diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2023-11-25 01:10:21 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2023-11-25 01:17:50 +0300 |
commit | 10926d29aed78e18949591afc166babfa9a4da6f (patch) | |
tree | 763df398a152dbee928b509e8aa675778757e491 /poky/meta/recipes-multimedia | |
parent | 398afb76d72b06c33a92fb9e1fa7eec829fb7ff8 (diff) | |
download | openbmc-10926d29aed78e18949591afc166babfa9a4da6f.tar.xz |
subtree updates
poky: 8d0ba08aa6..bf9f2f6f60:
Alassane Yattara (4):
bitbake: Update toaster-requirements to add django-log-viewer==1.1.7
bitbake: toaster: bug-fix on tests.browser.test_most_recent_builds_states
bitbake: Toaster: Bug-fix failure on tests.browser.test_layerdetails_page
bitbake: Toaster: Fixed javascript issue on tests.browser.test_js_unit_tests
Alberto Pianon (1):
bitbake: fetch2: Add API for upstream source tracing
Alejandro Hernandez Samaniego (2):
qemuarmv5: Drop QB_DTB conditional for older kernels
baremetal-helloworld: Pull in fix for race condition on x86-64
Alex Stewart (1):
libsndfile1: fix CVE-2022-33065
Alexandre Belloni (1):
strace: further clean up of ptest folders
Archana Polampalli (1):
vim: Upgrade 9.0.2048 -> 9.0.2068
Arne Schwerdt (1):
ref-manual: Warn about COMPATIBLE_MACHINE skipping native recipes
BELHADJ SALEM Talel (6):
ref-manual: Fix PACKAGECONFIG term and add an example
dev-manual: layers: Add notes about layer.conf
ref-manual: variables: add RECIPE_SYSROOT and RECIPE_SYSROOT_NATIVE
ref-manual: variables: add TOOLCHAIN_OPTIONS variable
ref-manual: variables: add example for SYSROOT_DIRS variable
overview-manual: concepts: Add Bitbake Tasks Map
Bruce Ashfield (10):
linux-yocto/6.1: update to v6.1.56
linux-yocto/6.5: update to v6.5.6
linux-yocto/6.1: tiny: fix arm 32 boot
linux-yocto/6.5: tiny: fix arm 32 boot
linux-yocto/6.5: update to v6.5.7
linux-yocto/6.1: update to v6.1.57
linux-yocto/6.4: drop recipes
linux-yocto/6.5: avoid serial port suspend issues
linux-yocto/6.5: config: remove VIDEO_STK1160_COMMON
linux-yocto/6.5: serial: core: integrate upstream fixes
Chris Laplante (1):
bitbake: codeparser: replace deprecated ast.Str and 's'
Dmitry Baryshkov (1):
kernel-arch: drop CCACHE from KERNEL_STRIP definition
Eero Aaltonen (1):
ref-manual: add systemd-resolved to distro features
Jon Mason (2):
qemu: drop unreferenced patch
linux-yocto: Update dtb path for qemuarmv5
Joshua Watt (1):
goarch: Move Go architecture mapping to a library
Julien Stephan (1):
oeqa/selftest/devtool: abort if a local workspace already exist
Jérémy Rosen (5):
insane: Add unimplemented-ptest infrastructure
insane: Detect python and perl based tests
insane: Detect build-system test harnesses
insane: Add a naive heuristic to detect test subdirectories
ref-manual: Add documentation for the unimplemented-ptest QA warning
Khem Raj (5):
gcompat: Add fcntl64 wrapper
gcompat: Upgrade to 1.1.0 release
python3-urllib3: Update to 2.0.6
llvm: Upgrade to 17.0.3
kernel.bbclass: Use strip utility used for kernel build in do_package
Lee Chee Yang (4):
qemu: ignore RHEL specific CVE-2023-2680
machine: drop obsolete SERIAL_CONSOLES_CHECK
documentation.conf: drop SERIAL_CONSOLES_CHECK
release-notes-4.3: add Repositories / Downloads section
Marlon Rodriguez Garcia (4):
bitbake: toaster: updated bootstrap version 3.3.6 -> 3.3.7
bitbake: toaster: Update bootstrap version to 3.4.1
bitbake: toaster: update jquery version 2.0.3 -> 3.7.1
bitbake: toaster: fixed functional test
Marta Rybczynska (4):
SECURITY.md: add file
bitbake: SECURITY.md: add file
dev-manual: add security team processes
dev-manual: extend the description of CVE patch preparation
Max Krummenacher (1):
Revert "bin_package.bbclass: Inhibit the default dependencies"
Michael Halstead (1):
docs: add support for nanbield (4.3) release
Michael Opdenacker (25):
manuals: update linux-yocto append examples
dev-manual: wic: update "wic list images" output
sdk-manual: appendix-obtain: improve and update descriptions
manuals: update list of supported machines
bsp-guide: bsp: skip Intel machines no longer supported in Poky
brief-yoctoprojectqs: use new CDN mirror for sstate
dev-manual: start.rst: remove obsolete reference
manuals: correct "yocto-linux" by "linux-yocto"
test-manual: reproducible-builds: stop mentioning LTO bug
ref-manual: document KERNEL_LOCALVERSION
ref-manual: variables: document OEQA_REPRODUCIBLE_TEST_PACKAGE
migration-guides: updates for 4.3
migration-guides: mention runqemu change in serial port management
ref-manual: document KERNEL_STRIP
migration-guides: further updates for 4.3
manuals: improve description of CVE_STATUS and CVE_STATUS_GROUPS
ref-manual: document MESON_TARGET
ref-manual: document cargo_c class
ref-manual: variables: mention new CDN for SSTATE_MIRRORS
ref-manual: variables: add RECIPE_MAINTAINER
ref-manual: variables: remove SERIAL_CONSOLES_CHECK
migration-guides: further updates for release 4.3
bsp-guide: bsp.rst: update beaglebone example
ref-manual: classes: explain cml1 class name
migration-guides: fix empty sections
Mickael RAMILISON (1):
scripts/patchreview: Add a custom pattern for finding recipe patches
Paul Eggleton (12):
Remove references to apm in MACHINE_FEATURES
ref-manual: update SDK_NAME variable documentation
ref-manual: remove semicolons from *PROCESS_COMMAND variables
release-notes-4.3: fix some typos
release-notes-4.3: tweaks to existing text
release-notes-4.3: add CVEs, recipe upgrades, license changes, contributors
release-notes-4.3: remove the Distribution section
release-notes-4.3: move new classes to Rust section
release-notes-4.3: feature additions
migration-4.3: remove some unnecessary items
migration-4.3: adjustments to existing text
migration-4.3: additional migration items
Peter Kjellerstedt (1):
bb-matrix-plot.sh: Show underscores correctly in labels
Peter Marko (1):
openssl: Upgrade 3.1.3 -> 3.1.4
Quentin Schulz (2):
recipes-rt: update README to match newer override syntax
ref-manual: variables: provide no-match example for COMPATIBLE_MACHINE
Richard Purdie (12):
reproducible: Exclude rust for now again
linux/cve-exclusion6.1/6.5: Update to latest kernel point releases
oeqa/qemurunner: Drop newlines serial workaround
local.conf.sample: Document new CDN mirror for sstate
poky.conf: Bump version for 4.3 nanbield release
build-appliance-image: Update to master head revision
build-appliance-image: Update to nanbield head revision
build-appliance-image: Update to nanbield head revision
build-appliance-image: Update to nanbield head revision
layer.conf: Switch layer to nanbield series only
base: Ensure recipes using mercurial-native have certificates
vim: Improve locale handling
Robert P. J. Day (2):
dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section
profile-manual: aesthetic cleanups
Ross Burton (24):
patchtest: sort when reading patches from a directory
linux-yocto: update CVE exclusions
libxml2: ignore disputed CVE-2023-45322
zlib: ignore CVE-2023-45853
pixman: ignore CVE-2023-37769
cve-check: sort the package list in the JSON report
cve-check: slightly more verbose warning when adding the same package twice
cve-check: don't warn if a patch is remote
migration-guides: add debian 12 to newly supported distros
migration-guides: edgerouter machine removed
migration-guides: QEMU_USE_SLIRP variable removed
migration-guides: remove non-notable change
migration-guides: mention LLVM 17
migration-guides: mention CDN
migration-guides: add kernel notes
migration-guides: remove SERIAL_CONSOLES_CHECK
migration-guides: enabling SPDX only for Poky, not a global default
migration-guides: add testing notes
migration-guides: add utility notes
migration-guides: add BitBake changes
migration-guides: packaging changes
migration-guides: git recipes reword
patchtest: remove unused imports
oeqa/selftest/debuginfod: improve selftest
Rouven Czerwinski (1):
glib-2.0: Remove unnecessary assignement
Siddharth Doshi (2):
vim: Upgrade 9.0.1894 -> 9.0.2009
vim: Upgrade 9.0.2009 -> 9.0.2048
