From patchwork Thu Aug 18 16:56:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C838CC32772 for ; Thu, 18 Aug 2022 16:57:02 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web09.44930.1660841815254665801 for ; Thu, 18 Aug 2022 09:56:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ZBhaFB+t; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id s4-20020a17090a5d0400b001fabc6bb0baso3001883pji.1 for ; Thu, 18 Aug 2022 09:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=vhs7AGiHJEa+L0iZ0memkr1SqPs2eAaXOPfKO19Cz4U=; b=ZBhaFB+t20IdPrJufdsyJNGv7xe8V3zCoyYZeIGwRjN8uzHOPjRm62lbXaMoCmUMQP HyZKAcQIuseofP/wETLP0c8mvYiawntz9Up/y7G5vxtXrRkdpVlzuXzOsKbMi1vmD/4c RtbDBsvgTQ8tzYjYc5Dwr2Q+4dqULHZMI/qwmJ7HvagGtdQpnhN2Favw/KMFux9zo9tD z69xWgV4KrLVzTEoDaxwv5Rq0vJKHJYC85gKU4YdAHrNc/xN3jF2BWK7XgtBByO0x9pL bZg9Y2EFcZVFTImO5bkf7AecuYCmrfw/Y35AXqIux2L5o/GO+fwrketub5IIPn7ijmOr dIgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=vhs7AGiHJEa+L0iZ0memkr1SqPs2eAaXOPfKO19Cz4U=; b=cLlZv/rop3dq+waMlA4bpx9L/zgF7G6GIdoVGMxpiEynqYdb5/K3TlyW26bwrIwBl1 d2zLgH5VhM+XczP+XIEWMBpVJDd3ODqijaBsfUGwTjvNAbBt/csWZNwGmnheQ+2TPZGe lKCCpn0/55aY+877nMQHVKnwHvAsympmnmUuAXDbbUEqYfez9H3CjQCf/aPebxqQFkaO tB2S66SF6ucS/6NH3ZOZ+ESaczkoTute1GSpeYIF6wmT6KN4JI8YmyOZyXqbA/cD8KNn vSLw3BZvf9jL9kax9IJX4UPnckV8tEpE2w2cpR5xcXaO3pWQTzjaXBUOyJ6/ot6zZTYO 3YCw== X-Gm-Message-State: ACgBeo3xQGK8Rup98X0ybSSa/1EReOeY8u8oToJQWn6HkuqUFYRNItfv /1AuqtsKekDzP+x+FHRFN+mtvW1vObUvlapU X-Google-Smtp-Source: AA6agR4yswidFt9R47CGN61EtLcHy66/k/l3HyLZBI8Si5MgzM4HrcEYPf6fsbZA29Xk658dhbu3AQ== X-Received: by 2002:a17:902:b214:b0:171:2e1f:6d1a with SMTP id t20-20020a170902b21400b001712e1f6d1amr3345958plr.147.1660841814229; Thu, 18 Aug 2022 09:56:54 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.56.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:56:53 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/11] qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write Date: Thu, 18 Aug 2022 06:56:18 -1000 Message-Id: <198bd53bdc77d2b01dae19993bde79f03f4dd02c.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169523 From: Hitendra Prajapati Source: https://git.qemu.org/?p=qemu.git; MR: 107558 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442 ChangeID: c5d25422f43edb7d8728118eb482eba09474ef2c Description: CVE-2020-27821 qemu: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c. Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-27821.patch | 73 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 10b4280b23..a773068499 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -99,6 +99,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2020-13253_5.patch \ file://CVE-2020-13791.patch \ file://CVE-2022-35414.patch \ + file://CVE-2020-27821.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch new file mode 100644 index 0000000000..e26bc31bbb --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch @@ -0,0 +1,73 @@ +From 15222d4636d742f3395fd211fad0cd7e36d9f43e Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Tue, 16 Aug 2022 10:07:01 +0530 +Subject: [PATCH] CVE-2020-27821 + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442] +CVE: CVE-2020-27821 +Signed-off-by: Hitendra Prajapati + +memory: clamp cached translation in case it points to an MMIO region + +In using the address_space_translate_internal API, address_space_cache_init +forgot one piece of advice that can be found in the code for +address_space_translate_internal: + + /* MMIO registers can be expected to perform full-width accesses based only + * on their address, without considering adjacent registers that could + * decode to completely different MemoryRegions. When such registers + * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO + * regions overlap wildly. For this reason we cannot clamp the accesses + * here. + * + * If the length is small (as is the case for address_space_ldl/stl), + * everything works fine. If the incoming length is large, however, + * the caller really has to do the clamping through memory_access_size. + */ + +address_space_cache_init is exactly one such case where "the incoming length +is large", therefore we need to clamp the resulting length---not to +memory_access_size though, since we are not doing an access yet, but to +the size of the resulting section. This ensures that subsequent accesses +to the cached MemoryRegionSection will be in range. + +With this patch, the enclosed testcase notices that the used ring does +not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" +error. + +Signed-off-by: Paolo Bonzini +--- + exec.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/exec.c b/exec.c +index 2d6add46..1360051a 100644 +--- a/exec.c ++++ b/exec.c +@@ -3632,6 +3632,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + AddressSpaceDispatch *d; + hwaddr l; + MemoryRegion *mr; ++ Int128 diff; + + assert(len > 0); + +@@ -3640,6 +3641,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, + d = flatview_to_dispatch(cache->fv); + cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true); + ++ /* ++ * cache->xlat is now relative to cache->mrs.mr, not to the section itself. ++ * Take that into account to compute how many bytes are there between ++ * cache->xlat and the end of the section. ++ */ ++ diff = int128_sub(cache->mrs.size, ++ int128_make64(cache->xlat - cache->mrs.offset_within_region)); ++ l = int128_get64(int128_min(diff, int128_make64(l))); ++ + mr = cache->mrs.mr; + memory_region_ref(mr); + if (memory_access_is_direct(mr, is_write)) { +-- +2.25.1 + From patchwork Thu Aug 18 16:56:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D860BC32773 for ; Thu, 18 Aug 2022 16:57:02 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web08.44549.1660841817836083044 for ; Thu, 18 Aug 2022 09:56:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=yCSKj+Vv; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id 81so2061916pfz.10 for ; Thu, 18 Aug 2022 09:56:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=Gfft5ulQF779AU4/q1gfd5Ry5Bjjq+sY2qazjCEZsak=; b=yCSKj+Vvpayk5H0nM5DQ30O9oZhv8cNpo9R0eDxaO1HBgjr7TdvuH1o/YNw0CRIzzW 5Q+oGSFaGMOCdz2wIa28BdSFt3GLwLhCsOaC3co2mTafZCGk1CwooN2eazLgQVF2OuSn nptd+MQF/SVD8inHrjAPXrVda4yHvb/hEChkWIddWov39xjsFDCsa7Um9JtDXw6rzZeM o8LNVEkDHMFRQrke1vEaomurf0Py0JjOZ+WqJkzRrXipOS1ntD/s80HpTKSd0BbkgYxB VmS2qyHBuTIDYZq2O7hR5T5QjR3W2d5s6lHHi/Yjb3/NbFg3dG5kKk50knFBMp2LWI3L JBOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=Gfft5ulQF779AU4/q1gfd5Ry5Bjjq+sY2qazjCEZsak=; b=8ABD2ymG5+ifGotKJzvYIEzF6GX1mdBhHygmvzXCAK2Ns1pQonp6yDt1EmcER5MCx0 4Tyt/oTw6GpnxsEIPHhdJfYHbxh8K9QMw8NlxJLccNwcYMxIbJIsE+kco7Y659xrC1iZ 5SZs10iHHdNNhwGuImRGGw2ZJQDY5Q1HFfwWuamo0jnQXRD5kvCgFRn54IgdKSmht0uL X/eHQtkc6H8pWyTibyBc6fA9QJXpLP2ZkYDkirRqh9W2AFCONNFWG/t6p11p3fiOvRay 62VTQeI8e2smxyQ7XjsXe+elrxudyGGaJTwyebH41W0OI64eAFJYRpDN2U8BxpTdf6fW YFCA== X-Gm-Message-State: ACgBeo3jEon0NUQ9iDp35zWKAak77Wvin/wDR4v4u/wOjwJQkO05DjXq 6P0CSLhj5t3umIy+UcX56umFfUPFc046gvGV X-Google-Smtp-Source: AA6agR41i4FH4kJhedOReaBFLwdEHy87l0OVp0AK8eoWpZId2Qj6Y4xEytPXWb+jOrBfP7mB1+JQIQ== X-Received: by 2002:a63:f34b:0:b0:422:e3a6:47f2 with SMTP id t11-20020a63f34b000000b00422e3a647f2mr3085619pgj.478.1660841816572; Thu, 18 Aug 2022 09:56:56 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.56.