From patchwork Tue Apr 16 12:06:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42525 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F213C04FFF for ; Tue, 16 Apr 2024 12:07:11 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.18817.1713269226612741899 for ; Tue, 16 Apr 2024 05:07:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RXgRPzau; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6ecec796323so4461882b3a.3 for ; Tue, 16 Apr 2024 05:07:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269226; x=1713874026; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ObXX5xv52NhQcGYxoOqfJ97yOM44UZRca78m8Rl90w8=; b=RXgRPzauwqP0mI1mI3fAJRwYQUTcGvLn4B3ewUO6W0Jih3Kw+LYUYNWOUo/6gZ3KrR QNwBEKf+c8/QhkR2+VxRaYzlyKUtonWX7MrsLfgGvaLrBXFQ44xvreQqTLWlaYnjerAk tOrVDEvOaY3jZCRsRtldC/kTHKkX/FzOcqIceotUGf91Le1Bu398ljXljx7SNj6VFOEa U4TKdrN/7AIAhnbrNIBHdJXX20hWIi3cjxOrcYoErzBsA3fys7YjaoRi6VIugcepUc0z taCGI80aSlRYo0OvhCFP0IiM/kNGg6P/KzKJUS7ssp7fW40v3kVAZhEjmjWOgNdKwacz SNHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269226; x=1713874026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ObXX5xv52NhQcGYxoOqfJ97yOM44UZRca78m8Rl90w8=; b=dVIrQ0taLzU9OcQchRTUCk9Q+3QzDBQXoQFdumuICFRMsiupyeTzqqAyikFNeJGJrm t1boktRUUy6D2acAln2qT+33TItAhVIkkPUdLi4cw+OUzB+dBS4rj7B8ZQTXv15bFXZy kwF1jzSQ6fNuqitAiBqcinfdvsLXA4MlgD3KTlCf3b8SEwLzyeGJ86rpQ3karU5aVi1x GDvKSQT9Q0Iur65d4jMKzY9z7by/49dWHxAx6BFraebJn2FuYRIjy3vmG3S2+pv697UD KfdCFfXDx5+jfQwlwRdwE9uEbZ87j9ZIxyPrGYtQNizsHFinqTGzFLjwAzQtiqapLP1T cFdA== X-Gm-Message-State: AOJu0YwEhjyIElBGjXNL5lgpAlgcS291e33WZN4vFkVtQ6nQcqsyDBN8 jyvRGlJOMxAqQ5j+2UmbS13l9HpXIBHRGpkAhZFXMikmhEwoqvgjFyPDZL8J7k8ooIG/1BbsJKw JEec= X-Google-Smtp-Source: AGHT+IEYfx5DW4dw1nHjUTvuhong5+u29ccIuvZbCA2ntU6CkYwSJZIgVFIxJcbfdlH0WJBQMBYH5A== X-Received: by 2002:a05:6a00:1312:b0:6ea:dfbf:13d4 with SMTP id j18-20020a056a00131200b006eadfbf13d4mr16584260pfu.18.1713269225703; Tue, 16 Apr 2024 05:07:05 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:05 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch Date: Tue, 16 Apr 2024 05:06:48 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198438 From: Jonathan GUILLOT Typo prevents cupsd to start correctly with following error: Unable to read "/etc/cups/cupsd.conf" due to errors. Using `/usr/sbin/cupsd -t` to check the configuration: Unknown authorization type Defaul on line 77 of /etc/cups/cupsd.conf. Unknown Policy Limit directive AuthType on line 77 of /etc/cups/cupsd.conf. Signed-off-by: Jonathan GUILLOT Signed-off-by: Steve Sakoman --- meta/recipes-extended/cups/cups/CVE-2023-32360.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch index f1b0f9f918..c3db722f1f 100644 --- a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch +++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch @@ -27,7 +27,7 @@ index b258849..08f5070 100644 + + + -+ AuthType Defaul ++ AuthType Default Require user @OWNER @SYSTEM Order deny,allow From patchwork Tue Apr 16 12:06:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42527 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FF17C04FF6 for ; Tue, 16 Apr 2024 12:07:11 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.18818.1713269227900192630 for ; Tue, 16 Apr 2024 05:07:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OC7EpcCh; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6ecf1bb7f38so3915770b3a.0 for ; Tue, 16 Apr 2024 05:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269227; x=1713874027; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hibM0Aczb+OeMjm4K3xpTGSZer2/C2IBOrQMvCI7ARU=; b=OC7EpcChtFd2QxRSm32KStQ9flC13ekVTtqtYUdA09hpJRPINS9xYJm8xiXcMyx5tL jArdxVAedUXGC0jshelkqn7xt5ScPkryhkIRpHfVV8eQDmRXPsojyBAl1ULQeMhK4cGL rYqgHcyfBUyEl4Ewr6fcxN46wARcbBCHnOAhbp7+PAeY215OV1MZrgN/ao4kwJgXW5BS XMY8lcYX24u2u4akHsYsFa3nvpVZsztmum8W5zVPQjS/6JQVz5ZzdKq+crFZUUI4O+Dj Gs2wE4Y72wPHo3kjc7sk97BU2TGlQOggC1RnB1iVOKVqxXopsAWcXapHMUX6J3lucO+P dD4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269227; x=1713874027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hibM0Aczb+OeMjm4K3xpTGSZer2/C2IBOrQMvCI7ARU=; b=n6nCLHFVudtm8Km2H7yXuXV7o7Acf/mv3CljeXfM/ZW/7YdDt9MsDTjKgj5aj4FV3M 1fu87GbW3hC4Q0Vfy/LKVm6ZwGCpVqMVatrVBMrSVLx0HGRgXxCbqjk3DBfHWKgvDItD oLmDphR4gCvi65Df6ATwBTs7okVo6VkWOnK4KVyTGGM1PMqWllPMZQ4Uj0pDPGQ+Imag X/PnU58wLqtf05xTzIBGMtOHgAaA2dvyrvifcAo1IAzSGo4Pt/mHn+pk6nVaPl5Vo2Mm GiWZrnOS5o77k/vXdYbId4ReiJHzL8+BbEpSXS2NMACSVrkAs+RifQtVTOn/PEtVoIhg ki/g== X-Gm-Message-State: AOJu0YyW2UB3zqaOdPh+q3wwP7K+KQRdSCCl2PqGkDC/Oy484jRYfUl/ PhZQ5DorF8lyRAX7i/ENaj4ARF39gLar6VifA6kMLM3jolujwuMflfo+3t2sppwCcCpYXcUXbS1 83ag= X-Google-Smtp-Source: AGHT+IEiXO2tKyi5DdgNzKr9PDclsCyOHhtVc0n9YZEDxlzBXaK6ZSVpFhnnyMd77omNoL3zIH0dCg== X-Received: by 2002:a05:6a00:1781:b0:6ed:1012:93e8 with SMTP id s1-20020a056a00178100b006ed101293e8mr14756686pfg.24.1713269227173; Tue, 16 Apr 2024 05:07:07 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100 Date: Tue, 16 Apr 2024 05:06:49 -0700 Message-Id: <8df158f39f1eed1e3ae88ddf935c67e067b72525.1713268959.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198439 From: Alex Stewart CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same advertised fix commit, which has already been merged into the perl_5.34.3 sources used in kirkstone. Signed-off-by: Alex Stewart Signed-off-by: Steve Sakoman --- meta/recipes-devtools/perl/perl_5.34.3.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb index e8b518adc9..215990c8fa 100644 --- a/meta/recipes-devtools/perl/perl_5.34.3.bb +++ b/meta/recipes-devtools/perl/perl_5.34.3.bb @@ -48,6 +48,9 @@ PACKAGECONFIG[gdbm] = ",-Ui_gdbm,gdbm" # Don't generate comments in enc2xs output files. They are not reproducible export ENC2XS_NO_COMMENTS = "1" +# Duplicate of CVE-2023-47038, which has already been patched as of perl_5.34.3 +CVE_CHECK_IGNORE:append = " CVE-2023-47100" + do_configure:prepend() { cp -rfp ${STAGING_DATADIR_NATIVE}/perl-cross/* ${S} } From patchwork Tue Apr 16 12:06:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42528 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5FC62C05023 for ; Tue, 16 Apr 2024 12:07:11 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web11.18819.1713269229631714398 for ; Tue, 16 Apr 2024 05:07:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fd4EvGZ+; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-6eff2be3b33so2046219b3a.2 for ; Tue, 16 Apr 2024 05:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269229; x=1713874029; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IQymY848img/bBwjwvCfv/pGFdQIduklfjlghPQSI7s=; b=fd4EvGZ+YZ8bpwDg7WNHUTvwTBla7L3r9W12fG8vJMafFtRFDB7SP1mEtwWB0pgA8B gNgAEn7cJBbgd/9vA77w8G18D13XP/koGaQvacQuxgvz1YOhdcN9LcVHueSGsjvC9Ohn Qq414CtnPBy8vlRrWNXQ/0XiHDH/gbwOcUkmrIcPfw/gJtpoopIHNrt4gjUyl2mXz+7h x6HWiaSeeK442M3SGW8Zi9d8HWN/t+pu4x+cun4IMUB2AhGAXnVLz/VImTSHVIfHqLEM kDQJoMuajy0a4es5MGD0zgnye2yJpwrQf97fXZLfmjzczhrKPYoe7dZAb3RGqZpNPu7a zhtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269229; x=1713874029; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IQymY848img/bBwjwvCfv/pGFdQIduklfjlghPQSI7s=; b=JyZn296I/r0nLN7de2jiIBM3Ev24lZ/RYG4zBg7einGdODatrNstbIEA58UvKh8pVH D5QS82DqUudtN1aNftl3l0kXPfmMQUIdGywYTOTJt0wY77UKABhopX2ixRDsktA9Rmtb KMehzlhdgppCAnB4SUC/RyALNwTVFvf6T6DvFv7zeYSYToUeXXERP0AAGHLywoEd4VYv dFJS/brGr5SHo+B03w8vMLx5Il3wNiIX2hqza4Xp4zbH0BOmxNVWIhHdaiXhSjzdyOGl ddfzNJ+uJQBvoSCIzA6A+BRZqHM7qAxYoGVjKI8hIotZ7/QWZabSqttdFWIhGziyza23 2gFw== X-Gm-Message-State: AOJu0YxmuY5aNfWLpXRK70ebVH1arAOv5hwv1dcICfZN3JAY3KnmTuTc pTmELBaHc4zFHnc9OmfIEPN7vzQzFPcuW+N4aMy+YaxAMruQTLtb079NTw9tTdOVx+sQj72Sp5E nU/c= X-Google-Smtp-Source: AGHT+IEP2xWML/xu0FsBMl6CNgHxfOjGCU55txoVvNU0YRVTaa+E7/46mGN9WuN6wGL2uXBw0URuvQ== X-Received: by 2002:a05:6a21:2791:b0:1a9:5ba1:3b1b with SMTP id rn17-20020a056a21279100b001a95ba13b1bmr11294130pzb.9.1713269228925; Tue, 16 Apr 2024 05:07:08 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE Date: Tue, 16 Apr 2024 05:06:50 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198440 From: Sana Kazi Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports as upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and does not intent to address it in OpenSSH. Signed-off-by: Sana Kazi Signed-off-by: Sana Kazi Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index bc8e2d81b8..6411a64eff 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -49,6 +49,11 @@ CVE_CHECK_IGNORE += "CVE-2014-9278" # CVE only applies to some distributed RHEL binaries CVE_CHECK_IGNORE += "CVE-2008-3844" +# Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and +# does not intent to address it in OpenSSH +# https://security-tracker.debian.org/tracker/CVE-2023-51767 +CVE_CHECK_IGNORE += "CVE-2023-51767" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd From patchwork Tue Apr 16 12:06:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42530 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49BF2C04FF6 for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.19020.1713269231279512552 for ; Tue, 16 Apr 2024 05:07:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LBbvR81B; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6eaf9565e6bso2655273b3a.2 for ; Tue, 16 Apr 2024 05:07:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269230; x=1713874030; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dIamnY1HZUDgc0MchzRLk48SgW464vgWII2+AONCgOw=; b=LBbvR81BvvOmBq2ZVNJpnbT/JAlq1d25V5xS2WYHPaNFItzFBEmZemdcZ9GRKD5Djk q6tUJILg5QJOZSV7Fxh2UNNAR/uYtCFap1datx3SVYyY8xGol4eTW+u6RzDLHB+6sqLs jo7Oi2sCg84czPiTkBLjk4FRMZ2zfbUWHymBjFfR38Kmrk7tvBRJ9BxZIdex4wjY8Yn0 8I8VVzaxW/gV34cQUDtVjGfEHy9/ZMFnLTESR5hs/lP4yJGOXhTG3BMaT/pktsNMdIIv RJT5pcunU7RMxy/O1E3kNpwu1KLgmtJjPnoEw3BIuq89QYAS/6zDg51Ru3eq3WkdS9Zl moHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269230; x=1713874030; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dIamnY1HZUDgc0MchzRLk48SgW464vgWII2+AONCgOw=; b=L/wlIl/jpYyx3AQTlFumqfqOb5+ou5d9UIBdm34syDjZP8G/0QRLZVySGAJWRj+zJw bs4UBQBc65MvAuMP4m/SbMF7mi1OSdtb9leWFYaIudabjLqbgYVkqSKtFcFxXfYl0fhH q5OW6JB6/AyIijFgm+r1XzLoKbdPhWpmgS89yO0jQ4E7DwRmH/P9kzUd4F1E1EoeP6uW qOAftC1/kMvA/WjxPycwRkb3F7t+dyHoNLb37PCwu1/7I8kn8ZY+fU8xoNYWc9gewGhD WAVNt8ZzEiyJrpCcQIoUT7XKjJTPBX9W8aXPpYUd2C8npPHQ1uUjYbE0eJ7hxK/MZIif /h4A== X-Gm-Message-State: AOJu0YzF4X6+X2/Q5OqaExzHpJlSZQxjYHv4o58cE8ZKUH95wbjDw3Y3 4K3ec159GllyaFRZjFJNxWkN4XDIIuvKWaktaxP9CaJaY6WgG4ojxtkvclWxrsmgmhEamf+vVrn tZSU= X-Google-Smtp-Source: AGHT+IFOCw0hm7SCyAKRR82EyxKBkjmw9KLp1tUVq3hdQc/5IXeSjqFLetGkPTEj+u0dwGv3pak5fQ== X-Received: by 2002:a05:6a00:986:b0:6ed:1c7:8c6b with SMTP id u6-20020a056a00098600b006ed01c78c6bmr12360371pfg.1.1713269230373; Tue, 16 Apr 2024 05:07:10 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:10 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081 Date: Tue, 16 Apr 2024 05:06:51 -0700 Message-Id: <223950f9c748f89ee1b2a9df9cd77a0099e74581.1713268959.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198441 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b & https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2024-31080.patch | 49 +++++++++++++++++++ .../xserver-xorg/CVE-2024-31081.patch | 47 ++++++++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 2 + 3 files changed, 98 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch new file mode 100644 index 0000000000..40296903cd --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch @@ -0,0 +1,49 @@ +From 96798fc1967491c80a4d0c8d9e0a80586cb2152b Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 22 Mar 2024 18:51:45 -0700 +Subject: [PATCH] Xi: ProcXIGetSelectedEvents needs to use unswapped length to + send reply + +CVE-2024-31080 + +Reported-by: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762 +Fixes: 53e821ab4 ("Xi: add request processing for XIGetSelectedEvents.") +Signed-off-by: Alan Coopersmith +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b] +CVE: CVE-2024-31080 +Signed-off-by: Vijay Anusuri +--- + Xi/xiselectev.