWNl/Wx7J TDqg== X-Gm-Message-State: AOJu0YxZFZRzTTFDulMbTHxEv6+aers+wi3Rwe0OqPw+Ar6dhoPn+hYA 3XUNzmayXVo9aO8YwWFbQ3cG+qOgpzP6pFkhZFBMInoO1avgBzVuRRk9KZ7sSiHfHcHMmNkn4MX /v88= X-Google-Smtp-Source: AGHT+IFS1crCNVPKFxfBYtJe7pi3SF7+Ynl09waxCXocqhZ8mkT9ZfYsKkhEuf6Zz1VduRErI4a4LA== X-Received: by 2002:a17:902:f812:b0:1db:466d:f309 with SMTP id ix18-20020a170902f81200b001db466df309mr1800500plb.49.1708013903466; Thu, 15 Feb 2024 08:18:23 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 06/21] cve_check: handle CVE_STATUS being set to the empty string Date: Thu, 15 Feb 2024 06:17:49 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195525 From: Ross Burton Handle CVE_STATUS[...] being set to an empty string just as if it was not set at all. This is needed for evaluated CVE_STATUS values to work, i.e. when setting not-applicable-config if a PACKAGECONFIG is disabled. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 2c9f20f746251505d9d09262600199ffa87731a2) Signed-off-by: Steve Sakoman --- meta/lib/oe/cve_check.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index 3fa77bf9a7..b5fc5364dc 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -231,7 +231,7 @@ def decode_cve_status(d, cve): Convert CVE_STATUS into status, detail and description. """ status = d.getVarFlag("CVE_STATUS", cve) - if status is None: + if not status: return ("", "", "") status_split = status.split(':', 1) @@ -240,7 +240,7 @@ def decode_cve_status(d, cve): status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail) if status_mapping is None: - bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) + bb.warn('Invalid detail "%s" for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) status_mapping = "Unpatched" return (status_mapping, detail, description) From patchwork Thu Feb 15 16:17:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39326 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C64DC48BF2 for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.18119.1708013905874131851 for ; Thu, 15 Feb 2024 08:18:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Qg9L4T+y; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1d934c8f8f7so9812905ad.2 for ; Thu, 15 Feb 2024 08:18:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013905; x=1708618705; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ox63t4CTDyfuSP1K2iHvQALwf0QveLqaifrMP40Va+4=; b=Qg9L4T+yQCCLhkt42gz71P5MDiZyGYJ8O+B3OonOX9Sno7USHBVf/knymIheWHyjW9 WNXBu7hdNcADH+w4Fg1HMYP/lDuh6q8leBESgzlvE54i1knEYnPiydQcbFDdagCL0KQs zOljfTNvIKEYmjmh6Mc2oJxmzKEKDnnJ8Nc4b3vWTIQV6kYz+wiBpVZ/+H8BkDOysafR +JQZtCAHmBLKWpT4LFiWi11arprsbJt6ksdAqzlxCBV679X9vBo5Q58WMlC+JYDhPt42 KvGzBGoT6cT8sS5B/liE3qYIdppqaE3FIwy57US9e0bdbjnA1A/x2y+1mX+SE0ar5VLj e1UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013905; x=1708618705; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ox63t4CTDyfuSP1K2iHvQALwf0QveLqaifrMP40Va+4=; b=BvnqzSoFs3ttUNId5fFJaFyW5TEaftzGlMI52ZzTS4BJVL2Mn5R2k2ZZZBBRTOwnqA eNEQkEq5GslYKvZkNr8/EHZdH9h/7I2l2Tq/6YddExL9epbjj+G6iX+2vjNuHlUpL59Y DU/IOYGmfInGTFIroEXrDLtchH6wdmZbPNMYoO+TGNF0n0HoCqQ0bUABpAeb0zhWx+AC 0I4k5bfc0ig9DGBN/1T/M7NA7xv5NIyZNeoH6PncUJ0b9YFc6b+TVr/aKsNqyxzQDXf8 /aB3XCeKkb9y622qZ+4wiLR3VTpEhIOCEckMjKX4x8+lutMr1xAPhEThdTIfnGtjy9sw 74hg== X-Gm-Message-State: AOJu0YzzsWX+RUQIFvJLGrDsYB1GgHW2f6bW6l1CYuG+l7Z+xQB4Bu9u i8arQDwzErF1+PdluJxLjK5OpZp6MTX+ze8gXhZNxM+rJJWr1MuraBKwb5yFPESb4XG3YH/uOJj zr/s= X-Google-Smtp-Source: AGHT+IExFBrEA7hsaEzm379U5VNKf6Opy/eCZ8m/0GdtnIawkCo8biba5+U4AEp6hbW3UOx1/TxlSQ== X-Received: by 2002:a17:902:ea0e:b0:1db:6de7:f053 with SMTP id s14-20020a170902ea0e00b001db6de7f053mr2250277plg.66.1708013905148; Thu, 15 Feb 2024 08:18:25 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:24 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 07/21] cve_check: cleanup logging Date: Thu, 15 Feb 2024 06:17:50 -1000 Message-Id: <55d7393eda71fa37a93c1a0f5c8f7f18640cf079.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195526 From: Ross Burton Primarily list the number of patches found, useful when debugging. Also clean up some bad escaping that caused warnings and use re.IGNORECASE instead of manually doing case-insenstive rang matches. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 10acc75b7f3387b968bacd51aade6a8dc11a463f) Signed-off-by: Steve Sakoman --- meta/lib/oe/cve_check.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index b5fc5364dc..ed5c714cb8 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -79,20 +79,19 @@ def get_patched_cves(d): import re import oe.patch - pn = d.getVar("PN") - cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") + cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+") # Matches the last "CVE-YYYY-ID" in the file name, also if written # in lowercase. Possible to have multiple CVE IDs in a single # file name, but only the last one will be detected from the file name. # However, patch files contents addressing multiple CVE IDs are supported # (cve_match regular expression) - - cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") + cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE) patched_cves = set() - bb.debug(2, "Looking for patches that solves CVEs for %s" % pn) - for url in oe.patch.src_patches(d): + patches = oe.patch.src_patches(d) + bb.debug(2, "Scanning %d patches for CVEs" % len(patches)) + for url in patches: patch_file = bb.fetch.decodeurl(url)[2] # Check patch file name for CVE ID @@ -100,7 +99,7 @@ def get_patched_cves(d): if fname_match: cve = fname_match.group(1).upper() patched_cves.add(cve) - bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) + bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file)) # Remote patches won't be present and compressed patches won't be # unpacked, so say we're not scanning them From patchwork Thu Feb 15 16:17:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39328 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 242F5C48BC4 for ; Thu, 15 Feb 2024 16:18:28 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18123.1708013907691612261 for ; Thu, 15 Feb 2024 08:18:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=h3dHpeY+; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d911c2103aso6670385ad.0 for ; Thu, 15 Feb 2024 08:18:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013907; x=1708618707; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=B0plenJxBJyqCsH1zjoU79VrMryGYSA+Ug5Olg6AnRo=; b=h3dHpeY+GeuhRemZhGtCGgxkp9bmNqvTqWFe7gx/LbdslqXjPRp2pL5+Ku8YK3Y5Qe wJHVIl3TfYDgWi3geHpHiqfhkqAPl5CnpaJ0U11IAbaXxw9zlsLOuMgRk2kFS7/Bv7Ht 06FXGCtpabABY+yCOTGncsBiEPhQAI4G8nH4zbL+YtOrkZNRE99EoutmSjepEAA4JaJ6 Uv7oYxb4Uu/WCgva/ym/93yacP3edhPWC3I4IaQfM0rJ2WMy4+UrpeNEXL3cHuFhqPhx sASUSenfVE4wXq8+lL1blDYoUYNn+aBXeVNSqZY9DWKeFU1KVM8B2QnZHJ2xazKJIi2J cx5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013907; x=1708618707; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=B0plenJxBJyqCsH1zjoU79VrMryGYSA+Ug5Olg6AnRo=; b=gBPlokRXYXURo7qkNy2tP5xpLjB+3mUgdo9freksrz2msbzPCLw8AVpDXPwSNNTxze qNe7LvrrDPv1nCEgZkTaLm5k66jRe3AjeUSHLMACL0CIyI05vNAQnqCKFVx5Jerruvqt xfeMpHZLCXeH66NAHZTPiKMAafGkACrWh6SQYvP5hAnTLw+7zD//S/xytI617dKb+hTQ Xnb+RUYtooCN4VpnqqLRfRCg4egTrERkFIrZiuaBovQuVfXEukpXNSHOVLCUdtbOKWCP KH8TFaURe+7h0g6eiJfY7tR0fRVT5/9p7l1UISFZ8j/Ixr1I8U57XbAb3idBTbc4KlfA H8bw== X-Gm-Message-State: AOJu0YxABCZnW8I+TC4+Yw4+c0CuTuKPu46m+E0egfiyEP3U8fx0CgIN McNrjSXyt74ZQT6JbxppQELPN86IYtQo4Iv04mfPXU92FIYi6rv3mdddujUNkIt2/sFttqvWJab cgTk= X-Google-Smtp-Source: AGHT+IEMnLGQ5ZEmKGw7xQlaqte0lYJh3iYQ9Dmg5amsY5RF0MhYAGV37MR7wLg2uR+vcMBTt7SUkg== X-Received: by 2002:a17:903:2289:b0:1d9:8e37:56d6 with SMTP id b9-20020a170903228900b001d98e3756d6mr3064195plh.40.1708013907029; Thu, 15 Feb 2024 08:18:27 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:26 