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:56:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/11] gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify Date: Thu, 18 Aug 2022 06:56:19 -1000 Message-Id: <4cac37913d08f433668778e788f01e009dbb94bd.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169524 From: Hitendra Prajapati Source: https://gitlab.com/gnutls/gnutls MR: 120421 Type: Security Fix Disposition: Backport from https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5 Description: CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify. Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../gnutls/gnutls/CVE-2022-2509.patch | 282 ++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.6.14.bb | 1 + 2 files changed, 283 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch b/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch new file mode 100644 index 0000000000..f8954945d0 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch @@ -0,0 +1,282 @@ +From 9835638d4e1f37781a47e777c76d5bb14218929b Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Tue, 16 Aug 2022 12:23:14 +0530 +Subject: [PATCH] CVE-2022-2509 + +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2] +CVE: CVE-2022-2509 +Signed-off-by: Hitendra Prajapati +--- + NEWS | 4 + + lib/x509/pkcs7.c | 3 +- + tests/Makefile.am | 2 +- + tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++ + 4 files changed, 222 insertions(+), 2 deletions(-) + create mode 100644 tests/pkcs7-verify-double-free.c + +diff --git a/NEWS b/NEWS +index 755a67c..ba70bb3 100644 +--- a/NEWS ++++ b/NEWS +@@ -7,6 +7,10 @@ See the end for copying conditions. + + * Version 3.6.14 (released 2020-06-03) + ++** libgnutls: Fixed double free during verification of pkcs7 signatures. ++ Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium] ++ [CVE-2022-2509] ++ + ** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. + The TLS server would not bind the session ticket encryption key with a + value supplied by the application until the initial key rotation, allowing +diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c +index 98669e8..ccbc69d 100644 +--- a/lib/x509/pkcs7.c ++++ b/lib/x509/pkcs7.c +@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, + issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags); + + if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) { +- if (prev) gnutls_x509_crt_deinit(prev); ++ if (prev && prev != signer) ++ gnutls_x509_crt_deinit(prev); + prev = issuer; + break; + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 11a083c..cd43a0f 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -219,7 +219,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + tls-record-size-limit-asym dh-compute ecdh-compute sign-verify-data-newapi \ + sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ + tls13-without-timeout-func buffer status-request-revoked \ +- set_x509_ocsp_multi_cli kdf-api keylog-func \ ++ set_x509_ocsp_multi_cli kdf-api keylog-func pkcs7-verify-double-free \ + dtls_hello_random_value tls_hello_random_value x509cert-dntypes + + if HAVE_SECCOMP_TESTS +diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c +new file mode 100644 +index 0000000..fadf307 +--- /dev/null ++++ b/tests/pkcs7-verify-double-free.c +@@ -0,0 +1,215 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Zoltan Fridrich ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software: you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS. If not, see . ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++ ++#include "utils.h" ++ ++static char rca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n" ++ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" ++ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n" ++ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n" ++ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n" ++ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n" ++ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n" ++ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" ++ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n" ++ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n" ++ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n" ++ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n" ++ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n" ++ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n" ++ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n" ++ "LirBWjg89RoAjFQ7bTE=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n" ++ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n" ++ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n" ++ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n" ++ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n" ++ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n" ++ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n" ++ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n" ++ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n" ++ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n" ++ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n" ++ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n" ++ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n" ++ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n" ++ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ee_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n" ++ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n" ++ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n" ++ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n" ++ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n" ++ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n" ++ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n" ++ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n" ++ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n" ++ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n" ++ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n" ++ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n" ++ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n" ++ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n" ++ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n" ++ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char msg_pem[] = ++ "-----BEGIN