diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 13:43:17 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 19:22:24 +0300 |
| commit | 91c4060797737f563a7b975d726f2efcb088e45f (patch) | |
| tree | 0b2a543533ec0cf03a47e67056a95b0073b51524 | |
| parent | 821a859c1d68e8cfeea8c50e86f15daa87e71d59 (diff) | |
| download | openbmc-kirkstone.tar.xz | |
kirkstone: subtree updateskirkstone
meta-raspberrypi: 2a06e4e84b..43683cb14b:
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
meta-openembedded: df452d9d98..f95484417e:
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Bhargav Das (2):
tslib: Add native & nativestdk package support
pointercal: Add native & nativestdk package support
Changqing Li (1):
redis: fix do_patch fuzz warning
Chee Yang Lee (3):
tinyproxy: fix CVE-2022-40468
capnproto: upgrade to 0.9.2
freerdp: fix CVE-2022-39316/39318/39319
Gianluigi Spagnuolo (1):
libbpf: add native and nativesdk BBCLASSEXTEND
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Jonas Gorski (3):
frr: Security fix CVE-2022-36440 / CVE-2022-40302
frr: Security fix CVE-2022-40318
frr: Security fix CVE-2022-43681
Khem Raj (1):
nodejs: Fix build with gcc13
Martin Jansa (1):
abseil-cpp: backport a fix for build with gcc-13
Narpat Mali (3):
python3-werkzeug: fix for CVE-2023-25577
python3-django: upgrade 4.0.2 -> 4.2.1
python3-m2crypto: fix for CVE-2020-25657
Natasha Bailey (1):
libyang: backport a fix for CVE-2023-26916
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Xiangyu Chen (3):
pahole: fix native package build error
Revert "pahole: fix native package build error"
libbpf: installing uapi headers for native package
poky: 4cc0e9438b..43b94d2b84:
Alexander Kanavin (1):
dhcpcd: use git instead of tarballs
Archana Polampalli (4):
nasm: fix CVE-2022-44370
git: fix CVE-2023-29007
git: fix CVE-2023-25652
git: ignore CVE-2023-25815
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Bhabu Bindu (4):
curl: Fix CVE-2023-28319
curl: Fix CVE-2023-28320
curl: Fix CVE-2023-28321
curl: Fix CVE-2023-28322
Bruce Ashfield (9):
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
kernel: improve initramfs bundle processing time
linux-yocto/5.10: update to v5.10.176
linux-yocto/5.10: update to v5.10.177
linux-yocto/5.10: update to v5.10.178
linux-yocto/5.10: update to v5.10.179
linux-yocto/5.10: update to v5.10.180
C. Andy Martin (1):
systemd-networkd: backport fix for rm unmanaged wifi
Christoph Lauer (1):
populate_sdk_base: add zip options
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Deepthi Hemraj (5):
glibc: stable 2.35 branch updates.
binutils : Fix CVE-2023-25584
binutils : Fix CVE-2023-25585
binutils : Fix CVE-2023-1972
binutils : Fix CVE-2023-25588
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Eero Aaltonen (1):
avahi: fix D-Bus introspection
Enrico Jörns (1):
package_manager/ipk: fix config path generation in _create_custom_config()
Hitendra Prajapati (2):
connman: fix CVE-2023-28488 DoS in client.c
sysstat: Fix CVE-2023-33204
Jan Luebbe (1):
p11-kit: add native to BBCLASSEXTEND
Joe Slater (1):
ghostscript: fix CVE-2023-29979
Kai Kang (1):
webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
Khem Raj (2):
gcc-runtime: Use static dummy libstdc++
quilt: Fix merge.test race condition
Lee Chee Yang (1):
migration-guides: add release notes for 4.0.10
Marek Vasut (1):
cpio: Fix wrong CRC with ASCII CRC for large files
Martin Jansa (3):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
llvm: backport a fix for build with gcc-13
kernel-devicetree: make shell scripts posix compliant
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (2):
conf.py: add macro for Mitre CVE links
migration-guides: use new cve_mitre macro
Ming Liu (1):
weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland
Mingli Yu (1):
ruby: Fix CVE-2023-28755
Narpat Mali (3):
ffmpeg: fix for CVE-2022-48434
python3-cryptography: fix for CVE-2023-23931
python3-requests: fix for CVE-2023-32681
Omkar Patil (1):
curl: Correction for CVE-2023-27536
Pablo Saavedra (1):
gstreamer1.0: upgrade 1.20.5 -> 1.20.6
Pascal Bach (1):
cmake: add CMAKE_SYSROOT to generated toolchain file
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Kjellerstedt (1):
license.bbclass: Include LICENSE in the output when it fails to parse
Peter Marko (2):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
openssl: Upgrade 3.0.8 -> 3.0.9
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Quentin Schulz (1):
Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"
Randolph Sapp (4):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
kernel-devicetree: allow specification of dtb directory
package: enable recursion on file globs
kernel-devicetree: recursively search for dtbs
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Richard Purdie (3):
maintainers.inc: Fix email address typo
maintainers.inc: Move repo to unassigned
selftest/reproducible: Allow native/cross reuse in test
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Ross Burton (1):
xserver-xorg: backport fix for CVE-2023-1393
Sakib Sajal (1):
go: fix CVE-2023-24540
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Soumya (1):
perl: fix CVE-2023-31484
Steve Sakoman (3):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
poky.conf: bump version for 4.0.10
build-appliance-image: Update to kirkstone head revision
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
Tom Hochstein (2):
piglit: Add PACKAGECONFIG for glx and opencl
piglit: Add missing glslang dependencies
Upgrade Helper (1):
waffle: upgrade 1.7.0 -> 1.7.2
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Vivek Kumbhar (3):
freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
go: fix CVE-2023-24534 denial of service from excessive memory allocation
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
Wang Mingyu (2):
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
Yoann Congal (1):
linux-yocto: Exclude 121 CVEs already fixed upstream
Yogita Urade (2):
xorg-lib-common: Add variable to set tarball type
libxpm: upgrade 3.5.13 -> 3.5.15
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
leimaohui (1):
nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.
meta-security: cc20e2af2a..d398cc6ea6:
Armin Kuster (1):
apparmor: fix ownership issues
Josh Harley (1):
Add EROFS support to dm-verity-img class
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
Peter Marko (1):
tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I683201033cfd1b1135738f49b0faf6df2e6348b6
165 files changed, 7763 insertions, 866 deletions
diff --git a/meta-openembedded/meta-networking/licenses/netperf b/meta-openembedded/meta-networking/licenses/netperf deleted file mode 100644 index 3f3ceb2fc2..0000000000 --- a/meta-openembedded/meta-networking/licenses/netperf +++ /dev/null @@ -1,43 +0,0 @@ - - - Copyright (C) 1993 Hewlett-Packard Company - ALL RIGHTS RESERVED. - - The enclosed software and documentation includes copyrighted works - of Hewlett-Packard Co. For as long as you comply with the following - limitations, you are hereby authorized to (i) use, reproduce, and - modify the software and documentation, and to (ii) distribute the - software and documentation, including modifications, for - non-commercial purposes only. - - 1. The enclosed software and documentation is made available at no - charge in order to advance the general development of - high-performance networking products. - - 2. You may not delete any copyright notices contained in the - software or documentation. All hard copies, and copies in - source code or object code form, of the software or - documentation (including modifications) must contain at least - one of the copyright notices. - - 3. The enclosed software and documentation has not been subjected - to testing and quality control and is not a Hewlett-Packard Co. - product. At a future time, Hewlett-Packard Co. may or may not - offer a version of the software and documentation as a product. - - 4. THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS". - HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE, - REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR - DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL - PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR - DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES, - EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE - DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - 5. HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY - DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES - (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION, - MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION. - - diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch new file mode 100644 index 0000000000..c06de49eb3 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch @@ -0,0 +1,71 @@ +From 02a0e45f66160f571196a105b217e1bb84d1a835 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Fri, 30 Sep 2022 08:51:45 -0400 +Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in + peek_for_as4_capability + +In peek_for_as4_capability the code is checking that the +stream has at least 2 bytes to read ( the opt_type and the +opt_length ). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +is configured then FRR is reading 3 bytes. Which is not good +since the packet could be badly formated. Ensure that +FRR has the appropriate data length to read the data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 3e46b43e3788f0f87bae56a86b54d412b4710286) + +CVE: CVE-2022-36440 +CVE: CVE-2022-40302 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/02a0e45f66160f571196a105b217e1bb84d1a835] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_open.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c +index c2562c75d3fc..fe4c24a8c979 100644 +--- a/bgpd/bgp_open.c ++++ b/bgpd/bgp_open.c +@@ -1116,15 +1116,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length) + uint8_t opt_type; + uint16_t opt_length; + +- /* Check the length. */ +- if (stream_get_getp(s) + 2 > end) ++ /* Ensure we can read the option type */ ++ if (stream_get_getp(s) + 1 > end) + goto end; + +- /* Fetch option type and length. */ ++ /* Fetch the option type */ + opt_type = stream_getc(s); +- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +- ? stream_getw(s) +- : stream_getc(s); ++ ++ /* ++ * Check the length and fetch the opt_length ++ * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) ++ * then we do a getw which is 2 bytes. So we need to ++ * ensure that we can read that as well ++ */ ++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) { ++ if (stream_get_getp(s) + 2 > end) ++ goto end; ++ ++ opt_length = stream_getw(s); ++ } else { ++ if (stream_get_getp(s) + 1 > end) ++ goto end; ++ ++ opt_length = stream_getc(s); ++ } + + /* Option length check. */ + if (stream_get_getp(s) + opt_length > end) +-- +2.40.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch new file mode 100644 index 0000000000..9d6dcfb920 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch @@ -0,0 +1,81 @@ +From 72088b05d469a6b6a8b9a2b250885246ea0c2acb Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Fri, 30 Sep 2022 08:57:43 -0400 +Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in + bgp_open_option_parse + +In bgp_open_option_parse the code is checking that the +stream has at least 2 bytes to read ( the opt_type and +the opt_length). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +is configured then FRR is reading 3 bytes. Which is not good +since the packet could be badly formateed. Ensure that +FRR has the appropriate data length to read the data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 1117baca3c592877a4d8a13ed6a1d9bd83977487) + +CVE: CVE-2022-40318 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/72088b05d469a6b6a8b9a2b250885246ea0c2acb] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++------- + 1 file changed, 28 insertions(+), 7 deletions(-) + +diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c +index fe4c24a8c979..de550d2ac607 100644 +--- a/bgpd/bgp_open.c ++++ b/bgpd/bgp_open.c +@@ -1209,19 +1209,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length, + uint8_t opt_type; + uint16_t opt_length; + +- /* Must have at least an OPEN option header */ +- if (STREAM_READABLE(s) < 2) { ++ /* ++ * Check that we can read the opt_type and fetch it ++ */ ++ if (STREAM_READABLE(s) < 1) { + zlog_info("%s Option length error", peer->host); + bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, + BGP_NOTIFY_OPEN_MALFORMED_ATTR); + return -1; + } +- +- /* Fetch option type and length. */ + opt_type = stream_getc(s); +- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +- ? stream_getw(s) +- : stream_getc(s); ++ ++ /* ++ * Check the length of the stream to ensure that ++ * FRR can properly read the opt_length. Then read it ++ */ ++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) { ++ if (STREAM_READABLE(s) < 2) { ++ zlog_info("%s Option length error", peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return -1; ++ } ++ ++ opt_length = stream_getw(s); ++ } else { ++ if (STREAM_READABLE(s) < 1) { ++ zlog_info("%s Option length error", peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return -1; ++ } ++ ++ opt_length = stream_getc(s); ++ } + + /* Option length check. */ + if (STREAM_READABLE(s) < opt_length) { +-- +2.40.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch new file mode 100644 index 0000000000..77a011dbc9 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch @@ -0,0 +1,58 @@ +From f316975cedd8ef17d47b56be0d3d21711fe44a25 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Wed, 2 Nov 2022 13:24:48 -0400 +Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to + read + +If a operator receives an invalid packet that is of insufficient size +then it is possible for BGP to assert during reading of the packet +instead of gracefully resetting the connection with the peer. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78) + +CVE: CVE-2022-43681 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/766eec1b7accffe2c04a5c9ebb14e9f487bb9f78] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_packet.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index bcd47e32d453..5225db29fe09 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -1176,8 +1176,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size) + || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) { + uint8_t opttype; + ++ if (STREAM_READABLE(peer->curr) < 1) { ++ flog_err( ++ EC_BGP_PKT_OPEN, ++ "%s: stream does not have enough bytes for extended optional parameters", ++ peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return BGP_Stop; ++ } ++ + opttype = stream_getc(peer->curr); + if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) { ++ if (STREAM_READABLE(peer->curr) < 2) { ++ flog_err( ++ EC_BGP_PKT_OPEN, ++ "%s: stream does not have enough bytes to read the extended optional parameters optlen", ++ peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return BGP_Stop; ++ } + optlen = stream_getw(peer->curr); + SET_FLAG(peer->sflags, + PEER_STATUS_EXT_OPT_PARAMS_LENGTH); +-- +2.40.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 80f4729e1f..92aca8ecdd 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -13,6 +13,9 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2022-37035.patch \ file://CVE-2022-37032.patch \ file://CVE-2022-42917.patch \ + file://CVE-2022-36440.patch \ + file://CVE-2022-40318.patch \ + file://CVE-2022-43681.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch new file mode 100644 index 0000000000..4e2157ca75 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch @@ -0,0 +1,33 @@ +From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001 +From: rofl0r <rofl0r@users.noreply.github.com> +Date: Thu, 8 Sep 2022 15:18:04 +0000 +Subject: [PATCH] prevent junk from showing up in error page in invalid + requests + +fixes #457 + +https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 +Upstream-Status: Backport +CVE: CVE-2022-40468 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + src/reqs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/reqs.c b/src/reqs.c +index bce69819..45db118d 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr, + goto fail; + } + ++ /* zero-terminate the strings so they don't contain junk in error page */ ++ request->method[0] = url[0] = request->protocol[0] = 0; ++ + ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]", + request->method, url, request->protocol); ++ + if (ret == 2 && !strcasecmp (request->method, "GET")) { + request->protocol[0] = 0; + diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb index 388f7aecbb..4ddb202268 100644 --- a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb @@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz file://disable-documentation.patch \ file://tinyproxy.service \ file://tinyproxy.conf \ + file://CVE-2022-40468.patch \ " SRC_URI[md5sum] = "658db5558ffb849414341b756a546a99" diff --git a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb index d3e7973329..9b72ffefe4 100644 --- a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb +++ b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb @@ -20,3 +20,5 @@ do_install() { ALLOW_EMPTY:${PN} = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" INHIBIT_DEFAULT_DEPS = "1" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch new file mode 100644 index 0000000000..88f3816b0f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch @@ -0,0 +1,31 @@ +From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Fri, 27 May 2022 22:27:58 +0100 +Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing + <stdint.h> include + +Without the change absl-cpp build fails on this week's gcc-13 snapshot as: + + /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::' + 34 | enum class FormatConversionChar : uint8_t; + | ^ + | :: + +Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + absl/strings/internal/str_format/extension.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h +index c47536d6..08c3fbeb 100644 +--- a/absl/strings/internal/str_format/extension.h ++++ b/absl/strings/internal/str_format/extension.h +@@ -17,6 +17,7 @@ + #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_ + + #include <limits.h> ++#include <stdint.h> + + #include <cstddef> + #include <cstring> diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb index 1bb27d4369..30eef75ffb 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \ file://0001-absl-always-use-asm-sgidefs.h.patch \ file://0002-Remove-maes-option-from-cross-compilation.patch \ file://abseil-ppc-fixes.patch \ + file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb index d14bd843ef..d114ad0c63 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ " -SRCREV = "b49431c48d40490ef979247d308af63345376cee" +SRCREV = "0274bf17374df912ea834687c667bed33bd318db" S = "${WORKDIR}/git/c++" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch new file mode 100644 index 0000000000..bff349739c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch @@ -0,0 +1,75 @@ +From 576aed71db7b40c90b44c623580629792a606928 Mon Sep 17 00:00:00 2001 +From: Jiawen Geng <technicalcute@gmail.com> +Date: Fri, 14 Oct 2022 09:54:33 +0800 +Subject: [PATCH] deps: V8: cherry-pick c2792e58035f +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Original commit message: + + [base] Fix build with gcc-13 + + See https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes. + + Also see Gentoo Linux bug report: https://bugs.gentoo.org/865981 + + Change-Id: I421f396b02ba37e12ee70048ee33e034f8113566 + Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3934140 + Reviewed-by: Clemens Backes <clemensb@chromium.org> + Reviewed-by: Simon Zünd <szuend@chromium.org> + Commit-Queue: Clemens Backes <clemensb@chromium.org> + Cr-Commit-Position: refs/heads/main@{#83587} + +Refs: https://github.com/v8/v8/commit/c2792e58035fcbaa16d0cb70998852fbeb5df4cc +PR-URL: https://github.com/nodejs/node/pull/44961 +Fixes: https://github.com/nodejs/node/issues/43642 +Reviewed-By: Michaël Zasso <targos@protonmail.com> +Reviewed-By: Richard Lau <rlau@redhat.com> +Reviewed-By: Luigi Pinca <luigipinca@gmail.com> +Reviewed-By: Colin Ihrig <cjihrig@gmail.com> + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/0be1c5728173ea9ac42843058e26b6268568acf0] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + deps/v8/AUTHORS | 1 + + deps/v8/src/base/logging.h | 1 + + deps/v8/src/inspector/v8-string-conversions.h | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS +index 35c49a01..736d3df9 100644 +--- a/deps/v8/AUTHORS ++++ b/deps/v8/AUTHORS +@@ -236,6 +236,7 @@ Vlad Burlik <vladbph@gmail.com> + Vladimir Krivosheev <develar@gmail.com> + Vladimir Shutoff <vovan@shutoff.ru> + Wael Almattar <waelsy123@gmail.com> ++WANG Xuerui <git@xen0n.name> + Wei Wu <lazyparser@gmail.com> + Wenlu Wang <kingwenlu@gmail.com> + Wenyu Zhao <wenyu.zhao@anu.edu.au> +diff --git a/deps/v8/src/base/logging.h b/deps/v8/src/base/logging.h +index 08db24a9..38be165f 100644 +--- a/deps/v8/src/base/logging.h ++++ b/deps/v8/src/base/logging.h +@@ -5,6 +5,7 @@ + #ifndef V8_BASE_LOGGING_H_ + #define V8_BASE_LOGGING_H_ + ++#include <cstdint> + #include <cstring> + #include <sstream> + #include <string> +diff --git a/deps/v8/src/inspector/v8-string-conversions.h b/deps/v8/src/inspector/v8-string-conversions.h +index c1d69c18..eb33c681 100644 +--- a/deps/v8/src/inspector/v8-string-conversions.h ++++ b/deps/v8/src/inspector/v8-string-conversions.h +@@ -5,6 +5,7 @@ + #ifndef V8_INSPECTOR_V8_STRING_CONVERSIONS_H_ + #define V8_INSPECTOR_V8_STRING_CONVERSIONS_H_ + ++#include <cstdint> + #include <string> + + // Conversion routines between UT8 and UTF16, used by string-16.{h,cc}. You may diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb index 0661fd6f1c..dfc4af3df5 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb @@ -26,6 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-liftoff-Correct-function-signatures.patch \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \ + file://gcc13.patch \ " SRC_URI:append:class-target = " \ file://0001-Using-native-binaries.patch \ diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch new file mode 100644 index 0000000000..f3af3dbffd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch @@ -0,0 +1,57 @@ +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Mon, 13 Feb 2023 10:23:13 +0100 +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules + +CVE: CVE-2023-26916 +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] + +Refs #1979 +--- + src/schema_compile.c | 20 +++++++------------- + 1 file changed, 7 insertions(+), 13 deletions(-) + +diff --git a/src/schema_compile.c b/src/schema_compile.c +index ed768ba0..68c0d681 100644 +--- a/src/schema_compile.c ++++ b/src/schema_compile.c +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) + LY_ERR + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) + { +- LY_ERR ret; ++ LY_ERR r; + struct lys_module *m; + + assert(!mod->implemented); +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); + if (m) { + assert(m != mod); +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { +- /* special case for newer internal module, continue */ +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- } else { +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- return LY_EDENIED; +- } ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); ++ return LY_EDENIED; + } + + /* set features */ +- ret = lys_set_features(mod->parsed, features); +- if (ret && (ret != LY_EEXIST)) { +- return ret; ++ r = lys_set_features(mod->parsed, features); ++ if (r && (r != LY_EEXIST)) { ++ return r; + } + + /* +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb index 2817be7c86..7875c1ef79 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ file://libyang-add-stdint-h.patch \ file://run-ptest \ + file://CVE-2023-26916.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch index 6e07c25c6a..6e07c25c6a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb index e6bfa227a0..4626044781 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb @@ -6,7 +6,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2" DEPENDS = "readline lua ncurses" -FILESPATH =. "${FILE_DIRNAME}/${PN}-7:" +FILESPATH =. "${FILE_DIRNAME}/${BPN}-7:" SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://redis.conf \ @@ -16,7 +16,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://lua-update-Makefile-to-use-environment-build-setting.patch \ file://oe-use-libc-malloc.patch \ file://0001-src-Do-not-reset-FINAL_LIBS.patch \ - file://GNU_SOURCE.patch \ + file://GNU_SOURCE-7.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " SRC_URI[sha256sum] = "ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3" diff --git a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb index c2000b264b..cb2563225f 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb @@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput" FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \ ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb index 461e6b05ed..5f687b27b3 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb @@ -17,6 +17,7 @@ COMPATIBLE_HOST = "(x86_64|i.86|aarch64|riscv64|powerpc64).*-linux" S = "${WORKDIR}/git/src" EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" +EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}" inherit pkgconfig @@ -27,3 +28,9 @@ do_compile() { do_install() { oe_runmake install } + +do_install:append:class-native() { + oe_runmake install_uapi_headers +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch new file mode 100644 index 0000000000..a60b2854c8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch @@ -0,0 +1,53 @@ +https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 +CVE: CVE-2022-39316 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 09:09:28 +0200 +Subject: [PATCH] Added missing length checks in zgfx_decompress_segment + +(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816) +--- + libfreerdp/codec/zgfx.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c +index 20fbd354571..e260aa6e28a 100644 +--- a/libfreerdp/codec/zgfx.c ++++ b/libfreerdp/codec/zgfx.c +@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + BYTE* pbSegment; + size_t cbSegment; + +- if (!zgfx || !stream) ++ if (!zgfx || !stream || (segmentSize < 2)) + return FALSE; + + cbSegment = segmentSize - 1; + +- if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) || +- (segmentSize > UINT32_MAX)) ++ if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX)) + return FALSE; + + Stream_Read_UINT8(stream, flags); /* header (1 byte) */ + zgfx->OutputCount = 0; + pbSegment = Stream_Pointer(stream); +- Stream_Seek(stream, cbSegment); ++ if (!Stream_SafeSeek(stream, cbSegment)) ++ return FALSE; + + if (!(flags & PACKET_COMPRESSED)) + { +@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount) + return FALSE; + ++ if (count > zgfx->cBitsRemaining / 8) ++ return FALSE; ++ + CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent, + count); + zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count); diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch new file mode 100644 index 0000000000..76a9e00dd3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch @@ -0,0 +1,41 @@ +https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea +CVE: CVE-2022-39318 CVE-2022-39319 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 08:27:41 +0200 +Subject: [PATCH] Fixed division by zero in urbdrc + +(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765) +--- + channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c +index 505c31d7b55..ef87f195f38 100644 +--- a/channels/urbdrc/client/libusb/libusb_udevice.c ++++ b/channels/urbdrc/client/libusb/libusb_udevice.c +@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c + if (!Buffer) + Stream_Seek(user_data->data, (NumberOfPackets * 12)); + +- iso_packet_size = BufferSize / NumberOfPackets; +- iso_transfer = libusb_alloc_transfer(NumberOfPackets); ++ if (NumberOfPackets > 0) ++ { ++ iso_packet_size = BufferSize / NumberOfPackets; ++ iso_transfer = libusb_alloc_transfer((int)NumberOfPackets); ++ } + + if (iso_transfer == NULL) + { +- WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer."); ++ WLog_Print(urbdrc->log, WLOG_ERROR, ++ "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32 ++ " ]", ++ NumberOfPackets, BufferSize); + async_transfer_user_data_free(user_data); + return -1; + } diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index ece2f56960..9da8b27c0d 100644 --- a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}" SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1" SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \ file://winpr-makecert-Build-with-install-RPATH.patch \ + file://CVE-2022-39316.patch \ + file://CVE-2022-39318-39319.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb index 690b9809dc..4daca65eb5 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.0.2.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a" +SRC_URI[sha256sum] = "7efa6b1f781a6119a10ac94b4794ded90db8accbe7802281cd26f8664ffed59c" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb index 995f3b779b..1c4279fd1e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb @@ -12,6 +12,6 @@ S = "${WORKDIR}/git" inherit setuptools3 PIP_INSTALL_PACKAGE = "gcovr" -RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments" +RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch new file mode 100644 index 0000000000..cc915f1478 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch @@ -0,0 +1,175 @@ +From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu> +Date: Thu, 1 Jun 2023 14:56:34 +0000 +Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA + decryption API (CVE-2020-25657) + +Fixes #282 + +CVE: CVE-2020-25657 + +Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- + src/SWIG/_rsa.i | 20 ++++++++++++-------- + tests/test_rsa.py | 15 +++++++-------- + 3 files changed, 31 insertions(+), 24 deletions(-) + +diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c +index 3db88b9..6aafe1f 100644 +--- a/src/SWIG/_m2crypto_wrap.c ++++ b/src/SWIG/_m2crypto_wrap.c +@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i +index bc714e0..1377b8b 100644 +--- a/src/SWIG/_rsa.i ++++ b/src/SWIG/_rsa.i +@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 7bb3af7..5e75d68 100644 +--- a/tests/test_rsa.py ++++ b/tests/test_rsa.py +@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): + # The other paddings. + for padding in self.s_padding_nok: + p = getattr(RSA, padding) +- with self.assertRaises(RSA.RSAError): +- priv.private_encrypt(self.data, p) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with self.assertRaises(RSA.RSAError): ++ priv.private_encrypt(self.data, p) + # Type-check the data to be encrypted. + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) +@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): + self.assertEqual(ptxt, self.data) + + # no_padding +- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): +- priv.public_encrypt(self.data, RSA.no_padding) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): ++ priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. ++ # Exception disabled as a part of mitigation against CVE-2020-25657 + with self.assertRaises(TypeError): + priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) + +@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): + b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 + with self.assertRaises(RSA.RSAError): + setattr(rsa, 'e', '\000\000\000\003\001\000\001') +- with self.assertRaises(RSA.RSAError): +- rsa.private_encrypt(1) +- with self.assertRaises(RSA.RSAError): +- rsa.private_decrypt(1) + assert rsa.check_key() + + def test_loadpub_bad(self): +-- +2.40.0 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb index 51a0dd676e..155a9066ca 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ file://cross-compile-platform.patch \ file://avoid-host-contamination.patch \ file://0001-setup.py-address-openssl-3.x-build-issue.patch \ + file://CVE-2020-25657.patch \ " SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch new file mode 100644 index 0000000000..61551d8fca --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch @@ -0,0 +1,231 @@ +From 5a56cdcbaec2153cd67596c6c2c8056e1ea5ed56 Mon Sep 17 00:00:00 2001 +From: David Lord <davidism@gmail.com> +Date: Tue, 2 May 2023 11:31:10 +0000 +Subject: [PATCH] Merge pull request from GHSA-xg9f-g7g7-2323 + +limit the maximum number of multipart form parts + +CVE: CVE-2023-25577 + +Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGES.rst | 5 +++++ + docs/request_data.rst | 37 +++++++++++++++++--------------- + src/werkzeug/formparser.py | 12 ++++++++++- + src/werkzeug/sansio/multipart.py | 8 +++++++ + src/werkzeug/wrappers/request.py | 8 +++++++ + tests/test_formparser.py | 9 ++++++++ + 6 files changed, 61 insertions(+), 18 deletions(-) + +diff --git a/CHANGES.rst b/CHANGES.rst +index a351d7c..6e809ba 100644 +--- a/CHANGES.rst ++++ b/CHANGES.rst +@@ -1,5 +1,10 @@ + .. currentmodule:: werkzeug + ++- Specify a maximum number of multipart parts, default 1000, after which a ++ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS ++ attack where a larger number of form/file parts would result in disproportionate ++ resource use. ++ + Version 2.1.1 + ------------- + +diff --git a/docs/request_data.rst b/docs/request_data.rst +index 83c6278..e55841e 100644 +--- a/docs/request_data.rst ++++ b/docs/request_data.rst +@@ -73,23 +73,26 @@ read the stream *or* call :meth:`~Request.get_data`. + Limiting Request Data + --------------------- + +-To avoid being the victim of a DDOS attack you can set the maximum +-accepted content length and request field sizes. The :class:`Request` +-class has two attributes for that: :attr:`~Request.max_content_length` +-and :attr:`~Request.max_form_memory_size`. +- +-The first one can be used to limit the total content length. For example +-by setting it to ``1024 * 1024 * 16`` the request won't accept more than +-16MB of transmitted data. +- +-Because certain data can't be moved to the hard disk (regular post data) +-whereas temporary files can, there is a second limit you can set. The +-:attr:`~Request.max_form_memory_size` limits the size of `POST` +-transmitted form data. By setting it to ``1024 * 1024 * 2`` you can make +-sure that all in memory-stored fields are not more than 2MB in size. +- +-This however does *not* affect in-memory stored files if the +-`stream_factory` used returns a in-memory file. ++The :class:`Request` class provides a few attributes to control how much data is ++processed from the request body. This can help mitigate DoS attacks that craft the ++request in such a way that the server uses too many resources to handle it. Each of ++these limits will raise a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` if they are ++exceeded. ++ ++- :attr:`~Request.max_content_length` Stop reading request data after this number ++ of bytes. It's better to configure this in the WSGI server or HTTP server, rather ++ than the WSGI application. ++- :attr:`~Request.max_form_memory_size` Stop reading request data if any form part is ++ larger than this number of bytes. While file parts can be moved to disk, regular ++ form field data is stored in memory only. ++- :attr:`~Request.max_form_parts` Stop reading request data if more than this number ++ of parts are sent in multipart form data. This is useful to stop a very large number ++ of very small parts, especially file parts. The default is 1000. ++ ++Using Werkzeug to set these limits is only one layer of protection. WSGI servers ++and HTTPS servers should set their own limits on size and timeouts. The operating system ++or container manager should set limits on memory and processing time for server ++processes. + + + How to extend Parsing? +diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py +index 10d58ca..bebb2fc 100644 +--- a/src/werkzeug/formparser.py ++++ b/src/werkzeug/formparser.py +@@ -179,6 +179,8 @@ class FormDataParser: + :param cls: an optional dict class to use. If this is not specified + or `None` the default :class:`MultiDict` is used. + :param silent: If set to False parsing errors will not be caught. ++ :param max_form_parts: The maximum number of parts to be parsed. If this is ++ exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised. + """ + + def __init__( +@@ -190,6 +192,8 @@ class FormDataParser: + max_content_length: t.Optional[int] = None, + cls: t.Optional[t.Type[MultiDict]] = None, + silent: bool = True, ++ *, ++ max_form_parts: t.Optional[int] = None, + ) -> None: + if stream_factory is None: + stream_factory = default_stream_factory +@@ -199,6 +203,7 @@ class FormDataParser: + self.errors = errors + self.max_form_memory_size = max_form_memory_size + self.max_content_length = max_content_length ++ self.max_form_parts = max_form_parts + + if cls is None: + cls = MultiDict +@@ -281,6 +286,7 @@ class FormDataParser: + self.errors, + max_form_memory_size=self.max_form_memory_size, + cls=self.cls, ++ max_form_parts=self.max_form_parts, + ) + boundary = options.get("boundary", "").encode("ascii") + +@@ -346,10 +352,12 @@ class MultiPartParser: + max_form_memory_size: t.Optional[int] = None, + cls: t.Optional[t.Type[MultiDict]] = None, + buffer_size: int = 64 * 1024, ++ max_form_parts: t.Optional[int] = None, + ) -> None: + self.charset = charset + self.errors = errors + self.max_form_memory_size = max_form_memory_size ++ self.max_form_parts = max_form_parts + + if stream_factory is None: + stream_factory = default_stream_factory +@@ -409,7 +417,9 @@ class MultiPartParser: + [None], + ) + +- parser = MultipartDecoder(boundary, self.max_form_memory_size) ++ parser = MultipartDecoder( ++ boundary, self.max_form_memory_size, max_parts=self.max_form_parts ++ ) + + fields = [] + files = [] +diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py +index 2d54422..e7d742b 100644 +--- a/src/werkzeug/sansio/multipart.py ++++ b/src/werkzeug/sansio/multipart.py +@@ -83,10 +83,13 @@ class MultipartDecoder: + self, + boundary: bytes, + max_form_memory_size: Optional[int] = None, ++ *, ++ max_parts: Optional[int] = None, + ) -> None: + self.buffer = bytearray() + self.complete = False + self.max_form_memory_size = max_form_memory_size ++ self.max_parts = max_parts + self.state = State.PREAMBLE + self.boundary = boundary + +@@ -113,6 +116,7 @@ class MultipartDecoder: + % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK), + re.MULTILINE, + ) ++ self._parts_decoded = 0 + + def last_newline(self) -> int: + try: +@@ -177,6 +181,10 @@ class MultipartDecoder: + name=name, + ) + self.state = State.DATA ++ self._parts_decoded += 1 ++ ++ if self.max_parts is not None and self._parts_decoded > self.max_parts: ++ raise RequestEntityTooLarge() + + elif self.state == State.DATA: + if self.buffer.find(b"--" + self.boundary) == -1: +diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py +index 57b739c..a6d5429 100644 +--- a/src/werkzeug/wrappers/request.py ++++ b/src/werkzeug/wrappers/request.py +@@ -83,6 +83,13 @@ class Request(_SansIORequest): + #: .. versionadded:: 0.5 + max_form_memory_size: t.Optional[int] = None + ++ #: The maximum number of multipart parts to parse, passed to ++ #: :attr:`form_data_parser_class`. Parsing form data with more than this ++ #: many parts will raise :exc:`~.RequestEntityTooLarge`. ++ #: ++ #: .. versionadded:: 2.2.3 ++ max_form_parts = 1000 ++ + #: The form data parser that should be used. Can be replaced to customize + #: the form date parsing. + form_data_parser_class: t.Type[FormDataParser] = FormDataParser +@@ -246,6 +253,7 @@ class Request(_SansIORequest): + self.max_form_memory_size, + self.max_content_length, + self.parameter_storage_class, ++ max_form_parts=self.max_form_parts, + ) + + def _load_form_data(self) -> None: +diff --git a/tests/test_formparser.py b/tests/test_formparser.py +index 5fc803e..834324f 100644 +--- a/tests/test_formparser.py ++++ b/tests/test_formparser.py +@@ -127,6 +127,15 @@ class TestFormParser: + req.max_form_memory_size = 400 + assert req.form["foo"] == "Hello World" + ++ req = Request.from_values( ++ input_stream=io.BytesIO(data), ++ content_length=len(data), ++ content_type="multipart/form-data; boundary=foo", ++ method="POST", ++ ) ++ req.max_form_parts = 1 ++ pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"]) ++ + def test_missing_multipart_boundary(self): + data = ( + b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n" +-- +2.40.0 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb index 476a3a5964..324a4b7996 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb @@ -12,6 +12,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" PYPI_PACKAGE = "Werkzeug" +SRC_URI += "file://CVE-2023-25577.patch" + SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch new file mode 100644 index 0000000000..996eabf586 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch @@ -0,0 +1,31 @@ +From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001 +From: Valeria Petrov <valeria.petrov@spinetix.com> +Date: Tue, 18 Apr 2023 15:38:53 +0200 +Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to + include path if mod_rewrite is enabled. + +Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241] + +--- + modules/mappers/config9.m4 | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4 +index 55a97ab993..7120b729b7 100644 +--- a/modules/mappers/config9.m4 ++++ b/modules/mappers/config9.m4 +@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos + APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes) + APACHE_MODULE(rewrite, rule based URL manipulation, , , most) + ++if test "x$enable_rewrite" != "xno"; then ++ # mod_rewrite needs test_char.h ++ APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) ++fi ++ + APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) + + APACHE_MODPATH_FINISH +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb index 8b857d2f0c..9ffdf3265a 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb @@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ file://0001-make_exports.awk-not-expose-the-path.patch \ + file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \ " SRC_URI:append:class-target = " \ @@ -27,7 +28,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "d8d45f1398ba84edd05bb33ca7593ac2989b17cb9c7a0cafe5442d41afdb2d7c" +SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a" S = "${WORKDIR}/httpd-${PV}" diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb index 42cfcdd4d5..3ae43856fe 100644 --- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb +++ b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb @@ -3,16 +3,17 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" SRC_URI = " \ - file://99-com.rules \ + git://github.com/RPi-Distro/raspberrypi-sys-mods;protocol=https;branch=master \ file://can.rules \ " +SRCREV = "5ce3ef2b7f377c23fea440ca9df0e30f3f8447cf" -S = "${WORKDIR}" +S = "${WORKDIR}/git" INHIBIT_DEFAULT_DEPS = "1" do_install () { install -d ${D}${sysconfdir}/udev/rules.d - install -m 0644 ${WORKDIR}/99-com.rules ${D}${sysconfdir}/udev/rules.d/ + install -m 0644 ${S}/etc.armhf/udev/rules.d/99-com.