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c +index edcb8a0d36..ac14949871 100644 +--- a/Xi/xiselectev.c ++++ b/Xi/xiselectev.c +@@ -349,6 +349,7 @@ ProcXIGetSelectedEvents(ClientPtr client) + InputClientsPtr others = NULL; + xXIEventMask *evmask = NULL; + DeviceIntPtr dev; ++ uint32_t length; + + REQUEST(xXIGetSelectedEventsReq); + REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq); +@@ -418,10 +419,12 @@ ProcXIGetSelectedEvents(ClientPtr client) + } + } + ++ /* save the value before SRepXIGetSelectedEvents swaps it */ ++ length = reply.length; + WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply); + + if (reply.num_masks) +- WriteToClient(client, reply.length * 4, buffer); ++ WriteToClient(client, length * 4, buffer); + + free(buffer); + return Success; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch new file mode 100644 index 0000000000..4380004700 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch @@ -0,0 +1,47 @@ +From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 22 Mar 2024 18:56:27 -0700 +Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to + send reply + +CVE-2024-31081 + +Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.") +Signed-off-by: Alan Coopersmith +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee] +CVE: CVE-2024-31081 +Signed-off-by: Vijay Anusuri +--- + Xi/xipassivegrab.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c +index c9ac2f8553..896233bec2 100644 +--- a/Xi/xipassivegrab.c ++++ b/Xi/xipassivegrab.c +@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client) + GrabParameters param; + void *tmp; + int mask_len; ++ uint32_t length; + + REQUEST(xXIPassiveGrabDeviceReq); + REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq, +@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client) + } + } + ++ /* save the value before SRepXIPassiveGrabDevice swaps it */ ++ length = rep.length; + WriteReplyToClient(client, sizeof(rep), &rep); + if (rep.num_modifiers) +- WriteToClient(client, rep.length * 4, modifiers_failed); ++ WriteToClient(client, length * 4, modifiers_failed); + + out: + free(modifiers_failed); +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index e62babd4cb..b9eed92103 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -16,6 +16,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2024-21886-2.patch \ file://CVE-2024-0408.patch \ file://CVE-2024-0409.patch \ + file://CVE-2024-31080.patch \ + file://CVE-2024-31081.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Tue Apr 16 12:06:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42533 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73481C05024 for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web10.19021.1713269232631489985 for ; Tue, 16 Apr 2024 05:07:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bgozIaY/; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-6ee12766586so2836806b3a.0 for ; Tue, 16 Apr 2024 05:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269232; x=1713874032; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=J+9bbveoC7rSTTHlajzrvbTrsN7fVUcbo++vCDvghQc=; b=bgozIaY/SHcJQ2vk1eDy7MHzveDsP0k/xXD+fDDF239IHbnqbGaijKoi+J3vdkY9Ey 1lZHSa7QmvB70F64h87INazC2V60Zqb0iiC3nBAoNoUx/I4aT5yd8B2vO40aJbM4/8jJ elXzhMBZTOGyoGEG4DPHFNYHwyd3vVkDwZFDU6V8puCjCJ0GBFA9+QqZwV35gsrcEa1k xbLv1OxjTB3ZNqMHokYSlHb8nTs6j/ydwLbpSxecgZmxZ0IpMK2AH2xQxHo1JhIXMIcT sLafSvgpfboLY2aSRbUMjFckspmLk1Xw4KBRULhGjNjpv4I+rLCEGU9sm4YUptNJfU9i cioQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269232; x=1713874032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J+9bbveoC7rSTTHlajzrvbTrsN7fVUcbo++vCDvghQc=; b=Nmu7j4yo2uVlzNbRBxH1fOd/qO5++HkQqDsiPHDTGXl/gAYpMO4RJwpH5dGIJsZAcP cKwcMvp2CD3tIu+CtVM/RHP0U83qbolm5DPoSnnMP8zGa3fHG0y4OHrNNxylb8LjTjiu 1uiIMCvxbYZyECXqePqRG/hYpu+LH9cyszn88JjYvOZix8OS4W2cVC2eaZ+jiTyshspo NcCmDkshuEfM3W4i6Mj5eXhAHk3+ARZlQU2qfR0HM8wjHJ5b+KGTqCcfB8hQjiBa4Wy9 sXj/Zl9j0l0AYCwvCYGGqXOBcAZThgHKc3Lv938Wc6+4/Ebst0P6cKF31hoGhi0A+iLS Kyrw== X-Gm-Message-State: AOJu0YyMvu8bHBRzk9te8nI77M111Vz/+umwWT2t53hmTEZlyFptCjvJ 0cTK5/MqHx3HvpaqCscn/ayZocxn0+E7Eu0XdxX9m5VU7/qYd57oWBrbBC6vyq0x7lGy1OVcZet Pgf4= X-Google-Smtp-Source: AGHT+IE3G96olE57nF8Eu/kfvp1fVTEE7Yn4VZH9apSVJaKXN43crFNLnLiAQYszK3Xbpif2lHrbvw== X-Received: by 2002:a05:6a21:3e05:b0:1a9:11e5:2915 with SMTP id bk5-20020a056a213e0500b001a911e52915mr2456356pzc.27.1713269231846; Tue, 16 Apr 2024 05:07:11 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] openssl: patch CVE-2024-2511 Date: Tue, 16 Apr 2024 05:06:52 -0700 Message-Id: <42fc40198dfcbb5e96d7f2af7fc134e2b021d82a.1713268959.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198442 From: Peter Marko Patch: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d News: https://github.com/openssl/openssl/commit/daee101e39073d4b65a68faeb2f2de5ad7b05c36 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2024-2511.patch | 122 ++++++++++++++++++ .../openssl/openssl_3.0.13.bb | 1 + 2 files changed, 123 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch new file mode 100644 index 0000000000..8aea686205 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch @@ -0,0 +1,122 @@ +From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 5 Mar 2024 15:43:53 +0000 +Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 + +In TLSv1.3 we create a new session object for each ticket that we send. +We do this by duplicating the original session. If SSL_OP_NO_TICKET is in +use then the new session will be added to the session cache. However, if +early data is not in use (and therefore anti-replay protection is being +used), then multiple threads could be resuming from the same session +simultaneously. If this happens and a problem occurs on one of the threads, +then the original session object could be marked as not_resumable. When we +duplicate the session object this not_resumable status gets copied into the +new session object. The new session object is then added to the session +cache even though it is not_resumable. + +Subsequently, another bug means that the session_id_length is set to 0 for +sessions that are marked as not_resumable - even though that session is +still in the cache. Once this happens the session can never be removed from +the cache. When that object gets to be the session cache tail object the +cache never shrinks again and grows indefinitely. + +CVE-2024-2511 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24044) + +(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce) + +CVE: CVE-2024-2511 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d] +Signed-off-by: Peter Marko +--- + ssl/ssl_lib.c | 5 +++-- + ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ + ssl/statem/statem_srvr.c | 5 ++--- + 3 files changed, 27 insertions(+), 11 deletions(-) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 2c8479eb5fc69..eed649c6fdee9 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode) + + /* + * If the session_id_length is 0, we are not supposed to cache it, and it +- * would be rather hard to do anyway :-) ++ * would be rather hard to do anyway :-). Also if the session has already ++ * been marked as not_resumable we should not cache it for later reuse. + */ +- if (s->session->session_id_length == 0) ++ if (s->session->session_id_length == 0 || s->session->not_resumable) + return; + + /* +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index d836b33ed0e81..75adbd9e52b40 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void) + return ss; + } + +-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) +-{ +- return ssl_session_dup(src, 1); +-} +- + /* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) + { + SSL_SESSION *dest; + +@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) + return NULL; + } + ++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) ++{ ++ return ssl_session_dup_intern(src, 1); ++} ++ ++/* ++ * Used internally when duplicating a session which might be already shared. ++ * We will have resumed the original session. Subsequently we might have marked ++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to ++ * resume from. ++ */ ++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++{ ++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); ++ ++ if (sess != NULL) ++ sess->not_resumable = 0; ++ ++ return sess; ++} ++ + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if (len) +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index a9e67f9d32a77..6c942e6bcec29 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) + * so the following won't overwrite an ID that we're supposed + * to send back. + */ +- if (s->session->not_resumable || +- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) +- && !s->hit)) ++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) ++ && !s->hit) + s->session->session_id_length = 0; + + if (usetls13) { diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb index 5e43fdc2de..3b253ddde0 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2024-2511.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Tue Apr 16 12:06:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42534 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85481C05052 for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.19022.1713269234155274860 for ; Tue, 16 Apr 2024 05:07:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=0vDdMjhV; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6ece8991654so3857524b3a.3 for ; Tue, 16 Apr 2024 05:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269233; x=1713874033; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5p1lw2bPmiGgWRkjw/Btgq9/VYLI+3c7VvWBf6uePck=; b=0vDdMjhVB5maAO5ZnLR5FcAAUGd8VzZzahsk7VaqI20KnnnR+tLR833vzDuYYNNKrE ZVJ7q83SzgSxMt07ZITgmVoy79xw7UWZAtJEOvKaSmMmSLWg4eUBfs/OKZLQdah3vhhc zKmgkpPyJuu78skVx6uM248kK2EOOSSRlHQxuPro8o3z8uTLbw7msNlcyKmlPMZQxHSB FZLjJRrL2vrh5HqeG4HCXMct/Zw6SGOamidBK6rWuCAr7TRns345RrSqFwWeH1HJc31R asxcWBvmdulKgPOednTnfOq2/TfD0msSJmV6KNZf9pAOShX8wWcZ7p7w29CjeYVw42GA AWDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269233; x=1713874033; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5p1lw2bPmiGgWRkjw/Btgq9/VYLI+3c7VvWBf6uePck=; b=wLO4uXs3LpU2tfXeIRHKNy50FzH++LfOLfIiaPrqhlOkr78jhtSgwIC3yuZhVvy4N+ qu4SJNO+LmUfQx5nIlyEcoPKLv7F2cBuJIssylGCEDatlhcElE9II2p9q0zgIhzd+UQA VURj2YBbjk1XTe9HlxJ1JpQy3pNIGLjd3ATRMxR4uH/5wWhzM6KY3H8/8nWGBkZMg3f/ baB3IQ9NWOYe+6vV7zzYPOKWmuMqa5HR8shhfDVJYJQv9DjFLARhTy+k0U2e9dk/ii1Z PrG/gDHehK1hRDs0oLStz+JxZl/UjE4NinFjUCV4M8XWDPY6USV5oGJyWFN0KvaAqAlU fjuQ== X-Gm-Message-State: AOJu0YwrTP8t64BFf2zVywUIvfp4vDPGn6tehfY+c4jfjEhqR8wp/IkZ TRy0iQcdy0qlvrYYpUqfe8+mSzfJIttCZvqpQVMU9EfVXOTAXAzDifvc1DJMHqXycN5ZU8oHMsE J+IQ= X-Google-Smtp-Source: AGHT+IFLxDYOV3Rae2wmu+EBwF3+6/Rv5gM5//gPGq49actbDX1uFJkIowK5n/QiOIEY0smHkZ0fEA== X-Received: by 2002:aa7:8888:0:b0:6ea:8b0c:584 with SMTP id z8-20020aa78888000000b006ea8b0c0584mr17436222pfe.9.1713269233402; Tue, 16 Apr 2024 05:07:13 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] ncurses: patch CVE-2023-50495 Date: Tue, 16 Apr 2024 05:06:53 -0700 Message-Id: <6a54788ebe147ecd8e347ff8d2ba95a1c461d27d.1713268959.