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 08/21] gtk: Set CVE_PRODUCT Date: Thu, 15 Feb 2024 06:17:51 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195528 From: Robert Joslyn The CPE vendor is "gnome" and the CPE product is "gtk" for both gtk+3 and gtk4 recipes. Set CVE_PRODUCT so we properly match the NVD database. Signed-off-by: Robert Joslyn Signed-off-by: Richard Purdie (cherry picked from commit 253f5f745d66acefcc739f1c9ad2dd46be630e47) Signed-off-by: Steve Sakoman --- meta/recipes-gnome/gtk+/gtk+3_3.24.38.bb | 2 ++ meta/recipes-gnome/gtk+/gtk4_4.12.3.bb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/meta/recipes-gnome/gtk+/gtk+3_3.24.38.bb b/meta/recipes-gnome/gtk+/gtk+3_3.24.38.bb index 37fa0a7290..c23c46a689 100644 --- a/meta/recipes-gnome/gtk+/gtk+3_3.24.38.bb +++ b/meta/recipes-gnome/gtk+/gtk+3_3.24.38.bb @@ -13,3 +13,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2 \ file://gtk/gtk.h;endline=25;md5=1d8dc0fccdbfa26287a271dce88af737 \ file://gdk/gdk.h;endline=25;md5=c920ce39dc88c6f06d3e7c50e08086f2 \ file://tests/testgtk.c;endline=25;md5=cb732daee1d82af7a2bf953cf3cf26f1" + +CVE_PRODUCT = "gnome:gtk" diff --git a/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb b/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb index 001b06934e..2c85e7e75f 100644 --- a/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb +++ b/meta/recipes-gnome/gtk+/gtk4_4.12.3.bb @@ -41,6 +41,8 @@ SRC_URI[sha256sum] = "148ce262f6c86487455fb1d9793c3f58bc3e1da477a29617fadb0420f5 S = "${WORKDIR}/gtk-${PV}" +CVE_PRODUCT = "gnome:gtk" + inherit meson gettext pkgconfig gi-docgen update-alternatives gsettings features_check gobject-introspection # TBD: nativesdk From patchwork Thu Feb 15 16:17:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39330 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D83EC4829E for ; Thu, 15 Feb 2024 16:18:38 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.18125.1708013909411463036 for ; Thu, 15 Feb 2024 08:18:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2gMQyMOg; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1d731314e67so8204155ad.1 for ; Thu, 15 Feb 2024 08:18:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013909; x=1708618709; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f/rgXKnXJugz6ajKwuHtPI7lOnDn4lsn5mkhwCqwCsA=; b=2gMQyMOggbLHgoDJq5T+/hMzkymiV2EP5lQFvUtii0wSawSAbkPl3khQ75VqPFO/Ea jgU/4Q0wZA1cWBM4pAmoFwbzssTwhq16IDCYHNvm73dwOZlFM4pEfnutNB8Hx1luzBDI cK+YD8n5RC+sGb8ZkmAm4QXIw1SKd3ID3TadeMztp6s7xHc+ewOXScDp3dRCVwdyQfto 9D3+3WXCJBwxkEUnnSTYo7w72pWsDuyk0FkykmHGoFVtQvpM3LKej89JFNwl+rN1SiQc WZknL53CGCdN/rhdZIYMB8BTfAQuRAXaPe4tg8SCbikIItC/3Kh3kdHdgsstcN+uL2ax 4ByQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013909; x=1708618709; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f/rgXKnXJugz6ajKwuHtPI7lOnDn4lsn5mkhwCqwCsA=; b=GYA1DTAQYPwiZm5W8JhtDEY1k6ZCrkxjhACsworeAB8VJm55NZSU1EvBsAMmzjCmN6 aTEoxZRoRgEAaCmJhVpCFTHDOFEVcI+KoSyzHFV94jUir7WLKXdUGT84AHo0lA4fKOy+ o5jHDTn03wNSsUwJF7Id6nryUgca1/trfxbD/ldcsuYzoGjyG7HO/gkStlkfljheQmFG /VEZopjipMElGMLQUOnt1ewJyU4bxw7ZYIA9VpCTIyjyR3ngTtVpT2dIztJ1+vNxjfdE g9aq+pUCzuLhBF8wU5G+KJ8FDFS5h18m4QMKB9IYIQL7mc9sz9SYy80FKp6BOM963ugj SVtg== X-Gm-Message-State: AOJu0YztrcV5jR/SZ94q85bkcA2iP/YF+/waDmiXlJsSI2wBcFgEW+oo IK28WQ4lYNDP8SwTZoAvffrTVZKJ30kTLznx7FgbCNiz9aoR88YAaX8y+K2bDBeN+B7hxpXBK7T B/iE= X-Google-Smtp-Source: AGHT+IF3haLjodfXCsrK6gi+EYxx0ARoMtfmoWcPf75xsaL3BXqUMIdcuONyStiJm9vP3vtCWfh/nw== X-Received: by 2002:a17:903:40d2:b0:1db:8fd6:bf98 with SMTP id t18-20020a17090340d200b001db8fd6bf98mr1983025pld.25.1708013908728; Thu, 15 Feb 2024 08:18:28 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 09/21] glibc: stable 2.38 branch updates Date: Thu, 15 Feb 2024 06:17:52 -1000 Message-Id: <07847f5945ff67340803149242a629741d619bf5.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195529 From: Benjamin Bara Pull in fixes for CVE-2023-6246, CVE-2023-6779 and CVE-2023-6780. Signed-off-by: Benjamin Bara Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index eaa6d53181..212f960cb5 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "44f757a6364a546359809d48c76b3debd26e77d4" +SRCREV_glibc ?= "d37c2b20a4787463d192b32041c3406c2bd91de0" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" @@ -13,3 +13,6 @@ CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-6246] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-6779] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-6780] = "fixed-version: Fixed in stable branch updates" From patchwork Thu Feb 15 16:17:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39332 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 669CEC48BEB for ; Thu, 15 Feb 2024 16:18:38 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.18128.1708013910887103464 for ; Thu, 15 Feb 2024 08:18:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=hnrPlJbn; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1d91397bd22so8206825ad.0 for ; Thu, 15 Feb 2024 08:18:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013910; x=1708618710; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kDFFDgWBzesqFYwKTMeADQwjdU5MCVCJAkFJi9PNso0=; b=hnrPlJbnWExsUivflD+06d+SKk6SOgtXESouQRXBdHSlsRnD2gGvTfqXbaSbJq7JnL Kd2TCzIUFDxxirwVJeT2iVzYRiUXiaKvE8lVQq7AUIP/+bLC+op0TQHFNt0qDijcDP4S 7mSuHqWbJHqv3RCorPw3NZJe5zDwy0Hypbq1ZLZDPe5eHSdwq3ksLAP7VFZqpykN5hKT Y0yYb4oSoXeIcnDLZRXdkjPeSq3+wesEEE/M4qOeXXZdwn3BxWePvNkChvTwAyWDZTdo GC+yRbfJXfccEjQ+0FJajbaaz+M6NLw9sORbLeFOagISjb9AxNpVyY/RY7+pSxZ9T/yx PIWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013910; x=1708618710; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kDFFDgWBzesqFYwKTMeADQwjdU5MCVCJAkFJi9PNso0=; b=UJvd12rg9q4+tKw73+ZuYBec2pq+WRUM0Ph1vcvJd0aJJA01lQBMGgAFRyCNb8BHd0 taKy6n2/rlshBZcn++l37bCpX6q8HnwN0+qGQd/pnfjs1ZmlRm06KDEHq6XgPqkELMwU UQPJHyxLhFaaPM31yz4hk7Ny2lWoSxaIgHpkn75FK7iWt1ydVZ8Rq4/zoKMulZnlbXQe Bcq/pS5/ydBlajW1MHjYlERNdHSwDcq4IazftTf0SrPd8zeAk4ccL7478SVRJsMyO8QL 6IWhIaIa80uV9kraSAA8XumMpDPwJkKIJApqelKWzbzIoNoJjaQRzHv4YeEL23RjGe3m Okpw== X-Gm-Message-State: AOJu0YxfyuRmco1PpZTVdWPw6JIZ4GADx7Xlle7WO5iTlg4YRHAtu5DF Rt2fnngXDsaKzhCso/wvhhvyizLWd10pfqrGjV98Xt2FEsy6SsRwU2tmfVQCzXNanFLx61S6FNi VE+Y= X-Google-Smtp-Source: AGHT+IGkVXnAItF/PEBNoKml/8J4T76qXoLZ6g0TFfhsRFcugzxg6l5JFg1eoCgxMmRLcJFOq6APmg== X-Received: by 2002:a17:902:9304:b0:1db:3618:fed5 with SMTP id bc4-20020a170902930400b001db3618fed5mr2023520plb.53.1708013910276; Thu, 15 Feb 2024 08:18:30 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 10/21] linux-firmware: upgrade 20231030 -> 20231211 Date: Thu, 15 Feb 2024 06:17:53 -1000 Message-Id: <0569b19936d20acc77a3f11d1033fc7ae5e8f331.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195530 From: Alexander Sverdlin Signed-off-by: Alexander Sverdlin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 0caafdbbf4e7dc84b919afe14f7cb8c46a9e4ac2) Signed-off-by: Steve Sakoman --- ...nux-firmware_20231030.bb => linux-firmware_20231211.bb} | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231030.bb => linux-firmware_20231211.