PKCS7-----\n" ++ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n" ++ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n" ++ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n" ++ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" ++ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n" ++ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n" ++ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n" ++ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n" ++ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n" ++ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n" ++ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n" ++ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n" ++ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n" ++ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n" ++ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n" ++ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n" ++ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n" ++ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n" ++ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n" ++ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n" ++ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n" ++ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n" ++ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n" ++ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n" ++ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n" ++ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n" ++ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" ++ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n" ++ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n" ++ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n" ++ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n" ++ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n" ++ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n" ++ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n" ++ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n" ++ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n" ++ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n" ++ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n" ++ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n" ++ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n" ++ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n" ++ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n" ++ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n" ++ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n" ++ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n" ++ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n" ++ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n" ++ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n" ++ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n" ++ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n" ++ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n" ++ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n" ++ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n" ++ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n" ++ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n" ++ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n" ++ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n" ++ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n" ++ "-----END PKCS7-----\n"; ++ ++const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 }; ++const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 }; ++const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 }; ++const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 }; ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s |<%d>| %s", "err", level, str); ++} ++ ++#define CHECK(X)\ ++{\ ++ r = X;\ ++ if (r < 0)\ ++ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ ++}\ ++ ++void doit(void) ++{ ++ int r; ++ gnutls_x509_crt_t rca_cert = NULL; ++ gnutls_x509_crt_t ca_cert = NULL; ++ gnutls_x509_crt_t ee_cert = NULL; ++ gnutls_x509_trust_list_t tlist = NULL; ++ gnutls_pkcs7_t pkcs7 = NULL; ++ gnutls_datum_t data = { (unsigned char *)"xxx", 3 }; ++ ++ if (debug) { ++ gnutls_global_set_log_function(tls_log_func); ++ gnutls_global_set_log_level(4711); ++ } ++ ++ // Import certificates ++ CHECK(gnutls_x509_crt_init(&rca_cert)); ++ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ca_cert)); ++ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ee_cert)); ++ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Setup trust store ++ CHECK(gnutls_x509_trust_list_init(&tlist, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0)); ++ ++ // Setup pkcs7 structure ++ CHECK(gnutls_pkcs7_init(&pkcs7)); ++ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Signature verification ++ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0); ++ ++ gnutls_x509_crt_deinit(rca_cert); ++ gnutls_x509_crt_deinit(ca_cert); ++ gnutls_x509_crt_deinit(ee_cert); ++ gnutls_x509_trust_list_deinit(tlist, 0); ++ gnutls_pkcs7_deinit(pkcs7); ++} +-- +2.25.1 + diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb index 0c68da7c54..e9af71c7bd 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb @@ -25,6 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://CVE-2020-24659.patch \ file://CVE-2021-20231.patch \ file://CVE-2021-20232.patch \ + file://CVE-2022-2509.patch \ " SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63" From patchwork Thu Aug 18 16:56:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11552 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8E38C32774 for ; Thu, 18 Aug 2022 16:57:02 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web09.44933.1660841819502244616 for ; Thu, 18 Aug 2022 09:56:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=kpA7AwxE; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id y4so2012949plb.2 for ; Thu, 18 Aug 2022 09:56:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=dUsRxEdIYOU1kKaKtwXCY8y9jmY9eYKQPTvLA4xmAKs=; b=kpA7AwxEXz9RtU+EgZf42me5uiXuB/s3KN2RbmesE81GbujamRY9IF74vOBJ/isejv aIMPGVqLQyNycis0H6+tzCDvppu53CsqwAPMS/3H8b3frKys475pDiFuHPIW8eV4PXUZ 2g8EOir42sLamu8daRylcGoEOAByxesxPn/ErF6maPvDxBvXDE/zJ0Hoa4tid3Xsihy6 joUqElMcbXiRN6SZuVmytJcEWf6pQ1lw+ZynpprzMknL+U405mIWzfXpkINVMwuc37R1 c4WSZUojvAVvmG+QKZmBEe/5Uhyi/epGe+z3bHBsB2FaluzltI+nHW6GwJ3fz/fy0nUI c8Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=dUsRxEdIYOU1kKaKtwXCY8y9jmY9eYKQPTvLA4xmAKs=; b=hyzRiuF9m13a2+Oxno/0/xW1tMHRqgot+esk1I8jTrL4HhawpUQc0rMFOhwCLK9qAn tYm+dgyqFVV3HceErACZFx7Xp8qGmqIULFG26ScQPIkvNUGY8+JmEKaLoqNZhNOjsD4H bV2EQWGGMleFYnixXN5vlmwrnER94q7QBy37XiiB6/n+xTplobTWgH4ATtynGOTB+HdW KkjYAdgPHe/OS42IqD1zu8fdZYGCIiMlIRlGT03CmGqXTAx9Ye2z/Xi7a08AcdpCFwuR apbrEteKA2MZNm2w2wGwy8H13bDRy74p6fiWTiEYIuXQdBfPVxcUBh3y67CbBqEtuBCF 5gzQ== X-Gm-Message-State: ACgBeo2Z1+O+f5vNPVpdA+2YPjRDICE1fjgRGpsJQANcnPvelWiAhsMv AePFoPzRsXtkGB4ZNlkdq9bQ3mFAZx3c6bSN X-Google-Smtp-Source: AA6agR7h31VaAmoR0JJBv3gcofjmJXl2Dc9V+J7UbBRMRLoTDq76klyIYtdJMSUg++DtkvRMa/jsBw== X-Received: by 2002:a17:90a:c483:b0:1fa:a442:ed8a with SMTP id j3-20020a17090ac48300b001faa442ed8amr9734925pjt.151.1660841818522; Thu, 18 Aug 2022 09:56:58 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.56.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:56:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/11] zlib: CVE-2022-37434 a heap-based buffer over-read Date: Thu, 18 Aug 2022 06:56:20 -1000 Message-Id: <10ed7cf347d9e73b29e4a3f6ef77e0a4b08e350b.