From patchwork Wed Mar 20 16:43:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41311 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2803C6FD1F for ; Wed, 20 Mar 2024 16:44:23 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.50463.1710953060492091027 for ; Wed, 20 Mar 2024 09:44:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=FIVeRWcg; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6e6adc557b6so98837b3a.2 for ; Wed, 20 Mar 2024 09:44:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953060; x=1711557860; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=C5jJx5uk975X4VZREDA0yRed2x3nK2zK02MAB7KPtIM=; b=FIVeRWcgeE1lCUpMKDYakWb6v5RUzTea4RyHPZda3ZLzi7w8nKr4OrfGvP075bSAk8 TMRkzX2H65lc7hvBcWiOg3HY1/YKb858lIw5E6Bs0VuqJAx+KANYcK77byHjR4Q7I9na V17CCtJxrw/qqw5d199QP/RyFhsC/qVuzIQT6m4GgA2Ga0wIQYqAUv9fGdE993RvRCYX 8hdxq0Fa1wxphyYIeHTld5NIJCswU2VhK5lpysTuhY6QDxVZHvC+7A1hRH+bGnU9wy3X MtRFbqNKoPw+Eq9vMPUYjQLOZyaVLyfypG9GB7E544W+6X9XwUSncAanAuO8QlmPnDTq GUmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953060; x=1711557860; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C5jJx5uk975X4VZREDA0yRed2x3nK2zK02MAB7KPtIM=; b=a5heKQaLBJ5bjFruLYA0UiEPGaXJsRJNra/mtr5YY6cOIPgBFEbH3Xg/4Ns+ALusbV +DQ6+MDlJ/Y4t+k6P/gIGokOvDFBY3WVlThTAXMfhxJjKuxWNuFAGTq4A6h3fvE3cDXZ C9UUh3CtyQcqSksYDg648YvX+Jz7HeVSTN6jsngsWCbtqUCCqqk6BdRRX/Nc93qU775n QZYlLHmWp62OxvTZdnkwqY6Ca/X1UMrkT4eJtDsriDghPUZacervquE3wapgolZ6zAQ+ gpkY5k8cQepuzZ8V0U/vlWPqDIkb5uVV0LrCZ+RIogR0SQOKWE0ko4fvMxUu3W7R8lqy OD1g== X-Gm-Message-State: AOJu0YxWS+DuD2i8R/FtqZP6tlY7ejkYPERbR5JymiBnjuxGg+d4RsYS a6wdohFINJgQtV8KEh38fjXSQtIcnFP3ozvK9gtorm+wWxnEBu2x9KztMimX7kjGu/gshe3/B8o 9pLY= X-Google-Smtp-Source: AGHT+IEi5x/wvNbNunXASdwckM/pXELx19VxSZYZmtPxND8xMhm7k0SM+eJkvnBN3hm20tsyI/pZ0w== X-Received: by 2002:a05:6a00:170b:b0:6e6:2946:2b6e with SMTP id h11-20020a056a00170b00b006e629462b6emr21205680pfc.32.1710953059752; Wed, 20 Mar 2024 09:44:19 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/12] libxml2: Backport fix for CVE-2024-25062 Date: Wed, 20 Mar 2024 06:43:55 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197388 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 & https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2024-25062-pre1.patch | 38 +++++++++++++++++++ .../libxml/libxml2/CVE-2024-25062.patch | 33 ++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 + 3 files changed, 73 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch new file mode 100644 index 0000000000..31183399f8 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch @@ -0,0 +1,38 @@ +From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Mon, 9 Nov 2020 17:55:44 +0100 +Subject: [PATCH] Avoid call stack overflow with XML reader and recursive + XIncludes + +Don't process XIncludes in the result of another inclusion to avoid +infinite recursion resulting in a call stack overflow. + +This is something the XInclude engine shouldn't allow but correct +handling of intra-document includes would require major changes. + +Found by OSS-Fuzz. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508] +CVE: CVE-2024-25062 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + xmlreader.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xmlreader.c b/xmlreader.c +index 01adf74f4..72e40b032 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -1585,7 +1585,8 @@ node_found: + /* + * Handle XInclude if asked for + */ +- if ((reader->xinclude) && (reader->node != NULL) && ++ if ((reader->xinclude) && (reader->in_xinclude == 0) && ++ (reader->node != NULL) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->ns != NULL) && + ((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) || +-- +GitLab + diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch new file mode 100644 index 0000000000..5365d5546a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch @@ -0,0 +1,33 @@ +From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 14 Oct 2023 22:45:54 +0200 +Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when + backtracking + +Fixes a use-after-free if XML Reader if used with DTD validation and +XInclude expansion. + +Fixes #604. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] +CVE: CVE-2024-25062 +Signed-off-by: Vijay Anusuri +--- + xmlreader.