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/can.rules ${D}${sysconfdir}/udev/rules.d/ } diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules deleted file mode 100644 index ddd1e1743e..0000000000 --- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules +++ /dev/null @@ -1,21 +0,0 @@ -KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\ - ALIASES=/proc/device-tree/aliases; \ - if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \ - echo 0;\ - elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \ - echo 1; \ - else \ - exit 1; \ - fi\ -'", SYMLINK+="serial%c" - -KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\ - ALIASES=/proc/device-tree/aliases; \ - if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \ - echo 0; \ - elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \ - echo 1; \ - else \ - exit 1; \ - fi \ -'", SYMLINK+="serial%c" diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass index 93f667d6cd..e5946bc327 100644 --- a/meta-security/classes/dm-verity-img.bbclass +++ b/meta-security/classes/dm-verity-img.bbclass @@ -63,7 +63,12 @@ verity_setup() { veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity } -VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity" +VERITY_TYPES = " \ + ext2.verity ext3.verity ext4.verity \ + btrfs.verity \ + erofs.verity erofs-lz4.verity erofs-lz4hc.verity \ + squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \ +" IMAGE_TYPES += "${VERITY_TYPES}" CONVERSIONTYPES += "verity" CONVERSION_CMD:verity = "verity_setup ${type}" @@ -90,6 +95,6 @@ python __anonymous() { # If we're using wic: we'll have to use partition images and not the rootfs # source plugin so add the appropriate dependency. if 'wic' in image_fstypes: - dep = ' %s:do_image_%s' % (pn, verity_type) + dep = ' %s:do_image_%s' % (pn, verity_type.replace("-", "_")) d.appendVarFlag('do_image_wic', 'depends', dep) } diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb index 8440bb9e9f..9b76c2f68a 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb @@ -10,7 +10,7 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN file://fixup_hosttools.patch \ " -SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" +SRC_URI[sha256sum] = "ba9e52117f254f357ff502e7d60fce652b3bfb26327d236bbf5ab634235e40f1" inherit autotools pkgconfig systemd useradd @@ -26,11 +26,6 @@ USERADD_PACKAGES = "${PN}" GROUPADD_PARAM:${PN} = "--system tss" USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - do_install:append() { # Remove /run as it is created on startup rm -rf ${D}/run diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb index 046a3a0915..896abfe178 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb @@ -101,6 +101,8 @@ do_install () { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd fi + chown root:root -R ${D}/${sysconfdir}/apparmor.d + chown root:root -R ${D}/${datadir}/apparmor } #Building ptest on arm fails. diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 203b85dc7e..5ff5ec8655 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -90,7 +90,8 @@ rst_prolog = """ # external links and substitutions extlinks = { - 'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-'), + 'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'), + 'cve_mitre': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-%s'), 'yocto_home': ('https://www.yoctoproject.org%s', None), 'yocto_wiki': ('https://wiki.yoctoproject.org/wiki%s', None), 'yocto_dl': ('https://downloads.yoctoproject.org%s', None), diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index 1fc74a0f6d..05c2705e8e 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -16,3 +16,4 @@ Release 4.0 (kirkstone) release-notes-4.0.7 release-notes-4.0.8 release-notes-4.0.9 + release-notes-4.0.10 diff --git a/poky/documentation/migration-guides/release-notes-4.0.10.rst b/poky/documentation/migration-guides/release-notes-4.0.10.rst new file mode 100644 index 0000000000..f37c3471ea --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.10.rst @@ -0,0 +1,180 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.10 (Kirkstone) +------------------------------------------ + +Security Fixes in Yocto-4.0.10 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils: Fix :cve:`2023-1579`, :cve:`2023-1972`, :cve_mitre:`2023-25584`, :cve_mitre:`2023-25585` and :cve_mitre:`2023-25588` +- cargo : Ignore :cve:`2022-46176` +- connman: Fix :cve:`2023-28488` +- curl: Fix :cve:`2023-27533`, :cve:`2023-27534`, :cve:`2023-27535`, :cve:`2023-27536` and :cve:`2023-27538` +- ffmpeg: Fix :cve:`2022-48434` +- freetype: Fix :cve:`2023-2004` +- ghostscript: Fix :cve_mitre:`2023-29979` +- git: Fix :cve:`2023-25652` and :cve:`2023-29007` +- go: Fix :cve:`2022-41722`, :cve:`2022-41724`, :cve:`2022-41725`, :cve:`2023-24534`, :cve:`2023-24537` and :cve:`2023-24538` +- go: Ignore :cve:`2022-41716` +- libxml2: Fix :cve:`2023-28484` and :cve:`2023-29469` +- libxpm: Fix :cve:`2022-44617`, :cve:`2022-46285` and :cve:`2022-4883` +- linux-yocto: Ignore :cve:`2021-3759`, :cve:`2021-4135`, :cve:`2021-4155`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-1016`, :cve:`2022-1184`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1462`, :cve:`2022-1734`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1998`, :cve:`2022-2078`, :cve:`2022-2196`, :cve:`2022-2318`, :cve:`2022-2380`, :cve:`2022-2503`, :cve:`2022-26365`, :cve:`2022-2663`, :cve:`2022-2873`, :cve:`2022-2905`, :cve:`2022-2959`, :cve:`2022-3028`, :cve:`2022-3078`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3115`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-36123`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3629`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-39188`, :cve:`2022-39190`, :cve:`2022-39842`, :cve:`2022-40307`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-41218`, :cve:`2022-4139`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42703`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-4382`, :cve:`2022-4662`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47929`, :cve:`2023-0179`, :cve:`2023-0394`, :cve:`2023-0461`, :cve:`2023-0590`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1382`, :cve:`2023-1513`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1998`, :cve:`2023-2006`, :cve:`2023-2008`, :cve:`2023-2162`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-22999`, :cve:`2023-23002`, :cve:`2023-23004`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-25012`, :cve:`2023-26545`, :cve:`2023-28327` and :cve:`2023-28328` +- nasm: Fix :cve:`2022-44370` +- python3-cryptography: Fix :cve:`2023-23931` +- qemu: Ignore :cve:`2023-0664` +- ruby: Fix :cve:`2023-28755` and :cve:`2023-28756` +- screen: Fix :cve:`2023-24626` +- shadow: Fix :cve:`2023-29383` +- tiff: Fix :cve:`2022-4645` +- webkitgtk: Fix :cve:`2022-32888` and :cve:`2022-32923` +- xserver-xorg: Fix :cve:`2023-1393` + + +Fixes in Yocto-4.0.10 +~~~~~~~~~~~~~~~~~~~~~ + +- bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system +- build-appliance-image: Update to kirkstone head revision +- cmake: add CMAKE_SYSROOT to generated toolchain file +- glibc: stable 2.35 branch updates. +- kernel-devsrc: depend on python3-core instead of python3 +- kernel: improve initramfs bundle processing time +- libarchive: Enable acls, xattr for native as well as target +- libbsd: Add correct license for all packages +- libpam: Fix the xtests/tst-pam_motd[1|3] failures +- libxpm: upgrade to 3.5.15 +- linux-firmware: upgrade to 20230404 +- linux-yocto/5.15: upgrade to v5.15.108 +- migration-guides: add release-notes for 4.0.9 +- oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set +- openssl: Move microblaze to linux-latomic config +- package.bbclass: correct check for /build in copydebugsources() +- poky.conf: bump version for 4.0.10 +- populate_sdk_base: add zip options +- populate_sdk_ext.bbclass: set :term:`METADATA_REVISION` with an :term:`DISTRO` override +- run-postinsts: Set dependency for ldconfig to avoid boot issues +- update-alternatives.bbclass: fix old override syntax +- wic/bootimg-efi: if fixed-size is set then use that for mkdosfs +- wpebackend-fdo: upgrade to 1.14.2 +- xorg-lib-common: Add variable to set tarball type +- xserver-xorg: upgrade to 21.1.8 + + +Known Issues in Yocto-4.0.10 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.10 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Archana Polampalli +- Arturo Buzarra +- Bruce Ashfield +- Christoph Lauer +- Deepthi Hemraj +- Dmitry Baryshkov +- Frank de Brabander +- Hitendra Prajapati +- Joe Slater +- Kai Kang +- Kyle Russell +- Lee Chee Yang +- Mark Hatle +- Martin Jansa +- Mingli Yu +- Narpat Mali +- Pascal Bach +- Pawan Badganchi +- Peter Bergin +- Peter Marko +- Piotr Łobacz +- Randolph Sapp +- Ranjitsinh Rathod +- Ross Burton +- Shubham Kulkarni +- Siddharth Doshi +- Steve Sakoman +- Sundeep KOKKONDA +- Thomas Roos +- Virendra Thakur +- Vivek Kumbhar +- Wang Mingyu +- Xiangyu Chen +- Yash Shinde +- Yoann Congal +- Yogita Urade +- Zhixiong Chi + + +Repositories / Downloads for Yocto-4.0.10 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.10 </poky/log/?h=yocto-4.0.10>` +- Git Revision: :yocto_git:`f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f </poky/commit/?id=f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f>` +- Release Artefact: poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f +- sha: 8820aeac857ce6bbd1c7ef26cadbb86eca02be93deded253b4a5f07ddd69255d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.10 </openembedded-core/log/?h=yocto-4.0.10>` +- Git Revision: :oe_git:`d2713785f9cd2d58731df877bc8b7bcc71b6c8e6 </openembedded-core/commit/?id=d2713785f9cd2d58731df877bc8b7bcc71b6c8e6>` +- Release Artefact: oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6 +- sha: 78e084a1aceaaa6ec022702f29f80eaffade3159e9c42b6b8985c1b7ddd2fbab +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.10 </meta-mingw/log/?h=yocto-4.0.10>` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.10 </meta-gplv2/log/?h=yocto-4.0.10>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.10 </bitbake/log/?h=yocto-4.0.10>` +- Git Revision: :oe_git:`0c6f86b60cfba67c20733516957c0a654eb2b44c </bitbake/commit/?id=0c6f86b60cfba67c20733516957c0a654eb2b44c>` +- Release Artefact: bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c +- sha: 4caa94ee4d644017b0cc51b702e330191677f7d179018cbcec8b1793949ebc74 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.10 </yocto-docs/log/?h=yocto-4.0.10>` +- Git Revision: :yocto_git:`8388be749806bd0bf4fccf1005dae8f643aa4ef4 </yocto-docs/commit/?id=8388be749806bd0bf4fccf1005dae8f643aa4ef4>` + diff --git a/poky/documentation/migration-guides/release-notes-4.0.7.rst b/poky/documentation/migration-guides/release-notes-4.0.7.rst index 9e8ad51a0c..95f5b6a3af 100644 --- a/poky/documentation/migration-guides/release-notes-4.0.7.rst +++ b/poky/documentation/migration-guides/release-notes-4.0.7.rst @@ -7,7 +7,7 @@ Security Fixes in Yocto-4.0.7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - binutils: Fix :cve:`2022-4285` -- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552>`__ +- curl: Fix :cve:`2022-43551` and :cve_mitre:`2022-43552` - ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341` - go: Fix :cve:`2022-41715` and :cve:`2022-41717` - libX11: Fix :cve:`2022-3554` and :cve:`2022-3555` @@ -24,7 +24,7 @@ Security Fixes in Yocto-4.0.7 - sqlite: Fix :cve:`2022-46908` - systemd: Fix :cve:`2022-45873` - vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088` -- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891>`__ and :cve:`2022-32912` +- webkitgtk: Fix :cve:`2022-32886`, :cve_mitre:`2022-32891` Fixes in Yocto-4.0.7 diff --git a/poky/documentation/overview-manual/concepts.rst b/poky/documentation/overview-manual/concepts.rst index 065d9586c6..2631e412e5 100644 --- a/poky/documentation/overview-manual/concepts.rst +++ b/poky/documentation/overview-manual/concepts.rst @@ -1982,7 +1982,7 @@ Thanks to this, the depending tasks will keep a previously recorded task hash, and BitBake will be able to retrieve their output from the Shared State cache, instead of re-executing them. Similarly, the output of further downstream tasks can also be retrieved from Shared -Shate. +State. If the output hash is unknown, a new entry will be created on the Hash Equivalence server, matching the task hash to that output. diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index f265162bd0..c07df140c2 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" #DISTRO_VERSION = "3.4+snapshot-${METADATA_REVISION}" -DISTRO_VERSION = "4.0.9" +DISTRO_VERSION = "4.0.10" DISTRO_CODENAME = "kirkstone" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" diff --git a/poky/meta/classes/cmake.bbclass b/poky/meta/classes/cmake.bbclass index d9bcddbdbb..7ec6ca58fc 100644 --- a/poky/meta/classes/cmake.bbclass +++ b/poky/meta/classes/cmake.bbclass @@ -85,9 +85,12 @@ def map_host_arch_to_uname_arch(host_arch): return "ppc64" return host_arch + cmake_do_generate_toolchain_file() { if [ "${BUILD_SYS}" = "${HOST_SYS}" ]; then cmake_crosscompiling="set( CMAKE_CROSSCOMPILING FALSE )" + else + cmake_sysroot="set( CMAKE_SYSROOT \"${RECIPE_SYSROOT}\" )" fi cat > ${WORKDIR}/toolchain.cmake <<EOF # CMake system name must be something like "Linux". @@ -120,6 +123,8 @@ set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) set( CMAKE_PROGRAM_PATH "/" ) +$cmake_sysroot + # Use qt.conf settings set( ENV{QT_CONF_PATH} ${WORKDIR}/qt.conf ) diff --git a/poky/meta/classes/kernel-devicetree.bbclass b/poky/meta/classes/kernel-devicetree.bbclass index b4338da1b1..18ab6b4c4f 100644 --- a/poky/meta/classes/kernel-devicetree.bbclass +++ b/poky/meta/classes/kernel-devicetree.bbclass @@ -6,7 +6,12 @@ python () { d.appendVar("PACKAGES", " ${KERNEL_PACKAGE_NAME}-image-zimage-bundle") } -FILES:${KERNEL_PACKAGE_NAME}-devicetree = "/${KERNEL_IMAGEDEST}/*.dtb /${KERNEL_IMAGEDEST}/*.dtbo" +# recursivly search for devicetree files +FILES:${KERNEL_PACKAGE_NAME}-devicetree = " \ + /${KERNEL_DTBDEST}/**/*.dtb \ + /${KERNEL_DTBDEST}/**/*.dtbo \ +" + FILES:${KERNEL_PACKAGE_NAME}-image-zimage-bundle = "/${KERNEL_IMAGEDEST}/zImage-*.dtb.bin" # Generate kernel+devicetree bundle @@ -67,12 +72,16 @@ do_compile:append() { } do_install:append() { + install -d ${D}/${KERNEL_DTBDEST} for dtbf in ${KERNEL_DEVICETREE}; do dtb=`normalize_dtb "$dtbf"` - dtb_ext=${dtb##*.} - dtb_base_name=`basename $dtb .$dtb_ext` dtb_path=`get_real_dtb_path_in_kernel "$dtb"` - install -m 0644 $dtb_path ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext + if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then + dtb_ext=${dtb##*.} + dtb_base_name=`basename $dtb .$dtb_ext` + dtb=$dtb_base_name.$dtb_ext + fi + install -Dm 0644 $dtb_path ${D}/${KERNEL_DTBDEST}/$dtb done } @@ -82,7 +91,10 @@ do_deploy:append() { dtb_ext=${dtb##*.} dtb_base_name=`basename $dtb .$dtb_ext` install -d $deployDir - install -m 0644 ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext + if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then + dtb=$dtb_base_name.$dtb_ext + fi + install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext fi diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass index b315737fd2..3d5422b09e 100644 --- a/poky/meta/classes/kernel.bbclass +++ b/poky/meta/classes/kernel.bbclass @@ -210,6 +210,8 @@ KERNEL_RELEASE ?= "${KERNEL_VERSION}" # The directory where built kernel lies in the kernel tree KERNEL_OUTPUT_DIR ?= "arch/${ARCH}/boot" KERNEL_IMAGEDEST ?= "boot" +KERNEL_DTBDEST ?= "${KERNEL_IMAGEDEST}" +KERNEL_DTBVENDORED ?= "0" # # configuration @@ -377,7 +379,7 @@ kernel_do_compile() { use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio fi for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do - oe_runmake ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd + oe_runmake ${PARALLEL_MAKE} ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd done } diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass index 4ebfc4fb92..b92838c030 100644 --- a/poky/meta/classes/license.bbclass +++ b/poky/meta/classes/license.bbclass @@ -223,7 +223,7 @@ def find_license_files(d): bb.fatal('%s: %s' % (d.getVar('PF'), exc)) except SyntaxError: oe.qa.handle_error("license-syntax", - "%s: Failed to parse it's LICENSE field." % (d.getVar('PF')), d) + "%s: Failed to parse LICENSE: %s" % (d.getVar('PF'), d.getVar('LICENSE')), d) # Add files from LIC_FILES_CHKSUM to list of license files lic_chksum_paths = defaultdict(OrderedDict) for path, data in sorted(lic_chksums.items()): diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass index 67acc278d1..fed2f5531d 100644 --- a/poky/meta/classes/package.bbclass +++ b/poky/meta/classes/package.bbclass @@ -262,7 +262,7 @@ def files_from_filevars(filevars): f = '.' + f if not f.startswith("./"): f = './' + f - globbed = glob.glob(f) + globbed = glob.glob(f, recursive=True) if globbed: if [ f ] != globbed: files += globbed diff --git a/poky/meta/classes/populate_sdk_base.bbclass b/poky/meta/classes/populate_sdk_base.bbclass index 16f929bf59..fb00460172 100644 --- a/poky/meta/classes/populate_sdk_base.bbclass +++ b/poky/meta/classes/populate_sdk_base.bbclass @@ -53,6 +53,8 @@ TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}" SDK_ARCHIVE_TYPE ?= "tar.xz" SDK_XZ_COMPRESSION_LEVEL ?= "-9" SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}" +SDK_ZIP_OPTIONS ?= "-y" + # To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz python () { @@ -60,7 +62,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') diff --git a/poky/meta/classes/populate_sdk_ext.bbclass b/poky/meta/classes/populate_sdk_ext.bbclass index a673af7e7b..ca1b7753cb 100644 --- a/poky/meta/classes/populate_sdk_ext.bbclass +++ b/poky/meta/classes/populate_sdk_ext.bbclass @@ -363,7 +363,8 @@ python copy_buildsystem () { f.write('BUILDCFG_HEADER = ""\n\n') # Write METADATA_REVISION - f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION')) + # Needs distro override so it can override the value set in the bbclass code (later than local.conf) + f.write('METADATA_REVISION:%s = "%s"\n\n' % (d.getVar('DISTRO'), d.getVar('METADATA_REVISION'))) f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n') f.write('WITHIN_EXT_SDK = "1"\n\n') diff --git a/poky/meta/classes/update-alternatives.bbclass b/poky/meta/classes/update-alternatives.bbclass index 7581a70439..2804299fc4 100644 --- a/poky/meta/classes/update-alternatives.bbclass +++ b/poky/meta/classes/update-alternatives.bbclass @@ -80,10 +80,10 @@ def gen_updatealternativesvardeps(d): for p in pkgs: for v in vars: - for flag in sorted((d.getVarFlags("%s_%s" % (v,p)) or {}).keys()): + for flag in sorted((d.getVarFlags("%s:%s" % (v,p)) or {}).keys()): if flag == "doc" or flag == "vardeps" or flag == "vardepsexp": continue - d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s_%s' % (v,p), flag, False))) + d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s:%s' % (v,p), flag, False))) def ua_extend_depends(d): if not 'virtual/update-alternatives' in d.getVar('PROVIDES'): diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 4778b1e5e6..19bc29708c 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -280,7 +280,7 @@ RECIPE_MAINTAINER:pn-intltool = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-iproute2 = "Changhyeok Bae <changhyeok.bae@gmail.com>" RECIPE_MAINTAINER:pn-iptables = "Changhyeok Bae <changhyeok.bae@gmail.com>" RECIPE_MAINTAINER:pn-iputils = "Changhyeok Bae <changhyeok.bae@gmail.com>" -RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu <wangmy@cn.ujitsu.com>" +RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu <wangmy@cn.fujitsu.com>" RECIPE_MAINTAINER:pn-itstool = "Andreas Müller <schnitzeltony@gmail.com>" RECIPE_MAINTAINER:pn-iw = "Changhyeok Bae <changhyeok.bae@gmail.com>" RECIPE_MAINTAINER:pn-libjpeg-turbo = "Anuj Mittal <anuj.mittal@intel.com>" @@ -700,7 +700,7 @@ RECIPE_MAINTAINER:pn-quilt-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER:pn-quota = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-re2c = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-readline = "Hongxu Jia <hongxu.jia@windriver.com>" -RECIPE_MAINTAINER:pn-repo = "Jasper Orschulko <Jasper.Orschulko@iris-sensing.com>" +RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 8a5cab5360..ad4816a1f3 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -7,9 +7,9 @@ # UNINATIVE_MAXGLIBCVERSION = "2.37" -UNINATIVE_VERSION = "3.9" +UNINATIVE_VERSION = "4.0" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b" -UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c" -UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b" +UNINATIVE_CHECKSUM[aarch64] ?= "7baa8418a302df52e00916193b0a04f318356d9d2670c9a2bce3e966efefd738" +UNINATIVE_CHECKSUM[i686] ?= "83114d36883d43a521e280742b9849bf85d039b2f83d8e21d480659babe75ee8" +UNINATIVE_CHECKSUM[x86_64] ?= "fd75b2a1a67a10f6b7d65afb7d0f3e71a63b0038e428f34dfe420bb37716558a" diff --git a/poky/meta/lib/oe/package_manager/ipk/__init__.py b/poky/meta/lib/oe/package_manager/ipk/__init__.py index 9f60f3abcc..fd61340087 100644 --- a/poky/meta/lib/oe/package_manager/ipk/__init__.py +++ b/poky/meta/lib/oe/package_manager/ipk/__init__.py @@ -245,7 +245,7 @@ class OpkgPM(OpkgDpkgPM): """ if (self.d.getVar('FEED_DEPLOYDIR_BASE_URI') or "") != "": for arch in self.pkg_archs.split(): - cfg_file_name = os.path.join(self.target_rootfs, + cfg_file_name = oe.path.join(self.target_rootfs, self.d.getVar("sysconfdir"), "opkg", "local-%s-feed.conf" % arch) diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py index 5042c11d8e..2c9bc0bf90 100644 --- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py @@ -149,7 +149,7 @@ class ReproducibleTests(OESelftestTestCase): def setUpLocal(self): super().setUpLocal() - needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS'] + needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 'BB_HASHSERVE'] bb_vars = get_bb_vars(needed_vars) for v in needed_vars: setattr(self, v.lower(), bb_vars[v]) @@ -223,7 +223,7 @@ class ReproducibleTests(OESelftestTestCase): # mirror, forcing a complete build from scratch config += textwrap.dedent('''\ SSTATE_DIR = "${TMPDIR}/sstate" - SSTATE_MIRRORS = "" + SSTATE_MIRRORS = "file://.*/.*-native.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH file://.*/.*-cross.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH" ''') self.logger.info("Building %s (sstate%s allowed)..." % (name, '' if use_sstate else ' NOT')) diff --git a/poky/meta/lib/oeqa/utils/metadata.py b/poky/meta/lib/oeqa/utils/metadata.py index 8013aa684d..15ec190c4a 100644 --- a/poky/meta/lib/oeqa/utils/metadata.py +++ b/poky/meta/lib/oeqa/utils/metadata.py @@ -27,9 +27,9 @@ def metadata_from_bb(): data_dict = get_bb_vars() # Distro information - info_dict['distro'] = {'id': data_dict['DISTRO'], - 'version_id': data_dict['DISTRO_VERSION'], - 'pretty_name': '%s %s' % (data_dict['DISTRO'], data_dict['DISTRO_VERSION'])} + info_dict['distro'] = {'id': data_dict.get('DISTRO', 'NODISTRO'), + 'version_id': data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'), + 'pretty_name': '%s %s' % (data_dict.get('DISTRO', 'NODISTRO'), data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'))} # Host distro information os_release = get_os_release() diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 9bb5e5861e..b5c966c102 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -83,7 +83,6 @@ RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" do_install() { autotools_do_install rm -rf ${D}/run - rm -rf ${D}${datadir}/dbus-1/interfaces test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 rm -rf ${D}${libdir}/avahi @@ -135,7 +134,7 @@ FILES:avahi-daemon = "${sbindir}/avahi-daemon \ ${sysconfdir}/avahi/services \ ${sysconfdir}/dbus-1 \ ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ + ${datadir}/dbus-1/interfaces \ ${datadir}/avahi/avahi-service.dtd \ ${datadir}/avahi/service-types \ ${datadir}/dbus-1/system-services" diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch new file mode 100644 index 0000000000..a6cabdfb20 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch @@ -0,0 +1,60 @@ +From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001 +From: Daniel Wagner <wagi@monom.org> +Date: Tue, 11 Apr 2023 08:12:56 +0200 +Subject: gdhcp: Verify and sanitize packet length first + +Avoid overwriting the read packet length after the initial test. Thus +move all the length checks which depends on the total length first +and do not use the total lenght from the IP packet afterwards. + +Reported by Polina Smirnova <moe.hwr@gmail.com> + +CVE: CVE-2023-28488 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + gdhcp/client.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/gdhcp/client.c b/gdhcp/client.c +index 3016dfc..28fa606 100644 +--- a/gdhcp/client.c ++++ b/gdhcp/client.c +@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes) + static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd, + struct sockaddr_in *dst_addr) + { +- int bytes; + struct ip_udp_dhcp_packet packet; + uint16_t check; ++ int bytes, tot_len; + + memset(&packet, 0, sizeof(packet)); + +@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd, + if (bytes < 0) + return -1; + +- if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp))) +- return -1; +- +- if (bytes < ntohs(packet.ip.tot_len)) ++ tot_len = ntohs(packet.ip.tot_len); ++ if (bytes > tot_len) { ++ /* ignore any extra garbage bytes */ ++ bytes = tot_len; ++ } else if (bytes < tot_len) { + /* packet is bigger than sizeof(packet), we did partial read */ + return -1; ++ } + +- /* ignore any extra garbage bytes */ +- bytes = ntohs(packet.ip.tot_len); ++ if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp))) ++ return -1; + + if (!sanity_check(&packet, bytes)) + return -1; +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.41.bb index 79542b2175..27b28be41c 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.41.bb @@ -8,6 +8,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://CVE-2022-32293_p1.patch \ file://CVE-2022-32293_p2.patch \ file://CVE-2022-32292.patch \ + file://CVE-2023-28488.patch \ " SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 579fa95df7..21b2eebbd8 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -9,9 +9,7 @@ HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d" -UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" - -SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ +SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=dhcpcd-9 \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ @@ -22,7 +20,8 @@ SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ " -SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" +SRCREV = "3c458fc7fa4146029a1e4f9e98cd7e7adf03081a" +S = "${WORKDIR}/git" inherit pkgconfig autotools-brokensep systemd useradd diff --git a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch new file mode 100644 index 0000000000..ebdff1ffe4 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch @@ -0,0 +1,984 @@ +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 +From: Damien Miller <djm@mindrot.org> +Date: Fri, 24 Mar 2023 13:56:25 +1100 +Subject: [PATCH] remove support for old libcrypto + +OpenSSH now requires LibreSSL 3.1.0 or greater or +OpenSSL 1.1.1 or greater + +with/ok dtucker@ + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0] +Comment: Hunk are refreshed, removed couple of hunks from configure.ac as hunk code is not prasent +and backported to the existing code. +Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> + +--- + .github/workflows/c-cpp.yml | 7 - + INSTALL | 8 +- + cipher-aes.c | 2 +- + configure.ac | 96 ++--- + openbsd-compat/libressl-api-compat.c | 556 +-------------------------- + openbsd-compat/openssl-compat.h | 151 +------- + 6 files changed, 40 insertions(+), 780 deletions(-) + +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml +index 3d9aa22dba5..d299a32468d 100644 +--- a/.github/workflows/c-cpp.yml ++++ b/.github/workflows/c-cpp.yml +@@ -40,18 +40,11 @@ + - { os: ubuntu-20.04, configs: tcmalloc } + - { os: ubuntu-20.04, configs: musl } + - { os: ubuntu-latest, configs: libressl-master } +- - { os: ubuntu-latest, configs: libressl-2.2.9 } +- - { os: ubuntu-latest, configs: libressl-2.8.3 } +- - { os: ubuntu-latest, configs: libressl-3.0.2 } + - { os: ubuntu-latest, configs: libressl-3.2.6 } + - { os: ubuntu-latest, configs: libressl-3.3.4 } + - { os: ubuntu-latest, configs: libressl-3.4.1 } + - { os: ubuntu-latest, configs: openssl-master } + - { os: ubuntu-latest, configs: openssl-noec } +- - { os: ubuntu-latest, configs: openssl-1.0.1 } +- - { os: ubuntu-latest, configs: openssl-1.0.1u } +- - { os: ubuntu-latest, configs: openssl-1.0.2u } +- - { os: ubuntu-latest, configs: openssl-1.1.0h } + - { os: ubuntu-latest, configs: openssl-1.1.1 } + - { os: ubuntu-latest, configs: openssl-1.1.1k } + - { os: ubuntu-latest, configs: openssl-3.0.0 } +diff --git a/INSTALL b/INSTALL +index 68b15e13190..f99d1e2a809 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -21,12 +21,8 @@ https://zlib.net/ + + libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto + is supported but severely restricts the available ciphers and algorithms. +- - LibreSSL (https://www.libressl.org/) +- - OpenSSL (https://www.openssl.org) with any of the following versions: +- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 +- +-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to +-1.1.0g can't be used. ++ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater ++ - OpenSSL (https://www.openssl.org) 1.1.1 or greater + + LibreSSL/OpenSSL should be compiled as a position-independent library + (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" +diff --git a/cipher-aes.c b/cipher-aes.c +index 8b101727284..87c763353d8 100644 +--- a/cipher-aes.c ++++ b/cipher-aes.c +@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + + static int + ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, +- LIBCRYPTO_EVP_INL_TYPE len) ++ size_t len) + { + struct ssh_rijndael_ctx *c; + u_char buf[RIJNDAEL_BLOCKSIZE]; +diff --git a/configure.ac b/configure.ac +index 22fee70f604..1c0ccdf19c5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2744,42 +2744,40 @@ + #include <openssl/crypto.h> + #define DATA "conftest.ssllibver" + ]], [[ +- FILE *fd; +- int rc; ++ FILE *f; + +- fd = fopen(DATA,"w"); +- if(fd == NULL) ++ if ((f = fopen(DATA, "w")) == NULL) + exit(1); +-#ifndef OPENSSL_VERSION +-# define OPENSSL_VERSION SSLEAY_VERSION +-#endif +-#ifndef HAVE_OPENSSL_VERSION +-# define OpenSSL_version SSLeay_version +-#endif +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif +- if ((rc = fprintf(fd, "%08lx (%s)\n", ++ if (fprintf(f, "%08lx (%s)", + (unsigned long)OpenSSL_version_num(), +- OpenSSL_version(OPENSSL_VERSION))) < 0) ++ OpenSSL_version(OPENSSL_VERSION)) < 0) ++ exit(1); ++#ifdef LIBRESSL_VERSION_NUMBER ++ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) ++ exit(1); ++#endif ++ if (fputc('\n', f) == EOF || fclose(f) == EOF) + exit(1); +- + exit(0); + ]])], + [ +- ssl_library_ver=`cat conftest.ssllibver` ++ sslver=`cat conftest.ssllibver` ++ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` + # Check version is supported. +- case "$ssl_library_ver" in +- 10000*|0*) +- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) +- ;; +- 100*) ;; # 1.0.x +- 101000[[0123456]]*) +- # https://github.com/openssl/openssl/pull/4613 +- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) ++ case "$sslver" in ++ 100*|10100*) # 1.0.x, 1.1.0x ++ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) + ;; + 101*) ;; # 1.1.x +- 200*) ;; # LibreSSL ++ 200*) # LibreSSL ++ lver=`echo "$sslver" | sed 's/.*libressl-//'` ++ case "$lver" in ++ 2*|300*) # 2.x, 3.0.0 ++ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) ++ ;; ++ *) ;; # Assume all other versions are good. ++ esac ++ ;; + 300*) ;; # OpenSSL 3 + 301*) ;; # OpenSSL development branch. + *) +@@ -2781,10 +2781,10 @@ + 300*) ;; # OpenSSL 3 + 301*) ;; # OpenSSL development branch. + *) +- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) ++ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) + ;; + esac +- AC_MSG_RESULT([$ssl_library_ver]) ++ AC_MSG_RESULT([$ssl_showver]) + ], + [ + AC_MSG_RESULT([not found]) +@@ -2804,9 +2804,6 @@ + #include <openssl/opensslv.h> + #include <openssl/crypto.h> + ]], [[ +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); + ]])], + [ +@@ -2881,44 +2878,13 @@ + ) + ) + +- # LibreSSL/OpenSSL 1.1x API ++ # LibreSSL/OpenSSL API differences + AC_CHECK_FUNCS([ \ +- OPENSSL_init_crypto \ +- DH_get0_key \ +- DH_get0_pqg \ +- DH_set0_key \ +- DH_set_length \ +- DH_set0_pqg \ +- DSA_get0_key \ +- DSA_get0_pqg \ +- DSA_set0_key \ +- DSA_set0_pqg \ +- DSA_SIG_get0 \ +- DSA_SIG_set0 \ +- ECDSA_SIG_get0 \ +- ECDSA_SIG_set0 \ + EVP_CIPHER_CTX_iv \ + EVP_CIPHER_CTX_iv_noconst \ + EVP_CIPHER_CTX_get_iv \ + EVP_CIPHER_CTX_get_updated_iv \ + EVP_CIPHER_CTX_set_iv \ +- RSA_get0_crt_params \ +- RSA_get0_factors \ +- RSA_get0_key \ +- RSA_set0_crt_params \ +- RSA_set0_factors \ +- RSA_set0_key \ +- RSA_meth_free \ +- RSA_meth_dup \ +- RSA_meth_set1_name \ +- RSA_meth_get_finish \ +- RSA_meth_set_priv_enc \ +- RSA_meth_set_priv_dec \ +- RSA_meth_set_finish \ +- EVP_PKEY_get0_RSA \ +- EVP_MD_CTX_new \ +- EVP_MD_CTX_free \ +- EVP_chacha20 \ + ]) + + if test "x$openssl_engine" = "xyes" ; then +@@ -3040,8 +3006,8 @@ + fi + AC_CHECK_FUNCS([crypt DES_crypt]) + +- # Check for SHA256, SHA384 and SHA512 support in OpenSSL +- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) ++ # Check for various EVP support in OpenSSL ++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) + + # Check complete ECC support in OpenSSL + AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) +diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c +index 498180dc894..59be17397c5 100644 +--- a/openbsd-compat/libressl-api-compat.c ++++ b/openbsd-compat/libressl-api-compat.c +@@ -1,129 +1,5 @@ +-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ +-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ + /* +- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> ++ * Copyright (c) 2018 Damien Miller <djm@mindrot.