diff options
Diffstat (limited to 'meta-openembedded')
151 files changed, 5657 insertions, 861 deletions
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb index 3e43c0d2a7..e7f918333a 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb @@ -22,4 +22,4 @@ inherit autotools pkgconfig CFLAGS += " -I${S}" FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb index b25e446c41..071379758c 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb @@ -19,4 +19,4 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc index 14d09e5f0b..a4590d61a9 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc @@ -4,7 +4,7 @@ SECTION = "libs/multimedia" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594" -SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https" +SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https" SRCREV = "8b00644751578ba67b709a827cbe5133d849d339" S = "${WORKDIR}/git" PV = "2.2.6" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb index c74f1074cc..13938444c8 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb @@ -21,7 +21,7 @@ DEPENDS += " \ SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \ file://mpd.conf.in \ " -SRCREV = "f591193ddaa7f9bcb6c85ff5899517fc7b53e35a" +SRCREV = "d91da9679801224847c30147f5914785b6f8f240" S = "${WORKDIR}/git" EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch new file mode 100644 index 0000000000..92094af1f2 --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch @@ -0,0 +1,37 @@ +From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001 +From: Max Kellermann <max@musicpd.org> +Date: Wed, 23 Nov 2022 12:25:50 +0100 +Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion + +Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591] +--- + src/SearchPage.cxx | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx +index 2fa5edbc..3f91c4fe 100644 +--- a/src/SearchPage.cxx ++++ b/src/SearchPage.cxx +@@ -81,7 +81,7 @@ search_get_tag_id(const char *name) + } + + struct SearchMode { +- enum mpd_tag_type table; ++ int table; + const char *label; + }; + +@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = { + { MPD_TAG_TITLE, N_("Title") }, + { MPD_TAG_ARTIST, N_("Artist") }, + { MPD_TAG_ALBUM, N_("Album") }, +- { (enum mpd_tag_type)SEARCH_URI, N_("Filename") }, +- { (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") }, ++ { SEARCH_URI, N_("Filename") }, ++ { SEARCH_ARTIST_TITLE, N_("Artist + Title") }, + { MPD_TAG_COUNT, nullptr } + }; + +-- +2.39.0 + diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb index a77d4f9783..44046912ed 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb @@ -34,6 +34,7 @@ PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false" SRC_URI = " \ git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \ + file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \ " -SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4" +SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass index 1238172bd4..9ad566c837 100644 --- a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass +++ b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass @@ -17,4 +17,4 @@ do_kernel_add_regdb() { cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt } do_kernel_add_regdb[dirs] = "${S}" -addtask kernel_add_regdb before do_build after do_configure +addtask kernel_add_regdb before do_compile after do_configure diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb index 92c648708e..499b035040 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb @@ -17,6 +17,8 @@ SRC_URI = "https://downloads.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://0001-Makefile.am-only-build-dhcrelay.patch \ file://0002-bind-Makefile.in-disable-backtrace.patch \ file://0003-bind-Makefile.in-regenerate-configure.patch \ + file://CVE-2022-2928.patch \ + file://CVE-2022-2929.patch \ " SRC_URI[sha256sum] = "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch new file mode 100644 index 0000000000..247e8dec68 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch @@ -0,0 +1,120 @@ +From 2e08d138ff852820a6e87a09088d2dc2cdd15e56 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 10 Oct 2022 09:57:15 +0530 +Subject: [PATCH 1/2] CVE-2022-2928 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2928 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common/options.c | 7 +++++ + common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+) + +diff --git a/common/options.c b/common/options.c +index 92c8fee..f0959cb 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4452,6 +4452,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4463,6 +4465,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4471,6 +4475,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + +diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c +index 600ebe6..963b566 100644 +--- a/common/tests/option_unittest.c ++++ b/common/tests/option_unittest.c +@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc) + } + } + ++ATF_TC(add_option_ref_cnt); ++ ++ATF_TC_HEAD(add_option_ref_cnt, tc) ++{ ++ atf_tc_set_md_var(tc, "descr", ++ "Verify add_option() does not leak option ref counts."); ++} ++ ++ATF_TC_BODY(add_option_ref_cnt, tc) ++{ ++ struct option_state *options = NULL; ++ struct option *option = NULL; ++ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER; ++ char *cid_str = "1234"; ++ int refcnt_before = 0; ++ ++ // Look up the option we're going to add. ++ initialize_common_option_spaces(); ++ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, ++ &cid_code, 0, MDL)) { ++ atf_tc_fail("cannot find option definition?"); ++ } ++ ++ // Get the option's reference count before we call add_options. ++ refcnt_before = option->refcnt; ++ ++ // Allocate a option_state to which to add an option. ++ if (!option_state_allocate(&options, MDL)) { ++ atf_tc_fail("cannot allocat options state"); ++ } ++ ++ // Call add_option() to add the option to the option state. ++ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) { ++ atf_tc_fail("add_option returned 0"); ++ } ++ ++ // Verify that calling add_option() only adds 1 to the option ref count. ++ if (option->refcnt != (refcnt_before + 1)) { ++ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++ ++ // Derefrence the option_state, this should reduce the ref count to ++ // it's starting value. ++ option_state_dereference(&options, MDL); ++ ++ // Verify that dereferencing option_state restores option ref count. ++ if (option->refcnt != refcnt_before) { ++ atf_tc_fail("after state deref, count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++} ++ + /* This macro defines main() method that will call specified + test cases. tp and simple_test_case names can be whatever you want + as long as it is a valid variable identifier. */ +@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp) + ATF_TP_ADD_TC(tp, option_refcnt); + ATF_TP_ADD_TC(tp, pretty_print_option); + ATF_TP_ADD_TC(tp, parse_X); ++ ATF_TP_ADD_TC(tp, add_option_ref_cnt); + + return (atf_no_error()); + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch new file mode 100644 index 0000000000..faaac4868c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch @@ -0,0 +1,40 @@ +From 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 10 Oct 2022 09:58:04 +0530 +Subject: [PATCH 2/2] CVE-2022-2929 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2929 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common/options.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/common/options.c b/common/options.c +index f0959cb..25450e1 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch new file mode 100644 index 0000000000..4ea519c752 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch @@ -0,0 +1,118 @@ +From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 7 Feb 2022 22:26:05 -0500 +Subject: [PATCH] it's probably wrong to be completely retarded. Let's fix + that. + +CVE: CVE-2022-41860 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++------- + 1 file changed, 52 insertions(+), 17 deletions(-) + +diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c +index cf1e8a7dd9..e438a844ea 100644 +--- a/src/modules/rlm_eap/libeap/eapsimlib.c ++++ b/src/modules/rlm_eap/libeap/eapsimlib.c +@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, + newvp->vp_length = 1; + fr_pair_add(&(r->vps), newvp); + ++ /* ++ * EAP-SIM has a 1 octet of subtype, and 2 octets ++ * reserved. ++ */ + attr += 3; + attrlen -= 3; + +- /* now, loop processing each attribute that we find */ +- while(attrlen > 0) { ++ /* ++ * Loop over each attribute. The format is: ++ * ++ * 1 octet of type ++ * 1 octet of length (value 1..255) ++ * ((4 * length) - 2) octets of data. ++ */ ++ while (attrlen > 0) { + uint8_t *p; + +- if(attrlen < 2) { ++ if (attrlen < 2) { + fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); + return 0; + } + ++ if (!attr[1]) { ++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute, ++ es_attribute_count); ++ return 0; ++ } ++ + eapsim_attribute = attr[0]; + eapsim_len = attr[1] * 4; + ++ /* ++ * The length includes the 2-byte header. ++ */ + if (eapsim_len > attrlen) { + fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)", + eapsim_attribute, es_attribute_count, eapsim_len, attrlen); + return 0; + } + +- if(eapsim_len > MAX_STRING_LEN) { +- eapsim_len = MAX_STRING_LEN; +- } +- if (eapsim_len < 2) { +- fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute, +- es_attribute_count); +- return 0; +- } ++ newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0); ++ if (!newvp) { ++ /* ++ * RFC 4186 Section 8.1 says 0..127 are ++ * "non-skippable". If one such ++ * attribute is found and we don't ++ * understand it, the server has to send: ++ * ++ * EAP-Request/SIM/Notification packet with an ++ * (AT_NOTIFICATION code, which implies general failure ("General ++ * failure after authentication" (0), or "General failure" (16384), ++ * depending on the phase of the exchange), which terminates the ++ * authentication exchange. ++ */ ++ if (eapsim_attribute <= 127) { ++ fr_strerror_printf("Unknown mandatory attribute %d, failing", ++ eapsim_attribute); ++ return 0; ++ } + +- newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0); +- newvp->vp_length = eapsim_len-2; +- newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); +- memcpy(p, &attr[2], eapsim_len-2); +- fr_pair_add(&(r->vps), newvp); +- newvp = NULL; ++ } else { ++ /* ++ * It's known, ccount for header, and ++ * copy the value over. ++ */ ++ newvp->vp_length = eapsim_len - 2; ++ ++ newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); ++ memcpy(p, &attr[2], newvp->vp_length); ++ fr_pair_add(&(r->vps), newvp); ++ } + + /* advance pointers, decrement length */ + attr += eapsim_len; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 0000000000..352c02137a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch @@ -0,0 +1,53 @@ +From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 28 Feb 2022 10:34:15 -0500 +Subject: [PATCH] manual port of commit 5906bfa1 + +CVE: CVE-2022-41861 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/lib/filters.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/lib/filters.c b/src/lib/filters.c +index 4868cd385d..3f3b63daee 100644 +--- a/src/lib/filters.c ++++ b/src/lib/filters.c +@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + } + } + } else if (filter->type == RAD_FILTER_GENERIC) { +- int count; ++ size_t count, masklen; ++ ++ masklen = ntohs(filter->u.generic.len); ++ if (masklen >= sizeof(filter->u.generic.mask)) { ++ *p = '\0'; ++ return; ++ } + + i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset)); + p += i; + + /* show the mask */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]); + p += i; + outlen -= i; +@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + outlen--; + + /* show the value */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]); + p += i; + outlen -= i; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index 1407b798b5..db37f65918 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -33,6 +33,8 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://radiusd-volatiles.conf \ file://check-openssl-cmds-in-script-bootstrap.patch \ file://0001-version.c-don-t-print-build-flags.patch \ + file://CVE-2022-41860.patch \ + file://CVE-2022-41861.patch \ " raddbdir="${sysconfdir}/${MLPREFIX}raddb" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb index d4a9c7bf8d..5696f94b0e 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb @@ -23,7 +23,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0" +SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb index e715135dc3..03eff43dd2 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb @@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6" DEPENDS = "asio fmt http-parser" -SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2" +SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2" SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c" SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7" -S = "${WORKDIR}/${PN}-${PV}/dev" +S = "${WORKDIR}/${BP}/dev" inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb index b6a768e08a..c479eefba0 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/ufw/ufw_0.36.1.bb @@ -70,5 +70,5 @@ FILES:${PN} += " \ REQUIRED_DISTRO_FEATURES = "ipv6" -DISTUTILS_BUILD_ARGS:append = " --iptables-dir /usr/sbin" -DISTUTILS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin" +SETUPTOOLS_BUILD_ARGS:append = " --iptables-dir /usr/sbin" +SETUPTOOLS_INSTALL_ARGS:append = " --iptables-dir /usr/sbin" diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch new file mode 100644 index 0000000000..ad1704520c --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch @@ -0,0 +1,35 @@ +From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 19 Oct 2022 10:15:01 -0700 +Subject: [PATCH] makedefs: Account for linux 6.x version + +Major version has bumped to 6 and script needs to know that + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/makedefs ++++ b/makedefs +@@ -613,7 +613,7 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-6]*) SYSTYPE=LINUX$RELEASE_MAJOR + case "$CCARGS" in + *-DNO_DB*) ;; + *-DHAS_DB*) ;; +--- a/src/util/sys_defs.h ++++ b/src/util/sys_defs.h +@@ -751,7 +751,7 @@ extern int initgroups(const char *, int) + /* + * LINUX. + */ +-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) ++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6) + #define SUPPORTED + #define UINT32_TYPE unsigned int + #define UINT16_TYPE unsigned short diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb index 343a8b2df0..17864b8915 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb @@ -12,6 +12,7 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ file://0004-Fix-icu-config.patch \ file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ + file://0006-makedefs-Account-for-linux-6.x-version.patch \ " -SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808" +SRC_URI[sha256sum] = "e471df7e0eb11c4a1e574b6d7298f635386e2843b6b3584c25a04543d587e07f" UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb index e078be79a1..080a0ed85c 100644 --- a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb +++ b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb @@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt TESTDIR = "tests" -PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1" +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" do_install_ptest() { cp -rf ${S}/build-aux ${D}${PTEST_PATH} diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch new file mode 100644 index 0000000000..73493bb120 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch @@ -0,0 +1,36 @@ +From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski <mt@suse.com> +Date: Fri, 11 Nov 2022 12:26:04 +0100 +Subject: [PATCH] tools: remove backslash from declare check regex + +The backslash in `grep -q '^declare \-a'` is not needed and +causes `grep: warning: stray \ before -` warning in grep-3.8. + +Signed-off-by: Marius Tomaschewski <mt@suse.com> + +CVE: CVE-2022-42917 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + tools/frrcommon.sh.