Steve Sakoman (3):
vim: use upstream generated .po files
poky.conf: bump version for 4.3.1 release
build-appliance-image: Update to nanbield head revision
Trevor Gamblin (27):
patchtest: improve test issue messages
patchtest: clean up test suite
patchtest/requirements.txt: update
patchtest: add supporting modules
patchtest: add scripts to oe-core
patchtest: set default repo and testdir targets
patchtest: update SPDX identifiers
patchtest/selftest: fix command arguments
patchtest: check for untracked changes
contributor-guide: add patchtest section
contributor-guide: clarify patchtest usage
patchtest: test regardless of mergeability
patchtest: skip merge test if not targeting master
patchtest: fix lic_files_chksum test regex
patchtest-send-results: improve subject line
patchtest: disable merge test
patchtest-send-results: check max line length, simplify responses
patchtest/selftest: add XSKIP, update test files
patchtest: simplify test directory structure
patchtest: reduce checksum test output length
patchtest: shorten test result outputs
patchtest-send-results: send results to submitter
patchtest-send-results: add In-Reply-To
patchtest: make pylint tests compatible with 3.x
patchtest: remove test for CVE tag in mbox
patchtest-send-results: fix sender parsing
patchtest: rework license checksum tests
Wang Mingyu (3):
openssh: upgrade 9.4p1 -> 9.5p1
ell: upgrade 0.58 -> 0.59
libsdl2: upgrade 2.28.3 -> 2.28.4
William Lyu (1):
perl: fix intermittent test failure
Xiangyu Chen (1):
linux-yocto: make sure the pahole-native available before do_kernel_configme
Yoann Congal (2):
insane: skip unimplemented-ptest on S=WORKDIR recipes
insane: unimplemented-ptest: ignore source file errors
luca fancellu (1):
oeqa/ssh: Handle SSHCall timeout error code
meta-raspberrypi: 482d864b8f..8231f97534:
Andrei Gherzan (1):
docs: Fix ReadTheDocs builds.os requirement
Carlos Alberto Lopez Perez (1):
linux-raspberrypi: stop setting powersave as the default CPU governor
Jose Quaresma (2):
linux-raspberrypi/linux-raspberrypi-v7: drop 5.10 version
rpi-base: Adds EXTRA_IMAGEDEPENDS to fix the image task do_populate_lic_deploy
Khem Raj (1):
linux-raspberrypi_6.1.bb: Update to 6.1.61 release
Leon Anavi (2):
rpi-config: Upgrade to tip of tree
rpi-config: reintroduce start_x
Matthew Draws (1):
rpi-eeprom: Update to 2023.10.18-2712
Vincent Davis Jr (1):
rpidistro-vlc: add new patch po-Fix-typos-in-oc
meta-arm: e914891eee..0bd7fece41:
Abdellatif El Khlifi (6):
arm-bsp/linux-yocto: corstone1000: bump to v6.5%
arm-bsp/documentation: corstone1000: enable debug-tweaks
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update the change log
arm-bsp/documentation: corstone1000: update the user guide
kas: corstone1000: pin the SHAs
Ali Can Ozaslan (1):
arm-bsp/documentation: corstone1000: Update the user guide
Debbie Martin (10):
arm-bsp/u-boot: Divide the U-boot configuration by machine
arm-bsp/fvp-base: Merge fvp-common.inc into fvp-base.conf
arm-bsp/trusted-firmware-a/fvp-base: Add stdout path and virtio net and rng
arm-bsp/u-boot/fvp-base: Configure FVP base U-boot machine and enable U-boot sysreset, CRC-32 and virtio RNG
arm-bsp/fvp-base: Configure grub as the EFI provider
arm/fvp-base: Update the default testsuites
arm-systemready: Introduce the Arm SystemReady layer
arm-bsp/systemready: Bring up the Arm SystemReady IR ACS 2.0 suite on FVP base
kas: Add kas configuration for Arm SystemReady and fvp-base
ci: Add fvpboot to IMAGE_CLASSES
Delane Brandy (1):
arm-bsp/documentation: corstone1000: Update the user guide
Drew Reed (2):
arm-bsp: Enable TF-A test building for the N1SDP
CI: Enable TF-A TFTF test builds
Emekcan Aras (17):
arm-bsp/u-boot: corstone1000: enable on-disk capsule update
arm-bsp/u-boot: corstone1000: fix runtime capsule update flag checks
arm-bsp/trusted-firmware-m: fix capsule update alignment
arm-bsp/trusted-firmware-m: update the upstream status of the out-of-tree patches
arm-bsp/u-boot: corstone1000: scatter gather list workaround for ondisk capsule update
arm-bsp/trusted-services: enable signaled handling interrupts for SPs
arm-bsp/corstone1000: fix synchronization issue on openamp notification
arm/fvp-corstone1000: upgrade to 11.23_25
arm-bsp/corstone1000-fvp: Add virtio-net configuration
arm-bsp/corstone1000-fvp: add unpadded image support for MMC card config
arm-bsp/corstone1000-fvp: Disable Time Annotation
arm-bsp/u-boot: corstone1000: enable virtio-net support for FVP
arm-bsp/documentation: corstone1000: update the architecture document
arm-bsp/documentation: corstone1000: Add EFI system partition section
arm-bsp/documentation: corstone1000: add a note and fix instructions
arm-bsp/documentation: corstone1000: add readthedocs.yaml file
arm-bsp/documentation: corstone1000: fix the requirements.txt and conf.py path
Harsimran Singh Tungal (4):
arm-bsp/u-boot: corstone1000: Remove External system patches
arm-bsp/linux: corstone1000: update the defconfig
arm-bsp/linux: corstone1000: Remove External system patches
arm-bsp/images: corstone1000: Remove the external system test package
Javier Tia (1):
trusted-firmware-a: fix build error when using ccache
Jon Mason (9):
arm-bsp/linux-yocto: add recipe for v6.4 kernel
arm/linux-yocto: remove defconfig patch
CI: add sbsa-acs to recipe report
arm/linux-yocto: remove PHYS_VIRT config frag
arm-bsp/optee: remove 3.18 recipes and patches
arm-bsp/edk2: remove 202211
arm/hafnium: update to v2.9
arm/optee: update to 4.0.0
arm/optee: cleanups from code review
Mariam Elshakfy (3):
arm-bsp/n1sdp: Move OP-TEE to DDR4
arm-bsp/n1sdp: Enable OP-TEE cache in N1SDP
arm-bsp/corstone1000: Remove inappropriate kernel delay patch
Ross Burton (21):
arm/oeqa/selftest: tag all tests with "meta-arm"
CI: don't hardcode the selftest tests to run
CI: also run the _qemutiny testcase for poky-tiny
CI: track nanbield branches
arm/fvp-corstone1000: upgrade to 11.22.35, add aarch64 binaries
kas/corstone1000: don't limit the FVP use to x86-64
CI: don't pin corstone1000-fvp to x86-64
CI: build both aarch64 and x86-64 packages for as many FVPs as possible
arm-bsp/u-boot: remove 2023.01
arm/trusted-firmware-a: update mbedtls to recommended release
CI: Add meta-secure-core to pending-upgrades for corstone1000
arm-bsp: corstone1000 depends on meta-efi-secure-boot
arm/generic-arm64: remove obsolete SERIAL_CONSOLES_CHECK
arm/lib/fvp/runner: don't pass '' as cwd
scripts/runfvp: exit code should be the FVP exit code
arm/selftest: add test that DISPLAY is forwarded into the runfvp child
CI: use nanbield branch for meta-virtualization
CI: use nanbield branch of meta-clang
arm/optee: handle CVE-2021-36133 as disputed
arm-bsp/optee-os: backport fix for CVE-2023-41325
arm-bsp/optee-os: update Upstream-Status tags
Vikas Katariya (1):
arm-bsp/corstone1000: Fix RSA key generation issue
Xueliang Zhong (2):
Update Corstone-1000 doc with security issue reporting guideline
arm-bsp/n1sdp: update to linux yocto kernel 6.5
meta-security: 3f7d40b0fc..5938fa5839:
Gowtham Suresh Kumar (1):
Update parsec recipes
Mingli Yu (1):
samhain: remove the buildpath
Stefan Berger (1):
ima,evm: Add two variables to write filenames and signatures into
meta-openembedded: c40aebd422..1750c66ae8:
Ahmad Fatoum (1):
signing.bbclass: don't export OPENSSL environment variables globally
Akash Hadke (1):
libeigen: Update GPL-3.0-only to GPL-2.0-only
Alex Kiernan (2):
mdns: Upgrade 1790.80.10 -> 2200.0.8
jq: Upgrade 1.6+git -> 1.7
Andrew Jeffery (1):
mdio-tools: Add virtual/kernel dependency to avoid stale SPDX reference
Archana Polampalli (1):
nodejs: upgrade 18.17.1 -> 20.5.1
Armin Kuster (1):
meta-openemnedded: Add myself as nanbield maintainer
Beniamin Sandu (2):
libnet: upgrade version v1.2 -> v1.3
mbedtls: upgrade 3.4.1 -> 3.5.0
Benjamin Bara (1):
libvpx: upgrade 1.13.0 -> 1.13.1
Bruce Ashfield (2):
zfs: update to v2.2.0-rc4
vboxguestdrivers: fix kernel v6.5 build
Carlos Alberto Lopez Perez (1):
libbacktrace: Update version and enable shared library.