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198443 From: Peter Marko backport relevant parts from https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../ncurses/files/CVE-2023-50495.patch | 81 +++++++++++++++++++ .../ncurses/ncurses_6.3+20220423.bb | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch new file mode 100644 index 0000000000..e5a8f43b01 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch @@ -0,0 +1,81 @@ +commit ebc08cff36689eec54edc1ce2de6ebac826bd6cd +Author: Peter Marko +Date: Fri Apr 12 23:56:25 2024 +0200 + +check return value of _nc_save_str(), in special case for tic where +extended capabilities are processed but the terminal description was +not initialized (report by Ziqiao Kong). + +Only parts relevant for this CVE was extracted from upstream patch. + +CVE: CVE-2023-45853 +Upstream-Status: Backport [https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz] + +Signed-off-by: Peter Marko + +--- + ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index a77cd0b..8ac02ac 100644 +--- a/ncurses/tinfo/parse_entry.c ++++ b/ncurses/tinfo/parse_entry.c +@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + /* Well, we are given a cancel for a name that we don't recognize */ + return _nc_extend_names(entryp, name, STRING); + default: +- return 0; ++ return NULL; + } + + /* Adjust the 'offset' (insertion-point) to keep the lists of extended +@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + for (last = (unsigned) (max - 1); last > tindex; last--) + + if (!found) { ++ char *saved; ++ ++ if ((saved = _nc_save_str(name)) == NULL) ++ return NULL; ++ + switch (token_type) { + case BOOLEAN: + tp->ext_Booleans++; +@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + TYPE_REALLOC(char *, actual, tp->ext_Names); + while (--actual > offset) + tp->ext_Names[actual] = tp->ext_Names[actual - 1]; +- tp->ext_Names[offset] = _nc_save_str(name); ++ tp->ext_Names[offset] = saved; + } + + temp.nte_name = tp->ext_Names[offset]; +@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); + bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); + if (is_use || is_tc) { ++ char *saved; ++ + if (!VALID_STRING(_nc_curr_token.tk_valstring) + || _nc_curr_token.tk_valstring[0] == '\0') { + _nc_warning("missing name for use-clause"); +@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + _nc_curr_token.tk_valstring); + continue; + } +- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); +- entryp->uses[entryp->nuses].line = _nc_curr_line; +- entryp->nuses++; +- if (entryp->nuses > 1 && is_tc) { +- BAD_TC_USAGE ++ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) { ++ entryp->uses[entryp->nuses].name = saved; ++ entryp->uses[entryp->nuses].line = _nc_curr_line; ++ entryp->nuses++; ++ if (entryp->nuses > 1 && is_tc) { ++ BAD_TC_USAGE ++ } + } + } else { + /* normal token lookup */ diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb index a34a7bdfdc..da1e6d838d 100644 --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb @@ -4,6 +4,7 @@ SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ file://CVE-2023-29491.patch \ + file://CVE-2023-50495.patch \ " # commit id corresponds to the revision in package version SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" From patchwork Tue Apr 16 12:06:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 42535 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 968A9C0650F for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.19027.1713269237383670149 for ; Tue, 16 Apr 2024 05:07:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=0/okqW2Q; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-6f00f24f761so1425882b3a.3 for ; Tue, 16 Apr 2024 05:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269237; x=1713874037; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JMXW6akkv8dJnTw7gFywhh6xlPyp1/bSxvZU5McLwok=; b=0/okqW2QlzyEGbS3wDQzCXw9CDBjxFBnCKQove4eVE7q+nrp7VRjR+Y1XqG2zRMrdR J7ArmjEgvMESEnoq3SPKlwPiNJScIGdTJayq+DF2tKtt4vz+ESrZDm+4ZcMbYw/0DM/W 5JbLvcPGgIHNo7+OmbA5t1hWg/9+aHmsBNyw0FoRZbkvPSDLtbqIR4d/uw7BDN+CF4zU dTNQj3FHB2Iir+wUXECLe1eD4GA84jrMt8qQbJaWpDIh7Mzment4yNvSdsdDPetob/ck A+dHgpHON1f7rn6+W1ia3MsMeh8qGc2lI3lqrtkadkmk5q1yioOboGpvLKxdlvKUufpt +F5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713269237; x=1713874037; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JMXW6akkv8dJnTw7gFywhh6xlPyp1/bSxvZU5McLwok=; b=Cl/pkoTAiRsm9z/wJ0XKVGX34s6pYCI+Efa8CiBOPwVNksjxbo2P7V9EWnFhQ94K+Z NFG5keGzxucYu2DF6CQPurxA+iXCOq3PntH31r4OIVpqWn0vElbmJq1Xe5r4OYlSFdth AgOSmxaW2/UBhAEwiHwNEwKf+EW4aZnCXviaDitczw2bFXMCBlx7BSt+IjHRg/Oq0vaS RRU4MfymWM7C6w+JDQSFb/6VR0n1ryez70qYyBA6K/K3gFcVa6X9aiZPBT4ntfkrUxV+ +q7BkEUHBJr49SnPJvjkH0N9WYKe+uO6MVdrMnQ1KPIjnvGOBk1DIXHTASv/kb+K4jPo NTmQ== X-Gm-Message-State: AOJu0YyLuEg1TcZBde1DweSUOd8zY3CuxOB2HLe2htZ+aHjMSeuZ8LYP Uf2xTItNZV7wyd5Aylutka2u+yv1AqmraI3hend3VtegZpjK4teRL/ih1cs+S627yGoxseOtkdQ o6Jw= X-Google-Smtp-Source: AGHT+IGkxQcVu0L7z7tOZFKdmt9C7DDJGFQmJKQwE45HSFeMEQoKoY0s2hZ515wdkexab8M7lbkNQw== X-Received: by 2002:a05:6a00:acf:b0:6ec:ceb4:49b8 with SMTP id c15-20020a056a000acf00b006ecceb449b8mr14652055pfl.0.1713269235451; Tue, 16 Apr 2024 05:07:15 -0700 (PDT) Received: from xps13.. ([199.58.97.236]) by smtp.gmail.com with ESMTPSA id j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 05:07:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] Revert "expat: fix CVE-2023-52425" Date: Tue, 16 Apr 2024 05:06:54 -0700 Message-Id: <46fb46c0fff83da85f37a1ea705170a6d2039eff.1713268959.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 12:07:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198444 This reverts commit 1bdcd10930a2998f6bbe56b3ba4c9b6c91203b39. Causes ptest failures: {'expat': ['test_accounting_precision', 'test_return_ns_triplet', 'test_column_number_after_parse', 'test_default_current', 'test_external_entity_values']} Signed-off-by: Steve Sakoman --- .../expat/expat/CVE-2023-52425-0001.patch | 40 ---- .../expat/expat/CVE-2023-52425-0002.patch | 87 ------- .../expat/expat/CVE-2023-52425-0003.patch | 222 ------------------ .../expat/expat/CVE-2023-52425-0004.patch | 42 ---- .../expat/expat/CVE-2023-52425-0005.patch | 69 ------ .../expat/expat/CVE-2023-52425-0006.patch | 67 ------ .../expat/expat/CVE-2023-52425-0007.patch | 159 ------------- .../expat/expat/CVE-2023-52425-0008.patch | 95 -------- .../expat/expat/CVE-2023-52425-0009.patch | 52 ---- .../expat/expat/CVE-2023-52425-0010.patch | 111 --------- .../expat/expat/CVE-2023-52425-0011.patch | 89 ------- .../expat/expat/CVE-2023-52425-0012.patch | 87 ------- meta/recipes-core/expat/expat_2.5.0.bb | 12 - 13 files changed, 1132 deletions(-) delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch deleted file mode 100644 index 4e21ade018..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d5b02e96ab95d2a7ae0aea72d00054b9d036d76d Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Thu, 9 Nov 2023 19:28:05 +0100 -Subject: [PATCH] xmlwf: Document argument "-q" - -Rebased-and-adapted-by: Snild Dolkow - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d5b02e96ab95d2a7ae0aea72d00054b9d036d76d] - -Signed-off-by: Meenali Gupta ---- - doc/xmlwf.xml | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/doc/xmlwf.xml b/doc/xmlwf.xml -index 9603abf..3d35393 100644 ---- a/doc/xmlwf.xml -+++ b/doc/xmlwf.xml -@@ -313,6 +313,16 @@ supports both. - - - -+ -+ -+ -+ -+ Disable reparse deferral, and allow quadratic parse runtime -+ on large tokens (default: reparse deferral enabled). -+ -+ -+ -+ - - - --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch deleted file mode 100644 index 8376727778..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 09fdf998e7cf3f8f9327e6602077791095aedd4d Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Thu, 9 Nov 2023 19:14:14 +0100 -Subject: [PATCH] xmlwf: Support disabling reparse deferral - -Rebased-and-adapted-by: Snild Dolkow - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/09fdf998e7cf3f8f9327e6602077791095aedd4d] - -Signed-off-by: Meenali Gupta ---- - xmlwf/xmlwf.c | 20 ++++++++++++++++++++ - xmlwf/xmlwf_helpgen.py | 4 ++++ - 2 files changed, 24 insertions(+) - -diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c -index dd023a9..9a5441c 100644 ---- a/xmlwf/xmlwf.c -+++ b/xmlwf/xmlwf.c -@@ -911,6 +911,9 @@ usage(const XML_Char *prog, int rc) { - T("billion laughs attack protection:\n") - T(" NOTE: If you ever need to increase these values for non-attack payload, please file a bug report.\n") - T("\n") -+ T("reparse deferral:\n") -+ T(" -q disable reparse deferral, and allow [q]uadratic parse runtime with large tokens\n") -+ T("\n") - T(" -a FACTOR set maximum tolerated [a]mplification factor (default: 100.0)\n") - T(" -b BYTES set number of output [b]ytes needed to activate (default: 8 MiB)\n") - T("\n") -@@ -967,6 +970,8 @@ tmain(int argc, XML_Char **argv) { - unsigned long long attackThresholdBytes; - XML_Bool attackThresholdGiven = XML_FALSE; - -+ XML_Bool disableDeferral = XML_FALSE; -+ - int exitCode = XMLWF_EXIT_SUCCESS; - enum XML_ParamEntityParsing paramEntityParsing - = XML_PARAM_ENTITY_PARSING_NEVER; -@@ -1091,6 +1096,11 @@ tmain(int argc, XML_Char **argv) { - #endif - break; - } -+ case T('q'): { -+ disableDeferral = XML_TRUE; -+ j++; -+ break; -+ } - case T('\0'): - if (j > 1) { - i++; -@@ -1136,6 +1146,16 @@ tmain(int argc, XML_Char **argv) { - #endif - } - -+ if (disableDeferral) { -+ const XML_Bool success = XML_SetReparseDeferralEnabled(parser, XML_FALSE); -+ if (! success) { -+ // This prevents tperror(..) from reporting misleading "[..]: Success" -+ errno = EINVAL; -+ tperror(T("Failed to disable reparse deferral")); -+ exit(XMLWF_EXIT_INTERNAL_ERROR); -+ } -+ } -+ - if (requireStandalone) - XML_SetNotStandaloneHandler(parser, notStandalone); - XML_SetParamEntityParsing(parser, paramEntityParsing); -diff --git a/xmlwf/xmlwf_helpgen.py b/xmlwf/xmlwf_helpgen.py -index c2a527f..1bd0a0a 100755 ---- a/xmlwf/xmlwf_helpgen.py -+++ b/xmlwf/xmlwf_helpgen.py -@@ -81,6 +81,10 @@ billion_laughs.add_argument('-a', metavar='FACTOR', - help='set maximum tolerated [a]mplification factor (default: 100.0)') - billion_laughs.add_argument('-b', metavar='BYTES', help='set number of output [b]ytes needed to activate (default: 8 MiB)') - -+reparse_deferral = parser.add_argument_group('reparse deferral') -+reparse_deferral.add_argument('-q', metavar='FACTOR', -+ help='disable reparse deferral, and allow [q]uadratic parse runtime with large tokens') -+ - parser.add_argument('files', metavar='FILE', nargs='*', help='file to process (default: STDIN)') - - info = parser.add_argument_group('info arguments') --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch deleted file mode 100644 index e5c3606e19..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch +++ /dev/null @@ -1,222 +0,0 @@ -From 9cdf9b8d77d5c2c2a27d15fb68dd3f83cafb45a1 Mon Sep 17 00:00:00 2001 -From: Snild Dolkow -Date: Thu, 17 Aug 2023 16:25:26 +0200 -Subject: [PATCH] Skip parsing after repeated partials on the same token When - the parse buffer contains the starting bytes of a token but not all of them, - we cannot parse the token to completion. We call this a partial token. When - this happens, the parse position is reset to the start of the token, and the - parse() call returns. The client is then expected to provide more data and - call parse() again. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In extreme cases, this means that the bytes of a token may be parsed -many times: once for every buffer refill required before the full token -is present in the buffer. - -Math: - Assume there's a token of T bytes - Assume the client fills the buffer in chunks of X bytes - We'll try to parse X, 2X, 3X, 4X ... until mX == T (technically >=) - That's (m²+m)X/2 = (T²/X+T)/2 bytes parsed (arithmetic progression) - While it is alleviated by larger refills, this amounts to O(T²) - -Expat grows its internal buffer by doubling it when necessary, but has -no way to inform the client about how much space is available. Instead, -we add a heuristic that skips parsing when we've repeatedly stopped on -an incomplete token. Specifically: - - * Only try to parse if we have a certain amount of data buffered - * Every time we stop on an incomplete token, double the threshold - * As soon as any token completes, the threshold is reset - -This means that when we get stuck on an incomplete token, the threshold -grows exponentially, effectively making the client perform larger buffer -fills, limiting how many times we can end up re-parsing the same bytes. - -Math: - Assume there's a token of T bytes - Assume the client fills the buffer in chunks of X bytes - We'll try to parse X, 2X, 4X, 8X ... until (2^k)X == T (or larger) - That's (2^(k+1)-1)X bytes parsed -- e.g. 15X if T = 8X - This is equal to 2T-X, which amounts to O(T) - -We could've chosen a faster growth rate, e.g. 4 or 8. Those seem to -increase performance further, at the cost of further increasing the -risk of growing the buffer more than necessary. This can easily be -adjusted in the future, if desired. - -This is all completely transparent to the client, except for: -1. possible delay of some callbacks (when our heuristic overshoots) -2. apps that never do isFinal=XML_TRUE could miss data at the end - -For the affected testdata, this change shows a 100-400x speedup. -The recset.xml benchmark shows no clear change either way. - -Before: -benchmark -n ../testdata/largefiles/recset.xml 65535 3 - 3 loops, with buffer size 65535. Average time per loop: 0.270223 -benchmark -n ../testdata/largefiles/aaaaaa_attr.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 15.033048 -benchmark -n ../testdata/largefiles/aaaaaa_cdata.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.018027 -benchmark -n ../testdata/largefiles/aaaaaa_comment.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 11.775362 -benchmark -n ../testdata/largefiles/aaaaaa_tag.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 11.711414 -benchmark -n ../testdata/largefiles/aaaaaa_text.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.019362 - -After: -./run.sh benchmark -n ../testdata/largefiles/recset.xml 65535 3 - 3 loops, with buffer size 65535. Average time per loop: 0.269030 -./run.sh benchmark -n ../testdata/largefiles/aaaaaa_attr.