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169525 From: Hitendra Prajapati Source: https://github.com/madler/zlib MR: 120531 Type: Security Fix Disposition: Backport from https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d ChangeID: 364c17d74213c64fe40b9b37ee78aa172ff93acf Description: CVE-2022-37434 zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../zlib/zlib/CVE-2022-37434.patch | 44 +++++++++++++++++++ meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2022-37434.patch diff --git a/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch b/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch new file mode 100644 index 0000000000..d29e6e0f1f --- /dev/null +++ b/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch @@ -0,0 +1,44 @@ +From 8617d83d6939754ae3a04fc2d22daa18eeea2a43 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Wed, 17 Aug 2022 10:15:57 +0530 +Subject: [PATCH] CVE-2022-37434 + +Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] +CVE: CVE-2022-37434 +Signed-off-by: Hitendra Prajapati + +Fix a bug when getting a gzip header extra field with inflate(). + +If the extra field was larger than the space the user provided with +inflateGetHeader(), and if multiple calls of inflate() delivered +the extra header data, then there could be a buffer overflow of the +provided space. This commit assures that provided space is not +exceeded. + + Fix extra field processing bug that dereferences NULL state->head. + +The recent commit to fix a gzip header extra field processing bug +introduced the new bug fixed here. +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index ac333e8..cd01857 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -759,8 +759,9 @@ int flush; + if (copy > have) copy = have; + if (copy) { + if (state->head != Z_NULL && +- state->head->extra != Z_NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != Z_NULL && ++ (len = state->head->extra_len - state->length) < ++ state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); +-- +2.25.1 + diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index bc42cd64e9..e2fbc12bd8 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -10,6 +10,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://ldflags-tests.patch \ file://CVE-2018-25032.patch \ file://run-ptest \ + file://CVE-2022-37434.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" From patchwork Thu Aug 18 16:56:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11554 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C74DDC00140 for ; Thu, 18 Aug 2022 16:57:02 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web12.44439.1660841821350307389 for ; Thu, 18 Aug 2022 09:57:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=zAZq4kdG; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id y141so2071360pfb.7 for ; Thu, 18 Aug 2022 09:57:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=1PbJDv362jbQHt/8ruRmHMLXed7xxv6o7GIxFbe1lDs=; b=zAZq4kdGOck1joO7n0pj9AtMQJuLncynUE8+ih9SL2BBjibL3YPUrRpKG6cChRautq RLu+fEebN5Q0PcVqaeg7LH5OpDRGGfqLBoayCiTvWXPboWuFoCBTlw2Qk+pkftZMJ84I 0AjO48MPZXGrN3ZyTObN1sKKEohwmwb8HwCclJCJllWp46vmSyIh/RDLk9yOsKK9KMcG jZV0++iXmRy8zT6KqZW3yjSezYNRl5NCPAyHhtZMZ5A4AGzSn34SRC3xLFHIAYA0tfbl OANER21SA8PGM7pYad95z+/8EjwqhRwReI5IwVOs/whpEUg//99eRgRQSQ4KQKVEMCer iXcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=1PbJDv362jbQHt/8ruRmHMLXed7xxv6o7GIxFbe1lDs=; b=PId90123rG1zHEUbFPwcsODmA1Dz91mIqsaam4yJRnBoBHsuglSi3tnTDPeWNWbG2M wAHTJK4GZ+3dwKYqEcalxjZX/wA42bpNV7sBPvf/Yl5ImuJea3c8iebui62TtY0dAaGx /7GFr0RUUWc9lJcOuOHRwg5XStTna5ik3vo0NFCWu4F2qfRIcCqLR2aSZL6XVLuVoYGD GKOpypQaOOYmyGGoLtTlpYX9p6rqt8GAej4KKC7+8cMIL6HpKc0YwioBa3Xq3CV7tYkC oTMAH9DBVKMF5aB1GHUpbFbny+BTN5vvhIdZAo/82ymICNOfl++e1XzJVg8xELOpkgAo CcmA== X-Gm-Message-State: ACgBeo2pCtDVgsFJLAnVkS+mtPwAB9cpg4PgNlw2/96l/xuyO8isaJcl Zc1pQH397B23vd3cYz1644I+abnPvCV9hDvP X-Google-Smtp-Source: AA6agR77RUqlqRsfz0F4Um+/AOPWFDCbYVNhMAzh75BoXeAC8x5m4y8BIVRinUoG1OKz+lf5ncFfIA== X-Received: by 2002:a05:6a00:2393:b0:535:58e7:8f90 with SMTP id f19-20020a056a00239300b0053558e78f90mr3768518pfc.84.1660841820293; Thu, 18 Aug 2022 09:57:00 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.56.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:56:59 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/11] vim: Upgrade 9.0.0021 -> 9.0.0063 Date: Thu, 18 Aug 2022 06:56:21 -1000 Message-Id: <0669d93ae531fecdb786a3c2205245febaeb3465.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169526 From: Richard Purdie Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Signed-off-by: Richard Purdie (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Steve Sakoman --- .../vim/files/crosscompile.patch | 51 +++++++++++++++++++ meta/recipes-support/vim/files/racefix.patch | 12 +++-- meta/recipes-support/vim/vim.inc | 10 +++- 3 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 meta/recipes-support/vim/files/crosscompile.patch diff --git a/meta/recipes-support/vim/files/crosscompile.patch b/meta/recipes-support/vim/files/crosscompile.patch new file mode 100644 index 0000000000..583d3fc7b0 --- /dev/null +++ b/meta/recipes-support/vim/files/crosscompile.patch @@ -0,0 +1,51 @@ +configure.ac: Fix create_timer solaris test for cross compiling + +A runtime test was added for create_timer however this meant cross compiling +would no longer work. Allow a cache value to be specified to allow cross +compiling again. + +Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org + +Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777] + +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( + dnl Check for timer_create. It probably requires the 'rt' library. + dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually + dnl works, on Solaris timer_create() exists but fails at runtime. +-AC_MSG_CHECKING([for timer_create]) ++AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create], + save_LIBS="$LIBS" + LIBS="$LIBS -lrt" + AC_RUN_IFELSE([AC_LANG_PROGRAM([ +@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {} + if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) + exit(1); // cannot create a monotonic timer + ])], +- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE), ++ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes, + LIBS="$save_LIBS" + AC_RUN_IFELSE([AC_LANG_PROGRAM([ + #include +@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {} + if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) + exit(1); // cannot create a monotonic timer + ])], +- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE), +- AC_MSG_RESULT(no))) ++ vim_cv_timer_create=yes, ++ vim_cv_timer_create=no), ++ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create') ++ ) ++) ++ ++if test "x$vim_cv_timer_create" = "xyes" ; then ++ AC_DEFINE(HAVE_TIMER_CREATE) ++fi ++ + + AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash], + [ diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch index 1cb8fb442f..34bd37d650 100644 --- a/meta/recipes-support/vim/files/racefix.patch +++ b/meta/recipes-support/vim/files/racefix.patch @@ -1,9 +1,13 @@ +po/Makefile: Avoid race over LINGUAS file + The creation of the LINGUAS file is duplicated for each desktop file -which can lead the commands to race against each other. Rework -the makefile to avoid this as the expense of leaving the file on disk. +which can lead the commands to race against each other. One target might +remove it before another has been able to use it. Rework the makefile to +avoid this as the expense of leaving the file on disk. + +Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org -Upstream-Status: Pending -RP 2021/2/15 +Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776] Index: git/src/po/Makefile =================================================================== diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1893759ae9..ed9219d8c1 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,10 +19,11 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ + file://crosscompile.patch \ " -PV .