Charles Perry (2):
libosip2: add recipe
libexosip2: add recipe
Chen Qi (1):
libblockdev: fix QA error in case of multilib
Chi Xu (1):
re2: Add ptest support
Christophe Vu-Brugier (4):
libnvme: upgrade 1.5 -> 1.6
nvme-cli: upgrade 2.5 -> 2.6
libnvme: apply patch already upstream to fix build with musl
exfatprogs: upgrade 1.2.1 -> 1.2.2
Clément Péron (9):
etcd-cpp-apiv3: upgrade 0.14.3 -> 0.15.3
devtools: grpc: bump to 1.56.2
protobuf: upgrade 4.22.2 -> 4.23.4
protobuf-c: bump to next release to support protobuf 4.23.x
mariadb: add missing <cstdint> in rocksdb string_util.h
etcd-cpp-apiv3: fix build when gRPC is cross compiled
Revert "protobuf: stage protoc binary to sysroot"
proj: Upgrade to 9.3.0 release
pcapplusplus: Add recipe for 23.09 release
Daniel Klauer (1):
graphviz: Fix build to not use $prefix as search dir
Daniel McGregor (1):
python3-pylint: allow native build
David Pierret (3):
libtext: add ptest
cjson: Add ptest
python3-rapidjson: add missing ptest dependency
Denys Zagorui (1):
libbpf: add arm, powerpc and mips64 to COMPATIBLE_HOST
Derek Straka (32):
python3-apiflask: Update version 2.0.1 -> 2.0.2
python3-argh: Update version 0.29.3 -> 0.29.4
python3-async-timeout: remove old version of the library
python3-pydantic: Update version 1.10.7 -> 2.4.1
python3-pyhamcrest: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pyasn1-modules: Update version 0.2.8 -> 0.3.0
python-pyiface: Update version from git -> 0.0.11
python3-pymysql: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-pymysql: update verion 1.0.2 -> 1.1.0
python3-pyproj: update version 3.6.0 -> 3.6.1
python3-pyproject-api: update version 1.5.1 -> 1.6.1
python3-redis: update version 5.0.0 -> 5.0.1
python3-traitlets: update version 5.9.0 -> 5.10.1
python3-xxhash: update version 3.2.0 -> 3.3.0
python3-pyzmq: update version 25.0.0 -> 25.1.1
python3-cachecontrol: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-flask-babel: update version 2.0.0 -> 3.1.0
python3-idna-ssl: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-ninja-syntax: Fix upstream check by specifying the UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
python3-prettytable: update version 3.6.0 -> 3.9.0
python3-pytz-deprecation-shim: Remove outdated recipe meant to be a short lived shim
python3-tzlocal: Remove dependency on pytz_deprecation_shim removed in release 5.0
python3-astroid: update version 2.16.6 -> 3.0.0
python3-flask: update version 2.3.2 -> 2.3.3
python3-google-api-core: update version 2.12.0
python3-google-api-python-client: update version 2.100.0 -> 2.101.0
python3-google-auth: update version 2.23.0 -> 2.23.1
python3-parse-type: update version 0.5.2 -> 0.6.2
python3-nacl: Add recipe for the latest release of PyNaCl
python3-botocore: add recipe for latest version of botocore
python3-boto3: add recipe for latest version of boto3
python3-flask-cors: add initial version of the recipe for 4.0.0
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.21 -> 0.0.22
Fabien Thomas (10):
meta-filesystems/layer.conf : Add meta-networking dependency
Add static-passwd and static-group files
Add static-passwd and static-group files
Add static-passwd and static-group files
Add static-passwd and static-group files
Add static-passwd and static-group files
Add static-passwd and static-group files
Add static-passwd and static-group files
klibc/klibc.inc : Add DEBUG_PREFIX_MAP flag.
samba.bb : Disable ad-dc by default
Fabio Estevam (1):
edid-decode: Upgrade to latest master
Gianfranco Costamagna (9):
mosquitto: upgrade 2.0.17 -> 2.0.18
dlt-daemon: Make it work without systemd
dlt-daemon: Enable experimental coredumphandler feature
dlt-daemon: update patch 544.patch
dlt-daemon: do not disable dlt-system build when systemd is set to off
dlt-daemon: Add an additional fix for non-systemd builds
cpprestsdk: fix typo in comment, tag is actually 2.0.18
vbxguestdrivers: upgrade 7.0.10 -> 7.0.12
cpulimit: add DESCRIPTION field
Jeffrey Pautler (2):
bolt: disable CVE checking for this recipe
bolt: change product name used for CVE checking
Joe Slater (2):
nginx: add configure option
python3-pynacl: add RCONFLICTS with python3-nacl
Johannes Kauffmann (1):
open62541: add Backport status and link to patch
Jose Quaresma (4):
ostree: Upgrade 2023.5 -> 2023.6
ostree: drop trivial-httpd-cmdline
ostree: add ed25519-openssl
ostree: Upgrade 2023.6 -> 2023.7
Jörg Sommer (1):
collectd: Use https in SRC_URI, add HOMEPAGE
Khem Raj (40):
mozjs-115: Apply autoconf tuple mismatch fix
cpp-netlib: Fix build with boost 1.80+
cpp-netlib: Fix buildpaths in generated cmake files
python3-pybluez: Fix patch upstream-status
python3-pynetlinux: Fix patch upstream-status
libnet-idn-encode: Add recipe
libio-socket-ssl-perl: Change libnet-libidn-perl->libnet-idn-encode rdep for ptests
libnfs: Drop -Wno-implicit-function-declaration
webkitgtk3: Do not use musttail with clang on arm
fftw: Fix ptest result reporting
nodejs: Fix ptest result reporting
relayd: Update to latest tip of trunk
relayd: Fix build with clang
kernel-selftest: Build headers before compiling tests
python3-pyroute2: Add missing dependency on sqlite3 for ptests
python3-pylint: Upgrade to 3.0.0
python3-lz4: use python3-unittest-automake-output
minicoredumber: Fix ptest reporting
images: Inherit from core-image-base
images: Delete layer specific base images
images: Rename <layer>-image to <layer>-image-all
images: Rename ptest images to rhyme with oe-core ptest images
ptest-image: Switch to using core-image-minimal
stressapptest: Upgrade to 1.0.11 release
klibc: Upgrade to 2.0.13 release
libnvme: Fix test builds on musl
kernel-selftest: Build bpf tests again
ptest-packagelists-meta-oe: Add kernel-selftest to x86/x86-64 images
kernel-selftest: Copy the .config from kernel build
kernel-selftest: Use clang options when clang is available
libnet-idn-encode: Fix build with perl 2.38 and gcc13
poco: Fix data race when create POSIX thread
static-group: Match nogroup id to base-passwd from core.