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/xmlreader.c b/xmlreader.c +index 979385a13..fefd68e0b 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -1443,6 +1443,7 @@ node_found: + * Handle XInclude if asked for + */ + if ((reader->xinclude) && (reader->in_xinclude == 0) && ++ (reader->state != XML_TEXTREADER_BACKTRACK) && + (reader->node != NULL) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->ns != NULL) && +-- +GitLab + diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index 90d30f1ea7..72f830b6d3 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -44,6 +44,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://CVE-2021-3516.patch \ file://CVE-2023-45322-1.patch \ file://CVE-2023-45322-2.patch \ + file://CVE-2024-25062-pre1.patch \ + file://CVE-2024-25062.patch \ " SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" From patchwork Wed Mar 20 16:43:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41309 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4B64CD11BF for ; Wed, 20 Mar 2024 16:44:23 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.50320.1710953062705257835 for ; Wed, 20 Mar 2024 09:44:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UEcL5EWW; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-6e88e4c8500so90425b3a.2 for ; Wed, 20 Mar 2024 09:44:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953062; x=1711557862; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FZaZVuKTafYFgYtEyC1h8fM3f2zusb+hLkoG/kiDCWE=; b=UEcL5EWWNpmbOwFgMhdyzarJSJoXNbse8EW4hf40Y7Tv8YJfJEZ41AVgk1kjV5BGVR d4NEWxBKfGCOL/qB2AN44azRYCFqTe1OceL8+HLfkHhTRA8yUlBaOMNXGkv10ji34ffE 25IEu9r1dFqVIv7xngsHcazcHB4ffv+pPvGGEZC8DcsxDP6A439Ti8mOKRHMSbRm0vPW sxl8rXHDGl/utLk29zZbsUH6dRnI9J3P0w7MSXon6P9Y1zibnbZWPKEVz3OxqwFHcztg kwhdAb+gc+zcpBpEaPNHi8ISQTEcoFFrsGwPrwH6JJ/r/9hfK3ACIFOiPvlgX9wBMZce D6xQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953062; x=1711557862; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FZaZVuKTafYFgYtEyC1h8fM3f2zusb+hLkoG/kiDCWE=; b=YavYK4q0aEmUE3v6CXpEAlbhjXJQsMnzezgoqAtpDcbph+KiHKc+x004sSXit0DACe ge54GfOGQH9nTHbnIDUHoo0SP8IDzRUAQn9hC0g4R5vOaZRfpcR3lhWlwWv5CzEnY0VS A6y9aiYVZQZN4JB6HVigHcMxnX/0CAet9A2I/Y9dSgF8koLLCfay7TXgfOEAr4wI4XZQ ARMtXIFROjGYBukBTqiVUPkxTcawqnK/NDLjCFCv0fFaFV4pBoRi2z3GviA2225UbzM4 RR5Se1qohHbW89iTnf1Wq0yWkynJpic/Nsujbay97ncorxQrrGEKr4gYnhri7bJwqAG1 7hVQ== X-Gm-Message-State: AOJu0Yx3eOKWLm/SNwn+uu+/BWlydz8Ak5WX0dSN/eOiZ0PIxH+E7TVE GmTD+6/I6Kzstm4SqJp7q808iITV7qmYQhe1SSt9yMq5Xq2P+XjWSuKVVtbMxS+kvUvjjGiRDnx LjZk= X-Google-Smtp-Source: AGHT+IHa55/zSZ6sFp9eyGy503VqWn3zTnqGn33Zu5fHd6yiJ3R5b5IozErqmiXi/PSLBnEDROuJpg== X-Received: by 2002:a05:6a20:324b:b0:1a0:d103:7030 with SMTP id hm11-20020a056a20324b00b001a0d1037030mr14734937pzc.32.1710953061955; Wed, 20 Mar 2024 09:44:21 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/12] cve-update-nvd2-native: Fix typo in comment Date: Wed, 20 Mar 2024 06:43:56 -1000 Message-Id: <3ce55e2a1e680de1cd9be735fb766a1366e88a98.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197389 From: Yoann Congal attmepts -> attempts Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit dc18aaeda8e810f9082a0ceac08e5e4275bbd0f7) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 69ba20a6cb..9b6e746add 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,7 +26,7 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Number of attmepts for each http query to nvd server before giving up +# Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" From patchwork Wed Mar 20 16:43:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41313 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCB83CD11BF for ; Wed, 20 Mar 2024 16:44:33 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web10.50321.1710953064553940664 for ; Wed, 20 Mar 2024 09:44:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=y1HStOz1; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5c229dabbb6so12249a12.0 for ; Wed, 20 Mar 2024 09:44:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953064; x=1711557864; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bY7pSB6C4iD/cu6hZe6L4ZY7xYl/RsMnvn93Bu5nuQE=; b=y1HStOz1BaSkybwN3q6KE26cAmLSj8RM3fzKB/cI93IRrcJf6qXXdD+Cwr+GJEX2j7 KRaMGFMFBEuOs/LuuJ9S4w0yKaw7VhBlsiTw+0oqFbryiR1/EMzTETUTl/KsVuKZvRuR vDal9hImO8Zv7c2+vYR9arvMWTKnk0K2SEOI29XV1E6MY45krENbzH6ZRfm/VO32HTXM I5IMRtxTkFltzvfn4bm//8d/hP8Tz7TB+Aj4oq3awEefnhirFsr+KvGwLiQcEns0riGA 0cunNEW4V3Tusah9c6jWK8pG/0uS42lRv2kb8TbtUYai8aap/5hAW3SHOC/h4lDXz8ag uzmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953064; x=1711557864; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bY7pSB6C4iD/cu6hZe6L4ZY7xYl/RsMnvn93Bu5nuQE=; b=E1kiKldLMtw0HgxaPRFMNvySqLjevaSCIH9pzHblBuL1ahrllGAmqmo5DtdV6Tk5dx J1iZnAaEdciru7vaKhe6T9DVMTLvP+T0yMoEnI/KjHjOQh2wDfQMvFkI9obb0gjSYVde oa7wHZRtuPEWfcDZ848PYgpETmnjxGB5iQsLCc1RRWg1UdBQh7L8+FI6l+MJbY6q/Vj5 JxrABqZBQU2sd9lsCEKJvDmuFLRX95y5obA2r0yY3J4UWKZtrAiLiKjmfLlJiQn/nFGM CH9Q4Wblc8zrkyZoE5SSNxiIrLOfBPXP0ewWn8VtqHywDIhd7mFQAi6xlNbr4x5yp/EU BBtQ== X-Gm-Message-State: AOJu0YwC290KsUMDpLnQ/EABHXxJ1a6Wr7yoiyKD+4plJC5JF6OnvBbz +lVKUmTBAYX7bmQusUJzkDBzB6tQcZXSvPyKzbbtY6qAQU+ywZm3JyceNGbG3ZE972EcKLpQhmw S2Zo= X-Google-Smtp-Source: AGHT+IH7j2/ngd/p3RPTc4cMUmm1FbwPPGRwTnkwiC5Lx3SjoVf7ghULUb8mgGmWZ1cmIqcOziqc8Q== X-Received: by 2002:a05:6a20:3503:b0:1a3:64a9:11e5 with SMTP id d3-20020a056a20350300b001a364a911e5mr5249549pze.50.1710953063849; Wed, 20 Mar 2024 09:44:23 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/12] cve-update-nvd2-native: Add an age threshold for incremental update Date: Wed, 20 Mar 2024 06:43:57 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197390 From: Yoann Congal Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to specify the maximum age of the database for doing an incremental update For older databases, a full re-download is done. With a value of "0", this forces a full-redownload. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86) Signed-off-by: Steve Sakoman --- .../meta/cve-update-nvd2-native.bb | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 9b6e746add..af21989d58 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,6 +26,12 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" +# CVE database incremental update age threshold, in seconds. If the database is +# older than this threshold, do a full re-download, else, do an incremental +# update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60) +# Use 0 to force a full download. +CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000" + # Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" @@ -172,18 +178,24 @@ def update_db_file(db_tmp_file, d, database_time): req_args = {'startIndex' : 0} - # The maximum range for time is 120 days - # Force a complete update if our range is longer - if (database_time != 0): + incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES")) + if database_time != 0: database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) today_date = datetime.datetime.now(tz=datetime.timezone.utc) delta = today_date - database_date - if delta.days < 120: + if incr_update_threshold == 0: + bb.note("CVE database: forced full update") + elif delta < datetime.timedelta(seconds=incr_update_threshold): bb.note("CVE database: performing partial update") + # The maximum range for time is 120 days + if delta > datetime.timedelta(days=120): + bb.error("CVE database: Trying to do an incremental update on a larger than supported range") req_args['lastModStartDate'] = database_date.isoformat() req_args['lastModEndDate'] = today_date.isoformat() else: bb.note("CVE database: file too old, forcing a full update") + else: + bb.note("CVE database: no preexisting database, do a full download") with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: From patchwork Wed Mar 20 16:43:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41316 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07311CD11DF for ; Wed, 20 Mar 2024 16:44:34 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.50324.1710953066702142158 for ; Wed, 20 Mar 2024 09:44:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=etwyADcq; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-6e74bd85f26so91303b3a.1 for ; Wed, 20 Mar 2024 09:44:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953066; x=1711557866; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5TVSUgBG3OdQoN8sz4qt1bkOjb7zd40el4oOJemiZno=; b=etwyADcqKOUv1Xy8wQFl/NRvdCgg+P8LzZwsAUhFW0MiNkPQSCZKBYSxF80Sa3dbW2 gVD52kNf4+DsmZBK5WBYeELdKKFWFLm4jSQr22I+oW/viy5ygHx3RDZ3bh9qQRVxz61F igpMWTybUQmr8Ny05X4GOnAWDjhNxEbwRjGkSw34IOAFrtbmFklyxym3NfqlzAz2lS2d Q4K1FPYatI6+wN1BXadgtcqFJq7YzY4VvAd5Xjg9xWQMZaxvHKlr01nSx4QseeHzvDVl nVgtS0dLv237vOZk3ByLuIQxt+NEfHPrMYV1v3k0vtx4OPkCGV+h3nYOjp395Pf6mWWV 1Pbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953066; x=1711557866; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5TVSUgBG3OdQoN8sz4qt1bkOjb7zd40el4oOJemiZno=; b=BYcHGK18giUUJ7szMLJafVfpgFO4qvneymohtdYy83XAYwxVqvzbe0iIaiziJHOAHI H00UMTpyC6eiFPoMphw43qkl33Yc724H69tR+ftP7vDoXPqHJMCU9i+3PaPCsBmS2Ezw 4qkBCYFJ72SzWvGcZyiIoRNPH+IzBG316wqx6WCpd5Yuc3rvXLf7twGHmWioCWnmkLnJ juvxxzczmMLb9134wKXzc5FNVobRcE1GUY7JBOhSmGX08YPgNo7zyyJNWtXYj/YN+7P9 Gk51DYTLOOubzGaWDVZ4uu7Jbo3mVQBKSCfsFXJmnwYmlXUgWTb7C0x1J6OK2r6dBWUg jQvQ== X-Gm-Message-State: AOJu0Yy8XFQWAceij8tKTQ5rMdQOoIcnsnBhffoqLqJspNEs4WgC6xsT PF7fWMAc5N1nGgKms17KGGJnLIe538gVtR2SvF3mTor0OOeyUWPGyaW4Ab6P7yJlZyuGMTdAYZ5 purY= X-Google-Smtp-Source: AGHT+IGx94DuRudOaeigOC0KDroYfhOy8H8zMU0okgbIW32KNUGPu4kcDLB4OKiOlnZNtLXtLSq4GQ== X-Received: by 2002:a62:d153:0:b0:6e6:fcd4:5a23 with SMTP id t19-20020a62d153000000b006e6fcd45a23mr12363114pfl.32.1710953065796; Wed, 20 Mar 2024 09:44:25 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/12] cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition Date: Wed, 20 Mar 2024 06:43:58 -1000 Message-Id: <4268128167386298c8a7777ce3d3b5e7517bb366.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197391 From: Yoann Congal CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is always inherited in cve-update-nvd2-native (There is a check line 40). Remove it to avoid confusion. Otherwise, this should not change anything. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index af21989d58..506b4b6bbf 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -37,8 +37,6 @@ CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" - python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") From patchwork Wed Mar 20 16:43:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41314 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE795CD11DD for ; Wed, 20 Mar 2024 16:44:33 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.50466.1710953068533860386 for ; Wed, 20 Mar 2024 09:44:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Qtl04FY5; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6e6adc557b6so98941b3a.2 for ; Wed, 20 Mar 2024 09:44:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953068; x=1711557868; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NHO7zcpN++T4K/yoj1mLAkUqMCfyo17sDK2LDVZtdWU=; b=Qtl04FY5PEXAy4S5Vbyj8e3+qFy/0+41zj6PyN7g36oh3rQ1mHARyi3J6nnRQWyh6O EUO5igMYQW4n/pGeNyEp9IKzLsb2eYTcNT1O7eutsuH0CCviAqLmpHIsMYRmRXMtyzpm WmPuKajUh31RCvQbU1M5l/+R11WdmLhNtmjXan8hFq2hI+EmQQ7kMSZN/H+S1uLeUj63 iUmXsliTwrWLMhNWuiErE672MszHblNYoXjfPJUH40HfiEsAaA17ypkgJ8WiomigijiY c9rivxjNpGG1vGICnHqx/5Y+ZWUpHTXiSeDijCawtjz2PN0xhPWbd/DcewUAtuJu1YyS it4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953068; x=1711557868; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NHO7zcpN++T4K/yoj1mLAkUqMCfyo17sDK2LDVZtdWU=; b=JBRCJHSjVt691c8QkO5auxXurwig9EJXrIRMs+b/lt16QQAF2EQZypx3xH+nu0abU0 33SaLoG4K0tTlsuPhda9jHmO5myb7lyCsKelnhMsJu/djxVoiz52jaTj4cD9CQdUdR/j d6KqJ8Wy/DQ2iQbBlN/mRhpa7o68cH33wxPFu0vYKa82wTI1/1a48emrG68ci6zxbRao gPIVnZ9umQWDlb1U6A52EUDkii8ADjLjZK8ztmam1xZZYH5MOY+KFNzjpY6FBNRqYzE1 CB9bkRYFpOYTknSLSINKlAXYMRG9pk4pQ0vZ3idGsuAnMbWDItQ60BK6F1Il93Tn+A6w GQQQ== X-Gm-Message-State: AOJu0YxrBNcx6qjtINAFLvYswgRG/GdzohkqXZ84ER0sU6dkYQXQBpTN B4MnI/eb7iu7m3MixNDJtlOtnhgB2DD7Q6uJqBkL0PNX4ai0rqT0DAdH0G1a8RrZ/N4VrF1q9/9 8vMk= X-Google-Smtp-Source: AGHT+IFofq56afokkoh4elNMHSjX66Db+JhjzwcYfhQwaAwlbV6EswZOD5ZVvOZHcIOV+GU5e+PnSQ== X-Received: by 2002:a05:6a00:2394:b0:6e6:9942:fd97 with SMTP id f20-20020a056a00239400b006e69942fd97mr21571866pfc.15.1710953067847; Wed, 20 Mar 2024 09:44:27 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/12] cve-update-nvd2-native: nvd_request_next: Improve comment Date: Wed, 20 Mar 2024 06:43:59 -1000 Message-Id: <9ba959475d84b2e87e14ceba11787b10afca45ba.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197392 From: Yoann Congal Add a URL to the doc of the API used in the function. ... and fix a small typo dabase -> database Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 506b4b6bbf..a703b68aac 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -123,7 +123,8 @@ def nvd_request_wait(attempt, min_wait): def nvd_request_next(url, attempts, api_key, args, min_wait): """ - Request next part of the NVD dabase + Request next part of the NVD database + NVD API documentation: https://nvd.nist.gov/developers/vulnerabilities """ import urllib.request From patchwork Wed Mar 20 16:44:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41312 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7B47C6FD1F for ; Wed, 20 Mar 2024 16:44:33 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.50468.1710953070413214380 for ; Wed, 20 Mar 2024 09:44:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QMZdTnB5; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5e4b775e1d6so66115a12.1 for ; Wed, 20 Mar 2024 09:44:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953070; x=1711557870; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=shtJfcZ8wRAXrdgxJT+aqQDcjm9BmdjW8s5AuYlo3D0=; b=QMZdTnB5bT5GLFKVj/cggBaw7WLjuSQztBsc6g/WoYv4CiEcVEXupEGVPg5sNUFAmz GJ5EHoCKBfH2iE8ukxwKYxX+JLcCkTatc7MmCg7qCYSEE2Ilkunr+sa64kWoV+bq4djh xK1q+ELrbmm9TQvtVDKCIFxLWDh//vaAEbq4tbZHKdNFWPTBgbkP1HuOf9uQv6TNCTym owhD2f+96d7ussyzbgWDXIesUGQXCEZn4vyqPo+KQIA7XTLLifLUjD61svxWgOeJi80z Ab5WLDZGWby76OWMGxn2ukCOMStHeKOM7H33GMYF6UXh1Wa7SrCw8O/RQ3yrq6rSj69o wvUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953070; x=1711557870; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=shtJfcZ8wRAXrdgxJT+aqQDcjm9BmdjW8s5AuYlo3D0=; b=fBq/8bix4fiBX3bPcp/jFnW9WCzYvfMaaOEWwGHl41YAlltBUcTjHmEyeqlXkAUczt cY36YFtENkMYJ1PF4wYmFHJEaRXOcgx7YQ/z1fdwlO/h5Eth8I/Gkz5MKfCKr+mTP0b7 e6m4l3X4U7y3TqIPsk9GUBNyCwFkoJ9WvPntnuMJWOkscIUgZEM89aqGkuT5Fiyr57L3 bjE81tjhLrAMkHdaJlsYvYjpRQxIyMYp9iD3p7dA1GbhWGJlIaMujjlMlSW0uiWQRJXu 9ZLE1Wgt9BCsmu/KVjq/wIwEEzU2ttWppqyrJA1fLKqacMxMzRxGvfsIkaKD9uHKggdP BtDQ== X-Gm-Message-State: AOJu0Yxv1mIFEmovWxiBG6Uv8CuJR+glBn81waSHtYGqWaVfpN7KSMF+ Pw1Y4+BvebuEDaC56BUYRAJhiR9jA5e50qGP63XTbtIs3OWSJdO+beYF9l3hmUOiNe3DFTE8/Pl 4gqE= X-Google-Smtp-Source: AGHT+IEOvX+/sa68ocl1nRKkm7LW0f2LT8dw1P1y84ToqUMqzYHfa7xXyRONQCJzkvbYl+X6KzWN+g== X-Received: by 2002:a05:6a20:7fa2:b0:1a3:64be:752c with SMTP id d34-20020a056a207fa200b001a364be752cmr255630pzj.26.1710953069647; Wed, 20 Mar 2024 09:44:29 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/12] cve-update-nvd2-native: Fix CVE configuration update Date: Wed, 20 Mar 2024 06:44:00 -1000 Message-Id: <80946fbe8c95169b871d816f2b71ee001a2a3d75.