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb index b1f5247975..0ed4d91f8a 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb @@ -151,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "ceb5248746d24d165b603e71b288cf75" +WHENCE_CHKSUM = "3113c4ea08e5171555f3bf49eceb5b07" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -237,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7" +SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb" inherit allarch @@ -248,7 +248,8 @@ do_compile() { } do_install() { - oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install + # install-nodedup avoids rdfind dependency + oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install-nodedup cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ } From patchwork Thu Feb 15 16:17:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39334 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DCAFC48BF1 for ; Thu, 15 Feb 2024 16:18:38 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.17937.1708013912617678159 for ; Thu, 15 Feb 2024 08:18:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qiu16UcJ; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1da0cd9c0e5so16342385ad.0 for ; Thu, 15 Feb 2024 08:18:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013912; x=1708618712; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9zCy3Ixg15+bFjO0HfA2RyS2oiZkV6GqB92/Hu+/8X4=; b=qiu16UcJVF/MSFas6m5gwNSPE+j3u0bh5j91roXxjuISqKh+Cj9b+sPfOhA0KeZ9PY YHYorV2kaHnQtg8sYEVRuGDNIS69trRg8w0xdToHf0JLEhUJCouWPUMlUtToFNvVqEFd DgxFj0VLTSMw+tAdusJbRxtbrT80Pu6QyhQKhNpPDbRB85vIbv7GodRSXvzks8HI7i1H 66GGZJSMefC1VEqz1AN3rVYFw0K393XNM1vJU5WCpoUX1BljQvMVEHJxb5RKfV9Me3Ms z6e9P60wBPlKmYtqYKOw7Rd13RlxBSKd3Md3gLSQ/9Ir6d2nqfbQCoWwkeorduX0OJS3 hGqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013912; x=1708618712; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9zCy3Ixg15+bFjO0HfA2RyS2oiZkV6GqB92/Hu+/8X4=; b=DjOA04UJX42BIPRh7uLDga9qBbwHA3kfqrEmzKiKzyjVYpSi00d5W6+WkieVMY96QS FzmcPduPzBvp7oIpl23qvUiphkqcm+phEddSwCBt4p+TAS/sdVeJLBVPzLzj2RwQjkRG hg6igPfDoVEoNCnPqpXGdRqxVyWvs0T8Fv9ix6H5tk+h/+2j1f9tVpGZKBehBp2fOMOW l6LaAADEvubdH7vGfW3nP1qHLK3x7kz3kGkb0lxzTEWUe66MPhmijEJO3LwJKT8rjja8 mphtt5XjyARhpc7PA4Xu9CX6/t39StT7jw917M4ZzjID26swZ1714NJtiHfiLgbyYyL0 9fLg== X-Gm-Message-State: AOJu0YyEIZg+tJ4y4sJCM4hkQk5OhlhOHsyxsCp6bs7+4Dje3XK/id48 WgEVS9cukd20wK2uRGkvJHhoBtGza4hXOz8Wn2X0FojYBI5pAWSTmhA4M8489A1l6tRH85msTJ8 /Nmk= X-Google-Smtp-Source: AGHT+IGNfC8ueCJ0ZJppC4WCCh2IWyg1JzWaSKWQQxt6+YZcG9facMsnAudKdB/RXYI02MpWzy416g== X-Received: by 2002:a17:902:ce8e:b0:1da:1fe7:cacf with SMTP id f14-20020a170902ce8e00b001da1fe7cacfmr3788748plg.25.1708013911998; Thu, 15 Feb 2024 08:18:31 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 11/21] xserver-xorg: 21.1.9 -> 21.1.11 Date: Thu, 15 Feb 2024 06:17:54 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195531 From: Kai Kang Update xserver-xorg from 21.1.9 to 21.1.11. Release Notes of 21.1.11 [1]: This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2024-January/061525.html * CVE-2023-6816 * CVE-2024-0229 * CVE-2024-21885 * CVE-2024-21886 * CVE-2024-0408 * CVE-2024-0409 Additionally, it also contains a fix for XRandR to allow for multiple virtual monitors on a physical display. Release Notes of 21.1.10 [2]: This release contains fixes for CVE-2023-6377 and CVE-2023-6478 as reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-December/003435.html [1]: https://lists.x.org/archives/xorg/2024-January/061526.html [2]: https://lists.x.org/archives/xorg/2023-December/061518.html Signed-off-by: Kai Kang Signed-off-by: Richard Purdie (cherry picked from commit fc9da07bd181ee6f7ae51a5b6db40af0b94cd046) Signed-off-by: Steve Sakoman --- .../{xserver-xorg_21.1.9.bb => xserver-xorg_21.1.11.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.9.bb => xserver-xorg_21.1.11.bb} (92%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb similarity index 92% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb index 43c06181e3..6506d775ca 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.9.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a" +SRC_URI[sha256sum] = "1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. From patchwork Thu Feb 15 16:17:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39333 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F161C48BF0 for ; Thu, 15 Feb 2024 16:18:38 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web11.18130.1708013914615357329 for ; Thu, 15 Feb 2024 08:18:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=gLW4RSrz; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1d70b0e521eso8309775ad.1 for ; Thu, 15 Feb 2024 08:18:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013914; x=1708618714; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=s+ytji5JAhKAjL8rE+ej4yrdyRzmUZ4bj5SmxjQ8yic=; b=gLW4RSrz51gP07Hgk6G8BFqNpZ+d/j8xdutYMLtNcRVE68pRXgzIj/6ExiFzeAwIeM YMpa5BMnij+dUXUj192CYP133bS1U6MFh/gvl4L/6WT6beMbmF+lEWuzlG5yW4S/J2XC yvUiX9s/2K1vjDPvPCpua+nkEWT1SPApG71YmR1vzVW8BUzc3lyD6fIaHm7sNbArnpVs awg+HHqRDtTCU+jcOf3XTKEvp+2oO9J+Tk+Hmil+/psFB3SqylsI7otnZFbPJ4oC+6mM U/+6REEZsXTQhf/uYgSwFxPbGhbmvKqS+LaUPW81lvBR+8nlNa7+wMt8aPF5xwxm1OLr 78nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013914; x=1708618714; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s+ytji5JAhKAjL8rE+ej4yrdyRzmUZ4bj5SmxjQ8yic=; b=Hm0HfYsCc5wvxePtojPKzDaHEOgmCBXVjb9OYpuXBHpPaV7lNhQQYB3YSeeMTdqQnG aYFWhOmcyJlG+GGlVfVx7rpNIA8NgKyHr1LCJ4X1uZa8hFmsBDd6Qrq/CCGg6pXG8Sed SywMCpWfcPrcs/XztuvO0J4J3CIGhP386ZejQfpcLlSaU+YRhmsP82O0tEXH3irgE+Zf PdoSRWRDruh5hr40Ck/Q6+D6rzAPw51GJx76MxnXvXqNFwe9bi7knuPqaQmeynaB2XMT jJozCKavxu7sOrEFLrykM73yUJKiy8sLeToD0B2yzbfiAk9oyIJ6qpErpm0HyT2LVrtp L6Aw== X-Gm-Message-State: AOJu0Yy069Bxf9rinuX7YL8HIgKsNRGkoW/pesnXpfkw45HQDagqJY18 W40VR4/gyq5I2c35itC34ZmPjqtkI2fwBIqQoDKJq1FxTZHvCI7JtyfE5yalXQaA08vTYA5WHiU EVOc= X-Google-Smtp-Source: AGHT+IEykFay9CQqq7fKnKxeN2nGx9BIpUBwGHsYGiS6otAVuxx41pTnYa7cwHrej6t80SRML0qYAg== X-Received: by 2002:a17:903:32d0:b0:1d9:ec0e:2db2 with SMTP id i16-20020a17090332d000b001d9ec0e2db2mr1897631plr.3.1708013913945; Thu, 15 Feb 2024 08:18:33 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 12/21] at-spi2-core: upgrade 2.50.0 -> 2.50.1 Date: Thu, 15 Feb 2024 06:17:55 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195532 From: Wang Mingyu Changelog: atk-adaptor: Fix critical when no table cell array is returned. Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 9bed9f07aea6c425748c8908641ce8a99fd5162f) Signed-off-by: Steve Sakoman --- .../atk/{at-spi2-core_2.50.0.bb => at-spi2-core_2.50.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/atk/{at-spi2-core_2.50.0.bb => at-spi2-core_2.50.1.bb} (95%) diff --git a/meta/recipes-support/atk/at-spi2-core_2.50.0.bb b/meta/recipes-support/atk/at-spi2-core_2.50.1.bb similarity index 95% rename from meta/recipes-support/atk/at-spi2-core_2.50.0.bb rename to meta/recipes-support/atk/at-spi2-core_2.50.1.bb index 57958fb7f5..6996ebebcd 100644 --- a/meta/recipes-support/atk/at-spi2-core_2.50.0.bb +++ b/meta/recipes-support/atk/at-spi2-core_2.50.1.bb @@ -11,7 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "e9f5a8c8235c9dd963b2171de9120301129c677dde933955e1df618b949c4adc" +SRC_URI[sha256sum] = "5727b5c0687ac57ba8040e79bd6731b714a36b8fcf32190f236b8fb3698789e7" DEPENDS = " \ dbus \ From patchwork Thu Feb 15 16:17:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39331 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5966BC48BC4 for ; Thu, 15 Feb 2024 16:18:38 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.18136.1708013916342999726 for ; Thu, 15 Feb 2024 08:18:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2IJ+uKCR; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d731314e67so8205095ad.1 for ; Thu, 15 Feb 2024 08:18:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013916; x=1708618716; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Q9YD1YHq7yT2yboBO4x9Iwtgp84MFSYSHeIDtIbC3ic=; b=2IJ+uKCR2tT94eFMnMDBPIFeq7YqHZHJ4yxQRJxkTeRu8ZIzQU0uOZPk/+OPa/IjhO e6O212AixyJJMIPEPSGiz8Tc83/POPW83sxSGuS0L2c3DYH/Iiqz9DRcjm19U1NaZLi1 Y3vU7PUKRQ19LhboTP9xdDmwPCrN0b9vYnK9755JFP/eVsOMcifLbamAzFHK/diOneBd xg1mkkY+OewFl+zWcZmuvDYgkZCnPExBdQBxeNf9vWXCUMBK7GQeRTQC1ewoOMsNLBAn aHlCxuMoBjetFBMREgmCZhLF0Qnitl+EiD1N9aB+Dr8yvyAkTIzaWweH0l30AhqJkHIH