gutenprint: Upgrade to 5.3.4
meta-perl: Add libtext-diff-perl to fast ptest list
leveldb: Upgrade to 1.23 plus latest git
meta-python: Add python3-rapidjson to PTESTS_FAST_META_PYTHON
leveldb: Print uint64_t with PRI64
network-manager-applet,networkmanager-openvpn, networkmanager: Apply linker versioning patch when using lld only
emlog: Add PV
Lei Maohui (1):
gexiv2: Fix do_package QA issue when usrmerge enabled.
Leon Anavi (1):
sip: upgrade 6.7.11 -> 6.7.12
Luca Fancellu (5):
linuxptp: update linuxptp recipe to 4.1
linuxptp: install default configuration file in sysconfdir
linuxptp: add systemd services
linuxptp: Drop unneeded downstream patches
linuxptp: Use templates for the systemd services
Marek Vasut (2):
lvgl: lv-drivers: Allow empty package
lvgl: Allow empty package
Markus Volk (22):
gedit: Upgrade 44.2 -> 46.1
tepl: Upgrade 6.4.0 -> 6.8.0
libblockdev: Upgrade 2.28 -> 3.03
udisks2: Upgrade 2.9.4 -> 2.10.1
mozjs: Upgrade 102.15.0 -> 102.15.1
libnfs: dont install libnfs-config.cmake
gnome-remote-desktop: Upgrade 44.2 -> 45.0
pugixml: Update 1.13 -> 1.14
pipewire: Upgrade 0.3.80 -> 0.3.81
gnome-control-center: Fix polkit gettext issue
libdecor: Upgrade 0.1.99 -> 0.2.0
wireplumber: Upgrade 0.4.14 -> 0.4.15
pipewire: Update 0.3.81 -> 0.3.83
gnome-software: Update 45.0 -> 45.1
gnome-calendar: Update 45.0 -> 45.1
gnome-disk-utility: Update 44.0 -> 45.0
gnome-control-center: Update 45.0 -> 45.1
eog: Update 45.0 -> 45.1
gnome-remote-desktop: Update 45.0 -> 45.1
gnome-shell: Add missing dependency on pipewire
gnome-shell: Remove deprecated libcroco dependency
openbox: Drop deprecated libcroco dependency
Martin Jansa (14):
gupnp: fix build with meson-1.2.0
minifi-cpp, mozjs-115, redis-7.2.1, pv: add missing Upstream-Status
mozjs: fix filename in MULTILIB_SCRIPTS
gupnp-tools: fix build with meson-1.2.0
gnome-tweaks, networkmanager-fortisslvpn, libesmtp, json-schema-validator, python3-pybluez, python3-pynetlinux, apache2: Fix Malformed Upstream-Status
mozjs: use PV in MULTILIB_SCRIPTS
mosquitto, etcd-cpp-apiv3: add missing Upstream-Status
meta-oe/dynamic-layers: add Upstream-Status where missing
meta-oe/dynamic-layers: add one more missing Upstream-Status and fix one malformed
opencv: Fix build with protobuf v22 and dnn enabled
nodejs: update to latest v20 version 20.8.1
nodejs: Revert io_uring support from bundled libuv-1.46.0
opencv: refresh protobuf-v22 compatibility patch with backported version
leveldb: prevent installing gtest
Martin Maurer (1):
libqmi: Upgrade 1.32.4 -> 1.34.0
Matthias Klein (1):
paho-mqtt-c: upgrade 1.3.12 -> 1.3.13
Michał Iwanicki (1):
python3-pyu2f: add recipe
Mickael RAMILISON (1):
python3-rapidjson: add ptest
Mingli Yu (1):
mozjs-102: Remove the buildpath
Pawel Langowski (1):
recipes-connectivity: Add tayga recipe
Peter Kjellerstedt (2):
libwebsockets: Support building for native
mosquitto: Support building for native again
Petr Gotthard (2):
libmbim: upgrade 1.28.4 -> 1.30.0
modemmanager: upgrade 1.20.6 -> 1.22.0
Philip-Dylan Gleonec (1):
cukinia: Fix license field
Richard Purdie (4):
meta-python: Drop broken BBCLASSEXTEND variants
meta-oe: Drop broken BBCLASSEXTEND variants
meta-networking: Drop broken BBCLASSEXTEND variants
meta-perl: Drop broken BBCLASSEXTEND variants
Ross Burton (1):
webkitgtk3: reduce size of -dbg package
Sam Van Den Berge (1):
netdata: Upgrade 1.36.1 -> 1.43.0
Samantha Jalabert (6):
Remove python3-rdflib
Remove python3-license-expression
Remove python3-xmltodict
Remove python3-booleanpy
Remove python3-click
Remove python3-isodate
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Thomas Roos (1):
python3-boto3, python3-botocore: remove recipes
Tim Orling (2):
po4a: remove old recipe
debsums: remove old recipe
Tom Hochstein (1):
libcamera: Avoid build break in signature recalculation
Trevor Gamblin (5):
python-git-pw: add from meta-patchtest
python3-py-cpuinfo: disable broken ptests
python3-arrow: add from meta-patchtest
python3-pytest-mock: disable broken ptests
meta-python: update ptests status for py-cpuinfo, pytest-mock
Vyacheslav Yurkov (3):
overlayfs-tools: Drop unneeded dependency
overlayfs-tools: Bump up the version
overlayfs-tools: Install fsck binary
Wang Mingyu (84):
dnf-plugin-tui: create symlinks from /usr/ to /.
