diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-devtools')
15 files changed, 467 insertions, 5 deletions
diff --git a/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb index 6c1112038c..28b1279390 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aabe87591cb8ae0f3c68be6977bb5522 \ file://COPYING.LGPL;md5=252890d9eee26aab7b432e8b8a616475" DEPENDS = "gtk+3 glib-2.0 libxml2 intltool-native \ gnome-common-native \ + autoconf-archive-native \ " inherit features_check autotools pkgconfig gnomebase gobject-introspection mime-xdg diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch new file mode 100644 index 0000000000..4488df172f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch @@ -0,0 +1,224 @@ +From b3c105c59dfb7d932b36b0d9ac7ab62875ab23e8 Mon Sep 17 00:00:00 2001 +From: AJ Heller <hork@google.com> +Date: Wed, 12 Jul 2023 18:42:09 -0700 +Subject: [PATCH] [backport][iomgr][EventEngine] Improve server handling of + file descriptor exhaustion (#33672) + +Backport of #33656 + +CVE: CVE-2023-33953 + +Upstream-Status: Backport [1e86ca5834b94cae7d5e6d219056c0fc895cf95d] +The patch is backported with tweaks to fit 1.50.1. + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + .../event_engine/posix_engine/posix_engine.h | 1 + + src/core/lib/iomgr/tcp_server_posix.cc | 51 ++++++++++++++----- + src/core/lib/iomgr/tcp_server_utils_posix.h | 14 ++++- + .../iomgr/tcp_server_utils_posix_common.cc | 22 ++++++++ + 4 files changed, 73 insertions(+), 15 deletions(-) + +diff --git a/src/core/lib/event_engine/posix_engine/posix_engine.h b/src/core/lib/event_engine/posix_engine/posix_engine.h +index eac6dfb4c5..866c04bcfa 100644 +--- a/src/core/lib/event_engine/posix_engine/posix_engine.h ++++ b/src/core/lib/event_engine/posix_engine/posix_engine.h +@@ -97,6 +97,7 @@ class PosixEventEngine final : public EventEngine { + const DNSResolver::ResolverOptions& options) override; + void Run(Closure* closure) override; + void Run(absl::AnyInvocable<void()> closure) override; ++ // Caution!! The timer implementation cannot create any fds. See #20418. + TaskHandle RunAfter(Duration when, Closure* closure) override; + TaskHandle RunAfter(Duration when, + absl::AnyInvocable<void()> closure) override; +diff --git a/src/core/lib/iomgr/tcp_server_posix.cc b/src/core/lib/iomgr/tcp_server_posix.cc +index d43113fb03..32be997cff 100644 +--- a/src/core/lib/iomgr/tcp_server_posix.cc ++++ b/src/core/lib/iomgr/tcp_server_posix.cc +@@ -16,13 +16,17 @@ + * + */ + +-/* FIXME: "posix" files shouldn't be depending on _GNU_SOURCE */ ++#include <grpc/support/port_platform.h> ++ ++#include <utility> ++ ++#include <grpc/support/atm.h> ++ ++// FIXME: "posix" files shouldn't be depending on _GNU_SOURCE + #ifndef _GNU_SOURCE + #define _GNU_SOURCE + #endif + +-#include <grpc/support/port_platform.h> +- + #include "src/core/lib/iomgr/port.h" + + #ifdef GRPC_POSIX_SOCKET_TCP_SERVER +@@ -44,6 +48,7 @@ + #include "absl/strings/str_format.h" + + #include <grpc/event_engine/endpoint_config.h> ++#include <grpc/event_engine/event_engine.h> + #include <grpc/support/alloc.h> + #include <grpc/support/log.h> + #include <grpc/support/sync.h> +@@ -63,6 +68,8 @@ + #include "src/core/lib/resource_quota/api.h" + + static std::atomic<int64_t> num_dropped_connections{0}; ++static constexpr grpc_core::Duration kRetryAcceptWaitTime{ ++ grpc_core::Duration::Seconds(1)}; + + using ::grpc_event_engine::experimental::EndpointConfig; + +@@ -195,21 +202,35 @@ static void on_read(void* arg, grpc_error_handle err) { + if (fd < 0) { + if (errno == EINTR) { + continue; +- } else if (errno == EAGAIN || errno == ECONNABORTED || +- errno == EWOULDBLOCK) { ++ } ++ // When the process runs out of fds, accept4() returns EMFILE. When this ++ // happens, the connection is left in the accept queue until either a ++ // read event triggers the on_read