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197393 From: Yoann Congal When a CVE is created, it often has no precise version information and this is stored as "-" (matching any version). After an update, version information is added. The previous "-" must be removed, otherwise, the CVE is still "Unpatched" for cve-check. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index a703b68aac..0044529b7d 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -352,6 +352,10 @@ def update_db(conn, elt): [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() try: + # Remove any pre-existing CVE configuration. Even for partial database + # update, those will be repopulated. This ensures that old + # configuration is not kept for an updated CVE. + conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close() for config in elt['cve']['configurations']: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing for node in config["nodes"]: From patchwork Wed Mar 20 16:44:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41315 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D761AC54E58 for ; Wed, 20 Mar 2024 16:44:33 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web11.50469.1710953072009776138 for ; Wed, 20 Mar 2024 09:44:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=WMe0TfHV; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-5cddfe0cb64so15572a12.0 for ; Wed, 20 Mar 2024 09:44:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953071; x=1711557871; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Nr+O2YIgOlFtrXaw/ZAn1Psu8p113nEC3v0V67LqiIo=; b=WMe0TfHVkd118BoLyLNzM6zZAd3ehMv7gBtVMq/bt/Bx/iRWkNfWowr9nD5LAAP62D U3hd9d5ONARYgjnBQlMCipgAsqoH5bi+sfYR4+/EdPH+3m0dKy/Pmyr0xTPkfkC/IrUd wRzeOnvCeSIBEWpyW1lWY0y7TR4mpZTtHQRHMuKYDQnFulG5BGHYl4wq+9TwfWlOlAmj Hy4F8la+UUWb94dXw03PMPT+P9XDcOHK0jL0oE+xuE89MvfiD1RKB7a8VM7fG8yDjYIM NnKyEYWgEx2rRauecvFvNAGhhvulPl6/1KaOh1mo9W7MN+BigNb1G5Uvlgrpv6erZbt7 xSWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953071; x=1711557871; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nr+O2YIgOlFtrXaw/ZAn1Psu8p113nEC3v0V67LqiIo=; b=kpJNgjUOLg6ghYI8PCcrBsWcQuzRhZO+rKSSoFpG1hP5x46ZynNV0CZdxmYNgu1GI7 1zo7COobR6PrfaXFn3uM+KYlJaECV+4ka1ojyC1tKzHdcIN3Sg5rr8sP3u+eU+86E78S FPrlskOFGQ1Cz6zIN9Nk2EBYkgiYwuFZMQUevXokrBH2qhUmfLzuUkmn0aXhBXPEC7hN dvUFOiqFL9x3tUk/sJ3q/Qq7WUb4i17sYevOYzg0aUYh9imkLhLnq2Ha3H0ELKRPlpp9 loNpVEjyIFEM5BWjuh9+59P9Ex/wmCHEujn2KtQ2PlSinL6/xV4KDJkMMrz9FxcRJTyz L/BQ== X-Gm-Message-State: AOJu0YyG7HHYd3fVNp4YEABCbaYutqz3KETR7DUvpY9neXleAOMjYmnj YLj5g1AArHCdFEXCQSIQ+NFmxt8SGy7J4hrjUGGLUjfnWPho19kvypRQ7vjVNRzlsTJIgpg+961 Hsq4= X-Google-Smtp-Source: AGHT+IHgnDS7sCOaxhEl1uSGZ6Bu66Mfct7mlrFmWXabqRXB6nldcVhTVrODZVBUXHZrHU+nx+BZjQ== X-Received: by 2002:a05:6a20:1581:b0:1a3:5170:8eb9 with SMTP id h1-20020a056a20158100b001a351708eb9mr14837760pzj.39.1710953071269; Wed, 20 Mar 2024 09:44:31 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/12] cve-update-nvd2-native: Remove rejected CVE from database Date: Wed, 20 Mar 2024 06:44:01 -1000 Message-Id: <4eb0074be76c9bd3d6d25cae4f1b9f398ff89bf5.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197394 From: Yoann Congal When a CVE is updated to be rejected, matching database entries must be removed. Otherwise: * an incremental update is not equivalent the to an initial download. * rejected CVEs might still appear as Unpatched in cve-check. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 0044529b7d..1a3eeba6d0 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -323,6 +323,10 @@ def update_db(conn, elt): accessVector = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": + c = conn.cursor() + c.execute("delete from PRODUCTS where ID = ?;", [cveId]) + c.execute("delete from NVD where ID = ?;", [cveId]) + c.close() return cveDesc = "" for desc in elt['cve']['descriptions']: From patchwork Wed Mar 20 16:44:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41317 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1201CD11DC for ; Wed, 20 Mar 2024 16:44:33 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.50470.1710953073606021636 for ; Wed, 20 Mar 2024 09:44:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=3EUJQeAQ; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-6e6ca2ac094so119614b3a.0 for ; Wed, 20 Mar 2024 09:44:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953073; x=1711557873; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CFQ5WgfoA2REa4w5YqoKTxS3Dvwe6nvcE45RcRT8EQg=; b=3EUJQeAQEb1gTinuUxNSrATk0MUNri3coyj3K+gvAfn3ofuU/RoUifTT4G+BhIbThP ckvDzSkI0kwfo32B+tFOKpOVBgc2IRGg6iuSqcUcn//NismaXlF8MkBOzXiMkirfSOEq F03ePxJFudbsuHms6Wzpd5/h13FbLFHIW5k+a0kVm8qa3ZnFFQF99xArpYjXaBSRGyz1 9dc/+BXTv5mDzhnxp/5v6tm4qleJLPHPw5YXqPUVJ6N7p3Y3PqahbLXlrOeBscAFYU9U 1moM/blsYmN2mUp4g4gNCje7+VyIA6Bgl00K7gTDcGVEojlWExUnFtoSbm7p7NhEZbgY IErQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953073; x=1711557873; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CFQ5WgfoA2REa4w5YqoKTxS3Dvwe6nvcE45RcRT8EQg=; b=PZqAMyritQyWkGxj+1X2olszqzUoZisISK1prNo6XkjjOEeHg5yAy6Eew9cigUCpls MaivsFxvOTkGAsa6LZKzZ4AIHwcgUA4LJd+HXCDQI1ks+JZaSBOke5rXOYZd/0sHkoHp A6qtyKdYTPk3/IbOLwbe0bgbC/erac07Ghhyl1+iiWRizc5zGRnoZMd4zUDEQ3LEH/Zm HbE6jl2ylKE/g5mHxxMd3kY96Hc20MjBqdtjngSxhOSTBRURivQ4Q8ZCXsIrkvbxsSs3 0GAZBBIr0doRHjrE2zmxaMCfiuzfTeZ8t2zROUF/Zl8Tu4XaJdi3H8gTCOJbuF66lplI 7+pg== X-Gm-Message-State: AOJu0Yw2zHg1nW+rRs+/Do8OOXUvgdoGoPK5lYWWFE6bd7JHlVhEXNTr oLCAfUI5JExhnYE1TB1rS+GIblQd3jJwzJjcXJYzzWiHmFs1xu318fcGPdea1PUcVSIwaJloukT 8L5Y= X-Google-Smtp-Source: AGHT+IHTo+3Ag/x5me5z6C7Vz0nLTtnISudGxRvgQZV4N4xMsC1gZjwdheztb1tLsWHcKa3gEPVhDQ== X-Received: by 2002:a05:6a21:788b:b0:1a3:560c:15d8 with SMTP id bf11-20020a056a21788b00b001a3560c15d8mr7464022pzc.41.1710953072933; Wed, 20 Mar 2024 09:44:32 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/12] wireless-regdb: upgrade 2023.05.03 -> 2023.09.01 Date: Wed, 20 Mar 2024 06:44:02 -1000 Message-Id: <947433332468a9662cedacada1e5d19d9a664ac2.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197395 From: Wang Mingyu Changelog: ========== wireless-regdb: update regulatory database based on preceding changes wireless-regdb: Update regulatory rules for Australia (AU) for June 2023 wireless-regdb: Update regulatory info for Türkiye (TR) wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidel... wireless-regdb: Update regulatory rules for Philippines (PH) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit 2f5edb6904bf16a9c52a9b124aeb5297487cd716) Signed-off-by: Steve Sakoman --- ...ireless-regdb_2023.05.03.bb => wireless-regdb_2023.09.01.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => wireless-regdb_2023.09.01.bb} (94%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb similarity index 94% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb index f3c3cd78e9..9187d257ca 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "f254d08ab3765aeae2b856222e11a95d44aef519a6663877c71ef68fae4c8c12" +SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491" inherit bin_package allarch From patchwork Wed Mar 20 16:44:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41319 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00C12CD11BF for ; Wed, 20 Mar 2024 16:44:44 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.50472.1710953075465054540 for ; Wed, 20 Mar 2024 09:44:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1k2jeCE5; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6e6b54a28d0so91119b3a.2 for ; Wed, 20 Mar 2024 09:44:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953075; x=1711557875; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ye/qgBPVqy3UhemdehR89gJrLXH4Xqh7Ft8kyqknKVU=; b=1k2jeCE5wneiTbA6vVaZTXvN2NEv1agtNODPcSOC/zSQW0kqCxHpRvF5ZkxXSEhPTo d1qfr64jwoFKv5fcUG4waNZvm83ztyzvIU++wX+3czj0MHO1qNsWgClr/57zE+HXJ/N9 D9tCx5hkO3EFfkz+huwCqDtLZS98N4RUx5C8EEFh9UXgMb1XwArWoRKjL066bCyphJ5z zlHdt3BWi6xx/qHaPEz/kb0LjA2YaB3XBPoGF4WoOECT0/qkoUUSbKH6ucVpoxNL13Yj 688GNtqiYMD3Idm+4v8f5GA1tyYAv97S0Ap2CUPZ1YN3w+7Hi8eVLJQcV7dCNJAgS2+m 0xRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953075; x=1711557875; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ye/qgBPVqy3UhemdehR89gJrLXH4Xqh7Ft8kyqknKVU=; b=PXmGZ4s3bUkI2nZappTwEGxCsgLNGPNKuJ63kQx8b9taY/hRdT/TSgYR8Pq3bOKlZG OVQsdIJmbSEFKMoeuEmNJBMYRD8Rbgo2rUpHEAWP6FaEPmf7y+mn8I5znqYXXKL12ncw ee4Z/ay7nDSUUoPKsHN2FERIXz1aaa9+pmvNA/RljOQ5KD61MNwS/E8ZCmit2GVA+lhd JIOMyL0gKNjSygtFnm3rP5dqnLmw46Q7yXu8MgfWeXUD2Meii8hVzY9yQ9AYk1vmTlBF ukhJLNtGXywR/lPhh5fi8W6qKYqCwTSFvdc+QvMhveUrMEtEampiJ0Xl23gB/IWfYbyT DPOA== X-Gm-Message-State: AOJu0YxuDP4UJ9rn/CCFuNZgTZCiFK5K54JOlMlkrADocyC6NsZZU9nP /4ZOhIoE5Yq85dBVA5O2f3zybP4iFRhNn+zz4VGwSeShl9OAsbvNl0xIjjt5qsqMPib3ydJnhRm avmE= X-Google-Smtp-Source: AGHT+IFjbrQmdTGKX1WQ59tf7pNJwwHuV+w97K7gyrtnfoDv8PPWNu9KD41SZZI3ju5/CLGhaHqaXg== X-Received: by 2002:a05:6a00:3a1f:b0:6ea:2501:d600 with SMTP id fj31-20020a056a003a1f00b006ea2501d600mr496533pfb.33.1710953074723; Wed, 20 Mar 2024 09:44:34 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/12] wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23 Date: Wed, 20 Mar 2024 06:44:03 -1000 Message-Id: <2f178a685137887f58271b84597409b6e0c395c6.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197396 From: Alex Kiernan Upstream maintainer has changed to Chen-Yu Tsai : https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/ Note that fb768d3b13ff ("wifi: cfg80211: Add my certificate") and 3c2a8ebe3fe6 ("wifi: cfg80211: fix certs build to not depend on file order") are required if you are using kernel signature verification. Signed-off-by: Alex Kiernan Signed-off-by: Alexandre Belloni (cherry picked from commit abf169fbbf8bab13224adf4c8bfa2e26607f360c) Signed-off-by: Steve Sakoman --- ...eless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} (88%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb similarity index 88% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb index 9187d257ca..6489bc90d9 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491" +SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55" inherit bin_package allarch @@ -13,7 +13,7 @@ do_install() { install -d -m0755 ${D}${nonarch_libdir}/crda install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin - install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem + install -m 0644 wens.