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index 61f1abb37..3c16c27c6 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then + load_old_config "/etc/sysconfig/frr" + fi + +-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then ++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then + log_warning_msg "watchfrr_options contains a bash array value." \ + "The configured value is intentionally ignored since it is likely wrong." \ + "Please remove or fix the setting." +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam index 3541a975ae..a9ec35dd69 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/frr.pam @@ -1,10 +1,11 @@ # -# The PAM configuration file for the quagga `vtysh' service +# The PAM configuration file for the frr `vtysh' service # # This allows root to change user infomation without being # prompted for a password auth sufficient pam_rootok.so +account sufficient pam_rootok.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 658731567d..80f4729e1f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2022-37035.patch \ file://CVE-2022-37032.patch \ + file://CVE-2022-42917.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch index f8efc10448..f8efc10448 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch index c743b3eddb..c743b3eddb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch index c57ce8fa53..c57ce8fa53 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch index 21ba318499..21ba318499 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch index 33590ffc57..33590ffc57 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch index 8c0e6bf397..8c0e6bf397 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch index db3a63ea48..db3a63ea48 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch index b461a60df7..b461a60df7 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch new file mode 100644 index 0000000000..b7d9ad5bba --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch @@ -0,0 +1,175 @@ +From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Tue, 6 Dec 2022 13:28:31 +0000 +Subject: [PATCH] make: Add top-level Makefile + +Simple top level Makefile that just delegates to mDNSPosix. + +Upstream-Status: Inappropriate [oe-specific] +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + Makefile | 154 +------------------------------------------------------ + 1 file changed, 2 insertions(+), 152 deletions(-) + +diff --git a/Makefile b/Makefile +index 8b6fa77..feb6ac6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,152 +1,2 @@ +-# +-# Copyright (c) 2003-2018 Apple Inc. All rights reserved. +-# +-# Top level makefile for Build & Integration (B&I). +-# +-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple. +-# +-# The various platform directories contain makefiles or projects specific to that platform. +-# +-# B&I builds must respect the following target: +-# install: +-# installsrc: +-# installhdrs: +-# installapi: +-# clean: +-# +- +-include $(MAKEFILEPATH)/pb_makefiles/platform.make +- +-MVERS = "mDNSResponder-1310.140.1" +- +-VER = +-ifneq ($(strip $(GCC_VERSION)),) +- VER = -- GCC_VERSION=$(GCC_VERSION) +-endif +-echo "VER = $(VER)" +- +-projectdir := $(SRCROOT)/mDNSMacOSX +-buildsettings := OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT) +- +-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean +- +-# Sanitizer support +-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210. +-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim +-PROJECT_SUPPORTS_SANITIZERS := 1 +-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0) +- PROJECT_SUPPORTS_SANITIZERS := 0 +-endif +-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Address Sanitizer) +- buildsettings += -enableAddressSanitizer YES +- else +- $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Thread Sanitizer) +- buildsettings += -enableThreadSanitizer YES +- else +- $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Undefined Behavior Sanitizer) +- buildsettings += -enableUndefinedBehaviorSanitizer YES +- else +- $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +- +-# B&I install build targets +-# +-# For the mDNSResponder build alias, the make target used by B&I depends on the platform: +-# +-# Platform Make Target +-# -------- ----------- +-# osx install +-# ios installSome +-# atv installSome +-# watch installSome +-# +-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries +-# target for all platforms. +- +-install: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +-endif +- +-installSome: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +- +-installEmpty: +- mkdir -p $(DSTROOT)/AppleInternal +- +-installExtras: +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER) +-endif +- +-SystemLibraries: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER) +- +-# B&I installhdrs build targets +- +-installhdrs:: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER) +-endif +- +-# B&I installapi build targets +- +-installapi: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER) +-endif +- +-# Misc. targets +- +-installsrc: +- ditto . '$(SRCROOT)' +- rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension' +- +-java: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER) +- +-clean:: +- echo clean ++all clean: ++ cd mDNSPosix && $(MAKE) $@ +-- +2.38.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch index fdc5105cb9..fdc5105cb9 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch index 362d69768e..362d69768e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch index b9b0157276..b9b0157276 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch index d9adde04c2..d9adde04c2 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service index 531d142dcd..531d142dcd 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb index 205dc929be..65f4847d8f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb @@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." HOMEPAGE = "http://developer.apple.com/networking/bonjour/" LICENSE = "Apache-2.0 & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf" +LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" DEPENDS:append:libc-musl = " musl-nscd" RPROVIDES:${PN} += "libdns_sd.so" -SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \ +# matches annotated tag mDNSResponder-1310.140.1 +SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77" +BRANCH = "rel/mDNSResponder-1310" +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \ file://mdns.service \ - file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \ - file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \ - file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \ - file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \ - file://0003-Track-interface-socket-family.patch;patchdir=.. \ - file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \ - file://0006-Remove-unneeded-function.patch;patchdir=.. \ - file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \ - file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \ - file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \ - file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \ - file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \ + file://0001-mdns-include-stddef.h-for-NULL.patch \ + file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \ + file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \ + file://0002-Create-subroutine-for-tearing-down-an-interface.patch \ + file://0003-Track-interface-socket-family.patch \ + file://0004-Use-list-for-changed-interfaces.patch \ + file://0006-Remove-unneeded-function.patch \ + file://0008-Mark-deleted-interfaces-as-being-changed.patch \ + file://0009-Fix-possible-NULL-dereference.patch \ + file://0010-Handle-errors-from-socket-calls.patch \ + file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \ + file://0001-dns-sd-Include-missing-headers.patch \ + file://0006-make-Add-top-level-Makefile.patch \ " -SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f" CVE_PRODUCT = "apple:mdnsresponder" @@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613" PARALLEL_MAKE = "" -S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" +# We install a stub Makefile in the top directory so that the various checks +# in base.bbclass pass their tests for a Makefile, this ensures (that amongst +# other things) the sstate checks will clean the build directory when the +# task hashes changes. +# +# We can't use the approach of setting ${S} to mDNSPosix as we need +# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. +S = "${WORKDIR}/git" EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'" TARGET_CC_ARCH += "${LDFLAGS}" do_install () { + cd mDNSPosix + install -d ${D}${sbindir} install -m 0755 build/prod/mdnsd ${D}${sbindir} diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000000..ce7e3422ed --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,116 @@ +From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 +From: Bill Fenner <fenner@gmail.com> +Date: Fri, 25 Nov 2022 08:41:24 -0800 +Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57] +CVE: CVE-2022-44792 & CVE-2022-44793 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 3376357..f51c252 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 50f33db..387a51d 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 7af5147566..eb8e1599fb 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -26,6 +26,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ " SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb index 8ce9e1db55..b7d21b7e91 100644 --- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.2.bb @@ -45,7 +45,7 @@ DEPENDS = "pps-tools" # Note: Despite being built via './configure; make; make install', # chrony does not use GNU Autotools. -inherit update-rc.d systemd +inherit update-rc.d systemd pkgconfig # Add chronyd user if privdrop packageconfig is selected inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)} @@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', ' USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,14 +62,17 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" + +# These are left for backwards compatibility, to avoid breaking existing +# configurations. +PACKAGECONFIG[libcap] = "" +PACKAGECONFIG[nss] = "" +PACKAGECONFIG[readline] = "" # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb index d4cdda0f81..516e467ee4 100644 --- a/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb +++ b/meta-openembedded/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb @@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only & LGPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRCREV = "8c06dce7d596e478c20bc54bdcec87ad97f80a1b" -SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master \ + file://CVE-2022-27239.patch \ + file://CVE-2022-29869.patch \ +" S = "${WORKDIR}/git" DEPENDS += "libtalloc" diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch new file mode 100644 index 0000000000..77f6745abe --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch @@ -0,0 +1,40 @@ +From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Thu, 17 Mar 2022 12:58:52 -0400 +Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option + parsing + +Previous check was true whatever the length of the input string was, +leading to a buffer overflow in the subsequent strcpy call. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d] +CVE: CVE-2022-27239 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 84274c9..3a6b449 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) + if (!value || !*value) { + fprintf(stderr, + "target ip address argument missing\n"); +- } else if (strnlen(value, MAX_ADDRESS_LEN) <= ++ } else if (strnlen(value, MAX_ADDRESS_LEN) < + MAX_ADDRESS_LEN) { +- strcpy(parsed_info->addrlist, value); ++ strlcpy(parsed_info->addrlist, value, ++ MAX_ADDRESS_LEN); + if (parsed_info->verboseflag) + fprintf(stderr, + "ip address %s override specified\n", +-- +2.34.1 diff --git a/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch new file mode 100644 index 0000000000..f0c3f37dec --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch @@ -0,0 +1,48 @@ +From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Sat, 19 Mar 2022 13:41:15 -0400 +Subject: [PATCH] mount.cifs: fix verbose messages on option parsing + +When verbose logging is enabled, invalid credentials file lines may be +dumped to stderr. This may lead to information disclosure in particular +conditions when the credentials file given is sensitive and contains '=' +signs. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379] +CVE: CVE-2022-29869 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3a6b449..2278995 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name, + goto return_i; + break; + case CRED_DOM: +- if (parsed_info->verboseflag) +- fprintf(stderr, "domain=%s\n", +- temp_val); + strlcpy(parsed_info->domain, temp_val, + sizeof(parsed_info->domain)); + break; + case CRED_UNPARSEABLE: + if (parsed_info->verboseflag) + fprintf(stderr, "Credential formatted " +- "incorrectly: %s\n", +- temp_val ? temp_val : "(null)"); ++ "incorrectly\n"); + break; + } + } +-- +2.34.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index a8ff21a125..9e0f529ec1 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -14,6 +14,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolvconf.service \ file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ + file://CVE-2023-28450.patch \ " inherit pkgconfig update-rc.d systemd diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch new file mode 100644 index 0000000000..129c9043e8 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch @@ -0,0 +1,48 @@ +From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Tue, 7 Mar 2023 22:07:46 +0000 +Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232. + +http://www.dnsflagday.net/2020/ refers. + +Thanks to Xiang Li for the prompt. + +CVE: CVE-2023-28450 +Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + man/dnsmasq.8 | 3 ++- + src/config.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 41e2e04..5acb935 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP. + .TP + .B \-P, --edns-packet-max=<size> + Specify the largest EDNS.0 UDP packet which is supported by the DNS +-forwarder. Defaults to 4096, which is the RFC5625-recommended size. ++forwarder. Defaults to 1232, which is the recommended size following the ++DNS flag day in 2020. Only increase if you know what you are doing. + .TP + .B \-Q, --query-port=<query_port> + Send outbound DNS queries from, and listen for their replies on, the +diff --git a/src/config.h b/src/config.h +index 1e7b30f..37b374e 100644 +--- a/src/config.h ++++ b/src/config.h +@@ -19,7 +19,7 @@ + #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */ + #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ + #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */ +-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ ++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */ + #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */ + #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */ + #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ +-- +2.20.