= ".0021" -SRCREV = "5e59ea54c0c37c2f84770f068d95280069828774" +PV .= ".0063" +SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" @@ -94,6 +95,11 @@ EXTRA_OECONF = " \ STRIP=/bin/true \ " +# Some host distros don't have it, disable consistently +# also disable on dunfell target builds +EXTRA_OECONF_append_class-native = " vim_cv_timer_create=no" +EXTRA_OECONF_append_class-target = " vim_cv_timer_create=no" + do_install() { autotools_do_install From patchwork Thu Aug 18 16:56:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C72A3C3F6B0 for ; Thu, 18 Aug 2022 16:57:12 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web08.44554.1660841823241322504 for ; Thu, 18 Aug 2022 09:57:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=kbjVIxWW; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id 20so1988473plo.10 for ; Thu, 18 Aug 2022 09:57:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=6VumRgab5EuebJcP6vlaOA5MJnmB6IylF9+VGby+U94=; b=kbjVIxWWLfFhFZ10YxVo70wdF2iUYsTd0IB/zKO/DVHaPsD+PmziwXxBG5ETc68El4 2XYN7I0qfr3oTc4EhfQaJn/Ar9UnWn9HG2jLk3Tx0TWwlfQmHJy5rzy7vBZqv59CFQrg SQfEf4AAIkLffFPkiz1H/3ncluQxwG6Uuszf9ac4sUar9GWfqvET0frMfbVZ1xrTFVke bgLBeQczx3VJysIBu3rXj78opA0CdGTTjK8BwlYkuVP2Rm+F7v1kwboKYex8zelSacj5 b9WUVrfgycANo7JKx2gRAKzNcJtbjtbmgLclEMcDyACRSlvl51q0ULP6vbeZDPlunDqm aFFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=6VumRgab5EuebJcP6vlaOA5MJnmB6IylF9+VGby+U94=; b=WwxE70vtlakBKv/nEtRt7vlWU5e/df74ri19WjCLD/So+uqskwsnweo/60QyrzEEEm d1iP/ZX+GPD/thAzwmXkU544yEti8W4ZAN5Mj87Rcs8XJi+bHuvyfxu6H0GkY1UligE1 C0EUY9eI3i4tL9eYppBBRmfsEHw4FA56CPBCTRPQJ3AWj82o7nkudbAU8lULdZVTWrW2 hckJzVdlMovpv13ebdltHGFOkUCC+XXl7Tzkyw2OqFkAyahInVagDlpqsxki2EtEBCPD kX4g1cRFiI3XuCp0tcLlc8P+Sj6jFwQqWyy0L9DoFfRxNq2a+yVK/agTHkS3j+XTvot3 RHhw== X-Gm-Message-State: ACgBeo3a9ZS6nUOOSamaqudQKYWiGNAiQl30uFrX4M2GIsawrIvtTfFQ G+rMxrymKXA8CycTaDvoqYlGD1zULxwGrsfH X-Google-Smtp-Source: AA6agR5WqFFTiJE0hdownAJEsVw7FWUJTC6e5ozePDPDwagiKIyTKUof4JxAAkO04Yp0oo2DGblpew== X-Received: by 2002:a17:903:1205:b0:171:4f8d:22a7 with SMTP id l5-20020a170903120500b001714f8d22a7mr3578583plh.164.1660841822246; Thu, 18 Aug 2022 09:57:02 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:01 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/11] vim: update from 9.0.0063 to 9.0.0115 Date: Thu, 18 Aug 2022 06:56:22 -1000 Message-Id: <9c77d46f789e02fb21469e00c3947c63191a9aa3.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169527 From: Randy MacLeod Drop crosscompile.patch which was merged as part of: 509695c1c (tag: v9.0.0065) patch 9.0.0065: \ cross-compiling doesn't work because of timer_create check Also drop: racefix.patch which may have been fixed upstream and is being tracked by: https://github.com/vim/vim/pull/10776 where upstream is asking if the different approach resolves the race condition. Let's see what's out there! Signed-off-by: Randy MacLeod Signed-off-by: Luca Ceresoli (cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe) Signed-off-by: Steve Sakoman --- .../vim/files/crosscompile.patch | 51 ------------------- meta/recipes-support/vim/files/racefix.patch | 37 -------------- meta/recipes-support/vim/vim.inc | 6 +-- 3 files changed, 2 insertions(+), 92 deletions(-) delete mode 100644 meta/recipes-support/vim/files/crosscompile.patch delete mode 100644 meta/recipes-support/vim/files/racefix.patch diff --git a/meta/recipes-support/vim/files/crosscompile.patch b/meta/recipes-support/vim/files/crosscompile.patch deleted file mode 100644 index 583d3fc7b0..0000000000 --- a/meta/recipes-support/vim/files/crosscompile.patch +++ /dev/null @@ -1,51 +0,0 @@ -configure.ac: Fix create_timer solaris test for cross compiling - -A runtime test was added for create_timer however this meant cross compiling -would no longer work. Allow a cache value to be specified to allow cross -compiling again. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777] - -Index: git/src/configure.ac -=================================================================== ---- git.orig/src/configure.ac -+++ git/src/configure.ac -@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( - dnl Check for timer_create. It probably requires the 'rt' library. - dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually - dnl works, on Solaris timer_create() exists but fails at runtime. --AC_MSG_CHECKING([for timer_create]) -+AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create], - save_LIBS="$LIBS" - LIBS="$LIBS -lrt" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ -@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE), -+ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes, - LIBS="$save_LIBS" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ - #include -@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE), -- AC_MSG_RESULT(no))) -+ vim_cv_timer_create=yes, -+ vim_cv_timer_create=no), -+ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create') -+ ) -+) -+ -+if test "x$vim_cv_timer_create" = "xyes" ; then -+ AC_DEFINE(HAVE_TIMER_CREATE) -+fi -+ - - AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash], - [ diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch deleted file mode 100644 index 34bd37d650..0000000000 --- a/meta/recipes-support/vim/files/racefix.patch +++ /dev/null @@ -1,37 +0,0 @@ -po/Makefile: Avoid race over LINGUAS file - -The creation of the LINGUAS file is duplicated for each desktop file -which can lead the commands to race against each other. One target might -remove it before another has been able to use it. Rework the makefile to -avoid this as the expense of leaving the file on disk. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776] - -Index: git/src/po/Makefile -=================================================================== ---- git.orig/src/po/Makefile -+++ git/src/po/Makefile -@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM - # Delete the temporary files - rm *.js - --vim.desktop: vim.desktop.in $(POFILES) -+LINGUAS: - echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+ -+vim.desktop: vim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template vim.desktop.in -o tmp_vim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_vim.desktop; fi - mv tmp_vim.desktop vim.desktop - --gvim.desktop: gvim.desktop.in $(POFILES) -- echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+gvim.desktop: gvim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template gvim.desktop.in -o tmp_gvim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_gvim.desktop; fi - mv tmp_gvim.desktop gvim.desktop - diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index ed9219d8c1..30883384f6 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -18,12 +18,10 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ - file://racefix.patch \ - file://crosscompile.patch \ " -PV .