callback, or time has passed and the ++ // accept should be re-tried regardless. This callback is not cancelled, ++ // so a spurious wakeup may occur even when there's nothing to accept. ++ // This is not a performant code path, but if an fd limit has been ++ // reached, the system is likely in an unhappy state regardless. ++ if (errno == EMFILE) { + grpc_fd_notify_on_read(sp->emfd, &sp->read_closure); ++ if (gpr_atm_full_xchg(&sp->retry_timer_armed, true)) return; ++ grpc_timer_init(&sp->retry_timer, ++ grpc_core::Timestamp::Now() + kRetryAcceptWaitTime, ++ &sp->retry_closure); + return; ++ } ++ if (errno == EAGAIN || errno == ECONNABORTED || errno == EWOULDBLOCK) { ++ grpc_fd_notify_on_read(sp->emfd, &sp->read_closure); ++ return; ++ } ++ gpr_mu_lock(&sp->server->mu); ++ if (!sp->server->shutdown_listeners) { ++ gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno)); + } else { +- gpr_mu_lock(&sp->server->mu); +- if (!sp->server->shutdown_listeners) { +- gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno)); +- } else { +- /* if we have shutdown listeners, accept4 could fail, and we +- needn't notify users */ +- } +- gpr_mu_unlock(&sp->server->mu); +- goto error; ++ // if we have shutdown listeners, accept4 could fail, and we ++ // needn't notify users + } ++ gpr_mu_unlock(&sp->server->mu); ++ goto error; + } + + if (sp->server->memory_quota->IsMemoryPressureHigh()) { +@@ -403,6 +424,7 @@ static grpc_error_handle clone_port(grpc_tcp_listener* listener, + sp->port_index = listener->port_index; + sp->fd_index = listener->fd_index + count - i; + GPR_ASSERT(sp->emfd); ++ grpc_tcp_server_listener_initialize_retry_timer(sp); + while (listener->server->tail->next != nullptr) { + listener->server->tail = listener->server->tail->next; + } +@@ -575,6 +597,7 @@ static void tcp_server_shutdown_listeners(grpc_tcp_server* s) { + if (s->active_ports) { + grpc_tcp_listener* sp; + for (sp = s->head; sp; sp = sp->next) { ++ grpc_timer_cancel(&sp->retry_timer); + grpc_fd_shutdown(sp->emfd, + GRPC_ERROR_CREATE_FROM_STATIC_STRING("Server shutdown")); + } +diff --git a/src/core/lib/iomgr/tcp_server_utils_posix.h b/src/core/lib/iomgr/tcp_server_utils_posix.h +index 94faa2c17e..2e78ce555f 100644 +--- a/src/core/lib/iomgr/tcp_server_utils_posix.h ++++ b/src/core/lib/iomgr/tcp_server_utils_posix.h +@@ -25,6 +25,7 @@ + #include "src/core/lib/iomgr/resolve_address.h" + #include "src/core/lib/iomgr/socket_utils_posix.h" + #include "src/core/lib/iomgr/tcp_server.h" ++#include "src/core/lib/iomgr/timer.h" + #include "src/core/lib/resource_quota/memory_quota.h" + + /* one listening port */ +@@ -47,6 +48,11 @@ typedef struct grpc_tcp_listener { + identified while iterating through 'next'. */ + struct grpc_tcp_listener* sibling; + int is_sibling; ++ // If an accept4() call fails, a timer is started to drain the accept queue in ++ // case no further connection attempts reach the gRPC server. ++ grpc_closure retry_closure; ++ grpc_timer retry_timer; ++ gpr_atm retry_timer_armed; + } grpc_tcp_listener; + + /* the overall server */ +@@ -126,4 +132,10 @@ grpc_error_handle grpc_tcp_server_prepare_socket( + /* Ruturn true if the platform supports ifaddrs */ + bool grpc_tcp_server_have_ifaddrs(void); + +-#endif /* GRPC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H */ ++// Initialize (but don't start) the timer and callback to retry accept4() on a ++// listening socket after file descriptors have been exhausted. This must be ++// called when creating a new listener. ++void grpc_tcp_server_listener_initialize_retry_timer( ++ grpc_tcp_listener* listener); ++ ++#endif // GRPC_SRC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H +diff --git a/src/core/lib/iomgr/tcp_server_utils_posix_common.cc b/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +index 73a6b943ec..0e671c6485 100644 +--- a/src/core/lib/iomgr/tcp_server_utils_posix_common.cc ++++ b/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +@@ -18,6 +18,8 @@ + + #include <grpc/support/port_platform.h> + ++#include <grpc/support/atm.h> ++ + #include "src/core/lib/iomgr/port.h" + + #ifdef GRPC_POSIX_SOCKET_TCP_SERVER_UTILS_COMMON +@@ -80,6 +82,24 @@ static int get_max_accept_queue_size(void) { + return s_max_accept_queue_size; + } + ++static void listener_retry_timer_cb(void* arg, grpc_error_handle err) { ++ // Do nothing if cancelled. ++ if (!err.ok()) return; ++ grpc_tcp_listener* listener = static_cast<grpc_tcp_listener*>(arg); ++ gpr_atm_no_barrier_store(&listener->retry_timer_armed, false); ++ if (!grpc_fd_is_shutdown(listener->emfd)) { ++ grpc_fd_set_readable(listener->emfd); ++ } ++} ++ ++void grpc_tcp_server_listener_initialize_retry_timer( ++ grpc_tcp_listener* listener) { ++ gpr_atm_no_barrier_store(&listener->retry_timer_armed, false); ++ grpc_timer_init_unset(&listener->retry_timer); ++ GRPC_CLOSURE_INIT(&listener->retry_closure, listener_retry_timer_cb, listener, ++ grpc_schedule_on_exec_ctx); ++} ++ + static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd, + const grpc_resolved_address* addr, + unsigned port_index, +@@ -112,6 +132,8 @@ static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd, + sp->server = s; + sp->fd = fd; + sp->emfd = grpc_fd_create(fd, name.c_str(), true); ++ grpc_tcp_server_listener_initialize_retry_timer(sp); ++ + memcpy(&sp->addr, addr, sizeof(grpc_resolved_address)); + sp->port = port; + sp->port_index = port_index; +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch new file mode 100644 index 0000000000..ab46897b12 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch @@ -0,0 +1,81 @@ +From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Aug 2023 13:33:45 +0800 +Subject: [PATCH] fix CVE-2023-32732 + +CVE: CVE-2023-32732 + +Upstream-Status: Backport [https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2] +The original patch is adjusted to fit the current 1.50.1 version. + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++++++--- + src/core/ext/transport/chttp2/transport/internal.h | 2 -- + src/core/ext/transport/chttp2/transport/parsing.cc | 6 ++---- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +index f2e49022dc3..cd459d15238 100644 +--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc ++++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +@@ -1211,12 +1211,16 @@ class HPackParser::Parser { + "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this limit.", + *frame_length_, metadata_size_limit_); + if (metadata_buffer_ != nullptr) metadata_buffer_->Clear(); ++ // StreamId is used as a signal to skip this stream but keep the connection ++ // alive + return input_->MaybeSetErrorAndReturn( + [] { + return grpc_error_set_int( +- GRPC_ERROR_CREATE_FROM_STATIC_STRING( +- "received initial metadata size exceeds limit"), +- GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED); ++ grpc_error_set_int( ++ GRPC_ERROR_CREATE_FROM_STATIC_STRING( ++ "received initial metadata size exceeds limit"), ++ GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED), ++ GRPC_ERROR_INT_STREAM_ID, 0); + }, + false); + } +diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h +index 4a2f4261d83..f8b544d9583 100644 +--- a/src/core/ext/transport/chttp2/transport/internal.h ++++ b/src/core/ext/transport/chttp2/transport/internal.h +@@ -542,8 +542,6 @@ struct grpc_chttp2_stream { + + grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture(); + +- /** saw some stream level error */ +- grpc_error_handle forced_close_error = GRPC_ERROR_NONE; + /** how many header frames have we received? */ + uint8_t header_frames_received = 0; + /** number of bytes received - reset at end of parse thread execution */ +diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc b/src/core/ext/transport/chttp2/transport/parsing.cc +index 980f13543f6..afe6da190b6 100644 +--- a/src/core/ext/transport/chttp2/transport/parsing.cc ++++ b/src/core/ext/transport/chttp2/transport/parsing.cc +@@ -22,6 +22,7 @@ + #include <string.h> + + #include <string> ++#include <utility> + + #include "absl/base/attributes.h" + #include "absl/status/status.h" +@@ -719,10 +720,7 @@ static grpc_error_handle parse_frame_slice(grpc_chttp2_transport* t, + } + grpc_chttp2_parsing_become_skip_parser(t); + if (s) { +- s->forced_close_error = err; +- grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id, +- GRPC_HTTP2_PROTOCOL_ERROR, +- &s->stats.outgoing); ++ grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus())); + } else { + GRPC_ERROR_UNREF(err); + } +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb index 7b8a25c277..3cfd0210db 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb @@ -26,6 +26,8 @@ SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + file://0001-fix-CVE-2023-32732.patch \ + file://0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch \ " # Fixes build with older compilers 4.8 especially on ubuntu 14.04 CXXFLAGS:append:class-native = " -Wl,--no-as-needed" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache index f596207648..f596207648 100755 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb index a61dd5018f..a61dd5018f 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch index 356c98d176..059b5cc070 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch @@ -29,10 +29,13 @@ python prune_sources() { } do_unpack[postfuncs] += "prune_sources" +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/Makefile b/Makefile +index 0be0659d..3c442014 100644 --- a/Makefile +++ b/Makefile @@ -169,7 +169,7 @@ with-code-cache test-code-cache: @@ -41,6 +44,8 @@ do_unpack[postfuncs] += "prune_sources" out/Makefile: config.gypi common.gypi node.gyp \ - deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ + deps/llhttp/llhttp.gyp \ - deps/simdutf/simdutf.gyp \ + deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb index 19df7d542a..402cf56717 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2dff1ccca11e333f1388e34f7e2d1de3" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc1f9ebe76be76f163e3b675303ad9cd" CVE_PRODUCT = "nodejs node.js" @@ -39,7 +39,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "fbc364dd25fee2cacc0f2033db2d86115fc07575310ea0e64408b8170d09c685" +SRC_URI[sha256sum] = "f215cf03d0f00f07ac0b674c6819f804c1542e16f152da04980022aeccf5e65a" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb index 54c40392db..233ded25d4 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "44a70c52f537662c10d91eedbf51fd765c9961be6ba2508ed63bf7a26cdd3100" +SRC_URI[sha256sum] = "995ed4009c7917c962d31837a1a3658f36d4af4f357b673c97ffdbe6403f8517" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch new file mode 100644 index 0000000000..c538991125 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch @@ -0,0 +1,43 @@ +From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001 +From: wujing <wujing50@huawei.com> +Date: Thu, 14 Feb 2019 03:12:30 +0800 +Subject: [PATCH] yajl: fix memory leak problem + +reason: fix memory leak problem + +CVE: CVE-2023-33460 + +Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/yajl_tree.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index 3d357a3..4b3cf2b 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx) + ctx->stack = stack->next; + + v = stack->value; +- ++ free (stack->key); + free (stack); + + return (v); +@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input, + snprintf(error_buffer, error_buffer_size, "%s", internal_err_str); + YA_FREE(&(handle->alloc), internal_err_str); + } ++ while(ctx.stack != NULL) { ++ yajl_val v = context_pop(&ctx); ++ yajl_tree_free(v); ++ } + yajl_free (handle); + return NULL; + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch new file mode 100644 index 0000000000..6e9b119b56 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch @@ -0,0 +1,31 @@ +From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001 +From: "zhang.jiujiu" <282627424@qq.com> +Date: Tue, 7 Dec 2021 22:37:02 +0800 +Subject: [PATCH] fix memory leaks + +CVE: CVE-2023-33460 + +Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/yajl_tree.