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb index a30f720bb5..91e4945a17 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb @@ -29,6 +29,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" # CVE-2016-9312 is only for windows. +# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility # The other CVEs are not correctly identified because cve-check # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) CVE_CHECK_IGNORE += "\ @@ -52,6 +53,7 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ + CVE-2019-11331 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch new file mode 100644 index 0000000000..ffef6800eb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch @@ -0,0 +1,157 @@ +From 6a6c275534e31b41f6d203cfd92685b7526a45e8 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Fri, 11 Nov 2022 10:15:38 +0530 +Subject: [PATCH] CVE-2022-40617 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2022-40617] +CVE: CVE-2022-40617 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +credential-manager: Do online revocation checks only after + basic trust chain validation + +This avoids querying URLs of potentially untrusted certificates, e.g. if +an attacker sends a specially crafted end-entity and intermediate CA +certificate with a CDP that points to a server that completes the +TCP handshake but then does not send any further data, which will block +the fetcher thread (depending on the plugin) for as long as the default +timeout for TCP. Doing that multiple times will block all worker threads, +leading to a DoS attack. + +The logging during the certificate verification obviously changes. +--- + .../credentials/credential_manager.c | 54 +++++++++++++++---- + 1 file changed, 45 insertions(+), 9 deletions(-) + +diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c +index 3be0190..f65372b 100644 +--- a/src/libstrongswan/credentials/credential_manager.c ++++ b/src/libstrongswan/credentials/credential_manager.c +@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this) + */ + static bool check_lifetime(private_credential_manager_t *this, + certificate_t *cert, char *label, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + time_t not_before, not_after; + cert_validator_t *validator; +@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this, + continue; + } + status = validator->check_lifetime(validator, cert, +- pathlen, trusted, auth); ++ pathlen, anchor, auth); + if (status != NEED_MORE) + { + break; +@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this, + */ + static bool check_certificate(private_credential_manager_t *this, + certificate_t *subject, certificate_t *issuer, bool online, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + cert_validator_t *validator; + enumerator_t *enumerator; + + if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) || +- !check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth)) ++ !check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth)) + { + return FALSE; + } +@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this, + continue; + } + if (!validator->validate(validator, subject, issuer, +- online, pathlen, trusted, auth)) ++ online, pathlen, anchor, auth)) + { + enumerator->destroy(enumerator); + return FALSE; +@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth_cfg_t *auth; + signature_params_t *scheme; + int pathlen; ++ bool is_anchor = FALSE; + + auth = auth_cfg_create(); + get_key_strength(subject, auth); +@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer)); + DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"", + issuer->get_subject(issuer)); +- trusted = TRUE; ++ trusted = is_anchor = TRUE; + } + else + { +@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, " issuer is \"%Y\"", + current->get_issuer(current)); + call_hook(this, CRED_HOOK_NO_ISSUER, current); ++ if (trusted) ++ { ++ DBG1(DBG_CFG, " reached end of incomplete trust chain for " ++ "trusted certificate \"%Y\"", ++ subject->get_subject(subject)); ++ } + break; + } + } +- if (!check_certificate(this, current, issuer, online, +- pathlen, trusted, auth)) ++ /* don't do online verification here */ ++ if (!check_certificate(this, current, issuer, FALSE, ++ pathlen, is_anchor, auth)) + { + trusted = FALSE; + issuer->destroy(issuer); +@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + } + current->destroy(current); + current = issuer; +- if (trusted) ++ if (is_anchor) + { + DBG1(DBG_CFG, " reached self-signed root ca with a " + "path length of %d", pathlen); +@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN); + call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject); + } ++ else if (trusted && online) ++ { ++ enumerator_t *enumerator; ++ auth_rule_t rule; ++ ++ /* do online revocation checks after basic validation of the chain */ ++ pathlen = 0; ++ current = subject; ++ enumerator = auth->create_enumerator(auth); ++ while (enumerator->enumerate(enumerator, &rule, &issuer)) ++ { ++ if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT) ++ { ++ if (!check_certificate(this, current, issuer, TRUE, pathlen++, ++ rule == AUTH_RULE_CA_CERT, auth)) ++ { ++ trusted = FALSE; ++ break; ++ } ++ else if (rule == AUTH_RULE_CA_CERT) ++ { ++ break; ++ } ++ current = issuer; ++ } ++ } ++ enumerator->destroy(enumerator); ++ } + if (trusted) + { + result->merge(result, auth, FALSE); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb index 1b82dceac2..b8d44db26b 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb @@ -10,6 +10,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://0001-enum-Fix-compiler-warning.patch \ + file://CVE-2022-40617.patch \ " SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7" diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb index fe9685924b..226543bbd8 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb @@ -49,9 +49,9 @@ do_configure:append() { # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA do_install:prepend() { - rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S} + rm -rf ${S}/python-pkg/dist/ + mkdir ${S}/python-pkg/dist/ + tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S} } # In code, path to python is a variable that is replaced with path to native version of it diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index ff4a16e9f2..0969fb6ce2 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -117,7 +117,7 @@ scons_do_install() { # install mongo data folder install -m 755 -d ${D}${localstatedir}/lib/${BPN} - chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN} + chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN} # Create /var/log/mongodb in runtime. if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch new file mode 100644 index 0000000000..8b6405b4ad --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch @@ -0,0 +1,46 @@ +From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 +From: Michael Larabel <michael@phoronix.com> +Date: Sat, 23 Jul 2022 07:32:43 -0500 +Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in + phoromatic_quit_if_invalid_input_found() + +Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 + +Upstream-Status: Backport +CVE: CVE-2022-40704 + +Reference to upstream patch: +https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php +index 74ccc5444c..c2313dcdea 100644 +--- a/pts-core/phoromatic/phoromatic_functions.php ++++ b/pts-core/phoromatic/phoromatic_functions.php +@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) + { + foreach($input_keys as $key) + { +- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) ++ if(isset($_GET[$key]) && !empty($_GET[$key])) + { +- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) ++ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) ++ { ++ if(stripos($val_to_check, $invalid_string) !== false) ++ { ++ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check); ++ exit; ++ } ++ } ++ } ++ if(isset($_POST[$key]) && !empty($_POST[$key])) ++ { ++ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) + { + if(stripos($val_to_check, $invalid_string) !== false) + { diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb index 825f7024e7..44f2249bc9 100644 --- a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb +++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb @@ -5,7 +5,11 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "console/tests" -SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz" +SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \ + file://CVE-2022-40704.patch \ + " + + SRC_URI[md5sum] = "459c3c45b39bb3d720ddc8ba5f944332" SRC_URI[sha256sum] = "86681343d20415831ab16ef6c3d1c317e2345e771925e0698ae920a03a9eaab6" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch new file mode 100644 index 0000000000..6d04bf8980 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch @@ -0,0 +1,110 @@ +From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 17 Oct 2022 20:25:11 -0400 +Subject: [PATCH] Fix integer overflows in PAC parsing + +In krb5_parse_pac(), check for buffer counts large enough to threaten +integer overflow in the header length and memory length calculations. +Avoid potential integer overflows when checking the length of each +buffer. Credit to OSS-Fuzz for discovering one of the issues. + +CVE-2022-42898: + +In MIT krb5 releases 1.8 and later, an authenticated attacker may be +able to cause a KDC or kadmind process to crash by reading beyond the +bounds of allocated memory, creating a denial of service. A +privileged attacker may similarly be able to cause a Kerberos or GSS +application service to crash. On 32-bit platforms, an attacker can +also cause insufficient memory to be allocated for the result, +potentially leading to remote code execution in a KDC, kadmind, or GSS +or Kerberos application server process. An attacker with the +privileges of a cross-realm KDC may be able to extract secrets from a +KDC process's memory by having them copied into the PAC of a new +ticket. + +(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583) + +ticket: 9074 +version_fixed: 1.19.4 + +Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4] +CVE: CVE-2022-42898 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/lib/krb5/krb/pac.c | 9 +++++++-- + src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++ + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c +index cc74f37..70428a1 100644 +--- a/src/lib/krb5/krb/pac.c ++++ b/src/lib/krb5/krb/pac.c +@@ -27,6 +27,8 @@ + #include "k5-int.h" + #include "authdata.h" + ++#define MAX_BUFFERS 4096 ++ + /* draft-brezak-win2k-krb-authz-00 */ + + /* +@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context, + if (version != 0) + return EINVAL; + ++ if (cbuffers < 1 || cbuffers > MAX_BUFFERS) ++ return ERANGE; ++ + header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; +@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context, + krb5_pac_free(context, pac); + return EINVAL; + } +- if (buffer->Offset < header_len || +- buffer->Offset + buffer->cbBufferSize > len) { ++ if (buffer->Offset < header_len || buffer->Offset > len || ++ buffer->cbBufferSize > len - buffer->Offset) { + krb5_pac_free(context, pac); + return ERANGE; + } +diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c +index 7b756a2..2353e9f 100644 +--- a/src/lib/krb5/krb/t_pac.c ++++ b/src/lib/krb5/krb/t_pac.c +@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = { + 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00 + }; + ++static const unsigned char fuzz1[] = { ++ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, ++ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5 ++}; ++ ++static const unsigned char fuzz2[] = { ++ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, ++ 0x20, 0x20 ++}; ++ + static const char *s4u_principal = "w2k8u@ACME.COM"; + static const char *s4u_enterprise = "w2k8u@abc@ACME.COM"; + +@@ -646,6 +656,14 @@ main(int argc, char **argv) + krb5_free_principal(context, sep); + } + ++ /* Check problematic PACs found by fuzzing. */ ++ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ + /* + * Test empty free + */ +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb index 6e0b2fdacb..cabae374e1 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb @@ -32,6 +32,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://krb5-admin-server.service \ file://CVE-2021-36222.patch;striplevel=2 \ file://CVE-2021-37750.patch;striplevel=2 \ + file://CVE-2022-42898.patch;striplevel=2 \ " SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f" SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch new file mode 100644 index 0000000000..6028520923 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch @@ -0,0 +1,37 @@ +From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 4 Jan 2023 13:51:03 +0800 +Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header + allows to access Frontend in maintenace mode + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e] +CVE: CVE-2022-43515 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + ui/include/classes/user/CWebUser.php | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php +index e6e651e..bfacce7 100644 +--- a/ui/include/classes/user/CWebUser.php ++++ b/ui/include/classes/user/CWebUser.php +@@ -231,13 +231,11 @@ class CWebUser { + } + + /** +- * Get user ip address. ++ * Get user IP address. + * + * @return string + */ + public static function getIp(): string { +- return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') +- ? $_SERVER['HTTP_X_FORWARDED_FOR'] +- : $_SERVER['REMOTE_ADDR']; ++ return $_SERVER['REMOTE_ADDR']; + } + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch new file mode 100644 index 0000000000..debd0aaa8e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch @@ -0,0 +1,53 @@ +From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 4 Jan 2023 14:23:34 +0800 +Subject: [PATCH] [DEV-2283] added validation of the scheduled report + generation URL to zabbix-web-service + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867] +CVE: CVE-2022-46768 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +index 391b58b..8452a3d 100644 +--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go ++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +@@ -29,6 +29,7 @@ import ( + "net/http" + "net/url" + "strconv" ++ "strings" + "time" + + "github.com/chromedp/cdproto/emulation" +@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) { + return + } + ++ if u.Scheme != "http" && u.Scheme != "https" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest) ++ return ++ } ++ ++ if !strings.HasSuffix(u.Path, "/zabbix.php") { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest) ++ return ++ } ++ ++ queryParams := u.Query() ++ ++ if queryParams.Get("action") != "dashboard.print" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest) ++ return ++ } ++ + log.Tracef( + "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s", + u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch new file mode 100644 index 0000000000..453f67a920 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch @@ -0,0 +1,116 @@ +From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 26 Apr 2023 15:00:07 +0800 +Subject: [PATCH] Fix CVE-2023-29451 + +.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0 + +* commit '97efb4ed5069d4febe825671e2c3d106478d082d': + .......PS. [DEV-2450] added mock test + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Upstream-Status: Backport +[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24] +CVE: CVE-2023-29451 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/libs/zbxdiag/diag.c | 3 ++- + src/libs/zbxjson/json.c | 2 +- + src/libs/zbxjson/json.h | 1 + + src/libs/zbxjson/json_parser.c | 15 +++++---------- + src/zabbix_server/reporter/report_protocol.c | 3 ++- + 5 files changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c +index 6fc5509..dc47407 100644 +--- a/src/libs/zbxdiag/diag.c ++++ b/src/libs/zbxdiag/diag.c +@@ -673,7 +673,8 @@ static void diag_get_simple_values(const struct zbx_json_parse *jp, char **msg) + { + if (FAIL == zbx_json_brackets_open(pnext, &jp_value)) + { +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type)) ++ type = ZBX_JSON_TYPE_NULL; + + if (0 != msg_offset) + zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' '); +diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c +index 4161ef0..c043d7e 100644 +--- a/src/libs/zbxjson/json.c ++++ b/src/libs/zbxjson/json.c +@@ -764,7 +764,7 @@ static unsigned int zbx_hex2num(char c) + * 0 on error (invalid escape sequence) * + * * + ******************************************************************************/ +-static unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) + { + bytes[0] = '\0'; + +diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h +index c59646a..4008411 100644 +--- a/src/libs/zbxjson/json.h ++++ b/src/libs/zbxjson/json.h +@@ -29,5 +29,6 @@ + SKIP_WHITESPACE(src) + + void zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2); ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes); + + #endif +diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c +index c8dcee4..64d24cf 100644 +--- a/src/libs/zbxjson/json_parser.c ++++ b/src/libs/zbxjson/json_parser.c +@@ -88,7 +88,7 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + if ('\\' == *ptr) + { + const char *escape_start = ptr; +- int i; ++ unsigned char uc[4]; /* decoded Unicode character takes 1-4 bytes in UTF-8 */ + + /* unexpected end of string data, failing */ + if ('\0' == *(++ptr)) +@@ -107,16 +107,11 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + break; + case 'u': + /* check if the \u is followed with 4 hex digits */ +- for (i = 0; i < 4; i++) +- { +- if (0 == isxdigit((unsigned char)*(++ptr))) +- { +- return json_error("invalid escape sequence in string", +- escape_start, error); +- } ++ if (0 == zbx_json_decode_character(&ptr, uc)) { ++ return json_error("invalid escape sequence in string", ++ escape_start, error); + } +- +- break; ++ continue; + default: + return json_error("invalid escape sequence in string data", + escape_start, error); +diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c +index 5f55f51..ee0e02e 100644 +--- a/src/zabbix_server/reporter/report_protocol.c ++++ b/src/zabbix_server/reporter/report_protocol.c +@@ -421,7 +421,8 @@ void zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc + size_t value_alloc = 0; + zbx_ptr_pair_t pair; + +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL)) ++ continue; + pair.first = zbx_strdup(NULL, key); + pair.second = value; + zbx_vector_ptr_pair_append(¶ms, pair); +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index f5d89d6c3d..7f530a5529 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb @@ -26,6 +26,9 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2022-43515.patch \ + file://CVE-2022-46768.patch \ + file://CVE-2023-29451.patch \ " SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e" diff --git a/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb index c8dabc5ead..44804545de 100644 --- a/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \ file://0001-Include-typeinfo-for-typeid.patch \ file://0001-include-utility-header.patch \ " -SRC_URI:append:libc-musl = "file://fix_build_musl.patch" +SRC_URI:append:libc-musl = " file://fix_build_musl.patch" SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264" DEPENDS = "\ diff --git a/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb b/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb index f73a0fd54e..80e3cc6298 100644 --- a/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb +++ b/meta-openembedded/meta-oe/recipes-core/pim435/pim435_git.bb @@ -9,8 +9,8 @@ written in C" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSES/MIT.txt;md5=7dda4e90ded66ab88b86f76169f28663" -SRC_URI = "git://booting.oniroproject.org/distro/components/pim435;protocol=https;branch=main" -SRCREV = "ee07a83de4d0ecdf4b5de20a7e374d36a9a6f5d5" +SRC_URI = "git://gitlab.eclipse.org/eclipse/oniro-blueprints/core/pim435;protocol=https;branch=main" +SRCREV = "445ed623ec8d3ecbb1d566900b4ef3fb3031d689" S = "${WORKDIR}/git" DEPENDS = "i2c-tools" diff --git a/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb index c95a5b2d32..1c2c6e21e0 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb @@ -16,7 +16,7 @@ S = "${WORKDIR}/git" DEPENDS = "openssl" -EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" +EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" # We want to statically link the binary to libfsverity on native Windows EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1" EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb index e38726d3f9..17a06349b0 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb @@ -2,7 +2,9 @@ require mariadb.inc inherit native PROVIDES += "mysql5-native" -DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native" +DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native \ +gnutls-native fmt-native \ +" RDEPENDS:${PN} = "" PACKAGES = "" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc index 922373b633..a84f8d134f 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -19,11 +19,13 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://ssize_t.patch \ file://mm_malloc.patch \ file://sys_futex.patch \ - file://mariadb-openssl3.patch \ + file://cross-compiling.patch \ + file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ + file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \ " SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch" -SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173" +SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" @@ -61,6 +63,8 @@ FILES:${PN}-setupdb = "${sysconfdir}/init.d/install_db \ ${bindir}/mysql-systemd-start \ " +EXTRA_OEMAKE = "'GEN_LEX_HASH=${STAGING_BINDIR_NATIVE}/gen_lex_hash'" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" PACKAGECONFIG:class-native = "" PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam" @@ -95,9 +99,9 @@ EXTRA_OECMAKE = "-DWITH_EMBEDDED_SERVER=ON \ -DINSTALL_SYSCONFDIR:PATH=${sysconfdir} \ -DMYSQL_DATADIR:PATH=/var/mysql \ -DCAT_EXECUTABLE=`which cat` \ + -DSTACK_DIRECTION=1 \ -DCMAKE_AR:FILEPATH=${AR}" -EXTRA_OECMAKE:prepend:class-target = "-DCMAKE_CROSSCOMPILING_EMULATOR=${WORKDIR}/qemuwrapper " # With Ninja it fails with: # make: *** No rule to make target `install'. Stop. @@ -121,18 +125,12 @@ do_generate_toolchain_file:append:class-native () { sed -i "/set( CMAKE_SYSTEM_PROCESSOR/d" ${WORKDIR}/toolchain.cmake } -do_configure:prepend:class-target () { - # Write out a qemu wrapper that will be used by cmake - # so that it can run target helper binaries through that. - qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_DIR_HOST}${base_libdir}')])}" - cat > ${WORKDIR}/qemuwrapper << EOF -#!/bin/sh -$qemu_binary "\$@" -EOF - chmod +x ${WORKDIR}/qemuwrapper -} do_compile:prepend:class-target () { + # These need to be in-tree or make will think they need to be built, + # and since we're cross-compiling that is disabled + cp ${STAGING_BINDIR_NATIVE}/comp_err ${S}/extra + cp ${STAGING_BINDIR_NATIVE}/comp_sql ${S}/scripts if [ "${@bb.utils.contains('PACKAGECONFIG', 'krb5', 'yes', 'no', d)}" = "no" ]; then if ! [ -e ${B}/include/openssl/kssl.h ] ; then mkdir -p ${B}/include/openssl diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch new file mode 100644 index 0000000000..2fe768d754 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch @@ -0,0 +1,320 @@ +From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001 +From: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> +Date: Tue, 27 Sep 2022 15:22:57 +0900 +Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in + spider_db_mbase::print_warnings() + +The function spider_db_mbase::print_warnings() can potentially result +in a null pointer dereference. + +Remove the null pointer dereference by cleaning up the function. + +Some small changes to the original commit +422fb63a9bbee35c50b6c7be19d199afe0bc98fa. + +CVE: CVE-2022-47015 + +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0] + +Co-Authored-By: Yuchen Pei <yuchen.pei@mariadb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + .../spider/bugfix/r/mdev_29644.result | 41 ++++++ + .../mysql-test/spider/bugfix/t/mdev_29644.cnf | 3 + + .../spider/bugfix/t/mdev_29644.test | 56 ++++++++ + storage/spider/spd_db_mysql.cc | 124 ++++++++---------- + storage/spider/spd_db_mysql.h | 2 +- + 5 files changed, 154 insertions(+), 72 deletions(-) + create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test + +diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +new file mode 100644 +index 00000000000..b52cecc5bb7 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +@@ -0,0 +1,41 @@ ++# ++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++# ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 ++connection child2_1; ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++CREATE TABLE tbl_a ( ++a CHAR(5) ++) ENGINE=InnoDB DEFAULT CHARSET=utf8; ++SET GLOBAL sql_mode=''; ++connection master_1; ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++CREATE TABLE tbl_a ( ++a CHAR(255) ++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"'; ++SET sql_mode=''; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++SET GLOBAL spider_log_result_errors=4; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++connection master_1; ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++connection child2_1; ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +new file mode 100644 +index 00000000000..05dfd8a0bce +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +@@ -0,0 +1,3 @@ ++!include include/default_mysqld.cnf ++!include ../my_1_1.cnf ++!include ../my_2_1.cnf +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +new file mode 100644 +index 00000000000..3a8fbb251e1 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +@@ -0,0 +1,56 @@ ++--echo # ++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++--echo # ++ ++# The test case below does not cause the potential null pointer dereference. ++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works. ++ ++--disable_query_log ++--disable_result_log ++--source ../../t/test_init.inc ++--enable_result_log ++--enable_query_log ++ ++--connection child2_1 ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++eval CREATE TABLE tbl_a ( ++ a CHAR(5) ++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET; ++ ++SET GLOBAL sql_mode=''; ++ ++--connection master_1 ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++eval CREATE TABLE tbl_a ( ++ a CHAR(255) ++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"'; ++ ++SET sql_mode=''; ++ ++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err; ++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should not find ++ ++SET GLOBAL spider_log_result_errors=4; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should find ++ ++--connection master_1 ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++ ++--connection child2_1 ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++ ++--disable_query_log ++--disable_result_log ++--source ../t/test_deinit.inc ++--enable_query_log ++--enable_result_log +diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc +index d377d2bd807..bc8383017f7 100644 +--- a/storage/spider/spd_db_mysql.cc ++++ b/storage/spider/spd_db_mysql.cc +@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query( + db_conn->affected_rows, db_conn->insert_id, + db_conn->server_status, db_conn->warning_count); + if (spider_param_log_result_errors() >= 3) +- print_warnings(l_time); ++ fetch_and_print_warnings(l_time); + } else if (log_result_errors >= 4) + { + time_t cur_time = (time_t) time((time_t*) 0); +@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error( + DBUG_RETURN(xa_nota); + } + +-int spider_db_mbase::print_warnings( +- struct tm *l_time +-) { ++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time) ++{ + int error_num = 0; +- DBUG_ENTER("spider_db_mbase::print_warnings"); ++ DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings"); + DBUG_PRINT("info",("spider this=%p", this)); +- if (db_conn->status == MYSQL_STATUS_READY) ++ ++ if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY || ++ db_conn->server_status & SERVER_MORE_RESULTS_EXISTS || ++ !db_conn->warning_count) ++ DBUG_RETURN(0); ++ ++ if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, ++ SPIDER_SQL_SHOW_WARNINGS_LEN)) ++ DBUG_RETURN(0); ++ ++ MYSQL_RES *res= mysql_store_result(db_conn); ++ if (!res) ++ DBUG_RETURN(0); ++ ++ uint num_fields= mysql_num_fields(res); ++ if (num_fields != 3) + { +- if ( +-#if MYSQL_VERSION_ID < 50500 +- !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->last_used_con->warning_count +-#else +- !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->warning_count +-#endif +- ) { +- if ( +- spider_param_dry_access() || +- !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, +- SPIDER_SQL_SHOW_WARNINGS_LEN) +- ) { +- MYSQL_RES *res = NULL; +- MYSQL_ROW row = NULL; +- uint num_fields; +- if ( +- spider_param_dry_access() || +- !(res = mysql_store_result(db_conn)) || +- !(row = mysql_fetch_row(res)) +- ) { +- if (mysql_errno(db_conn)) +- { +- if (res) +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- /* no record is ok */ +- } +- num_fields = mysql_num_fields(res); +- if (num_fields != 3) +- { +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- if (l_time) +- { +- while (row) +- { +- fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] " +- "from [%s] %ld to %ld: %s %s %s\n", ++ mysql_free_result(res); ++ DBUG_RETURN(0); ++ } ++ ++ MYSQL_ROW row= mysql_fetch_row(res); ++ if (l_time) ++ { ++ while (row) ++ { ++ fprintf(stderr, ++ "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld " ++ "to %ld: %s %s %s\n", + l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday, +- l_time->tm_hour, l_time->tm_min, l_time->tm_sec, +- conn->tgt_host, (ulong) db_conn->thread_id, +- (ulong) current_thd->thread_id, row[0], row[1], row[2]); +- row = mysql_fetch_row(res); +- } +- } else { +- while (row) +- { +- DBUG_PRINT("info",("spider row[0]=%s", row[0])); +- DBUG_PRINT("info",("spider row[1]=%s", row[1])); +- DBUG_PRINT("info",("spider row[2]=%s", row[2])); +- longlong res_num = +- (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); +- DBUG_PRINT("info",("spider res_num=%lld", res_num)); +- my_printf_error((int) res_num, row[2], MYF(0)); +- error_num = (int) res_num; +- row = mysql_fetch_row(res); +- } +- } +- if (res) +- mysql_free_result(res); +- } ++ l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, ++ (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], ++ row[1], row[2]); ++ row= mysql_fetch_row(res); ++ } ++ } else { ++ while (row) ++ { ++ DBUG_PRINT("info",("spider row[0]=%s", row[0])); ++ DBUG_PRINT("info",("spider row[1]=%s", row[1])); ++ DBUG_PRINT("info",("spider row[2]=%s", row[2])); ++ longlong res_num = ++ (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); ++ DBUG_PRINT("info",("spider res_num=%lld", res_num)); ++ my_printf_error((int) res_num, row[2], MYF(0)); ++ error_num = (int) res_num; ++ row = mysql_fetch_row(res); + } + } ++ ++ mysql_free_result(res); ++ + DBUG_RETURN(error_num); + } + +@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status( + DBUG_RETURN(error_num); + } + } +- if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL))) ++ if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL))) + { + DBUG_RETURN(error_num); + } +diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h +index e90461ea278..a2012352f21 100644 +--- a/storage/spider/spd_db_mysql.h ++++ b/storage/spider/spd_db_mysql.h +@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn + bool is_xa_nota_error( + int error_num + ); +- int print_warnings( ++ int fetch_and_print_warnings( + struct tm *l_time + ); + spider_db_result *store_result( +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch new file mode 100644 index 0000000000..456a2bad64 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch @@ -0,0 +1,69 @@ +From f92f657973997df30afdb0032c88ad3a14ead46b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 15:48:21 +0800 +Subject: [PATCH] sql/CMakeLists.txt: fix gen_lex_hash not found + +Fix the below do_compile issue in cross-compiling env. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_hash', needed by 'sql/lex_hash.h'. Stop. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_token', needed by 'sql/lex_token.h'. Stop. + +Upstream-Status: Inappropriate [oe build specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + sql/CMakeLists.txt | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt +index 241b482..27a3991 100644 +--- a/sql/CMakeLists.txt ++++ b/sql/CMakeLists.txt +@@ -60,11 +60,18 @@ ${CMAKE_BINARY_DIR}/sql + ${CMAKE_SOURCE_DIR}/tpool + ) + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h +- COMMAND gen_lex_token > lex_token.h +- DEPENDS gen_lex_token ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h ++ DEPENDS gen_lex_token ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h + ) ++ENDIF() + + FIND_PACKAGE(BISON 2.4) + +@@ -372,11 +379,18 @@ IF(NOT CMAKE_CROSSCOMPILING OR DEFINED CMAKE_CROSSCOMPILING_EMULATOR) + ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc) + ENDIF() + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h +- COMMAND gen_lex_hash > lex_hash.h +- DEPENDS gen_lex_hash ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h ++ DEPENDS gen_lex_hash ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h + ) ++ENDIF() + + MYSQL_ADD_EXECUTABLE(mariadb-tzinfo-to-sql tztime.cc) + SET_TARGET_PROPERTIES(mariadb-tzinfo-to-sql PROPERTIES COMPILE_FLAGS "-DTZINFO2SQL") +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch new file mode 100644 index 0000000000..d0d6e3c730 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch @@ -0,0 +1,34 @@ +From 80be37351d995654f86b838f6b5ed47e8a90261b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 12:05:17 +0800 +Subject: [PATCH] CMakeLists.txt: not include import_executables.cmake + +building failed since native does not generate import_executables.cmake +In fact, our building system will export the needed commands. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + CMakeLists.txt | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f9e2b1b..34924ba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -394,11 +394,6 @@ CHECK_LIBFMT() + ADD_SUBDIRECTORY(tpool) + CHECK_SYSTEMD() + +-IF(CMAKE_CROSSCOMPILING AND NOT DEFINED CMAKE_CROSSCOMPILING_EMULATOR) +- SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build") +- INCLUDE(${IMPORT_EXECUTABLES}) +-ENDIF() +- + # + # Setup maintainer mode options. Platform checks are + # not run with the warning options as to not perturb fragile checks +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch deleted file mode 100644 index 878675f30d..