E3oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013916; x=1708618716; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q9YD1YHq7yT2yboBO4x9Iwtgp84MFSYSHeIDtIbC3ic=; b=IjxvjyYj4FhwFF/UeJv47gqEk/M5mYPDYEdtX550boQgkG165Cu1MaO9JKY0gkMHTG bEakKjjrD9VkBH/dDd6j8O0i+skU3TroLmBZt4evipVUN83gN6LlWFr6Qngb+uITAHvN hhXAuYWXt0migQfOIEwocjBmG4tuXwW5Ei8LCdxNjBHcpTChxi4CfcgAaxTsilLsCoZ4 sWrvprERqp6rM/LV6Pd9lzP7+ho+32GUfPKVshh7g5WTvCPqyI8FaJfbDg+qNhCKmEHf VHcrgIxxfv8OoW2Xqj74Ok1EevrW0UKbuECoY2XaSYb6vWUQWPm19UVxRBb9ectMhnTf jfYQ== X-Gm-Message-State: AOJu0Yywn5opnBvPl7uSOTSRufMmuAbn1rD/jkRQRR4B/VbT1W/EDCFK MLbz9UTd9EcB3DGVEMmKHUWgp6Ux5swSE8X/22+LcCd9HW7ILkB2VbfdEe4t7sXrTC7DkRi0vA/ xkHA= X-Google-Smtp-Source: AGHT+IG7OLKqJs50tMpk+0PKJmMiegpW1r4FRo9WBXrpgdaMlw11GW0HyyAZtwPs+MMgTpybmzYVkA== X-Received: by 2002:a17:903:2352:b0:1db:299e:2567 with SMTP id c18-20020a170903235200b001db299e2567mr2435033plh.53.1708013915605; Thu, 15 Feb 2024 08:18:35 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 13/21] cpio: upgrade 2.14 -> 2.15 Date: Thu, 15 Feb 2024 06:17:56 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195533 From: Wang Mingyu Changelog: ========== * Fix operation of --no-absolute-filenames --make-directories * Restore access and modification times of symlinks in copy-in and copy-pass modes. 0001-configure-Include-needed-header-for-major-minor-macr.patch revmoed since it's included in 2.15 Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c4fb7512a5b1c13234e3733cba1c4bf246c77861) Signed-off-by: Steve Sakoman --- .../cpio/{cpio_2.14.bb => cpio_2.15.bb} | 3 +- ...e-needed-header-for-major-minor-macr.patch | 48 ------------------- 2 files changed, 1 insertion(+), 50 deletions(-) rename meta/recipes-extended/cpio/{cpio_2.14.bb => cpio_2.15.bb} (94%) delete mode 100644 meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch diff --git a/meta/recipes-extended/cpio/cpio_2.14.bb b/meta/recipes-extended/cpio/cpio_2.15.bb similarity index 94% rename from meta/recipes-extended/cpio/cpio_2.14.bb rename to meta/recipes-extended/cpio/cpio_2.15.bb index 560038d2a6..55e9add5cd 100644 --- a/meta/recipes-extended/cpio/cpio_2.14.bb +++ b/meta/recipes-extended/cpio/cpio_2.15.bb @@ -7,12 +7,11 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ - file://0001-configure-Include-needed-header-for-major-minor-macr.patch \ file://run-ptest \ file://test.sh \ " -SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905ca52454" +SRC_URI[sha256sum] = "efa50ef983137eefc0a02fdb51509d624b5e3295c980aa127ceee4183455499e" inherit autotools gettext texinfo ptest diff --git a/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch b/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch deleted file mode 100644 index 95ece0bbf3..0000000000 --- a/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 8179be21e664cedb2e9d238cc2f6d04965e97275 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Thu, 11 May 2023 10:18:44 +0300 -Subject: [PATCH] configure: Include needed header for major/minor macros - -This helps in avoiding the warning about implicit function declaration -which is elevated as error with newer compilers e.g. clang 16 - -Signed-off-by: Khem Raj - -Upstream-Status: Backport -Signed-off-by: Ross Burton ---- - configure.ac | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index de479e7..c601029 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -43,8 +43,22 @@ AC_TYPE_UID_T - AC_CHECK_TYPE(gid_t, int) - - AC_HEADER_DIRENT --AX_COMPILE_CHECK_RETTYPE([major], [0]) --AX_COMPILE_CHECK_RETTYPE([minor], [0]) -+AX_COMPILE_CHECK_RETTYPE([major], [0], [ -+#include -+#ifdef MAJOR_IN_MKDEV -+# include -+#endif -+#ifdef MAJOR_IN_SYSMACROS -+# include -+#endif]) -+AX_COMPILE_CHECK_RETTYPE([minor], [0], [ -+#include -+#ifdef MAJOR_IN_MKDEV -+# include -+#endif -+#ifdef MAJOR_IN_SYSMACROS -+# include -+#endif]) - - AC_CHECK_FUNCS([fchmod fchown]) - # This is needed for mingw build --- -2.34.1 - From patchwork Thu Feb 15 16:17:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39336 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E62BC48BC4 for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.17939.1708013918305100832 for ; Thu, 15 Feb 2024 08:18:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uqgJDfy9; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1d746ce7d13so10010835ad.0 for ; Thu, 15 Feb 2024 08:18:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013917; x=1708618717; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=57KPadf2M6lZzgYObYCVlnNIStxkpSt0xWe7SnP8GNQ=; b=uqgJDfy982Xx91KCPeCWyv/6JXSg8lpX7+K34Wh2a3jRGiBX9sv11Gmo5OQzzMBSs/ cxO/81RMyhmnopgeDeSP60zs6gbFUl9s2CSPnD5rnpP3A5MNPRWJbW9PCioosjN6HKNw 8dNEFPcm1px44eHMBR4iyH/wb88SO6x6QaXdsq6i1MOftnUtvWZqsdcQzoEKkQ2WWv7Q oCCEu0pnmPdsaulgKcdb8vkQJvarcioNZTN4mF4kvo9r1PMqStP5NSY3w08R4UIYgB3/ 063O7l83RwZwbNKb7VCJWz2XKb11Yq9tQdr5cCQnGLzIk8qvjVXwAUlTgzm3Q9zYBzUY 26cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013917; x=1708618717; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=57KPadf2M6lZzgYObYCVlnNIStxkpSt0xWe7SnP8GNQ=; b=QzQaTmiSj/IiXlfH8I6u4YhHJiENQ0cnIF/ytfUgCQgNp7/x/ywdgmAQ9taIzkrPGw ciPkbxkHdhjH9qYgBX1Sri399BtKyBwS2rwJBP+2kB73jY0GOruDFKKENjnBWz2BkGno Q5fLxVrxMZf9VGuM14eMq6A7TOXMep9+b/bat9K5U0La1VckPJ0uC+ya6RAT8q/FwsBl a+OrCR52kp3GqrTmacK/1Q6nEZfS1QS69Txfm+LgyYN+Fz3yx8E0AFOKFwyAsBORw7ZQ 4FgjiDyVSnAimPFq0QMngLjoZ+1fOFLgsVC6TTHQCLBpgOrTtfp0xO4iVjJfXUNSieq1 tlyw== X-Gm-Message-State: AOJu0Yz9Xjizc0Q/ZjVq5WzuMte1C2FnjsG69I/2S29ZLIfWb1cNOK5W 0TQSHXS+Mim3Z6mF4t48Qwt/w5Nr9yc8e1Xp9n2ma9NksZ0qID1r2kIRp2UGyyRTq6w656BYlZu 0i4Y= X-Google-Smtp-Source: AGHT+IEyiacasu8YLP+HEUiTXSlER+K4xKlyCIfH/NwvMeRwu1CLISB8w2lo56Lc/83kfZDBY2ITiw== X-Received: by 2002:a17:902:6b4b:b0:1da:933:fb15 with SMTP id g11-20020a1709026b4b00b001da0933fb15mr2136912plt.0.1708013917485; Thu, 15 Feb 2024 08:18:37 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 14/21] gstreamer: upgrade 1.22.8 -> 1.22.9 Date: Thu, 15 Feb 2024 06:17:57 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195534 From: Wang Mingyu Changelog: https://gstreamer.freedesktop.org/releases/1.22 Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 30b3835c367ff1de00d24cddf3bd920ea29f15c5) Signed-off-by: Steve Sakoman --- .../{gst-devtools_1.22.8.bb => gst-devtools_1.22.9.bb} | 2 +- ...treamer1.0-libav_1.22.8.bb => gstreamer1.0-libav_1.22.9.bb} | 2 +- .../{gstreamer1.0-omx_1.22.8.bb => gstreamer1.0-omx_1.22.9.bb} | 2 +- ...lugins-bad_1.22.8.bb => gstreamer1.0-plugins-bad_1.22.9.bb} | 2 +- ...gins-base_1.22.8.bb => gstreamer1.0-plugins-base_1.22.9.bb} | 2 +- ...gins-good_1.22.8.bb => gstreamer1.0-plugins-good_1.22.9.bb} | 2 +- ...gins-ugly_1.22.8.bb => gstreamer1.0-plugins-ugly_1.22.9.bb} | 3 ++- ...eamer1.0-python_1.22.8.bb => gstreamer1.0-python_1.22.9.bb} | 2 +- ...tsp-server_1.22.8.bb => gstreamer1.0-rtsp-server_1.22.9.bb} | 2 +- ...treamer1.0-vaapi_1.22.8.bb => gstreamer1.0-vaapi_1.22.9.bb} | 2 +- .../{gstreamer1.0_1.22.8.bb => gstreamer1.0_1.22.9.bb} | 2 +- 11 files changed, 12 insertions(+), 11 deletions(-) rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.8.bb => gst-devtools_1.22.9.bb} (95%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.8.bb => gstreamer1.0-libav_1.22.9.bb} (91%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.8.bb => gstreamer1.0-omx_1.22.9.bb} (95%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.8.bb => gstreamer1.0-plugins-bad_1.22.9.bb} (98%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.8.bb => gstreamer1.0-plugins-base_1.22.9.bb} (98%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.8.bb => gstreamer1.0-plugins-good_1.22.9.bb} (97%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.8.bb => gstreamer1.0-plugins-ugly_1.22.9.bb} (94%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.8.bb => gstreamer1.0-python_1.22.9.bb} (91%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.8.bb => gstreamer1.0-rtsp-server_1.22.9.bb} (90%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.8.bb => gstreamer1.0-vaapi_1.22.9.bb} (95%) rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.8.bb => gstreamer1.0_1.22.9.bb} (97%) diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.9.bb similarity index 95% rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.22.9.bb index 16a2dd85ce..f60234b528 100644 --- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.9.