= ".0063" -SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3" +PV .= ".0115" +SRCREV = "6747cf1671bd41cddee77c65b3f9a70509f968db" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Thu Aug 18 16:56:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1742C32789 for ; Thu, 18 Aug 2022 16:57:12 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.44419.1660841825151954167 for ; Thu, 18 Aug 2022 09:57:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=B7VYr2z/; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id a22so2085984pfg.3 for ; Thu, 18 Aug 2022 09:57:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=oF+TIuh0SWkzg5fi+UP8IrDpPfFkzmpbIe7gGYO3+jM=; b=B7VYr2z/LKy0NsKU2u5emGHBnLQOZoRTjo+QUtBXIqL/6z/jM9Uer+HO2jTewuedcQ v6vtdTGRLM+m5Zur9rNg1HVH7qgRj99JNHYUEWG4MK7IKiO9nJXY4ZMceNzboJxNg0tX rctsz9GCoB0GrYpoKlovMp3SLBwbiVG+ty1OYSFk6olekEVhv7TyVQHYWySGfilQYXMA Zs12beVLb/Gf+tMQHD3SlyJSZsiRtpxOIj9DWHpnRT/vbSRXx15DtcvU5WDQsMLzoIgy yMibe5d1oCnlVPOT2j2D0dLtyidP0/PPIRoQQF+O51TctGAHl72Zr3iTK5M6NmyMAI5C iKJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=oF+TIuh0SWkzg5fi+UP8IrDpPfFkzmpbIe7gGYO3+jM=; b=Oa2GkSKER8d9aPOCWgEbn7mpkra43FBlBjqGrydhiYY/6+PX+2fF1//qqDGQdfG11C LuWKZjX42lGyQc5EctYeNRMq4kX7UFe8lpLFgTHufQIWayN7QVx0AThz3J/vMA4uB9BE dDpYvlqL5tYAKmftb9fivjnWU0HgWZ7fiHuZhdDNfYiBxrL4Iy0vJkfcgkQdCuFi0+Z9 7hQWJT8cqOaHS73PJLd2gNUSrimHJpXtyO2gFvRCyd5S7ADYthKSknFmcF5yDq8+dZNh 7/DtYgh2j2k7uVuuHo+ZVqGDYHqSO4VHgcpxIYtFO/AnNHxs+PveNRU4E8+ZVov6g4n4 OiWQ== X-Gm-Message-State: ACgBeo1Um8e5C6ZapGsx0xvRaj0VWB6ROT2xo53JCBF4MDE0gVDif5bS zM92jIKPXlb1rOpwzSSe69gBZ6vX5IUnczxU X-Google-Smtp-Source: AA6agR5UJtky1tMeZhEw+P76ebi71N7zjlDvk/ZgG2994b1If4PVynMS/zwuLxwZl+CttCfEFGw3FA== X-Received: by 2002:a65:6385:0:b0:429:f03c:d5e with SMTP id h5-20020a656385000000b00429f03c0d5emr3052971pgv.322.1660841824191; Thu, 18 Aug 2022 09:57:04 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/11] linux-firmware: update 20220610 -> 20220708 Date: Thu, 18 Aug 2022 06:56:23 -1000 Message-Id: <46b05ce03ee436ee49d106aad6a8be7acd1da96c.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169528 From: Alexander Kanavin License-Update: a few obsolete firmware were dropped (particularly i2400m and tda7706), file list updates. Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit e89fb37e13fcb832ee7d35e7d92d45eaca20689e) Signed-off-by: Steve Sakoman --- ...mware_20220610.bb => linux-firmware_20220708.bb} | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220610.bb => linux-firmware_20220708.bb} (98%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb similarity index 98% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb index 0fd9305e3c..e7a7e0828f 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb @@ -27,7 +27,6 @@ LICENSE = "\ & Firmware-go7007 \ & Firmware-GPLv2 \ & Firmware-hfi1_firmware \ - & Firmware-i2400m \ & Firmware-i915 \ & Firmware-ibt_firmware \ & Firmware-ice \ @@ -57,7 +56,6 @@ LICENSE = "\ & Firmware-rtlwifi_firmware \ & Firmware-imx-sdma_firmware \ & Firmware-siano \ - & Firmware-tda7706-firmware \ & Firmware-ti-connectivity \ & Firmware-ti-keystone \ & Firmware-ueagle-atm4-firmware \ @@ -69,7 +67,6 @@ LICENSE = "\ & WHENCE \ " -WHENCE_CHKSUM = "385947b278a6646ae4c3d39ba8c9b1bb" LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ @@ -92,7 +89,6 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \ file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \ - file://LICENCE.i2400m;md5=14b901969e23c41881327c0d9e4b7d36 \ file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ @@ -124,7 +120,6 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \ file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \ file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \ - file://LICENCE.tda7706-firmware.txt;md5=835997cf5e3c131d0dddd695c7d9103e \ file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \ file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \ file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \ @@ -133,7 +128,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=${WHENCE_CHKSUM} \ + file://WHENCE;md5=def08711eb23ba967fb7e1f8cff66178 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -160,7 +155,6 @@ NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28" NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007" NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2" NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" -NO_GENERIC_LICENSE[Firmware-i2400m] = "LICENCE.i2400m" NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" @@ -191,7 +185,6 @@ NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt" NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt" NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano" NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware" -NO_GENERIC_LICENSE[Firmware-tda7706-firmware] = "LICENCE.tda7706-firmware.txt" NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity" NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone" NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware" @@ -213,7 +206,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "faf3aedf89530e61f4fa1e8c7303dead9127cc24416945647797d079feb12837" +SRC_URI[sha256sum] = "0abec827a035c82bdcabdf82aa37ded247bc682ef05861bd409ea6f477bab81d" inherit allarch @@ -1020,7 +1013,6 @@ LICENSE_${PN} = "\ & Firmware-fw_sst_0f28 \ & Firmware-go7007 \ & Firmware-hfi1_firmware \ - & Firmware-i2400m \ & Firmware-ibt_firmware \ & Firmware-it913x \ & Firmware-IntcSST2 \ @@ -1041,7 +1033,6 @@ LICENSE_${PN} = "\ & Firmware-ralink-firmware \ & Firmware-imx-sdma_firmware \ & Firmware-siano \ - & Firmware-tda7706-firmware \ & Firmware-ti-connectivity \ & Firmware-ti-keystone \ & Firmware-ueagle-atm4-firmware \ From patchwork Thu Aug 18 16:56:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11556 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD50EC32772 for ; Thu, 18 Aug 2022 16:57:12 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web09.44940.1660841827187637374 for ; Thu, 18 Aug 2022 09:57:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=SnOwAzfd; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id 130so2077144pfy.6 for ; Thu, 18 Aug 2022 09:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=i9/j9T78zutpgzv41n9qunozGe1LyUGdY9k2KfbBP34=; b=SnOwAzfdzLxsGbzO3/oo58q/NTwWuAJ7BJ8zx+K0WA3gonFUFA9Gn2K2O9QK3EOVQ7 q5sL4xMJcGfdck+gMX/OKTkw/VPDDjC5eJ4w1d5nALiBKJ4Ed/hCJLEeuzh3F+VG6R6x fbVL3XmrafVk+u9L2cuee5QARJr/87775Rly3SnkxTs4rW9RFLCjJfF1t3tTPyAoHYyW KOpXEuNis/yQG/KT+eHUcUvVB8jmQVTtNzZb2FqDtG+3UD1hAhboiwUQOhHJ1ohVgY3M NHmnfZvB69kLEZqV/9VK0mxabfeI30IgMte2S8E+wdJfk2jS9+LCMOj+0yUoCEwN2ReR 4NEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=i9/j9T78zutpgzv41n9qunozGe1LyUGdY9k2KfbBP34=; b=zjsgzNz9x+qbxStmTE58vaKxpl+zaWEOW/CP1uAap8X6eRUa4qYP+pRW/D9YtRglnm LoYjhDEHaFn8O52JAAV+kTIk+XS+wU4hIDATSeF4qMaxRJLIEfGKkTXVp6irK0JO92kq T1eYfPybQ5jNebSestMdTpNe6o9UBYWLyx+2yIBDq3EEaoqQKREUOuVPsTr1s4Ht0MNO