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -147,192 +23,7 @@ + #include <stdlib.h> + #include <string.h> + +-#include <openssl/err.h> +-#include <openssl/bn.h> +-#include <openssl/dsa.h> +-#include <openssl/rsa.h> + #include <openssl/evp.h> +-#ifdef OPENSSL_HAS_ECC +-#include <openssl/ecdsa.h> +-#endif +-#include <openssl/dh.h> +- +-#ifndef HAVE_DSA_GET0_PQG +-void +-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +-{ +- if (p != NULL) +- *p = d->p; +- if (q != NULL) +- *q = d->q; +- if (g != NULL) +- *g = d->g; +-} +-#endif /* HAVE_DSA_GET0_PQG */ +- +-#ifndef HAVE_DSA_SET0_PQG +-int +-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +-{ +- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || +- (d->g == NULL && g == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(d->p); +- d->p = p; +- } +- if (q != NULL) { +- BN_free(d->q); +- d->q = q; +- } +- if (g != NULL) { +- BN_free(d->g); +- d->g = g; +- } +- +- return 1; +-} +-#endif /* HAVE_DSA_SET0_PQG */ +- +-#ifndef HAVE_DSA_GET0_KEY +-void +-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) +-{ +- if (pub_key != NULL) +- *pub_key = d->pub_key; +- if (priv_key != NULL) +- *priv_key = d->priv_key; +-} +-#endif /* HAVE_DSA_GET0_KEY */ +- +-#ifndef HAVE_DSA_SET0_KEY +-int +-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +-{ +- if (d->pub_key == NULL && pub_key == NULL) +- return 0; +- +- if (pub_key != NULL) { +- BN_free(d->pub_key); +- d->pub_key = pub_key; +- } +- if (priv_key != NULL) { +- BN_free(d->priv_key); +- d->priv_key = priv_key; +- } +- +- return 1; +-} +-#endif /* HAVE_DSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_KEY +-void +-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +-{ +- if (n != NULL) +- *n = r->n; +- if (e != NULL) +- *e = r->e; +- if (d != NULL) +- *d = r->d; +-} +-#endif /* HAVE_RSA_GET0_KEY */ +- +-#ifndef HAVE_RSA_SET0_KEY +-int +-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +-{ +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) +- return 0; +- +- if (n != NULL) { +- BN_free(r->n); +- r->n = n; +- } +- if (e != NULL) { +- BN_free(r->e); +- r->e = e; +- } +- if (d != NULL) { +- BN_free(r->d); +- r->d = d; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_CRT_PARAMS +-void +-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp) +-{ +- if (dmp1 != NULL) +- *dmp1 = r->dmp1; +- if (dmq1 != NULL) +- *dmq1 = r->dmq1; +- if (iqmp != NULL) +- *iqmp = r->iqmp; +-} +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_SET0_CRT_PARAMS +-int +-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +-{ +- if ((r->dmp1 == NULL && dmp1 == NULL) || +- (r->dmq1 == NULL && dmq1 == NULL) || +- (r->iqmp == NULL && iqmp == NULL)) +- return 0; +- +- if (dmp1 != NULL) { +- BN_free(r->dmp1); +- r->dmp1 = dmp1; +- } +- if (dmq1 != NULL) { +- BN_free(r->dmq1); +- r->dmq1 = dmq1; +- } +- if (iqmp != NULL) { +- BN_free(r->iqmp); +- r->iqmp = iqmp; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_GET0_FACTORS +-void +-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +-{ +- if (p != NULL) +- *p = r->p; +- if (q != NULL) +- *q = r->q; +-} +-#endif /* HAVE_RSA_GET0_FACTORS */ +- +-#ifndef HAVE_RSA_SET0_FACTORS +-int +-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +-{ +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(r->p); +- r->p = p; +- } +- if (q != NULL) { +- BN_free(r->q); +- r->q = q; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_FACTORS */ + + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV + int +@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) + } + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +-#ifndef HAVE_DSA_SIG_GET0 +-void +-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +-{ +- if (pr != NULL) +- *pr = sig->r; +- if (ps != NULL) +- *ps = sig->s; +-} +-#endif /* HAVE_DSA_SIG_GET0 */ +- +-#ifndef HAVE_DSA_SIG_SET0 +-int +-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +-{ +- if (r == NULL || s == NULL) +- return 0; +- +- BN_clear_free(sig->r); +- sig->r = r; +- BN_clear_free(sig->s); +- sig->s = s; +- +- return 1; +-} +-#endif /* HAVE_DSA_SIG_SET0 */ +- +-#ifdef OPENSSL_HAS_ECC +-#ifndef HAVE_ECDSA_SIG_GET0 +-void +-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +-{ +- if (pr != NULL) +- *pr = sig->r; +- if (ps != NULL) +- *ps = sig->s; +-} +-#endif /* HAVE_ECDSA_SIG_GET0 */ +- +-#ifndef HAVE_ECDSA_SIG_SET0 +-int +-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +-{ +- if (r == NULL || s == NULL) +- return 0; +- +- BN_clear_free(sig->r); +- BN_clear_free(sig->s); +- sig->r = r; +- sig->s = s; +- return 1; +-} +-#endif /* HAVE_ECDSA_SIG_SET0 */ +-#endif /* OPENSSL_HAS_ECC */ +- +-#ifndef HAVE_DH_GET0_PQG +-void +-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +-{ +- if (p != NULL) +- *p = dh->p; +- if (q != NULL) +- *q = dh->q; +- if (g != NULL) +- *g = dh->g; +-} +-#endif /* HAVE_DH_GET0_PQG */ +- +-#ifndef HAVE_DH_SET0_PQG +-int +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +-{ +- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(dh->p); +- dh->p = p; +- } +- if (q != NULL) { +- BN_free(dh->q); +- dh->q = q; +- } +- if (g != NULL) { +- BN_free(dh->g); +- dh->g = g; +- } +- +- return 1; +-} +-#endif /* HAVE_DH_SET0_PQG */ +- +-#ifndef HAVE_DH_GET0_KEY +-void +-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +-{ +- if (pub_key != NULL) +- *pub_key = dh->pub_key; +- if (priv_key != NULL) +- *priv_key = dh->priv_key; +-} +-#endif /* HAVE_DH_GET0_KEY */ +- +-#ifndef HAVE_DH_SET0_KEY +-int +-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +-{ +- if (pub_key != NULL) { +- BN_free(dh->pub_key); +- dh->pub_key = pub_key; +- } +- if (priv_key != NULL) { +- BN_free(dh->priv_key); +- dh->priv_key = priv_key; +- } +- +- return 1; +-} +-#endif /* HAVE_DH_SET0_KEY */ +- +-#ifndef HAVE_DH_SET_LENGTH +-int +-DH_set_length(DH *dh, long length) +-{ +- if (length < 0 || length > INT_MAX) +- return 0; +- +- dh->length = length; +- return 1; +-} +-#endif /* HAVE_DH_SET_LENGTH */ +- +-#ifndef HAVE_RSA_METH_FREE +-void +-RSA_meth_free(RSA_METHOD *meth) +-{ +- if (meth != NULL) { +- free((char *)meth->name); +- free(meth); +- } +-} +-#endif /* HAVE_RSA_METH_FREE */ +- +-#ifndef HAVE_RSA_METH_DUP +-RSA_METHOD * +-RSA_meth_dup(const RSA_METHOD *meth) +-{ +- RSA_METHOD *copy; +- +- if ((copy = calloc(1, sizeof(*copy))) == NULL) +- return NULL; +- memcpy(copy, meth, sizeof(*copy)); +- if ((copy->name = strdup(meth->name)) == NULL) { +- free(copy); +- return NULL; +- } +- +- return copy; +-} +-#endif /* HAVE_RSA_METH_DUP */ +- +-#ifndef HAVE_RSA_METH_SET1_NAME +-int +-RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +-{ +- char *copy; +- +- if ((copy = strdup(name)) == NULL) +- return 0; +- free((char *)meth->name); +- meth->name = copy; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET1_NAME */ +- +-#ifndef HAVE_RSA_METH_GET_FINISH +-int +-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +-{ +- return meth->finish; +-} +-#endif /* HAVE_RSA_METH_GET_FINISH */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC +-int +-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +-{ +- meth->rsa_priv_enc = priv_enc; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC +-int +-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +-{ +- meth->rsa_priv_dec = priv_dec; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ +- +-#ifndef HAVE_RSA_METH_SET_FINISH +-int +-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) +-{ +- meth->finish = finish; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_FINISH */ +- +-#ifndef HAVE_EVP_PKEY_GET0_RSA +-RSA * +-EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +-{ +- if (pkey->type != EVP_PKEY_RSA) { +- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ +- return NULL; +- } +- return pkey->pkey.rsa; +-} +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ +- +-#ifndef HAVE_EVP_MD_CTX_NEW +-EVP_MD_CTX * +-EVP_MD_CTX_new(void) +-{ +- return calloc(1, sizeof(EVP_MD_CTX)); +-} +-#endif /* HAVE_EVP_MD_CTX_NEW */ +- +-#ifndef HAVE_EVP_MD_CTX_FREE +-void +-EVP_MD_CTX_free(EVP_MD_CTX *ctx) +-{ +- if (ctx == NULL) +- return; +- +- EVP_MD_CTX_cleanup(ctx); +- +- free(ctx); +-} +-#endif /* HAVE_EVP_MD_CTX_FREE */ +- + #endif /* WITH_OPENSSL */ +diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h +index 61a69dd56eb..d0dd2c3450d 100644 +--- a/openbsd-compat/openssl-compat.h ++++ b/openbsd-compat/openssl-compat.h +@@ -33,26 +33,13 @@ + int ssh_compatible_openssl(long, long); + void ssh_libcrypto_init(void); + +-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) +-# error OpenSSL 1.0.1 or greater is required ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++# error OpenSSL 1.1.0 or greater is required + #endif +- +-#ifndef OPENSSL_VERSION +-# define OPENSSL_VERSION SSLEAY_VERSION +-#endif +- +-#ifndef HAVE_OPENSSL_VERSION +-# define OpenSSL_version(x) SSLeay_version(x) +-#endif +- +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif +- +-#if OPENSSL_VERSION_NUMBER < 0x10000001L +-# define LIBCRYPTO_EVP_INL_TYPE unsigned int +-#else +-# define LIBCRYPTO_EVP_INL_TYPE size_t ++#ifdef LIBRESSL_VERSION_NUMBER ++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL ++# error LibreSSL 3.1.0 or greater is required ++# endif + #endif + + #ifndef OPENSSL_RSA_MAX_MODULUS_BITS +@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); + # endif + #endif + +-/* LibreSSL/OpenSSL 1.1x API compat */ +-#ifndef HAVE_DSA_GET0_PQG +-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, +- const BIGNUM **g); +-#endif /* HAVE_DSA_GET0_PQG */ +- +-#ifndef HAVE_DSA_SET0_PQG +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-#endif /* HAVE_DSA_SET0_PQG */ +- +-#ifndef HAVE_DSA_GET0_KEY +-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, +- const BIGNUM **priv_key); +-#endif /* HAVE_DSA_GET0_KEY */ +- +-#ifndef HAVE_DSA_SET0_KEY +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +-#endif /* HAVE_DSA_SET0_KEY */ +- + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV + # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV + # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv +@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +-#ifndef HAVE_RSA_GET0_KEY +-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, +- const BIGNUM **d); +-#endif /* HAVE_RSA_GET0_KEY */ +- +-#ifndef HAVE_RSA_SET0_KEY +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +-#endif /* HAVE_RSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_CRT_PARAMS +-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp); +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_SET0_CRT_PARAMS +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_GET0_FACTORS +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +-#endif /* HAVE_RSA_GET0_FACTORS */ +- +-#ifndef HAVE_RSA_SET0_FACTORS +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +-#endif /* HAVE_RSA_SET0_FACTORS */ +- +-#ifndef DSA_SIG_GET0 +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +-#endif /* DSA_SIG_GET0 */ +- +-#ifndef DSA_SIG_SET0 +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +-#endif /* DSA_SIG_SET0 */ +- +-#ifdef OPENSSL_HAS_ECC +-#ifndef HAVE_ECDSA_SIG_GET0 +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +-#endif /* HAVE_ECDSA_SIG_GET0 */ +- +-#ifndef HAVE_ECDSA_SIG_SET0 +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +-#endif /* HAVE_ECDSA_SIG_SET0 */ +-#endif /* OPENSSL_HAS_ECC */ +- +-#ifndef HAVE_DH_GET0_PQG +-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, +- const BIGNUM **g); +-#endif /* HAVE_DH_GET0_PQG */ +- +-#ifndef HAVE_DH_SET0_PQG +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-#endif /* HAVE_DH_SET0_PQG */ +- +-#ifndef HAVE_DH_GET0_KEY +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); +-#endif /* HAVE_DH_GET0_KEY */ +- +-#ifndef HAVE_DH_SET0_KEY +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +-#endif /* HAVE_DH_SET0_KEY */ +- +-#ifndef HAVE_DH_SET_LENGTH +-int DH_set_length(DH *dh, long length); +-#endif /* HAVE_DH_SET_LENGTH */ +- +-#ifndef HAVE_RSA_METH_FREE +-void RSA_meth_free(RSA_METHOD *meth); +-#endif /* HAVE_RSA_METH_FREE */ +- +-#ifndef HAVE_RSA_METH_DUP +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +-#endif /* HAVE_RSA_METH_DUP */ +- +-#ifndef HAVE_RSA_METH_SET1_NAME +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +-#endif /* HAVE_RSA_METH_SET1_NAME */ +- +-#ifndef HAVE_RSA_METH_GET_FINISH +-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +-#endif /* HAVE_RSA_METH_GET_FINISH */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ +- +-#ifndef HAVE_RSA_METH_SET_FINISH +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); +-#endif /* HAVE_RSA_METH_SET_FINISH */ +- +-#ifndef HAVE_EVP_PKEY_GET0_RSA +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ +- +-#ifndef HAVE_EVP_MD_CTX_new +-EVP_MD_CTX *EVP_MD_CTX_new(void); +-#endif /* HAVE_EVP_MD_CTX_new */ +- +-#ifndef HAVE_EVP_MD_CTX_free +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +-#endif /* HAVE_EVP_MD_CTX_free */ +- + #endif /* WITH_OPENSSL */ + #endif /* _OPENSSL_COMPAT_H */ diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 6057d055f4..1d53c2488b 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -26,6 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://add-test-support-for-busybox.patch \ file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \ file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \ + file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \ " SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index 0b7abc3a11..af435472a5 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -22,7 +22,7 @@ Index: openssl-3.0.4/Configure } -if ($target =~ /linux.*-mips/ && !$disabled{asm} -- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { - # minimally required architecture flags for assembly modules - my $value; - $value = '-mips2' if ($target =~ /mips32/); diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch deleted file mode 100644 index 3b94c48e8d..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001 -From: Pauli <pauli@openssl.org> -Date: Wed, 8 Mar 2023 15:28:20 +1100 -Subject: [PATCH] x509: excessive resource use verifying policy constraints - -A security vulnerability has been identified in all supported versions -of OpenSSL related to the verification of X.509 certificate chains -that include policy constraints. Attackers may be able to exploit this -vulnerability by creating a malicious certificate chain that triggers -exponential use of computational resources, leading to a denial-of-service -(DoS) attack on affected systems. - -Fixes CVE-2023-0464 - -Reviewed-by: Tomas Mraz <tomas@openssl.org> -Reviewed-by: Shane Lontis <shane.lontis@oracle.com> -(Merged from https://github.com/openssl/openssl/pull/20568) - -Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1] -CVE: CVE-2023-0464 -Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> ---- - crypto/x509/pcy_local.h | 8 +++++++- - crypto/x509/pcy_node.c | 12 +++++++++--- - crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++---------- - 3 files changed, 42 insertions(+), 14 deletions(-) - -diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h -index 18b53cc..cba107c 100644 ---- a/crypto/x509/pcy_local.h -+++ b/crypto/x509/pcy_local.h -@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { - }; - - struct X509_POLICY_TREE_st { -+ /* The number of nodes in the tree */ -+ size_t node_count; -+ /* The maximum number of nodes in the tree */ -+ size_t node_maximum; -+ - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; -@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree); -+ X509_POLICY_TREE *tree, -+ int extra_data); - void ossl_policy_node_free(X509_POLICY_NODE *node); - int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); -diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c -index 9d9a7ea..450f95a 100644 ---- a/crypto/x509/pcy_node.c -+++ b/crypto/x509/pcy_node.c -@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, - X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -+ X509_POLICY_TREE *tree, -+ int extra_data) - { - X509_POLICY_NODE *node; - -+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ -+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) -+ return NULL; -+ - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); -@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - node->data = data; - node->parent = parent; -- if (level) { -+ if (level != NULL) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) - goto node_error; -@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -- if (tree) { -+ if (extra_data) { - if (tree->extra_data == NULL) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ -@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - } - } - -+ tree->node_count++; - if (parent) - parent->nchild++; - -diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c -index fa45da5..f953a05 100644 ---- a/crypto/x509/pcy_tree.c -+++ b/crypto/x509/pcy_tree.c -@@ -14,6 +14,17 @@ - - #include "pcy_local.h" - -+/* -+ * If the maximum number of nodes in the policy tree isn't defined, set it to -+ * a generous default of 1000 nodes. -+ * -+ * Defining this to be zero means unlimited policy tree growth which opens the -+ * door on CVE-2023-0464. -+ */ -+#ifndef OPENSSL_POLICY_TREE_NODES_MAX -+# define OPENSSL_POLICY_TREE_NODES_MAX 1000 -+#endif -+ - static void expected_print(BIO *channel, - X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, - int indent) -@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - return X509_PCY_TREE_INTERNAL; - } - -+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ -+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; -+ - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * -@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - if ((data = ossl_policy_data_new(NULL, - OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; -- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) { -+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { - ossl_policy_data_free(data); - goto bad_tree; - } -@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - * Return value: 1 on success, 0 otherwise - */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ X509_POLICY_DATA *data, -+ X509_POLICY_TREE *tree) - { - X509_POLICY_LEVEL *last = curr - 1; - int i, matched = 0; -@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - - if (ossl_policy_node_match(last, node, data->valid_policy)) { -- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) - return 0; - } - return 1; -@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - * Return value: 1 on success, 0 otherwise. - */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) - { - int i; - -@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - - /* Look for matching nodes in previous level */ -- if (!tree_link_matching_nodes(curr, data)) -+ if (!tree_link_matching_nodes(curr, data, tree)) - return 0; - } - return 1; -@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) { -+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) { - ossl_policy_data_free(data); - return 0; - } -@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - /* Finally add link to anyPolicy */ - if (last->anyPolicy && - ossl_policy_level_add_node(curr, cache->anyPolicy, -- last->anyPolicy, NULL) == NULL) -+ last->anyPolicy, tree, 0) == NULL) - return 0; - return 1; - } -@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; - node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, -- tree); -+ tree, 1); - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = ossl_policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -+ if (!tree_link_nodes(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) --- -2.35.7 - diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch deleted file mode 100644 index 57fd494464..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 7 Mar 2023 16:52:55 +0000 -Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf - certs - -Even though we check the leaf cert to confirm it is valid, we -later ignored the invalid flag and did not notice that the leaf -cert was bad. - -Fixes: CVE-2023-0465 - -Reviewed-by: Hugo Landau <hlandau@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/20587) - -Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb] -CVE: CVE-2023-0465 -Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> ---- - crypto/x509/x509_vfy.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 9384f1d..a0282c3 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx) - goto memerr; - /* Invalid or inconsistent extensions */ - if (ret == X509_PCY_TREE_INVALID) { -- int i; -+ int i, cbcalled = 0; - - /* Locate certificates with bad extensions and notify callback. */ -- for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ for (i = 0; i < sk_X509_num(ctx->chain); i++) { - X509 *x = sk_X509_value(ctx->chain, i); - -+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) -+ cbcalled = 1; - CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, - ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); - } -+ if (!cbcalled) { -+ /* Should not be able to get here */ -+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ /* The callback ignored the error so we return success */ - return 1; - } - if (ret == X509_PCY_TREE_FAILURE) { --- -2.35.7 - diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch deleted file mode 100644 index a16bfe42ca..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Tue, 21 Mar 2023 16:15:47 +0100 -Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() - -The function was incorrectly documented as enabling policy checking. - -Fixes: CVE-2023-0466 - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/20563) - -Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908] -CVE: CVE-2023-0466 -Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> ---- - doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index 75a1677..43c1900 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -98,8 +98,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), - and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. --- -2.35.7 - diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.9.bb index 82f3e18dd7..849bd7e5a6 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.9.bb @@ -12,16 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ - file://CVE-2023-0464.patch \ - file://CVE-2023-0465.patch \ - file://CVE-2023-0466.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" +SRC_URI[sha256sum] = "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index d36da0ce3f..4d8d96cefb 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "293211b6fddf60fc407d21fcba0326dd2148f76b" +SRCREV_glibc ?= "1c7f51c75ae300fe52ccb636e71b8e28cb20824c" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index e77353f6ed..330f262957 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "c3038cddbce42b7e4268c1f0b45e9fba85caa231" +SRCREV ?= "133d542a70d0e78390100b4e52a3d440a6b5b750" SRC_URI = "git://git.yoctoproject.org/poky;branch=kirkstone \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch new file mode 100644 index 0000000000..907f2c4d47 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch @@ -0,0 +1,79 @@ +From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Apr 2023 11:46:35 +0200 +Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType + +Fix a null pointer dereference when parsing (invalid) XML schemas. + +Thanks to Robby Simpson for the report! + +Fixes #491. + +CVE: CVE-2023-28484 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + result/schemas/issue491_0_0.err | 1 + + test/schemas/issue491_0.xml | 1 + + test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ + xmlschemas.c | 2 +- + 4 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 result/schemas/issue491_0_0.err + create mode 100644 test/schemas/issue491_0.xml + create mode 100644 test/schemas/issue491_0.xsd + +diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err +new file mode 100644 +index 00000000..9b2bb969 +--- /dev/null ++++ b/result/schemas/issue491_0_0.err +@@ -0,0 +1 @@ ++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. +diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml +new file mode 100644 +index 00000000..e2b2fc2e +--- /dev/null ++++ b/test/schemas/issue491_0.xml +@@ -0,0 +1 @@ ++<Child xmlns="http://www.test.com">5</Child> +diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd +new file mode 100644 +index 00000000..81702649 +--- /dev/null ++++ b/test/schemas/issue491_0.xsd +@@ -0,0 +1,18 @@ ++<?xml version='1.0' encoding='UTF-8'?> ++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified"> ++ <xs:complexType name="BaseType"> ++ <xs:simpleContent> ++ <xs:extension base="xs:int" /> ++ </xs:simpleContent> ++ </xs:complexType> ++ <xs:complexType name="ChildType"> ++ <xs:complexContent> ++ <xs:extension base="BaseType"> ++ <xs:sequence> ++ <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/> ++ </xs:sequence> ++ </xs:extension> ++ </xs:complexContent> ++ </xs:complexType> ++ <xs:element name="Child" type="ChildType" /> ++</xs:schema> +diff --git a/xmlschemas.c b/xmlschemas.c +index 6a353858..a4eaf591 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, + "allowed to appear inside other model groups", + NULL, NULL); + +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* +-- +GitLab + diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch new file mode 100644 index 0000000000..f60d160c49 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch @@ -0,0 +1,42 @@ +From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. + +CVE: CVE-2023-29469 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index 86c3f6d7..d7fd1a06 100644 +--- a/dict.c ++++ b/dict.c +@@ -433,7 +433,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value += *name; + value <<= 5; + if (namelen > 10) { +-- +GitLab + diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb index e15f8eb13f..9241b279e4 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -25,6 +25,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://0001-Port-gentest.py-to-Python-3.patch \ file://CVE-2022-40303.patch \ file://CVE-2022-40304.patch \ + file://CVE-2023-28484.patch \ + file://CVE-2023-29469.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl index 6d19666d82..1c87beadad 100755 --- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -184,12 +184,19 @@ class SystemdUnit(): raise SystemdUnitNotFoundError(self.root, unit) - def _process_deps(self, config, service, location, prop, dirstem): + def _process_deps(self, config, service, location, prop, dirstem, instance): systemdir = self.root / SYSCONFDIR / "systemd" / "system" target = ROOT / location.relative_to(self.root) try: for dependent in config.get('Install', prop): + # determine whether or not dependent is a template with an actual + # instance (i.e. a '@%i') + dependent_is_template = re.match(r"[^@]+@(?P<instance>[^\.]*)\.", dependent) + if dependent_is_template: + # if so, replace with the actual instance to achieve + # svc-wants@a.service.wants/svc-wanted-by@a.service + dependent = re.sub(dependent_is_template.group('instance'), instance, dependent, 1) wants = systemdir / "{}.{}".format(dependent, dirstem) / service add_link(wants, target) @@ -229,8 +236,8 @@ class SystemdUnit(): else: service = self.unit - self._process_deps(config, service, path, 'WantedBy', 'wants') - self._process_deps(config, service, path, 'RequiredBy', 'requires') + self._process_deps(config, service, path, 'WantedBy', 'wants', instance) + self._process_deps(config, service, path, 'RequiredBy', 'requires', instance) try: for also in config.get('Install', 'Also'): diff --git a/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch b/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch new file mode 100644 index 0000000000..8950981d2e --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch @@ -0,0 +1,358 @@ +From 31b25c7d360a2ef2da1717aa39f190de5222d11a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 31 Jan 2022 19:08:27 +0900 +Subject: [PATCH] network: remove only managed configs on reconfigure or + carrier lost + +Otherwise, if the carrir of the non-managed interface is lost, the +configs such as addresses or routes on the interface will be removed by +networkd. + +Upstream-Status: Backport [systemd v251 a0e99a377a2f22c0ba460d3e7228214008714c14] +Signed-off-by: C. Andy Martin <cam@myfastmail.com> +--- + src/network/networkd-address.c | 13 +++++-------- + src/network/networkd-address.h | 2 +- + src/network/networkd-link.c | 18 ++++++++++-------- + src/network/networkd-neighbor.c | 6 +++++- + src/network/networkd-neighbor.h | 2 +- + src/network/networkd-nexthop.c | 16 ++++++++++------ + src/network/networkd-nexthop.h | 2 +- + src/network/networkd-route.c | 16 ++++++++++------ + src/network/networkd-route.h | 2 +- + src/network/networkd-routing-policy-rule.c | 4 ++-- + src/network/networkd-routing-policy-rule.h | 2 +- + test/test-network/systemd-networkd-tests.py | 2 +- + 12 files changed, 48 insertions(+), 37 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 7df743efb5..01c1d88dec 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -891,22 +891,19 @@ int link_drop_foreign_addresses(Link *link) { + return r; + } + +-int link_drop_addresses(Link *link) { ++int link_drop_managed_addresses(Link *link) { + Address *address; + int k, r = 0; + + assert(link); + + SET_FOREACH(address, link->addresses) { +- /* Ignore addresses not assigned yet or already removing. */ +- if (!address_exists(address)) ++ /* Do not touch addresses managed by kernel or other tools. */ ++ if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN) + continue; + +- /* Do not drop IPv6LL addresses assigned by the kernel here. They will be dropped in +- * link_drop_ipv6ll_addresses() if IPv6LL addressing is disabled. */ +- if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN && +- address->family == AF_INET6 && +- in6_addr_is_link_local(&address->in_addr.in6)) ++ /* Ignore addresses not assigned yet or already removing. */ ++ if (!address_exists(address)) + continue; + + k = address_remove(address); +diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h +index 41c4ce6fa4..b2110d8d21 100644 +--- a/src/network/networkd-address.h ++++ b/src/network/networkd-address.h +@@ -74,7 +74,7 @@ void address_set_broadcast(Address *a); + + DEFINE_NETWORK_SECTION_FUNCTIONS(Address, address_free); + +-int link_drop_addresses(Link *link); ++int link_drop_managed_addresses(Link *link); + int link_drop_foreign_addresses(Link *link); + int link_drop_ipv6ll_addresses(Link *link); + void link_foreignize_addresses(Link *link); +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index b62a154828..12c592b257 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1070,27 +1070,27 @@ static int link_drop_foreign_config(Link *link) { + return r; + } + +-static int link_drop_config(Link *link) { ++static int link_drop_managed_config(Link *link) { + int k, r; + + assert(link); + assert(link->manager); + +- r = link_drop_routes(link); ++ r = link_drop_managed_routes(link); + +- k = link_drop_nexthops(link); ++ k = link_drop_managed_nexthops(link); + if (k < 0 && r >= 0) + r = k; + +- k = link_drop_addresses(link); ++ k = link_drop_managed_addresses(link); + if (k < 0 && r >= 0) + r = k; + +- k = link_drop_neighbors(link); ++ k = link_drop_managed_neighbors(link); + if (k < 0 && r >= 0) + r = k; + +- k = link_drop_routing_policy_rules(link); ++ k = link_drop_managed_routing_policy_rules(link); + if (k < 0 && r >= 0) + r = k; + +@@ -1318,7 +1318,9 @@ static int link_reconfigure_impl(Link *link, bool force) { + * link_drop_foreign_config() in link_configure(). */ + link_foreignize_config(link); + else { +- r = link_drop_config(link); ++ /* Remove all managed configs. Note, foreign configs are removed in later by ++ * link_configure() -> link_drop_foreign_config() if the link is managed by us. */ ++ r = link_drop_managed_config(link); + if (r < 0) + return r; + } +@@ -1705,7 +1707,7 @@ static int link_carrier_lost_impl(Link *link) { + if (r < 0) + ret = r; + +- r = link_drop_config(link); ++ r = link_drop_managed_config(link); + if (r < 0 && ret >= 0) + ret = r; + +diff --git a/src/network/networkd-neighbor.c b/src/network/networkd-neighbor.c +index 1766095e53..b58898a6dc 100644 +--- a/src/network/networkd-neighbor.c ++++ b/src/network/networkd-neighbor.c +@@ -406,13 +406,17 @@ int link_drop_foreign_neighbors(Link *link) { + return r; + } + +-int link_drop_neighbors(Link *link) { ++int link_drop_managed_neighbors(Link *link) { + Neighbor *neighbor; + int k, r = 0; + + assert(link); + + SET_FOREACH(neighbor, link->neighbors) { ++ /* Do not touch nexthops managed by kernel or other tools. */ ++ if (neighbor->source == NETWORK_CONFIG_SOURCE_FOREIGN) ++ continue; ++ + /* Ignore neighbors not assigned yet or already removing. */ + if (!neighbor_exists(neighbor)) + continue; +diff --git a/src/network/networkd-neighbor.h b/src/network/networkd-neighbor.h +index e9e1854110..8e3c510cd5 100644 +--- a/src/network/networkd-neighbor.h ++++ b/src/network/networkd-neighbor.h +@@ -34,7 +34,7 @@ int neighbor_compare_func(const Neighbor *a, const Neighbor *b); + + void network_drop_invalid_neighbors(Network *network); + +-int link_drop_neighbors(Link *link); ++int link_drop_managed_neighbors(Link *link); + int link_drop_foreign_neighbors(Link *link); + void link_foreignize_neighbors(Link *link); + +diff --git a/src/network/networkd-nexthop.c b/src/network/networkd-nexthop.c +index b829aaab90..42aa8c4c59 100644 +--- a/src/network/networkd-nexthop.c ++++ b/src/network/networkd-nexthop.c +@@ -613,8 +613,8 @@ static void manager_mark_nexthops(Manager *manager, bool foreign, const Link *ex + if (nexthop->protocol == RTPROT_KERNEL) + continue; + +- /* When 'foreign' is true, do not remove nexthops we configured. */ +- if (foreign && nexthop->source != NETWORK_CONFIG_SOURCE_FOREIGN) ++ /* When 'foreign' is true, mark only foreign nexthops, and vice versa. */ ++ if (foreign != (nexthop->source == NETWORK_CONFIG_SOURCE_FOREIGN)) + continue; + + /* Ignore nexthops not assigned yet or already removed. */ +@@ -641,7 +641,7 @@ static void manager_mark_nexthops(Manager *manager, bool foreign, const Link *ex + } + } + +-static int manager_drop_nexthops(Manager *manager) { ++static int manager_drop_marked_nexthops(Manager *manager) { + NextHop *nexthop; + int k, r = 0; + +@@ -704,14 +704,14 @@ int link_drop_foreign_nexthops(Link *link) { + + manager_mark_nexthops(link->manager, /* foreign = */ true, NULL); + +- k = manager_drop_nexthops(link->manager); ++ k = manager_drop_marked_nexthops(link->manager); + if (k < 0 && r >= 0) + r = k; + + return r; + } + +-int link_drop_nexthops(Link *link) { ++int link_drop_managed_nexthops(Link *link) { + NextHop *nexthop; + int k, r = 0; + +@@ -723,6 +723,10 @@ int link_drop_nexthops(Link *link) { + if (nexthop->protocol == RTPROT_KERNEL) + continue; + ++ /* Do not touch addresses managed by kernel or other tools. */ ++ if (nexthop->source == NETWORK_CONFIG_SOURCE_FOREIGN) ++ continue; ++ + /* Ignore nexthops not assigned yet or already removing. */ + if (!nexthop_exists(nexthop)) + continue; +@@ -734,7 +738,7 @@ int link_drop_nexthops(Link *link) { + + manager_mark_nexthops(link->manager, /* foreign = */ false, link); + +- k = manager_drop_nexthops(link->manager); ++ k = manager_drop_marked_nexthops(link->manager); + if (k < 0 && r >= 0) + r = k; + +diff --git a/src/network/networkd-nexthop.h b/src/network/networkd-nexthop.h +index 7a8920238c..1e54e9f211 100644 +--- a/src/network/networkd-nexthop.h ++++ b/src/network/networkd-nexthop.h +@@ -44,7 +44,7 @@ int nexthop_compare_func(const NextHop *a, const NextHop *b); + + void network_drop_invalid_nexthops(Network *network); + +-int link_drop_nexthops(Link *link); ++int link_drop_managed_nexthops(Link *link); + int link_drop_foreign_nexthops(Link *link); + void link_foreignize_nexthops(Link *link); + +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index ee7a535075..7e6fe8bc11 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -788,8 +788,8 @@ static void manager_mark_routes(Manager *manager, bool foreign, const Link *exce + if (route->protocol == RTPROT_KERNEL) + continue; + +- /* When 'foreign' is true, do not remove routes we configured. */ +- if (foreign && route->source != NETWORK_CONFIG_SOURCE_FOREIGN) ++ /* When 'foreign' is true, mark only foreign routes, and vice versa. */ ++ if (foreign != (route->source == NETWORK_CONFIG_SOURCE_FOREIGN)) + continue; + + /* Do not touch dynamic routes. They will removed by dhcp_pd_prefix_lost() */ +@@ -834,7 +834,7 @@ static void manager_mark_routes(Manager *manager, bool foreign, const Link *exce + } + } + +-static int manager_drop_routes(Manager *manager) { ++static int manager_drop_marked_routes(Manager *manager) { + Route *route; + int k, r = 0; + +@@ -955,14 +955,14 @@ int link_drop_foreign_routes(Link *link) { + + manager_mark_routes(link->manager, /* foreign = */ true, NULL); + +- k = manager_drop_routes(link->manager); ++ k = manager_drop_marked_routes(link->manager); + if (k < 0 && r >= 0) + r = k; + + return r; + } + +-int link_drop_routes(Link *link) { ++int link_drop_managed_routes(Link *link) { + Route *route; + int k, r = 0; + +@@ -973,6 +973,10 @@ int link_drop_routes(Link *link) { + if (route_by_kernel(route)) + continue; + ++ /* Do not touch routes managed by kernel or other tools. */ ++ if (route->source == NETWORK_CONFIG_SOURCE_FOREIGN) ++ continue; ++ + if (!route_exists(route)) + continue; + +@@ -983,7 +987,7 @@ int link_drop_routes(Link *link) { + + manager_mark_routes(link->manager, /* foreign = */ false, link); + +- k = manager_drop_routes(link->manager); ++ k = manager_drop_marked_routes(link->manager); + if (k < 0 && r >= 0) + r = k; + +diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h +index e3e22a5985..2180a196fc 100644 +--- a/src/network/networkd-route.h ++++ b/src/network/networkd-route.h +@@ -82,7 +82,7 @@ int route_remove(Route *route); + + int route_get(Manager *manager, Link *link, const Route *in, Route **ret); + +-int link_drop_routes(Link *link); ++int link_drop_managed_routes(Link *link); + int link_drop_foreign_routes(Link *link); + void link_foreignize_routes(Link *link); + +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 90086f35a7..d4363060d8 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -653,8 +653,8 @@ static void manager_mark_routing_policy_rules(Manager *m, bool foreign, const Li + if (rule->protocol == RTPROT_KERNEL) + continue; + +- /* When 'foreign' is true, do not remove rules we configured. */ +- if (foreign && rule->source != NETWORK_CONFIG_SOURCE_FOREIGN) ++ /* When 'foreign' is true, mark only foreign rules, and vice versa. */ ++ if (foreign != (rule->source == NETWORK_CONFIG_SOURCE_FOREIGN)) + continue; + + /* Ignore rules not assigned yet or already removing. */ +diff --git a/src/network/networkd-routing-policy-rule.h b/src/network/networkd-routing-policy-rule.h +index f52943bd2e..7cc6f55c8d 100644 +--- a/src/network/networkd-routing-policy-rule.h ++++ b/src/network/networkd-routing-policy-rule.h +@@ -71,7 +71,7 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L + static inline int manager_drop_foreign_routing_policy_rules(Manager *m) { + return manager_drop_routing_policy_rules_internal(m, true, NULL); + } +-static inline int link_drop_routing_policy_rules(Link *link) { ++static inline int link_drop_managed_routing_policy_rules(Link *link) { + assert(link); + return manager_drop_routing_policy_rules_internal(link->manager, false, link); + } +diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py +index ac2c1ba034..ed4d4992b1 100755 +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -3876,7 +3876,7 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities): + print(output) + self.assertRegex(output, 'NO-CARRIER') + self.assertNotRegex(output, '192.168.0.15/24') +- self.assertNotRegex(output, '192.168.0.16/24') ++ self.assertRegex(output, '192.168.0.16/24') # foreign address is kept + + print('### ip -6 route list table all dev bridge99') + output = check_output('ip -6 route list table all dev bridge99') +-- +2.34.1 + diff --git a/poky/meta/recipes-core/systemd/systemd_250.5.bb b/poky/meta/recipes-core/systemd/systemd_250.5.bb index 784a7af271..21a09d8594 100644 --- a/poky/meta/recipes-core/systemd/systemd_250.5.bb +++ b/poky/meta/recipes-core/systemd/systemd_250.5.bb @@ -30,6 +30,7 @@ SRC_URI += "file://touchscreen.rules \ file://0001-shared-json-allow-json_variant_dump-to-return-an-err.patch \ file://CVE-2022-4415-1.patch \ file://CVE-2022-4415-2.patch \ + file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \ " # patches needed by musl diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc index bf44e6c762..5c3ff3d93a 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -50,5 +50,11 @@ SRC_URI = "\ file://0021-CVE-2023-1579-2.patch \ file://0021-CVE-2023-1579-3.patch \ file://0021-CVE-2023-1579-4.patch \ + file://0022-CVE-2023-25584-1.patch \ + file://0022-CVE-2023-25584-2.patch \ + file://0022-CVE-2023-25584-3.patch \ + file://0023-CVE-2023-25585.patch \ + file://0026-CVE-2023-1972.patch \ + file://0025-CVE-2023-25588.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch new file mode 100644 index 0000000000..990243f5c9 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch @@ -0,0 +1,56 @@ +From: Alan Modra <amodra@gmail.com> +Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030) +Subject: ubsan: Null dereference in parse_module +X-Git-Tag: gdb-12.1-release~59 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2 + +ubsan: Null dereference in parse_module + + * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG + has set module->func_table for DST__K_RTNEND. Check return + of bfd_zalloc. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2] + +CVE: CVE-2023-25584 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c +index 4a92574c850..1129c98f0e2 100644 +--- a/bfd/vms-alpha.c ++++ b/bfd/vms-alpha.c +@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + + /* Initialize tables with zero element. */ + curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo)); ++ if (!curr_srec) ++ return false; + module->srec_table = curr_srec; + + curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo)); ++ if (!curr_line) ++ return false; + module->line_table = curr_line; + + while (length == -1 || ptr < maxptr) +@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + case DST__K_RTNBEG: + funcinfo = (struct funcinfo *) + bfd_zalloc (abfd, sizeof (struct funcinfo)); ++ if (!funcinfo) ++ return false; + funcinfo->name + = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, + maxptr - (ptr + DST_S_B_RTNBEG_NAME)); +@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + break; + + case DST__K_RTNEND: ++ if (!module->func_table) ++ return false; + module->func_table->high = module->func_table->low + + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1; + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch new file mode 100644 index 0000000000..f4c5ed2aff --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch @@ -0,0 +1,38 @@ +From da928f639002002dfc649ed9f50492d5d6cb4cee Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 5 Dec 2022 11:11:44 +0000 +Subject: [PATCH] Fix an illegal memory access when parsing a corrupt VMS Alpha + file. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix an illegal memory access when parsing a corrupt VMS Alpha file. + + PR 29848 + * vms-alpha.c (parse_module): Fix potential out of bounds memory + access. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=942fa4fb32738ecbb447546d54f1e5f0312d2ed4] + +CVE: CVE-2023-25584 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + bfd/vms-alpha.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c +index c548722c..53b3f1bf 100644 +--- a/bfd/vms-alpha.c ++++ b/bfd/vms-alpha.c +@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + return false; + module->line_table = curr_line; + +- while (length == -1 || ptr < maxptr) ++ while (length == -1 || (ptr + 3) < maxptr) + { + /* The first byte is not counted in the recorded length. */ + int rec_length = bfd_getl16 (ptr) + 1; diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch new file mode 100644 index 0000000000..abe501e570 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch @@ -0,0 +1,534 @@ +From: Alan Modra <amodra@gmail.com> +Date: Mon, 12 Dec 2022 07:58:49 +0000 (+1030) +Subject: Lack of bounds checking in vms-alpha.c parse_module +X-Git-Tag: gdb-13-branchpoint~87 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44 + +Lack of bounds checking in vms-alpha.c parse_module + + PR 29873 + PR 29874 + PR 29875 + PR 29876 + PR 29877 + PR 29878 + PR 29879 + PR 29880 + PR 29881 + PR 29882 + PR 29883 + PR 29884 + PR 29885 + PR 29886 + PR 29887 + PR 29888 + PR 29889 + PR 29890 + PR 29891 + * vms-alpha.c (parse_module): Make length param bfd_size_type. + Delete length == -1 checks. Sanity check record_length. + Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths. + Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements + before accessing. + (build_module_list): Pass dst_section size to parse_module. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44] + +CVE: CVE-2023-25584 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c +index c0eb5bc5a2a..3b63259cc81 100644 +--- a/bfd/vms-alpha.c ++++ b/bfd/vms-alpha.c +@@ -4340,7 +4340,7 @@ new_module (bfd *abfd) + + static bool + parse_module (bfd *abfd, struct module *module, unsigned char *ptr, +- int length) ++ bfd_size_type length) + { + unsigned char *maxptr = ptr + length; + unsigned char *src_ptr, *pcl_ptr; +@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + return false; + module->line_table = curr_line; + +- while (length == -1 || (ptr + 3) < maxptr) ++ while (ptr + 3 < maxptr) + { + /* The first byte is not counted in the recorded length. */ + int rec_length = bfd_getl16 (ptr) + 1; +@@ -4369,15 +4369,19 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + + vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length, rec_type)); + +- if (length == -1 && rec_type == DST__K_MODEND) ++ if (rec_length > maxptr - ptr) ++ break; ++ if (rec_type == DST__K_MODEND) + break; + + switch (rec_type) + { + case DST__K_MODBEG: ++ if (rec_length <= DST_S_B_MODBEG_NAME) ++ break; + module->name + = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME, +- maxptr - (ptr + DST_S_B_MODBEG_NAME)); ++ rec_length - DST_S_B_MODBEG_NAME); + + curr_pc = 0; + prev_pc = 0; +@@ -4391,13 +4395,15 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + break; + + case DST__K_RTNBEG: ++ if (rec_length <= DST_S_B_RTNBEG_NAME) ++ break; + funcinfo = (struct funcinfo *) + bfd_zalloc (abfd, sizeof (struct funcinfo)); + if (!funcinfo) + return false; + funcinfo->name + = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, +- maxptr - (ptr + DST_S_B_RTNBEG_NAME)); ++ rec_length - DST_S_B_RTNBEG_NAME); + funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS); + funcinfo->next = module->func_table; + module->func_table = funcinfo; +@@ -4407,6 +4413,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + break; + + case DST__K_RTNEND: ++ if (rec_length < DST_S_L_RTNEND_SIZE + 4) ++ break; + if (!module->func_table) + return false; + module->func_table->high = module->func_table->low +@@ -4439,10 +4447,63 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + + vms_debug2 ((3, "source info\n")); + +- while (src_ptr < ptr + rec_length) ++ while (src_ptr - ptr < rec_length) + { + int cmd = src_ptr[0], cmd_length, data; + ++ switch (cmd) ++ { ++ case DST__K_SRC_DECLFILE: ++ if (src_ptr - ptr + DST_S_B_SRC_DF_LENGTH >= rec_length) ++ cmd_length = 0x10000; ++ else ++ cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; ++ break; ++ ++ case DST__K_SRC_DEFLINES_B: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_SRC_DEFLINES_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SRC_INCRLNUM_B: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_SRC_SETFILE: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SRC_SETLNUM_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SRC_SETLNUM_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SRC_SETREC_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SRC_SETREC_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SRC_FORMFEED: ++ cmd_length = 1; ++ break; ++ ++ default: ++ cmd_length = 2; ++ break; ++ } ++ ++ if (src_ptr - ptr + cmd_length > rec_length) ++ break; ++ + switch (cmd) + { + case DST__K_SRC_DECLFILE: +@@ -4467,7 +4528,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + + module->file_table [fileid].name = filename; + module->file_table [fileid].srec = 1; +- cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; + vms_debug2 ((4, "DST_S_C_SRC_DECLFILE: %d, %s\n", + fileid, module->file_table [fileid].name)); + } +@@ -4484,7 +4544,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + srec->sfile = curr_srec->sfile; + curr_srec->next = srec; + curr_srec = srec; +- cmd_length = 2; + vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_B: %d\n", data)); + break; + +@@ -4499,14 +4558,12 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + srec->sfile = curr_srec->sfile; + curr_srec->next = srec; + curr_srec = srec; +- cmd_length = 3; + vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_W: %d\n", data)); + break; + + case DST__K_SRC_INCRLNUM_B: + data = src_ptr[DST_S_B_SRC_UNSBYTE]; + curr_srec->line += data; +- cmd_length = 2; + vms_debug2 ((4, "DST_S_C_SRC_INCRLNUM_B: %d\n", data)); + break; + +@@ -4514,21 +4571,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); + curr_srec->sfile = data; + curr_srec->srec = module->file_table[data].srec; +- cmd_length = 3; + vms_debug2 ((4, "DST_S_C_SRC_SETFILE: %d\n", data)); + break; + + case DST__K_SRC_SETLNUM_L: + data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); + curr_srec->line = data; +- cmd_length = 5; + vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_L: %d\n", data)); + break; + + case DST__K_SRC_SETLNUM_W: + data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); + curr_srec->line = data; +- cmd_length = 3; + vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_W: %d\n", data)); + break; + +@@ -4536,7 +4590,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); + curr_srec->srec = data; + module->file_table[curr_srec->sfile].srec = data; +- cmd_length = 5; + vms_debug2 ((4, "DST_S_C_SRC_SETREC_L: %d\n", data)); + break; + +@@ -4544,19 +4597,16 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); + curr_srec->srec = data; + module->file_table[curr_srec->sfile].srec = data; +- cmd_length = 3; + vms_debug2 ((4, "DST_S_C_SRC_SETREC_W: %d\n", data)); + break; + + case DST__K_SRC_FORMFEED: +- cmd_length = 1; + vms_debug2 ((4, "DST_S_C_SRC_FORMFEED\n")); + break; + + default: + _bfd_error_handler (_("unknown source command %d"), + cmd); +- cmd_length = 2; + break; + } + +@@ -4569,18 +4619,114 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + + vms_debug2 ((3, "line info\n")); + +- while (pcl_ptr < ptr + rec_length) ++ while (pcl_ptr - ptr < rec_length) + { + /* The command byte is signed so we must sign-extend it. */ + int cmd = ((signed char *)pcl_ptr)[0], cmd_length, data; + ++ switch (cmd) ++ { ++ case DST__K_DELTA_PC_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_DELTA_PC_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_INCR_LINUM: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_INCR_LINUM_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_INCR_LINUM_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SET_LINUM_INCR: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_SET_LINUM_INCR_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_RESET_LINUM_INCR: ++ cmd_length = 1; ++ break; ++ ++ case DST__K_BEG_STMT_MODE: ++ cmd_length = 1; ++ break; ++ ++ case DST__K_END_STMT_MODE: ++ cmd_length = 1; ++ break; ++ ++ case DST__K_SET_LINUM_B: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_SET_LINUM: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SET_LINUM_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SET_PC: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_SET_PC_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_SET_PC_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SET_STMTNUM: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_TERM: ++ cmd_length = 2; ++ break; ++ ++ case DST__K_TERM_W: ++ cmd_length = 3; ++ break; ++ ++ case DST__K_TERM_L: ++ cmd_length = 5; ++ break; ++ ++ case DST__K_SET_ABS_PC: ++ cmd_length = 5; ++ break; ++ ++ default: ++ if (cmd <= 0) ++ cmd_length = 1; ++ else ++ cmd_length = 2; ++ break; ++ } ++ ++ if (pcl_ptr - ptr + cmd_length > rec_length) ++ break; ++ + switch (cmd) + { + case DST__K_DELTA_PC_W: + data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); + curr_pc += data; + curr_linenum += 1; +- cmd_length = 3; + vms_debug2 ((4, "DST__K_DELTA_PC_W: %d\n", data)); + break; + +@@ -4588,131 +4734,111 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); + curr_pc += data; + curr_linenum += 1; +- cmd_length = 5; + vms_debug2 ((4, "DST__K_DELTA_PC_L: %d\n", data)); + break; + + case DST__K_INCR_LINUM: + data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; + curr_linenum += data; +- cmd_length = 2; + vms_debug2 ((4, "DST__K_INCR_LINUM: %d\n", data)); + break; + + case DST__K_INCR_LINUM_W: + data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); + curr_linenum += data; +- cmd_length = 3; + vms_debug2 ((4, "DST__K_INCR_LINUM_W: %d\n", data)); + break; + + case DST__K_INCR_LINUM_L: + data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); + curr_linenum += data; +- cmd_length = 5; + vms_debug2 ((4, "DST__K_INCR_LINUM_L: %d\n", data)); + break; + + case DST__K_SET_LINUM_INCR: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_LINUM_INCR"); +- cmd_length = 2; + break; + + case DST__K_SET_LINUM_INCR_W: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_LINUM_INCR_W"); +- cmd_length = 3; + break; + + case DST__K_RESET_LINUM_INCR: + _bfd_error_handler + (_("%s not implemented"), "DST__K_RESET_LINUM_INCR"); +- cmd_length = 1; + break; + + case DST__K_BEG_STMT_MODE: + _bfd_error_handler + (_("%s not implemented"), "DST__K_BEG_STMT_MODE"); +- cmd_length = 1; + break; + + case DST__K_END_STMT_MODE: + _bfd_error_handler + (_("%s not implemented"), "DST__K_END_STMT_MODE"); +- cmd_length = 1; + break; + + case DST__K_SET_LINUM_B: + data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; + curr_linenum = data; +- cmd_length = 2; + vms_debug2 ((4, "DST__K_SET_LINUM_B: %d\n", data)); + break; + + case DST__K_SET_LINUM: + data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); + curr_linenum = data; +- cmd_length = 3; + vms_debug2 ((4, "DST__K_SET_LINE_NUM: %d\n", data)); + break; + + case DST__K_SET_LINUM_L: + data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); + curr_linenum = data; +- cmd_length = 5; + vms_debug2 ((4, "DST__K_SET_LINUM_L: %d\n", data)); + break; + + case DST__K_SET_PC: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_PC"); +- cmd_length = 2; + break; + + case DST__K_SET_PC_W: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_PC_W"); +- cmd_length = 3; + break; + + case DST__K_SET_PC_L: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_PC_L"); +- cmd_length = 5; + break; + + case DST__K_SET_STMTNUM: + _bfd_error_handler + (_("%s not implemented"), "DST__K_SET_STMTNUM"); +- cmd_length = 2; + break; + + case DST__K_TERM: + data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; + curr_pc += data; +- cmd_length = 2; + vms_debug2 ((4, "DST__K_TERM: %d\n", data)); + break; + + case DST__K_TERM_W: + data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); + curr_pc += data; +- cmd_length = 3; + vms_debug2 ((4, "DST__K_TERM_W: %d\n", data)); + break; + + case DST__K_TERM_L: + data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); + curr_pc += data; +- cmd_length = 5; + vms_debug2 ((4, "DST__K_TERM_L: %d\n", data)); + break; + + case DST__K_SET_ABS_PC: + data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); + curr_pc = data; +- cmd_length = 5; + vms_debug2 ((4, "DST__K_SET_ABS_PC: 0x%x\n", data)); + break; + +@@ -4721,15 +4847,11 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + { + curr_pc -= cmd; + curr_linenum += 1; +- cmd_length = 1; + vms_debug2 ((4, "bump pc to 0x%lx and line to %d\n", + (unsigned long)curr_pc, curr_linenum)); + } + else +- { +- _bfd_error_handler (_("unknown line command %d"), cmd); +- cmd_length = 2; +- } ++ _bfd_error_handler (_("unknown line command %d"), cmd); + break; + } + +@@ -4859,7 +4981,8 @@ build_module_list (bfd *abfd) + return NULL; + + module = new_module (abfd); +- if (!parse_module (abfd, module, PRIV (dst_section)->contents, -1)) ++ if (!parse_module (abfd, module, PRIV (dst_section)->contents, ++ PRIV (dst_section)->size)) + return NULL; + list = module; + } diff --git a/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch new file mode 100644 index 0000000000..e31a027b9f --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch @@ -0,0 +1,54 @@ +From: Alan Modra <amodra@gmail.com> +Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030) +Subject: PR29892, Field file_table of struct module is uninitialized +X-Git-Tag: gdb-13-branchpoint~86 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 + +PR29892, Field file_table of struct module is uninitialized + + PR 29892 + * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table. + (parse_module): Rewrite file_table reallocation code and clear. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7] + +CVE: CVE-2023-25585 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c +index 3b63259cc81..6ee7060b0b2 100644 +--- a/bfd/vms-alpha.c ++++ b/bfd/vms-alpha.c +@@ -4337,7 +4337,7 @@ new_module (bfd *abfd) + = (struct module *) bfd_zalloc (abfd, sizeof (struct module)); + module->file_table_count = 16; /* Arbitrary. */ + module->file_table +- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo)); ++ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo)); + return module; + } + +@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, + src_ptr + DST_S_B_SRC_DF_FILENAME, + ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME)); + +- while (fileid >= module->file_table_count) ++ if (fileid >= module->file_table_count) + { +- module->file_table_count *= 2; ++ unsigned int old_count = module->file_table_count; ++ module->file_table_count += fileid; + module->file_table + = bfd_realloc_or_free (module->file_table, + module->file_table_count + * sizeof (struct fileinfo)); + if (module->file_table == NULL) + return false; ++ memset (module->file_table + old_count, 0, ++ fileid * sizeof (struct fileinfo)); + } + + module->file_table [fileid].name = filename; diff --git a/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch b/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch new file mode 100644 index 0000000000..142d201c40 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch @@ -0,0 +1,147 @@ +From: Alan Modra <amodra@gmail.com> +Date: Fri, 14 Oct 2022 00:00:21 +0000 (+1030) +Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised +X-Git-Tag: gdb-13-branchpoint~871 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 + +PR29677, Field `the_bfd` of `asymbol` is uninitialised + +Besides not initialising the_bfd of synthetic symbols, counting +symbols when sizing didn't match symbols created if there were any +dynsyms named "". We don't want synthetic symbols without names +anyway, so get rid of them. Also, simplify and correct sanity checks. + + PR 29677 + * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1] + +CVE: CVE-2023-25588 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/bfd/mach-o.c b/bfd/mach-o.c +index acb35e7f0c6..5279343768c 100644 +--- a/bfd/mach-o.c ++++ b/bfd/mach-o.c +@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + bfd_mach_o_symtab_command *symtab = mdata->symtab; + asymbol *s; + char * s_start; +- char * s_end; + unsigned long count, i, j, n; + size_t size; + char *names; +- char *nul_name; + const char stub [] = "$stub"; + + *ret = NULL; +@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + /* We need to allocate a bfd symbol for every indirect symbol and to + allocate the memory for its name. */ + count = dysymtab->nindirectsyms; +- size = count * sizeof (asymbol) + 1; +- ++ size = 0; + for (j = 0; j < count; j++) + { +- const char * strng; + unsigned int isym = dysymtab->indirect_syms[j]; ++ const char *str; + + /* Some indirect symbols are anonymous. */ +- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name)) +- /* PR 17512: file: f5b8eeba. */ +- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub); ++ if (isym < symtab->nsyms ++ && (str = symtab->symbols[isym].symbol.name) != NULL) ++ { ++ /* PR 17512: file: f5b8eeba. */ ++ size += strnlen (str, symtab->strsize - (str - symtab->strtab)); ++ size += sizeof (stub); ++ } + } + +- s_start = bfd_malloc (size); ++ s_start = bfd_malloc (size + count * sizeof (asymbol)); + s = *ret = (asymbol *) s_start; + if (s == NULL) + return -1; + names = (char *) (s + count); +- nul_name = names; +- *names++ = 0; +- s_end = s_start + size; + + n = 0; + for (i = 0; i < mdata->nsects; i++) +@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + entry_size = bfd_mach_o_section_get_entry_size (abfd, sec); + + /* PR 17512: file: 08e15eec. */ +- if (first >= count || last >= count || first > last) ++ if (first >= count || last > count || first > last) + goto fail; + + for (j = first; j < last; j++) + { + unsigned int isym = dysymtab->indirect_syms[j]; +- +- /* PR 17512: file: 04d64d9b. */ +- if (((char *) s) + sizeof (* s) > s_end) +- goto fail; +- +- s->flags = BSF_GLOBAL | BSF_SYNTHETIC; +- s->section = sec->bfdsection; +- s->value = addr - sec->addr; +- s->udata.p = NULL; ++ const char *str; ++ size_t len; + + if (isym < symtab->nsyms +- && symtab->symbols[isym].symbol.name) ++ && (str = symtab->symbols[isym].symbol.name) != NULL) + { +- const char *sym = symtab->symbols[isym].symbol.name; +- size_t len; +- +- s->name = names; +- len = strlen (sym); +- /* PR 17512: file: 47dfd4d2. */ +- if (names + len >= s_end) ++ /* PR 17512: file: 04d64d9b. */ ++ if (n >= count) + goto fail; +- memcpy (names, sym, len); +- names += len; +- /* PR 17512: file: 18f340a4. */ +- if (names + sizeof (stub) >= s_end) ++ len = strnlen (str, symtab->strsize - (str - symtab->strtab)); ++ /* PR 17512: file: 47dfd4d2, 18f340a4. */ ++ if (size < len + sizeof (stub)) + goto fail; +- memcpy (names, stub, sizeof (stub)); +- names += sizeof (stub); ++ memcpy (names, str, len); ++ memcpy (names + len, stub, sizeof (stub)); ++ s->name = names; ++ names += len + sizeof (stub); ++ size -= len + sizeof (stub); ++ s->the_bfd = symtab->symbols[isym].symbol.the_bfd; ++ s->flags = BSF_GLOBAL | BSF_SYNTHETIC; ++ s->section = sec->bfdsection; ++ s->value = addr - sec->addr; ++ s->udata.p = NULL; ++ s++; ++ n++; + } +- else +- s->name = nul_name; +- + addr += entry_size; +- s++; +- n++; + } + break; + default: diff --git a/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch new file mode 100644 index 0000000000..f86adad217 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch @@ -0,0 +1,41 @@ +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100) +Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table. +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 + +Fix an illegal memory access when an accessing a zer0-lengthverdef table. + + PR 30285 + * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57] + +CVE: CVE-2023-1972 + +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> + +--- + +diff --git a/bfd/elf.c b/bfd/elf.c +index 027d0143735..185028cbd97 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verdef; + } ++ ++ if (amt == 0) ++ goto error_return_verdef; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return_verdef; +@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return; + } ++ if (amt == 0) ++ goto error_return; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return; diff --git a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc index 8074bf1025..d019b0790b 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -68,7 +68,8 @@ do_configure () { # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure # tests. Create a dummy empty lib for the purposes of configure. mkdir -p ${WORKDIR}/dummylib - ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so + ${CC} -x c /dev/null -c -o ${WORKDIR}/dummylib/dummylib.o + ${AR} rcs ${WORKDIR}/dummylib/libstdc++.a ${WORKDIR}/dummylib/dummylib.o for d in libgcc ${RUNTIMETARGET}; do echo "Configuring $d" rm -rf ${B}/${TARGET_SYS}/$d/ diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch new file mode 100644 index 0000000000..825701eaff --- /dev/null +++ b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch @@ -0,0 +1,94 @@ +From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001 +From: Johannes Schindelin <Johannes.Schindelin@gmx.de> +Date: Thu Mar 9 16:02:54 2023 +0100 +Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it + exists + + The `git apply --reject` is expected to write out `.rej` files in case + one or more hunks fail to apply cleanly. Historically, the command + overwrites any existing `.rej` files. The idea being that + apply/reject/edit cycles are relatively common, and the generated `.rej` + files are not considered precious. + + But the command does not overwrite existing `.rej` symbolic links, and + instead follows them. This is unsafe because the same patch could + potentially create such a symbolic link and point at arbitrary paths + outside the current worktree, and `git apply` would write the contents + of the `.rej` file into that location. + + Therefore, let's make sure that any existing `.rej` file or symbolic + link is removed before writing it. + + Reported-by: RyotaK <ryotak.mail@gmail.com> + Helped-by: Taylor Blau <me@ttaylorr.com> + Helped-by: Junio C Hamano <gitster@pobox.com> + Helped-by: Linus Torvalds <torvalds@linuxfoundation.org> + Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> + +CVE: CVE-2023-25652 +Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + apply.c | 14 ++++++++++++-- + t/t4115-apply-symlink.sh | 15 +++++++++++++++ + 2 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/apply.c b/apply.c +index fc6f484..47f2686 100644 +--- a/apply.c ++++ b/apply.c +@@ -4584,7 +4584,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch) + FILE *rej; + char namebuf[PATH_MAX]; + struct fragment *frag; +- int cnt = 0; ++ int fd, cnt = 0; + struct strbuf sb = STRBUF_INIT; + + for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) { +@@ -4624,7 +4624,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch) + memcpy(namebuf, patch->new_name, cnt); + memcpy(namebuf + cnt, ".rej", 5); + +- rej = fopen(namebuf, "w"); ++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666); ++ if (fd < 0) { ++ if (errno != EEXIST) ++ return error_errno(_("cannot open %s"), namebuf); ++ if (unlink(namebuf)) ++ return error_errno(_("cannot unlink '%s'"), namebuf); ++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666); ++ if (fd < 0) ++ return error_errno(_("cannot open %s"), namebuf); ++ } ++ rej = fdopen(fd, "w"); + if (!rej) + return error_errno(_("cannot open %s"), namebuf); + +diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh +index 65ac7df..e95e6d4 100755 +--- a/t/t4115-apply-symlink.sh ++++ b/t/t4115-apply-symlink.sh +@@ -126,4 +126,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' ' + test_path_is_file .git/delete-me + ' + ++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' ' ++ test_when_finished "git reset --hard && git clean -dfx" && ++ ++ test_commit file && ++ echo modified >file.t && ++ git diff -- file.t >patch && ++ echo modified-again >file.t && ++ ++ ln -s foo file.t.rej && ++ test_must_fail git apply patch --reject 2>err && ++ test_i18ngrep "Rejected hunk" err && ++ test_path_is_missing foo && ++ test_path_is_file file.t.rej ++' ++ + test_done +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch new file mode 100644 index 0000000000..472f4022b2 --- /dev/null +++ b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch @@ -0,0 +1,162 @@ +From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001 +From: Taylor Blau <me@ttaylorr.com> +Date: Fri, 14 Apr 2023 11:46:59 -0400 +Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection' + +Avoids issues with renaming or deleting sections with long lines, where +configuration values may be interpreted as sections, leading to +configuration injection. Addresses CVE-2023-29007. + +* tb/config-copy-or-rename-in-file-injection: + config.c: disallow overly-long lines in `copy_or_rename_section_in_file()` + config.c: avoid integer truncation in `copy_or_rename_section_in_file()` + config: avoid fixed-sized buffer when renaming/deleting a section + t1300: demonstrate failure when renaming sections with long lines + +Signed-off-by: Taylor Blau <me@ttaylorr.com> + +Upstream-Status: Backport +CVE: CVE-2023-29007 + +Reference to upstream patch: +https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + config.c | 36 +++++++++++++++++++++++++----------- + t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 55 insertions(+), 11 deletions(-) + +diff --git a/config.c b/config.c +index 2bffa8d..6a01938 100644 +--- a/config.c ++++ b/config.c +@@ -3192,9 +3192,10 @@ void git_config_set_multivar(const char *key, const char *value, + flags); + } + +-static int section_name_match (const char *buf, const char *name) ++static size_t section_name_match (const char *buf, const char *name) + { +- int i = 0, j = 0, dot = 0; ++ size_t i = 0, j = 0; ++ int dot = 0; + if (buf[i] != '[') + return 0; + for (i = 1; buf[i] && buf[i] != ']'; i++) { +@@ -3247,6 +3248,8 @@ static int section_name_is_ok(const char *name) + return 1; + } + ++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024) ++ + /* if new_name == NULL, the section is removed instead */ + static int git_config_copy_or_rename_section_in_file(const char *config_filename, + const char *old_name, +@@ -3256,11 +3259,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename + char *filename_buf = NULL; + struct lock_file lock = LOCK_INIT; + int out_fd; +- char buf[1024]; ++ struct strbuf buf = STRBUF_INIT; + FILE *config_file = NULL; + struct stat st; + struct strbuf copystr = STRBUF_INIT; + struct config_store_data store; ++ uint32_t line_nr = 0; + + memset(&store, 0, sizeof(store)); + +@@ -3297,16 +3301,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename + goto out; + } + +- while (fgets(buf, sizeof(buf), config_file)) { +- unsigned i; +- int length; ++ while (!strbuf_getwholeline(&buf, config_file, '\n')) { ++ size_t i, length; + int is_section = 0; +- char *output = buf; +- for (i = 0; buf[i] && isspace(buf[i]); i++) ++ char *output = buf.buf; ++ ++ line_nr++; ++ ++ if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) { ++ ret = error(_("refusing to work with overly long line " ++ "in '%s' on line %"PRIuMAX), ++ config_filename, (uintmax_t)line_nr); ++ goto out; ++ } ++ ++ for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++) + ; /* do nothing */ +- if (buf[i] == '[') { ++ if (buf.buf[i] == '[') { + /* it's a section */ +- int offset; ++ size_t offset; + is_section = 1; + + /* +@@ -3323,7 +3336,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename + strbuf_reset(©str); + } + +- offset = section_name_match(&buf[i], old_name); ++ offset = section_name_match(&buf.buf[i], old_name); + if (offset > 0) { + ret++; + if (new_name == NULL) { +@@ -3398,6 +3411,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename + out_no_rollback: + free(filename_buf); + config_store_data_clear(&store); ++ strbuf_release(&buf); + return ret; + } + +diff --git a/t/t1300-config.sh b/t/t1300-config.sh +index 78359f1..b07feb1 100755 +--- a/t/t1300-config.sh ++++ b/t/t1300-config.sh +@@ -617,6 +617,36 @@ test_expect_success 'renaming to bogus section is rejected' ' + test_must_fail git config --rename-section branch.zwei "bogus name" + ' + ++test_expect_success 'renaming a section with a long line' ' ++ { ++ printf "[b]\\n" && ++ printf " c = d %1024s [a] e = f\\n" " " && ++ printf "[a] g = h\\n" ++ } >y && ++ git config -f y --rename-section a xyz && ++ test_must_fail git config -f y b.e ++' ++ ++test_expect_success 'renaming an embedded section with a long line' ' ++ { ++ printf "[b]\\n" && ++ printf " c = d %1024s [a] [foo] e = f\\n" " " && ++ printf "[a] g = h\\n" ++ } >y && ++ git config -f y --rename-section a xyz && ++ test_must_fail git config -f y foo.e ++' ++ ++test_expect_success 'renaming a section with an overly-long line' ' ++ { ++ printf "[b]\\n" && ++ printf " c = d %525000s e" " " && ++ printf "[a] g = h\\n" ++ } >y && ++ test_must_fail git config -f y --rename-section a xyz 2>err && ++ test_i18ngrep "refusing to work with overly long line in .y. on line 2" err ++' ++ + cat >> .git/config << EOF + [branch "zwei"] a = 1 [branch "vier"] + EOF +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/git/git_2.35.7.bb b/poky/meta/recipes-devtools/git/git_2.35.7.bb index faf0b67051..9e7b0a8cff 100644 --- a/poky/meta/recipes-devtools/git/git_2.35.7.bb +++ b/poky/meta/recipes-devtools/git/git_2.35.7.bb @@ -10,6 +10,8 @@ PROVIDES:append:class-native = " git-replacement-native" SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ file://fixsort.patch \ file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \ + file://CVE-2023-29007.patch \ + file://CVE-2023-25652.patch \ " S = "${WORKDIR}/git-${PV}" @@ -35,6 +37,8 @@ CVE_CHECK_IGNORE += "CVE-2022-24975" CVE_CHECK_IGNORE += "CVE-2022-41953" # specific to Git for Windows CVE_CHECK_IGNORE += "CVE-2023-22743" +# This is specific to Git-for-Windows +CVE_CHECK_IGNORE += "CVE-2023-25815" PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" diff --git a/poky/meta/recipes-devtools/go/go-1.17.13.inc b/poky/meta/recipes-devtools/go/go-1.17.13.inc index cda9227042..d430e0669d 100644 --- a/poky/meta/recipes-devtools/go/go-1.17.13.inc +++ b/poky/meta/recipes-devtools/go/go-1.17.13.inc @@ -28,6 +28,10 @@ SRC_URI += "\ file://cve-2022-41725.patch \ file://CVE-2022-41722.patch \ file://CVE-2023-24537.patch \ + file://CVE-2023-24534.patch \ + file://CVE-2023-24538.patch \ + file://CVE-2023-24540.patch \ + file://CVE-2023-24539.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch new file mode 100644 index 0000000000..c65c7852d5 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch @@ -0,0 +1,200 @@ +From d6759e7a059f4208f07aa781402841d7ddaaef96 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Fri, 10 Mar 2023 14:21:05 -0800 +Subject: [PATCH] [release-branch.go1.19] net/textproto: avoid overpredicting + the number of MIME header keys + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802452 +Run-TryBot: Damien Neil <dneil@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Julie Qiu <julieqiu@google.com> +(cherry picked from commit f739f080a72fd5b06d35c8e244165159645e2ed6) +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802393 +Reviewed-by: Damien Neil <dneil@google.com> +Run-TryBot: Roland Shoemaker <bracewell@google.com> +Change-Id: I675451438d619a9130360c56daf529559004903f +Reviewed-on: https://go-review.googlesource.com/c/go/+/481982 +Run-TryBot: Michael Knyszek <mknyszek@google.com> +TryBot-Result: Gopher Robot <gobot@golang.org> +Reviewed-by: Matthew Dempsky <mdempsky@google.com> +Auto-Submit: Michael Knyszek <mknyszek@google.com> + +Upstream-Status: Backport [https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96] +CVE: CVE-2023-24534 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> + +--- + src/bytes/bytes.go | 14 ++++++++ + src/net/textproto/reader.go | 30 ++++++++++------ + src/net/textproto/reader_test.go | 59 ++++++++++++++++++++++++++++++++ + 3 files changed, 92 insertions(+), 11 deletions(-) + +diff --git a/src/bytes/bytes.go b/src/bytes/bytes.go +index ce52649..95ff31c 100644 +--- a/src/bytes/bytes.go ++++ b/src/bytes/bytes.go +@@ -1174,3 +1174,17 @@ func Index(s, sep []byte) int { + } + return -1 + } ++ ++// Cut slices s around the first instance of sep, ++// returning the text before and after sep. ++// The found result reports whether sep appears in s. ++// If sep does not appear in s, cut returns s, nil, false. ++// ++// Cut returns slices of the original slice s, not copies. ++func Cut(s, sep []byte) (before, after []byte, found bool) { ++ if i := Index(s, sep); i >= 0 { ++ return s[:i], s[i+len(sep):], true ++ } ++ return s, nil, false ++} ++ +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index 6a680f4..fcbede8 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -493,8 +493,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) { + // large one ahead of time which we'll cut up into smaller + // slices. If this isn't big enough later, we allocate small ones. + var strs []string +- hint := r.upcomingHeaderNewlines() ++ hint := r.upcomingHeaderKeys() + if hint > 0 { ++ if hint > 1000 { ++ hint = 1000 // set a cap to avoid overallocation ++ } + strs = make([]string, hint) + } + +@@ -589,9 +592,11 @@ func mustHaveFieldNameColon(line []byte) error { + return nil + } + +-// upcomingHeaderNewlines returns an approximation of the number of newlines ++var nl = []byte("\n") ++ ++// upcomingHeaderKeys returns an approximation of the number of keys + // that will be in this header. If it gets confused, it returns 0. +-func (r *Reader) upcomingHeaderNewlines() (n int) { ++func (r *Reader) upcomingHeaderKeys() (n int) { + // Try to determine the 'hint' size. + r.R.Peek(1) // force a buffer load if empty + s := r.R.Buffered() +@@ -599,17 +604,20 @@ func (r *Reader) upcomingHeaderNewlines() (n int) { + return + } + peek, _ := r.R.Peek(s) +- for len(peek) > 0 { +- i := bytes.IndexByte(peek, '\n') +- if i < 3 { +- // Not present (-1) or found within the next few bytes, +- // implying we're at the end ("\r\n\r\n" or "\n\n") +- return ++ for len(peek) > 0 && n < 1000 { ++ var line []byte ++ line, peek, _ = bytes.Cut(peek, nl) ++ if len(line) == 0 || (len(line) == 1 && line[0] == '\r') { ++ // Blank line separating headers from the body. ++ break ++ } ++ if line[0] == ' ' || line[0] == '\t' { ++ // Folded continuation of the previous line. ++ continue + } + n++ +- peek = peek[i+1:] + } +- return ++ return n + } + + // CanonicalMIMEHeaderKey returns the canonical format of the +diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go +index 3124d43..3ae0de1 100644 +--- a/src/net/textproto/reader_test.go ++++ b/src/net/textproto/reader_test.go +@@ -9,6 +9,7 @@ import ( + "bytes" + "io" + "reflect" ++ "runtime" + "strings" + "testing" + ) +@@ -127,6 +128,42 @@ func TestReadMIMEHeaderSingle(t *testing.T) { + } + } + ++// TestReaderUpcomingHeaderKeys is testing an internal function, but it's very ++// difficult to test well via the external API. ++func TestReaderUpcomingHeaderKeys(t *testing.T) { ++ for _, test := range []struct { ++ input string ++ want int ++ }{{ ++ input: "", ++ want: 0, ++ }, { ++ input: "A: v", ++ want: 1, ++ }, { ++ input: "A: v\r\nB: v\r\n", ++ want: 2, ++ }, { ++ input: "A: v\nB: v\n", ++ want: 2, ++ }, { ++ input: "A: v\r\n continued\r\n still continued\r\nB: v\r\n\r\n", ++ want: 2, ++ }, { ++ input: "A: v\r\n\r\nB: v\r\nC: v\r\n", ++ want: 1, ++ }, { ++ input: "A: v" + strings.Repeat("\n", 1000), ++ want: 1, ++ }} { ++ r := reader(test.input) ++ got := r.upcomingHeaderKeys() ++ if test.want != got { ++ t.Fatalf("upcomingHeaderKeys(%q): %v; want %v", test.input, got, test.want) ++ } ++ } ++} ++ + func TestReadMIMEHeaderNoKey(t *testing.T) { + r := reader(": bar\ntest-1: 1\n\n") + m, err := r.ReadMIMEHeader() +@@ -223,6 +260,28 @@ func TestReadMIMEHeaderTrimContinued(t *testing.T) { + } + } + ++// Test that reading a header doesn't overallocate. Issue 58975. ++func TestReadMIMEHeaderAllocations(t *testing.T) { ++ var totalAlloc uint64 ++ const count = 200 ++ for i := 0; i < count; i++ { ++ r := reader("A: b\r\n\r\n" + strings.Repeat("\n", 4096)) ++ var m1, m2 runtime.MemStats ++ runtime.ReadMemStats(&m1) ++ _, err := r.ReadMIMEHeader() ++ if err != nil { ++ t.Fatalf("ReadMIMEHeader: %v", err) ++ } ++ runtime.ReadMemStats(&m2) ++ totalAlloc += m2.TotalAlloc - m1.TotalAlloc ++ } ++ // 32k is large and we actually allocate substantially less, ++ // but prior to the fix for #58975 we allocated ~400k in this case. ++ if got, want := totalAlloc/count, uint64(32768); got > want { ++ t.Fatalf("ReadMIMEHeader allocated %v bytes, want < %v", got, want) ++ } ++} ++ + type readResponseTest struct { + in string + inCode int +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch new file mode 100644 index 0000000000..502486befc --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch @@ -0,0 +1,208 @@ +From 07cc3b8711a8efbb5885f56dd90d854049ad2f7d Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <bracewell@google.com> +Date: Mon, 20 Mar 2023 11:01:13 -0700 +Subject: [PATCH] html/template: disallow actions in JS template literals + +ECMAScript 6 introduced template literals[0][1] which are delimited with +backticks. These need to be escaped in a similar fashion to the +delimiters for other string literals. Additionally template literals can +contain special syntax for string interpolation. + +There is no clear way to allow safe insertion of actions within JS +template literals, as handling (JS) string interpolation inside of these +literals is rather complex. As such we've chosen to simply disallow +template actions within these template literals. + +A new error code is added for this parsing failure case, errJsTmplLit, +but it is unexported as it is not backwards compatible with other minor +release versions to introduce an API change in a minor release. We will +export this code in the next major release. + +The previous behavior (with the cavet that backticks are now escaped +properly) can be re-enabled with GODEBUG=jstmpllitinterp=1. + +This change subsumes CL471455. + +Thanks to Sohom Datta, Manipal Institute of Technology, for reporting +this issue. + +Fixes CVE-2023-24538 +For #59234 +Fixes #59271 + +[0] https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals +[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals + +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802457 +Reviewed-by: Damien Neil <dneil@google.com> +Run-TryBot: Damien Neil <dneil@google.com> +Reviewed-by: Julie Qiu <julieqiu@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802612 +Run-TryBot: Roland Shoemaker <bracewell@google.com> +Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c +Reviewed-on: https://go-review.googlesource.com/c/go/+/481987 +Auto-Submit: Michael Knyszek <mknyszek@google.com> +TryBot-Result: Gopher Robot <gobot@golang.org> +Run-TryBot: Michael Knyszek <mknyszek@google.com> +Reviewed-by: Matthew Dempsky <mdempsky@google.com> + +Upstream-Status: Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b +CVE: CVE-2023-24538 +Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> +--- + src/html/template/context.go | 2 ++ + src/html/template/error.go | 13 +++++++++++++ + src/html/template/escape.go | 11 +++++++++++ + src/html/template/js.go | 2 ++ + src/html/template/jsctx_string.go | 9 +++++++++ + src/html/template/transition.go | 7 ++++++- + 6 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/src/html/template/context.go b/src/html/template/context.go +index f7d4849..0b65313 100644 +--- a/src/html/template/context.go ++++ b/src/html/template/context.go +@@ -116,6 +116,8 @@ const ( + stateJSDqStr + // stateJSSqStr occurs inside a JavaScript single quoted string. + stateJSSqStr ++ // stateJSBqStr occurs inside a JavaScript back quoted string. ++ stateJSBqStr + // stateJSRegexp occurs inside a JavaScript regexp literal. + stateJSRegexp + // stateJSBlockCmt occurs inside a JavaScript /* block comment */. +diff --git a/src/html/template/error.go b/src/html/template/error.go +index 0e52706..fd26b64 100644 +--- a/src/html/template/error.go ++++ b/src/html/template/error.go +@@ -211,6 +211,19 @@ const ( + // pipeline occurs in an unquoted attribute value context, "html" is + // disallowed. Avoid using "html" and "urlquery" entirely in new templates. + ErrPredefinedEscaper ++ ++ // errJSTmplLit: "... appears in a JS template literal" ++ // Example: ++ // <script>var tmpl = `{{.Interp}`</script> ++ // Discussion: ++ // Package html/template does not support actions inside of JS template ++ // literals. ++ // ++ // TODO(rolandshoemaker): we cannot add this as an exported error in a minor ++ // release, since it is backwards incompatible with the other minor ++ // releases. As such we need to leave it unexported, and then we'll add it ++ // in the next major release. ++ errJSTmplLit + ) + + func (e *Error) Error() string { +diff --git a/src/html/template/escape.go b/src/html/template/escape.go +index 8739735..ca078f4 100644 +--- a/src/html/template/escape.go ++++ b/src/html/template/escape.go +@@ -8,6 +8,7 @@ import ( + "bytes" + "fmt" + "html" ++ "internal/godebug" + "io" + "text/template" + "text/template/parse" +@@ -205,6 +206,16 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context { + c.jsCtx = jsCtxDivOp + case stateJSDqStr, stateJSSqStr: + s = append(s, "_html_template_jsstrescaper") ++ case stateJSBqStr: ++ debugAllowActionJSTmpl := godebug.Get("jstmpllitinterp") ++ if debugAllowActionJSTmpl == "1" { ++ s = append(s, "_html_template_jsstrescaper") ++ } else { ++ return context{ ++ state: stateError, ++ err: errorf(errJSTmplLit, n, n.Line, "%s appears in a JS template literal", n), ++ } ++ } + case stateJSRegexp: + s = append(s, "_html_template_jsregexpescaper") + case stateCSS: +diff --git a/src/html/template/js.go b/src/html/template/js.go +index ea9c183..b888eaf 100644 +--- a/src/html/template/js.go ++++ b/src/html/template/js.go +@@ -308,6 +308,7 @@ var jsStrReplacementTable = []string{ + // Encode HTML specials as hex so the output can be embedded + // in HTML attributes without further encoding. + '"': `\u0022`, ++ '`': `\u0060`, + '&': `\u0026`, + '\'': `\u0027`, + '+': `\u002b`, +@@ -331,6 +332,7 @@ var jsStrNormReplacementTable = []string{ + '"': `\u0022`, + '&': `\u0026`, + '\'': `\u0027`, ++ '`': `\u0060`, + '+': `\u002b`, + '/': `\/`, + '<': `\u003c`, +diff --git a/src/html/template/jsctx_string.go b/src/html/template/jsctx_string.go +index dd1d87e..2394893 100644 +--- a/src/html/template/jsctx_string.go ++++ b/src/html/template/jsctx_string.go +@@ -4,6 +4,15 @@ package template + + import "strconv" + ++func _() { ++ // An "invalid array index" compiler error signifies that the constant values have changed. ++ // Re-run the stringer command to generate them again. ++ var x [1]struct{} ++ _ = x[jsCtxRegexp-0] ++ _ = x[jsCtxDivOp-1] ++ _ = x[jsCtxUnknown-2] ++} ++ + const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown" + + var _jsCtx_index = [...]uint8{0, 11, 21, 33} +diff --git a/src/html/template/transition.go b/src/html/template/transition.go +index 06df679..92eb351 100644 +--- a/src/html/template/transition.go ++++ b/src/html/template/transition.go +@@ -27,6 +27,7 @@ var transitionFunc = [...]func(context, []byte) (context, int){ + stateJS: tJS, + stateJSDqStr: tJSDelimited, + stateJSSqStr: tJSDelimited, ++ stateJSBqStr: tJSDelimited, + stateJSRegexp: tJSDelimited, + stateJSBlockCmt: tBlockCmt, + stateJSLineCmt: tLineCmt, +@@ -262,7 +263,7 @@ func tURL(c context, s []byte) (context, int) { + + // tJS is the context transition function for the JS state. + func tJS(c context, s []byte) (context, int) { +- i := bytes.IndexAny(s, `"'/`) ++ i := bytes.IndexAny(s, "\"`'/") + if i == -1 { + // Entire input is non string, comment, regexp tokens. + c.jsCtx = nextJSCtx(s, c.jsCtx) +@@ -274,6 +275,8 @@ func tJS(c context, s []byte) (context, int) { + c.state, c.jsCtx = stateJSDqStr, jsCtxRegexp + case '\'': + c.state, c.jsCtx = stateJSSqStr, jsCtxRegexp ++ case '`': ++ c.state, c.jsCtx = stateJSBqStr, jsCtxRegexp + case '/': + switch { + case i+1 < len(s) && s[i+1] == '/': +@@ -303,6 +306,8 @@ func tJSDelimited(c context, s []byte) (context, int) { + switch c.state { + case stateJSSqStr: + specials = `\'` ++ case stateJSBqStr: ++ specials = "`\\" + case stateJSRegexp: + specials = `\/[]` + } +-- +2.7.4 diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch new file mode 100644 index 0000000000..fa19e18264 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch @@ -0,0 +1,53 @@ +From e49282327b05192e46086bf25fd3ac691205fe80 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <bracewell@google.com> +Date: Thu, 13 Apr 2023 15:40:44 -0700 +Subject: [PATCH] [release-branch.go1.19] html/template: disallow angle + brackets in CSS values + +Change-Id: Iccc659c9a18415992b0c05c178792228e3a7bae4 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1826636 +Reviewed-by: Julie Qiu <julieqiu@google.com> +Run-TryBot: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Damien Neil <dneil@google.com> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851496 +Run-TryBot: Damien Neil <dneil@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/491335 +Run-TryBot: Carlos Amedee <carlos@golang.org> +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> +TryBot-Result: Gopher Robot <gobot@golang.org> + +Upstream-Status: Backport [https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80] +CVE: CVE-2023-24539 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/html/template/css.go | 2 +- + src/html/template/css_test.go | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/html/template/css.go b/src/html/template/css.go +index 890a0c6b227fe..f650d8b3e843a 100644 +--- a/src/html/template/css.go ++++ b/src/html/template/css.go +@@ -238,7 +238,7 @@ func cssValueFilter(args ...any) string { + // inside a string that might embed JavaScript source. + for i, c := range b { + switch c { +- case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}': ++ case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}', '<', '>': + return filterFailsafe + case '-': + // Disallow <!