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "cd634056fcb16d035b3df5953ec85ae8bd56c68f29920b720ef920ca71ea76a7" +SRC_URI[sha256sum] = "02e29400b44e9cc603aa6444dee5726b57edabef6455e6d0921ffed6f13840ee" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.9.bb similarity index 91% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.9.bb index 7c75173989..10536acc87 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.9.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "be39349bc07ab4cdbd9a5fd6ea9848c601c7560ba5a0577ad5200b83bd424981" +SRC_URI[sha256sum] = "192f7d27d21c1e7c72c339a2647a9b0c247fedc62ea5029115f8c3e22ebb87d8" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.9.bb similarity index 95% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.9.bb index 5aa9c9cc41..05d64748bb 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.9.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "94df10e7713618f0c8a4223f6e047f2d8f0ccecba1d585618e791f13037762df" +SRC_URI[sha256sum] = "9362d6117985d09dcf6e27bdaef377dc08efb7df01d00101d04fb644addac61e" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.9.bb similarity index 98% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.9.bb index a14a4efce9..6e5aa2f206 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.9.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "458783f8236068991e3e296edd671c8eddb8be6fac933c1c2e1503462864ea0f" +SRC_URI[sha256sum] = "1bc65d0fd5f53a3636564efd3fcf318c3edcdec39c4109a503c1fc8203840a1d" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.9.bb similarity index 98% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.9.bb index df5eab0464..980766c74b 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.9.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "eb6792e5c73c6defb9159c36ea6e4b78a2f8af6512678b4bd3b02c8d2d492acf" +SRC_URI[sha256sum] = "fac3e0dd2d8e9370388b34bf8c21b89d5f63bc3cfc12cd7fdc8fc6c1cba03334" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.9.bb similarity index 97% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.9.bb index dd309fc6fe..052ba1801b 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.9.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" -SRC_URI[sha256sum] = "e305b9f07f52743ca481da0a4e0c76c35efd60adaf1b0694eb3bb021e2137e39" +SRC_URI[sha256sum] = "26959fcfebfff637d4ea08ef40316baf31b61bb7729820b0684e800c3a1478b6" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.9.bb similarity index 94% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.9.bb index 478fa8f318..722f8e9fe3 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.9.bb @@ -14,7 +14,8 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "0761d96ba508e01c0271881b26828c2bffd7d8afd50872219f088f755b252ca7" + +SRC_URI[sha256sum] = "0bf685d66015a01dd3fc1671b64a1c8acb321dd9d4ab9e05a29ab19782aa6236" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.9.bb similarity index 91% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.9.bb index fc182af976..e086fa6866 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.9.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "d5cb8f144054a2a110e6672bd512e4b15d5b1b8d9879c192b9723535efb70b8f" +SRC_URI[sha256sum] = "3f9d5c6ffefda268703744b592a6b3983aa6723273b1220ecbcb62c2a5800009" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.9.bb similarity index 90% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.9.bb index 97fa86b533..e232263a46 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.9.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "705177051c229976f171adcd7ab9762ae6bcc4bb77dc308a0bd80a63da6c337f" +SRC_URI[sha256sum] = "808af148f89404ff74850f8ca5272bed4bfe67f9620231dc4514fd07eb26d0a4" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.9.bb similarity index 95% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.9.bb index 52ac7cd2a5..c53ee29051 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.9.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "1298ba347a70c42b88cdebf91b659fea02b1bb7269eabf8e29e3c0bd58278928" +SRC_URI[sha256sum] = "8ba20da8c4cbf5b2953dba904672c4275d0053e1528f97fdf8e59942c7883ca8" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.8.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb similarity index 97% rename from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.8.bb rename to meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb index 374a32ef96..b4ab6ad10c 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.8.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb @@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "ad4e3db1771139b1db17b1afa7c05db083ae0100bd4da244b71f162dcce41bfc" +SRC_URI[sha256sum] = "1e7124d347e8cdc80f08ec1d370c201be513002af1102bb20e83c5279cb48ebd" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ From patchwork Thu Feb 15 16:17:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39338 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 869B9C4829E for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.18138.1708013920017261472 for ; Thu, 15 Feb 2024 08:18:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=x8WHvd5q; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d918008b99so8090935ad.3 for ; Thu, 15 Feb 2024 08:18:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013919; x=1708618719; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7POM8NPXUP8XImK5FCPyKfPk40OHbP6KmGFEODPiXCs=; b=x8WHvd5qPRxbWGvPkZHTbpJEax7ol5g7mpSXukr2uejYeKahkoylfrm1Eu5cau/0qw dvrLI6uP1Pz/b4En/w4xR/5T1zxhxCuXo4eKijDrmws/IqTkm+5X3qEvETj9vKxq31yR b3GDZ1e0SEo3C84vLbV2Ky0O27I1LpMqT0NEjs2TXyR6x0YkMuqlbSZi+zqacZE9a4Bs 60YsgrW+ME8ww8H9cisp7z54aEVoXFVrUzL/aNobu7Tdb+Z5mY7+1UZRQAMwx3OiwiwV zYBTxjv+9YFWvAWcFvBlIkKHAexLU3QKyrw4Xy/DhCdSm8DrbGCiAAWhDXcl2rxRNeGj n5zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013919; x=1708618719; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7POM8NPXUP8XImK5FCPyKfPk40OHbP6KmGFEODPiXCs=; b=IsnDtslDeL4aUWZFewJT0DeaXGyirZZUDu2PVGnxhYv65klhNuUU+iSP6YcmkgGhdI xLdC/FVl4r2MzHND9quGTECQ5yvgepei17t8/Iwjgkll11vafgncfYRJRm6ZGAOBC+yB Z1+Ecxa9fsEwh9Sz3Bla2V49NqFjPPykEurZqhLaEMxwH8TgSjV1y/G/cm67sZenSHzT TwimZIIuFive7wWDboDGarmHh/CveXabxDeORPmLmpqXapebs09eYilHzDQ/4w7pXyu3 xJfJQc05kHUozIfWcXhw4cOYCJVnjVotTZlos+ivbGfCdG1rVt4XZgtI19RwB9XMftWz H+ww== X-Gm-Message-State: AOJu0YySkrnzdSrjQK7IqyjIsFruOiWdumrsi+1iniCNd0GlcRMHgTtw Yi/pZ/760fbMAx5pG3YZjMKJTB1XYB5pFOu9/EM3NlLUr1VwLODB3G/YA7/ib5y/7KRQuIB4kal zEW4= X-Google-Smtp-Source: AGHT+IEuPQc8SPqbiJu73lYI0flyRtoHXm1NQ8ILt0RXmZXT/k4k6yQaDY8w7vN41GvqeuLCueat5A== X-Received: by 2002:a17:902:bb8b:b0:1d7:88de:cff1 with SMTP id m11-20020a170902bb8b00b001d788decff1mr1883610pls.53.1708013919332; Thu, 15 Feb 2024 08:18:39 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 15/21] allarch: Fix allarch corner case Date: Thu, 15 Feb 2024 06:17:58 -1000 Message-Id: <2e206eb9b43c267e939ccb3cdfa62d9666ff5efa.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195535 From: Richard Purdie Most of the allarch code is conditional and only set if the recipe remains marked as allarch. The qemu wrapper handling is not handled in the same way however and is unconditional. Move the code to some slightly uglier inline python to allow it to be conditional and match the way the rest of the code works. Signed-off-by: Richard Purdie (cherry picked from commit dfd704f1741dccd9a85338c5d45dee4be079064d) Signed-off-by: Steve Sakoman --- meta/classes-recipe/allarch.