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/wens.key.pub.pem install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s From patchwork Wed Mar 20 16:44:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41321 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1886FCD11DC for ; Wed, 20 Mar 2024 16:44:44 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.50335.1710953077145969709 for ; Wed, 20 Mar 2024 09:44:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=eMiTrPSs; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-6e6ce174d45so86503b3a.3 for ; Wed, 20 Mar 2024 09:44:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953076; x=1711557876; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=r4UnhWF5evodL7r/gzaqNfcyJI5Q++dVnHvjhgTug5s=; b=eMiTrPSs+8Eu3uHbR828l+CyAKEO2TuCDK8+ybEeigY/0HMcAuRYHt7Om8HoYvRm3w KHJc5FrWcrUzHoSFvqr3OG5z1Zue3ORm3K29k8qIf8B9evTlGKlo6dAuYtnbK2ClXdjc F+mqLnDYelZqpVYQ9TFobOrNR074HDxpipZMv+a6R7jZRl+yn/jU8Dr/JqUK4rQqs4ls 37bv2lXZswbL2Q7QHjQqIYxzfUN94ork3tVCevIIm2KsIwgBlpo+8BoKaQyywAd+rYRN ysvymb7H2upAAHOopJiOWwqPGXBDYodajlHvllRQBOPsa52NxBN2I47RkYAv8CM3gJAm QVcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953076; x=1711557876; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r4UnhWF5evodL7r/gzaqNfcyJI5Q++dVnHvjhgTug5s=; b=pBLoF40ZL02yzRnHYpv0ZWrxxvAnESsuqsXZVs7gxcCruenPO6vEMkVvZ27FK0iOB5 6rs04leVL5rR4Jt4g7/Su9W3b6cJBm2Qn2kk/r32l6aFQP30XqKsgzUsgmSrHfbOSsR0 e9LWsjKIGxl0YmWtxMkZyA9F8z0Ch7+4NXo9OxNQ2hKnYhFGl2SUWTqqLYw0Z8LSCmPU B7Zh2mrMxIU/IS8pGrDtvxMsY3JtNyX3qtO4a2yMLdIjz9Jn9O+SI/Qs8z4gx81Hysh6 3h1PVQ3aTSQmObgVZccStSpnSLqxmv5EiQ7fOdkngFV8Sh0LIJu9AFrFMSr/Dl1MhoAp t2NQ== X-Gm-Message-State: AOJu0YxOR9ahOkxH6YYKmlpAhP3hb+kPqE+ZidM2z131Lt8xyGnJHleH 5JD7MNYuNVICJv5pWEYIk/SDSJIKZotLkeSzFPhQQcMA4eXvscasScUuOd7A8P6uTD5I5Qoh4mP XjIM= X-Google-Smtp-Source: AGHT+IEuu5gAvUf66IbdBufC8mWBDZZwWkyy/dRikLjKF8Pr5PRhNzH2XgNXOm1Rrfdnk5mygCIsXQ== X-Received: by 2002:a05:6a00:13a0:b0:6e7:9a5e:3b45 with SMTP id t32-20020a056a0013a000b006e79a5e3b45mr2758388pfg.11.1710953076403; Wed, 20 Mar 2024 09:44:36 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/12] linux-firmware: upgrade 20231030 -> 20231211 Date: Wed, 20 Mar 2024 06:44:04 -1000 Message-Id: <894cfb61103e09b6bf0467a6b96765e774ca985b.1710952928.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197397 From: Alexander Sverdlin Signed-off-by: Alexander Sverdlin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 0caafdbbf4e7dc84b919afe14f7cb8c46a9e4ac2) Signed-off-by: Steve Sakoman --- ...nux-firmware_20231030.bb => linux-firmware_20231211.bb} | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231030.bb => linux-firmware_20231211.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb index 65cbca798e..3f201d853f 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "ceb5248746d24d165b603e71b288cf75" +WHENCE_CHKSUM = "3113c4ea08e5171555f3bf49eceb5b07" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7" +SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb" inherit allarch @@ -223,7 +223,8 @@ do_compile() { } do_install() { - oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install + # install-nodedup avoids rdfind dependency + oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install-nodedup cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ } From patchwork Wed Mar 20 16:44:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41320 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DBFAC6FD1F for ; Wed, 20 Mar 2024 16:44:44 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.50475.1710953078849756828 for ; Wed, 20 Mar 2024 09:44:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Pm07wrvY; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6e6b5aa0b52so85960b3a.3 for ; Wed, 20 Mar 2024 09:44:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953078; x=1711557878; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LnRFFXoiKdWQt+YvhVzPR+AWzYwx1rrafxD9FTfzIOo=; b=Pm07wrvYr0SiWH54sv/XNQb1jisiaQsdVePRQaj6JsTCRdjfFES2ZjQwZnbzM2n8Ph EvmVvQZ0OPT6Pus4sVKZ5Z25eM+r2KETOip74E978OFl4Aj4GWMG36C6u7ss88XDbOsl HTyN/Wit2xTKqIGjf2WAO+XodPi66w/jVS2G+lAnn0jwmYl9dDAYNb4T3EmXsFHaxF9q OdwK0SwA1cQ4ExUWN/5TtJkiCasv5Yuw8NTP+vR9qQhoVqNrSUINhZJZmpMdUz9bUssd QNj6zc04uH1ZPQKPxUEenmzTQ3SxDTregjCiI+fjWIfkOOwhaCv3O0v7rn3VNk9EtbF1 