lu/bZIIomst9i3WgPpRf7tvU+QJe0V2bwFisxjByvXVy0IPTsQWN7eF7FW/EznxixfCv ObWF1XOYp782kTHUbh3tJab+DtgQ+E/ernPjIVnDsbyCmF74A/STpgq3voB707jB7W3J J37g== X-Gm-Message-State: ACgBeo2mdWfczWQoPFzGl3LDTkvfHpmF3s4N3YR8lB0c7t2a05hf4qV1 x5l3xx+ZzZfWXBGaraZKEaEBzRTl9cBCaGUU X-Google-Smtp-Source: AA6agR4MJPhviVdSHgMv/LzcXyk60+7D0OHfSxroHfFOoQZ9xA87WUiQr/qfCryk/zepTVvwLi+Y6A== X-Received: by 2002:a63:86c6:0:b0:429:e4f2:3e7f with SMTP id x189-20020a6386c6000000b00429e4f23e7fmr3008159pgd.164.1660841826241; Thu, 18 Aug 2022 09:57:06 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:05 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/11] linux-firwmare: restore WHENCE_CHKSUM variable Date: Thu, 18 Aug 2022 06:56:24 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169529 From: Dmitry Baryshkov Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file checksum. It is necessary to allow easily overriding it from local.conf if the devupstream version is selected: PREFERRED_VERSION_linux-firmware = "1:20220708+git%" SRCREV:class-devupstream = "${AUTOREV}" WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059" Without the WHENCE_CHECKSUM one would need to manually patch the LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using the anonymous python function or remove expression). Signed-off-by: Dmitry Baryshkov Signed-off-by: Richard Purdie (cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409) Signed-off-by: Steve Sakoman --- .../recipes-kernel/linux-firmware/linux-firmware_20220708.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb index e7a7e0828f..27146154be 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb @@ -128,8 +128,11 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=def08711eb23ba967fb7e1f8cff66178 \ + file://WHENCE;md5=${WHENCE_CHKSUM} \ " +# WHENCE checksum is defined separately to ease overriding it if +# class-devupstream is selected. +WHENCE_CHKSUM = "def08711eb23ba967fb7e1f8cff66178" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source From patchwork Thu Aug 18 16:56:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11555 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2B67C00140 for ; Thu, 18 Aug 2022 16:57:12 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web08.44558.1660841829248798586 for ; Thu, 18 Aug 2022 09:57:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=KLamFZJc; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id w14so1989902plp.9 for ; Thu, 18 Aug 2022 09:57:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=LDzEmCp2bnGPvzCZFahGPBW52QUZ4J5nW+UEzQQvB7E=; b=KLamFZJcCWsif7RfL1dKoubcJlD6Iiwfnm6/IuZOGyZRdLhfyHl1Pl6dyhS+roipZ7 MOPVRmMu0paWsUaQw8WkjqftbJEZfpKoR+ry9mHJdWryP1aKbc3yeMCFPxhhTakvYYpk s9QpiAF814bX79bN/egwmPUtsJGGBi59Wej6nh+Xn/6lwgLF1wM3D3zbmyjvpgMaZ6Vy gVvWwM6MzF2qT+A6j8fSfkPow974yZBRiKzA1VyIOYmNkTNfS+IuOtZdRlJOE5dyXA00 442zH04zFSgxm5oGMUiD1X+5BqSJ80clQffm2PbkQ1TiLkU2uuZ8c+1iR5CYCtMi0TIy trrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=LDzEmCp2bnGPvzCZFahGPBW52QUZ4J5nW+UEzQQvB7E=; b=s0R99NyItUsavZGtChGAkrGPXKd24H7QY4NkRZfFkqoZ2GSrkcqaouVZ9ydMIMpobV dxyYD9AmoekoQeG3R3WD/0j7cNrQ+p65hWYijnmZr7d4QvZWpPlcDDcs9T6gjhcydvyF OIKYI3XRru5bUyvqihPfnWQW3ANfoCCI//9y0bPJSsVnXhCGJmSn0AQn1e3eyV9Vxatw g2ygU+j6neT/XDR15dizmJJXpiB6xEFvtEwxun9eVLWqz84kI68yhp/vFvQ5PQ7GkrBU aDxoXCfWHITlHIv7oKjhjIPcTi2qZzQuTvxNRP+72+205+JVGqhldMRu5V6f8yIGFuZt bfKg== X-Gm-Message-State: ACgBeo1hKPVrAoDWGk62iCitoYsyO2Zx9OZCuCI1tgQHbGR+/QjR07wE Wg3ShnCjkrGsFRojSdBiHbI0gDZgVkCDNlEP X-Google-Smtp-Source: AA6agR40cwmVhDJuQv889UvK69zQK+2FCKCT/W2nae5bIdOSNS4FIV78FVZqkB5P+xFsHKMJEwWScg== X-Received: by 2002:a17:90b:3a86:b0:1f7:2103:a8c5 with SMTP id om6-20020a17090b3a8600b001f72103a8c5mr3982370pjb.64.1660841828348; Thu, 18 Aug 2022 09:57:08 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:07 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/11] kernel-arch: Fix buildpaths leaking into external module compiles Date: Thu, 18 Aug 2022 06:56:25 -1000 Message-Id: <386bd116c0d2bce9ff88ba1e09104d097e0f678c.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169530 From: Richard Purdie Building external kernel modules like lttng-modules was showing build paths inside the debug symbols for the modules and breaking build reproducibility. Fix this by adding in the mapping needed to map the kernel build directory to something more approriate on target. Signed-off-by: Richard Purdie (cherry picked from commit b56dc9009ba93174de6bf4c01e17808ef249dc5c) Signed-off-by: Steve Sakoman --- meta/classes/kernel-arch.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/kernel-arch.bbclass b/meta/classes/kernel-arch.bbclass index 07ec242e63..348a3adf22 100644 --- a/meta/classes/kernel-arch.bbclass +++ b/meta/classes/kernel-arch.bbclass @@ -61,7 +61,7 @@ HOST_LD_KERNEL_ARCH ?= "${TARGET_LD_KERNEL_ARCH}" TARGET_AR_KERNEL_ARCH ?= "" HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}" -KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}" +KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" TOOLCHAIN = "gcc" From patchwork Thu Aug 18 16:56:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11558 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1E00C32773 for ; Thu, 18 Aug 2022 16:57:12 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.44421.1660841831350888481 for ; Thu, 18 Aug 2022 09:57:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=d17Lg+M8; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id l64so1762239pge.0 for ; Thu, 18 Aug 2022 09:57:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=0LmcU2P/p392Mz9bz8Wii1UirvsbQ1JuzBZouUnilEE=; b=d17Lg+M8V3s46q50P/fyNHuz/mtv1oiq5uaoZFk9kZjICOrmX//0qb6B28zlk3GgzL eDEffFdNDS9mD9kPFHqca9YbWSqRxy3Rj3q4LBUYCNitA2cq4k5+Cc9o31FHUZjlRlNt acpoSnwaU4VOG4qJEz2gmmYmsjq+MU8AA58BG85ojMNA37OvMBBJyhzRu2bFXSxRNb8t rXKA2CgOjxvwSkzr8rYKn0NLuAOT5mD1Tc+bQdhv059v512SYfBBwsph2AdmHLCLFkXZ 0FmVpw9AEtz1k4uBd9btHCUUSLDHtYk9cV2EPpUguJky/QfZ5enihaUl08TbKz5r8FRw kwXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=0LmcU2P/p392Mz9bz8Wii1UirvsbQ1JuzBZouUnilEE=; b=GaAPp2a/q5HVRmFQEAK/cMOx3bgUflgdPVmXzcKxaHw52CXyjDmbOr2wFOaThZq4yZ tiYBc0lbGaokOz7ecJefdyTNvIsRUd/kUyHE9QORvaF52E08lWls7P7O9skohtvOJ/JX 42qKycW+v5FQlDDOfN5FjCZ/PN+P0B0RI5e6AnysoDrwL/wOc3YqpxcyxZMNMfj1Q8Sc 0choLJBsgZdNC6vaDIoqitQPsZZY/0oB8b3jPUv52ae4QSYfw5bin7vCssLCY2QWW49k Yq5UvKtLkBcNNsPFqOg9UwY8YtFHFYNHjAJW9GIItZj0hQ0RYhFa/cslC8kaifKHb1Kz K7Tw== X-Gm-Message-State: ACgBeo3yuGqpzDjYAokYNl/qndLhDpmthRE+9z14iIqv06hGR5MBZkDy jrQtkjJzKt0AyXG7n/Dxfxs0PKhirNQd32Iv X-Google-Smtp-Source: AA6agR6IL7/a8ligc45TbBcZMGtdckUuWUe74Ug1jShUBWlYW1zOfWVSzM1/zUALIbe45KowJMxBVA== X-Received: by 2002:a05:6a00:188e:b0:52e:2606:a805 with SMTP id x14-20020a056a00188e00b0052e2606a805mr3716516pfh.49.1660841830389; Thu, 18 Aug 2022 09:57:10 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:09 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/11] bin_package: install into base_prefix Date: Thu, 18 Aug 2022 06:56:26 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169531 From: Pascal Bach This makes the bin_package.bbclass work properly with the native class. Signed-off-by: Pascal Bach Signed-off-by: Richard Purdie (cherry picked from commit ad330b6d4b6e2ba051b5c6c437e07a183831f757) Signed-off-by: Steve Sakoman --- meta/classes/bin_package.