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes-recipe/allarch.bbclass b/meta/classes-recipe/allarch.bbclass index 9138f40ed8..e429b92437 100644 --- a/meta/classes-recipe/allarch.bbclass +++ b/meta/classes-recipe/allarch.bbclass @@ -63,9 +63,9 @@ python () { d.appendVarFlag("emit_pkgdata", "vardepsexclude", " MULTILIB_VARIANTS") d.appendVarFlag("write_specfile", "vardepsexclude", " MULTILIBS") d.appendVarFlag("do_package", "vardepsexclude", " package_do_shlibs") + + d.setVar("qemu_wrapper_cmdline", "def qemu_wrapper_cmdline(data, rootfs_path, library_paths):\n return 'false'") elif bb.data.inherits_class('packagegroup', d) and not bb.data.inherits_class('nativesdk', d): bb.error("Please ensure recipe %s sets PACKAGE_ARCH before inherit packagegroup" % d.getVar("FILE")) } -def qemu_wrapper_cmdline(data, rootfs_path, library_paths): - return 'false' From patchwork Thu Feb 15 16:17:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39339 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95AD2C48BF1 for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.18140.1708013921660086882 for ; Thu, 15 Feb 2024 08:18:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RKT2vgyL; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1d72f71f222so8518245ad.1 for ; Thu, 15 Feb 2024 08:18:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013921; x=1708618721; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6rCiX4Fbwb0SPavm0nSLqDzhoRrAhTKopN7jN0llRZc=; b=RKT2vgyLtJzJaQwvn+o/O/TqSZ99xV7eCARNH/naZzyQ2jXW//TFymK08/2cqd4qbR s2r6piPZR/OaERLb7qkZBoiyesocjwzm6QnpqyKIF0FJuU5BDyLlX8kR7y03wULlwKQD lA9P9AYukhr1qVE8d3Z1K74dGLShy/1xV0d7HlVc1DXhUfiZFOH3wsQcqkoUZfYOZFx/ YZtgXQ/xdyl78IzO6CURYAXllairSLzt4sM4504b0iJSledqDnX7HAaFsdtzjEWBMll2 gQgyANGJX3HOO08UcynrjuZTmw9jtBCIGSSPG3ALLocKCyehq8gxUEYsr7p9WLkGh5XI JMaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013921; x=1708618721; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6rCiX4Fbwb0SPavm0nSLqDzhoRrAhTKopN7jN0llRZc=; b=rLLwZnR3Toeer5PsVblOMnjQ8JRaFJ9XePcZ9T59/4nDuq4kcql7Or4mJeWlvwgtbq zvWGxx/zoPBezmfjkhv17J6Z1nkaDfAygEIlTGcFQjwxk93gCyibTcYcsfoMgIcMVmhO S/1BrzCYmmeP67zI1SjzOg7ZV4FpLNwBJiIlkZTVne8J/ID79ovMuQtXC4m2k8nVpbeo hN96T4cdSUjaoENSZIaOwHKawXz30x0DSNSSWl4dWiUuWe50X9r3GoIpps7GMZyO55Wa qdkR4q13F52hy7G68Lqb6d/3UTADlz7oJVXG3KA/dfz5Z1tRlGajGDLc4WFVBCRTPibz nTIQ== X-Gm-Message-State: AOJu0Ywj9k6hRl8HlQ3QO4NvOLMviq9cm8KALvXU5FGCr4kArc/f8BV+ ldl9tHevaguxZGOelpZmo1LNc62/aVXb7rYdSoQAqK4invXk17KIASENy2GuZAns1nC/bMipBMj yrBM= X-Google-Smtp-Source: AGHT+IFlTQfG3vMPlbur4BPPAFzAeD9NJTXbKvUkTSIM4Gz0wSK5A6JLcvzalEsc2y2Tcsisc7rY5g== X-Received: by 2002:a17:902:b20a:b0:1d9:a647:5579 with SMTP id t10-20020a170902b20a00b001d9a6475579mr1984136plr.1.1708013921025; Thu, 15 Feb 2024 08:18:41 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 16/21] reproducible: Fix race with externalsrc/devtool over lockfile Date: Thu, 15 Feb 2024 06:17:59 -1000 Message-Id: <6bb824019fd7335a10fdcebf7d301c101d60ad61.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195536 From: Richard Purdie We occasionally see races over the lockfile used by externalsrc/devtool when walking files for the source_date_epock calculation. Skip this file if present to avoid the issues and fix a real issue where SDE could be contaminated too. [YOCTO #14921] Signed-off-by: Richard Purdie (cherry picked from commit 4bc0eb4bd90e6e6e46581a8ed367212bdd910a26) Signed-off-by: Steve Sakoman --- meta/lib/oe/reproducible.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/lib/oe/reproducible.py b/meta/lib/oe/reproducible.py index 9ac75c02e3..448befce33 100644 --- a/meta/lib/oe/reproducible.py +++ b/meta/lib/oe/reproducible.py @@ -131,6 +131,9 @@ def get_source_date_epoch_from_youngest_file(d, sourcedir): files = [f for f in files if not f[0] == '.'] for fname in files: + if fname == "singletask.lock": + # Ignore externalsrc/devtool lockfile [YOCTO #14921] + continue filename = os.path.join(root, fname) try: mtime = int(os.lstat(filename).st_mtime) From patchwork Thu Feb 15 16:18:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39340 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86C4EC48BF2 for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.18144.1708013923412972350 for ; Thu, 15 Feb 2024 08:18:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Xcwq0uuR; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1d953fa3286so8971845ad.2 for ; Thu, 15 Feb 2024 08:18:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013923; x=1708618723; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=z1QYW8PxRV0iX7qdqdq2+KshvqAXcsU4lCcYmvBp4YM=; b=Xcwq0uuRSSqm4mD2q/MB5l9Eo+0SX1VZ3vVACiAb8mEgANzaNUbNLQ8NnWPS91H8gr V0uU8UsQrGFqUIk53AoVwhGQyeZJ/Agg4Tik8GrQBWWSJSTXHHlqXESssOAS4tCWTshR pmojPiQWEHGp6qWg4Kbyxk5KOM1Dg2WDpBEvTqHys4W6Baz6gpLaQcX7CQUwpICDRw0j 1zARc3fVRl7pijHz/ItRA8Xd4VQvGZDH/GGd33xzmBf2cIOZqpGuDrMgOBqIMlaVeepf aRnEfET4RxCBHiJ4DVJhL3RNTUA53vSWdurtAn4F0eV7YdwsBLyA6uU/FUJeC8lyZHWA xIiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013923; x=1708618723; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z1QYW8PxRV0iX7qdqdq2+KshvqAXcsU4lCcYmvBp4YM=; b=LYP9HInj1oLTKC02QdO/zNPYxtafT6BCfJE/gdIs8dizBDpGAsBQKpugR0lon+cqdo +/Od0q46+h7SYzqpDYJVcX7DP4ndqhnOu0Rsr4skeOIZt5/NnU8RxYH5t0tCX/DmQlnT MEJXhrTaWfeOo1HHNlOoyQ/iFtAX6WVbk3oKnq/Ler95VJfJMgs0+rXOiPPmGhaqQqsp QuYAy76kpVUlOGuOmGpNihxyKmxcCwgNGK1lDV8LCG/300DKJHrCVwgfF7gYIOTwZZiq X5jSfAt254v73xdi5WqRKgF7ARD+GNKr0eSZeTmiAFhiL/GBorPlM4JFxHJ1QR5lQg5o pVkA== X-Gm-Message-State: AOJu0YyGTwIYRdFk60485sgLxc5z703sfcbaIdHijhNiIGPlpqMVkeoO KXpl+kyB6MJZGgd4cSZJ9UTrooAfGBDdFnPxUn1l/3ij5gyGyahw0NiVLWhc/sYTC1QObnpMguM IIro= X-Google-Smtp-Source: AGHT+IHXmyhssvXiVZOzPMVMsw7TH/PRag8YZB00mdD18FU/VcBOTEtjYsCfX87CFyVZfTeC5pJ2xA== X-Received: by 2002:a17:903:2601:b0:1d9:aa5d:a50 with SMTP id jd1-20020a170903260100b001d9aa5d0a50mr1926538plb.25.1708013922803; Thu, 15 Feb 2024 08:18:42 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:42 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 17/21] externalsrc: fix task dependency for do_populate_lic Date: Thu, 15 Feb 2024 06:18:00 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195537 From: Julien Stephan do_populate_lic dependencies are defined inside license.bbclass such as: addtask populate_lic after do_patch before do_build but externalsrc deletes the do_patch task, so the only dependency left for do_populate_lic is "before do_build" On a devtool context, when doing devtool modify, sources are extracted inside build/workspace/sources/${BPN}/ and local files inside build/workspace/sources/${BPN}/oe-local-files When building the recipe after a devtool modify, do_unpack is called again to unpack (possibly modified) local files from build/workspace/sources/${BPN}/oe-local-files into ${WORKDIR}. Since the only left dependency for do_populate_lic is do_build, the do_populate_lic can be called BEFORE do_unpack. Most of the time this is not a problem, because license files are generally located inside ${S}, which corresponds to build/workspace/sources/${BPN} (and is already unpacked), but this can lead to an issue if recipe sets LIC_FILES_CHKSUM to look for files in ${WORKDIR} (example from init-ifupdown_1.0.bb): LIC_FILES_CHKSUM = "file://${WORKDIR}/copyright;md5=3dd6192d306f582dee7687da3d8748ab" So devtool modify init-ifupdown && bitbake init-ifupdown gives the following error: WARNING: init-ifupdown-1.0-r0 do_populate_lic: Could not copy license file <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright to <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/license-destdir/qemux86_64/init-ifupdown/copyright: [Errno 2] No such file or directory: '<...