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.044794 -./run.sh benchmark -n ../testdata/largefiles/aaaaaa_cdata.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.016377 -./run.sh benchmark -n ../testdata/largefiles/aaaaaa_comment.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.027022 -./run.sh benchmark -n ../testdata/largefiles/aaaaaa_tag.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.099360 -./run.sh benchmark -n ../testdata/largefiles/aaaaaa_text.xml 4096 3 - 3 loops, with buffer size 4096. Average time per loop: 0.017956 - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9cdf9b8d77d5c2c2a27d15fb68dd3f83cafb45a1] - -Signed-off-by: Meenali Gupta ---- - lib/xmlparse.c | 58 +++++++++++++++++++++++++++++++++----------------- - 1 file changed, 39 insertions(+), 19 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index bbffcaa..5695417 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -81,6 +81,7 @@ - # endif - #endif - -+#include - #include - #include /* memset(), memcpy() */ - #include -@@ -629,6 +630,7 @@ struct XML_ParserStruct { - const char *m_bufferLim; - XML_Index m_parseEndByteIndex; - const char *m_parseEndPtr; -+ size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */ - XML_Char *m_dataBuf; - XML_Char *m_dataBufEnd; - XML_StartElementHandler m_startElementHandler; -@@ -960,6 +962,32 @@ get_hash_secret_salt(XML_Parser parser) { - return parser->m_hash_secret_salt; - } - -+static enum XML_Error -+callProcessor(XML_Parser parser, const char *start, const char *end, -+ const char **endPtr) { -+ const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start); -+ -+ if (! parser->m_parsingStatus.finalBuffer) { -+ // Heuristic: don't try to parse a partial token again until the amount of -+ // available data has increased significantly. -+ const size_t had_before = parser->m_partialTokenBytesBefore; -+ const bool enough = (have_now >= 2 * had_before); -+ -+ if (! enough) { -+ *endPtr = start; // callers may expect this to be set -+ return XML_ERROR_NONE; -+ } -+ } -+ const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr); -+ // if we consumed nothing, remember what we had on this parse attempt. -+ if (*endPtr == start) { -+ parser->m_partialTokenBytesBefore = have_now; -+ } else { -+ parser->m_partialTokenBytesBefore = 0; -+ } -+ return ret; -+} -+ - static XML_Bool /* only valid for root parser */ - startParsing(XML_Parser parser) { - /* hash functions must be initialized before setContext() is called */ -@@ -1141,6 +1169,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) { - parser->m_bufferEnd = parser->m_buffer; - parser->m_parseEndByteIndex = 0; - parser->m_parseEndPtr = NULL; -+ parser->m_partialTokenBytesBefore = 0; - parser->m_declElementType = NULL; - parser->m_declAttributeId = NULL; - parser->m_declEntity = NULL; -@@ -1872,29 +1901,20 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { - to detect errors based on that fact. - */ - parser->m_errorCode -- = parser->m_processor(parser, parser->m_bufferPtr, -- parser->m_parseEndPtr, &parser->m_bufferPtr); -+ = callProcessor(parser, parser->m_bufferPtr, parser->m_parseEndPtr, -+ &parser->m_bufferPtr); - - if (parser->m_errorCode == XML_ERROR_NONE) { - switch (parser->m_parsingStatus.parsing) { - case XML_SUSPENDED: -- /* It is hard to be certain, but it seems that this case -- * cannot occur. This code is cleaning up a previous parse -- * with no new data (since len == 0). Changing the parsing -- * state requires getting to execute a handler function, and -- * there doesn't seem to be an opportunity for that while in -- * this circumstance. -- * -- * Given the uncertainty, we retain the code but exclude it -- * from coverage tests. -- * -- * LCOV_EXCL_START -- */ -+ /* While we added no new data, the finalBuffer flag may have caused -+ * us to parse previously-unparsed data in the internal buffer. -+ * If that triggered a callback to the application, it would have -+ * had an opportunity to suspend parsing. */ - XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, - parser->m_bufferPtr, &parser->m_position); - parser->m_positionPtr = parser->m_bufferPtr; - return XML_STATUS_SUSPENDED; -- /* LCOV_EXCL_STOP */ - case XML_INITIALIZED: - case XML_PARSING: - parser->m_parsingStatus.parsing = XML_FINISHED; -@@ -1924,7 +1944,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { - parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal; - - parser->m_errorCode -- = parser->m_processor(parser, s, parser->m_parseEndPtr = s + len, &end); -+ = callProcessor(parser, s, parser->m_parseEndPtr = s + len, &end); - - if (parser->m_errorCode != XML_ERROR_NONE) { - parser->m_eventEndPtr = parser->m_eventPtr; -@@ -2027,8 +2047,8 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) { - parser->m_parseEndByteIndex += len; - parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal; - -- parser->m_errorCode = parser->m_processor( -- parser, start, parser->m_parseEndPtr, &parser->m_bufferPtr); -+ parser->m_errorCode = callProcessor(parser, start, parser->m_parseEndPtr, -+ &parser->m_bufferPtr); - - if (parser->m_errorCode != XML_ERROR_NONE) { - parser->m_eventEndPtr = parser->m_eventPtr; -@@ -2220,7 +2240,7 @@ XML_ResumeParser(XML_Parser parser) { - } - parser->m_parsingStatus.parsing = XML_PARSING; - -- parser->m_errorCode = parser->m_processor( -+ parser->m_errorCode = callProcessor( - parser, parser->m_bufferPtr, parser->m_parseEndPtr, &parser->m_bufferPtr); - - if (parser->m_errorCode != XML_ERROR_NONE) { --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch deleted file mode 100644 index 35e8e0b1e5..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1b9d398517befeb944cbbadadf10992b07e96fa2 Mon Sep 17 00:00:00 2001 -From: Snild Dolkow -Date: Mon, 4 Sep 2023 17:21:14 +0200 -Subject: [PATCH] [PATCH] Don't update partial token heuristic on error - -Suggested-by: Sebastian Pipping - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/1b9d398517befeb944cbbadadf10992b07e96fa2] - -Signed-off-by: Meenali Gupta ---- - lib/xmlparse.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 5695417..5c66f54 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -979,11 +979,13 @@ callProcessor(XML_Parser parser, const char *start, const char *end, - } - } - const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr); -- // if we consumed nothing, remember what we had on this parse attempt. -- if (*endPtr == start) { -- parser->m_partialTokenBytesBefore = have_now; -- } else { -- parser->m_partialTokenBytesBefore = 0; -+ if (ret == XML_ERROR_NONE) { -+ // if we consumed nothing, remember what we had on this parse attempt. -+ if (*endPtr == start) { -+ parser->m_partialTokenBytesBefore = have_now; -+ } else { -+ parser->m_partialTokenBytesBefore = 0; -+ } - } - return ret; - } --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch deleted file mode 100644 index d4e112db58..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 09957b8ced725b96a95acff150facda93f03afe1 Mon Sep 17 00:00:00 2001 -From: Snild Dolkow -Date: Thu, 26 Oct 2023 10:41:00 +0200 -Subject: [PATCH] Allow XML_GetBuffer() with len=0 on a fresh parser - -len=0 was previously OK if there had previously been a non-zero call. -It makes sense to allow an application to work the same way on a -newly-created parser, and not have to care if its incoming buffer -happens to be 0. - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/09957b8ced725b96a95acff150facda93f03afe1] - -Signed-off-by: Meenali Gupta ---- - lib/xmlparse.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 5c66f54..5b112c6 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2095,7 +2095,8 @@ XML_GetBuffer(XML_Parser parser, int len) { - default:; - } - -- if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)) { -+ if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd) -+ || parser->m_buffer == NULL) { - #ifdef XML_CONTEXT_BYTES - int keep; - #endif /* defined XML_CONTEXT_BYTES */ -@@ -2118,8 +2119,9 @@ XML_GetBuffer(XML_Parser parser, int len) { - } - neededSize += keep; - #endif /* defined XML_CONTEXT_BYTES */ -- if (neededSize -- <= EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer)) { -+ if (parser->m_buffer && parser->m_bufferPtr -+ && neededSize -+ <= EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer)) { - #ifdef XML_CONTEXT_BYTES - if (keep < EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer)) { - int offset -@@ -2133,14 +2135,12 @@ XML_GetBuffer(XML_Parser parser, int len) { - parser->m_bufferPtr -= offset; - } - #else -- if (parser->m_buffer && parser->m_bufferPtr) { -- memmove(parser->m_buffer, parser->m_bufferPtr, -- EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr)); -- parser->m_bufferEnd -- = parser->m_buffer -- + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr); -- parser->m_bufferPtr = parser->m_buffer; -- } -+ memmove(parser->m_buffer, parser->m_bufferPtr, -+ EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr)); -+ parser->m_bufferEnd -+ = parser->m_buffer -+ + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr); -+ parser->m_bufferPtr = parser->m_buffer; - #endif /* not defined XML_CONTEXT_BYTES */ - } else { - char *newBuf; --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch deleted file mode 100644 index c1fb4893ed..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 9fe3672459c1bf10926b85f013aa1b623d855545 Mon Sep 17 00:00:00 2001 -From: Snild Dolkow -Date: Mon, 18 Sep 2023 20:32:55 +0200 -Subject: [PATCH] tests: Run both with and without partial token heuristic - -If we always run with the heuristic enabled, it may hide some bugs by -grouping up input into bigger parse attempts. - -CI-fighting-assistance-by: Sebastian Pipping - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9fe3672459c1bf10926b85f013aa1b623d855545] - -Signed-off-by: Meenali Gupta ---- - lib/internal.h | 3 +++ - lib/xmlparse.c | 5 ++++- - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/lib/internal.h b/lib/internal.h -index 03c8fde..1df417f 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -31,6 +31,7 @@ - Copyright (c) 2016-2022 Sebastian Pipping - Copyright (c) 2018 Yury Gribov - Copyright (c) 2019 David Loffredo -+ Copyright (c) 2023 Sony Corporation / Snild Dolkow - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining -@@ -160,6 +161,8 @@ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); - const char *unsignedCharToPrintable(unsigned char c); - #endif - -+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c -+ // - #ifdef __cplusplus - } - #endif -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 5b112c6..be6dd92 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -615,6 +615,8 @@ static unsigned long getDebugLevel(const char *variableName, - ? 0 \ - : ((*((pool)->ptr)++ = c), 1)) - -+XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c -+ // - struct XML_ParserStruct { - /* The first member must be m_userData so that the XML_GetUserData - macro works. */ -@@ -967,7 +969,8 @@ callProcessor(XML_Parser parser, const char *start, const char *end, - const char **endPtr) { - const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start); - -- if (! parser->m_parsingStatus.finalBuffer) { -+ if (g_reparseDeferralEnabledDefault -+ && ! parser->m_parsingStatus.finalBuffer) { - // Heuristic: don't try to parse a partial token again until the amount of - // available data has increased significantly. - const size_t had_before = parser->m_partialTokenBytesBefore; --- -2.40.0 - diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch deleted file mode 100644 index e2fb35eae6..0000000000 --- a/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 1d3162da8a85a398ab451aadd6c2ad19587e5a68 Mon Sep 17 00:00:00 2001 -From: Snild Dolkow -Date: Mon, 11 Sep 2023 15:31:24 +0200 -Subject: [PATCH] Add app setting for enabling/disabling reparse heuristic - -Suggested-by: Sebastian Pipping -CI-fighting-assistance-by: Sebastian Pipping - -CVE: CVE-2023-52425 - -Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/1d3162da8a85a398ab451aadd6c2ad19587e5a68] - -Signed-off-by: Meenali Gupta ---- - doc/reference.html | 30 ++++++++++++++++++++++++------ - lib/expat.h | 5 +++++ - lib/libexpat.def.cmake | 2 ++ - lib/xmlparse.c | 13 ++++++++++++- - 4 files changed, 43 insertions(+), 7 deletions(-) - -diff --git a/doc/reference.html b/doc/reference.html -index 9953aa7..7dd9370 100644 ---- a/doc/reference.html -+++ b/doc/reference.html -@@ -151,10 +151,11 @@ interface.