c-ares: upgrade 1.19.1 -> 1.20.1
adw-gtk3: upgrade 4.9 -> 5.1
ctags: upgrade 6.0.20230917.0 -> 6.0.20231001.0
dialog: upgrade 1.3-20230209 -> 1.3-20231002
freerdp: upgrade 2.11.1 -> 2.11.2
gnome-backgrounds: upgrade 44.0 -> 45.0
gnome-calculator: upgrade 45.0 -> 45.0.2
gnome-font-viewer: upgrade 44.0 -> 45.0
ipc-run: upgrade 20220807.0 -> 20231003.0
libbytesize: upgrade 2.9 -> 2.10
libcoap: upgrade 4.3.3 -> 4.3.4
libyang: upgrade 2.1.111 -> 2.1.128
lvgl: upgrade 8.3.9 -> 8.3.10
metacity: upgrade 3.46.1 -> 3.50.0
nautilus: upgrade 45.0 -> 45.1
ceres-solver: upgrade 2.1.0 -> 2.2.0
python3-eth-abi: upgrade 3.0.1 -> 4.2.1
python3-mypy: upgrade 1.5.1 -> 1.6.1
python3-pylint: upgrade 3.0.0 -> 3.0.1
python3-aiodns: upgrade 3.0.0 -> 3.1.1
python3-aiohttp: upgrade 3.8.5 -> 3.8.6
python3-astroid: upgrade 3.0.0 -> 3.0.1
python3-bitarray: upgrade 2.8.1 -> 2.8.2
python3-bitstruct: upgrade 8.17.0 -> 8.18.0
python3-blinker: upgrade 1.6.2 -> 1.6.3
python3-charset-normalizer: upgrade 3.2.0 -> 3.3.0
python3-cmake: upgrade 3.27.5 -> 3.27.7
python3-coverage: upgrade 7.3.1 -> 7.3.2
python3-croniter: upgrade 1.4.1 -> 2.0.1
python3-dbus-fast: upgrade 1.85.0 -> 2.12.0
python3-email-validator: upgrade 1.3.1 -> 2.0.0
python3-engineio: upgrade 4.7.1 -> 4.8.0
python3-eth-typing: upgrade 3.4.0 -> 3.5.0
python3-eth-utils: upgrade 2.2.1 -> 2.2.2
python3-executing: upgrade 1.2.0 -> 2.0.0
python3-flask-babel: upgrade 3.1.0 -> 4.0.0
python3-flask-jwt-extended: upgrade 4.5.2 -> 4.5.3
python3-google-api-python-client: upgrade 2.101.0 -> 2.104.0
python3-googleapis-common-protos: upgrade 1.60.0 -> 1.61.0
python3-google-auth: upgrade 2.23.1 -> 2.23.3
python3-h5py: upgrade 3.9.0 -> 3.10.0
python3-huey: upgrade 2.4.5 -> 2.5.0
python3-imageio: upgrade 2.31.3 -> 2.31.5
python3-ipython: upgrade 8.15.0 -> 8.16.1
python3-jedi: upgrade 0.19.0 -> 0.19.1
python3-meson-python: upgrade 0.13.1 -> 0.14.0
python3-msgpack: upgrade 1.0.6 -> 1.0.7
python3-platformdirs: upgrade 3.10.0 -> 3.11.0
python3-prompt-toolkit: upgrade 3.0.36 -> 3.0.39
python3-protobuf: upgrade 4.24.3 -> 4.24.4
python3-pycares: upgrade 4.3.0 -> 4.4.0
python3-pycodestyle: upgrade 2.11.0 -> 2.11.1
python3-pydantic: upgrade 2.4.1 -> 2.4.2
python3-pyephem: upgrade 4.1.4 -> 4.1.5
python3-pytest-timeout: upgrade 2.1.0 -> 2.2.0
python3-rapidjson: upgrade 1.11 -> 1.12
python3-regex: upgrade 2023.8.8 -> 2023.10.3
python3-rich: upgrade 13.5.3 -> 13.6.0
python3-schedule: upgrade 1.2.0 -> 1.2.1
python3-semver: upgrade 3.0.1 -> 3.0.2
python3-simplejson: upgrade 3.19.1 -> 3.19.2
python3-socketio: upgrade 5.9.0 -> 5.10.0
python3-sqlalchemy: upgrade 2.0.21 -> 2.0.22
python3-stack-data: upgrade 0.6.2 -> 0.6.3
python3-texttable: upgrade 1.6.7 -> 1.7.0
python3-traitlets: upgrade 5.10.1 -> 5.11.2
python3-types-psutil: upgrade 5.9.5.16 -> 5.9.5.17
python3-tzlocal: upgrade 5.0.1 -> 5.1
python3-web3: upgrade 6.10.0 -> 6.11.1
python3-websocket-client: upgrade 1.6.3 -> 1.6.4
python3-xlsxwriter: upgrade 3.1.3 -> 3.1.8
python3-xxhash: upgrade 3.3.0 -> 3.4.1
python3-zeroconf: upgrade 0.112.0 -> 0.119.0
python3-zopeinterface: upgrade 6.0 -> 6.1
rdma-core: upgrade 47.0 -> 48.0
redis: upgrade 7.2.1 -> 7.2.2
remmina: upgrade 1.4.32 -> 1.4.33
tesseract: upgrade 5.3.2 -> 5.3.3
thingsboard-gateway: upgrade 3.3 -> 3.4.1
tio: upgrade 2.6 -> 2.7
wireshark: upgrade 4.0.8 -> 4.0.10
xterm: upgrade 384 -> 387
zchunk: upgrade 1.3.1 -> 1.3.2
Xiangyu Chen (3):
mosh: add support of protobuf 4.22.x
protobuf: upgrade 3.21.12 -> 4.22.2
protobuf-c: add support of protobuf 4.22.x
Yi Zhao (6):
samba: upgrade 4.18.6 -> 4.18.8
samba: use external cmocka instead of bundled cmocka
libtevent: fix ptest
libldb: add ptest
conntrack-tools: upgrade 1.4.7 -> 1.4.8
nftables: upgrade 1.0.8 -> 1.0.9
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Icadb12eae4fd40dd775a4eff9259684fbcd12e74
Diffstat (limited to 'poky/meta/recipes-multimedia')
-rw-r--r-- | poky/meta/recipes-multimedia/libsndfile/libsndfile1/cve-2022-33065.patch | 739 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb | 1 |
2 files changed, 740 insertions, 0 deletions
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/cve-2022-33065.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/cve-2022-33065.patch new file mode 100644 index 0000000000..fa4b2fc08b --- /dev/null +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/cve-2022-33065.patch @@ -0,0 +1,739 @@ +From c7ce5b0ebeeb58934825077d1324960aa0747718 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Tue, 10 Oct 2023 16:10:34 -0400 +Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation + +The clang sanitizer warns of a possible signed integer overflow when +calculating the `dataend` value in `mat4_read_header()`. + +``` +src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in +src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int' +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in +``` + +Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of +`dataend` before performing the calculation, to avoid the issue. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/789 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Upstream-Status: Backport [9a829113c88a51e57c1e46473e90609e4b7df151] + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/mat4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mat4.c b/src/mat4.c +index 0b1b414b..575683ba 100644 +--- a/src/mat4.c ++++ b/src/mat4.c +@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf) + psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ; + } + else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth) +- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ; ++ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ; + + psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ; + +From 842303f984b2081481e74cb84a9a24ecbe3dec1a Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 16:36:02 -0400 +Subject: [PATCH] au: avoid int overflow while calculating data_end + +At several points in au_read_header(), we calculate the functional end +of the data segment by adding the (int)au_fmt.dataoffset and the +(int)au_fmt.datasize. This can overflow the implicit int_32 return value +and cause undefined behavior. + +Instead, precalculate the value and assign it to a 64-bit +(sf_count_t)data_end variable. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/au.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/au.c b/src/au.c +index 62bd691d..f68f2587 100644 +--- a/src/au.c ++++ b/src/au.c +@@ -291,6 +291,7 @@ static int + au_read_header (SF_PRIVATE *psf) + { AU_FMT au_fmt ; + int marker, dword ; ++ sf_count_t data_end ; + + memset (&au_fmt, 0, sizeof (au_fmt)) ; + psf_binheader_readf (psf, "pm", 0, &marker) ; +@@ -317,14 +318,15 @@ au_read_header (SF_PRIVATE *psf) + return SFE_AU_EMBED_BAD_LEN ; + } ; + ++ data_end = (sf_count_t) au_fmt.dataoffset + (sf_count_t) au_fmt.datasize ; + if (psf->fileoffset > 0) +- { psf->filelength = au_fmt.dataoffset + au_fmt.datasize ; ++ { psf->filelength = data_end ; + psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ; + } +- else if (au_fmt.datasize == -1 || au_fmt.dataoffset + au_fmt.datasize == psf->filelength) ++ else if (au_fmt.datasize == -1 || data_end == psf->filelength) + psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ; +- else if (au_fmt.dataoffset + au_fmt.datasize < psf->filelength) +- { psf->filelength = au_fmt.dataoffset + au_fmt.datasize ; ++ else if (data_end < psf->filelength) ++ { psf->filelength = data_end ; + psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ; + } + else +From 0754d3380a54e3fbdde0f684b88955c80c79f58f Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 16:46:29 -0400 +Subject: [PATCH] avr: fix int overflow in avr_read_header() + +Pre-cast hdr.frames to sf_count_t, to provide the calculation with +enough numeric space to avoid an int-overflow. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/avr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/avr.c b/src/avr.c +index 6c78ff69..1bc1ffc9 100644 +--- a/src/avr.c ++++ b/src/avr.c +@@ -162,7 +162,7 @@ avr_read_header (SF_PRIVATE *psf) + psf->endian = SF_ENDIAN_BIG ; + + psf->dataoffset = AVR_HDR_SIZE ; +- psf->datalength = hdr.frames * (hdr.rez / 8) ; ++ psf->datalength = (sf_count_t) hdr.frames * (hdr.rez / 8) ; + + if (psf->fileoffset > 0) + psf->filelength = AVR_HDR_SIZE + psf->datalength ; +From 6ac31a68a614e2bba4a05b54e5558d6270c98376 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 16:54:21 -0400 +Subject: [PATCH] sds: fix int overflow warning in sample calculations + +The sds_*byte_read() functions compose their uint_32 sample buffers by +shifting 7bit samples into a 32bit wide buffer, and adding them +together. Because the 7bit samples are stored in 32bit ints, code +fuzzers become concerned that the addition operation can overflow and +cause undefined behavior. + +Instead, bitwise-OR the bytes together - which should accomplish the +same arithmetic operation, without risking an int-overflow. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> + +Do the same for the 3byte and 4byte read functions. +--- + src/sds.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/sds.c b/src/sds.c +index 6bc76171..2a0f164c 100644 +--- a/src/sds.c ++++ b/src/sds.c +@@ -454,7 +454,7 @@ sds_2byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds) + + ucptr = psds->read_data + 5 ; + for (k = 0 ; k < 120 ; k += 2) +- { sample = arith_shift_left (ucptr [k], 25) + arith_shift_left (ucptr [k + 1], 18) ; ++ { sample = arith_shift_left (ucptr [k], 25) | arith_shift_left (ucptr [k + 1], 18) ; + psds->read_samples [k / 2] = (int) (sample - 0x80000000) ; + } ; + +@@ -498,7 +498,7 @@ sds_3byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds) + + ucptr = psds->read_data + 5 ; + for (k = 0 ; k < 120 ; k += 3) +- { sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) ; ++ { sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) ; + psds->read_samples [k / 3] = (int) (sample - 0x80000000) ; + } ; + +@@ -542,7 +542,7 @@ sds_4byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds) + + ucptr = psds->read_data + 5 ; + for (k = 0 ; k < 120 ; k += 4) +- { sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) + (ucptr [k + 3] << 4) ; ++ { sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) | (ucptr [k + 3] << 4) ; + psds->read_samples [k / 4] = (int) (sample - 0x80000000) ; + } ; + +From 96428e1dd4998f1cd47df24f8fe9b0da35d7b947 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 17:26:51 -0400 +Subject: [PATCH] aiff: fix int overflow when counting header elements + +aiff_read_basc_chunk() tries to count the AIFF header size by keeping +track of the bytes returned by psf_binheader_readf(). Though improbable, +it is technically possible for these added bytes to exceed the int-sized +`count` accumulator. + +Use a 64-bit sf_count_t type for `count`, to ensure that it always has +enough numeric space. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/aiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/aiff.c b/src/aiff.c +index a2bda8f4..6b244302 100644 +--- a/src/aiff.c ++++ b/src/aiff.c +@@ -1702,7 +1702,7 @@ static int + aiff_read_basc_chunk (SF_PRIVATE * psf, int datasize) + { const char * type_str ; + basc_CHUNK bc ; +- int count ; ++ sf_count_t count ; + + count = psf_binheader_readf (psf, "E442", &bc.version, &bc.numBeats, &bc.rootNote) ; + count += psf_binheader_readf (psf, "E222", &bc.scaleType, &bc.sigNumerator, &bc.sigDenominator) ; +From b352c350d35bf978e4d3a32e5d9df1f2284445f4 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 17:43:02 -0400 +Subject: [PATCH] ircam: fix int overflow in ircam_read_header() + +When reading the IRCAM header, it is possible for the calculated +blockwidth to exceed the bounds of a signed int32. + +Use a 64bit sf_count_t to store the blockwidth. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/common.h | 2 +- + src/ircam.c | 10 +++++----- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/common.h b/src/common.h +index d92eabde..5369cb67 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -439,7 +439,7 @@ typedef struct sf_private_tag + sf_count_t datalength ; /* Length in bytes of the audio data. */ + sf_count_t dataend ; /* Offset to file tailer. */ + +- int blockwidth ; /* Size in bytes of one set of interleaved samples. */ ++ sf_count_t blockwidth ; /* Size in bytes of one set of interleaved samples. */ + int bytewidth ; /* Size in bytes of one sample (one channel). */ + + void *dither ; +diff --git a/src/ircam.c b/src/ircam.c +index 8e7cdba8..3d73ba44 100644 +--- a/src/ircam.c ++++ b/src/ircam.c +@@ -171,35 +171,35 @@ ircam_read_header (SF_PRIVATE *psf) + switch (encoding) + { case IRCAM_PCM_16 : + psf->bytewidth = 2 ; +- psf->blockwidth = psf->sf.channels * psf->bytewidth ; ++ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ; + + psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_PCM_16 ; + break ; + + case IRCAM_PCM_32 : + psf->bytewidth = 4 ; +- psf->blockwidth = psf->sf.channels * psf->bytewidth ; ++ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ; + + psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_PCM_32 ; + break ; + + case IRCAM_FLOAT : + psf->bytewidth = 4 ; +- psf->blockwidth = psf->sf.channels * psf->bytewidth ; ++ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ; + + psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_FLOAT ; + break ; + + case IRCAM_ALAW : + psf->bytewidth = 1 ; +- psf->blockwidth = psf->sf.channels * psf->bytewidth ; ++ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ; + + psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_ALAW ; + break ; + + case IRCAM_ULAW : + psf->bytewidth = 1 ; +- psf->blockwidth = psf->sf.channels * psf->bytewidth ; ++ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ; + + psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_ULAW ; + break ; +From 3bcd291e57867f88f558fa6f80990e84311df78c Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Wed, 11 Oct 2023 16:12:22 -0400 +Subject: [PATCH] mat4/mat5: fix int overflow when calculating blockwidth + +Pre-cast the components of the blockwidth calculation to sf_count_t to +avoid overflowing integers during calculation. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/mat4.c | 2 +- + src/mat5.