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright' ERROR: init-ifupdown-1.0-r0 do_populate_lic: QA Issue: init-ifupdown: LIC_FILES_CHKSUM points to an invalid file: <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright [license-checksum] ERROR: init-ifupdown-1.0-r0 do_populate_lic: Fatal QA errors were found, failing task. ERROR: Logfile of failure stored in: <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/temp/log.do_populate_lic.838584 ERROR: Task (<...>/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb:do_populate_lic) failed with exit code '1' Fix this by forcing the do_populate_lic task to run after do_unpack Signed-off-by: Julien Stephan Signed-off-by: Richard Purdie (cherry picked from commit ea6a0cccdd274534809df62a0a196bf83489a1e5) Signed-off-by: Steve Sakoman --- meta/classes/externalsrc.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass index a54f316aa0..70e27a8d35 100644 --- a/meta/classes/externalsrc.bbclass +++ b/meta/classes/externalsrc.bbclass @@ -104,6 +104,7 @@ python () { # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one # Note that we cannot use d.appendVarFlag() here because deps is expected to be a list object, not a string d.setVarFlag('do_configure', 'deps', (d.getVarFlag('do_configure', 'deps', False) or []) + ['do_unpack']) + d.setVarFlag('do_populate_lic', 'deps', (d.getVarFlag('do_populate_lic', 'deps', False) or []) + ['do_unpack']) for task in d.getVar("SRCTREECOVEREDTASKS").split(): if local_srcuri and task in fetch_tasks: From patchwork Thu Feb 15 16:18:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39337 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CCC9C48BF0 for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.18148.1708013925742776131 for ; Thu, 15 Feb 2024 08:18:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=IH8To6tG; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1db640fc901so9610375ad.0 for ; Thu, 15 Feb 2024 08:18:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013925; x=1708618725; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nNQn2rIlZFBEM3K2eXjSEsPDqb8QZTxumtsuh/0KITg=; b=IH8To6tGiWw1ag5CUPBp/vY1tJVylXmYRoF1lCefyT4pC8Az2Z+7S/weg4wqApSKZR O4EWBGebOfW07NO+Eb38rJa0UKVQ4Db217QP9WvS/IvJU48/mP07JAqnzXOoCm0D2u3G WpJ9rfIgAriUz44iftpREXYD98ryEOIia1q/AGG6wPgywT8UE25L62V+7C8EbDscg0a4 ewYJD9zO23Qz7p91OrWLdyPzSyW4ZHhyko9MWXp1N6gjVRebLNC1HAS+2CsWhazgUVmP WwBTNwd876XxPAisfbHAznyDFZOiU+fyreGUL7ER69R5B1UU/tsS/hikWLyvoJ8mItIz UbLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013925; x=1708618725; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nNQn2rIlZFBEM3K2eXjSEsPDqb8QZTxumtsuh/0KITg=; b=Y5HhQOrJkIJEfPs+nZ6F3ohVgmd3pRVFFPXad6cPnr+iQ5z5vfxpRI89J8LEm17Gbe WRolZxAlm9m/pZLccJAexj8QTyXnfnrMuDhLX12RS1AHGQWOTWNLoToWz6/053O4i4pS Ch4xJ9s/Uy4lXIaY4uGW2BtP3UH2tkD91o01FMYEG582lcEDWSfn2Q2V86RLBTKVCe39 F3SNsg5KA+sjTIJQv0+gHg4ZtwhkeMQgXMPhVQM6fhjeOnEffr4Fej8/E6tOhfhS1wrN WTAZfbsccfTCspQXo8sNZoC5Aea4OoVYGjW8/2M8JzjS6mcbGa4tkLJfDo8TPAU22okm QN4w== X-Gm-Message-State: AOJu0YwxMt+mtCG7pRt+pbF1Jv+S227gDuKEBhduDns+0eNpC8j8ZACm 7SDxtkdmsOpkuu/Nd8AZ/yksb1KmIeQrXHH4MgbN8h5Rpe+eMezhUZGgJPdjODLsyJzg/6Hff9a VWrQ= X-Google-Smtp-Source: AGHT+IFjcWPnIJnTBVONRU8KHeJfUV81h7MMTCWvvqTOgvBamTTkbehOTMXVDl4WqzZn3mbT+fOohA== X-Received: by 2002:a17:902:70c3:b0:1d9:a2d5:a113 with SMTP id l3-20020a17090270c300b001d9a2d5a113mr2010426plt.67.1708013925097; Thu, 15 Feb 2024 08:18:45 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 18/21] udev-extraconf: fix unmount directories containing octal-escaped chars Date: Thu, 15 Feb 2024 06:18:01 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195538 From: Jonathan GUILLOT USB devices are auto-mounted in a directory named like theirs labels. Special characters like whitespace are octal-escaped in /proc/mounts output. Using directly this output file as an argument for umount failed and the mount directory can't be removed as still busy. Using printf allows these special characters to be unescaped. Signed-off-by: Jonathan GUILLOT Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 37f17625d931a06888388682dc2b1f5a2d298125) Signed-off-by: Steve Sakoman --- meta/recipes-core/udev/udev-extraconf/mount.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/udev/udev-extraconf/mount.sh b/meta/recipes-core/udev/udev-extraconf/mount.sh index b7e86dbc0e..6cb0a9fea8 100644 --- a/meta/recipes-core/udev/udev-extraconf/mount.sh +++ b/meta/recipes-core/udev/udev-extraconf/mount.sh @@ -196,7 +196,7 @@ if [ "$ACTION" = "remove" ] || [ "$ACTION" = "change" ] && [ -x "$UMOUNT" ] && [ logger "mount.sh/remove" "cleaning up $DEVNAME, was mounted by the auto-mounter" for mnt in `cat /proc/mounts | grep "$DEVNAME" | cut -f 2 -d " " ` do - $UMOUNT $mnt + $UMOUNT "`printf $mnt`" done # Remove mount directory created by the auto-mounter # and clean up our tmp cache file From patchwork Thu Feb 15 16:18:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39335 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E676C48BEB for ; Thu, 15 Feb 2024 16:18:48 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.17946.1708013927322419706 for ; Thu, 15 Feb 2024 08:18:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=lOG7YSuy; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d932f6ccfaso9239235ad.1 for ; Thu, 15 Feb 2024 08:18:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013927; x=1708618727; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3krB0WviS7Wb5ikT3JqSlOuzu0yJZqKCju45g46chGg=; b=lOG7YSuy8eZd+EpKQHwISxWSfeZfyJinZJeLnfTmmrARnV4TWtobogyhp0Lqa/20k5 ELJLQBKKO3O205Sn0F8uIR7bkZ/3qVHTSH+KR1zS9CfzvfwCvaL751mpSjhxDxsq3hbY XIZ6PLbKOb575NieSEAA83+3fHOGMsU40LM7cGrJyrdp0oYAvtxhgCDDl+LOkFjijXs0 nepigB7PhfYAsCxljku6D6g9DAreeppXyz+yVHPZuQru/f7/O7ogpHbCn+Hus+mNTm14 VjrVuc9M4S8Rh6ayI4zI9JMNhvuw2/RWjAAEVSUDeAeukhObO5FYF5iXxinKAp2jZBxt Yd4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013927; x=1708618727; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3krB0WviS7Wb5ikT3JqSlOuzu0yJZqKCju45g46chGg=; b=DAO/VO03X9Ou8mBZHe63k5Ht6xFUhH+xY3O9Pkf5hrRjxug0+8lwcCUhF3NlDFQL5i vsqkGujchpCfOvuUTuTyGpEjq50mdAEljDWmtaZB0PrgTfxrVEH5Mh4stWBpQSWX5ZBn up+YNgcRMwySn8BDKJGUkA0yrSz1bCb+yM1JdZpHNkk0ZygiOcEoUEbHb2xGGFq4rFNR 7YbIQo1Xp8FEqdqQ+D1rgWCqhiVhIhy+6PX6oBvouSHBsy42WNcDSImbI4aoTjnHi/XS PPxRIGUPVEGllDV6Inf0xAIRLUXK/nbwo84ehS3UXx5KPNg0wTpSQe81vbMizPDeZ2an pUjA== X-Gm-Message-State: AOJu0Yw8SqBRszXI9sMMRu46iUtJYL8LPj9HvR0prdTR53JZpQKVuvgI iMh3RcacFscEeAhqCflGiYtpom6a8nHMTrYG/QwBtiR/tUsjUcaKiwGWIhlLsMkNW8pyt0K6NFE OeuY= X-Google-Smtp-Source: AGHT+IHoRu/VjswwTHDuRYyO6sJ7lnAOGLheLDidddz64a/5qJZdqcXfLIm0alLRvnVs6jm4kuj5iw== X-Received: by 2002:a17:903:2346:b0:1d9:620d:d40c with SMTP id c6-20020a170903234600b001d9620dd40cmr2538414plh.51.1708013926657; Thu, 15 Feb 2024 08:18:46 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 19/21] pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept Date: Thu, 15 Feb 2024 06:18:02 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195539 From: Richard Purdie rpm 4.19 now builds with LFS64 support enabled by default, so it calls statvfs64() to get the space available on the filesystem it is installing packages into. This is not getting caught by pseudo, so rpm is checking the host's root filesystem, rather than the filesystem where the build is happening. Merge in that fix and a gcc14 fix. Signed-off-by: Richard Purdie (cherry picked from commit f6d021c860b2b99f46c604149317b326f493022d) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/pseudo/files/glibc238.patch | 13 ------------- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch index 76ca8c11eb..da4b8caee3 100644 --- a/meta/recipes-devtools/pseudo/files/glibc238.patch +++ b/meta/recipes-devtools/pseudo/files/glibc238.patch @@ -44,19 +44,6 @@ Index: git/pseudo_util.c #include #include -Index: git/pseudolog.c -=================================================================== ---- git.orig/pseudolog.c -+++ git/pseudolog.c -@@ -8,7 +8,7 @@ - */ - /* We need _XOPEN_SOURCE for strptime(), but if we define that, - * we then don't get S_IFSOCK... _GNU_SOURCE turns on everything. */ --#define _GNU_SOURCE -+#define _DEFAULT_SOURCE - - #include - #include Index: git/pseudo_client.c =================================================================== --- git.orig/pseudo_client.c diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 699cab11c6..025cf0fc9c 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "a8453eea4d902bbb0e01c786f1cb4a178c3bbee3" +SRCREV = "516a0a3c4b46f046895d27bfa019d685fe462dfa" S = "${WORKDIR}/git" PV = "1.9.0+git" From patchwork Thu Feb 15 16:18:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39341 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9076CC4829E for ; Thu, 15 Feb 2024 16:18:58 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18150.1708013929001992615 for ; Thu, 15 Feb 2024 08:18:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=GLwljo9S; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1db559a5e1fso9384895ad.1 for ; Thu, 15 Feb 2024 08:18:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013928; x=1708618728; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JmP6PVrBOFoS8CemFXDl5Zq+L3jA2Qa3du93Kg19CuI=; b=GLwljo9S4Rhaqo+huKPIUEx0de/ThgZd7e5mCW1udU0ZuCGnBbkc2naV76CkMkj2DF nEfyBNYJfcNTdgsIk1dZFP2cnIZjUvtx2DFwUfex2tQ3DtonmOGPReIAsVkvRUFc/pDh oTQpg9nmeA7MFER3KZyZpLQaNLNIUOpJkNZvRs754y+BsibtD5S7bzsGPnL+TDE+Lwa2 yP1/iKaYZ3p4+Qi0C38EybW5CoDCHVlmyzJD0mIvPG8mr5p2tBLGDb9BDcTrjLxXUrL3 CUNbXXrQ3vlEvBWCbsQ3aDrs/6zVW2q1OTi61eX+AgRwDDSdhjsXuCEiLr4LHT6L1wdd ARGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013928; x=1708618728; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JmP6PVrBOFoS8CemFXDl5Zq+L3jA2Qa3du93Kg19CuI=; b=xA9ftzYCcyNDQvd6YyOgLTsw4EMJ0RECLtJyR4tV3T2mXph3BIHAcSG5ryCZ4DbNNX DYhAsQ4PmP86TrUl4TYS+31aV7OVwjjiRG5OrtB312DATI4v8Tg9fdxsvOATLq0nqvPi rMhSyItggsyWHqeZw5sjaGZJEPBEoYfzQjsfhiI2iwcstJ8fIBZyJonpNDbblRXHM92g 74LrZGCRT1AJvRXbgzyRHxXSKVlm4H+qIv5PprUwSqdc9392XT6Kq8tNx5EGsWpI4QVV Hr2R+fb2vhef8TWDkv5Ff0+RkHflNg4kQxSCuZN5VXig6cfJHctfKSHv8RWNFsiPVhhk uawA== X-Gm-Message-State: AOJu0YyR1aLjIN3cbwiRPL8bKovwLuftRK/x9WvD2tbDPYVfwfUw8Rjd inBdj5K/Js52z3euknEz69/g0izknKUlkbFb/wDrAOxJTGZoSCmSj1MxjcxoTDfFRg8F1VuH7R5 bOGs= X-Google-Smtp-Source: AGHT+IGlRuqbvm87JZr373yUEdwjR8IEjnxWAuIZULnLCCgd8Bty8YGvvOoaaMVqqV2fJlkJ03d7NQ== X-Received: by 2002:a17:903:183:b0:1d9:d300:a670 with SMTP id z3-20020a170903018300b001d9d300a670mr2586053plg.15.1708013928387; Thu, 15 Feb 2024 08:18:48 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:48 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 20/21] overlayfs: add missing closing parenthesis in selftest Date: Thu, 15 Feb 2024 06:18:03 -1000 Message-Id: <8635e17bd81e50ca587bb15716687fd78b81ec46.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195540 From: "baruch@tkos.co.il" Cc: Vyacheslav Yurkov Signed-off-by: Baruch Siach Signed-off-by: Richard Purdie (cherry picked from commit aebd526cdfea738745e57183b1015fd327bd94df) Signed-off-by: Steve Sakoman --- meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb b/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb index 50cba9514b..20f4213a62 100644 --- a/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb +++ b/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb @@ -18,5 +18,5 @@ do_install() { FILES:${PN} += "\ ${exec_prefix} \ - ${sysconfdir \ + ${sysconfdir} \ " From patchwork Thu Feb 15 16:18:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 39342 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94AADC48BC4 for ; Thu, 15 Feb 2024 16:18:58 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.17948.1708013930688345776 for ; Thu, 15 Feb 2024 08:18:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=le6pfBt8; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1d95d67ff45so8112135ad.2 for ; Thu, 15 Feb 2024 08:18:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1708013930; x=1708618730; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VlRDkwEfao+zHfAAkg8Pr/uGOuDVJAnm+AjZ4eJu1iM=; b=le6pfBt8LtmYnL2+pLFxgdLzy/pZhqqsWIML1jZz0QFad8vaAhopRtLAZEgly6FT+T O6XVrmpPI+AA17432HnzHNd5Mxx0kw8wHzT1ealTIORF1hvrfDmVy85LlUben8RObxV3 xlGQ1xAtmVa1XtnXVM9zfrRJHACHchtTnQlqEOd6PUqQsA5V5JTU8LyTFFJWFvWgv9UP T8QSAuz4Qmx5ViZPiWpAuwtgJvrW0TRSCcw1qdEmHYhmUkI7j2XItQ1EfBC6FSZ+dmkM 0VTmDONyE9W66yk6bn0WluPZOogLfBF41SnTTMVeJ5ONOyJfVxrqNXklnFSyKaWYZDaZ ZnVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708013930; x=1708618730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VlRDkwEfao+zHfAAkg8Pr/uGOuDVJAnm+AjZ4eJu1iM=; b=H/y/IUwHLvzDeiW+4QNuAej0LbFb05f7vVGdGxApVSlB5Hp3mbLlj8u8zW8L1LEtjM DHV9XKF6gFi/DLdPDWOJzdc6+419kOtIZkUm59HMrQqYrrNFCBCx7iRX33jEQKyJ6VQx cyRVI12oAXUPBBzhqqhfUzQVzRCcFZDLROxWU6na+/np52tcwguTI6StDvWSV0mp1Pvr qwuOmbMg8fvw8izhFMgjMBCwFWYByBqpaZdO+Sm1draeMuTfncTxIDRYumOZa8huTndM 2mG4cCNKubncEy+kymDgIhDa72E2Mbj0kMoKEXA3FIYjAwP1exjhO3dCRHpjmZVni4zX 9qHA== X-Gm-Message-State: AOJu0YyLaz7jbarz1A89eBt93jJXAaOnHN9XO1tRDkDxlXAK2bmeeIIp oDM6cpMS5Q4/Ob4ZM65lYpPGNxR60LtErRD+ogeOASDDcQgCGmRAmjj3Pnd1SEC1Gkjo6y909gf W/g4= X-Google-Smtp-Source: AGHT+IGNY33yz5ySKCE/M5HKE9AtcbhF87Ldj0jGKKRmNydbG1C/VUVmQMQMrUvpdreL0+nEmFkDVg== X-Received: by 2002:a17:902:e551:b0:1d9:5ef2:abdd with SMTP id n17-20020a170902e55100b001d95ef2abddmr2916127plf.0.1708013929980; Thu, 15 Feb 2024 08:18:49 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l17-20020a170902d05100b001db66f3748bsm1445683pll.121.2024.02.15.08.18.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 08:18:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 21/21] multilib_global.bbclass: fix parsing error with no kernel module split Date: Thu, 15 Feb 2024 06:18:04 -1000 Message-Id: <82dd61aade02456621cd2958b2fbb56236062789.1708012696.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Feb 2024 16:18:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/195541 From: Chen Qi The problem could be reproduced with the following settings: MACHINE = "qemux86-64" KERNEL_SPLIT_MODULES = "0" require conf/multilib.conf MULTILIBS ?= "multilib:lib32" DEFAULTTUNE:virtclass-multilib-lib32 ?= "core2-32" The error message is as below: bb.data_smart.ExpansionError: Failure expanding variable KERNEL_VERSION_PKG_NAME, expression was ${@legitimize_package_name(d.getVar('KERNEL_VERSION'))} which triggered exception TypeError: expected string or bytes-like object The variable dependency chain for the failure is: KERNEL_VERSION_PKG_NAME -> RPROVIDES:kernel-modules This is because multilib_virtclass_handler_global function in multilib_global.bbclass deletes KERNEL_VERSION. So we need to handle such situation. We'll also need to delete KERNEL_VERSION_PKG_NAME to avoid this parsing error. Signed-off-by: Chen Qi Signed-off-by: Richard Purdie (cherry picked from commit 43dd497bc161ac44faecfdff052db03679dbb4f8) Signed-off-by: Steve Sakoman --- meta/classes/multilib_global.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/multilib_global.bbclass b/meta/classes/multilib_global.bbclass index dcd89b2f63..6095d278dd 100644 --- a/meta/classes/multilib_global.bbclass +++ b/meta/classes/multilib_global.bbclass @@ -195,6 +195,7 @@ python multilib_virtclass_handler_global () { # from a copy of the datastore localdata = bb.data.createCopy(d) localdata.delVar("KERNEL_VERSION") + localdata.delVar("KERNEL_VERSION_PKG_NAME") variants = (e.data.getVar("MULTILIB_VARIANTS") or "").split()