- - -
  • -- Billion Laughs Attack Protection -+ Attack Protection - -
    • -
  • Miscellaneous Functions -@@ -2123,11 +2124,7 @@ parse position may be before the beginning of the buffer.

    - return NULL.

    - - --

    Billion Laughs Attack Protection

    -- --

    The functions in this section configure the built-in -- protection against various forms of -- billion laughs attacks.

    -+

    Attack Protection

    - -

    XML_SetBillionLaughsAttackProtectionMaximumAmplification

    - 
    -@@ -2215,6 +2212,27 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(XML_Parser p,
-   
    
- 
- 
-+
    XML_SetReparseDeferralEnabled
    
-+
    -+/* Added in Expat 2.6.0. */
-+XML_Bool XMLCALL
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
-+
    
-+
    
-+  
    
-+    Large tokens may require many parse calls before enough data is available for Expat to parse it in full.
-+    If Expat retried parsing the token on every parse call, parsing could take quadratic time.
-+    To avoid this, Expat only retries once a significant amount of new data is available.
-+    This function allows disabling this behavior.
-+  
    
-+  
    
-+    The enabled argument should be XML_TRUE or XML_FALSE.
-+  
    
-+  
    
-+    Returns XML_TRUE on success, and XML_FALSE on error.
-+  
    
-+
    
-+
- 
    Miscellaneous functions
    
- 
- 
    The functions in this section either obtain state information from
-diff --git a/lib/expat.h b/lib/expat.h
-index 9e64174..73dda6d 100644
---- a/lib/expat.h
-+++ b/lib/expat.h
-@@ -16,6 +16,7 @@
-    Copyright (c) 2016      Thomas Beutlich 
-    Copyright (c) 2017      Rhodri James 
-    Copyright (c) 2022      Thijs Schreijer 
-+   Copyright (c) 2023      Sony Corporation / Snild Dolkow 
-    Licensed under the MIT license:
- 
-    Permission is  hereby granted,  free of charge,  to any  person obtaining
-@@ -1054,6 +1055,10 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
-     XML_Parser parser, unsigned long long activationThresholdBytes);
- #endif
- 
-+/* Added in Expat 2.6.0. */
-+XMLPARSEAPI(XML_Bool)
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
-+
- /* Expat follows the semantic versioning convention.
-    See http://semver.org.
- */
-diff --git a/lib/libexpat.def.cmake b/lib/libexpat.def.cmake
-index 61a4f00..10ee9cd 100644
---- a/lib/libexpat.def.cmake
-+++ b/lib/libexpat.def.cmake
-@@ -77,3 +77,5 @@ EXPORTS
- ; added with version 2.4.0
- @_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionActivationThreshold @69
- @_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
-+; added with version 2.6.0
-+  XML_SetReparseDeferralEnabled @71
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index be6dd92..8cf32e0 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -633,6 +633,7 @@ struct XML_ParserStruct {
-   XML_Index m_parseEndByteIndex;
-   const char *m_parseEndPtr;
-   size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */
-+  XML_Bool m_reparseDeferralEnabled;
-   XML_Char *m_dataBuf;
-   XML_Char *m_dataBufEnd;
-   XML_StartElementHandler m_startElementHandler;
-@@ -969,7 +970,7 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
-               const char **endPtr) {
-   const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);
- 
--  if (g_reparseDeferralEnabledDefault
-+  if (parser->m_reparseDeferralEnabled
-       && ! parser->m_parsingStatus.finalBuffer) {
-     // Heuristic: don't try to parse a partial token again until the amount of
-     // available data has increased significantly.
-@@ -1175,6 +1176,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
-   parser->m_parseEndByteIndex = 0;
-   parser->m_parseEndPtr = NULL;
-   parser->m_partialTokenBytesBefore = 0;
-+  parser->m_reparseDeferralEnabled = g_reparseDeferralEnabledDefault;
-   parser->m_declElementType = NULL;
-   parser->m_declAttributeId = NULL;
-   parser->m_declEntity = NULL;
-@@ -2601,6 +2603,15 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
- }
- #endif /* XML_GE == 1 */
- 
-+XML_Bool XMLCALL
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled) {
-+  if (parser != NULL && (enabled == XML_TRUE || enabled == XML_FALSE)) {
-+    parser->m_reparseDeferralEnabled = enabled;
-+    return XML_TRUE;
-+  }
-+  return XML_FALSE;
-+}
-+
- /* Initially tag->rawName always points into the parse buffer;
-    for those TAG instances opened while the current parse buffer was
-    processed, and not yet closed, we need to store tag->rawName in a more
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
deleted file mode 100644
index fa25fcd2db..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From 8ddd8e86aa446d02eb8d398972d3b10d4cad908a Mon Sep 17 00:00:00 2001
-From: Snild Dolkow 
-Date: Fri, 29 Sep 2023 10:14:59 +0200
-Subject: [PATCH] Try to parse even when incoming len is zero
-
-If the reparse deferral setting has changed, it may be possible to
-finish a token.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8ddd8e86aa446d02eb8d398972d3b10d4cad908a]
-
-Signed-off-by: Meenali Gupta 
----
- lib/xmlparse.c | 55 ++++++++------------------------------------------
- 1 file changed, 8 insertions(+), 47 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 8cf32e0..f4ff66e 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1896,46 +1896,8 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
-     parser->m_parsingStatus.parsing = XML_PARSING;
-   }
- 
--  if (len == 0) {
--    parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
--    if (! isFinal)
--      return XML_STATUS_OK;
--    parser->m_positionPtr = parser->m_bufferPtr;
--    parser->m_parseEndPtr = parser->m_bufferEnd;
--
--    /* If data are left over from last buffer, and we now know that these
--       data are the final chunk of input, then we have to check them again
--       to detect errors based on that fact.
--    */
--    parser->m_errorCode
--        = callProcessor(parser, parser->m_bufferPtr, parser->m_parseEndPtr,
--                        &parser->m_bufferPtr);
--
--    if (parser->m_errorCode == XML_ERROR_NONE) {
--      switch (parser->m_parsingStatus.parsing) {
--      case XML_SUSPENDED:
--        /* While we added no new data, the finalBuffer flag may have caused
--         * us to parse previously-unparsed data in the internal buffer.
--         * If that triggered a callback to the application, it would have
--         * had an opportunity to suspend parsing. */
--        XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr,
--                          parser->m_bufferPtr, &parser->m_position);
--        parser->m_positionPtr = parser->m_bufferPtr;
--        return XML_STATUS_SUSPENDED;
--      case XML_INITIALIZED:
--      case XML_PARSING:
--        parser->m_parsingStatus.parsing = XML_FINISHED;
--        /* fall through */
--      default:
--        return XML_STATUS_OK;
--      }
--    }
--    parser->m_eventEndPtr = parser->m_eventPtr;
--    parser->m_processor = errorProcessor;
--    return XML_STATUS_ERROR;
--  }
- #ifndef XML_CONTEXT_BYTES
--  else if (parser->m_bufferPtr == parser->m_bufferEnd) {
-+  if (parser->m_bufferPtr == parser->m_bufferEnd) {
-     const char *end;
-     int nLeftOver;
-     enum XML_Status result;
-@@ -2006,15 +1968,14 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
-     return result;
-   }
- #endif /* not defined XML_CONTEXT_BYTES */
--  else {
--    void *buff = XML_GetBuffer(parser, len);
--    if (buff == NULL)
--      return XML_STATUS_ERROR;
--    else {
--      memcpy(buff, s, len);
--      return XML_ParseBuffer(parser, len, isFinal);
--    }
-+  void *buff = XML_GetBuffer(parser, len);
-+  if (buff == NULL)
-+    return XML_STATUS_ERROR;
-+  if (len > 0) {
-+    assert(s != NULL); // make sure s==NULL && len!=0 was rejected above
-+    memcpy(buff, s, len);
-   }
-+  return XML_ParseBuffer(parser, len, isFinal);
- }
- 
- enum XML_Status XMLCALL
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
deleted file mode 100644
index 9c1157faac..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ad9c01be8ee5d3d5cac2bfd3949ad764541d35e7 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow 
-Date: Thu, 26 Oct 2023 13:55:02 +0200
-Subject: [PATCH]  Make external entity parser inherit partial token heuristic 
- setting
-
-The test is essentially a copy of the existing test for the setter,
-adapted to run on the external parser instead of the original one.
-
-Suggested-by: Sebastian Pipping 
-CI-fighting-assistance-by: Sebastian Pipping 
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ad9c01be8ee5d3d5cac2bfd3949ad764541d35e7]
-
-Signed-off-by: Meenali Gupta 
----
- lib/xmlparse.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index f4ff66e..6746d70 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1346,6 +1346,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
-      to worry which hash secrets each table has.
-   */
-   unsigned long oldhash_secret_salt;
-+  XML_Bool oldReparseDeferralEnabled;
- 
-   /* Validate the oldParser parameter before we pull everything out of it */
-   if (oldParser == NULL)
-@@ -1390,6 +1391,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
-      to worry which hash secrets each table has.
-   */
-   oldhash_secret_salt = parser->m_hash_secret_salt;
-+  oldReparseDeferralEnabled = parser->m_reparseDeferralEnabled;
- 
- #ifdef XML_DTD
-   if (! context)
-@@ -1442,6 +1444,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
-   parser->m_defaultExpandInternalEntities = oldDefaultExpandInternalEntities;
-   parser->m_ns_triplets = oldns_triplets;
-   parser->m_hash_secret_salt = oldhash_secret_salt;
-+  parser->m_reparseDeferralEnabled = oldReparseDeferralEnabled;
-   parser->m_parentParser = oldParser;
- #ifdef XML_DTD
-   parser->m_paramEntityParsing = oldParamEntityParsing;
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
deleted file mode 100644
index 3fbf69de08..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 60b74209899a67d426d208662674b55a5eed918c Mon Sep 17 00:00:00 2001
-From: Snild Dolkow 
-Date: Wed, 4 Oct 2023 16:00:14 +0200
-Subject: [PATCH] Bypass partial token heuristic when close to maximum buffer 
- size
-
-For huge tokens, we may end up in a situation where the partial token
-parse deferral heuristic demands more bytes than Expat's maximum buffer
-size (currently ~half of INT_MAX) could fit.
-
-INT_MAX/2 is 1024 MiB on most systems. Clearly, a token of 950 MiB could
-fit in that buffer, but the reparse threshold might be such that
-callProcessor() will defer it, allowing the app to keep filling the
-buffer until XML_GetBuffer() eventually returns a memory error.
-
-By bypassing the heuristic when we're getting close to the maximum
-buffer size, it will once again be possible to parse tokens in the size
-range INT_MAX/2/ratio < size < INT_MAX/2 reliably.
-
-We subtract the last buffer fill size as a way to detect that the next
-XML_GetBuffer() call has a risk of returning a memory error -- assuming
-that the application is likely to keep using the same (or smaller) fill.
-
-We subtract XML_CONTEXT_BYTES because that's the maximum amount of bytes
-that could remain at the start of the buffer, preceding the partial
-token. Technically, it could be fewer bytes, but XML_CONTEXT_BYTES is
-normally small relative to INT_MAX, and is much simpler to use.
-
-Co-authored-by: Sebastian Pipping 
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/60b74209899a67d426d208662674b55a5eed918c]
-
-Signed-off-by: Meenali Gupta 
----
- lib/xmlparse.c | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 6746d70..32c57f6 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -205,6 +205,8 @@ typedef char ICHAR;
- /* Do safe (NULL-aware) pointer arithmetic */
- #define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0)
- 
-+#define EXPAT_MIN(a, b) (((a) < (b)) ? (a) : (b))
-+
- #include "internal.h"
- #include "xmltok.h"
- #include "xmlrole.h"