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/mat4.c b/src/mat4.c +index 575683ba..9f046f0c 100644 +--- a/src/mat4.c ++++ b/src/mat4.c +@@ -104,7 +104,7 @@ mat4_open (SF_PRIVATE *psf) + + psf->container_close = mat4_close ; + +- psf->blockwidth = psf->bytewidth * psf->sf.channels ; ++ psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ; + + switch (subformat) + { case SF_FORMAT_PCM_16 : +diff --git a/src/mat5.c b/src/mat5.c +index da5a6eca..20f0ea64 100644 +--- a/src/mat5.c ++++ b/src/mat5.c +@@ -114,7 +114,7 @@ mat5_open (SF_PRIVATE *psf) + + psf->container_close = mat5_close ; + +- psf->blockwidth = psf->bytewidth * psf->sf.channels ; ++ psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ; + + switch (subformat) + { case SF_FORMAT_PCM_U8 : +From c177e292d47ef73b1d3c1bb391320299a0ed2ff9 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Mon, 16 Oct 2023 12:37:47 -0400 +Subject: [PATCH] common: fix int overflow in psf_binheader_readf() + +The psf_binheader_readf() function attempts to count and return the +number of bytes traversed in the header. During this accumulation, it is +possible to overflow the int-sized byte_count variable. + +Avoid this overflow by checking that the accumulated bytes do not exceed +INT_MAX and throwing an error if they do. This implies that files with +multi-gigabyte headers threaten to produce this error, but I imagine +those files don't really exist - and this error is better than the +undefined behavior which would have resulted previously. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +--- + src/common.c | 36 ++++++++++++++++++++++++------------ + 1 file changed, 24 insertions(+), 12 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1c3d951d..7f6cceca 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -18,6 +18,7 @@ + + #include <config.h> + ++#include <limits.h> + #include <stdarg.h> + #include <string.h> + #if HAVE_UNISTD_H +@@ -990,6 +991,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + double *doubleptr ; + char c ; + int byte_count = 0, count = 0 ; ++ int read_bytes = 0 ; + + if (! format) + return psf_ftell (psf) ; +@@ -998,6 +1000,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + + while ((c = *format++)) + { ++ read_bytes = 0 ; + if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16)) + break ; + +@@ -1014,7 +1017,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + intptr = va_arg (argptr, unsigned int*) ; + *intptr = 0 ; + ucptr = (unsigned char*) intptr ; +- byte_count += header_read (psf, ucptr, sizeof (int)) ; ++ read_bytes = header_read (psf, ucptr, sizeof (int)) ; + *intptr = GET_MARKER (ucptr) ; + break ; + +@@ -1022,7 +1025,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + intptr = va_arg (argptr, unsigned int*) ; + *intptr = 0 ; + ucptr = (unsigned char*) intptr ; +- byte_count += header_read (psf, sixteen_bytes, sizeof (sixteen_bytes)) ; ++ read_bytes = header_read (psf, sixteen_bytes, sizeof (sixteen_bytes)) ; + { int k ; + intdata = 0 ; + for (k = 0 ; k < 16 ; k++) +@@ -1034,14 +1037,14 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case '1' : + charptr = va_arg (argptr, char*) ; + *charptr = 0 ; +- byte_count += header_read (psf, charptr, sizeof (char)) ; ++ read_bytes = header_read (psf, charptr, sizeof (char)) ; + break ; + + case '2' : /* 2 byte value with the current endian-ness */ + shortptr = va_arg (argptr, unsigned short*) ; + *shortptr = 0 ; + ucptr = (unsigned char*) shortptr ; +- byte_count += header_read (psf, ucptr, sizeof (short)) ; ++ read_bytes = header_read (psf, ucptr, sizeof (short)) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + *shortptr = GET_BE_SHORT (ucptr) ; + else +@@ -1051,7 +1054,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case '3' : /* 3 byte value with the current endian-ness */ + intptr = va_arg (argptr, unsigned int*) ; + *intptr = 0 ; +- byte_count += header_read (psf, sixteen_bytes, 3) ; ++ read_bytes = header_read (psf, sixteen_bytes, 3) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + *intptr = GET_BE_3BYTE (sixteen_bytes) ; + else +@@ -1062,7 +1065,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + intptr = va_arg (argptr, unsigned int*) ; + *intptr = 0 ; + ucptr = (unsigned char*) intptr ; +- byte_count += header_read (psf, ucptr, sizeof (int)) ; ++ read_bytes = header_read (psf, ucptr, sizeof (int)) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + *intptr = psf_get_be32 (ucptr, 0) ; + else +@@ -1072,7 +1075,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case '8' : /* 8 byte value with the current endian-ness */ + countptr = va_arg (argptr, sf_count_t *) ; + *countptr = 0 ; +- byte_count += header_read (psf, sixteen_bytes, 8) ; ++ read_bytes = header_read (psf, sixteen_bytes, 8) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + countdata = psf_get_be64 (sixteen_bytes, 0) ; + else +@@ -1083,7 +1086,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case 'f' : /* Float conversion */ + floatptr = va_arg (argptr, float *) ; + *floatptr = 0.0 ; +- byte_count += header_read (psf, floatptr, sizeof (float)) ; ++ read_bytes = header_read (psf, floatptr, sizeof (float)) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + *floatptr = float32_be_read ((unsigned char*) floatptr) ; + else +@@ -1093,7 +1096,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case 'd' : /* double conversion */ + doubleptr = va_arg (argptr, double *) ; + *doubleptr = 0.0 ; +- byte_count += header_read (psf, doubleptr, sizeof (double)) ; ++ read_bytes = header_read (psf, doubleptr, sizeof (double)) ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + *doubleptr = double64_be_read ((unsigned char*) doubleptr) ; + else +@@ -1117,7 +1120,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + charptr = va_arg (argptr, char*) ; + count = va_arg (argptr, size_t) ; + memset (charptr, 0, count) ; +- byte_count += header_read (psf, charptr, count) ; ++ read_bytes = header_read (psf, charptr, count) ; + break ; + + case 'G' : +@@ -1128,7 +1131,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + if (psf->header.indx + count >= psf->header.len && psf_bump_header_allocation (psf, count)) + break ; + +- byte_count += header_gets (psf, charptr, count) ; ++ read_bytes = header_gets (psf, charptr, count) ; + break ; + + case 'z' : +@@ -1152,7 +1155,7 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + case 'j' : /* Seek to position from current position. */ + count = va_arg (argptr, size_t) ; + header_seek (psf, count, SEEK_CUR) ; +- byte_count += count ; ++ read_bytes = count ; + break ; + + case '!' : /* Clear buffer, forcing re-read. */ +@@ -1164,8 +1167,17 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...) + psf->error = SFE_INTERNAL ; + break ; + } ; ++ ++ if (read_bytes > 0 && byte_count > (INT_MAX - read_bytes)) ++ { psf_log_printf (psf, "Header size exceeds INT_MAX. Aborting.", c) ; ++ psf->error = SFE_INTERNAL ; ++ break ; ++ } else ++ { byte_count += read_bytes ; + } ; + ++ } ; /*end while*/ ++ + va_end (argptr) ; + + return byte_count ; +From a23d563386e7c8d93dcdbe7d5b1d63cad6009116 Mon Sep 17 00:00:00 2001 +From: Alex Stewart <alex.stewart@ni.com> +Date: Thu, 19 Oct 2023 14:07:19 -0400 +Subject: [PATCH] nms_adpcm: fix int overflow in signal estimate + +It is possible (though functionally incorrect) for the signal estimate +calculation in nms_adpcm_update() to overflow the int value of s_e, +resulting in undefined behavior. + +Since adpcm state signal values are never practically larger than +16 bits, use smaller numeric sizes throughout