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index b9e6604..0e7bde9 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input, + yajl_tree_free(v); + } + yajl_free (handle); ++ //If the requested memory is not released in time, it will cause memory leakage ++ if(ctx.root) ++ yajl_tree_free(ctx.root); + return NULL; + } + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index cf8dbb183e..aae3c6f3a1 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -8,7 +8,10 @@ HOMEPAGE = "http://lloyd.github.com/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" -SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https" +SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \ + file://CVE-2023-33460_1.patch \ + file://CVE-2023-33460_2.patch \ +" SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch new file mode 100644 index 0000000000..ae10e99c2f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch @@ -0,0 +1,29 @@ +From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001 +From: Katsuhiko Gondow <gondow@cs.titech.ac.jp> +Date: Tue, 13 Jun 2023 05:00:47 +0900 +Subject: [PATCH] Fix memory leak in bin-objfmt (#231) + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441] + +CVE: CVE-2023-31975 +--- + modules/objfmts/bin/bin-objfmt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c +index 18026750..a38c3422 100644 +--- a/modules/objfmts/bin/bin-objfmt.c ++++ b/modules/objfmts/bin/bin-objfmt.c +@@ -1680,6 +1680,10 @@ static void + bin_section_data_destroy(void *data) + { + bin_section_data *bsd = (bin_section_data *)data; ++ if (bsd->align) ++ yasm_xfree(bsd->align); ++ if (bsd->valign) ++ yasm_xfree(bsd->valign); + if (bsd->start) + yasm_expr_destroy(bsd->start); + if (bsd->vstart) +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch new file mode 100644 index 0000000000..1ca33f0a92 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch @@ -0,0 +1,41 @@ +From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001 +From: Peter Johnson <johnson.peter@gmail.com> +Date: Fri, 11 Aug 2023 10:49:51 +0000 +Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234) + +CVE: CVE-2023-37732 + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + modules/objfmts/elf/elf.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c +index 2486bba8..bab4c9ca 100644 +--- a/modules/objfmts/elf/elf.c ++++ b/modules/objfmts/elf/elf.c +@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab, + + /* get size (if specified); expr overrides stored integer */ + if (entry->xsize) { +- size_intn = yasm_intnum_copy( +- yasm_expr_get_intnum(&entry->xsize, 1)); +- if (!size_intn) { ++ yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1); ++ if (!intn) { + yasm_error_set(YASM_ERROR_VALUE, + N_("size specifier not an integer expression")); + yasm_errwarn_propagate(errwarns, entry->xsize->line); +- } ++ } else ++ size_intn = yasm_intnum_copy(intn); + } +- else ++ if (!size_intn) + size_intn = yasm_intnum_create_uint(entry->size); + + /* get EQU value for constants */ +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb index 3dd382be1f..26540b4295 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -12,6 +12,8 @@ PV = "1.3.0+git${SRCPV}" SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://0001-Do-not-use-AC_HEADER_STDC.patch \ + file://CVE-2023-31975.patch \ + file://CVE-2023-37732.patch \ " S = "${WORKDIR}/git" |