-@@ -634,6 +636,7 @@ struct XML_ParserStruct {
-   const char *m_parseEndPtr;
-   size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */
-   XML_Bool m_reparseDeferralEnabled;
-+  int m_lastBufferRequestSize;
-   XML_Char *m_dataBuf;
-   XML_Char *m_dataBufEnd;
-   XML_StartElementHandler m_startElementHandler;
-@@ -975,7 +978,18 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
-     // Heuristic: don't try to parse a partial token again until the amount of
-     // available data has increased significantly.
-     const size_t had_before = parser->m_partialTokenBytesBefore;
--    const bool enough = (have_now >= 2 * had_before);
-+    // ...but *do* try anyway if we're close to reaching the max buffer size.
-+    size_t close_to_maxbuf = INT_MAX / 2 + (INT_MAX & 1); // round up
-+#if XML_CONTEXT_BYTES > 0
-+    // subtract XML_CONTEXT_BYTES, but don't go below zero
-+    close_to_maxbuf -= EXPAT_MIN(close_to_maxbuf, XML_CONTEXT_BYTES);
-+#endif
-+    // subtract the last buffer fill size, but don't go below zero
-+    // m_lastBufferRequestSize is never assigned a value < 0, so the cast is ok
-+    close_to_maxbuf
-+        -= EXPAT_MIN(close_to_maxbuf, (size_t)parser->m_lastBufferRequestSize);
-+    const bool enough
-+        = (have_now >= 2 * had_before) || (have_now > close_to_maxbuf);
- 
-     if (! enough) {
-       *endPtr = start; // callers may expect this to be set
-@@ -1177,6 +1191,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
-   parser->m_parseEndPtr = NULL;
-   parser->m_partialTokenBytesBefore = 0;
-   parser->m_reparseDeferralEnabled = g_reparseDeferralEnabledDefault;
-+  parser->m_lastBufferRequestSize = 0;
-   parser->m_declElementType = NULL;
-   parser->m_declAttributeId = NULL;
-   parser->m_declEntity = NULL;
-@@ -1911,6 +1926,9 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
-       parser->m_processor = errorProcessor;
-       return XML_STATUS_ERROR;
-     }
-+    // though this isn't a buffer request, we assume that `len` is the app's
-+    // preferred buffer fill size, and therefore save it here.
-+    parser->m_lastBufferRequestSize = len;
-     parser->m_parseEndByteIndex += len;
-     parser->m_positionPtr = s;
-     parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
-@@ -2064,6 +2082,9 @@ XML_GetBuffer(XML_Parser parser, int len) {
-   default:;
-   }
- 
-+  // whether or not the request succeeds, `len` seems to be the app's preferred
-+  // buffer fill size; remember it.
-+  parser->m_lastBufferRequestSize = len;
-   if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)
-       || parser->m_buffer == NULL) {
- #ifdef XML_CONTEXT_BYTES
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
deleted file mode 100644
index 800aaff544..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 3d8141d26a3b01ff948e00956cb0723a89dadf7f Mon Sep 17 00:00:00 2001
-From: Snild Dolkow 
-Date: Mon, 20 Nov 2023 16:11:24 +0100
-Subject: [PATCH] Bypass partial token heuristic when nearing full buffer
-
-...instead of only when approaching the maximum buffer size INT/2+1.
-
-We'd like to give applications a chance to finish parsing a large token
-before buffer reallocation, in case the reallocation fails.
-
-By bypassing the reparse deferral heuristic when getting close to the
-filling the buffer, we give them this chance -- if the whole token is
-present in the buffer, it will be parsed at that time.
-
-This may come at the cost of some extra reparse attempts. For a token
-of n bytes, these extra parses cause us to scan over a maximum of
-2n bytes (... + n/8 + n/4 + n/2 + n). Therefore, parsing of big tokens
-remains O(n) in regard how many bytes we scan in attempts to parse. The
-cost in reality is lower than that, since the reparses that happen due
-to the bypass will affect m_partialTokenBytesBefore, delaying the next
-ratio-based reparse. Furthermore, only the first token that "breaks
-through" a buffer ceiling takes that extra reparse attempt; subsequent
-large tokens will only bypass the heuristic if they manage to hit the
-new buffer ceiling.
-
-Note that this cost analysis depends on the assumption that Expat grows
-its buffer by doubling it (or, more generally, grows it exponentially).
-If this changes, the cost of this bypass may increase. Hopefully, this
-would be caught by test_big_tokens_take_linear_time or the new test.
-
-The bypass logic assumes that the application uses a consistent fill.
-If the app increases its fill size, it may miss the bypass (and the
-normal heuristic will apply). If the app decreases its fill size, the
-bypass may be hit multiple times for the same buffer size. The very
-worst case would be to always fill half of the remaining buffer space,
-in which case parsing of a large n-byte token becomes O(n log n).
-
-As an added bonus, the new test case should be faster than the old one,
-since it doesn't have to go all the way to 1GiB to check the behavior.
-
-Finally, this change necessitated a small modification to two existing
-tests related to reparse deferral. These tests are testing the deferral
-enabled setting, and assume that reparsing will not happen for any other
-reason. By pre-growing the buffer, we make sure that this new deferral
-does not affect those test cases.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/3d8141d26a3b01ff948e00956cb0723a89dadf7f]
-
-Signed-off-by: Meenali Gupta 
----
- lib/xmlparse.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 32c57f6..2830c1e 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -978,18 +978,18 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
-     // Heuristic: don't try to parse a partial token again until the amount of
-     // available data has increased significantly.
-     const size_t had_before = parser->m_partialTokenBytesBefore;
--    // ...but *do* try anyway if we're close to reaching the max buffer size.
--    size_t close_to_maxbuf = INT_MAX / 2 + (INT_MAX & 1); // round up
-+    // ...but *do* try anyway if we're close to causing a reallocation.
-+    size_t available_buffer
-+        = EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
- #if XML_CONTEXT_BYTES > 0
--    // subtract XML_CONTEXT_BYTES, but don't go below zero
--    close_to_maxbuf -= EXPAT_MIN(close_to_maxbuf, XML_CONTEXT_BYTES);
-+      available_buffer -= EXPAT_MIN(available_buffer, XML_CONTEXT_BYTES);
- #endif
--    // subtract the last buffer fill size, but don't go below zero
-+    available_buffer
-+        += EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd);
-     // m_lastBufferRequestSize is never assigned a value < 0, so the cast is ok
--    close_to_maxbuf
--        -= EXPAT_MIN(close_to_maxbuf, (size_t)parser->m_lastBufferRequestSize);
-     const bool enough
--        = (have_now >= 2 * had_before) || (have_now > close_to_maxbuf);
-+         = (have_now >= 2 * had_before)
-+          || ((size_t)parser->m_lastBufferRequestSize > available_buffer);
- 
-     if (! enough) {
-       *endPtr = start; // callers may expect this to be set
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
deleted file mode 100644
index 8693e9449e..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 119ae277abaabd4d17b2e64300fec712ef403b28 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow 
-Date: Thu, 28 Sep 2023 18:26:19 +0200
-Subject: [PATCH] Grow buffer based on current size Until now, the buffer size
- to grow to has been calculated based on the distance from the current parse
- position to the end of the buffer. This means that the size of any
- already-parsed data was not considered, leading to inconsistent buffer
- growth.
-
-There was also a special case in XML_Parse() when XML_CONTEXT_BYTES was
-zero, where the buffer size would be set to twice the incoming string
-length. This patch replaces this with an XML_GetBuffer() call.
-
-Growing the buffer based on its total size makes its growth consistent.
-
-The commit includes a test that checks that we can reach the max buffer
-size (usually INT_MAX/2 + 1) regardless of previously parsed content.
-
-GitHub CI couldn't allocate the full 1GiB with MinGW/wine32, though it
-works locally with the same compiler and wine version. As a workaround,
-the test tries to malloc 1GiB, and reduces `maxbuf` to 512MiB in case
-of failure.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/119ae277abaabd4d17b2e64300fec712ef403b28]
-
-Signed-off-by: Meenali Gupta 
----
- lib/xmlparse.c | 33 ++++++++++++++++-----------------
- 1 file changed, 16 insertions(+), 17 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 2830c1e..81f9bb3 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1961,23 +1961,22 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
-                       &parser->m_position);
-     nLeftOver = s + len - end;
-     if (nLeftOver) {
--      if (parser->m_buffer == NULL
--          || nLeftOver > parser->m_bufferLim - parser->m_buffer) {
--        /* avoid _signed_ integer overflow */
--        char *temp = NULL;
--        const int bytesToAllocate = (int)((unsigned)len * 2U);
--        if (bytesToAllocate > 0) {
--          temp = (char *)REALLOC(parser, parser->m_buffer, bytesToAllocate);
--        }
--        if (temp == NULL) {
--          parser->m_errorCode = XML_ERROR_NO_MEMORY;
--          parser->m_eventPtr = parser->m_eventEndPtr = NULL;
--          parser->m_processor = errorProcessor;
--          return XML_STATUS_ERROR;
--        }
--        parser->m_buffer = temp;
--        parser->m_bufferLim = parser->m_buffer + bytesToAllocate;
-+       // Back up and restore the parsing status to avoid XML_ERROR_SUSPENDED
-+      // (and XML_ERROR_FINISHED) from XML_GetBuffer.
-+      const enum XML_Parsing originalStatus = parser->m_parsingStatus.parsing;
-+      parser->m_parsingStatus.parsing = XML_PARSING;
-+      void *const temp = XML_GetBuffer(parser, nLeftOver);
-+      parser->m_parsingStatus.parsing = originalStatus;
-+      if (temp == NULL) {
-+        // NOTE: parser->m_errorCode has already been set by XML_GetBuffer().
-+        parser->m_eventPtr = parser->m_eventEndPtr = NULL;
-+        parser->m_processor = errorProcessor;
-+        return XML_STATUS_ERROR;
-       }
-+      // Since we know that the buffer was empty and XML_CONTEXT_BYTES is 0, we
-+      // don't have any data to preserve, and can copy straight into the start
-+      // of the buffer rather than the GetBuffer return pointer (which may be
-+      // pointing further into the allocated buffer).
-       memcpy(parser->m_buffer, end, nLeftOver);
-     }
-     parser->m_bufferPtr = parser->m_buffer;
-@@ -2135,7 +2134,7 @@ XML_GetBuffer(XML_Parser parser, int len) {
-     } else {
-       char *newBuf;
-       int bufferSize
--          = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferPtr);
-+          = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer);
-       if (bufferSize == 0)
-         bufferSize = INIT_BUFFER_SIZE;
-       do {
--- 
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
index b7b5cce925..31e989cfe2 100644
--- a/meta/recipes-core/expat/expat_2.5.0.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -22,18 +22,6 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 	   file://CVE-2023-52426-009.patch \
 	   file://CVE-2023-52426-010.patch \
 	   file://CVE-2023-52426-011.patch \
-	   file://CVE-2023-52425-0001.patch \
-           file://CVE-2023-52425-0002.patch \
-           file://CVE-2023-52425-0003.patch \
-           file://CVE-2023-52425-0004.patch \
-           file://CVE-2023-52425-0005.patch \
-           file://CVE-2023-52425-0006.patch \
-           file://CVE-2023-52425-0007.patch \
-           file://CVE-2023-52425-0008.patch \
-           file://CVE-2023-52425-0009.patch \
-           file://CVE-2023-52425-0010.patch \
-           file://CVE-2023-52425-0011.patch \
-	   file://CVE-2023-52425-0012.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"