-- or -->. +diff --git a/src/html/template/css_test.go b/src/html/template/css_test.go +index a735638b0314f..2b76256a766e9 100644 +--- a/src/html/template/css_test.go ++++ b/src/html/template/css_test.go +@@ -231,6 +231,8 @@ func TestCSSValueFilter(t *testing.T) { + {`-exp\000052 ession(alert(1337))`, "ZgotmplZ"}, + {`-expre\0000073sion`, "-expre\x073sion"}, + {`@import url evil.css`, "ZgotmplZ"}, ++ {"<", "ZgotmplZ"}, ++ {">", "ZgotmplZ"}, + } + for _, test := range tests { + got := cssValueFilter(test.css) diff --git a/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch b/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch new file mode 100644 index 0000000000..7e6e871e38 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch @@ -0,0 +1,93 @@ +From 2305cdb2aa5ac8e9960bd64e548a119c7dd87530 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <bracewell@google.com> +Date: Tue, 11 Apr 2023 16:27:43 +0100 +Subject: [PATCH] html/template: handle all JS whitespace characters + +Rather than just a small set. Character class as defined by \s [0]. + +Thanks to Juho Nurminen of Mattermost for reporting this. + +For #59721 +Fixes #59813 +Fixes CVE-2023-24540 + +[0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes + +Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459 +Reviewed-by: Julie Qiu <julieqiu@google.com> +Run-TryBot: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Damien Neil <dneil@google.com> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851497 +Run-TryBot: Damien Neil <dneil@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/491355 +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> +Reviewed-by: Carlos Amedee <carlos@golang.org> +TryBot-Bypass: Carlos Amedee <carlos@golang.org> +Run-TryBot: Carlos Amedee <carlos@golang.org> + +CVE: CVE-2023-24540 +Upstream-Status: Backport [https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797] + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + src/html/template/js.go | 8 +++++++- + src/html/template/js_test.go | 11 +++++++---- + 2 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/src/html/template/js.go b/src/html/template/js.go +index b888eaf..35994f0 100644 +--- a/src/html/template/js.go ++++ b/src/html/template/js.go +@@ -13,6 +13,11 @@ import ( + "unicode/utf8" + ) + ++// jsWhitespace contains all of the JS whitespace characters, as defined ++// by the \s character class. ++// See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions/Character_classes. ++const jsWhitespace = "\f\n\r\t\v\u0020\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff" ++ + // nextJSCtx returns the context that determines whether a slash after the + // given run of tokens starts a regular expression instead of a division + // operator: / or /=. +@@ -26,7 +31,8 @@ import ( + // JavaScript 2.0 lexical grammar and requires one token of lookbehind: + // https://www.mozilla.org/js/language/js20-2000-07/rationale/syntax.html + func nextJSCtx(s []byte, preceding jsCtx) jsCtx { +- s = bytes.TrimRight(s, "\t\n\f\r \u2028\u2029") ++ // Trim all JS whitespace characters ++ s = bytes.TrimRight(s, jsWhitespace) + if len(s) == 0 { + return preceding + } +diff --git a/src/html/template/js_test.go b/src/html/template/js_test.go +index d7ee47b..8f5d76d 100644 +--- a/src/html/template/js_test.go ++++ b/src/html/template/js_test.go +@@ -81,14 +81,17 @@ func TestNextJsCtx(t *testing.T) { + {jsCtxDivOp, "0"}, + // Dots that are part of a number are div preceders. + {jsCtxDivOp, "0."}, ++ // Some JS interpreters treat NBSP as a normal space, so ++ // we must too in order to properly escape things. ++ {jsCtxRegexp, "=\u00A0"}, + } + + for _, test := range tests { +- if nextJSCtx([]byte(test.s), jsCtxRegexp) != test.jsCtx { +- t.Errorf("want %s got %q", test.jsCtx, test.s) ++ if ctx := nextJSCtx([]byte(test.s), jsCtxRegexp); ctx != test.jsCtx { ++ t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx) + } +- if nextJSCtx([]byte(test.s), jsCtxDivOp) != test.jsCtx { +- t.Errorf("want %s got %q", test.jsCtx, test.s) ++ if ctx := nextJSCtx([]byte(test.s), jsCtxDivOp); ctx != test.jsCtx { ++ t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx) + } + } + +-- +2.40.0 + diff --git a/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch b/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch new file mode 100644 index 0000000000..fdb6307ab5 --- /dev/null +++ b/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch @@ -0,0 +1,31 @@ +From a94bf34221fc4519bd8ec72560c2d363ffe2de4c Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Mon, 23 May 2022 08:03:23 +0100 +Subject: [PATCH] [Support] Add missing <cstdint> header to Signals.h + +Without the change llvm build fails on this week's gcc-13 snapshot as: + + [ 0%] Building CXX object lib/Support/CMakeFiles/LLVMSupport.dir/Signals.cpp.o + In file included from llvm/lib/Support/Signals.cpp:14: + llvm/include/llvm/Support/Signals.h:119:8: error: variable or field 'CleanupOnSignal' declared void + 119 | void CleanupOnSignal(uintptr_t Context); + | ^~~~~~~~~~~~~~~ + +Upstream-Status: Backport [llvmorg-15.0.0 ff1681ddb303223973653f7f5f3f3435b48a1983] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + llvm/include/llvm/Support/Signals.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/llvm/include/llvm/Support/Signals.h b/llvm/include/llvm/Support/Signals.h +index 44f5a750ff5c..937e0572d4a7 100644 +--- a/llvm/include/llvm/Support/Signals.h ++++ b/llvm/include/llvm/Support/Signals.h +@@ -14,6 +14,7 @@ + #ifndef LLVM_SUPPORT_SIGNALS_H + #define LLVM_SUPPORT_SIGNALS_H + ++#include <cstdint> + #include <string> + + namespace llvm { diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_git.bb index 9400bf0821..cedbfb138e 100644 --- a/poky/meta/recipes-devtools/llvm/llvm_git.bb +++ b/poky/meta/recipes-devtools/llvm/llvm_git.bb @@ -32,6 +32,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \ file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ + file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \ " UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch b/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch new file mode 100644 index 0000000000..1bd49c9fd9 --- /dev/null +++ b/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch @@ -0,0 +1,104 @@ +From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001 +From: "H. Peter Anvin" <hpa@zytor.com> +Date: Mon, 7 Nov 2022 10:26:03 -0800 +Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault + +while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix, +introduce mempset() to make these kinds of errors less likely in the +future. + +Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815 +Reported-by: <13579and24680@gmail.com> +Signed-off-by: H. Peter Anvin <hpa@zytor.com> + +Upstream-Status: Backport +CVE: CVE-2022-4437 + +Reference to upstream patch: +[https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + asm/nasm.c | 12 +++++------- + configure.ac | 1 + + include/compiler.h | 7 +++++++ + 3 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/asm/nasm.c b/asm/nasm.c +index 7a7f8b4..675cff4 100644 +--- a/asm/nasm.c ++++ b/asm/nasm.c +@@ -1,6 +1,6 @@ + /* ----------------------------------------------------------------------- * + * +- * Copyright 1996-2020 The NASM Authors - All Rights Reserved ++ * Copyright 1996-2022 The NASM Authors - All Rights Reserved + * See the file AUTHORS included with the NASM distribution for + * the specific copyright holders. + * +@@ -814,8 +814,7 @@ static char *quote_for_pmake(const char *str) + } + + /* Convert N backslashes at the end of filename to 2N backslashes */ +- if (nbs) +- n += nbs; ++ n += nbs; + + os = q = nasm_malloc(n); + +@@ -824,10 +823,10 @@ static char *quote_for_pmake(const char *str) + switch (*p) { + case ' ': + case '\t': +- while (nbs--) +- *q++ = '\\'; ++ q = mempset(q, '\\', nbs); + *q++ = '\\'; + *q++ = *p; ++ nbs = 0; + break; + case '$': + *q++ = *p; +@@ -849,9 +848,8 @@ static char *quote_for_pmake(const char *str) + break; + } + } +- while (nbs--) +- *q++ = '\\'; + ++ q = mempset(q, '\\', nbs); + *q = '\0'; + + return os; +diff --git a/configure.ac b/configure.ac +index 39680b1..940ebe2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul) + AC_CHECK_FUNCS(iscntrl) + AC_CHECK_FUNCS(isascii) + AC_CHECK_FUNCS(mempcpy) ++AC_CHECK_FUNCS(mempset) + + AC_CHECK_FUNCS(getuid) + AC_CHECK_FUNCS(getgid) +diff --git a/include/compiler.h b/include/compiler.h +index db3d6d6..b64da6a 100644 +--- a/include/compiler.h ++++ b/include/compiler.h +@@ -256,6 +256,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n) + } + #endif + ++#ifndef HAVE_MEMPSET ++static inline void *mempset(void *dst, int c, size_t n) ++{ ++ return (char *)memset(dst, c, n) + n; ++} ++#endif ++ + /* + * Hack to support external-linkage inline functions + */ +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb index edc17aeebf..59b1121bd4 100644 --- a/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb +++ b/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://0001-stdlib-Add-strlcat.patch \ file://0002-Add-debug-prefix-map-option.patch \ + file://CVE-2022-44370.patch \ " SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0" diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch new file mode 100644 index 0000000000..1f7cbd0da1 --- /dev/null +++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch @@ -0,0 +1,29 @@ +From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001 +From: Stig Palmquist <git@stig.io> +Date: Tue, 28 Feb 2023 11:54:06 +0100 +Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server + identity + +Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0] + +CVE: CVE-2023-31484 + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm +index 4fc792c..a616fee 100644 +--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm ++++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm +@@ -32,6 +32,7 @@ sub mirror { + + my $want_proxy = $self->_want_proxy($uri); + my $http = HTTP::Tiny->new( ++ verify_SSL => 1, + $want_proxy ? (proxy => $self->{proxy}) : () + ); + +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/perl/perl_5.34.1.bb b/poky/meta/recipes-devtools/perl/perl_5.34.1.bb index 42bcb8b1bc..e0ee006e50 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.34.1.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.34.1.bb @@ -18,6 +18,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://determinism.patch \ file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ file://0001-Fix-build-with-gcc-12.patch \ + file://CVE-2023-31484.patch \ " SRC_URI:append:class-native = " \ file://perl-configpm-switch.patch \ diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch b/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch new file mode 100644 index 0000000000..5fc4878978 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch @@ -0,0 +1,49 @@ +From 9fbf84efc861668755ab645530ec7be9cf3c6696 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor <alex.gaynor@gmail.com> +Date: Tue, 7 Feb 2023 11:34:18 -0500 +Subject: [PATCH] Don't allow update_into to mutate immutable objects (#8230) + +CVE: CVE-2023-23931 + +Upstream-Status: Backport [https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- + tests/hazmat/primitives/test_ciphers.py | 8 ++++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py +index 286583f93..075d68fb9 100644 +--- a/src/cryptography/hazmat/backends/openssl/ciphers.py ++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py +@@ -156,7 +156,7 @@ class _CipherContext: + data_processed = 0 + total_out = 0 + outlen = self._backend._ffi.new("int *") +- baseoutbuf = self._backend._ffi.from_buffer(buf) ++ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) + baseinbuf = self._backend._ffi.from_buffer(data) + + while data_processed != total_data_len: +diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py +index 02127dd9c..bf3b047de 100644 +--- a/tests/hazmat/primitives/test_ciphers.py ++++ b/tests/hazmat/primitives/test_ciphers.py +@@ -318,6 +318,14 @@ class TestCipherUpdateInto: + with pytest.raises(ValueError): + encryptor.update_into(b"testing", buf) + ++ def test_update_into_immutable(self, backend): ++ key = b"\x00" * 16 ++ c = ciphers.Cipher(AES(key), modes.ECB(), backend) ++ encryptor = c.encryptor() ++ buf = b"\x00" * 32 ++ with pytest.raises((TypeError, BufferError)): ++ encryptor.update_into(b"testing", buf) ++ + @pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + AES(b"\x00" * 16), modes.GCM(b"\x00" * 12) +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb index 9ef5ff39c8..c3ae0c1ab9 100644 --- a/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb @@ -17,6 +17,7 @@ SRC_URI += " \ file://0001-Cargo.toml-specify-pem-version.patch \ file://0002-Cargo.toml-edition-2018-2021.patch \ file://fix-leak-metric.patch \ + file://CVE-2023-23931.patch \ " inherit pypi python_setuptools3_rust diff --git a/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch new file mode 100644 index 0000000000..35b4241bde --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch @@ -0,0 +1,63 @@ +From cd0128c0becd8729d0f8733bf42fbd333d51f833 Mon Sep 17 00:00:00 2001 +From: Nate Prewitt <nate.prewitt@gmail.com> +Date: Mon, 5 Jun 2023 09:31:36 +0000 +Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q + +CVE: CVE-2023-32681 + +Upstream-Status: Backport [https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + requests/sessions.py | 4 +++- + tests/test_requests.py | 20 ++++++++++++++++++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/requests/sessions.py b/requests/sessions.py +index 3f59cab..648cffa 100644 +--- a/requests/sessions.py ++++ b/requests/sessions.py +@@ -293,7 +293,9 @@ class SessionRedirectMixin(object): + except KeyError: + username, password = None, None + +- if username and password: ++ # urllib3 handles proxy authorization for us in the standard adapter. ++ # Avoid appending this to TLS tunneled requests where it may be leaked. ++ if not scheme.startswith('https') and username and password: + headers['Proxy-Authorization'] = _basic_auth_str(username, password) + + return new_proxies +diff --git a/tests/test_requests.py b/tests/test_requests.py +index 29b3aca..6a37777 100644 +--- a/tests/test_requests.py ++++ b/tests/test_requests.py +@@ -601,6 +601,26 @@ class TestRequests: + + assert sent_headers.get("Proxy-Authorization") == proxy_auth_value + ++ ++ @pytest.mark.parametrize( ++ "url,has_proxy_auth", ++ ( ++ ('http://example.com', True), ++ ('https://example.com', False), ++ ), ++ ) ++ def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth): ++ session = requests.Session() ++ proxies = { ++ 'http': 'http://test:pass@localhost:8080', ++ 'https': 'http://test:pass@localhost:8090', ++ } ++ req = requests.Request('GET', url) ++ prep = req.prepare() ++ session.rebuild_proxies(prep, proxies) ++ ++ assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth ++ + def test_basicauth_with_netrc(self, httpbin): + auth = ('user', 'pass') + wrong_auth = ('wronguser', 'wrongpass') +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb b/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb index af52b7caf5..635a6af31f 100644 --- a/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb +++ b/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb @@ -3,6 +3,8 @@ HOMEPAGE = "http://python-requests.org" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" +SRC_URI += "file://CVE-2023-32681.patch" + SRC_URI[sha256sum] = "68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61" inherit pypi setuptools3 diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index a6ee958e4b..7f2b52fa88 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -112,6 +112,11 @@ CVE_CHECK_IGNORE += "CVE-2007-0998" # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 CVE_CHECK_IGNORE += "CVE-2018-18438" +# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 +# https://bugzilla.redhat.com/show_bug.cgi?id=2167423 +# this bug related to windows specific. +CVE_CHECK_IGNORE += "CVE-2023-0664" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc index fce81016d8..72deb24915 100644 --- a/poky/meta/recipes-devtools/quilt/quilt.inc +++ b/poky/meta/recipes-devtools/quilt/quilt.inc @@ -14,6 +14,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quilt/quilt-${PV}.tar.gz \ file://0001-tests-Allow-different-output-from-mv.patch \ file://fix-grep-3.8.patch \ file://faildiff-order.patch \ + file://0001-test-Fix-a-race-condition-in-merge.test.patch \ " SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch" diff --git a/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch b/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch new file mode 100644 index 0000000000..01d4c8befc --- /dev/null +++ b/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch @@ -0,0 +1,48 @@ +From c1ce964f3e9312100a60f03c1e1fdd601e1911f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= + <congdanhqx@gmail.com> +Date: Tue, 28 Feb 2023 18:45:15 +0100 +Subject: [PATCH] test: Fix a race condition in merge.test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Just like commit 4dfe7f9, (test: Fix a race condition, 2023-01-20), +this fix a test race when stdout and stderr in any order. + +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=c1ce964f3e9312100a60f03c1e1fdd601e1911f2] +Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com> +Signed-off-by: Jean Delvare <jdelvare@suse.de> +--- + test/merge.test | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/test/merge.test b/test/merge.test +index c64b33d..2e67d4f 100644 +--- a/test/merge.test ++++ b/test/merge.test +@@ -39,8 +39,9 @@ Test the patch merging functionality of `quilt diff'. + > Applying patch %{P}c.diff + > Now at patch %{P}c.diff + +- $ quilt diff -P b.diff | grep -v "^\\(---\\|+++\\)" ++ $ quilt diff -P b.diff >/dev/null + > Warning: more recent patches modify files in patch %{P}b.diff ++ $ quilt diff -P b.diff 2>/dev/null | grep -v "^\\(---\\|+++\\)" + >~ Index: [^/]+/abc\.txt + > =================================================================== + > @@ -1,3 +1,3 @@ +@@ -49,8 +50,9 @@ Test the patch merging functionality of `quilt diff'. + > +b+ + > c + +- $ quilt diff --combine a.diff -P b.diff | grep -v "^\\(---\\|+++\\)" ++ $ quilt diff --combine a.diff -P b.diff >/dev/null + > Warning: more recent patches modify files in patch %{P}b.diff ++ $ quilt diff --combine a.diff -P b.diff 2>/dev/null | grep -v "^\\(---\\|+++\\)" + >~ Index: [^/]+/abc\.txt + > =================================================================== + > @@ -1,3 +1,3 @@ +-- +2.40.0 + diff --git a/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch new file mode 100644 index 0000000000..d611c41dcc --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch @@ -0,0 +1,68 @@ +From db4bb57d4af6d097a0c29490536793d95f1d8983 Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA <hsbt@ruby-lang.org> +Date: Mon, 24 Apr 2023 08:27:24 +0000 +Subject: [PATCH] Merge URI-0.12.1 + +CVE: CVE-2023-28755 + +Upstream-Status: Backport [https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/uri/rfc3986_parser.rb | 4 ++-- + lib/uri/version.rb | 2 +- + test/uri/test_common.rb | 11 +++++++++++ + 3 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb +index 3e07de4..3c89311 100644 +--- a/lib/uri/rfc3986_parser.rb ++++ b/lib/uri/rfc3986_parser.rb +@@ -3,8 +3,8 @@ module URI + class RFC3986_Parser # :nodoc: + # URI defined in RFC3986 + # this regexp is modified not to host is not empty string +- RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/ +- RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/ ++ RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/ ++ RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/ + attr_reader :regexp + + def initialize +diff --git a/lib/uri/version.rb b/lib/uri/version.rb +index 82188e2..7497a7d 100644 +--- a/lib/uri/version.rb ++++ b/lib/uri/version.rb +@@ -1,6 +1,6 @@ + module URI + # :stopdoc: +- VERSION_CODE = '001100'.freeze ++ VERSION_CODE = '001201'.freeze + VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze + # :startdoc: + end +diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb +index 5e30cda..1d34783 100644 +--- a/test/uri/test_common.rb ++++ b/test/uri/test_common.rb +@@ -78,6 +78,17 @@ class TestCommon < Test::Unit::TestCase + assert_raise(NoMethodError) { Object.new.URI("http://www.ruby-lang.org/") } + end + ++ def test_parse_timeout ++ pre = ->(n) { ++ 'https://example.com/dir/' + 'a' * (n * 100) + '/##.jpg' ++ } ++ assert_linear_performance((1..10).map {|i| i * 100}, rehearsal: 1000, pre: pre) do |uri| ++ assert_raise(URI::InvalidURIError) do ++ URI.parse(uri) ++ end ++ end ++ end ++ + def test_encode_www_form_component + assert_equal("%00+%21%22%23%24%25%26%27%28%29*%2B%2C-.%2F09%3A%3B%3C%3D%3E%3F%40" \ + "AZ%5B%5C%5D%5E_%60az%7B%7C%7D%7E", +-- +2.35.5 + diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 92efc5db91..72030508dd 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -30,6 +30,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ file://CVE-2023-28756.patch \ + file://CVE-2023-28755.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service index 7f72f3388a..b6b81d5c1a 100644 --- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service +++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service @@ -1,7 +1,7 @@ [Unit] Description=Run pending postinsts DefaultDependencies=no -After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount +After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service Before=sysinit.target [Service] diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch new file mode 100644 index 0000000000..4b96e4316c --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch @@ -0,0 +1,39 @@ +From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001 +From: Stefano Babic <sbabic@denx.de> +Date: Fri, 28 Jul 2017 13:20:52 +0200 +Subject: [PATCH] Wrong CRC with ASCII CRC for large files + +Due to signedness, the checksum is not computed when filesize is bigger +a 2GB. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html] +Signed-off-by: Stefano Babic <sbabic@denx.de> +--- + src/copyout.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..727aeca 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -34,13 +34,13 @@ + compute and return a checksum for them. */ + + static uint32_t +-read_for_checksum (int in_file_des, int file_size, char *file_name) ++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name) + { + uint32_t crc; + char buf[BUFSIZ]; +- int bytes_left; +- int bytes_read; +- int i; ++ unsigned int bytes_left; ++ unsigned int bytes_read; ++ unsigned int i; + + crc = 0; + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index e72a114de9..dd3541096f 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ file://CVE-2021-38185.patch \ + file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch new file mode 100644 index 0000000000..9b057d609a --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch @@ -0,0 +1,60 @@ +From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Fri, 24 Mar 2023 13:19:57 +0000 +Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding + +Bug #706494 "Buffer Overflow in s_xBCPE_process" + +As described in detail in the bug report, if the write buffer is filled +to one byte less than full, and we then try to write an escaped +character, we overrun the buffer because we don't check before +writing two bytes to it. + +This just checks if we have two bytes before starting to write an +escaped character and exits if we don't (replacing the consumed byte +of the input). + +Up for further discussion; why do we even permit a BCP encoding filter +anyway ? I think we should remove this, at least when SAFER is true. +--- +CVE: CVE-2023-28879 + +Upstream-Status: Backport [see text] + +git://git.ghostscript.com/ghostpdl +cherry-pick + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- + base/sbcp.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/sbcp.c b/base/sbcp.c +index 979ae0992..47fc233ec 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2001-2021 Artifex Software, Inc. ++/* Copyright (C) 2001-2023 Artifex Software, Inc. + All Rights Reserved. + + This software is provided AS-IS with no warranty, either express or +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 365420fb64..f29c57beea 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://CVE-2022-2085.patch \ + file://cve-2023-28879.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index acc84de9da..ffcc103112 100644 --- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -7,11 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665" DEPENDS = "e2fsprogs-native" -PACKAGECONFIG ?= "zlib bz2 xz lzo zstd" - -PACKAGECONFIG:append:class-target = "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \ -" +PACKAGECONFIG ?= "zlib bz2 xz lzo zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}" DEPENDS_BZIP2 = "bzip2-replacement-native" DEPENDS_BZIP2:class-target = "bzip2" diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch new file mode 100644 index 0000000000..94dcb04f0a --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch @@ -0,0 +1,108 @@ +From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 +From: Per Jessen <per@jessen.ch> +Date: Fri, 22 Apr 2022 18:15:36 +0200 +Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype + +When using scandir() to look for MOTD files to display, we wrongly +relied on all filesystems providing a filetype. This is a fix to divert +to lstat() when we have no filetype. To maintain MT safety, it isn't +possible to use lstat() in the scandir() filter function, so all of the +filtering has been moved to an additional loop after scanning all the +motd dirs. +Also, remove superfluous alphasort from scandir(), we are doing +a qsort() later. + +Resolves: https://github.com/linux-pam/linux-pam/issues/455 + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] + +Signed-off-by: Per Jessen <per@jessen.ch> +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- + 1 file changed, 40 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 6ac8cba2..5ca486e4 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) + } + } + +-static int filter_dirents(const struct dirent *d) +-{ +- return (d->d_type == DT_REG || d->d_type == DT_LNK); +-} +- + static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) + { +@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + + for (i = 0; i < num_motd_dirs; i++) { + int rv; +- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), +- filter_dirents, alphasort); ++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", +@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + if (dirscans_size_total == 0) + goto out; + ++ /* filter out unwanted names, directories, and complement data with lstat() */ ++ for (i = 0; i < num_motd_dirs; i++) { ++ struct dirent **d = dirscans[i]; ++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { ++ int rc; ++ char *fullpath; ++ struct stat s; ++ ++ switch(d[j]->d_type) { /* the filetype determines how to proceed */ ++ case DT_REG: /* regular files and */ ++ case DT_LNK: /* symlinks */ ++ continue; /* are good. */ ++ case DT_UNKNOWN: /* for file systems that do not provide */ ++ /* a filetype, we use lstat() */ ++ if (join_dir_strings(&fullpath, motd_dir_path_split[i], ++ d[j]->d_name) <= 0) ++ break; ++ rc = lstat(fullpath, &s); ++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ ++ if (rc != 0) /* if the lstat() somehow failed */ ++ break; ++ ++ if (S_ISREG(s.st_mode) || /* regular files and */ ++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ ++ break; ++ case DT_DIR: /* We don't want directories */ ++ default: /* nor anything else */ ++ break; ++ } ++ _pam_drop(d[j]); /* free memory */ ++ d[j] = NULL; /* indicate this one was dropped */ ++ dirscans_size_total--; ++ } ++ } ++ + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); +@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { +- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; +- i_dirnames++; ++ if (NULL != dirscans[i][j]) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } + } + } + +-- +2.39.0 + diff --git a/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..3a12f7a3ed --- /dev/null +++ b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch @@ -0,0 +1,80 @@ +From e806a902cc90a0b87da00854de8d5fd8222540fc Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov <pkopylov@> +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. + +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] +CVE: CVE-2023-33204 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@...> +Signed-off-by: Sanjay Chitroda <schitrod@...> +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common.c | 18 ++++++++++-------- + common.h | 2 +- + sa_common.c | 4 ++-- + 3 files changed, 13 insertions(+), 11 deletions(-) + +diff --git a/common.c b/common.c +index db9b0ed..e05c5bb 100644 +--- a/common.c ++++ b/common.c +@@ -1640,17 +1640,19 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + * @val3 Third value. + *************************************************************************** + */ +-void check_overflow(size_t val1, size_t val2, size_t val3) ++void check_overflow(unsigned int val1, unsigned int val2, ++ unsigned int val3) + { +- if ((unsigned long long) val1 * +- (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 < ++ (unsigned long long) val2) || ++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < ++ (unsigned long long) val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, +- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif +- exit(4); ++ exit(4); + } + } + +diff --git a/common.h b/common.h +index 0ac5896..b2ffe9f 100644 +--- a/common.h ++++ b/common.h +@@ -256,7 +256,7 @@ int check_dir + + #ifndef SOURCE_SADC + void check_overflow +- (size_t, size_t, size_t); ++ (unsigned int, unsigned int, unsigned int); + int count_bits + (void *, int); + int count_csvalues +diff --git a/sa_common.c b/sa_common.c +index 1b8fcaa..1144cfe 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -452,8 +452,8 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, +- (size_t) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb index 3a3d1fb6ba..f8a950e8a2 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb +++ b/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb @@ -3,6 +3,7 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ - file://CVE-2022-39377.patch" - + file://CVE-2022-39377.patch \ + file://CVE-2023-33204.patch \ + " SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" diff --git a/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch new file mode 100644 index 0000000000..f600309d3e --- /dev/null +++ b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch @@ -0,0 +1,41 @@ +From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Mon, 14 Nov 2022 19:18:19 +0100 +Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer + overflow. + +Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462 + +Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611] +CVE: CVE-2023-2004 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/truetype/ttgxvar.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c +index 7f2db0c..8968111 100644 +--- a/src/truetype/ttgxvar.c ++++ b/src/truetype/ttgxvar.c +@@ -42,6 +42,7 @@ + #include <ft2build.h> + #include <freetype/internal/ftdebug.h> + #include FT_CONFIG_CONFIG_H ++#include <freetype/internal/ftcalc.h> + #include <freetype/internal/ftstream.h> + #include <freetype/internal/sfnt.h> + #include <freetype/tttags.h> +@@ -1147,7 +1148,7 @@ + delta == 1 ? "" : "s", + vertical ? "VVAR" : "HVAR" )); + +- *avalue += delta; ++ *avalue = ADD_INT( *avalue, delta ); + + Exit: + return error; +-- +2.25.1 + diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb index d425e162bc..29f4d8dfb7 100644 --- a/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -16,6 +16,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27404.patch \ file://CVE-2022-27405.patch \ file://CVE-2022-27406.patch \ + file://CVE-2023-2004.patch \ " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch b/poky/meta/recipes-graphics/piglit/piglit/0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch index 5d6ec368ba..5d6ec368ba 100644 --- a/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch +++ b/poky/meta/recipes-graphics/piglit/piglit/0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch diff --git a/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch b/poky/meta/recipes-graphics/piglit/piglit/0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch index 16c7c5c803..16c7c5c803 100644 --- a/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch +++ b/poky/meta/recipes-graphics/piglit/piglit/0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch diff --git a/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch b/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch new file mode 100644 index 0000000000..ef6fda0f4e --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch @@ -0,0 +1,32 @@ +From 13ff43fe760ac343b33d8e8c84b89886aac07116 Mon Sep 17 00:00:00 2001 +From: Tom Hochstein <tom.hochstein@nxp.com> +Date: Fri, 3 Jun 2022 10:44:29 -0500 +Subject: [PATCH] cmake: Don't enable GLX if tests are disabled + +Allow building for systems that don't support GLX. + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/piglit/-/merge_requests/720] +Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> +--- + CMakeLists.txt | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e1aeb5ddf..85e171aba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -134,10 +134,7 @@ if(PIGLIT_BUILD_CL_TESTS) + endif(PIGLIT_BUILD_CL_TESTS) + + IF(${CMAKE_SYSTEM_NAME} MATCHES "Linux") +- if(X11_FOUND AND OPENGL_gl_LIBRARY) +- # Assume the system has GLX. In the future, systems may exist +- # with libGL and libX11 but no GLX, but that world hasn't +- # arrived yet. ++ if(X11_FOUND AND OPENGL_gl_LIBRARY AND PIGLIT_BUILD_GLX_TESTS) + set(PIGLIT_HAS_GLX True) + add_definitions(-DPIGLIT_HAS_GLX) + endif() +-- +2.17.1 + diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb index 3ae7a14e46..78a5d6248a 100644 --- a/poky/meta/recipes-graphics/piglit/piglit_git.bb +++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb @@ -8,10 +8,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0" SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=main \ file://0001-cmake-install-bash-completions-in-the-right-place.patch \ - file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \ file://0001-Add-a-missing-include-for-htobe32-definition.patch \ - file://0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \ - " + file://0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \ + file://0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \ + file://0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch" + UPSTREAM_CHECK_COMMITS = "1" SRCREV = "2f80c7cc9c02d37574dc8ba3140b7dd8eb3cbf82" @@ -36,10 +37,12 @@ REQUIRED_DISTRO_FEATURES += "opengl" export TEMP = "${B}/temp/" do_compile[dirs] =+ "${B}/temp/" -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}" PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut," +PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF" +PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd" PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}" -PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader" +PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,glslang-native vulkan-loader,glslang" export PIGLIT_BUILD_DIR = "../../../../git" diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch index 1b62db92e9..4b3a0e7c4a 100644 --- a/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch +++ b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch @@ -1,4 +1,4 @@ -From 2195cec1e5bc66128d72049c11ff381ca4516a4b Mon Sep 17 00:00:00 2001 +From 0961787d2bf0d359a3ead89e9cec642818b32dea Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Tue, 5 Jul 2022 11:51:39 +0200 Subject: [PATCH] meson.build: request native wayland-scanner @@ -8,15 +8,16 @@ try to use a cross-binary, and fail. Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/waffle/-/merge_requests/110] Signed-off-by: Alexander Kanavin <alex@linutronix.de> + --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build -index 0bb6128..0b6da1f 100644 +index ca6a212..3177bde 100644 --- a/meson.build +++ b/meson.build -@@ -108,7 +108,7 @@ else +@@ -110,7 +110,7 @@ else 'wayland-egl', version : '>= 9.1', required : get_option('wayland'), ) dep_wayland_scanner = dependency( @@ -24,4 +25,4 @@ index 0bb6128..0b6da1f 100644 + 'wayland-scanner', version : '>= 1.15', required : get_option('wayland'), native: true, ) if dep_wayland_scanner.found() - prog_wayland_scanner = find_program(dep_wayland_scanner.get_pkgconfig_variable('wayland_scanner')) + prog_wayland_scanner = find_program(dep_wayland_scanner.get_variable(pkgconfig: 'wayland_scanner')) diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch index 24b2de5d9c..60e6318f7a 100644 --- a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch +++ b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch @@ -1,4 +1,4 @@ -From 7610ec4b572d3a54d30fca6798f0c406f3fd8a46 Mon Sep 17 00:00:00 2001 +From 71f9399d6cea1e2e885a98b98d82eb628832a86e Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Tue, 26 Oct 2021 08:52:17 +0200 Subject: [PATCH] waffle: do not make core protocol into the library @@ -9,28 +9,13 @@ wayland.xml from the host. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex@linutronix.de> + --- - meson.build | 4 ---- src/waffle/meson.build | 7 ------- - 2 files changed, 11 deletions(-) + 1 file changed, 7 deletions(-) -diff --git a/meson.build b/meson.build -index ffc02ff..0bb6128 100644 ---- a/meson.build -+++ b/meson.build -@@ -104,10 +104,6 @@ else - dep_wayland_client = dependency( - 'wayland-client', version : '>= 1.10', required : get_option('wayland'), - ) -- if dep_wayland_client.found() -- wayland_core_xml = join_paths(dep_wayland_client.get_pkgconfig_variable('pkgdatadir'), -- 'wayland.xml') -- endif - dep_wayland_egl = dependency( - 'wayland-egl', version : '>= 9.1', required : get_option('wayland'), - ) diff --git a/src/waffle/meson.build b/src/waffle/meson.build -index 01898c8..6245868 100644 +index e2636c7..3ff5762 100644 --- a/src/waffle/meson.build +++ b/src/waffle/meson.build @@ -88,12 +88,6 @@ if build_surfaceless diff --git a/poky/meta/recipes-graphics/waffle/waffle_1.7.0.bb b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb index dc475908d0..cb917d8894 100644 --- a/poky/meta/recipes-graphics/waffle/waffle_1.7.0.bb +++ b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb @@ -9,16 +9,16 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \ file://include/waffle-1/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf" -SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=master \ +SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.7 \ file://0001-waffle-do-not-make-core-protocol-into-the-library.patch \ file://0001-meson.build-request-native-wayland-scanner.patch \ " -SRCREV = "905c6c10f2483adf0cbfa024e2d3c2ed541fb300" +SRCREV = "f3b42a7216105498842bc6ba77d8481b90d6f5f9" S = "${WORKDIR}/git" inherit meson features_check lib_package bash-completion pkgconfig -DEPENDS:append = " python3 cmake-native" +DEPENDS:append = " python3" # This should be overridden per-machine to reflect the capabilities of the GL # stack. @@ -47,5 +47,5 @@ PACKAGECONFIG[surfaceless-egl] = "-Dsurfaceless_egl=enabled,-Dsurfaceless_egl=di # TODO: optionally build manpages and examples do_install:append() { - sed -i -e "s,${WORKDIR},,g" ${D}/${libdir}/cmake/Waffle/WaffleConfig.cmake + rm -rf ${D}${datadir}/zsh } diff --git a/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb index f81a33fd1e..e09f94d9bb 100644 --- a/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb +++ b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb @@ -74,7 +74,7 @@ PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp" # Weston with systemd-login support PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus" # Weston with Xwayland support (requires X11 and Wayland) -PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false" +PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,xwayland" # colord CMS support PACKAGECONFIG[colord] = "-Dcolor-management-colord=true,-Dcolor-management-colord=false,colord" # Clients support diff --git a/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb b/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.15.bb index 4f0a5d7ba0..22e322a9eb 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.15.bb @@ -11,17 +11,19 @@ an extension of the monochrome XBM bitmap specificied in the X \ protocol." LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=51f4270b012ecd4ab1a164f5f4ed6cf7" +LIC_FILES_CHKSUM = "file://COPYING;md5=903942ebc9d807dfb68540f40bae5aff" DEPENDS += "libxext libsm libxt gettext-native" PE = "1" XORG_PN = "libXpm" +XORG_EXT = "tar.xz" +EXTRA_OECONF += "--disable-open-zfile" PACKAGES =+ "sxpm cxpm" FILES:cxpm = "${bindir}/cxpm" FILES:sxpm = "${bindir}/sxpm" -SRC_URI[md5sum] = "6f0ecf8d103d528cfc803aa475137afa" -SRC_URI[sha256sum] = "9cd1da57588b6cb71450eff2273ef6b657537a9ac4d02d0014228845b935ac25" +SRC_URI[md5sum] = "b3c58c94e284fd6940d3615e660a0007" +SRC_URI[sha256sum] = "60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc b/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc index 60bc8c76fa..68137c4147 100644 --- a/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc +++ b/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc @@ -6,8 +6,9 @@ LICENSE = "MIT" DEPENDS = "util-macros" XORG_PN = "${BPN}" +XORG_EXT ?= "tar.bz2" -SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.bz2" +SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.