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/classes/bin_package.bbclass b/meta/classes/bin_package.bbclass index cbc9b1fa13..c1954243ee 100644 --- a/meta/classes/bin_package.bbclass +++ b/meta/classes/bin_package.bbclass @@ -30,8 +30,9 @@ bin_package_do_install () { bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S. fi cd ${S} + install -d ${D}${base_prefix} tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \ - | tar --no-same-owner -xpf - -C ${D} + | tar --no-same-owner -xpf - -C ${D}${base_prefix} } FILES_${PN} = "/" From patchwork Thu Aug 18 16:56:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11560 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7D1DC32773 for ; Thu, 18 Aug 2022 16:57:22 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web09.44946.1660841833319294611 for ; Thu, 18 Aug 2022 09:57:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=clW9K+G4; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id r15-20020a17090a1bcf00b001fabf42a11cso2415817pjr.3 for ; Thu, 18 Aug 2022 09:57:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=qKiqOcnMcTeLZSrqW0GW6d8LlTcEljJMnCEVRtIwYV8=; b=clW9K+G4hXNugtjUEKKOW16btKVbXxqb/jMN65rch4fHZxlECyrS0XhJhpt4VshBfm vi39NmRGT0DhUBIsTCEihl7Fc46FPof51pLfEoryvac7poa5EHhYhq4lvtXmZ/9VrhKH 1ZFv1DNgOy2uYbLvgyPxioRxTVT4OfkYOu/O+agslXlL0e5RlXA5DD+VMUEdlGr2zsEQ OIiKThPAa7iVLxSn2rqmsF3R+Co1nOZat7fZ9w1EqHpz1W1FnNPq+QbxyzuHbSyBZMvB T1UeKhDfYNRLEEKmbmhKHuiyMrig04AGw+MTiw1MKUibSVob9CWnGMq1mDNbsWxzIrNo MWmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=qKiqOcnMcTeLZSrqW0GW6d8LlTcEljJMnCEVRtIwYV8=; b=YiFJRo8tzsygwyKD4QT06ErqXt7cGPVTF5zDoIvA7J0dXLDVhFmNA1Ss8AsNiTYccS TjUSsvIF3EtvRna9kaFkEdjuWJem7vgfEWkZpXcGDgbGP7MiHLOTPrCBx8uC/p8+4uk3 03ZtextnXaQq3lHhq3tg/B8oVpNYbd0rOkT7nTAX99lRtpnB/5aHw29e5vdQFPxeiIbQ 6KvyuhlcvM+fW8NIwuK41h7g2ePlWIx75my8CTrcnWsANV8L7I1AV+kdiwabD0DQNmKK lpyW546p6STybEp7BFySEkRXeHZe5ZOx0HCfdgAJuGwJMrISnw+jHJT3nd49XO2pqnhe PDow== X-Gm-Message-State: ACgBeo3+XpRVa/0/1WfoPqBkz0St8NzwID+PRpf8lC2gkVtiWL8MZKkP Z7bvtCWJ8fo9dYtMW3eOzB1S113H0CEKeMHv X-Google-Smtp-Source: AA6agR7gCUphzUFCuhFUvLPod5TBUNNdS1Cz6cC+R7BAorWPXEjyy0QMw8zH3qd2TqNRQP10oCzf5A== X-Received: by 2002:a17:903:24e:b0:172:6c9d:14e0 with SMTP id j14-20020a170903024e00b001726c9d14e0mr3590763plh.84.1660841832230; Thu, 18 Aug 2022 09:57:12 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/11] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Date: Thu, 18 Aug 2022 06:56:27 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169532 From: Ming Liu This is to ensure host-user-contaminated.txt would be removed before do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a host-user-contaminated.txt file that generated from previous builds could be used which is wrong. Signed-off-by: Ming Liu Signed-off-by: Alexandre Belloni (cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111) Signed-off-by: Steve Sakoman --- meta/classes/rootfs-postcommands.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 0fef52af40..d9e2aeab64 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -305,7 +305,7 @@ rootfs_trim_schemas () { } rootfs_check_host_user_contaminated () { - contaminated="${WORKDIR}/host-user-contaminated.txt" + contaminated="${S}/host-user-contaminated.txt" HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)" HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)" From patchwork Thu Aug 18 16:56:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 11561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C163DC00140 for ; Thu, 18 Aug 2022 16:57:22 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web12.44445.1660841835053447613 for ; Thu, 18 Aug 2022 09:57:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=f5vN3rM9; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id x19so2003290plc.5 for ; Thu, 18 Aug 2022 09:57:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=HD4qi2Ri58BxZuJ+VT+kA1DfmjjzIytELRU0MzgO2lc=; b=f5vN3rM9lL4Sm0Cg10fFhxLKPXXO1F0WR82HYp/O0ulLQJOnLYZeOwGGMag9jJI8Zz FxhEvM00vR8To7JYe5kwX3fQ2r8RVzcPVNvKnQWuUkAPI7d7WnEeOZhaokC11kDp0m8k BbmbdhvSgyb7bE3V/ZKkIas+d4uG/AbOvj5UrqoOjAaZYWSXvPXUWujRdJ4KQR5UaofF LkOomDeIc7OYTpxzJ5uTsSIdFjbdS6kx4pGQfd1+OoOFaL6mbRUj6qJMjwjfg15KOajz fm5G6ob7LWR3+CU/GiHThPb7Ww/iHEZit3IpVr1tmt3ccwSGZ4iip9/h/EG8Fhrr/gEn VyQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=HD4qi2Ri58BxZuJ+VT+kA1DfmjjzIytELRU0MzgO2lc=; b=MNKjQfN1GZPZQ++I3PU0wMcQGRtOyK5F7bJd/2P+Oh1KJ4JSyIPNS8p5KdIa3Bfnqs M2EH2G4qWXaTBZ3sNcqZffb4VUW3AWXKkMwHFlTJ1uWUFsOCAzNujYIdq6XvW8azTmeP 7Q8UWVCOB3aNsQjL4WjmrtGpW5AKLOTS+rm7JM8vY3E25rnAtSbGcPJIetw4t+vL2sot Gh6/vGhm1315v08SKyMLgj6fbNGnypRiEpfMyk4x5qwP/AcTFEhAHN/UmFBfIQ4GwwP2 K/32IxKVGdqrVa3Nk9BrRh7Cj39D3tWKOqRldhBLDtv30k1h4WgD5mO//yeFOaVkODSy p4LA== X-Gm-Message-State: ACgBeo0BIchuRMAxd5qYkeugy5Y3GCx5XbniMjTEdSvfzxGFoXoF7kuk b1LMeaBgG/2Kmks99/WIO3/XYSayuJBLyeAp X-Google-Smtp-Source: AA6agR5NZ5VTJ8Gf/ModdccoHRA0V+PWvtjtRnSgYLlGyRbgLC2c3tYSR3mD8uA5940JSZUIAfUEGA== X-Received: by 2002:a17:902:c411:b0:170:91ff:884b with SMTP id k17-20020a170902c41100b0017091ff884bmr3377180plk.58.1660841834122; Thu, 18 Aug 2022 09:57:14 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id h135-20020a62838d000000b0052d432b4cc0sm1897446pfe.33.2022.08.18.09.57.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 09:57:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/11] initscripts: run umountnfs as a KILL script Date: Thu, 18 Aug 2022 06:56:28 -1000 Message-Id: <60e3c877fa507f21885c5ef13f493ccb26e5d63b.1660841536.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 18 Aug 2022 16:57:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169533 From: Shruthi Ravichandran `rc` runs all the KILL scripts in a runlevel before the START scripts. The umountnfs script is currently configured as a START script, and runs after the networking KILL script. During shutdown, this causes a ~3 minute timeout after networking is shutdown when the system tries to connect to and unmount any mounted network shares. Fix this by changing the script configuration to "stop" so that it can run before networking is stopped and unmount any network shares safely. Signed-off-by: Shruthi Ravichandran Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c419bd4537756e9f6c2fe6da3a9b798526e27eca) Signed-off-by: Steve Sakoman --- meta/recipes-core/initscripts/initscripts_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb index f98e42eb2e..cb5417cc39 100644 --- a/meta/recipes-core/initscripts/initscripts_1.0.bb +++ b/meta/recipes-core/initscripts/initscripts_1.0.bb @@ -129,7 +129,7 @@ do_install () { update-rc.d -r ${D} rmnologin.sh start 99 2 3 4 5 . update-rc.d -r ${D} sendsigs start 20 0 6 . update-rc.d -r ${D} urandom start 38 S 0 6 . - update-rc.d -r ${D} umountnfs.sh start 31 0 1 6 . + update-rc.d -r ${D} umountnfs.sh stop 31 0 1 6 . update-rc.d -r ${D} umountfs start 40 0 6 . update-rc.d -r ${D} reboot start 90 6 . update-rc.d -r ${D} halt start 90 0 .