From patchwork Tue Apr 16 12:06:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman 
X-Patchwork-Id: 42529
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 574E0C05023
	for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web11.18821.1713269237497951199
 for ;
 Tue, 16 Apr 2024 05:07:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Zt+mit2y;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-6ed0e9ccca1so3914119b3a.0
        for ;
 Tue, 16 Apr 2024 05:07:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269237;
 x=1713874037; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=KYXXpsSj0/8WO7rjA589X296bqhGLkX/mK5/tL3rPTc=;
        b=Zt+mit2yHBp56vJic93R9ukECGbGwzldImmwKlYYsRdu861usRUuo/zDi5ayTxa4Jm
         2MXvCynL88o98jKkK7VMkEinn8o5InAEvJqD/7CbJiV6GiEVnyBkg07+UkvaY/SMNaT8
         Mkaa2jjhdT2pr0n4tAL61RRyrmcHqL8RL6me00UucD/qWv0G4+ANqGqzsIu1iF6nBcDq
         lUNjdN8pxxo6UKsALx8vZ0cd8mK4NaTcYJkXdfnpO8gjvct7ytUi5NFGG46gowndohAh
         /2ay9kEEuVECfOHtImsOsQLjlwFgKiLrioN/Gy69YfdT09a5WMcKfF01nN0pPXTS7Gtp
         nQ6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713269237; x=1713874037;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=KYXXpsSj0/8WO7rjA589X296bqhGLkX/mK5/tL3rPTc=;
        b=aMwf7Mdk11TGI/Rvhmlv773LYWOFVtn9+0WtmTkIXfeVhCej5vGppCSI5a//s+2z78
         IejZa+TCy8LUrkR2BqewwcKwGkK/2y7jUoBXLb3A9PJNEZp8rv6tfydjr2AbQk7Tg6Ih
         867blDflCkjkhC5xKU/y6wjPH2dU/XWbE4Rx86CCcfPM4RnU08NAqVRiQD6gG52fbfqx
         bjxRusUfVax+yoArdwpJjCzkQwtNJQEHGjG6UsyUvXCRPuH+DeWPiuv5kBEmK0AkYYOt
         fwu6L7u+yewkJoqWvr8rE0DhJB43hE79yLjUT2ihnFtuU/sDoNru4zBdx1wSYERLPWSS
         vYzw==
X-Gm-Message-State: AOJu0Yxrty3EzFmGdzDAtdPQGlh6Bw8taHpEJx4RazJsHaDo9H4/uGuT
	2K+MPJ8O3smCJ8ofaiCBozA+5hRjqo3ev2nds1rYs8CBPdV2Clh3pQ+dIs1BY+iv7HIbwFPIbkY
	Rxoo=
X-Google-Smtp-Source: 
 AGHT+IFRMc1ZhjNEF7T7KuPAVyGBVM2j9JrlVIQV4u4xYpvdmzFPpGnyFfz6IlnEE2UETS6mTyL7dw==
X-Received: by 2002:a05:6a00:3d4d:b0:6ea:afd1:90e6 with SMTP id
 lp13-20020a056a003d4d00b006eaafd190e6mr12082276pfb.6.1713269236825;
        Tue, 16 Apr 2024 05:07:16 -0700 (PDT)
Received: from xps13.. ([199.58.97.236])
        by smtp.gmail.com with ESMTPSA id
 j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.16
        for 
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 16 Apr 2024 05:07:16 -0700 (PDT)
From: Steve Sakoman 
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/10] tcl: Add a way to skip ptests
Date: Tue, 16 Apr 2024 05:06:55 -0700
Message-Id: 
 
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
References: 
MIME-Version: 1.0
List-Id: 
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 ; Tue, 16 Apr 2024 12:07:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/198445

From: Khem Raj 

Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.