${XORG_EXT}" S = "${WORKDIR}/${XORG_PN}-${PV}" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index 212c7d39c2..19db7ea434 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb" +SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb index bf5d4f54e6..7412c022ba 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb @@ -108,7 +108,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ - file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENCE.qat_firmware;md5=72de83dfd9b87be7685ed099a39fbea4 \ file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22" +WHENCE_CHKSUM = "0782deea054d4b1b7f10c92c3a245da4" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a" +SRC_URI[sha256sum] = "c3f9ad2bb5311cce2490f37a8052f836703d6936aabd840246b6576f1f71f607" inherit allarch diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion.inc b/poky/meta/recipes-kernel/linux/cve-exclusion.inc new file mode 100644 index 0000000000..45b7a3dffe --- /dev/null +++ b/poky/meta/recipes-kernel/linux/cve-exclusion.inc @@ -0,0 +1,875 @@ +# Kernel CVE exclusion file + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 +CVE_CHECK_IGNORE += "CVE-2021-3759" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4135 +# Patched in kernel since v5.16 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 +# Backported in version v5.4.168 699e794c12a3cd79045ff135bc87a53b97024e43 +# Backported in version v5.10.88 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8 +# Backported in version v5.15.11 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0 +CVE_CHECK_IGNORE += "CVE-2021-4135" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4155 +# Patched in kernel since v5.16 983d8e60f50806f90534cc5373d0ce867e5aaf79 +# Backported in version v5.4.171 102af6edfd3a372db6e229177762a91f552e5f5e +# Backported in version v5.10.91 16d8568378f9ee2d1e69216d39961aa72710209f +# Backported in version v5.15.14 b0e72ba9e520b95346e68800afff0db65e766ca8 +CVE_CHECK_IGNORE += "CVE-2021-4155" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-0168 +# Patched in kernel since v5.18 b92e358757b91c2827af112cae9af513f26a3f34 +# Backported in version v5.10.110 9963ccea6087268e1275b992dca5d0dd4b938765 +# Backported in version v5.15.33 f143f8334fb9eb2f6c7c15b9da1472d9c965fd84 +CVE_CHECK_IGNORE += "CVE-2022-0168" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-0171 +# Patched in kernel since v5.18 683412ccf61294d727ead4a73d97397396e69a6b +# Backported in version v5.10.146 a60babeb60ff276963d4756c7fd2e7bf242bb777 +# Backported in version v5.15.70 39b0235284c7aa33a64e07b825add7a2c108094a +CVE_CHECK_IGNORE += "CVE-2022-0171" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1016 +# Patched in kernel since v5.18 4c905f6740a365464e91467aa50916555b28213d +# Backported in version v5.4.188 06f0ff82c70241a766a811ae1acf07d6e2734dcb +# Backported in version v5.10.109 2c74374c2e88c7b7992bf808d9f9391f7452f9d9 +# Backported in version v5.15.32 fafb904156fbb8f1dd34970cd5223e00b47c33be +CVE_CHECK_IGNORE += "CVE-2022-1016" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 +# Patched in kernel since v6.1 61a1d87a324ad5e3ed27c6699dfc93218fcf3201 +# Backported in version v5.10.150 483831ad0440f62c10d1707c97ce824bd82d98ae +# Backported in version v5.15.75 dd366295d1eca557e7a9000407ec3952f691d27b +# Backported in version v5.19.17 edb71f055684f9023fd97e2f85c6f31380d163c1 +CVE_CHECK_IGNORE += "CVE-2022-1184" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1198 +# Patched in kernel since v5.17 efe4186e6a1b54bf38b9e05450d43b0da1fd7739 +# Backported in version v5.4.189 28c8fd84bea13cbf238d7b19d392de2fcc31331c +# Backported in version v5.10.110 f67a1400788f550d201c71aeaf56706afe57f0da +# Backported in version v5.15.33 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1 +CVE_CHECK_IGNORE += "CVE-2022-1198" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1199 +# Patched in kernel since v5.17 71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac +# Backported in version v5.4.185 0a64aea5fe023cf1e4973676b11f49038b1f045b +# Backported in version v5.10.106 e2201ef32f933944ee02e59205adb566bafcdf91 +# Backported in version v5.15.29 46ad629e58ce3a88c924ff3c5a7e9129b0df5659 +CVE_CHECK_IGNORE += "CVE-2022-1199" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_CHECK_IGNORE += "CVE-2022-1462" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1734 +# Patched in kernel since v5.18 d270453a0d9ec10bb8a802a142fb1b3601a83098 +# Backported in version v5.4.193 33d3e76fc7a7037f402246c824d750542e2eb37f +# Backported in version v5.10.115 1961c5a688edb53fe3bc25cbda57f47adf12563c +# Backported in version v5.15.39 b8f2b836e7d0a553b886654e8b3925a85862d2eb +CVE_CHECK_IGNORE += "CVE-2022-1734" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1852 +# Patched in kernel since v5.19 fee060cd52d69c114b62d1a2948ea9648b5131f9 +# Backported in version v5.10.120 3d8fc6e28f321d753ab727e3c3e740daf36a8fa3 +# Backported in version v5.15.45 531d1070d864c78283b7597449e60ddc53319d88 +CVE_CHECK_IGNORE += "CVE-2022-1852" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1882 +# Patched in kernel since v5.19 353f7988dd8413c47718f7ca79c030b6fb62cfe5 +# Backported in version v5.10.134 0adf21eec59040b31af113e626efd85eb153c728 +# Backported in version v5.15.58 ba3a8af8a21a81cfd0c8c689a81261caba934f97 +CVE_CHECK_IGNORE += "CVE-2022-1882" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1998 +# Patched in kernel since v5.17 ee12595147ac1fbfb5bcb23837e26dd58d94b15d +# Backported in version v5.10.97 7b4741644cf718c422187e74fb07661ef1d68e85 +# Backported in version v5.15.20 60765e43e40fbf7a1df828116172440510fcc3e4 +CVE_CHECK_IGNORE += "CVE-2022-1998" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2078 +# Patched in kernel since v5.19 fecf31ee395b0295f2d7260aa29946b7605f7c85 +# Backported in version v5.10.120 c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048 +# Backported in version v5.15.45 89ef50fe03a55feccf5681c237673a2f98161161 +CVE_CHECK_IGNORE += "CVE-2022-2078" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 +# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 +# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b +# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 +# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 +# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 +CVE_CHECK_IGNORE += "CVE-2022-2196" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2318 +# Patched in kernel since v5.19 9cc02ede696272c5271a401e4f27c262359bc2f6 +# Backported in version v5.4.204 bb91556d2af066f8ca2e7fd8e334d652e731ee29 +# Backported in version v5.10.129 8f74cb27c2b4872fd14bf046201fa7b36a46885e +# Backported in version v5.15.53 659d39545260100628d8a30020d09fb6bf63b915 +CVE_CHECK_IGNORE += "CVE-2022-2318" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2380 +# Patched in kernel since v5.18 bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 +# Backported in version v5.4.189 478154be3a8c21ff106310bb1037b1fc9d81dc62 +# Backported in version v5.10.110 72af8810922eb143ed4f116db246789ead2d8543 +# Backported in version v5.15.33 46cdbff26c88fd75dccbf28df1d07cbe18007eac +CVE_CHECK_IGNORE += "CVE-2022-2380" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2503 +# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5 +# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58 +# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133 +# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853 +CVE_CHECK_IGNORE += "CVE-2022-2503" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 +# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e +# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2 +# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d +# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4 +# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351 +CVE_CHECK_IGNORE += "CVE-2022-2663" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2873 +# Patched in kernel since v6.2 39244cc754829bf707dccd12e2ce37510f5b1f8d +# Backported in version v5.4.229 cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd +# Backported in version v5.10.163 9ac541a0898e8ec187a3fa7024b9701cffae6bf2 +# Backported in version v5.15.86 96c12fd0ec74641295e1c3c34dea3dce1b6c3422 +# Backported in version v6.1.2 233348a04becf133283f0076e20b317302de21d9 +CVE_CHECK_IGNORE += "CVE-2022-2873" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2905 +# Patched in kernel since v6.0 a657182a5c5150cdfacb6640aad1d2712571a409 +# Backported in version v5.10.140 e8979807178434db8ceaa84dfcd44363e71e50bb +# Backported in version v5.15.64 4f672112f8665102a5842c170be1713f8ff95919 +# Backported in version v5.19.6 a36df92c7ff7ecde2fb362241d0ab024dddd0597 +CVE_CHECK_IGNORE += "CVE-2022-2905" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2959 +# Patched in kernel since v5.19 189b0ddc245139af81198d1a3637cac74f96e13a +# Backported in version v5.10.120 8fbd54ab06c955d247c1a91d5d980cddc868f1e7 +# Backported in version v5.15.45 cf2fbc56c478a34a68ff1fa6ad08460054dfd499 +CVE_CHECK_IGNORE += "CVE-2022-2959" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3028 +# Patched in kernel since v6.0 ba953a9d89a00c078b85f4b190bc1dde66fe16b5 +# Backported in version v5.4.212 8ee27a4f0f1ad36d430221842767880df6494147 +# Backported in version v5.10.140 c5c4d4c9806dadac7bc82f9c29ef4e1b78894775 +# Backported in version v5.15.64 103bd319c0fc90f1cb013c3a508615e6df8af823 +# Backported in version v5.19.6 6901885656c029c976498290b52f67f2c251e6a0 +CVE_CHECK_IGNORE += "CVE-2022-3028" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3078 +# Patched in kernel since v5.18 e6a21a14106d9718aa4f8e115b1e474888eeba44 +# Backported in version v5.10.110 663e7a72871f89f7a10cc8d7b2f17f27c64e071d +# Backported in version v5.15.33 9dd2fd7a1f84c947561af29424c5ddcecfcf2cbe +CVE_CHECK_IGNORE += "CVE-2022-3078" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3104 +# Patched in kernel since v5.19 4a9800c81d2f34afb66b4b42e0330ae8298019a2 +# Backported in version v5.10.122 56ac04f35fc5dc8b5b67a1fa2f7204282aa887d5 +# Backported in version v5.15.47 1aeeca2b8397e3805c16a4ff26bf3cc8485f9853 +CVE_CHECK_IGNORE += "CVE-2022-3104" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3105 +# Patched in kernel since v5.16 7694a7de22c53a312ea98960fcafc6ec62046531 +# Backported in version v5.4.171 7646a340b25bb68cfb6d2e087a608802346d0f7b +# Backported in version v5.10.91 16e5cad6eca1e506c38c39dc256298643fa1852a +# Backported in version v5.15.14 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4 +CVE_CHECK_IGNORE += "CVE-2022-3105" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3106 +# Patched in kernel since v5.16 407ecd1bd726f240123f704620d46e285ff30dd9 +# Backported in version v5.10.88 734a3f3106053ee41cecae2a995b3d4d0c246764 +# Backported in version v5.15.11 9a77c02d1d2147a76bd187af1bf5a34242662d12 +CVE_CHECK_IGNORE += "CVE-2022-3106" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3107 +# Patched in kernel since v5.17 886e44c9298a6b428ae046e2fa092ca52e822e6a +# Backported in version v5.4.187 b01e2df5fbf68719dfb8e766c1ca6089234144c2 +# Backported in version v5.10.108 9b763ceda6f8963cc99df5772540c54ba46ba37c +# Backported in version v5.15.31 ab0ab176183191cffc69fe9dd8ac6c8db23f60d3 +CVE_CHECK_IGNORE += "CVE-2022-3107" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3111 +# Patched in kernel since v5.18 6dee930f6f6776d1e5a7edf542c6863b47d9f078 +# Backported in version v5.4.189 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa +# Backported in version v5.10.110 48d23ef90116c8c702bfa4cad93744e4e5588d7d +# Backported in version v5.15.33 4124966fbd95eeecca26d52433f393e2b9649a33 +CVE_CHECK_IGNORE += "CVE-2022-3111" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3112 +# Patched in kernel since v5.18 c8c80c996182239ff9b05eda4db50184cf3b2e99 +# Backported in version v5.10.110 032b141a91a82a5f0107ce664a35b201e60c5ce1 +# Backported in version v5.15.33 b0b890dd8df3b9a2fe726826980b1cffe17b9679 +CVE_CHECK_IGNORE += "CVE-2022-3112" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3113 +# Patched in kernel since v5.18 e25a89f743b18c029bfbe5e1663ae0c7190912b0 +# Backported in version v5.10.110 bc2573abc691a269b54a6c14a2660f26d88876a5 +# Backported in version v5.15.33 0022dc8cafa5fcd156da8ae7bfc9ca99497bdffc +CVE_CHECK_IGNORE += "CVE-2022-3113" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3115 +# Patched in kernel since v5.19 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33 +# Backported in version v5.4.198 fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f +# Backported in version v5.10.121 b4c7dd0037e6aeecad9b947b30f0d9eaeda11762 +# Backported in version v5.15.46 4cb37f715f601cee5b026c6f9091a466266b5ba5 +CVE_CHECK_IGNORE += "CVE-2022-3115" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3202 +# Patched in kernel since v5.18 a53046291020ec41e09181396c1e829287b48d47 +# Backported in version v5.4.189 e19c3149a80e4fc8df298d6546640e01601f3758 +# Backported in version v5.10.111 b9c5ac0a15f24d63b20f899072fa6dd8c93af136 +# Backported in version v5.15.34 d925b7e78b62805fcc5440d1521181c82b6f03cb +CVE_CHECK_IGNORE += "CVE-2022-3202" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3303 +# Patched in kernel since v6.0 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d +# Backported in version v5.4.215 4051324a6dafd7053c74c475e80b3ba10ae672b0 +# Backported in version v5.10.148 fce793a056c604b41a298317cf704dae255f1b36 +# Backported in version v5.15.68 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86 +# Backported in version v5.19.9 723ac5ab2891b6c10dd6cc78ef5456af593490eb +CVE_CHECK_IGNORE += "CVE-2022-3303" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 +# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc +# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977 +# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c +# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 +# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e +CVE_CHECK_IGNORE += "CVE-2022-3424" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 +CVE_CHECK_IGNORE += "CVE-2022-3435" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3521 +# Patched in kernel since v6.1 ec7eede369fe5b0d085ac51fdbb95184f87bfc6c +# Backported in version v5.4.225 ad39d09190a545d0f05ae0a82900eee96c5facea +# Backported in version v5.10.156 7deb7a9d33e4941c5ff190108146d3a56bf69e9d +# Backported in version v5.15.80 27d706b0d394a907ff8c4f83ffef9d3e5817fa84 +CVE_CHECK_IGNORE += "CVE-2022-3521" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3545 +# Patched in kernel since v6.0 02e1a114fdb71e59ee6770294166c30d437bf86a +# Backported in version v5.4.228 3c837460f920a63165961d2b88b425703f59affb +# Backported in version v5.10.160 eb6313c12955c58c3d3d40f086c22e44ca1c9a1b +# Backported in version v5.15.84 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24 +CVE_CHECK_IGNORE += "CVE-2022-3545" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 +# Backported in version v5.4.224 4cd094fd5d872862ca278e15b9b51b07e915ef3f +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde +CVE_CHECK_IGNORE += "CVE-2022-3564" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3586 +# Patched in kernel since v6.0 9efd23297cca530bb35e1848665805d3fcdd7889 +# Backported in version v5.4.213 279c7668e354fa151d5fd2e8c42b5153a1de3135 +# Backported in version v5.10.143 2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b +# Backported in version v5.15.68 1a889da60afc017050e1f517b3b976b462846668 +# Backported in version v5.19.9 8f796f36f5ba839c11eb4685150ebeed496c546f +CVE_CHECK_IGNORE += "CVE-2022-3586" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3594 +# Patched in kernel since v6.1 93e2be344a7db169b7119de21ac1bf253b8c6907 +# Backported in version v5.4.220 61fd56b0a1a3e923aced4455071177778dd59e88 +# Backported in version v5.10.150 484400d433ca1903a87268c55f019e932297538a +# Backported in version v5.15.75 b3179865cf7e892b26eedab3d6c54b4747c774a2 +# Backported in version v5.19.17 2e896abccf99fef76691d8e1019bd44105a12e1f +CVE_CHECK_IGNORE += "CVE-2022-3594" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd +CVE_CHECK_IGNORE += "CVE-2022-3621" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 +CVE_CHECK_IGNORE += "CVE-2022-3623" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 +CVE_CHECK_IGNORE += "CVE-2022-3629" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de +CVE_CHECK_IGNORE += "CVE-2022-3633" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 +CVE_CHECK_IGNORE += "CVE-2022-3635" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 +CVE_CHECK_IGNORE += "CVE-2022-3646" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 +CVE_CHECK_IGNORE += "CVE-2022-3649" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3707 +# Patched in kernel since v6.2 4a61648af68f5ba4884f0e3b494ee1cabc4b6620 +# Backported in version v5.4.233 787ef0db014085df8691e5aeb58ab0bb081e5ff0 +# Backported in version v5.10.170 3d743415c6fb092167df6c23e9c7e9f6df7db625 +# Backported in version v5.15.96 0d3d5099a50badadad6837edda00e42149b2f657 +# Backported in version v6.1.5 1022519da69d99d455c58ca181a6c499c562c70e +CVE_CHECK_IGNORE += "CVE-2022-3707" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4095 +# Patched in kernel since v6.0 e230a4455ac3e9b112f0367d1b8e255e141afae0 +# Backported in version v5.4.213 d0aac7146e96bf39e79c65087d21dfa02ef8db38 +# Backported in version v5.10.142 19e3f69d19801940abc2ac37c169882769ed9770 +# Backported in version v5.15.66 dc02aaf950015850e7589696521c7fca767cea77 +# Backported in version v5.19.8 b1727def850904e4b8ba384043775672841663a1 +CVE_CHECK_IGNORE += "CVE-2022-4095" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4139 +# Patched in kernel since v6.1 04aa64375f48a5d430b5550d9271f8428883e550 +# Backported in version v5.4.226 3659e33c1e4f8cfc62c6c15aca5d797010c277a4 +# Backported in version v5.10.157 86f0082fb9470904b15546726417f28077088fee +# Backported in version v5.15.81 ee2d04f23bbb16208045c3de545c6127aaa1ed0e +CVE_CHECK_IGNORE += "CVE-2022-4139" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 +# Patched in kernel since v6.2 d18dcfe9860e842f394e37ba01ca9440ab2178f4 +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 +CVE_CHECK_IGNORE += "CVE-2022-4382" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4662 +# Patched in kernel since v6.0 9c6d778800b921bde3bff3cff5003d1650f942d1 +# Backported in version v5.4.213 df1875084898b15cbc42f712e93d7f113ae6271b +# Backported in version v5.10.142 abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8 +# Backported in version v5.15.66 c548b99e1c37db6f7df86ecfe9a1f895d6c5966e +# Backported in version v5.19.8 d5eb850b3e8836197a38475840725260b9783e94 +CVE_CHECK_IGNORE += "CVE-2022-4662" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 +CVE_CHECK_IGNORE += "CVE-2022-26365" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-32250 +# Patched in kernel since v5.19 520778042ccca019f3ffa136dd0ca565c486cedd +# Backported in version v5.4.198 f36736fbd48491a8d85cd22f4740d542c5a1546e +# Backported in version v5.10.120 ea62d169b6e731e0b54abda1d692406f6bc6a696 +# Backported in version v5.15.45 f692bcffd1f2ce5488d24fbcb8eab5f351abf79d +CVE_CHECK_IGNORE += "CVE-2022-32250" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-32296 +# Patched in kernel since v5.18 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 +# Backported in version v5.4.201 c26e1addf15763ae404f4bbf131719a724e768ab +# Backported in version v5.10.125 9429b75bc271b6f29e50dbb0ee0751800ff87dd9 +# Backported in version v5.15.41 952a238d779eea4ecb2f8deb5004c8f56be79bc9 +CVE_CHECK_IGNORE += "CVE-2022-32296" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-32981 +# Patched in kernel since v5.19 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 +# Backported in version v5.4.198 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b +# Backported in version v5.10.122 3be74fc0afbeadc2aff8dc69f3bf9716fbe66486 +# Backported in version v5.15.47 2a0165d278973e30f2282c15c52d91788749d2d4 +CVE_CHECK_IGNORE += "CVE-2022-32981" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 +CVE_CHECK_IGNORE += "CVE-2022-33740" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 +CVE_CHECK_IGNORE += "CVE-2022-33741" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 +CVE_CHECK_IGNORE += "CVE-2022-33742" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33743 +# Patched in kernel since v5.19 f63c2c2032c2e3caad9add3b82cc6e91c376fd26 +# Backported in version v5.10.129 547b7c640df545a344358ede93e491a89194cdfa +# Backported in version v5.15.53 1052fc2b7391a43b25168ae69ad658fff5170f04 +CVE_CHECK_IGNORE += "CVE-2022-33743" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33744 +# Patched in kernel since v5.19 b75cd218274e01d026dc5240e86fdeb44bbed0c8 +# Backported in version v5.4.204 5c03cad51b84fb26ccea7fd99130d8ec47949cfc +# Backported in version v5.10.129 43c8d33ce353091f15312cb6de3531517d7bba90 +# Backported in version v5.15.53 9f83c8f6ab14bbf4311b70bf1b7290d131059101 +CVE_CHECK_IGNORE += "CVE-2022-33744" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33981 +# Patched in kernel since v5.18 233087ca063686964a53c829d547c7571e3f67bf +# Backported in version v5.4.192 7dea5913000c6a2974a00d9af8e7ffb54e47eac1 +# Backported in version v5.10.114 54c028cfc49624bfc27a571b94edecc79bbaaab4 +# Backported in version v5.15.37 e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3 +CVE_CHECK_IGNORE += "CVE-2022-33981" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-34918 +# Patched in kernel since v5.19 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 +# Backported in version v5.10.130 0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf +# Backported in version v5.15.54 c1784d2075138992b00c17ab4ffc6d855171fe6d +CVE_CHECK_IGNORE += "CVE-2022-34918" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-36123 +# Patched in kernel since v5.19 38fa5479b41376dc9d7f57e71c83514285a25ca0 +# Backported in version v5.4.207 a3c7c1a726a4c6b63b85e8c183f207543fd75e1b +# Backported in version v5.10.132 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87 +# Backported in version v5.15.56 26bb7afc027ce6ac8ab6747babec674d55689ff0 +CVE_CHECK_IGNORE += "CVE-2022-36123" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-36879 +# Patched in kernel since v5.19 f85daf0e725358be78dfd208dea5fd665d8cb901 +# Backported in version v5.4.208 f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20 +# Backported in version v5.10.134 47b696dd654450cdec3103a833e5bf29c4b83bfa +# Backported in version v5.15.58 c8e32bca0676ac663266a3b16562cb017300adcd +CVE_CHECK_IGNORE += "CVE-2022-36879" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-36946 +# Patched in kernel since v5.19 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 +# Backported in version v5.4.209 52be29e8b6455788a4d0f501bd87aa679ca3ba3c +# Backported in version v5.10.135 440dccd80f627e0e11ceb0429e4cdab61857d17e +# Backported in version v5.15.59 91c11008aab0282957b8b8ccb0707d90e74cc3b9 +CVE_CHECK_IGNORE += "CVE-2022-36946" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-39188 +# Patched in kernel since v5.19 b67fbebd4cf980aecbcc750e1462128bffe8ae15 +# Backported in version v5.4.212 c9c5501e815132530d741ec9fdd22657f91656bc +# Backported in version v5.10.141 895428ee124ad70b9763259308354877b725c31d +# Backported in version v5.15.65 3ffb97fce282df03723995f5eed6a559d008078e +CVE_CHECK_IGNORE += "CVE-2022-39188" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-39190 +# Patched in kernel since v6.0 e02f0d3970404bfea385b6edb86f2d936db0ea2b +# Backported in version v5.10.140 c08a104a8bce832f6e7a4e8d9ac091777b9982ea +# Backported in version v5.15.64 51f192ae71c3431aa69a988449ee2fd288e57648 +# Backported in version v5.19.6 fdca693fcf26c11596e7aa1e540af2b4a5288c76 +CVE_CHECK_IGNORE += "CVE-2022-39190" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-39842 +# Patched in kernel since v5.19 a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 +# Backported in version v5.4.215 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9 +# Backported in version v5.10.145 06e194e1130c98f82d46beb40cdbc88a0d4fd6de +# Backported in version v5.15.70 ab5140c6ddd7473509e12f468948de91138b124e +CVE_CHECK_IGNORE += "CVE-2022-39842" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-40307 +# Patched in kernel since v6.0 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 +# Backported in version v5.4.213 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997 +# Backported in version v5.10.143 918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6 +# Backported in version v5.15.68 dd291e070be0eca8807476b022bda00c891d9066 +# Backported in version v5.19.9 d46815a8f26ca6db2336106a148265239f73b0af +CVE_CHECK_IGNORE += "CVE-2022-40307" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-40768 +# Patched in kernel since v6.1 6022f210461fef67e6e676fd8544ca02d1bcfa7a +# Backported in version v5.4.218 20a5bde605979af270f94b9151f753ec2caf8b05 +# Backported in version v5.10.148 36b33c63515a93246487691046d18dd37a9f589b +# Backported in version v5.15.74 76efb4897bc38b2f16176bae27ae801037ebf49a +# Backported in version v5.19.16 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86 +CVE_CHECK_IGNORE += "CVE-2022-40768" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-41218 +# Patched in kernel since v6.2 fd3d91ab1c6ab0628fe642dd570b56302c30a792 +# Backported in version v5.4.229 a29d6213098816ed4574824b6adae94fb1c0457d +# Backported in version v5.10.163 3df07728abde249e2d3f47cf22f134cb4d4f5fb1 +# Backported in version v5.15.87 8b45a3b19a2e909e830d09a90a7e1ec8601927d9 +# Backported in version v6.1.4 530ca64b44625f7d39eb1d5efb6f9ff21da991e2 +CVE_CHECK_IGNORE += "CVE-2022-41218" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-41849 +# Patched in kernel since v6.1 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c +# Backported in version v5.4.220 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c +# Backported in version v5.10.150 e50472949604f385e09ce3fa4e74dce9f44fb19b +# Backported in version v5.15.75 2b0897e33682a332167b7d355eec28693b62119e +# Backported in version v5.19.17 02c871d44090c851b07770176f88c6f5564808a1 +CVE_CHECK_IGNORE += "CVE-2022-41849" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-41850 +# Patched in kernel since v6.1 cacdb14b1c8d3804a3a7d31773bc7569837b71a4 +# Backported in version v5.4.220 e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd +# Backported in version v5.10.150 dbcca76435a606a352c794956e6df62eedd3a353 +# Backported in version v5.15.75 c61786dc727d1850336d12c85a032c9a36ae396d +# Backported in version v5.19.17 2d38886ae0365463cdba3db669170eef1e3d55c0 +CVE_CHECK_IGNORE += "CVE-2022-41850" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-41858 +# Patched in kernel since v5.18 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 +# Backported in version v5.4.190 d05cd68ed8460cb158cc62c41ffe39fe0ca16169 +# Backported in version v5.10.112 ca24c5e8f0ac3d43ec0cff29e1c861be73aff165 +# Backported in version v5.15.35 efb020924a71391fc12e6f204eaf25694cc116a1 +CVE_CHECK_IGNORE += "CVE-2022-41858" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42328 +# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5 +# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883 +# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9 +# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8 +CVE_CHECK_IGNORE += "CVE-2022-42328" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42329 +# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5 +# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883 +# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9 +# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8 +CVE_CHECK_IGNORE += "CVE-2022-42329" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42703 +# Patched in kernel since v6.0 2555283eb40df89945557273121e9393ef9b542b +# Backported in version v5.4.212 2fe3eee48899a890310177d54537d5b8e255eb31 +# Backported in version v5.10.141 98f401d36396134c0c86e9e3bd00b6b6b028b521 +# Backported in version v5.15.65 c18a209b56e37b2a60414f714bd70b084ef25835 +# Backported in version v5.19.7 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c +CVE_CHECK_IGNORE += "CVE-2022-42703" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42721 +# Patched in kernel since v6.1 bcca852027e5878aec911a347407ecc88d6fff7f +# Backported in version v5.4.218 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc +# Backported in version v5.10.148 b0e5c5deb7880be5b8a459d584e13e1f9879d307 +# Backported in version v5.15.74 0a8ee682e4f992eccce226b012bba600bb2251e2 +# Backported in version v5.19.16 1d73c990e9bafc2754b1ced71345f73f5beb1781 +CVE_CHECK_IGNORE += "CVE-2022-42721" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42722 +# Patched in kernel since v6.1 b2d03cabe2b2e150ff5a381731ea0355459be09f +# Backported in version v5.10.148 58c0306d0bcd5f541714bea8765d23111c9af68a +# Backported in version v5.15.74 93a3a32554079432b49cf87f326607b2a2fab4f2 +# Backported in version v5.19.16 fa63b5f6f8853ace755d9a23fb75817d5ba20df5 +CVE_CHECK_IGNORE += "CVE-2022-42722" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 +CVE_CHECK_IGNORE += "CVE-2022-42895" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-47518 +# Patched in kernel since v6.1 0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 +# Backported in version v5.10.157 3eb6b89a4e9f9e44c3170d70d8d16c3c8dc8c800 +# Backported in version v5.15.81 7aed1dd5d221dabe3fe258f13ecf5fc7df393cbb +CVE_CHECK_IGNORE += "CVE-2022-47518" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-47519 +# Patched in kernel since v6.1 051ae669e4505abbe05165bebf6be7922de11f41 +# Backported in version v5.10.157 905f886eae4b065656a575e8a02544045cbaadcf +# Backported in version v5.15.81 143232cb5a4c96d69a7d90b643568665463c6191 +CVE_CHECK_IGNORE += "CVE-2022-47519" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-47520 +# Patched in kernel since v6.1 cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 +# Backported in version v5.10.157 7c6535fb4d67ea37c98a1d1d24ca33dd5ec42693 +# Backported in version v5.15.81 cd9c4869710bb6e38cfae4478c23e64e91438442 +CVE_CHECK_IGNORE += "CVE-2022-47520" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-47929 +# Patched in kernel since v6.2 96398560f26aa07e8f2969d73c8197e6a6d10407 +# Backported in version v5.4.229 9b83ec63d0de7b1f379daa1571e128bc7b9570f8 +# Backported in version v5.10.163 9f7bc28a6b8afc2274e25650511555e93f45470f +# Backported in version v5.15.88 04941c1d5bb59d64165e09813de2947bdf6f4f28 +# Backported in version v6.1.6 e8988e878af693ac13b0fa80ba2e72d22d68f2dd +CVE_CHECK_IGNORE += "CVE-2022-47929" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0179 +# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0 +# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa +# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 +# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 +CVE_CHECK_IGNORE += "CVE-2023-0179" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 +CVE_CHECK_IGNORE += "CVE-2023-0394" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 +# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c +# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d +# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 +# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 +# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c +CVE_CHECK_IGNORE += "CVE-2023-0461" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0590 +# Patched in kernel since v6.1 ebda44da44f6f309d302522b049f43d6f829f7aa +# Backported in version v5.10.152 7aa3d623c11b9ab60f86b7833666e5d55bac4be9 +# Backported in version v5.15.76 ce1234573d183db1ebcab524668ca2d85543bf80 +CVE_CHECK_IGNORE += "CVE-2023-0590" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 +# Patched in kernel since v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456 +# Backported in version v5.4.231 89e7fe3999e057c91f157b6ba663264f4cdfcb55 +# Backported in version v5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 +# Backported in version v5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 +# Backported in version v6.1.9 cdcdc0531a51659527fea4b4d064af343452062d +CVE_CHECK_IGNORE += "CVE-2023-1073" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 +# Patched in kernel since v6.2 458e279f861d3f61796894cd158b780765a1569f +# Backported in version v5.4.231 a7585028ac0a5836f39139c11594d79ede97d975 +# Backported in version v5.10.166 6ef652f35dcfaa1ab2b2cf6c1694718595148eee +# Backported in version v5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 +# Backported in version v6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 +CVE_CHECK_IGNORE += "CVE-2023-1074" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 +# Patched in kernel since v6.3 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 +# Backported in version v5.4.235 084cd75643b61fb924f70cba98a71dea14942938 +# Backported in version v5.10.173 80a1751730b302d8ab63a084b2fa52c820ad0273 +# Backported in version v5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 +# Backported in version v6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 +# Backported in version v6.2.3 1099004ae1664703ec573fc4c61ffb24144bcb63 +CVE_CHECK_IGNORE += "CVE-2023-1077" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 +# Patched in kernel since v6.2 f753a68980cf4b59a80fe677619da2b1804f526d +# Backported in version v5.4.232 ba38eacade35dd2316d77b37494e6e0c01bab595 +# Backported in version v5.10.168 c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca +# Backported in version v5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba +# Backported in version v6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 +CVE_CHECK_IGNORE += "CVE-2023-1078" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 +# Patched in kernel since v6.3 4ab3a086d10eeec1424f2e8a968827a6336203df +# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc +# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09 +# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 +# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e +# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 +CVE_CHECK_IGNORE += "CVE-2023-1079" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1095 +# Patched in kernel since v6.0 580077855a40741cf511766129702d97ff02f4d9 +# Backported in version v5.4.211 a452bc3deb23bf93f8a13d3e24611b7ef39645dc +# Backported in version v5.10.137 80977126bc20309f7f7bae6d8621356b393e8b41 +# Backported in version v5.15.61 8a2df34b5bf652566f2889d9fa321f3b398547ef +# Backported in version v5.19.2 109539c9ba8497aad2948af4f09077f6a65059fe +CVE_CHECK_IGNORE += "CVE-2023-1095" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 +# Patched in kernel since v6.3 29b0589a865b6f66d141d79b2dd1373e4e50fe17 +# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c +# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c +# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 +# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a +# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 +CVE_CHECK_IGNORE += "CVE-2023-1118" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1249 +# Patched in kernel since v5.18 390031c942116d4733310f0684beb8db19885fe6 +# Backported in version v5.10.110 558564db44755dfb3e48b0d64de327d20981e950 +# Backported in version v5.15.33 39fd0cc079c98dafcf355997ada7b5e67f0bb10a +CVE_CHECK_IGNORE += "CVE-2023-1249" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1252 +# Patched in kernel since v5.16 9a254403760041528bc8f69fe2f5e1ef86950991 +# Backported in version v5.10.80 4fd9f0509a1452b45e89c668e2bab854cb05cd25 +# Backported in version v5.15.3 2f372e38f5724301056e005353c8beecc3f8d257 +CVE_CHECK_IGNORE += "CVE-2023-1252" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 +# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2 +# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 +# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da +# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f +CVE_CHECK_IGNORE += "CVE-2023-1281" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1382 +# Patched in kernel since v6.1 a7b42969d63f47320853a802efd879fbdc4e010e +# Backported in version v5.4.226 59f9aad22fd743572bdafa37d3e1dd5dc5658e26 +# Backported in version v5.10.157 4058e3b74ab3eabe0835cee9a0c6deda79e8a295 +# Backported in version v5.15.81 33fb115a76ae6683e34f76f7e07f6f0734b2525f +CVE_CHECK_IGNORE += "CVE-2023-1382" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 +# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 +# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 +# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 +# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 +# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb +CVE_CHECK_IGNORE += "CVE-2023-1513" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 +# Patched in kernel since v6.3 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 +# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 +# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6 +# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19 +# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd +# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd +CVE_CHECK_IGNORE += "CVE-2023-1829" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1838 +# Patched in kernel since v5.18 fb4554c2232e44d595920f4d5c66cf8f7d13f9bc +# Backported in version v5.4.196 3a12b2c413b20c17832ec51cb836a0b713b916ac +# Backported in version v5.10.118 ec0d801d1a44d9259377142c6218885ecd685e41 +# Backported in version v5.15.42 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574 +CVE_CHECK_IGNORE += "CVE-2023-1838" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1998 +# Patched in kernel since v6.3 6921ed9049bc7457f66c1596c5b78aec0dae4a9d +# Backported in version v5.4.235 34c1b60e7a80404056c03936dd9c2438da2789d4 +# Backported in version v5.10.173 abfed855f05863d292de2d0ebab4656791bab9c8 +# Backported in version v5.15.99 e7f1ddebd9f5b12de40bc37db9243957678f1448 +# Backported in version v6.1.16 08d87c87d6461d16827c9b88d84c48c26b6c994a +# Backported in version v6.2.3 ead3c8e54d28fa1d5454b1f8a21b96b4a969b1cb +CVE_CHECK_IGNORE += "CVE-2023-1998" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-2006 +# Patched in kernel since v6.1 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 +# Backported in version v5.10.157 3535c632e6d16c98f76e615da8dc0cb2750c66cc +# Backported in version v5.15.81 38fe0988bd516f35c614ea9a5ff86c0d29f90c9a +CVE_CHECK_IGNORE += "CVE-2023-2006" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-2008 +# Patched in kernel since v5.19 05b252cccb2e5c3f56119d25de684b4f810ba40a +# Backported in version v5.4.202 c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb +# Backported in version v5.10.127 20119c1e0fff89542ff3272ace87e04cf6ee6bea +# Backported in version v5.15.51 5b45535865d62633e3816ee30eb8d3213038dc17 +CVE_CHECK_IGNORE += "CVE-2023-2008" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-2162 +# Patched in kernel since v6.2 f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 +# Backported in version v5.4.232 d4d765f4761f9e3a2d62992f825aeee593bcb6b9 +# Backported in version v5.10.168 9758ffe1c07b86aefd7ca8e40d9a461293427ca0 +# Backported in version v5.15.93 0aaabdb900c7415caa2006ef580322f7eac5f6b6 +# Backported in version v6.1.11 61e43ebfd243bcbad11be26bd921723027b77441 +CVE_CHECK_IGNORE += "CVE-2023-2162" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-2166 +# Patched in kernel since v6.1 0acc442309a0a1b01bcdaa135e56e6398a49439c +# Backported in version v5.4.227 3982652957e8d79ac32efcb725450580650a8644 +# Backported in version v5.10.159 c42221efb1159d6a3c89e96685ee38acdce86b6f +# Backported in version v5.15.83 c142cba37de29f740a3852f01f59876af8ae462a +CVE_CHECK_IGNORE += "CVE-2023-2166" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-2177 +# Patched in kernel since v5.19 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d +# Backported in version v5.4.209 8d6dab81ee3d0309c09987ff76164a25486c43e0 +# Backported in version v5.10.135 6f3505588d66b27220f07d0cab18da380fae2e2d +# Backported in version v5.15.59 e796e1fe20ecaf6da419ef6a5841ba181bba7a0c +CVE_CHECK_IGNORE += "CVE-2023-2177" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-22999 +# Patched in kernel since v5.17 b52fe2dbb3e655eb1483000adfab68a219549e13 +# Backported in version v5.10.94 94177fcecc35e9e9d3aecaa5813556c6b5aed7b6 +# Backported in version v5.15.17 5157828d3975768b53a51cdf569203b953184022 +CVE_CHECK_IGNORE += "CVE-2023-22999" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23002 +# Patched in kernel since v5.17 6845667146a28c09b5dfc401c1ad112374087944 +# Backported in version v5.10.94 4579954bf4cc0bdfc4a42c88b16fe596f1e7f82d +# Backported in version v5.15.17 9186e6ba52af11ba7b5f432aa2321f36e00ad721 +CVE_CHECK_IGNORE += "CVE-2023-23002" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23004 +# Patched in kernel since v5.19 15342f930ebebcfe36f2415049736a77d7d2e045 +# Backported in version v5.10.173 a5bbea50d622b8f49ab8ee3b0eb283107febcf1a +# Backported in version v5.15.100 1c7988d5c79f72287177bb774cde15fde69f3c97 +CVE_CHECK_IGNORE += "CVE-2023-23004" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23454 +# Patched in kernel since v6.2 caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 +# Backported in version v5.4.229 6b17b84634f932f4787f04578f5d030874b9ff32 +# Backported in version v5.10.163 b2c917e510e5ddbc7896329c87d20036c8b82952 +# Backported in version v5.15.87 04dc4003e5df33fb38d3dd85568b763910c479d4 +# Backported in version v6.1.5 dc46e39b727fddc5aacc0272ef83ee872d51be16 +CVE_CHECK_IGNORE += "CVE-2023-23454" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23455 +# Patched in kernel since v6.2 a2965c7be0522eaa18808684b7b82b248515511b +# Backported in version v5.4.229 63e469cb54a87df53edcfd85bb5bcdd84327ae4a +# Backported in version v5.10.163 5f65f48516bfeebaab1ccc52c8fad698ddf21282 +# Backported in version v5.15.87 f02327a4877a06cbc8277e22d4834cb189565187 +# Backported in version v6.1.5 85655c63877aeafdc23226510ea268a9fa0af807 +CVE_CHECK_IGNORE += "CVE-2023-23455" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23559 +# Patched in kernel since v6.2 b870e73a56c4cccbec33224233eaf295839f228c +# Backported in version v5.4.231 9042a9a3f29c942387e6d6036551d90c9ae6ce4f +# Backported in version v5.10.166 802fd7623e9ed19ee809b503e93fccc1e3f37bd6 +# Backported in version v5.15.91 8cbf932c5c40b0c20597fa623c308d5bde0848b5 +# Backported in version v6.1.9 7794efa358bca8b8a2a80070c6e088a74945f018 +CVE_CHECK_IGNORE += "CVE-2023-23559" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-25012 +# Patched in kernel since v6.3 76ca8da989c7d97a7f76c75d475fe95a584439d7 +# Backported in version v5.4.235 25e14bf0c894f9003247e3475372f33d9be1e424 +# Backported in version v5.10.173 fddde36316da8acb45a3cca2e5fda102f5215877 +# Backported in version v5.15.99 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f +# Backported in version v6.1.16 f2bf592ebd5077661e00aa11e12e054c4c8f6dd0 +# Backported in version v6.2.3 90289e71514e9533a9c44d694e2b492be9ed2b77 +CVE_CHECK_IGNORE += "CVE-2023-25012" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-26545 +# Patched in kernel since v6.2 fda6c89fe3d9aca073495a664e1d5aea28cd4377 +# Backported in version v5.4.232 df099e65564aa47478eb1cacf81ba69024fb5c69 +# Backported in version v5.10.169 7ff0fdba82298d1f456c685e24930da89703c0fb +# Backported in version v5.15.95 59a74da8da75bdfb464cbdb399e87ba4f7500e96 +# Backported in version v6.1.13 c376227845eef8f2e62e2c29c3cf2140d35dd8e8 +CVE_CHECK_IGNORE += "CVE-2023-26545" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-28327 +# Patched in kernel since v6.1 b3abe42e94900bdd045c472f9c9be620ba5ce553 +# Backported in version v5.4.227 c66d78aee55dab72c92020ebfbebc464d4f5dd2a +# Backported in version v5.10.159 575a6266f63dbb3b8eb1da03671451f0d81b8034 +# Backported in version v5.15.83 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91 +CVE_CHECK_IGNORE += "CVE-2023-28327" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-28328 +# Patched in kernel since v6.2 0ed554fd769a19ea8464bb83e9ac201002ef74ad +# Backported in version v5.4.229 8b256d23361c51aa4b7fdb71176c1ca50966fb39 +# Backported in version v5.10.163 559891d430e3f3a178040c4371ed419edbfa7d65 +# Backported in version v5.15.86 210fcf64be4db82c0e190e74b5111e4eef661a7a +# Backported in version v6.1.2 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70 +CVE_CHECK_IGNORE += "CVE-2023-28328" diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb index f8f717199c..ed9746f837 100644 --- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -334,7 +334,7 @@ do_install[lockfiles] = "${TMPDIR}/kernel-scripts.lock" FILES:${PN} = "${KERNEL_BUILD_ROOT} ${KERNEL_SRC_PATH}" FILES:${PN}-dbg += "${KERNEL_BUILD_ROOT}*/build/scripts/*/.debug/*" -RDEPENDS:${PN} = "bc python3 flex bison ${TCLIBC}-utils" +RDEPENDS:${PN} = "bc python3-core flex bison ${TCLIBC}-utils" # 4.15+ needs these next two RDEPENDS RDEPENDS:${PN} += "openssl-dev util-linux" # and x86 needs a bit more for 4.15+ diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index f25745194a..332a19366a 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6462fa707bd003b62bee6042c20e8ab1f391df96" -SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da" +SRCREV_machine ?