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001 -From: Vladislav Vaintroub <wlad@mariadb.com> -Date: Mon, 8 Nov 2021 18:48:19 +0100 -Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 - -Summary of changes - -- MD_CTX_SIZE is increased - -- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points - to nobody knows where. The assumption made previously was that - (since the function does not seem to be documented) - was that it points to the last partial source block. - Add own partial block buffer for NOPAD encryption instead - -- SECLEVEL in CipherString in openssl.cnf - had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible - -- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, - in addition to what was set in --ssl-cipher - -- ctx_buf buffer now must be aligned to 16 bytes with openssl( - previously with WolfSSL only), ot crashes will happen - -- updated aes-t , to be better debuggable - using function, rather than a huge multiline macro - added test that does "nopad" encryption piece-wise, to test - replacement of EVP_CIPHER_CTX_buf_noconst - -Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch - -Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e] -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - cmake/ssl.cmake | 21 +++++- - include/mysql/service_my_crypt.h | 2 +- - include/ssl_compat.h | 3 +- - mysql-test/lib/openssl.cnf | 2 +- - mysql-test/main/ssl_cipher.result | 6 +- - mysql-test/main/ssl_cipher.test | 2 +- - mysys_ssl/my_crypt.cc | 46 +++++++----- - unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- - 8 files changed, 143 insertions(+), 60 deletions(-) - -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake -index a6793cf3..64c93ff9 100644 ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL) - ENDIF() - FIND_PACKAGE(OpenSSL) - SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED) -- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0") -+ IF(OPENSSL_FOUND) - SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) - INCLUDE(CheckSymbolExists) - SET(SSL_SOURCES "") -@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) - SET(SSL_INTERNAL_INCLUDE_DIRS "") - SET(SSL_DEFINES "-DHAVE_OPENSSL") - -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() -+ -+ # Silence "deprecated in OpenSSL 3.0" -+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake -+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) -+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") -+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) -+ ENDIF() -+ - SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) -- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) -+ - CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" - HAVE_ERR_remove_thread_state) - CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" -@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) - HAVE_EncryptAes128Gcm) - CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" - HAVE_X509_check_host) -- SET(CMAKE_REQUIRED_INCLUDES) -- SET(CMAKE_REQUIRED_LIBRARIES) -+ -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() - ELSE() - IF(WITH_SSL STREQUAL "system") - MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") -diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h -index 2a232117..bb038aaa 100644 ---- a/include/mysql/service_my_crypt.h -+++ b/include/mysql/service_my_crypt.h -@@ -45,7 +45,7 @@ extern "C" { - /* The max key length of all supported algorithms */ - #define MY_AES_MAX_KEY_LENGTH 32 - --#define MY_AES_CTX_SIZE 656 -+#define MY_AES_CTX_SIZE 672 - - enum my_aes_mode { - MY_AES_ECB, MY_AES_CBC -diff --git a/include/ssl_compat.h b/include/ssl_compat.h -index 8dc12254..6db1baab 100644 ---- a/include/ssl_compat.h -+++ b/include/ssl_compat.h -@@ -24,7 +24,7 @@ - #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) - #define ERR_remove_state(X) ERR_clear_error() - #define EVP_CIPHER_CTX_SIZE 176 --#define EVP_MD_CTX_SIZE 48 -+#define EVP_MD_CTX_SIZE 72 - #undef EVP_MD_CTX_init - #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) - #undef EVP_CIPHER_CTX_init -@@ -77,7 +77,6 @@ - #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) - #endif - --#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) - #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) - #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) - -diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf -index b9ab37ac..7cd6f748 100644 ---- a/mysql-test/lib/openssl.cnf -+++ b/mysql-test/lib/openssl.cnf -@@ -9,4 +9,4 @@ ssl_conf = ssl_section - system_default = system_default_section - - [system_default_section] --CipherString = ALL:@SECLEVEL=1 -+CipherString = ALL:@SECLEVEL=0 -diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result -index 930d384e..66d817b7 100644 ---- a/mysql-test/main/ssl_cipher.result -+++ b/mysql-test/main/ssl_cipher.result -@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; - SHOW STATUS LIKE 'Ssl_cipher'; - Variable_name Value - Ssl_cipher AES128-SHA --SHOW STATUS LIKE 'Ssl_cipher_list'; --Variable_name Value --Ssl_cipher_list AES128-SHA -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; -+VARIABLE_VALUE like '%AES128-SHA%' -+1 - disconnect ssl_con; - connection default; -diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test -index 36549d76..d4cdcffb 100644 ---- a/mysql-test/main/ssl_cipher.test -+++ b/mysql-test/main/ssl_cipher.test -@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA; - source include/restart_mysqld.inc; - connect (ssl_con,localhost,root,,,,,SSL); - SHOW STATUS LIKE 'Ssl_cipher'; --SHOW STATUS LIKE 'Ssl_cipher_list'; -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; - disconnect ssl_con; - connection default; -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc -index e512eee9..4d7ebc7b 100644 ---- a/mysys_ssl/my_crypt.cc -+++ b/mysys_ssl/my_crypt.cc -@@ -29,11 +29,7 @@ - #include <ssl_compat.h> - #include <cstdint> - --#ifdef HAVE_WOLFSSL - #define CTX_ALIGN 16 --#else --#define CTX_ALIGN 0 --#endif - - class MyCTX - { -@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX - { - public: - const uchar *key; -- uint klen, buf_len; -+ uint klen, source_tail_len; - uchar oiv[MY_AES_BLOCK_SIZE]; -+ uchar source_tail[MY_AES_BLOCK_SIZE]; - - MyCTX_nopad() : MyCTX() { } - ~MyCTX_nopad() { } -@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); - this->key= key; - this->klen= klen; -- this->buf_len= 0; -+ this->source_tail_len= 0; - if (ivlen) - memcpy(oiv, iv, ivlen); - DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); -@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX - return res; - } - -+ /** Update last partial source block, stored in source_tail array. */ -+ void update_source_tail(const uchar* src, uint slen) -+ { -+ if (!slen) -+ return; -+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; -+ if (new_tail_len) -+ { -+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) -+ { -+ memcpy(source_tail + source_tail_len, src, slen); -+ } -+ else -+ { -+ DBUG_ASSERT(slen > new_tail_len); -+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); -+ } -+ } -+ source_tail_len= new_tail_len; -+ } -+ - int update(const uchar *src, uint slen, uchar *dst, uint *dlen) - { -- buf_len+= slen; -+ update_source_tail(src, slen); - return MyCTX::update(src, slen, dst, dlen); - } - - int finish(uchar *dst, uint *dlen) - { -- buf_len %= MY_AES_BLOCK_SIZE; -- if (buf_len) -+ if (source_tail_len) - { -- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. -- -- NOTE this assumes that there are only buf_len bytes in the buf. -- If OpenSSL will change that, we'll need to change the implementation -- of this class too. - */ - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; -@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX - return rc; - DBUG_ASSERT(mlen == sizeof(mask)); - -- for (uint i=0; i < buf_len; i++) -- dst[i]= buf[i] ^ mask[i]; -+ for (uint i=0; i < source_tail_len; i++) -+ dst[i]= source_tail[i] ^ mask[i]; - } -- *dlen= buf_len; -+ *dlen= source_tail_len; - return MY_AES_OK; - } - }; -diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c -index 34704e06..cbec2760 100644 ---- a/unittest/mysys/aes-t.c -+++ b/unittest/mysys/aes-t.c -@@ -21,27 +21,96 @@ - #include <string.h> - #include <ctype.h> - --#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ -- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ -- { \ -- memset(src, fill, src_len= slen); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ -- src, src_len, dst, &dst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ -- if (!nopad) \ -- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ -- my_md5(md5, (char*)dst, dst_len); \ -- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ -- dst, dst_len, ddst, &ddst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "decrypt " #mode " %u", dst_len); \ -- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ -+ -+/** Test streaming encryption, bytewise update.*/ -+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, -+ unsigned int slen, unsigned char *dst, unsigned int *dlen, -+ const unsigned char *key, unsigned int klen, -+ const unsigned char *iv, unsigned int ivlen) -+{ -+ /* Allocate context on odd address on stack, in order to -+ catch misalignment errors.*/ -+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; -+ -+ int res1, res2; -+ uint d1= 0, d2; -+ uint i; -+ -+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) -+ return res1; -+ for (i= 0; i < slen; i++) -+ { -+ uint tmp_d1=0; -+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); -+ if (res1) -+ return res1; -+ d1+= tmp_d1; -+ dst+= tmp_d1; -+ } -+ res2= my_aes_crypt_finish(ctx, dst, &d2); -+ *dlen= d1 + d2; -+ return res1 ? res1 : res2; -+} -+ -+ -+#ifndef HAVE_EncryptAes128Ctr -+const uint MY_AES_CTR=0xDEADBEAF; -+#endif -+#ifndef HAVE_EncryptAes128Gcm -+const uint MY_AES_GCM=0xDEADBEAF; -+#endif -+ -+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) -+ -+static void do_test(uint mode, const char *mode_str, int nopad, uint slen, -+ char fill, size_t dlen, const char *hash) -+{ -+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; -+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; -+ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; -+ uchar md5[MY_MD5_HASH_SIZE]; -+ uint src_len, dst_len, dst_len2, ddst_len; -+ int result; -+ -+ if (MY_AES_UNSUPPORTED(mode)) -+ { -+ skip(nopad?7:6, "%s not supported", mode_str); -+ return; -+ } -+ memset(src, fill, src_len= slen); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, -+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, -+ nopad ? "nopad" : "pad"); -+ -+ if (nopad) -+ { -+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, -+ src_len, dst2, &dst_len2, key, sizeof(key), -+ iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); -+ /* Compare with non-bytewise encryption result*/ -+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, -+ "memcmp bytewise %s %u", mode_str, src_len); -+ } -+ else -+ { -+ int dst_len_real= my_aes_get_size(mode, src_len); -+ ok(dst_len_real= dst_len, "my_aes_get_size"); - } -+ my_md5(md5, (char *) dst, dst_len); -+ ok(dst_len == dlen, "md5 len"); -+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, -+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, -+ sizeof(iv)); -+ -+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); -+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); -+} - --#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) --#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) -+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) -+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) - - /* useful macro for debugging */ - #define PRINT_MD5() \ -@@ -53,25 +122,15 @@ - printf("\"\n"); \ - } while(0); - --#ifndef HAVE_EncryptAes128Ctr --const uint MY_AES_CTR=0xDEADBEAF; --#endif --#ifndef HAVE_EncryptAes128Gcm --const uint MY_AES_GCM=0xDEADBEAF; --#endif - - int - main(int argc __attribute__((unused)),char *argv[]) - { -- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; -- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; -- uchar src[1000], dst[1100], ddst[1000]; -- uchar md5[MY_MD5_HASH_SIZE]; -- uint src_len, dst_len, ddst_len; - - MY_INIT(argv[0]); - -- plan(87); -+ plan(122); -+ - DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); - DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); - DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); --- -2.25.1 - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb index c800c4c56c..87faabfa27 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb @@ -1,9 +1,7 @@ require mariadb.inc -inherit qemu - -DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \ - zlib libaio libedit libevent libxml2 gnutls fmt lzo" +DEPENDS += "mariadb-native bison-native boost libpcre2 curl ncurses \ + zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd" PROVIDES += "mysql5 libmysqlclient" diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch new file mode 100644 index 0000000000..2d11b18883 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch @@ -0,0 +1,50 @@ +From 586b074026d703c29057b04b1318e984701fe195 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 2 Mar 2023 19:10:47 +0800 +Subject: [PATCH] Properly NULL-terminate GSS receive buffer on error packet + reception + +pqsecure_open_gss() includes a code path handling error messages with +v2-style protocol messages coming from the server. The client-side +buffer holding the error message does not force a NULL-termination, with +the data of the server getting copied to the errorMessage of the +connection. Hence, it would be possible for a server to send an +unterminated string and copy arbitrary bytes in the buffer receiving the +error message in the client, opening the door to a crash or even data +exposure. + +As at this stage of the authentication process the exchange has not been +completed yet, this could be abused by an attacker without Kerberos +credentials. Clients that have a valid kerberos cache are vulnerable as +libpq opportunistically requests for it except if gssencmode is +disabled. + +Author: Jacob Champion +Backpatch-through: 12 +Security: CVE-2022-41862 + +Upstream-Status: Backport [https://github.com/postgres/postgres/commit/71c37797d7bd78266146a5829ab62b3687c47295] +CVE: CVE-2022-41862 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/interfaces/libpq/fe-secure-gssapi.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c +index c783a53..a42ebc0 100644 +--- a/src/interfaces/libpq/fe-secure-gssapi.c ++++ b/src/interfaces/libpq/fe-secure-gssapi.c +@@ -577,7 +577,8 @@ pqsecure_open_gss(PGconn *conn) + return result; + + PqGSSRecvLength += ret; +- ++ Assert(PqGSSRecvLength < PQ_GSS_RECV_BUFFER_SIZE); ++ PqGSSRecvBuffer[PqGSSRecvLength] = '\0'; + appendPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1); + + return PGRES_POLLING_FAILED; +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch new file mode 100644 index 0000000000..4db36d26fd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch @@ -0,0 +1,42 @@ +From 9f81377dddfe32d950844d7053020a36b40fce08 Mon Sep 17 00:00:00 2001 +From: Manoj Saun <manojsingh.saun@windriver.com> +Date: Wed, 22 Mar 2023 08:07:26 +0000 +Subject: [PATCH] postgresql: fix ptest failure of sysviews + +The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info +in pg_config table which reduces the count of rows from pg_config and leads to +sysviews test failure. +To fix it we need to reduce the count of parameters in sysviews test. +Also we need to reduce the row count in expected result of sysview test +to make the test output shown as pass. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com> +--- + src/test/regress/expected/sysviews.out | 2 +- + src/test/regress/sql/sysviews.sql | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/src/test/regress/expected/sysviews.out ++++ b/src/test/regress/expected/sysviews.out +@@ -29,7 +29,7 @@ select name, ident, parent, level, total + (1 row) + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + ok + ---- + t +--- a/src/test/regress/sql/sysviews.sql ++++ b/src/test/regress/sql/sysviews.sql +@@ -18,7 +18,7 @@ select name, ident, parent, level, total + from pg_backend_memory_contexts where level = 0; + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + + -- We expect no cursors in this test; see also portals.sql + select count(*) = 0 as ok from pg_cursors; diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb index 1551d34053..fbc08d64f3 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb @@ -9,6 +9,8 @@ SRC_URI += "\ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ file://remove_duplicate.patch \ file://0001-config_info.c-not-expose-build-info.patch \ + file://0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch \ + file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ " SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" diff --git a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb index bf74f1229f..44478ea0b2 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb @@ -25,12 +25,17 @@ BUILD_CXXFLAGS += "-fPIC" # BUILD_TYPE=Release is required, otherwise flatc is not installed EXTRA_OECMAKE += "\ -DCMAKE_BUILD_TYPE=Release \ - -DFLATBUFFERS_BUILD_TESTS=OFF \ + -DFLATBUFFERS_BUILD_TESTS=OFF \ -DFLATBUFFERS_BUILD_SHAREDLIB=ON \ " inherit cmake +rm_flatc_cmaketarget_for_target() { + rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake" +} +SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target" + do_install:append() { install -d ${D}${PYTHON_SITEPACKAGES_DIR} cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR} diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb index c2f952fc64..15bf05919b 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb @@ -20,8 +20,8 @@ RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler" # RDEPENDS:${PN}-dev += "${PN}-compiler" S = "${WORKDIR}/git" -SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7" -BRANCH = "v1.45.x" +SRCREV_grpc = "02384e39185f109bd299eb8482306229967dc970" +BRANCH = "v1.46.x" SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb index 0cf6fd36bc..4fa2aacdfc 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb @@ -18,7 +18,7 @@ inherit cmake EXTRA_OECMAKE += "-DJSON_BuildTests=OFF" # nlohmann-json is a header only C++ library, so the main package will be empty. - +ALLOW_EMPTY:${PN} = "1" RDEPENDS:${PN}-dev = "" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache index f596207648..f596207648 100755 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb index a61dd5018f..a61dd5018f 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch new file mode 100644 index 0000000000..1f54d444d7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch @@ -0,0 +1,35 @@ +From 70a008c59992b0ac6a868530bc3e249b7777ab95 Mon Sep 17 00:00:00 2001 +From: Archana Polampalli <archana.polampalli@windriver.com> +Date: Fri, 16 Dec 2022 05:19:06 +0000 +Subject: [PATCH] Nodejs: Fixed pipes DeprecationWarning + +DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + configure.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.py b/configure.py +index d3192ca04c..8d279220fd 100755 +--- a/configure.py ++++ b/configure.py +@@ -5,7 +5,6 @@ import sys + import errno + import argparse + import os +-import pipes + import pprint + import re + import shlex +@@ -2041,7 +2040,7 @@ write('config.gypi', do_not_edit + + pprint.pformat(output, indent=2, width=1024) + '\n') + + write('config.status', '#!/bin/sh\nset -x\nexec ./configure ' + +- ' '.join([pipes.quote(arg) for arg in original_argv]) + '\n') ++ ' '.join([shlex.quote(arg) for arg in original_argv]) + '\n') + os.chmod('config.status', 0o775) + + +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch index 8db1f1dd54..445aaf8398 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch @@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu> Date: Fri, 3 Jan 2020 11:25:54 +0100 Subject: [PATCH] Using native binaries +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- - node.gyp | 4 ++-- - tools/v8_gypfiles/v8.gyp | 11 ++++------- - 2 files changed, 6 insertions(+), 9 deletions(-) + node.gyp | 2 ++ + tools/v8_gypfiles/v8.gyp | 5 +++++ + 2 files changed, 7 insertions(+) +diff --git a/node.gyp b/node.gyp +index 24505da7ba..7d41bd52db 100644 --- a/node.gyp +++ b/node.gyp -@@ -294,6 +294,7 @@ +@@ -319,6 +319,7 @@ 'action_name': 'run_mkcodecache', 'process_outputs_as_sources': 1, 'inputs': [ @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries '<(mkcodecache_exec)', ], 'outputs': [ -@@ -319,6 +320,7 @@ - 'action_name': 'node_mksnapshot', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(node_mksnapshot_exec)', - ], - 'outputs': [ +@@ -366,6 +367,7 @@ + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(node_mksnapshot_exec)', + ], + 'outputs': [ +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp +index ed042f8829..371b8e02c2 100644 --- a/tools/v8_gypfiles/v8.gyp +++ b/tools/v8_gypfiles/v8.gyp @@ -68,6 +68,7 @@ @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries '<@(torque_outputs_inc)', ], 'action': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', '-v8-root', '<(V8_ROOT)', -@@ -225,6 +227,7 @@ +@@ -211,6 +213,7 @@ { 'action_name': 'generate_bytecode_builtins_list_action', 'inputs': [ @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', ], 'outputs': [ -@@ -415,6 +418,7 @@ +@@ -395,6 +398,7 @@ ], }, 'inputs': [ @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries '<(mksnapshot_exec)', ], 'outputs': [ -@@ -1548,6 +1552,7 @@ +@@ -1513,6 +1517,7 @@ { 'action_name': 'run_gen-regexp-special-case_action', 'inputs': [ @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', ], 'outputs': [ +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 5cb2e97015..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Date: Tue, 19 Mar 2019 23:22:40 -0400 -Subject: [PATCH 2/2] Install both binaries and use libdir. - -This allows us to build with a shared library for other users while -still providing the normal executable. - -Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch - -Upstream-Status: Pending - -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Signed-off-by: Andreas MĂ¼ller <schnitzeltony@gmail.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.py | 7 +++++++ - tools/install.py | 21 +++++++++------------ - 2 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/configure.py b/configure.py -index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755 ---- a/configure.py -+++ b/configure.py -@@ -721,10 +721,16 @@ parser.add_argument('--shared', - dest='shared', - default=None, - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', - default=False, - help='do not initialize v8 platform during node.js startup. ' + -@@ -1305,10 +1311,11 @@ def configure_node(o): - o['variables']['debug_nghttp2'] = 'false' - - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': - shlib_suffix = 'so' - elif sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): - for subdir, files_in_path in ret.items(): - action(files_in_path, subdir + '/') - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') - - # behave similarly for systemtap --- -2.33.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch deleted file mode 100644 index 4d238c03f4..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 -From: Daniel Bevenius <daniel.bevenius@gmail.com> -Date: Sat, 16 Oct 2021 08:50:16 +0200 -Subject: [PATCH] src: add --openssl-legacy-provider option - -This commit adds an option to Node.js named --openssl-legacy-provider -and if specified will load OpenSSL 3.0 Legacy provider. - -$ ./node --help -... ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider - -Example usage: - -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' -Hash { - _options: undefined, - [Symbol(kHandle)]: Hash {}, - [Symbol(kState)]: { [Symbol(kFinalized)]: false } -} - -Co-authored-by: Richard Lau <rlau@redhat.com> -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] ---- - doc/api/cli.md | 10 ++++++++++ - src/crypto/crypto_util.cc | 10 ++++++++++ - src/node_options.cc | 10 ++++++++++ - src/node_options.h | 7 +++++++ - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ - 5 files changed, 42 insertions(+) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index 74057706bf8d..608b9cdeddf1 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be - used to enable FIPS-compliant crypto if Node.js is built - against FIPS-enabled OpenSSL. - -+### `--openssl-legacy-provider` -+<!-- YAML -+added: REPLACEME -+--> -+ -+Enable OpenSSL 3.0 legacy provider. For more information please see -+[providers readme][]. -+ - ### `--pending-deprecation` - - <!-- YAML -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: - * `--no-warnings` - * `--node-memory-debug` - * `--openssl-config` -+* `--openssl-legacy-provider` - * `--pending-deprecation` - * `--policy-integrity` - * `--preserve-symlinks-main` -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js - [emit_warning]: process.md#processemitwarningwarning-options - [jitless]: https://v8.dev/blog/jitless - [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html -+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md - [remote code execution]: https://www.owasp.org/index.php/Code_Injection - [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure - [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc -index 7e0c8ba3eb60..796ea3025e41 100644 ---- a/src/crypto/crypto_util.cc -+++ b/src/crypto/crypto_util.cc -@@ -148,6 +148,16 @@ void InitCryptoOnce() { - } - #endif - -+#if OPENSSL_VERSION_MAJOR >= 3 -+ // --openssl-legacy-provider -+ if (per_process::cli_options->openssl_legacy_provider) { -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); -+ if (legacy_provider == nullptr) { -+ fprintf(stderr, "Unable to load legacy provider.\n"); -+ } -+ } -+#endif -+ - OPENSSL_init_ssl(0, settings); - OPENSSL_INIT_free(settings); - settings = nullptr; -diff --git a/src/node_options.cc b/src/node_options.cc -index 00bdc6688a4c..3363860919a9 100644 ---- a/src/node_options.cc -+++ b/src/node_options.cc -@@ -4,6 +4,9 @@ - #include "env-inl.h" - #include "node_binding.h" - #include "node_internals.h" -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif - - #include <errno.h> - #include <sstream> -diff --git a/src/node_options.h b/src/node_options.h -index fd772478d04d..1c0e018ab16f 100644 ---- a/src/node_options.h -+++ b/src/node_options.h -@@ -11,6 +11,10 @@ - #include "node_mutex.h" - #include "util.h" - -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif -+ - namespace node { - - class HostPort { -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { - bool enable_fips_crypto = false; - bool force_fips_crypto = false; - #endif -+#if OPENSSL_VERSION_MAJOR >= 3 -+ bool openssl_legacy_provider = false; -+#endif - - // Per-process because reports can be triggered outside a known V8 context. - bool report_on_fatalerror = false; -diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js -index 64626b71f019..8a4e35997907 100644 ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { - } - } - -+if (!common.hasOpenSSL3) { -+ documented.delete('--openssl-legacy-provider'); -+} -+ - // Filter out options that are conditionally present. - const conditionalOpts = [ - { -@@ -50,6 +54,7 @@ const conditionalOpts = [ - filter: (opt) => { - return [ - '--openssl-config', -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', - '--tls-cipher-list', - '--use-bundled-ca', - '--use-openssl-ca', - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb index 62188f94a7..0661fd6f1c 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb @@ -1,13 +1,13 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" +LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515" DEPENDS = "openssl" DEPENDS:append:class-target = " qemu-native" DEPENDS:append:class-native = " c-ares-native" -inherit pkgconfig python3native qemu +inherit pkgconfig python3native qemu setuptools3 COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*" COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*" @@ -19,17 +19,16 @@ COMPATIBLE_HOST:powerpc = "null" SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \ file://0001-liftoff-Correct-function-signatures.patch \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ + file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \ " SRC_URI:append:class-target = " \ - file://0002-Using-native-binaries.patch \ + file://0001-Using-native-binaries.patch \ " SRC_URI:append:toolchain-clang:x86 = " \ file://libatomic.patch \ @@ -37,7 +36,7 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" +SRC_URI[sha256sum] = "17fb716406198125b30c94dd3d1756207b297705626afe16d8dc479a65a1d8b5" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb index 449508a5d5..ec642ec3b2 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb @@ -21,7 +21,7 @@ inherit cmake pkgconfig PACKAGECONFIG[python3] = ",,python3-core,python3-core" -EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" +EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" FILES:${PN} = "${bindir}/pahole \ ${libdir}/libdwarves.so* \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb index 624ab2621a..db8a65544b 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "2de8e0402285f7c56887defe651922308aded58ba60befcf3b77720209e31f10" +SRC_URI[sha256sum] = "cd9f0ea14d82d9455587a49a0b6c802a7b8d8ff79703f9f48b17db010fb633ce" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb index 5662330840..8e50054718 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=37b5762e07f0af8c74ce80a8bda4266b" DEPENDS = "zlib" DEPENDS:append:class-target = " protobuf-native" -SRCREV = "22d0e265de7d2b3d2e9a00d071313502e7d4cccf" +SRCREV = "c9297981b7c35ad9c2bf258e7c8d786a04d13378" SRC_URI = "git://github.com/protocolbuffers/protobuf.git;branch=3.19.x;protocol=https \ file://run-ptest \ diff --git a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch new file mode 100644 index 0000000000..72e3b9802d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch @@ -0,0 +1,34 @@ +From b6149e203f919c899fefc702a17fbb78bdec3700 Mon Sep 17 00:00:00 2001 +From: Le Van Khanh <Khanh.LeVan@vn.bosch.com> +Date: Thu, 9 Feb 2023 03:17:13 -0500 +Subject: [PATCH] Fix memory leak + +Free the ecuid_conf in case of memory alllocated + +CVE: CVE-2023-26257 + +Upstream-Status: Backport +[https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700] + +Signed-off-by: Le Van Khanh <Khanh.LeVan@vn.bosch.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/console/dlt-control-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/console/dlt-control-common.c b/src/console/dlt-control-common.c +index abcaf92..64951c1 100644 +--- a/src/console/dlt-control-common.c ++++ b/src/console/dlt-control-common.c +@@ -124,6 +124,8 @@ void set_ecuid(char *ecuid) + if (dlt_parse_config_param("ECUId", &ecuid_conf) == 0) { + memset(local_ecuid, 0, DLT_CTRL_ECUID_LEN); + strncpy(local_ecuid, ecuid_conf, DLT_CTRL_ECUID_LEN); ++ if (ecuid_conf !=NULL) ++ free(ecuid_conf); + local_ecuid[DLT_CTRL_ECUID_LEN - 1] = '\0'; + } + else { +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb index 7a613bcc93..b98cfadf3e 100644 --- a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb +++ b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \ file://0002-Don-t-execute-processes-as-a-specific-user.patch \ file://0004-Modify-systemd-config-directory.patch \ file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + file://0001-Fix-memory-leak.patch \ " SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2" diff --git a/meta-openembedded/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb b/meta-openembedded/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb index 7674785437..583e8337e7 100644 --- a/meta-openembedded/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb @@ -4,7 +4,11 @@ HOMEPAGE = "https://duktape.org" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b7825df97b52f926fc71300f7880408" -SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz" +SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz \ + file://run-ptest \ + " +inherit ptest + SRC_URI[sha256sum] = "90f8d2fa8b5567c6899830ddef2c03f3c27960b11aca222fa17aa7ac613c2890" EXTRA_OEMAKE = "INSTALL_PREFIX='${prefix}' DESTDIR='${D}' LIBDIR='/${baselib}'" @@ -13,8 +17,24 @@ do_compile () { oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" } +do_compile_ptest() { + oe_runmake -f Makefile.hello INSTALL_PREFIX="${prefix}" DESTDIR="${D}" + oe_runmake -f Makefile.eval INSTALL_PREFIX="${prefix}" DESTDIR="${D}" + oe_runmake -f Makefile.eventloop INSTALL_PREFIX="${prefix}" DESTDIR="${D}" +} + do_install () { oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" install # libduktaped is identical to libduktape but has an hard-coded -g build flags, remove it rm -f ${D}${libdir}/libduktaped.so* } + +do_install_ptest() { + install -m 0755 "${WORKDIR}/duktape-2.7.0/hello" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/eval" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/evloop" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/timer-test.js" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/ecma_eventloop.js" "${D}${PTEST_PATH}" +} + +RDEPENDS_${PN}-ptest += "make" diff --git a/meta-openembedded/meta-oe/recipes-extended/duktape/files/run-ptest b/meta-openembedded/meta-oe/recipes-extended/duktape/files/run-ptest new file mode 100644 index 0000000000..852fb15de4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/duktape/files/run-ptest @@ -0,0 +1,32 @@ +#!