p2Zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953078; x=1711557878; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LnRFFXoiKdWQt+YvhVzPR+AWzYwx1rrafxD9FTfzIOo=; b=s3Q90aoF1r4kKbpvVlO6WWJ491cwVLBvvf6gx5T4q2tmkDaAfPdBgXUgMBj+DSGEQT gpPucaDcBPj3LEYewTPA89x22n0mlmop6hC9w8e61VcpvaQxe6BB+iFtaaGrYyrQIovl BkQaaE0uUzoj+0rDdSRzUJ+GfOk8PRbpJ8TuMfQ1W0Hrp6avnCRkoEfMojb+KHDD6wlI 3ebh+CFy1vQzGEZoRkSR9FteDocsIkkcj0IKSi49ElWgtKLo5CMRd3mtvynph9SMayLv 5eg3C2LqoYC+i3Toabt0FhZuOi3Ooc+PYG7qFlVMhR0NHQFIIYUo2wADwotsEgwcVY6N 3Jhg== X-Gm-Message-State: AOJu0Yz4U/726DDA+8jiN10scr7jo4GsGVwFM4Cg9qb1T2jzhailJAvQ jN1MbA3cKQ4i3PqfsrVox9EIBKr99HslOzZfkWjPkQA2hz3ZDNuFD/MAmxMQ8n8OfymQziuNM2T 0ZWU= X-Google-Smtp-Source: AGHT+IFEctPCQJsHo6fD1mdP7+eSQx4dL59LHDrrMMp+kSSo55fje4vc5mBi94cXyJ3HzfO4IY0m5A== X-Received: by 2002:a05:6a20:2450:b0:1a3:63a4:5332 with SMTP id t16-20020a056a20245000b001a363a45332mr9881096pzc.23.1710953078159; Wed, 20 Mar 2024 09:44:38 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:37 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/12] linux-firmware: upgrade 20231211 -> 20240220 Date: Wed, 20 Mar 2024 06:44:05 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197398 From: Alexander Kanavin License-Update: additional files Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit add81ef0299ea5260f9bdc59ffc8f5cc0e74276f) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20231211.bb => linux-firmware_20240220.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb index 3f201d853f..873ba9cdf0 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "3113c4ea08e5171555f3bf49eceb5b07" +WHENCE_CHKSUM = "a344e6c28970fc7daafa81c10247aeb6" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb" +SRC_URI[sha256sum] = "bf0f239dc0801e9d6bf5d5fb3e2f549575632cf4688f4348184199cb02c2bcd7" inherit allarch From patchwork Wed Mar 20 16:44:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 41318 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00BA0C54E58 for ; Wed, 20 Mar 2024 16:44:44 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.50337.1710953080891462415 for ; Wed, 20 Mar 2024 09:44:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rbIR0Kpp; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6e6a9fafacdso99114b3a.2 for ; Wed, 20 Mar 2024 09:44:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710953080; x=1711557880; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4FFBPXBeDZxmg9WIrfGltp9RsfYGigeAeqmBuMuSioo=; b=rbIR0Kppd+oCI8BzdxE5YILYi2RBkXH8uma0NTmuIXmZ/NjCmt9z2/uJ3H1swvBIWe qOG4HCrxPlwMz4aGRwSo01inKGi7Y7S6OhmqdoAhHc10cDV2eomKhr5YEqyd0R1vx88U xC9nAG8jfRG5BQ+HzKPBHRBzy0T5zzPT6M7dBv8jEW6NWONtPEpDIGp0fuz2zdeRhLgw bohSg1NESBpD8x+kV3rNzoRzWcYUJh2q8rrh2yktflXI0FJbAC94fY1RWUzGqc/lIfGD BW/4PdVr19sx4y5Mb7FgOzDRTymt/1nBwPDGlA+3VME4ap5Wc5NwuFCmImTRKESo0BI4 zCZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710953080; x=1711557880; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4FFBPXBeDZxmg9WIrfGltp9RsfYGigeAeqmBuMuSioo=; b=Kus+ARAiaz8ynoXvbevvylOxaUdnoFtF2Z7v/DPWb1LN5Lv/lVz+dBJ+oh+JgEbhi7 GF70+gJmTf2Po7XmiVS7DN49vJXTsdhqwKE151EVIhuELIZvwLa/CS4oxCOn1swXJ0yj VN8wQam+okGHcjkdGbzyzaRen4Nm70ni8VhDxIKrgFc2Y/h6hs7Zcd8IIW5FpJb++k/T ONIkpo1VCbFBcSoe7ndkpdU8V4jmZKH8vLNPt61meX7zrrAiEB/KZ+wc/Mq6Wz6YiST9 GK+GFPaUYSowOQzg6CniRiR9UhqlnB8Z6kqZKHN9yIE2I083xuGdWNxVq2dQ2kELt9zu Yprg== X-Gm-Message-State: AOJu0YwiYyGPgpw2wOCcBJJQA3mbBBX58/w6LV5i9IbhGUlNCNS0n3w6 jCyJOifT+g3e9YOqIug8dEmUtI2rYKVDjy+EVsCRy0QsHsS25w/YJxY9EJsJdch9DaRuwz9NyvM ME7E= X-Google-Smtp-Source: AGHT+IFWE2TMYxh8MK7LE3FLZ5PBgP2e6hl3jpMcrnB9Ou+bisXm0aKzA7MgMvR3xsI3g8HeY6LL6Q== X-Received: by 2002:a62:d153:0:b0:6e6:fcd4:5a23 with SMTP id t19-20020a62d153000000b006e6fcd45a23mr12363597pfl.32.1710953079984; Wed, 20 Mar 2024 09:44:39 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id a3-20020a62d403000000b006e6bfff6085sm12725437pfh.143.2024.03.20.09.44.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 09:44:39 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/12] yocto-uninative: Update to 4.4 for glibc 2.39 Date: Wed, 20 Mar 2024 06:44:06 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 20 Mar 2024 16:44:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197399 From: Michael Halstead Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie (cherry picked from commit 56fdd8b79e2f7ec30d2cdcfa0c399a6553efac1e) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/yocto-uninative.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index eaa3e9b31c..4ac66fd506 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.38" -UNINATIVE_VERSION = "4.3" +UNINATIVE_MAXGLIBCVERSION = "2.39" +UNINATIVE_VERSION = "4.4" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec" -UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd" -UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030" +UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" +UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" +UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302"