the file to avoid the +overflow. + +CVE: CVE-2022-33065 +Fixes: https://github.com/libsndfile/libsndfile/issues/833 + +Authored-by: Arthur Taylor <art@ified.ca> +Signed-off-by: Alex Stewart <alex.stewart@ni.com> +Rebased-by: Alex Stewart <alex.stewart@ni.com> +--- + src/nms_adpcm.c | 85 ++++++++++++++++++++++++------------------------- + 1 file changed, 42 insertions(+), 43 deletions(-) + +diff --git a/src/nms_adpcm.c b/src/nms_adpcm.c +index 96d6ad26..460ea077 100644 +--- a/src/nms_adpcm.c ++++ b/src/nms_adpcm.c +@@ -48,36 +48,36 @@ + /* Variable names from ITU G.726 spec */ + struct nms_adpcm_state + { /* Log of the step size multiplier. Operated on by codewords. */ +- int yl ; ++ short yl ; + + /* Quantizer step size multiplier. Generated from yl. */ +- int y ; ++ short y ; + +- /* Coefficents of the pole predictor */ +- int a [2] ; ++ /* Coefficients of the pole predictor */ ++ short a [2] ; + +- /* Coefficents of the zero predictor */ +- int b [6] ; ++ /* Coefficients of the zero predictor */ ++ short b [6] ; + + /* Previous quantized deltas (multiplied by 2^14) */ +- int d_q [7] ; ++ short d_q [7] ; + + /* d_q [x] + s_ez [x], used by the pole-predictor for signs only. */ +- int p [3] ; ++ short p [3] ; + + /* Previous reconstructed signal values. */ +- int s_r [2] ; ++ short s_r [2] ; + + /* Zero predictor components of the signal estimate. */ +- int s_ez ; ++ short s_ez ; + + /* Signal estimate, (including s_ez). */ +- int s_e ; ++ short s_e ; + + /* The most recent codeword (enc:generated, dec:inputted) */ +- int Ik ; ++ char Ik ; + +- int parity ; ++ char parity ; + + /* + ** Offset into code tables for the bitrate. +@@ -109,7 +109,7 @@ typedef struct + } NMS_ADPCM_PRIVATE ; + + /* Pre-computed exponential interval used in the antilog approximation. */ +-static unsigned int table_expn [] = ++static unsigned short table_expn [] = + { 0x4000, 0x4167, 0x42d5, 0x444c, 0x45cb, 0x4752, 0x48e2, 0x4a7a, + 0x4c1b, 0x4dc7, 0x4f7a, 0x5138, 0x52ff, 0x54d1, 0x56ac, 0x5892, + 0x5a82, 0x5c7e, 0x5e84, 0x6096, 0x62b4, 0x64dd, 0x6712, 0x6954, +@@ -117,21 +117,21 @@ static unsigned int table_expn [] = + } ; + + /* Table mapping codewords to scale factor deltas. */ +-static int table_scale_factor_step [] = ++static short table_scale_factor_step [] = + { 0x0, 0x0, 0x0, 0x0, 0x4b0, 0x0, 0x0, 0x0, /* 2-bit */ + -0x3c, 0x0, 0x90, 0x0, 0x2ee, 0x0, 0x898, 0x0, /* 3-bit */ + -0x30, 0x12, 0x6b, 0xc8, 0x188, 0x2e0, 0x551, 0x1150, /* 4-bit */ + } ; + + /* Table mapping codewords to quantized delta interval steps. */ +-static unsigned int table_step [] = ++static unsigned short table_step [] = + { 0x73F, 0, 0, 0, 0x1829, 0, 0, 0, /* 2-bit */ + 0x3EB, 0, 0xC18, 0, 0x1581, 0, 0x226E, 0, /* 3-bit */ + 0x20C, 0x635, 0xA83, 0xF12, 0x1418, 0x19E3, 0x211A, 0x2BBA, /* 4-bit */ + } ; + + /* Binary search lookup table for quantizing using table_step. */ +-static int table_step_search [] = ++static short table_step_search [] = + { 0, 0x1F6D, 0, -0x1F6D, 0, 0, 0, 0, /* 2-bit */ + 0x1008, 0x1192, 0, -0x219A, 0x1656, -0x1656, 0, 0, /* 3-bit */ + 0x872, 0x1277, -0x8E6, -0x232B, 0xD06, -0x17D7, -0x11D3, 0, /* 4-bit */ +@@ -179,23 +179,23 @@ static sf_count_t nms_adpcm_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) + ** Maps [1,20480] to [1,1024] in an exponential relationship. This is + ** approximately ret = b^exp where b = e^(ln(1024)/ln(20480)) ~= 1.0003385 + */ +-static inline int +-nms_adpcm_antilog (int exp) +-{ int ret ; ++static inline short ++nms_adpcm_antilog (short exp) ++{ int_fast32_t r ; + +- ret = 0x1000 ; +- ret += (((exp & 0x3f) * 0x166b) >> 12) ; +- ret *= table_expn [(exp & 0x7c0) >> 6] ; +- ret >>= (26 - (exp >> 11)) ; ++ r = 0x1000 ; ++ r += (((int_fast32_t) (exp & 0x3f) * 0x166b) >> 12) ; ++ r *= table_expn [(exp & 0x7c0) >> 6] ; ++ r >>= (26 - (exp >> 11)) ; + +- return ret ; ++ return (short) r ; + } /* nms_adpcm_antilog */ + + static void + nms_adpcm_update (struct nms_adpcm_state *s) + { /* Variable names from ITU G.726 spec */ +- int a1ul ; +- int fa1 ; ++ short a1ul, fa1 ; ++ int_fast32_t se ; + int i ; + + /* Decay and Modify the scale factor in the log domain based on the codeword. */ +@@ -222,7 +222,7 @@ nms_adpcm_update (struct nms_adpcm_state *s) + else if (fa1 > 256) + fa1 = 256 ; + +- s->a [0] = (0xff * s->a [0]) >> 8 ; ++ s->a [0] = (s->a [0] * 0xff) >> 8 ; + if (s->p [0] != 0 && s->p [1] != 0 && ((s->p [0] ^ s->p [1]) < 0)) + s->a [0] -= 192 ; + else +@@ -230,7 +230,7 @@ nms_adpcm_update (struct nms_adpcm_state *s) + fa1 = -fa1 ; + } + +- s->a [1] = fa1 + ((0xfe * s->a [1]) >> 8) ; ++ s->a [1] = fa1 + ((s->a [1] * 0xfe) >> 8) ; + if (s->p [0] != 0 && s->p [2] != 0 && ((s->p [0] ^ s->p [2]) < 0)) + s->a [1] -= 128 ; + else +@@ -250,19 +250,18 @@ nms_adpcm_update (struct nms_adpcm_state *s) + s->a [0] = a1ul ; + } ; + +- /* Compute the zero predictor estimate. Rotate past deltas too. */ +- s->s_ez = 0 ; ++ /* Compute the zero predictor estimate and rotate past deltas. */ ++ se = 0 ; + for (i = 5 ; i >= 0 ; i--) +- { s->s_ez += s->d_q [i] * s->b [i] ; ++ { se += (int_fast32_t) s->d_q [i] * s->b [i] ; + s->d_q [i + 1] = s->d_q [i] ; + } ; ++ s->s_ez = se >> 14 ; + +- /* Compute the signal estimate. */ +- s->s_e = s->a [0] * s->s_r [0] + s->a [1] * s->s_r [1] + s->s_ez ; +- +- /* Return to scale */ +- s->s_ez >>= 14 ; +- s->s_e >>= 14 ; ++ /* Complete the signal estimate. */ ++ se += (int_fast32_t) s->a [0] * s->s_r [0] ; ++ se += (int_fast32_t) s->a [1] * s->s_r [1] ; ++ s->s_e = se >> 14 ; + + /* Rotate members to prepare for next iteration. */ + s->s_r [1] = s->s_r [0] ; +@@ -274,7 +273,7 @@ nms_adpcm_update (struct nms_adpcm_state *s) + static int16_t + nms_adpcm_reconstruct_sample (struct nms_adpcm_state *s, uint8_t I) + { /* Variable names from ITU G.726 spec */ +- int dqx ; ++ int_fast32_t dqx ; + + /* + ** The ordering of the 12-bit right-shift is a precision loss. It agrees +@@ -308,17 +307,17 @@ nms_adpcm_codec_init (struct nms_adpcm_state *s, enum nms_enc_type type) + /* + ** nms_adpcm_encode_sample() + ** +-** Encode a linear 16-bit pcm sample into a 2,3, or 4 bit NMS-ADPCM codeword ++** Encode a linear 16-bit pcm sample into a 2, 3, or 4 bit NMS-ADPCM codeword + ** using and updating the predictor state. + */ + static uint8_t + nms_adpcm_encode_sample (struct nms_adpcm_state *s, int16_t sl) + { /* Variable names from ITU G.726 spec */ +- int d ; ++ int_fast32_t d ; + uint8_t I ; + + /* Down scale the sample from 16 => ~14 bits. */ +- sl = (sl * 0x1fdf) / 0x7fff ; ++ sl = ((int_fast32_t) sl * 0x1fdf) / 0x7fff ; + + /* Compute estimate, and delta from actual value */ + nms_adpcm_update (s) ; +@@ -407,7 +406,7 @@ nms_adpcm_encode_sample (struct nms_adpcm_state *s, int16_t sl) + */ + static int16_t + nms_adpcm_decode_sample (struct nms_adpcm_state *s, uint8_t I) +-{ int sl ; ++{ int_fast32_t sl ; + + nms_adpcm_update (s) ; + sl = nms_adpcm_reconstruct_sample (s, I) ; diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb index 9c1f601aab..a9ee7c3575 100644 --- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb @@ -9,6 +9,7 @@ LICENSE = "LGPL-2.1-only" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \ file://noopus.patch \ + file://cve-2022-33065.patch \ " GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/" |