= "8008621f28248a94b5f1154350a4fc9c71b130d5" +SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.175" +LINUX_VERSION ?= "5.10.180" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 38daab6bbe..29379791f4 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "e1ca9a177aff19013178aa30a8eccb4d7b2b67d7" -SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2" +SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.103" +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 798fb84565..e8d4eeea72 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.175" +LINUX_VERSION ?= "5.10.180" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "d90caed79c490df9aab86920b33698bc29899d45" -SRCREV_machine ?= "878a6b6459feacfa733cf27a14b9f70b9922ba65" -SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da" +SRCREV_machine:qemuarm ?= "d0dc3a46c784849731fc25990679b676f4306cef" +SRCREV_machine ?= "5ca66907abef1e8a0be5d3109fd3f0d50f77bc5f" +SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index eb6af62015..c19c289b97 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.103" +LINUX_VERSION ?= "5.15.108" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "4ae6c9a73f4e6e356186a541e3fcbea4fa6a09f1" -SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2" +SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 1f8289b6b6..4943d5ab57 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -69,3 +69,6 @@ do_devshell:prepend() { d.setVarFlag("PKG_CONFIG_SYSROOT_DIR", "unexport", "1") d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR") } + +# CVE exclusion +include recipes-kernel/linux/cve-exclusion.inc diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 92666e4865..cb28294a7f 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "1784e127b2ebee50ade30dc697d9f2c9ccda64d6" -SRCREV_machine:qemuarm64 ?= "3189034276f25e203dae9df3df5fd33849a63ddb" -SRCREV_machine:qemumips ?= "ed305aee0a2d924dd532eea364036736a43b008e" -SRCREV_machine:qemuppc ?= "43e2751f24c4c35341b877429f5c62f57cc23616" -SRCREV_machine:qemuriscv64 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb" -SRCREV_machine:qemuriscv32 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb" -SRCREV_machine:qemux86 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb" -SRCREV_machine:qemux86-64 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb" -SRCREV_machine:qemumips64 ?= "82870b2da104e88b79174aece820f233e0c4bd72" -SRCREV_machine ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb" -SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da" +SRCREV_machine:qemuarm ?= "1cf6a458134cbbe232467622d8e34d2e9d10e92b" +SRCREV_machine:qemuarm64 ?= "5db230097771631366812f12c9b04c8379f53c24" +SRCREV_machine:qemumips ?= "795276fa64f0874a4ee0dcfa9c78e572314bdfa1" +SRCREV_machine:qemuppc ?= "6ccfcf5138703538662241bf8ed897a1ef2a3def" +SRCREV_machine:qemuriscv64 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f" +SRCREV_machine:qemuriscv32 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f" +SRCREV_machine:qemux86 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f" +SRCREV_machine:qemux86-64 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f" +SRCREV_machine:qemumips64 ?= "4d6b146f00b8efc99e3d3d1d8a63220c29590c8d" +SRCREV_machine ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f" +SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.175" +LINUX_VERSION ?= "5.10.180" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 41f20c96dd..785944c3cf 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "21687086c27bb112f19b0aac455d800961c0b830" -SRCREV_machine:qemuarm64 ?= "7144f86a73fe2ffe4fe57c9e6cf28d8fc8db4b6a" -SRCREV_machine:qemumips ?= "557c06060cb218ade536fccc66f8f3e755537f31" -SRCREV_machine:qemuppc ?= "db19dbdcdf51b9d2a071dcf180ba9e20b8286e9b" -SRCREV_machine:qemuriscv64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6" -SRCREV_machine:qemuriscv32 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6" -SRCREV_machine:qemux86 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6" -SRCREV_machine:qemux86-64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6" -SRCREV_machine:qemumips64 ?= "6f1dbe8c258d49f4dba59827124dfe9aa2c151db" -SRCREV_machine ?= "024d08fb706170a9723e9751e505681f9d4c7ab6" -SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2" +SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010" +SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5" +SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf" +SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558" +SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5" +SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652" +SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "8020ae3c051d1c9ec7b7a872e226f9720547649b" +SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.103" +LINUX_VERSION ?= "5.15.108" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch new file mode 100644 index 0000000000..3cd374dc39 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch @@ -0,0 +1,130 @@ +From e40c964a0678908e2c756741343ed50d6a99ee12 Mon Sep 17 00:00:00 2001 +From: Anton Khirnov <anton@khirnov.net> +Date: Fri, 28 Apr 2023 11:45:30 +0000 +Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in + worker threads + +This state is not refcounted, so make sure it always has a well-defined +owner. + +Remove the block added in 091341f, as +this commit also solves that issue in a more general way. + +CVE:CVE-2022-48434 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + libavcodec/pthread_frame.c | 46 +++++++++++++++++++++++++++++--------- + 1 file changed, 35 insertions(+), 11 deletions(-) + +diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c +index 85a6bc9..e40dced 100644 +--- a/libavcodec/pthread_frame.c ++++ b/libavcodec/pthread_frame.c +@@ -145,6 +145,12 @@ typedef struct FrameThreadContext { + * Set for the first N packets, where N is the number of threads. + * While it is set, ff_thread_en/decode_frame won't return any results. + */ ++ ++ /* hwaccel state is temporarily stored here in order to transfer its ownership ++ * to the next decoding thread without the need for extra synchronization */ ++ const AVHWAccel *stash_hwaccel; ++ void *stash_hwaccel_context; ++ void *stash_hwaccel_priv; + } FrameThreadContext; + + #if FF_API_THREAD_SAFE_CALLBACKS +@@ -229,9 +235,17 @@ FF_ENABLE_DEPRECATION_WARNINGS + ff_thread_finish_setup(avctx); + + if (p->hwaccel_serializing) { ++ /* wipe hwaccel state to avoid stale pointers lying around; ++ * the state was transferred to FrameThreadContext in ++ * ff_thread_finish_setup(), so nothing is leaked */ ++ avctx->hwaccel = NULL; ++ avctx->hwaccel_context = NULL; ++ avctx->internal->hwaccel_priv_data = NULL; ++ + p->hwaccel_serializing = 0; + pthread_mutex_unlock(&p->parent->hwaccel_mutex); + } ++ av_assert0(!avctx->hwaccel); + + if (p->async_serializing) { + p->async_serializing = 0; +@@ -294,14 +308,10 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src, + dst->color_range = src->color_range; + dst->chroma_sample_location = src->chroma_sample_location; + +- dst->hwaccel = src->hwaccel; +- dst->hwaccel_context = src->hwaccel_context; +- + dst->channels = src->channels; + dst->sample_rate = src->sample_rate; + dst->sample_fmt = src->sample_fmt; + dst->channel_layout = src->channel_layout; +- dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data; + + if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx || + (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) { +@@ -442,6 +452,12 @@ static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx, + pthread_mutex_unlock(&p->mutex); + return err; + } ++ ++ /* transfer hwaccel state stashed from previous thread, if any */ ++ av_assert0(!p->avctx->hwaccel); ++ FFSWAP(const AVHWAccel*, p->avctx->hwaccel, fctx->stash_hwaccel); ++ FFSWAP(void*, p->avctx->hwaccel_context, fctx->stash_hwaccel_context); ++ FFSWAP(void*, p->avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv); + } + + av_packet_unref(p->avpkt); +@@ -647,6 +663,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) { + async_lock(p->parent); + } + ++ /* save hwaccel state for passing to the next thread; ++ * this is done here so that this worker thread can wipe its own hwaccel ++ * state after decoding, without requiring synchronization */ ++ av_assert0(!p->parent->stash_hwaccel); ++ p->parent->stash_hwaccel = avctx->hwaccel; ++ p->parent->stash_hwaccel_context = avctx->hwaccel_context; ++ p->parent->stash_hwaccel_priv = avctx->internal->hwaccel_priv_data; ++ + pthread_mutex_lock(&p->progress_mutex); + if(atomic_load(&p->state) == STATE_SETUP_FINISHED){ + av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n"); +@@ -700,13 +724,6 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count) + + park_frame_worker_threads(fctx, thread_count); + +- if (fctx->prev_thread && avctx->internal->hwaccel_priv_data != +- fctx->prev_thread->avctx->internal->hwaccel_priv_data) { +- if (update_context_from_thread(avctx, fctx->prev_thread->avctx, 1) < 0) { +- av_log(avctx, AV_LOG_ERROR, "Failed to update user thread.\n"); +- } +- } +- + if (fctx->prev_thread && fctx->prev_thread != fctx->threads) + if (update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0) < 0) { + av_log(avctx, AV_LOG_ERROR, "Final thread update failed\n"); +@@ -760,6 +777,13 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count) + av_freep(&fctx->threads); + ff_pthread_free(fctx, thread_ctx_offsets); + ++ /* if we have stashed hwaccel state, move it to the user-facing context, ++ * so it will be freed in avcodec_close() */ ++ av_assert0(!avctx->hwaccel); ++ FFSWAP(const AVHWAccel*, avctx->hwaccel, fctx->stash_hwaccel); ++ FFSWAP(void*, avctx->hwaccel_context, fctx->stash_hwaccel_context); ++ FFSWAP(void*, avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv); ++ + av_freep(&avctx->internal->thread_ctx); + } + +-- +2.40.0 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 4bcbda9976..6ece34fcfd 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -28,7 +28,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ - " + file://CVE-2022-48434.patch \ + " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.6.bb index 9db31c18e4..2eee50e6d8 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.6.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba" +SRC_URI[sha256sum] = "2c64037c823fb88751a47dacf3d4752a52b7951190d6e05fc44855e912e81d71" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.6.bb index e5925c6510..c54913e8a1 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.6.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc" +SRC_URI[sha256sum] = "7d619a030542a4a5a11e0302742a3d9b05f8e5cfc453025683a0379bc50aa013" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.6.bb index ec5efcd408..b29d393bfe 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806" +SRC_URI[sha256sum] = "48e82008a2a0ad5f4b525aba8a6c49c4ca2d7d25c6b1b14d107dd747e26d5a8e" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.6.bb index 80766b9166..fdb4509691 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.6.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0003-ensure-valid-sentinals-for-gst_structure_get-etc.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363" +SRC_URI[sha256sum] = "d98c73fa5cdddb372a91199464515cfc80c89bbe05e3d4387ea4381e4224483a" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.6.bb index c37b542c57..8d1aef1fc8 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.6.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35" +SRC_URI[sha256sum] = "54eac357d6cd66f183b94a26e493bf4d5781bc76bc60cad122742626caf8f1a3" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.6.bb index 80aed01973..81f5dd0932 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.6.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ " -SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9" +SRC_URI[sha256sum] = "e51365cfa9b19bd736dafe2c8828254a55d66996a3c60550bb0d50041c381a44" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.6.bb index f765e626c9..e62e9e9815 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.6.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87" +SRC_URI[sha256sum] = "ca3fb6abc9f6e981d204a736c254e50cc1786a2f5038d83023e42ea009b10246" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.6.bb index 05e9ace276..77745b8ba9 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.6.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2" +SRC_URI[sha256sum] = "aa619e08ddd9f92755f4bd24ba9577e81ae4c86bff170c3e574153ec3cdc80cc" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.6.bb index c9cf42903d..017edec426 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.6.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5" +SRC_URI[sha256sum] = "800122a798387bd4b18b558737d30a010d94154f41bd210d4c4cc2d80ecae90f" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.6.bb index 716f50ebe1..d67abf408c 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.6.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b" +SRC_URI[sha256sum] = "57028a2cdabb749eb38a53f45cfa36f02b4e5368fb6d8684ef31d9e73ddf653b" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch deleted file mode 100644 index f1fac2df57..0000000000 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch +++ /dev/null @@ -1,300 +0,0 @@ -From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Tue, 21 Jun 2022 11:51:35 +0300 -Subject: [PATCH] bin: Fix race conditions in tests - -The latency messages are non-deterministic and can arrive before/after -async-done or during state-changes as they are posted by e.g. sinks from -their streaming thread but bins are finishing asynchronous state changes -from a secondary helper thread. - -To solve this, expect latency messages at any time and assert that we -receive one at some point during the test. - -Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643> - -Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643] -Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> ---- - .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------ - 1 file changed, 92 insertions(+), 40 deletions(-) - -diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c -index e366d5fe20f..88ff44db0c3 100644 ---- a/subprojects/gstreamer/tests/check/gst/gstbin.c -+++ b/subprojects/gstreamer/tests/check/gst/gstbin.c -@@ -27,50 +27,95 @@ - #include <gst/base/gstbasesrc.h> - - static void --pop_async_done (GstBus * bus) -+pop_async_done (GstBus * bus, gboolean * had_latency) - { - GstMessage *message; -+ GstMessageType types = GST_MESSAGE_ASYNC_DONE; -+ -+ if (!*had_latency) -+ types |= GST_MESSAGE_LATENCY; - - GST_DEBUG ("popping async-done message"); -- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1); - -- fail_unless (message && GST_MESSAGE_TYPE (message) -- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); -+ do { -+ message = gst_bus_poll (bus, types, -1); - -- gst_message_unref (message); -- GST_DEBUG ("popped message"); -+ fail_unless (message); -+ GST_DEBUG ("popped message %s", -+ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); -+ -+ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { -+ fail_unless (*had_latency == FALSE); -+ *had_latency = TRUE; -+ gst_clear_message (&message); -+ types &= ~GST_MESSAGE_LATENCY; -+ continue; -+ } -+ -+ fail_unless (GST_MESSAGE_TYPE (message) -+ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE"); -+ -+ gst_clear_message (&message); -+ break; -+ } while (TRUE); - } - - static void --pop_latency (GstBus * bus) -+pop_latency (GstBus * bus, gboolean * had_latency) - { - GstMessage *message; - -- GST_DEBUG ("popping async-done message"); -+ if (*had_latency) -+ return; -+ -+ GST_DEBUG ("popping latency message"); - message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1); - -- fail_unless (message && GST_MESSAGE_TYPE (message) -+ fail_unless (message); -+ fail_unless (GST_MESSAGE_TYPE (message) - == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY"); - -- gst_message_unref (message); -- GST_DEBUG ("popped message"); -+ GST_DEBUG ("popped message %s", -+ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); -+ gst_clear_message (&message); -+ -+ *had_latency = TRUE; - } - - static void --pop_state_changed (GstBus * bus, int count) -+pop_state_changed (GstBus * bus, int count, gboolean * had_latency) - { - GstMessage *message; -- -+ GstMessageType types = GST_MESSAGE_STATE_CHANGED; - int i; - -+ if (!*had_latency) -+ types |= GST_MESSAGE_LATENCY; -+ - GST_DEBUG ("popping %d messages", count); - for (i = 0; i < count; ++i) { -- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1); -- -- fail_unless (message && GST_MESSAGE_TYPE (message) -- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED"); -- -- gst_message_unref (message); -+ do { -+ message = gst_bus_poll (bus, types, -1); -+ -+ fail_unless (message); -+ GST_DEBUG ("popped message %s", -+ gst_message_type_get_name (GST_MESSAGE_TYPE (message))); -+ -+ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) { -+ fail_unless (*had_latency == FALSE); -+ *had_latency = TRUE; -+ gst_clear_message (&message); -+ types &= ~GST_MESSAGE_LATENCY; -+ continue; -+ } -+ -+ fail_unless (GST_MESSAGE_TYPE (message) -+ == GST_MESSAGE_STATE_CHANGED, -+ "did not get GST_MESSAGE_STATE_CHANGED"); -+ -+ gst_message_unref (message); -+ break; -+ } while (TRUE); - } - GST_DEBUG ("popped %d messages", count); - } -@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children) - GstBus *bus; - GstStateChangeReturn ret; - GstState current, pending; -+ gboolean had_latency = FALSE; - - pipeline = GST_PIPELINE (gst_pipeline_new (NULL)); - fail_unless (pipeline != NULL, "Could not create pipeline"); -@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children) - ASSERT_OBJECT_REFCOUNT (sink, "sink", 2); - ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2); - -- pop_state_changed (bus, 3); -+ pop_state_changed (bus, 3, &had_latency); - fail_if (gst_bus_have_pending (bus), "unexpected pending messages"); - - ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); -@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children) - * its state_change message */ - ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4); - -- pop_state_changed (bus, 3); -- pop_async_done (bus); -- pop_latency (bus); -+ pop_state_changed (bus, 3, &had_latency); -+ pop_async_done (bus, &had_latency); -+ pop_latency (bus, &had_latency); - fail_if ((gst_bus_pop (bus)) != NULL); - - ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3); -@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children) - ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4); - ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); - -- pop_state_changed (bus, 3); -+ pop_state_changed (bus, 3, &had_latency); - fail_if ((gst_bus_pop (bus)) != NULL); - - ASSERT_OBJECT_REFCOUNT (bus, "bus", 2); -@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children) - ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4); - ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3); - -- pop_state_changed (bus, 6); -+ pop_state_changed (bus, 6, &had_latency); - fail_if ((gst_bus_pop (bus)) != NULL); - - ASSERT_OBJECT_REFCOUNT (src, "src", 1); -@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change) - GstElement *src, *sink, *bin; - GstBus *bus; - GstStateChangeReturn ret; -+ gboolean had_latency = FALSE; - - bin = gst_element_factory_make ("bin", NULL); - fail_unless (bin != NULL, "Could not create bin"); -@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change) - GST_CLOCK_TIME_NONE); - fail_unless (ret == GST_STATE_CHANGE_SUCCESS); - -- pop_state_changed (bus, 6); -- pop_async_done (bus); -- pop_latency (bus); -+ pop_state_changed (bus, 6, &had_latency); -+ pop_async_done (bus, &had_latency); -+ pop_latency (bus, &had_latency); - - fail_unless (gst_bus_have_pending (bus) == FALSE, - "Unexpected messages on bus"); -@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change) - ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING); - fail_unless (ret == GST_STATE_CHANGE_SUCCESS); - -- pop_state_changed (bus, 3); -+ pop_state_changed (bus, 3, &had_latency); - -+ had_latency = FALSE; - /* this one might return either SUCCESS or ASYNC, likely SUCCESS */ - ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED); - gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE); - -- pop_state_changed (bus, 3); -+ pop_state_changed (bus, 3, &had_latency); - if (ret == GST_STATE_CHANGE_ASYNC) { -- pop_async_done (bus); -- pop_latency (bus); -+ pop_async_done (bus, &had_latency); -+ pop_latency (bus, &had_latency); - } - - fail_unless (gst_bus_have_pending (bus) == FALSE, -@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) - GstStateChangeReturn ret; - GstState current, pending; - GstBus *bus; -+ gboolean had_latency = FALSE; - - pipeline = gst_pipeline_new (NULL); - fail_unless (pipeline != NULL, "Could not create pipeline"); -@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) - ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107); - #else - -- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ -+ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ - ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, - 108); -- pop_async_done (bus); -+ pop_async_done (bus, &had_latency); -+ pop_latency (bus, &had_latency); - #endif - /* PAUSED => PLAYING */ - GST_DEBUG ("popping PAUSED -> PLAYING messages"); -@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink) - fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); - - /* TODO: do we need to check downwards state change order as well? */ -- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ -- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ -+ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ -+ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ - - while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) - THREAD_SWITCH (); -@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink) - GstStateChangeReturn ret; - GstState current, pending; - GstBus *bus; -+ gboolean had_latency = FALSE; - - /* (2) Now again, but check other code path where we don't have - * a proper sink correctly flagged as such, but a 'semi-sink' */ -@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink) - ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206); - ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207); - #else -- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */ -+ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */ - ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED, - 208); -- pop_async_done (bus); -+ pop_async_done (bus, &had_latency); -+ pop_latency (bus, &had_latency); - - /* PAUSED => PLAYING */ - GST_DEBUG ("popping PAUSED -> PLAYING messages"); -@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink) - fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed"); - - /* TODO: do we need to check downwards state change order as well? */ -- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */ -- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */ -+ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */ -+ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */ - - GST_DEBUG ("waiting for pipeline to reach refcount 1"); - while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1) --- -GitLab - diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.6.bb index ce9c1c116f..7ceb319d9b 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.6.bb @@ -21,9 +21,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \ file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ - file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff" +SRC_URI[sha256sum] = "0545b030960680f71a95f9d39c95daae54b4d317d335e8f239d81138773c9b90" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch new file mode 100644 index 0000000000..1a6b685450 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch @@ -0,0 +1,41 @@ +CVE: CVE-2022-32888 +Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/a3dd7dc] + +[1]: https://support.apple.com/en-us/HT213446 +[2]: https://bugs.webkit.org/show_bug.cgi?id=242047 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From a3dd7dc5f60b87a7cfd14c372e40ebd339076763 Mon Sep 17 00:00:00 2001 +From: Yusuke Suzuki <ysuzuki@apple.com> +Date: Mon, 27 Jun 2022 21:34:55 -0700 +Subject: [PATCH] [JSC] Drop wasm stale assertion + https://bugs.webkit.org/show_bug.cgi?id=242047 rdar://95866655 + +Reviewed by Mark Lam. + +This patch drops stale assertion in addDelegateToUnreachable. + +* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: +(JSC::Wasm::LLIntGenerator::addDelegateToUnreachable): + +Canonical link: https://commits.webkit.org/251902@main +--- + Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp +index 39fb39b3331f..d0d2b9725991 100644 +--- a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp ++++ b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp +@@ -1182,7 +1182,6 @@ auto LLIntGenerator::addDelegateToUnreachable(ControlType& target, ControlType& + + ControlTry& tryData = std::get<ControlTry>(data); + m_codeBlock->addExceptionHandler({ HandlerType::Delegate, tryData.m_try->location(), delegateLabel->location(), 0, m_tryDepth, targetDepth }); +- checkConsistency(); + return { }; + } + +-- +2.34.1 + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch new file mode 100644 index 0000000000..60342a14f8 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch @@ -0,0 +1,435 @@ +CVE: CVE-2022-32923 +Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/ef76e31] + +[1]: https://support.apple.com/en-us/HT213495 +[2]: https://bugs.webkit.org/show_bug.cgi?id=242964 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From ef76e31a2a066c3d65a9c94a9e2cd88133260c1f Mon Sep 17 00:00:00 2001 +From: Yusuke Suzuki <ysuzuki@apple.com> +Date: Wed, 20 Jul 2022 19:30:48 -0700 +Subject: [PATCH] [JSC] BakcwardPropagationPhase should carry NaN / Infinity + handling https://bugs.webkit.org/show_bug.cgi?id=242964 rdar://96791603 + +Reviewed by Mark Lam. + +For correctness, we should carry NaN / Infinity handling to make it more clear in the code generation site. + +* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp: +(JSC::DFG::BackwardsPropagationPhase::propagate): +* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: +(JSC::DFG::FixupPhase::fixupArithDivInt32): +(JSC::DFG::FixupPhase::fixupArithDiv): +* Source/JavaScriptCore/dfg/DFGGraph.h: +* Source/JavaScriptCore/dfg/DFGNode.h: +* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp: +(JSC::DFG::dumpNodeFlags): +* Source/JavaScriptCore/dfg/DFGNodeFlags.h: +(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity): +(JSC::DFG::nodeCanSpeculateInt32ForDiv): +* Source/JavaScriptCore/dfg/DFGNodeType.h: + +Canonical link: https://commits.webkit.org/252675@main +--- + .../dfg/DFGBackwardsPropagationPhase.cpp | 51 +++++++++++-------- + Source/JavaScriptCore/dfg/DFGFixupPhase.cpp | 6 ++- + Source/JavaScriptCore/dfg/DFGGraph.h | 11 ++++ + Source/JavaScriptCore/dfg/DFGNode.h | 12 +++-- + Source/JavaScriptCore/dfg/DFGNodeFlags.cpp | 10 ++-- + Source/JavaScriptCore/dfg/DFGNodeFlags.h | 37 +++++++++++--- + Source/JavaScriptCore/dfg/DFGNodeType.h | 3 +- + 7 files changed, 91 insertions(+), 39 deletions(-) + +diff --git a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp +index 306ea5d6b974..83a08aff7c20 100644 +--- a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp ++++ b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp +@@ -272,7 +272,7 @@ private: + case ValueBitNot: + case ArithBitNot: { + flags |= NodeBytecodeUsesAsInt; +- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther); ++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther); + flags &= ~NodeBytecodeUsesAsArrayIndex; + node->child1()->mergeFlags(flags); + break; +@@ -291,7 +291,7 @@ private: + case BitURShift: + case ArithIMul: { + flags |= NodeBytecodeUsesAsInt; +- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther); ++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther); + flags &= ~NodeBytecodeUsesAsArrayIndex; + node->child1()->mergeFlags(flags); + node->child2()->mergeFlags(flags); +@@ -308,9 +308,9 @@ private: + + case StringSlice: { + node->child1()->mergeFlags(NodeBytecodeUsesAsValue); +- node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); + if (node->child3()) +- node->child3()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ node->child3()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); + break; + } + +@@ -320,11 +320,11 @@ private: + if (node->numChildren() == 2) + m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsValue); + else if (node->numChildren() == 3) { +- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); + m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsValue); + } else if (node->numChildren() == 4) { +- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); +- m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); ++ m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); + m_graph.varArgChild(node, 3)->mergeFlags(NodeBytecodeUsesAsValue); + } + break; +@@ -345,6 +345,7 @@ private: + flags |= NodeBytecodeUsesAsNumber; + if (!m_allowNestedOverflowingAdditions) + flags |= NodeBytecodeUsesAsNumber; ++ flags |= NodeBytecodeNeedsNaNOrInfinity; + + node->child1()->mergeFlags(flags); + node->child2()->mergeFlags(flags); +@@ -359,6 +360,7 @@ private: + flags |= NodeBytecodeUsesAsNumber; + if (!m_allowNestedOverflowingAdditions) + flags |= NodeBytecodeUsesAsNumber; ++ flags |= NodeBytecodeNeedsNaNOrInfinity; + + node->child1()->mergeFlags(flags); + node->child2()->mergeFlags(flags); +@@ -366,7 +368,7 @@ private: + } + + case ArithClz32: { +- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther | ~NodeBytecodeUsesAsArrayIndex); ++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther | ~NodeBytecodeUsesAsArrayIndex); + flags |= NodeBytecodeUsesAsInt; + node->child1()->mergeFlags(flags); + break; +@@ -380,6 +382,7 @@ private: + flags |= NodeBytecodeUsesAsNumber; + if (!m_allowNestedOverflowingAdditions) + flags |= NodeBytecodeUsesAsNumber; ++ flags |= NodeBytecodeNeedsNaNOrInfinity; + + node->child1()->mergeFlags(flags); + node->child2()->mergeFlags(flags); +@@ -387,6 +390,7 @@ private: + } + + case ArithNegate: { ++ // negation does not care about NaN, Infinity, -Infinity are converted into 0 if the result is evaluated under the integer context. + flags &= ~NodeBytecodeUsesAsOther; + + node->child1()->mergeFlags(flags); +@@ -401,6 +405,7 @@ private: + flags |= NodeBytecodeUsesAsNumber; + if (!m_allowNestedOverflowingAdditions) + flags |= NodeBytecodeUsesAsNumber; ++ flags |= NodeBytecodeNeedsNaNOrInfinity; + + node->child1()->mergeFlags(flags); + break; +@@ -421,7 +426,7 @@ private: + + node->mergeFlags(flags); + +- flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero; ++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity; + flags &= ~NodeBytecodeUsesAsOther; + + node->child1()->mergeFlags(flags); +@@ -431,7 +436,13 @@ private: + + case ValueDiv: + case ArithDiv: { +- flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero; ++ // ArithDiv / ValueDiv need to have NodeBytecodeUsesAsNumber even if it is used in the context of integer. ++ // For example, ++ // ((@x / @y) + @z) | 0 ++ // In this context, (@x / @y) can have integer context at first, but the result can be different if div ++ // generates NaN. Div and Mod are operations that can produce NaN / Infinity though only taking binary Int32 operands. ++ // Thus, we always need to check for overflow since it can affect downstream calculations. ++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity; + flags &= ~NodeBytecodeUsesAsOther; + + node->child1()->mergeFlags(flags); +@@ -441,7 +452,7 @@ private: + + case ValueMod: + case ArithMod: { +- flags |= NodeBytecodeUsesAsNumber; ++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity; + flags &= ~NodeBytecodeUsesAsOther; + + node->child1()->mergeFlags(flags); +@@ -452,7 +463,7 @@ private: + case EnumeratorGetByVal: + case GetByVal: { + m_graph.varArgChild(node, 0)->mergeFlags(NodeBytecodeUsesAsValue); +- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsArrayIndex); + break; + } + +@@ -461,13 +472,13 @@ private: + // Negative zero is not observable. NaN versus undefined are only observable + // in that you would get a different exception message. So, like, whatever: we + // claim here that NaN v. undefined is observable. +- node->child1()->mergeFlags(NodeBytecodeUsesAsInt | NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsArrayIndex); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsInt | NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsArrayIndex); + break; + } + + case ToString: + case CallStringConstructor: { +- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity); + break; + } + +@@ -487,15 +498,15 @@ private: + case CompareBelowEq: + case CompareEq: + case CompareStrictEq: { +- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther); +- node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity); ++ node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity); + break; + } + + case PutByValDirect: + case PutByVal: { + m_graph.varArgChild(node, 0)->mergeFlags(NodeBytecodeUsesAsValue); +- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex); ++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity); + m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsValue); + break; + } +@@ -508,20 +519,20 @@ private: + // then -0 and 0 are treated the same. We don't need NodeBytecodeUsesAsOther + // because if all of the cases are integers then NaN and undefined are + // treated the same (i.e. they will take default). +- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsInt); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsInt | NodeBytecodeNeedsNaNOrInfinity); + break; + case SwitchChar: { + // We don't need NodeBytecodeNeedsNegZero because if the cases are all strings + // then -0 and 0 are treated the same. We don't need NodeBytecodeUsesAsOther + // because if all of the cases are single-character strings then NaN + // and undefined are treated the same (i.e. they will take default). +- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNaNOrInfinity); + break; + } + case SwitchString: + // We don't need NodeBytecodeNeedsNegZero because if the cases are all strings + // then -0 and 0 are treated the same. +- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther); ++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity); + break; + case SwitchCell: + // There is currently no point to being clever here since this is used for switching +diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp +index e8bee58ada15..b679539de2e6 100644 +--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp ++++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp +@@ -81,7 +81,9 @@ private: + if (optimizeForX86() || optimizeForARM64() || optimizeForARMv7IDIVSupported()) { + fixIntOrBooleanEdge(leftChild); + fixIntOrBooleanEdge(rightChild); +- if (bytecodeCanTruncateInteger(node->arithNodeFlags())) ++ // We need to be careful about skipping overflow check because div / mod can generate non integer values ++ // from (Int32, Int32) inputs. For now, we always check non-zero divisor. ++ if (bytecodeCanTruncateInteger(node->arithNodeFlags()) && bytecodeCanIgnoreNaNAndInfinity(node->arithNodeFlags()) && bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) + node->setArithMode(Arith::Unchecked); + else if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) + node->setArithMode(Arith::CheckOverflow); +@@ -122,7 +124,7 @@ private: + + void fixupArithDiv(Node* node, Edge& leftChild, Edge& rightChild) + { +- if (m_graph.binaryArithShouldSpeculateInt32(node, FixupPass)) { ++ if (m_graph.divShouldSpeculateInt32(node, FixupPass)) { + fixupArithDivInt32(node, leftChild, rightChild); + return; + } +diff --git a/Source/JavaScriptCore/dfg/DFGGraph.h b/Source/JavaScriptCore/dfg/DFGGraph.h +index ca566d3a484e..284c87672849 100644 +--- a/Source/JavaScriptCore/dfg/DFGGraph.h ++++ b/Source/JavaScriptCore/dfg/DFGGraph.h +@@ -373,6 +373,17 @@ public: + + return shouldSpeculateInt52ForAdd(left) && shouldSpeculateInt52ForAdd(right); + } ++ ++ bool divShouldSpeculateInt32(Node* node, PredictionPass pass) ++ { ++ // Even if inputs are Int32, div can generate NaN or Infinity. ++ // Thus, Overflow in div can be caused by these non integer values as well as actual Int32 overflow. ++ Node* left = node->child1().node(); ++ Node* right = node->child2().node(); ++ ++ return Node::shouldSpeculateInt32OrBooleanForArithmetic(left, right) ++ && nodeCanSpeculateInt32ForDiv(node->arithNodeFlags(), node->sourceFor(pass)); ++ } + + bool binaryArithShouldSpeculateInt32(Node* node, PredictionPass pass) + { +diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h +index f9ff50658e93..04509a3846ca 100644 +--- a/Source/JavaScriptCore/dfg/DFGNode.h ++++ b/Source/JavaScriptCore/dfg/DFGNode.h +@@ -3308,21 +3308,25 @@ public: + out.printf(", @%u", child3()->index()); + } + +- NodeOrigin origin; ++ NO_UNIQUE_ADDRESS NodeOrigin origin; + ++private: ++ NO_UNIQUE_ADDRESS NodeType m_op; ++ ++ NO_UNIQUE_ADDRESS unsigned m_index { std::numeric_limits<unsigned>::max() }; ++ ++public: + // References to up to 3 children, or links to a variable length set of children. + AdjacencyList children; + + private: + friend class B3::SparseCollection<Node>; + +- unsigned m_index { std::numeric_limits<unsigned>::max() }; +- unsigned m_op : 10; // real type is NodeType +- unsigned m_flags : 21; + // The virtual register number (spill location) associated with this . + VirtualRegister m_virtualRegister; + // The number of uses of the result of this operation (+1 for 'must generate' nodes, which have side-effects). + unsigned m_refCount; ++ NodeFlags m_flags; + // The prediction ascribed to this node after propagation. + SpeculatedType m_prediction { SpecNone }; + // Immediate values, accesses type-checked via accessors above. +diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp +index 88242947f6ef..0c53cd976c5c 100644 +--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp ++++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp +@@ -74,12 +74,14 @@ void dumpNodeFlags(PrintStream& actualOut, NodeFlags flags) + out.print(comma, "VarArgs"); + + if (flags & NodeResultMask) { +- if (!