Skip unixInit-3* test on musl

Signed-off-by: Khem Raj 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit fa66f1cee2d88c2276442e8b4aaeccde5490f9ea)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++--
 meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index a62b703082..5b9127784e 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -3,9 +3,9 @@
 # clock.test needs a timezone to be set
 export TZ="Europe/London"
 export TCL_LIBRARY=library
-
+SKIPPED_TESTS=
 for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
-    ./tcltest tests/all.tcl -file $i >$i.log 2>&1
+    ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1
     grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log
     if [ $? -eq 0 ]; then
         echo "FAIL: $i"
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index b591671868..f8f3d7dd3f 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -89,6 +89,11 @@ do_install_ptest() {
 	cp -r ${S}/tests ${D}${PTEST_PATH}
 }
 
+do_install_ptest:append:libc-musl () {
+	# Assumes locales other than provided by musl-locales
+	sed -i -e 's|SKIPPED_TESTS=|SKIPPED_TESTS="unixInit-3*"|' ${D}${PTEST_PATH}/run-ptest
+}
+
 # Fix some paths that might be used by Tcl extensions
 BINCONFIG_GLOB = "*Config.sh"
 

From patchwork Tue Apr 16 12:06:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman 
X-Patchwork-Id: 42531
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6439CC04FFF
	for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web11.18822.1713269238980082109
 for ;
 Tue, 16 Apr 2024 05:07:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=sSofOVVA;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-6ecf8ebff50so2860651b3a.1
        for ;
 Tue, 16 Apr 2024 05:07:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269238;
 x=1713874038; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PCm3dpnyWiWC8VzeqmEGDcgoYFs///YTL5GEheKd004=;
        b=sSofOVVAwy003UYMCngnhYGh6oD/djuJaG5TWSmsTbDqquGJ4jimkPYAbN6RzdDF5S
         c/179Erxo2y62Rb1rYtwbaPrbPp/DGd7OEN+BuhEtJY4l8ZUMH3YSbVVbv1Oa/p5iPdy
         OvT9pN3brBjLoAiJda60RjfiWDbcDbfkqe3kJATyG4GOmfAecmv1Neuwrrse8N4kUGm6
         cNr2Ap19t/JWbZFfdyilQLGvShxhPKMzbgsdy7jrgFNbZr+zRLCflWiqnVqE1FxTbwNo
         myDzrbj3gkVuxPkctXtHpeLJobPqrP/Vpnb/M05eXg5EkkBxZ5Yq+ZsPWrcBI1V7j2IS
         fryg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713269238; x=1713874038;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PCm3dpnyWiWC8VzeqmEGDcgoYFs///YTL5GEheKd004=;
        b=U7zdMRtkJCMPYdoh2z3O2sZ+hhfiKRZ+bojKrVeTFvKvOrB1n4tKGujCG2UP25Eou0
         axGMLABR7jfTv7zi6kMeVA3Fvy2SymqdTtKtVzq23yfaE4uKIwxbz8GiF6rVIiyWxRqc
         t5b75u3SAsLSmZ5E5tSzfJd1y1tflvm4MJcwovhF1VR0iz6Wbl7l4akWFUbdK37rwUTe
         dm/WahuClxJuc3fBl6UXRxL5ou0g3GzQwUk3u/YlwLz9anKTDKOn1C3WqzceDOaxqSXL
         T0oOBn8n8sucH/BGkGhrsZBvIbHwljmjdrfwHAcMjngTnf2N6HNZBn098EEokfZ0xlgy
         PEsw==
X-Gm-Message-State: AOJu0Ywu2K7XEAdJxqn80pgvCBAuLjoiKwjoutwAG3oX6Uxbk5HQdep/
	xjZVcBk9b4EiXafJAB2WuWRtg3GJXqqctBLl/z1Ie9iHHIHrJUgbSEjleKJt9kesaDV8axvubn1
	9P7U=
X-Google-Smtp-Source: 
 AGHT+IGzNQoi8GoKRKpFW0hZeRGlMCe/lSlIAwjMkCa9ZMHbuCxtrcxHmDILMvLLBZaus0pHcjRCZQ==
X-Received: by 2002:a05:6a20:2d13:b0:1a8:4266:f88b with SMTP id
 g19-20020a056a202d1300b001a84266f88bmr3042241pzl.28.1713269238241;
        Tue, 16 Apr 2024 05:07:18 -0700 (PDT)
Received: from xps13.. ([199.58.97.236])
        by smtp.gmail.com with ESMTPSA id
 j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.17
        for 
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 16 Apr 2024 05:07:18 -0700 (PDT)
From: Steve Sakoman 
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in
 run-ptest
Date: Tue, 16 Apr 2024 05:06:56 -0700
Message-Id: 
 <161d336a6c57fddb36a0c4e8c2def84ce70128e3.1713268959.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
References: 
MIME-Version: 1.0
List-Id: 
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 ; Tue, 16 Apr 2024 12:07:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/198446

From: Ross Burton 

There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.

[ YOCTO #14825 #14882 #15081 ]

Signed-off-by: Ross Burton 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/tcltk/tcl/run-ptest | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index 5b9127784e..51e1e4aa7b 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -3,7 +3,11 @@
 # clock.test needs a timezone to be set
 export TZ="Europe/London"
 export TCL_LIBRARY=library
-SKIPPED_TESTS=
+
+# Some tests are overly strict with timings and fail on loaded systems.
+# See bugs #14825 #14882 #15081.
+SKIPPED_TESTS='cmdMZ-6.6 exit-1.* socket-* socket_inet-*'
+
 for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
     ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1
     grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log

From patchwork Tue Apr 16 12:06:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman 
X-Patchwork-Id: 42532
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: 
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79839C41513
	for ; Tue, 16 Apr 2024 12:07:21 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web11.18823.1713269240404686125
 for ;
 Tue, 16 Apr 2024 05:07:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=RoS1D5Tn;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-6ecff9df447so4334139b3a.1
        for ;
 Tue, 16 Apr 2024 05:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1713269240;
 x=1713874040; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=741ANwDec7YXTBr90YSnfxQLAgN9HQW0Kxcwhb+byDM=;
        b=RoS1D5TnKJPMt8bHjYM/MlXkYVF6PNvutly2WpjWdGawoUxE26raQg6p2ABIoJ1tX2
         gK8xCmiqpQGvoBGmC2zPOlWUqgbsvZ8vQ7QgLRSlUY8S/xsA/JdolPyeHqD9g5ib/hA5
         uVmVLj9fgw6XzLeR86X+Frs3NCYUhGjtmJ9ooGzBEYt/glvO+afXaLxV1EsJssZfbttn
         abDtuVv18o6gFiNzQ+i27GpIFRPupwHT1rtZBRPFeRwK6DrEynagldU0f/mmbxURo+ga
         RoYsUaUCaGzeyiTG74SXDEqoYBXO9cd3eBNvXo2TIcykUigttb7dbTrrQXIhB6xG0ADT
         7dwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713269240; x=1713874040;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=741ANwDec7YXTBr90YSnfxQLAgN9HQW0Kxcwhb+byDM=;
        b=dp2KcsKmmzKwUTHiISm8ikCRYlBgRmIna+qc5YDwj2asETwcVQ4p2vI9g59A/IRzFU
         /hdALa2cAHduTe/G4RiTTFFYwoF5Ex19wSPo1VoAScf65b+0Ouog93C2G+5OQ/sGCbw5
         OigZqkA1JawltT7lAwrcGI3VChUQ0CUhPCPvH6pc170T5oVTNIqQl+ZYQcNeE0wJZsNg
         9bJLCOwxTUEefczLZ5f2NB8Aq2ioQcyv9vU9RcCjKqhvWnyI+BAdqWp2o6UdbxNFMPdW
         dYs3TaL1k1y7WNWYxJizxzx8h98gA1teopIUlUXOGPYYUogYrju4NPYy+8vTmztQlLXJ
         O24g==
X-Gm-Message-State: AOJu0YwmPG0seMwxKIWRrqjDcOhJZLThxxXznKZjDvp4dtYRpyOGV6pm
	LAvXUxsmoCB40rZ+8Uq6vbcBD4FlWepXdT4nHIKmV9wQHf4kkGk1G+hyqF78sOJZPHT+t1IvASK
	tgRg=
X-Google-Smtp-Source: 
 AGHT+IEicqST8DyIRL7YHCSufzsO+ND7cGH4JpSo/sv5kxlmzw5pBH4LtXxVrh6P/OOm3LzlEWpX+g==
X-Received: by 2002:a05:6a20:7f8b:b0:1a3:466d:d33 with SMTP id
 d11-20020a056a207f8b00b001a3466d0d33mr15734836pzj.9.1713269239655;
        Tue, 16 Apr 2024 05:07:19 -0700 (PDT)
Received: from xps13.. ([199.58.97.236])
        by smtp.gmail.com with ESMTPSA id
 j5-20020aa78d05000000b006edd9339917sm8746111pfe.58.2024.04.16.05.07.19
        for 
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 16 Apr 2024 05:07:19 -0700 (PDT)
From: Steve Sakoman 
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 10/10] tcl: skip async and event tests in
 run-ptest
Date: Tue, 16 Apr 2024 05:06:57 -0700
Message-Id: 
 
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
References: 
MIME-Version: 1.0
List-Id: 
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 ; Tue, 16 Apr 2024 12:07:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/198447

From: Ross Burton 

These test suites are full of timing-sensitive test cases, so skip
them too.

[ YOCTO #15321 ]

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index 51e1e4aa7b..87e025fce1 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -5,8 +5,8 @@ export TZ="Europe/London"
 export TCL_LIBRARY=library
 
 # Some tests are overly strict with timings and fail on loaded systems.
-# See bugs #14825 #14882 #15081.
-SKIPPED_TESTS='cmdMZ-6.6 exit-1.* socket-* socket_inet-*'
+# See bugs #14825 #14882 #15081 #15321.
+SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*'
 
 for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
     ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1