(flags & NodeBytecodeUsesAsNumber) && !(flags & NodeBytecodeNeedsNegZero)) ++ if (!(flags & NodeBytecodeUsesAsNumber)) + out.print(comma, "PureInt"); +- else if (!(flags & NodeBytecodeUsesAsNumber)) +- out.print(comma, "PureInt(w/ neg zero)"); +- else if (!(flags & NodeBytecodeNeedsNegZero)) ++ else + out.print(comma, "PureNum"); ++ if (flags & NodeBytecodeNeedsNegZero) ++ out.print(comma, "NeedsNegZero"); ++ if (flags & NodeBytecodeNeedsNaNOrInfinity) ++ out.print(comma, "NeedsNaNOrInfinity"); + if (flags & NodeBytecodeUsesAsOther) + out.print(comma, "UseAsOther"); + } +diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.h b/Source/JavaScriptCore/dfg/DFGNodeFlags.h +index 2ebe3544f601..aa60db7e6ba0 100644 +--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.h ++++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.h +@@ -61,18 +61,19 @@ namespace JSC { namespace DFG { + #define NodeBytecodeUseBottom 0x00000 + #define NodeBytecodeUsesAsNumber 0x04000 // The result of this computation may be used in a context that observes fractional, or bigger-than-int32, results. + #define NodeBytecodeNeedsNegZero 0x08000 // The result of this computation may be used in a context that observes -0. +-#define NodeBytecodeUsesAsOther 0x10000 // The result of this computation may be used in a context that distinguishes between NaN and other things (like undefined). +-#define NodeBytecodeUsesAsInt 0x20000 // The result of this computation is known to be used in a context that prefers, but does not require, integer values. +-#define NodeBytecodeUsesAsArrayIndex 0x40000 // The result of this computation is known to be used in a context that strongly prefers integer values, to the point that we should avoid using doubles if at all possible. +-#define NodeBytecodeUsesAsValue (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther) +-#define NodeBytecodeBackPropMask (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex) ++#define NodeBytecodeNeedsNaNOrInfinity 0x10000 // The result of this computation may be used in a context that observes NaN or Infinity. ++#define NodeBytecodeUsesAsOther 0x20000 // The result of this computation may be used in a context that distinguishes between NaN and other things (like undefined). ++#define NodeBytecodeUsesAsInt 0x40000 // The result of this computation is known to be used in a context that prefers, but does not require, integer values. ++#define NodeBytecodeUsesAsArrayIndex 0x80000 // The result of this computation is known to be used in a context that strongly prefers integer values, to the point that we should avoid using doubles if at all possible. ++#define NodeBytecodeUsesAsValue (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther) ++#define NodeBytecodeBackPropMask (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex) + + #define NodeArithFlagsMask (NodeBehaviorMask | NodeBytecodeBackPropMask) + +-#define NodeIsFlushed 0x80000 // Computed by CPSRethreadingPhase, will tell you which local nodes are backwards-reachable from a Flush. ++#define NodeIsFlushed 0x100000 // Computed by CPSRethreadingPhase, will tell you which local nodes are backwards-reachable from a Flush. + +-#define NodeMiscFlag1 0x100000 +-#define NodeMiscFlag2 0x200000 ++#define NodeMiscFlag1 0x200000 ++#define NodeMiscFlag2 0x400000 + + typedef uint32_t NodeFlags; + +@@ -91,6 +92,11 @@ static inline bool bytecodeCanIgnoreNegativeZero(NodeFlags flags) + return !(flags & NodeBytecodeNeedsNegZero); + } + ++static inline bool bytecodeCanIgnoreNaNAndInfinity(NodeFlags flags) ++{ ++ return !(flags & NodeBytecodeNeedsNaNOrInfinity); ++} ++ + enum RareCaseProfilingSource { + BaselineRareCase, // Comes from slow case counting in the baseline JIT. + DFGRareCase, // Comes from OSR exit profiles. +@@ -147,6 +153,21 @@ static inline bool nodeCanSpeculateInt32(NodeFlags flags, RareCaseProfilingSourc + return true; + } + ++static inline bool nodeCanSpeculateInt32ForDiv(NodeFlags flags, RareCaseProfilingSource source) ++{ ++ if (nodeMayOverflowInt32(flags, source)) { ++ if (bytecodeUsesAsNumber(flags)) ++ return false; ++ if (!bytecodeCanIgnoreNaNAndInfinity(flags)) ++ return false; ++ } ++ ++ if (nodeMayNegZero(flags, source)) ++ return bytecodeCanIgnoreNegativeZero(flags); ++ ++ return true; ++} ++ + static inline bool nodeCanSpeculateInt52(NodeFlags flags, RareCaseProfilingSource source) + { + if (nodeMayOverflowInt52(flags, source)) +diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h +index 8f885b570665..aad4d559ccf7 100644 +--- a/Source/JavaScriptCore/dfg/DFGNodeType.h ++++ b/Source/JavaScriptCore/dfg/DFGNodeType.h +@@ -567,7 +567,7 @@ namespace JSC { namespace DFG { + + // This enum generates a monotonically increasing id for all Node types, + // and is used by the subsequent enum to fill out the id (as accessed via the NodeIdMask). +-enum NodeType { ++enum NodeType : uint16_t { + #define DFG_OP_ENUM(opcode, flags) opcode, + FOR_EACH_DFG_OP(DFG_OP_ENUM) + #undef DFG_OP_ENUM +@@ -577,6 +577,7 @@ enum NodeType { + #define DFG_OP_COUNT(opcode, flags) + 1 + constexpr unsigned numberOfNodeTypes = FOR_EACH_DFG_OP(DFG_OP_COUNT); + #undef DFG_OP_COUNT ++static_assert(numberOfNodeTypes <= UINT16_MAX); + + // Specifies the default flags for each node. + inline NodeFlags defaultFlags(NodeType op) +-- +2.34.1 + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb index 7b2c5c6e36..1dac4f5677 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb @@ -15,6 +15,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \ file://0001-Fix-build-without-opengl-or-es.patch \ file://reproducibility.patch \ file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ + file://CVE-2022-32888.patch \ + file://CVE-2022-32923.patch \ " SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb index 708201043b..b3d7b229c8 100644 --- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb +++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb @@ -13,7 +13,7 @@ inherit meson features_check pkgconfig REQUIRED_DISTRO_FEATURES = "opengl" SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155" +SRC_URI[sha256sum] = "93c9766ae9864eeaeaee2b0a74f22cbca08df42c1a1bdb55b086f2528e380d38" # Especially helps compiling with clang which enable this as error when # using c++11 diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch index fb3ee6a14d..d3d1d2dc2e 100644 --- a/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch @@ -3,10 +3,11 @@ From: Daniel Stenberg <daniel@haxx.se> Date: Fri, 10 Mar 2023 09:22:43 +0100 Subject: [PATCH] url: only reuse connections with same GSS delegation -Upstream-Status: Backport from [https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb] +Upstream-Status: Backport from [https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5] CVE: CVE-2023-27536 Signed-off-by: Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com> --- lib/url.c | 6 ++++++ lib/urldata.h | 1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch new file mode 100644 index 0000000000..c0bca9a56e --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch @@ -0,0 +1,33 @@ +From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 8 May 2023 14:33:54 +0200 +Subject: [PATCH] libssh2: free fingerprint better + +Reported-by: Wei Chong Tan +Closes #11088 + +CVE: CVE-2023-28319 +Upstream-Status: Backport [https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c] +Comments: Hunks Refreshed +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + lib/vssh/libssh2.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c +index bfcc94e160178..dd39a844c646b 100644 +--- a/lib/vssh/libssh2.c ++++ b/lib/vssh/libssh2.c +@@ -695,11 +695,10 @@ + */ + if((pub_pos != b64_pos) || + Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) { +- free(fingerprint_b64); +- + failf(data, + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); ++ free(fingerprint_b64); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch new file mode 100644 index 0000000000..1e0fc7534a --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch @@ -0,0 +1,83 @@ +From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001 +From: Harry Sintonen <sintonen@iki.fi> +Date: Tue, 25 Apr 2023 09:22:26 +0200 +Subject: [PATCH] hostip: add locks around use of global buffer for alarm() + +When building with the sync name resolver and timeout ability we now +require thread-safety to be present to enable it. + +Closes #11030 + +CVE: CVE-2023-28320 +Upstream-Status: Backport [https://github.com/curl/curl/commit/13718030ad4b3209a7583b] +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + lib/hostip.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/lib/hostip.c b/lib/hostip.c +index 2381290fdd43e..e410cda69ae6e 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -70,12 +70,19 @@ + #include <SystemConfiguration/SCDynamicStoreCopySpecific.h> + #endif + +-#if defined(CURLRES_SYNCH) && \ +- defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP) ++#if defined(CURLRES_SYNCH) && \ ++ defined(HAVE_ALARM) && \ ++ defined(SIGALRM) && \ ++ defined(HAVE_SIGSETJMP) && \ ++ defined(GLOBAL_INIT_IS_THREADSAFE) + /* alarm-based timeouts can only be used with all the dependencies satisfied */ + #define USE_ALARM_TIMEOUT + #endif + ++#ifdef USE_ALARM_TIMEOUT ++#include "easy_lock.h" ++#endif ++ + #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */ + + /* +@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data) + Curl_share_unlock(data, CURL_LOCK_DATA_DNS); + } + +-#ifdef HAVE_SIGSETJMP ++#ifdef USE_ALARM_TIMEOUT + /* Beware this is a global and unique instance. This is used to store the + return address that we can jump back to from inside a signal handler. This + is not thread-safe stuff. */ + sigjmp_buf curl_jmpenv; ++curl_simple_lock curl_jmpenv_lock; + #endif + + /* lookup address, returns entry if found and not stale */ +@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, + static + void alarmfunc(int sig) + { +- /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */ + (void)sig; + siglongjmp(curl_jmpenv, 1); + } +@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, + This should be the last thing we do before calling Curl_resolv(), + as otherwise we'd have to worry about variables that get modified + before we invoke Curl_resolv() (and thus use "volatile"). */ ++ curl_simple_lock_lock(&curl_jmpenv_lock); ++ + if(sigsetjmp(curl_jmpenv, 1)) { + /* this is coming from a siglongjmp() after an alarm signal */ + failf(data, "name lookup timed out"); +@@ -980,6 +989,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, + #endif + #endif /* HAVE_SIGACTION */ + ++ curl_simple_lock_unlock(&curl_jmpenv_lock); ++ + /* switch back the alarm() to either zero or to what it was before minus + the time we spent until now! */ + if(prev_alarm) { diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch new file mode 100644 index 0000000000..bcd8b112db --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch @@ -0,0 +1,302 @@ +From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 24 Apr 2023 21:07:02 +0200 +Subject: [PATCH] hostcheck: fix host name wildcard checking + +The leftmost "label" of the host name can now only match against single +'*'. Like the browsers have worked for a long time. + +- extended unit test 1397 for this +- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc + +Reported-by: Hiroki Kurosawa +Closes #11018 + +CVE: CVE-2023-28321 +Upstream-Status: Backport [https://github.com/curl/curl/commit/199f2d440d8659b42] +Comments: Hunks removed as changes already exist +Removed hunks from files: +tests/unit/Makefile.am +tests/unit/Makefile.inc +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + lib/vtls/hostcheck.c | 50 +++++++-------- + tests/data/test1397 | 10 ++- + tests/unit/Makefile.am | 94 ---------------------------- + tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++ + tests/unit/unit1397.c | 134 ++++++++++++++++++++++++---------------- + 5 files changed, 202 insertions(+), 180 deletions(-) + +diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c +index e827dc58f378c..d061c6356f97f 100644 +--- a/lib/vtls/hostcheck.c ++++ b/lib/vtls/hostcheck.c +@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen, + * apparent distinction between a name and an IP. We need to detect the use of + * an IP address and not wildcard match on such names. + * ++ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor ++ * "*b". ++ * + * Return TRUE on a match. FALSE if not. ++ * ++ * @unittest: 1397 + */ + + static bool hostmatch(const char *hostname, +@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname, + const char *pattern, + size_t patternlen) + { +- const char *pattern_label_end, *wildcard, *hostname_label_end; +- size_t prefixlen, suffixlen; ++ const char *pattern_label_end; + +- /* normalize pattern and hostname by stripping off trailing dots */ ++ DEBUGASSERT(pattern); + DEBUGASSERT(patternlen); ++ DEBUGASSERT(hostname); ++ DEBUGASSERT(hostlen); ++ ++ /* normalize pattern and hostname by stripping off trailing dots */ + if(hostname[hostlen-1]=='.') + hostlen--; + if(pattern[patternlen-1]=='.') + patternlen--; + +- wildcard = memchr(pattern, '*', patternlen); +- if(!wildcard) ++ if(strncmp(pattern, "*.", 2)) + return pmatch(hostname, hostlen, pattern, patternlen); + + /* detect IP address as hostname and fail the match if so */ +- if(Curl_host_is_ipnum(hostname)) ++ else if(Curl_host_is_ipnum(hostname)) + return FALSE; + + /* We require at least 2 dots in the pattern to avoid too wide wildcard + match. */ + pattern_label_end = memchr(pattern, '.', patternlen); + if(!pattern_label_end || +- (memrchr(pattern, '.', patternlen) == pattern_label_end) || +- strncasecompare(pattern, "xn--", 4)) ++ (memrchr(pattern, '.', patternlen) == pattern_label_end)) + return pmatch(hostname, hostlen, pattern, patternlen); +- +- hostname_label_end = memchr(hostname, '.', hostlen); +- if(!hostname_label_end) +- return FALSE; + else { +- size_t skiphost = hostname_label_end - hostname; +- size_t skiplen = pattern_label_end - pattern; +- if(!pmatch(hostname_label_end, hostlen - skiphost, +- pattern_label_end, patternlen - skiplen)) +- return FALSE; ++ const char *hostname_label_end = memchr(hostname, '.', hostlen); ++ if(hostname_label_end) { ++ size_t skiphost = hostname_label_end - hostname; ++ size_t skiplen = pattern_label_end - pattern; ++ return pmatch(hostname_label_end, hostlen - skiphost, ++ pattern_label_end, patternlen - skiplen); ++ } + } +- /* The wildcard must match at least one character, so the left-most +- label of the hostname is at least as large as the left-most label +- of the pattern. */ +- if(hostname_label_end - hostname < pattern_label_end - pattern) +- return FALSE; +- +- prefixlen = wildcard - pattern; +- suffixlen = pattern_label_end - (wildcard + 1); +- return strncasecompare(pattern, hostname, prefixlen) && +- strncasecompare(wildcard + 1, hostname_label_end - suffixlen, +- suffixlen) ? TRUE : FALSE; ++ return FALSE; + } + + /* +diff --git a/tests/data/test1397 b/tests/data/test1397 +index 84f962abebee3..f31b2c2a3f330 100644 +--- a/tests/data/test1397 ++++ b/tests/data/test1397 +@@ -2,8 +2,7 @@ + <info> + <keywords> + unittest +-ssl +-wildcard ++Curl_cert_hostcheck + </keywords> + </info> + +@@ -16,9 +15,8 @@ none + <features> + unittest + </features> +- <name> +-Check wildcard certificate matching function Curl_cert_hostcheck +- </name> ++<name> ++Curl_cert_hostcheck unit tests ++</name> + </client> +- + </testcase> +diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c +index 2f3d3aa4d09e1..3ae75618d5d10 100644 +--- a/tests/unit/unit1397.c ++++ b/tests/unit/unit1397.c +@@ -23,7 +23,6 @@ + ***************************************************************************/ + #include "curlcheck.h" + +-#include "vtls/hostcheck.h" /* from the lib dir */ + + static CURLcode unit_setup(void) + { +@@ -32,63 +31,94 @@ static CURLcode unit_setup(void) + + static void unit_stop(void) + { +- /* done before shutting down and exiting */ + } + +-UNITTEST_START +- + /* only these backends define the tested functions */ +-#if defined(USE_OPENSSL) || defined(USE_GSKIT) +- +- /* here you start doing things and checking that the results are good */ ++#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL) ++#include "vtls/hostcheck.h" ++struct testcase { ++ const char *host; ++ const char *pattern; ++ bool match; ++}; + +-fail_unless(Curl_cert_hostcheck(STRCONST("www.example.com"), +- STRCONST("www.example.com")), "good 1"); +-fail_unless(Curl_cert_hostcheck(STRCONST("*.example.com"), +- STRCONST("www.example.com")), +- "good 2"); +-fail_unless(Curl_cert_hostcheck(STRCONST("xxx*.example.com"), +- STRCONST("xxxwww.example.com")), "good 3"); +-fail_unless(Curl_cert_hostcheck(STRCONST("f*.example.com"), +- STRCONST("foo.example.com")), "good 4"); +-fail_unless(Curl_cert_hostcheck(STRCONST("192.168.0.0"), +- STRCONST("192.168.0.0")), "good 5"); ++static struct testcase tests[] = { ++ {"", "", FALSE}, ++ {"a", "", FALSE}, ++ {"", "b", FALSE}, ++ {"a", "b", FALSE}, ++ {"aa", "bb", FALSE}, ++ {"\xff", "\xff", TRUE}, ++ {"aa.aa.aa", "aa.aa.bb", FALSE}, ++ {"aa.aa.aa", "aa.aa.aa", TRUE}, ++ {"aa.aa.aa", "*.aa.bb", FALSE}, ++ {"aa.aa.aa", "*.aa.aa", TRUE}, ++ {"192.168.0.1", "192.168.0.1", TRUE}, ++ {"192.168.0.1", "*.168.0.1", FALSE}, ++ {"192.168.0.1", "*.0.1", FALSE}, ++ {"h.ello", "*.ello", FALSE}, ++ {"h.ello.", "*.ello", FALSE}, ++ {"h.ello", "*.ello.", FALSE}, ++ {"h.e.llo", "*.e.llo", TRUE}, ++ {"h.e.llo", " *.e.llo", FALSE}, ++ {" h.e.llo", "*.e.llo", TRUE}, ++ {"h.e.llo.", "*.e.llo", TRUE}, ++ {"*.e.llo.", "*.e.llo", TRUE}, ++ {"************.e.llo.", "*.e.llo", TRUE}, ++ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ++ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" ++ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" ++ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" ++ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" ++ ".e.llo.", "*.e.llo", TRUE}, ++ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE}, ++ {"h.e.llo.", "*.e.llo.", TRUE}, ++ {"h.e.llo", "*.e.llo.", TRUE}, ++ {".h.e.llo", "*.e.llo.", FALSE}, ++ {"h.e.llo", "*.*.llo.", FALSE}, ++ {"h.e.llo", "h.*.llo", FALSE}, ++ {"h.e.llo", "h.e.*", FALSE}, ++ {"hello", "*.ello", FALSE}, ++ {"hello", "**llo", FALSE}, ++ {"bar.foo.example.com", "*.example.com", FALSE}, ++ {"foo.example.com", "*.example.com", TRUE}, ++ {"baz.example.net", "b*z.example.net", FALSE}, ++ {"foobaz.example.net", "*baz.example.net", FALSE}, ++ {"xn--l8j.example.local", "x*.example.local", FALSE}, ++ {"xn--l8j.example.net", "*.example.net", TRUE}, ++ {"xn--l8j.example.net", "*j.example.net", FALSE}, ++ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE}, ++ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE}, ++ {"xl8j.example.net", "*.example.net", TRUE}, ++ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE}, ++ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE}, ++ {NULL, NULL, FALSE} ++}; + +-fail_if(Curl_cert_hostcheck(STRCONST("xxx.example.com"), +- STRCONST("www.example.com")), "bad 1"); +-fail_if(Curl_cert_hostcheck(STRCONST("*"), +- STRCONST("www.example.com")),"bad 2"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.*.com"), +- STRCONST("www.example.com")), "bad 3"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.example.com"), +- STRCONST("baa.foo.example.com")), "bad 4"); +-fail_if(Curl_cert_hostcheck(STRCONST("f*.example.com"), +- STRCONST("baa.example.com")), "bad 5"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.com"), +- STRCONST("example.com")), "bad 6"); +-fail_if(Curl_cert_hostcheck(STRCONST("*fail.com"), +- STRCONST("example.com")), "bad 7"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.example."), +- STRCONST("www.example.")), "bad 8"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.example."), +- STRCONST("www.example")), "bad 9"); +-fail_if(Curl_cert_hostcheck(STRCONST(""), STRCONST("www")), "bad 10"); +-fail_if(Curl_cert_hostcheck(STRCONST("*"), STRCONST("www")), "bad 11"); +-fail_if(Curl_cert_hostcheck(STRCONST("*.168.0.0"), +- STRCONST("192.168.0.0")), "bad 12"); +-fail_if(Curl_cert_hostcheck(STRCONST("www.example.com"), +- STRCONST("192.168.0.0")), "bad 13"); +- +-#ifdef ENABLE_IPV6 +-fail_if(Curl_cert_hostcheck(STRCONST("*::3285:a9ff:fe46:b619"), +- STRCONST("fe80::3285:a9ff:fe46:b619")), "bad 14"); +-fail_unless(Curl_cert_hostcheck(STRCONST("fe80::3285:a9ff:fe46:b619"), +- STRCONST("fe80::3285:a9ff:fe46:b619")), +- "good 6"); +-#endif ++UNITTEST_START ++{ ++ int i; ++ for(i = 0; tests[i].host; i++) { ++ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern, ++ strlen(tests[i].pattern), ++ tests[i].host, ++ strlen(tests[i].host))) { ++ fprintf(stderr, ++ "HOST: %s\n" ++ "PTRN: %s\n" ++ "did %sMATCH\n", ++ tests[i].host, ++ tests[i].pattern, ++ tests[i].match ? "NOT ": ""); ++ unitfail++; ++ } ++ } ++} + +-#endif ++UNITTEST_STOP ++#else + +- /* you end the test code like this: */ ++UNITTEST_START + + UNITTEST_STOP ++#endif diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch new file mode 100644 index 0000000000..547127001d --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch @@ -0,0 +1,84 @@ +From efbf02111aa66bda9288506b7d5cc0226bf5453e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Sun, 12 Feb 2023 13:24:08 +0100 +Subject: [PATCH] smb: return error on upload without size + +The protocol needs to know the size ahead of time, this is now a known +restriction and not a bug. + +Also output a clearer error if the URL path does not contain proper +share. + +Ref: #7896 +Closes #10484 + +CVE: CVE-2023-28322 +Upstream-Status: Backport [https://github.com/curl/curl/commit/efbf02111aa66bda9288506b7d5cc0226bf5453e] +Comments: Hunks refreshed +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + docs/KNOWN_BUGS | 5 ----- + docs/URL-SYNTAX.md | 3 +++ + lib/smb.c | 6 ++++++ + 3 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS +index cbf5be352a279..a515e7a59bdfd 100644 +--- a/docs/KNOWN_BUGS ++++ b/docs/KNOWN_BUGS +@@ -58,7 +58,6 @@ + 5.7 Visual Studio project gaps + 5.8 configure finding libs in wrong directory + 5.9 Utilize Requires.private directives in libcurl.pc +- 5.10 curl hangs on SMB upload over stdin + 5.11 configure --with-gssapi with Heimdal is ignored on macOS + 5.12 flaky Windows CI builds + +@@ -332,10 +331,6 @@ problems may have been fixed or changed somewhat since this was written. + + https://github.com/curl/curl/issues/864 + +-5.10 curl hangs on SMB upload over stdin +- +- See https://github.com/curl/curl/issues/7896 +- + 5.11 configure --with-gssapi with Heimdal is ignored on macOS + + ... unless you also pass --with-gssapi-libs +diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md +index 691fcceacd66c..802bbdef96979 100644 +--- a/docs/URL-SYNTAX.md ++++ b/docs/URL-SYNTAX.md +@@ -360,6 +360,9 @@ share and directory or the share to upload to and as such, may not be omitted. + If the user name is embedded in the URL then it must contain the domain name + and as such, the backslash must be URL encoded as %2f. + ++When uploading to SMB, the size of the file needs to be known ahead of time, ++meaning that you can upload a file passed to curl over a pipe like stdin. ++ + curl supports SMB version 1 (only) + + ## SMTP +diff --git a/lib/smb.c b/lib/smb.c +index 8a76763c157ce..dc0abe784bcee 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -763,6 +763,11 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + void *msg = NULL; + const struct smb_nt_create_response *smb_m; + ++ if(data->set.upload && (data->state.infilesize < 0)) { ++ failf(data, "SMB upload needs to know the size up front"); ++ return CURLE_SEND_ERROR; ++ } ++ + /* Start the request */ + if(req->state == SMB_REQUESTING) { + result = smb_send_tree_connect(data); +@@ -993,6 +998,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data, + /* The share must be present */ + if(!slash) { + Curl_safefree(smbc->share); ++ failf(data, "missing share in URL path for SMB"); + return CURLE_URL_MALFORMAT; + } diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch new file mode 100644 index 0000000000..f2134dd1c3 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch @@ -0,0 +1,436 @@ +From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 25 Apr 2023 08:28:01 +0200 +Subject: [PATCH] lib: unify the upload/method handling + +By making sure we set state.upload based on the set.method value and not +independently as set.upload, we reduce confusion and mixup risks, both +internally and externally. + +Closes #11017 + +CVE: CVE-2023-28322 +Upstream-Status: Backport [https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de] +Comments: Hunks refreshed +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + lib/curl_rtmp.c | 4 ++-- + lib/file.c | 4 ++-- + lib/ftp.c | 8 ++++---- + lib/http.c | 4 ++-- + lib/imap.c | 6 +++--- + lib/rtsp.c | 4 ++-- + lib/setopt.c | 6 ++---- + lib/smb.c | 6 +++--- + lib/smtp.c | 4 ++-- + lib/tftp.c | 8 ++++---- + lib/transfer.c | 4 ++-- + lib/urldata.h | 2 +- + lib/vssh/libssh.c | 6 +++--- + lib/vssh/libssh2.c | 6 +++--- + lib/vssh/wolfssh.c | 2 +- + 15 files changed, 36 insertions(+), 38 deletions(-) + +diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c +index 2679a2cdc1afe..406fb42ac0f44 100644 +--- a/lib/curl_rtmp.c ++++ b/lib/curl_rtmp.c +@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done) + /* We have to know if it's a write before we send the + * connect request packet + */ +- if(data->set.upload) ++ if(data->state.upload) + r->Link.protocol |= RTMP_FEATURE_WRITE; + + /* For plain streams, use the buffer toggle trick to keep data flowing */ +@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done) + if(!RTMP_ConnectStream(r, 0)) + return CURLE_FAILED_INIT; + +- if(data->set.upload) { ++ if(data->state.upload) { + Curl_pgrsSetUploadSize(data, data->state.infilesize); + Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); + } +diff --git a/lib/file.c b/lib/file.c +index 51c5d07ce40ab..c751e8861a99b 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) + file->freepath = real_path; /* free this when done */ + + file->fd = fd; +- if(!data->set.upload && (fd == -1)) { ++ if(!data->state.upload && (fd == -1)) { + failf(data, "Couldn't open file %s", data->state.up.path); + file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE); + return CURLE_FILE_COULDNT_READ_FILE; +@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) + + Curl_pgrsStartNow(data); + +- if(data->set.upload) ++ if(data->state.upload) + return file_upload(data); + + file = data->req.p.file; +diff --git a/lib/ftp.c b/lib/ftp.c +index f50d7baf622f8..4ff68cc454cbc 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -1348,7 +1348,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data) + data->set.str[STRING_CUSTOMREQUEST]? + data->set.str[STRING_CUSTOMREQUEST]: + (data->state.list_only?"NLST":"LIST")); +- else if(data->set.upload) ++ else if(data->state.upload) + result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s", + conn->proto.ftpc.file); + else +@@ -3384,7 +3384,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, + /* the response code from the transfer showed an error already so no + use checking further */ + ; +- else if(data->set.upload) { ++ else if(data->state.upload) { + if((-1 != data->state.infilesize) && + (data->state.infilesize != data->req.writebytecount) && + !data->set.crlf && +@@ -3640,7 +3640,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) + connected back to us */ + } + } +- else if(data->set.upload) { ++ else if(data->state.upload) { + result = ftp_nb_type(data, conn, data->state.prefer_ascii, + FTP_STOR_TYPE); + if(result) +@@ -4233,7 +4233,7 @@ + ftpc->file = NULL; /* instead of point to a zero byte, + we make it a NULL pointer */ + +- if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { ++ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { + /* We need a file name when uploading. Return error! */ + failf(data, "Uploading to a URL without a file name!"); + free(rawPath); +diff --git a/lib/http.c b/lib/http.c +index 80e43f6f361e8..bffdd3468536d 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2033,7 +2033,7 @@ + Curl_HttpReq httpreq = data->state.httpreq; + const char *request; + if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && +- data->set.upload) ++ data->state.upload) + httpreq = HTTPREQ_PUT; + + /* Now set the 'request' pointer to the proper request string */ +@@ -2423,7 +2423,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && + http->postsize < 0) || +- ((data->set.upload || httpreq == HTTPREQ_POST) && ++ ((data->state.upload || httpreq == HTTPREQ_POST) && + data->state.infilesize == -1))) { + if(conn->bits.authneg) + /* don't enable chunked during auth neg */ +diff --git a/lib/imap.c b/lib/imap.c +index c2f675d4b2618..1952e66a1efcd 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status, + result = status; /* use the already set error code */ + } + else if(!data->set.connect_only && !imap->custom && +- (imap->uid || imap->mindex || data->set.upload || ++ (imap->uid || imap->mindex || data->state.upload || + data->set.mimepost.kind != MIMEKIND_NONE)) { + /* Handle responses after FETCH or APPEND transfer has finished */ + +- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) ++ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE) + state(data, IMAP_FETCH_FINAL); + else { + /* End the APPEND command first by sending an empty line */ +@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected, + selected = TRUE; + + /* Start the first command in the DO phase */ +- if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) ++ if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE) + /* APPEND can be executed directly */ + result = imap_perform_append(data); + else if(imap->custom && (selected || !imap->mailbox)) +diff --git a/lib/rtsp.c b/lib/rtsp.c +index ea99d720ec4eb..ccd7264b00e74 100644 +--- a/lib/rtsp.c ++++ b/lib/rtsp.c +@@ -493,7 +493,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) + rtspreq == RTSPREQ_SET_PARAMETER || + rtspreq == RTSPREQ_GET_PARAMETER) { + +- if(data->set.upload) { ++ if(data->state.upload) { + putsize = data->state.infilesize; + data->state.httpreq = HTTPREQ_PUT; + +@@ -512,7 +512,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) + result = + Curl_dyn_addf(&req_buffer, + "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", +- (data->set.upload ? putsize : postsize)); ++ (data->state.upload ? putsize : postsize)); + if(result) + return result; + } +diff --git a/lib/setopt.c b/lib/setopt.c +index 38f5711e44191..0c3b9634d1192 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -333,8 +333,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + * We want to sent data to the remote host. If this is HTTP, that equals + * using the PUT request. + */ +- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; +- if(data->set.upload) { ++ arg = va_arg(param, long); ++ if(arg) { + /* If this is HTTP, PUT is what's needed to "upload" */ + data->set.method = HTTPREQ_PUT; + data->set.opt_no_body = FALSE; /* this is implied */ +@@ -625,7 +625,6 @@ + } + else + data->set.method = HTTPREQ_GET; +- data->set.upload = FALSE; + break; + + case CURLOPT_HTTPPOST: +@@ -888,7 +887,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + */ + if(va_arg(param, long)) { + data->set.method = HTTPREQ_GET; +- data->set.upload = FALSE; /* switch off upload */ + data->set.opt_no_body = FALSE; /* this is implied */ + } + break; +diff --git a/lib/smb.c b/lib/smb.c +index a1e444ee6b97e..d6822213529bc 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -530,7 +530,7 @@ static CURLcode smb_send_open(struct Curl_easy *data) + byte_count = strlen(req->path); + msg.name_length = smb_swap16((unsigned short)byte_count); + msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); +- if(data->set.upload) { ++ if(data->state.upload) { + msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); + msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF); + } +@@ -762,7 +762,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + void *msg = NULL; + const struct smb_nt_create_response *smb_m; + +- if(data->set.upload && (data->state.infilesize < 0)) { ++ if(data->state.upload && (data->state.infilesize < 0)) { + failf(data, "SMB upload needs to know the size up front"); + return CURLE_SEND_ERROR; + } +@@ -813,7 +813,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + smb_m = (const struct smb_nt_create_response*) msg; + req->fid = smb_swap16(smb_m->fid); + data->req.offset = 0; +- if(data->set.upload) { ++ if(data->state.upload) { + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->req.size); + next_state = SMB_UPLOAD; +diff --git a/lib/smtp.c b/lib/smtp.c +index 7a030308d4689..c182cace742d7 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status, + result = status; /* use the already set error code */ + } + else if(!data->set.connect_only && data->set.mail_rcpt && +- (data->set.upload || data->set.mimepost.kind)) { ++ (data->state.upload || data->set.mimepost.kind)) { + /* Calculate the EOB taking into account any terminating CRLF from the + previous line of the email or the CRLF of the DATA command when there + is "no mail data". RFC-5321, sect. 4.1.1.4. +@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, + smtp->eob = 2; + + /* Start the first command in the DO phase */ +- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) ++ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt) + /* MAIL transfer */ + result = smtp_perform_mail(data); + else +diff --git a/lib/tftp.c b/lib/tftp.c +index 164d3c723c5b9..8ed1b887b4d21 100644 +--- a/lib/tftp.c ++++ b/lib/tftp.c +@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, + + /* tsize should be ignored on upload: Who cares about the size of the + remote file? */ +- if(!data->set.upload) { ++ if(!data->state.upload) { + if(!tsize) { + failf(data, "invalid tsize -:%s:- value in OACK packet", value); + return CURLE_TFTP_ILLEGAL; +@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + return result; + } + +- if(data->set.upload) { ++ if(data->state.upload) { + /* If we are uploading, send an WRQ */ + setpacketevent(&state->spacket, TFTP_EVENT_WRQ); + state->data->req.upload_fromhere = +@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + if(!data->set.tftp_no_options) { + char buf[64]; + /* add tsize option */ +- if(data->set.upload && (data->state.infilesize != -1)) ++ if(data->state.upload && (data->state.infilesize != -1)) + msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, + data->state.infilesize); + else +@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + break; + + case TFTP_EVENT_OACK: +- if(data->set.upload) { ++ if(data->state.upload) { + result = tftp_connect_for_tx(state, event); + } + else { +diff --git a/lib/transfer.c b/lib/transfer.c +index e9ab8fbf09510..cb69f3365855a 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1293,6 +1293,7 @@ void Curl_init_CONNECT(struct Curl_easy *data) + { + data->state.fread_func = data->set.fread_func_set; + data->state.in = data->set.in_set; ++ data->state.upload = (data->state.httpreq == HTTPREQ_PUT); + } + + /* +@@ -1767,7 +1767,6 @@ + data->state.httpreq != HTTPREQ_POST_MIME) || + !(data->set.keep_post & CURL_REDIR_POST_303))) { + data->state.httpreq = HTTPREQ_GET; +- data->set.upload = false; + infof(data, "Switch to %s", + data->set.opt_no_body?"HEAD":"GET"); + } +@@ -1770,7 +1770,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url) + + /* if we're talking upload, we can't do the checks below, unless the protocol + is HTTP as when uploading over HTTP we will still get a response */ +- if(data->set.upload && ++ if(data->state.upload && + !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) + return CURLE_OK; + +diff --git a/lib/urldata.h b/lib/urldata.h +index cca992a0295aa..a8580bdb66fe8 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1487,6 +1487,7 @@ + BIT(url_alloc); /* URL string is malloc()'ed */ + BIT(referer_alloc); /* referer string is malloc()ed */ + BIT(wildcard_resolve); /* Set to true if any resolve change is a wildcard */ ++ BIT(upload); /* upload request */ + }; + + /* +@@ -1838,7 +1839,6 @@ struct UserDefined { + BIT(http_auto_referer); /* set "correct" referer when following + location: */ + BIT(opt_no_body); /* as set with CURLOPT_NOBODY */ +- BIT(upload); /* upload request */ + BIT(verbose); /* output verbosity */ + BIT(krb); /* Kerberos connection requested */ + BIT(reuse_forbid); /* forbidden to be reused, close after use */ +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index b31f741ba9492..d60edaa303642 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -1209,7 +1209,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(protop->path[strlen(protop->path)-1] == '/') +@@ -1802,7 +1802,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */ + ssh_set_blocking(sshc->ssh_session, 1); + +- if(data->set.upload) { ++ if(data->state.upload) { + if(data->state.infilesize < 0) { + failf(data, "SCP requires a known file size for upload"); + sshc->actualcode = CURLE_UPLOAD_FAILED; +@@ -1907,7 +1907,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + case SSH_SCP_DONE: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SCP_SEND_EOF); + else + state(data, SSH_SCP_CHANNEL_FREE); +diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c +index f1154dc47a74e..f2e5352d1fd3a 100644 +--- a/lib/vssh/libssh2.c ++++ b/lib/vssh/libssh2.c +@@ -2019,7 +2019,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + } + + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(sshp->path[strlen(sshp->path)-1] == '/') +@@ -2691,7 +2691,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- if(data->set.upload) { ++ if(data->state.upload) { + if(data->state.infilesize < 0) { + failf(data, "SCP requires a known file size for upload"); + sshc->actualcode = CURLE_UPLOAD_FAILED; +@@ -2831,7 +2831,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + break; + + case SSH_SCP_DONE: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SCP_SEND_EOF); + else + state(data, SSH_SCP_CHANNEL_FREE); +diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c +index 17d59ecd23bc8..2ca91b7363b1d 100644 +--- a/lib/vssh/wolfssh.c ++++ b/lib/vssh/wolfssh.c +@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) + } + break; + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') diff --git a/poky/meta/recipes-support/curl/curl_7.82.0.bb b/poky/meta/recipes-support/curl/curl_7.82.0.bb index 70ceb9f370..96280b31b2 100644 --- a/poky/meta/recipes-support/curl/curl_7.82.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.82.0.bb @@ -45,6 +45,11 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-27535-pre1.patch \ file://CVE-2023-27535_and_CVE-2023-27538.patch \ file://CVE-2023-27536.patch \ + file://CVE-2023-28319.patch \ + file://CVE-2023-28320.patch \ + file://CVE-2023-28321.patch \ + file://CVE-2023-28322-1.patch \ + file://CVE-2023-28322-2.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" diff --git a/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb b/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb index bb8766a070..21af37882f 100644 --- a/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb +++ b/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb @@ -29,6 +29,13 @@ HOMEPAGE = "https://libbsd.freedesktop.org/wiki/" # License: public-domain-Colin-Plumb LICENSE = "BSD-3-Clause & BSD-4-Clause & ISC & PD" LICENSE:${PN} = "BSD-3-Clause & ISC & PD" +LICENSE:${PN}-dbg = "BSD-3-Clause & ISC & PD" +LICENSE:${PN}-dev = "BSD-3-Clause & ISC & PD" +LICENSE:${PN}-doc = "BSD-3-Clause & BSD-4-Clause & ISC & PD" +LICENSE:${PN}-locale = "BSD-3-Clause & ISC & PD" +LICENSE:${PN}-src = "BSD-3-Clause & ISC & PD" +LICENSE:${PN}-staticdev = "BSD-3-Clause & ISC & PD" + LIC_FILES_CHKSUM = "file://COPYING;md5=0b31944ca2c1075410a30f0c17379d3b" SECTION = "libs" diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb index becacd4502..90d3286ac6 100644 --- a/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb +++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb @@ -23,17 +23,15 @@ EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=OFF -DENABLE_HPACK_TOOLS=OFF # EXTRA_OECMAKE += "-DENABLE_PYTHON_BINDINGS=OFF" -PACKAGES =+ "lib${BPN} ${PN}-client ${PN}-proxy ${PN}-server" +PACKAGES =+ "lib${BPN} ${PN}-proxy " -RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server (>= ${PV})" +RDEPENDS:${PN} = "${PN}-proxy (>= ${PV})" RDEPENDS:${PN}:class-native = "" RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell" ALLOW_EMPTY:${PN} = "1" FILES:${PN} = "" FILES:lib${BPN} = "${libdir}/*${SOLIBS}" -FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp" FILES:${PN}-proxy = "${bindir}/nghttpx ${datadir}/${BPN}/fetch-ocsp-response" -FILES:${PN}-server = "${bindir}/nghttpd" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb index 59cbb67961..72b446204a 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb @@ -29,4 +29,4 @@ FILES:${PN} += " \ # PN contains p11-kit-proxy.so, a symlink to a loadable module INSANE_SKIP:${PN} = "dev-so" -BBCLASSEXTEND = "nativesdk" +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py index a65a5b9780..c28d3917c2 100644 --- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py +++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py @@ -390,6 +390,13 @@ class BootimgEFIPlugin(SourcePlugin): logger.debug("Added %d extra blocks to %s to get to %d total blocks", extra_blocks, part.mountpoint, blocks) + # required for compatibility with certain devices expecting file system + # block count to be equal to partition block count + if blocks < part.fixed_size: + blocks = part.fixed_size + logger.debug("Overriding %s to %d total blocks for compatibility", + part.mountpoint, blocks) + # dosfs image, created by mkdosfs bootimg = "%s/boot.img" % cr_workdir |