/bin/sh + +./hello &> $test.output 2>&1 +out="Hello world!" + +if grep -i "$out" $test.output 2>&1 ; then + echo "PASS: Hello duktape" +else + echo "FAIL: Hello duktape" +fi +rm -f $test.output + +./eval "print('Hello world!'); 123;" > out.log + +sed -n '2p' out.log > eval.log +sed -n '3p' out.log >> eval.log + +if grep -w 'Hello world!\|123' eval.log 2>&1; then + echo "PASS: eval duktape" +else + echo "FAIL: eval duktape" +fi +rm -f eval.log out.log + +./evloop timer-test.js > evloop.log 2>&1 + +if grep -i "no active timers and no sockets to poll" evloop.log 2>&1; then + echo "PASS: evloop duktape" +else + echo "FAIL: evloop duktape" +fi +rm -f evloop.log diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb index d6e56ea768..edc5e00f52 100644 --- a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb @@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4 inherit autotools pkgconfig +# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548 +CVE_CHECK_IGNORE = "CVE-2020-36325 " + BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch b/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch new file mode 100644 index 0000000000..8ac61aa55d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch @@ -0,0 +1,63 @@ +From db9b4be854bb9a84319b81ce0afecd98f4f84ff7 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Mon, 27 Feb 2023 08:28:21 +0000 +Subject: [PATCH] Makefile.in: fix install failure on host without ldconfig + +fix syntax error when ldconfig is not installed on host + +when ldconfig is not installed on the build host, install will failed with +error: +ln -sf nfslock.so.0.1 /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/lib64/nfslock.so.0 +install -m 644 lockfile.h maillock.h /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/include +if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi +if [ "mail" != "" ]; then\ + install -g mail -m 2755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin;\ + else \ + install -g root -m 755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin; \ + fi +/bin/sh: -c: line 1: syntax error near unexpected token `;' +/bin/sh: -c: line 1: `if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi' + +Upstream-Status: Submitted [https://github.com/miquels/liblockfile/pull/21] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + Makefile.in | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 6e53179..d003899 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -9,6 +9,10 @@ NFSVER = 0.1 + CFLAGS = @CFLAGS@ -I. + LDFLAGS = @LDFLAGS@ + CC = @CC@ ++LDCONFIG = @LDCONFIG@ ++ifeq ($(LDCONFIG),) ++ LDCONFIG = ":" ++endif + + prefix = $(DESTDIR)@prefix@ + exec_prefix = @exec_prefix@ +@@ -58,7 +62,7 @@ install_shared: shared install_static install_common + $(libdir)/liblockfile.so.$(SOVER) + ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so.$(MAJOR) + ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so +- if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi ++ if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi + + install_common: + install -d -m 755 -g root -p $(includedir) +@@ -79,7 +83,7 @@ install_nfslib: nfslib + install -m 755 nfslock.so.$(NFSVER) $(nfslockdir) + ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so + ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so.0 +- if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi ++ if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi + + clean: + rm -f *.a *.o *.so *.so.* dotlockfile +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb b/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb index bac3a2c0bd..eefc25dc46 100644 --- a/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb +++ b/meta-openembedded/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb @@ -10,6 +10,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz \ file://0001-Makefile.in-add-DESTDIR.patch \ file://0001-Makefile.in-install-nfslock-libs.patch \ file://liblockfile-fix-install-so-to-man-dir.patch \ + file://0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch \ " SRC_URI[md5sum] = "420c056ba0cc4d1477e402f70ba2f5eb" diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb index af0a3c2bd2..6801020ef9 100644 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb @@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6" -SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch index 01f8421811..385b0aeed0 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001 +From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32 Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> -Updated patch for 6.2.1 -Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> - +Updated patch for 6.2.8 +Signed-off-by: Changqing Li <changqing.li@windriver.com> --- src/debug.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index 2da2c5d..1d778fa 100644 +index ebda858..90bc450 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/redis.service b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/redis.service index 36d29852da..a52204cc70 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/redis.service +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/redis.service @@ -9,6 +9,7 @@ ExecStart=/usr/bin/redis-server /etc/redis/redis.conf ExecStop=/usr/bin/redis-cli shutdown Restart=always LimitNOFILE=10032 +Type=notify [Install] WantedBy=multi-user.target diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch index b2d1a32eda..9d7e502717 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001 +From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index e7fec29..5abb404 100644 +index 5318c14..8c21b47 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -24,10 +24,10 @@ index e7fec29..5abb404 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -57,3 +57,6 @@ index e7fec29..5abb404 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.12.bb index 7f922a4e0f..3ed6867816 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.12.bb @@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319" +SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb index 993ff34b10..e6bfa227a0 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f" +SRC_URI[sha256sum] = "ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3" inherit autotools-brokensep update-rc.d systemd useradd @@ -35,7 +35,10 @@ USERADD_PACKAGES = "${PN}" USERADD_PARAM:${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" GROUPADD_PARAM:${PN} = "--system redis" -REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "USE_SYSTEMD=yes,USE_SYSTEMD=no,systemd" + +EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS}" do_compile:prepend() { (cd deps && oe_runmake hiredis lua linenoise) @@ -55,8 +58,9 @@ do_install() { install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service - if [ "${REDIS_ON_SYSTEMD}" = true ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf + sed -i 's!supervised no!supervised systemd!' ${D}/${sysconfdir}/redis/redis.conf fi } diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb index 1a94215839..cf33c69048 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" # TODO: Pin upstream release (current v7.11.0-80-g419a757) -SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;nobranch=1" SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254" DEPENDS = "libxkbcommon lvgl wayland" @@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -S = "${WORKDIR}/${PN}-${PV}" +S = "${WORKDIR}/git" LVGL_CONFIG_WAYLAND_HOR_RES ?= "480" LVGL_CONFIG_WAYLAND_VER_RES ?= "320" -EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}" TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" # Upstream does not support a default configuration # but propose a default "disabled" template, which is used as reference diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb index 032e85f522..22b4826403 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb @@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" -SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;nobranch=1" SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a" +S = "${WORKDIR}/git" + # because of lvgl dependency REQUIRED_DISTRO_FEATURES = "wayland" DEPENDS += "lvgl" -EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}" inherit cmake inherit features_check TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" FILES:${PN}-dev = "\ ${includedir}/lvgl/lv_lib_png/ \ diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb index 2005afa2fd..ea74c59185 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb @@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a" -SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;nobranch=1" SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0" REQUIRED_DISTRO_FEATURES = "wayland" @@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}" -S = "${WORKDIR}/${PN}-${PV}" +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}" +S = "${WORKDIR}/git" LVGL_CONFIG_LV_MEM_CUSTOM ?= "0" diff --git a/meta-openembedded/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb b/meta-openembedded/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb index 5f404f2aa2..5cde7c9fb4 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.tigervnc.com/" LICENSE = "GPL-2.0-or-later" SECTION = "x11/utils" DEPENDS = "xserver-xorg gnutls jpeg libxtst gettext-native fltk libpam" -RDEPENDS:${PN} = "coreutils hicolor-icon-theme perl bash" +RDEPENDS:${PN} = "coreutils hicolor-icon-theme perl bash xkbcomp" LIC_FILES_CHKSUM = "file://LICENCE.TXT;md5=75b02c2872421380bbd47781d2bd75d3" diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch new file mode 100644 index 0000000000..167c326822 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch @@ -0,0 +1,782 @@ +From 787636674918873a091e7a4ef5977263ba982322 Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Sun, 23 Oct 2022 22:59:52 +0000 +Subject: [PATCH] snapshot of project "xterm", label xterm-374c + +Upstream-Status: https://github.com/ThomasDickey/xterm-snapshots/commit/787636674918873a091e7a4ef5977263ba982322 +CVE: CVE-2022-45063 + +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + button.c | 14 +-- + charproc.c | 9 +- + doublechr.c | 4 +- + fontutils.c | 266 ++++++++++++++++++++++++++----------------------- + fontutils.h | 4 +- + misc.c | 7 +- + screen.c | 2 +- + xterm.h | 2 +- + xterm.log.html | 6 ++ + 9 files changed, 163 insertions(+), 151 deletions(-) + +diff --git a/button.c b/button.c +index f10092a..0bbf76e 100644 +--- a/button.c ++++ b/button.c +@@ -2051,13 +2051,8 @@ void + UnmapSelections(XtermWidget xw) + { + TScreen *screen = TScreenOf(xw); +- Cardinal n; + +- if (screen->mappedSelect) { +- for (n = 0; screen->mappedSelect[n] != 0; ++n) +- free((void *) screen->mappedSelect[n]); +- FreeAndNull(screen->mappedSelect); +- } ++ FreeAndNull(screen->mappedSelect); + } + + /* +@@ -2093,14 +2088,11 @@ MapSelections(XtermWidget xw, String *params, Cardinal num_params) + if ((result = TypeMallocN(String, num_params + 1)) != 0) { + result[num_params] = 0; + for (j = 0; j < num_params; ++j) { +- result[j] = x_strdup((isSELECT(params[j]) ++ result[j] = (String) (isSELECT(params[j]) + ? mapTo +- : params[j])); ++ : params[j]); + if (result[j] == 0) { + UnmapSelections(xw); +- while (j != 0) { +- free((void *) result[--j]); +- } + FreeAndNull(result); + break; + } +diff --git a/charproc.c b/charproc.c +index 2a3c69a..91cbcea 100644 +--- a/charproc.c ++++ b/charproc.c +@@ -13605,7 +13605,6 @@ DoSetSelectedFont(Widget w, + Bell(xw, XkbBI_MinorError, 0); + } else { + Boolean failed = False; +- int oldFont = TScreenOf(xw)->menu_font_number; + char *save = TScreenOf(xw)->SelectFontName(); + char *val; + char *test; +@@ -13650,10 +13649,6 @@ DoSetSelectedFont(Widget w, + failed = True; + } + if (failed) { +- (void) xtermLoadFont(xw, +- xtermFontName(TScreenOf(xw)->MenuFontName(oldFont)), +- True, +- oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + free(used); +@@ -13662,7 +13657,7 @@ DoSetSelectedFont(Widget w, + } + } + +-void ++Bool + FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + { + TScreen *screen = TScreenOf(xw); +@@ -13702,7 +13697,7 @@ FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + DoSetSelectedFont, NULL, + XtLastTimestampProcessed(XtDisplay(xw))); + } +- return; ++ return (screen->SelectFontName() != NULL) ? True : False; + } + + Bool +diff --git a/doublechr.c b/doublechr.c +index a802e32..6416849 100644 +--- a/doublechr.c ++++ b/doublechr.c +@@ -295,7 +295,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + temp.flags = (params->attr_flags & BOLD); + temp.warn = fwResource; + +- if (!xtermOpenFont(params->xw, name, &temp, False)) { ++ if (!xtermOpenFont(params->xw, name, &temp, NULL, False)) { + XTermDraw local = *params; + char *nname; + +@@ -304,7 +304,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + nname = xtermSpecialFont(&local); + if (nname != 0) { + found = (Boolean) xtermOpenFont(params->xw, nname, &temp, +- False); ++ NULL, False); + free(nname); + } + } else { +diff --git a/fontutils.c b/fontutils.c +index 1646b4b..71f4ec2 100644 +--- a/fontutils.c ++++ b/fontutils.c +@@ -92,9 +92,9 @@ + } + + #define FREE_FNAME(field) \ +- if (fonts == 0 || myfonts.field != fonts->field) { \ +- FREE_STRING(myfonts.field); \ +- myfonts.field = 0; \ ++ if (fonts == 0 || new_fnames.field != fonts->field) { \ ++ FREE_STRING(new_fnames.field); \ ++ new_fnames.field = 0; \ + } + + /* +@@ -573,7 +573,7 @@ open_italic_font(XtermWidget xw, int n, FontNameProperties *fp, XTermFonts * dat + if ((name = italic_font_name(fp, slant[pass])) != 0) { + TRACE(("open_italic_font %s %s\n", + whichFontEnum((VTFontEnum) n), name)); +- if (xtermOpenFont(xw, name, data, False)) { ++ if (xtermOpenFont(xw, name, data, NULL, False)) { + result = (data->fs != 0); + #if OPT_REPORT_FONTS + if (resource.reportFonts) { +@@ -1037,20 +1037,26 @@ xtermLoadQueryFont(XtermWidget xw, const char *name) + } + + /* +- * Open the given font and verify that it is non-empty. Return a null on ++ * Open the given font and verify that it is non-empty. Return false on + * failure. + */ + Bool + xtermOpenFont(XtermWidget xw, + const char *name, + XTermFonts * result, ++ XTermFonts * current, + Bool force) + { + Bool code = False; + + TRACE(("xtermOpenFont %d:%d '%s'\n", + result->warn, xw->misc.fontWarnings, NonNull(name))); ++ + if (!IsEmpty(name)) { ++ Bool existing = (current != NULL ++ && current->fs != NULL ++ && current->fn != NULL); ++ + if ((result->fs = xtermLoadQueryFont(xw, name)) != 0) { + code = True; + if (EmptyFont(result->fs)) { +@@ -1069,9 +1075,13 @@ xtermOpenFont(XtermWidget xw, + } else { + TRACE(("xtermOpenFont: cannot load font '%s'\n", name)); + } +- if (force) { ++ if (existing) { ++ TRACE(("...continue using font '%s'\n", current->fn)); ++ result->fn = x_strdup(current->fn); ++ result->fs = current->fs; ++ } else if (force) { + NoFontWarning(result); +- code = xtermOpenFont(xw, DEFFONT, result, True); ++ code = xtermOpenFont(xw, DEFFONT, result, NULL, True); + } + } + } +@@ -1321,6 +1331,7 @@ static Bool + loadNormFP(XtermWidget xw, + char **nameOutP, + XTermFonts * infoOut, ++ XTermFonts * current, + int fontnum) + { + Bool status = True; +@@ -1330,7 +1341,7 @@ loadNormFP(XtermWidget xw, + if (!xtermOpenFont(xw, + *nameOutP, + infoOut, +- (fontnum == fontMenu_default))) { ++ current, (fontnum == fontMenu_default))) { + /* + * If we are opening the default font, and it happens to be missing, + * force that to the compiled-in default font, e.g., "fixed". If we +@@ -1365,10 +1376,10 @@ loadBoldFP(XtermWidget xw, + if (fp != 0) { + NoFontWarning(infoOut); + *nameOutP = bold_font_name(fp, fp->average_width); +- if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + free(*nameOutP); + *nameOutP = bold_font_name(fp, -1); +- xtermOpenFont(xw, *nameOutP, infoOut, False); ++ xtermOpenFont(xw, *nameOutP, infoOut, NULL, False); + } + TRACE(("...derived bold '%s'\n", NonNull(*nameOutP))); + } +@@ -1386,7 +1397,7 @@ loadBoldFP(XtermWidget xw, + TRACE(("...did not get a matching bold font\n")); + } + free(normal); +- } else if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ } else if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + xtermCopyFontInfo(infoOut, infoRef); + TRACE(("...cannot load bold font '%s'\n", NonNull(*nameOutP))); + } else { +@@ -1440,7 +1451,7 @@ loadWideFP(XtermWidget xw, + } + + if (check_fontname(*nameOutP)) { +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && EmptyFont(infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWide, fWide); +@@ -1493,7 +1504,7 @@ loadWBoldFP(XtermWidget xw, + + if (check_fontname(*nameOutP)) { + +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && !compatibleWideCounts(wideInfoRef->fs, infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWBold, fWBold); +@@ -1546,6 +1557,10 @@ loadWBoldFP(XtermWidget xw, + } + #endif + ++/* ++ * Load a given bitmap font, along with the bold/wide variants. ++ * Returns nonzero on success. ++ */ + int + xtermLoadFont(XtermWidget xw, + const VTFontNames * fonts, +@@ -1555,33 +1570,37 @@ xtermLoadFont(XtermWidget xw, + TScreen *screen = TScreenOf(xw); + VTwin *win = WhichVWin(screen); + +- VTFontNames myfonts; +- XTermFonts fnts[fMAX]; ++ VTFontNames new_fnames; ++ XTermFonts new_fonts[fMAX]; ++ XTermFonts old_fonts[fMAX]; + char *tmpname = NULL; + Boolean proportional = False; ++ Boolean recovered; ++ int code = 0; + +- memset(&myfonts, 0, sizeof(myfonts)); +- memset(fnts, 0, sizeof(fnts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); ++ memset(new_fonts, 0, sizeof(new_fonts)); ++ memcpy(&old_fonts, screen->fnts, sizeof(old_fonts)); + + if (fonts != 0) +- myfonts = *fonts; +- if (!check_fontname(myfonts.f_n)) +- return 0; ++ new_fnames = *fonts; ++ if (!check_fontname(new_fnames.f_n)) ++ return code; + + if (fontnum == fontMenu_fontescape +- && myfonts.f_n != screen->MenuFontName(fontnum)) { +- if ((tmpname = x_strdup(myfonts.f_n)) == 0) +- return 0; ++ && new_fnames.f_n != screen->MenuFontName(fontnum)) { ++ if ((tmpname = x_strdup(new_fnames.f_n)) == 0) ++ return code; + } + +- TRACE(("Begin Cgs - xtermLoadFont(%s)\n", myfonts.f_n)); ++ TRACE(("Begin Cgs - xtermLoadFont(%s)\n", new_fnames.f_n)); + releaseWindowGCs(xw, win); + + #define DbgResource(name, field, index) \ + TRACE(("xtermLoadFont #%d "name" %s%s\n", \ + fontnum, \ +- (fnts[index].warn == fwResource) ? "*" : " ", \ +- NonNull(myfonts.field))) ++ (new_fonts[index].warn == fwResource) ? "*" : " ", \ ++ NonNull(new_fnames.field))) + DbgResource("normal", f_n, fNorm); + DbgResource("bold ", f_b, fBold); + #if OPT_WIDE_CHARS +@@ -1590,16 +1609,17 @@ xtermLoadFont(XtermWidget xw, + #endif + + if (!loadNormFP(xw, +- &myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_n, ++ &new_fonts[fNorm], ++ &old_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadBoldFP(xw, +- &myfonts.f_b, +- &fnts[fBold], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_b, ++ &new_fonts[fBold], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + +@@ -1611,20 +1631,20 @@ xtermLoadFont(XtermWidget xw, + if_OPT_WIDE_CHARS(screen, { + + if (!loadWideFP(xw, +- &myfonts.f_w, +- &fnts[fWide], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadWBoldFP(xw, +- &myfonts.f_wb, +- &fnts[fWBold], +- myfonts.f_w, +- &fnts[fWide], +- myfonts.f_b, +- &fnts[fBold], ++ &new_fnames.f_wb, ++ &new_fonts[fWBold], ++ new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_b, ++ &new_fonts[fBold], + fontnum)) + goto bad; + +@@ -1634,30 +1654,30 @@ xtermLoadFont(XtermWidget xw, + * Normal/bold fonts should be the same width. Also, the min/max + * values should be the same. + */ +- if (fnts[fNorm].fs != 0 +- && fnts[fBold].fs != 0 +- && (!is_fixed_font(fnts[fNorm].fs) +- || !is_fixed_font(fnts[fBold].fs) +- || differing_widths(fnts[fNorm].fs, fnts[fBold].fs))) { ++ if (new_fonts[fNorm].fs != 0 ++ && new_fonts[fBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fNorm].fs) ++ || !is_fixed_font(new_fonts[fBold].fs) ++ || differing_widths(new_fonts[fNorm].fs, new_fonts[fBold].fs))) { + TRACE(("Proportional font! normal %d/%d, bold %d/%d\n", +- fnts[fNorm].fs->min_bounds.width, +- fnts[fNorm].fs->max_bounds.width, +- fnts[fBold].fs->min_bounds.width, +- fnts[fBold].fs->max_bounds.width)); ++ new_fonts[fNorm].fs->min_bounds.width, ++ new_fonts[fNorm].fs->max_bounds.width, ++ new_fonts[fBold].fs->min_bounds.width, ++ new_fonts[fBold].fs->max_bounds.width)); + proportional = True; + } + + if_OPT_WIDE_CHARS(screen, { +- if (fnts[fWide].fs != 0 +- && fnts[fWBold].fs != 0 +- && (!is_fixed_font(fnts[fWide].fs) +- || !is_fixed_font(fnts[fWBold].fs) +- || differing_widths(fnts[fWide].fs, fnts[fWBold].fs))) { ++ if (new_fonts[fWide].fs != 0 ++ && new_fonts[fWBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fWide].fs) ++ || !is_fixed_font(new_fonts[fWBold].fs) ++ || differing_widths(new_fonts[fWide].fs, new_fonts[fWBold].fs))) { + TRACE(("Proportional font! wide %d/%d, wide bold %d/%d\n", +- fnts[fWide].fs->min_bounds.width, +- fnts[fWide].fs->max_bounds.width, +- fnts[fWBold].fs->min_bounds.width, +- fnts[fWBold].fs->max_bounds.width)); ++ new_fonts[fWide].fs->min_bounds.width, ++ new_fonts[fWide].fs->max_bounds.width, ++ new_fonts[fWBold].fs->min_bounds.width, ++ new_fonts[fWBold].fs->max_bounds.width)); + proportional = True; + } + }); +@@ -1676,13 +1696,13 @@ xtermLoadFont(XtermWidget xw, + screen->ifnts_ok = False; + #endif + +- xtermCopyFontInfo(GetNormalFont(screen, fNorm), &fnts[fNorm]); +- xtermCopyFontInfo(GetNormalFont(screen, fBold), &fnts[fBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fNorm), &new_fonts[fNorm]); ++ xtermCopyFontInfo(GetNormalFont(screen, fBold), &new_fonts[fBold]); + #if OPT_WIDE_CHARS +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- if (fnts[fWBold].fs == NULL) +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- xtermCopyFontInfo(GetNormalFont(screen, fWBold), &fnts[fWBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ if (new_fonts[fWBold].fs == NULL) ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWBold), &new_fonts[fWBold]); + #endif + + xtermUpdateFontGCs(xw, getNormalFont); +@@ -1713,7 +1733,7 @@ xtermLoadFont(XtermWidget xw, + unsigned ch; + + #if OPT_TRACE +-#define TRACE_MISS(index) show_font_misses(#index, &fnts[index]) ++#define TRACE_MISS(index) show_font_misses(#index, &new_fonts[index]) + TRACE_MISS(fNorm); + TRACE_MISS(fBold); + #if OPT_WIDE_CHARS +@@ -1730,8 +1750,8 @@ xtermLoadFont(XtermWidget xw, + if ((n != UCS_REPL) + && (n != ch) + && (screen->fnt_boxes & 2)) { +- if (xtermMissingChar(n, &fnts[fNorm]) || +- xtermMissingChar(n, &fnts[fBold])) { ++ if (xtermMissingChar(n, &new_fonts[fNorm]) || ++ xtermMissingChar(n, &new_fonts[fBold])) { + UIntClr(screen->fnt_boxes, 2); + TRACE(("missing graphics character #%d, U+%04X\n", + ch, n)); +@@ -1743,12 +1763,12 @@ xtermLoadFont(XtermWidget xw, + #endif + + for (ch = 1; ch < 32; ch++) { +- if (xtermMissingChar(ch, &fnts[fNorm])) { ++ if (xtermMissingChar(ch, &new_fonts[fNorm])) { + TRACE(("missing normal char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; + } +- if (xtermMissingChar(ch, &fnts[fBold])) { ++ if (xtermMissingChar(ch, &new_fonts[fBold])) { + TRACE(("missing bold char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; +@@ -1765,8 +1785,8 @@ xtermLoadFont(XtermWidget xw, + screen->enbolden = screen->bold_mode; + } else { + screen->enbolden = screen->bold_mode +- && ((fnts[fNorm].fs == fnts[fBold].fs) +- || same_font_name(myfonts.f_n, myfonts.f_b)); ++ && ((new_fonts[fNorm].fs == new_fonts[fBold].fs) ++ || same_font_name(new_fnames.f_n, new_fnames.f_b)); + } + TRACE(("Will %suse 1-pixel offset/overstrike to simulate bold\n", + screen->enbolden ? "" : "not ")); +@@ -1782,7 +1802,7 @@ xtermLoadFont(XtermWidget xw, + update_font_escape(); + } + #if OPT_SHIFT_FONTS +- screen->menu_font_sizes[fontnum] = FontSize(fnts[fNorm].fs); ++ screen->menu_font_sizes[fontnum] = FontSize(new_fonts[fNorm].fs); + #endif + } + set_cursor_gcs(xw); +@@ -1797,20 +1817,21 @@ xtermLoadFont(XtermWidget xw, + FREE_FNAME(f_w); + FREE_FNAME(f_wb); + #endif +- if (fnts[fNorm].fn == fnts[fBold].fn) { +- free(fnts[fNorm].fn); ++ if (new_fonts[fNorm].fn == new_fonts[fBold].fn) { ++ free(new_fonts[fNorm].fn); + } else { +- free(fnts[fNorm].fn); +- free(fnts[fBold].fn); ++ free(new_fonts[fNorm].fn); ++ free(new_fonts[fBold].fn); + } + #if OPT_WIDE_CHARS +- free(fnts[fWide].fn); +- free(fnts[fWBold].fn); ++ free(new_fonts[fWide].fn); ++ free(new_fonts[fWBold].fn); + #endif + xtermSetWinSize(xw); + return 1; + + bad: ++ recovered = False; + free(tmpname); + + #if OPT_RENDERFONT +@@ -1820,15 +1841,15 @@ xtermLoadFont(XtermWidget xw, + SetItemSensitivity(fontMenuEntries[fontnum].widget, True); + #endif + Bell(xw, XkbBI_MinorError, 0); +- myfonts.f_n = screen->MenuFontName(old_fontnum); +- return xtermLoadFont(xw, &myfonts, doresize, old_fontnum); +- } else if (x_strcasecmp(myfonts.f_n, DEFFONT)) { +- int code; +- +- myfonts.f_n = x_strdup(DEFFONT); +- TRACE(("...recovering for TrueType fonts\n")); +- code = xtermLoadFont(xw, &myfonts, doresize, fontnum); +- if (code) { ++ new_fnames.f_n = screen->MenuFontName(old_fontnum); ++ if (xtermLoadFont(xw, &new_fnames, doresize, old_fontnum)) ++ recovered = True; ++ } else if (x_strcasecmp(new_fnames.f_n, DEFFONT) ++ && x_strcasecmp(new_fnames.f_n, old_fonts[fNorm].fn)) { ++ new_fnames.f_n = x_strdup(old_fonts[fNorm].fn); ++ TRACE(("...recovering from failed font-load\n")); ++ if (xtermLoadFont(xw, &new_fnames, doresize, fontnum)) { ++ recovered = True; + if (fontnum != fontMenu_fontsel) { + SetItemSensitivity(fontMenuEntries[fontnum].widget, + UsingRenderFont(xw)); +@@ -1837,15 +1858,15 @@ xtermLoadFont(XtermWidget xw, + FontHeight(screen), + FontWidth(screen))); + } +- return code; + } + #endif +- +- releaseWindowGCs(xw, win); +- +- xtermCloseFonts(xw, fnts); +- TRACE(("Fail Cgs - xtermLoadFont\n")); +- return 0; ++ if (!recovered) { ++ releaseWindowGCs(xw, win); ++ xtermCloseFonts(xw, new_fonts); ++ TRACE(("Fail Cgs - xtermLoadFont\n")); ++ code = 0; ++ } ++ return code; + } + + #if OPT_WIDE_ATTRS +@@ -1893,7 +1914,7 @@ xtermLoadItalics(XtermWidget xw) + } else { + xtermOpenFont(xw, + getNormalFont(screen, n)->fn, +- data, False); ++ data, NULL, False); + } + } + } +@@ -4250,6 +4271,8 @@ findXftGlyph(XtermWidget xw, XftFont *given, unsigned wc) + } + #endif + if (foundXftGlyph(xw, check, wc)) { ++ (void) added; ++ (void) actual; + markXftOpened(xw, which, n, wc); + reportXftFonts(xw, check, "fallback", tag, myReport); + result = check; +@@ -4451,7 +4474,7 @@ lookupOneFontSize(XtermWidget xw, int fontnum) + + memset(&fnt, 0, sizeof(fnt)); + screen->menu_font_sizes[fontnum] = -1; +- if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, True)) { ++ if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, NULL, True)) { + if (fontnum <= fontMenu_lastBuiltin + || strcmp(fnt.fn, DEFFONT)) { + screen->menu_font_sizes[fontnum] = FontSize(fnt.fs); +@@ -4864,13 +4887,14 @@ HandleSetFont(Widget w, + } + } + +-void ++Bool + SetVTFont(XtermWidget xw, + int which, + Bool doresize, + const VTFontNames * fonts) + { + TScreen *screen = TScreenOf(xw); ++ Bool result = False; + + TRACE(("SetVTFont(which=%d, f_n=%s, f_b=%s)\n", which, + (fonts && fonts->f_n) ? fonts->f_n : "<null>", +@@ -4879,34 +4903,31 @@ SetVTFont(XtermWidget xw, + if (IsIcon(screen)) { + Bell(xw, XkbBI_MinorError, 0); + } else if (which >= 0 && which < NMENUFONTS) { +- VTFontNames myfonts; ++ VTFontNames new_fnames; + +- memset(&myfonts, 0, sizeof(myfonts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); + if (fonts != 0) +- myfonts = *fonts; ++ new_fnames = *fonts; + + if (which == fontMenu_fontsel) { /* go get the selection */ +- FindFontSelection(xw, myfonts.f_n, False); ++ result = FindFontSelection(xw, new_fnames.f_n, False); + } else { +- int oldFont = screen->menu_font_number; +- + #define USE_CACHED(field, name) \ +- if (myfonts.field == 0) { \ +- myfonts.field = x_strdup(screen->menu_font_names[which][name]); \ +- TRACE(("set myfonts." #field " from menu_font_names[%d][" #name "] %s\n", \ +- which, NonNull(myfonts.field))); \ ++ if (new_fnames.field == NULL) { \ ++ new_fnames.field = x_strdup(screen->menu_font_names[which][name]); \ ++ TRACE(("set new_fnames." #field " from menu_font_names[%d][" #name "] %s\n", \ ++ which, NonNull(new_fnames.field))); \ + } else { \ +- TRACE(("set myfonts." #field " reused\n")); \ ++ TRACE(("set new_fnames." #field " reused\n")); \ + } + #define SAVE_FNAME(field, name) \ +- if (myfonts.field != 0) { \ +- if (screen->menu_font_names[which][name] == 0 \ +- || strcmp(screen->menu_font_names[which][name], myfonts.field)) { \ +- TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \ +- which, myfonts.field)); \ +- FREE_STRING(screen->menu_font_names[which][name]); \ +- screen->menu_font_names[which][name] = x_strdup(myfonts.field); \ +- } \ ++ if (new_fnames.field != NULL \ ++ && (screen->menu_font_names[which][name] == NULL \ ++ || strcmp(screen->menu_font_names[which][name], new_fnames.field))) { \ ++ TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \ ++ which, new_fnames.field)); \ ++ FREE_STRING(screen->menu_font_names[which][name]); \ ++ screen->menu_font_names[which][name] = x_strdup(new_fnames.field); \ + } + + USE_CACHED(f_n, fNorm); +@@ -4916,7 +4937,7 @@ SetVTFont(XtermWidget xw, + USE_CACHED(f_wb, fWBold); + #endif + if (xtermLoadFont(xw, +- &myfonts, ++ &new_fnames, + doresize, which)) { + /* + * If successful, save the data so that a subsequent query via +@@ -4928,10 +4949,8 @@ SetVTFont(XtermWidget xw, + SAVE_FNAME(f_w, fWide); + SAVE_FNAME(f_wb, fWBold); + #endif ++ result = True; + } else { +- (void) xtermLoadFont(xw, +- xtermFontName(screen->MenuFontName(oldFont)), +- doresize, oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + FREE_FNAME(f_n); +@@ -4944,7 +4963,8 @@ SetVTFont(XtermWidget xw, + } else { + Bell(xw, XkbBI_MinorError, 0); + } +- return; ++ TRACE(("...SetVTFont: %d\n", result)); ++ return result; + } + + #if OPT_RENDERFONT +diff --git a/fontutils.h b/fontutils.h +index 2267f24..5b3afe0 100644 +--- a/fontutils.h ++++ b/fontutils.h +@@ -37,7 +37,7 @@ + /* *INDENT-OFF* */ + + extern Bool xtermLoadDefaultFonts (XtermWidget /* xw */); +-extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, Bool /* force */); ++extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, XTermFonts * /* current */, Bool /* force */); + extern XFontStruct * xtermLoadQueryFont(XtermWidget /* xw */, const char * /*name */); + extern XTermFonts * getDoubleFont (TScreen * /* screen */, int /* which */); + extern XTermFonts * getItalicFont (TScreen * /* screen */, int /* which */); +@@ -51,7 +51,7 @@ extern int lookupRelativeFontSize (XtermWidget /* xw */, int /* old */, int /* r + extern int xtermGetFont (const char * /* param */); + extern int xtermLoadFont (XtermWidget /* xw */, const VTFontNames */* fonts */, Bool /* doresize */, int /* fontnum */); + extern void HandleSetFont PROTO_XT_ACTIONS_ARGS; +-extern void SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); ++extern Bool SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); + extern void allocFontList (XtermWidget /* xw */, const char * /* name */, XtermFontNames * /* target */, VTFontEnum /* which */, const char * /* source */, Bool /* ttf */); + extern void copyFontList (char *** /* targetp */, char ** /* source */); + extern void initFontLists (XtermWidget /* xw */); +diff --git a/misc.c b/misc.c +index cbb2679..aafbb08 100644 +--- a/misc.c ++++ b/misc.c +@@ -3941,9 +3941,9 @@ ChangeFontRequest(XtermWidget xw, String buf) + { + memset(&fonts, 0, sizeof(fonts)); + fonts.f_n = name; +- SetVTFont(xw, num, True, &fonts); +- if (num == screen->menu_font_number && +- num != fontMenu_fontescape) { ++ if (SetVTFont(xw, num, True, &fonts) ++ && num == screen->menu_font_number ++ && num != fontMenu_fontescape) { + screen->EscapeFontName() = x_strdup(name); + } + } +@@ -6422,7 +6422,6 @@ xtermSetenv(const char *var, const char *value) + + found = envindex; + environ[found + 1] = NULL; +- environ = environ; + } + + environ[found] = malloc(2 + len + strlen(value)); +diff --git a/screen.c b/screen.c +index 93e36b3..f82ee44 100644 +--- a/screen.c ++++ b/screen.c +@@ -1454,7 +1454,7 @@ ScrnRefresh(XtermWidget xw, + maxrow += StatusLineRows; + } + #endif +- ++ (void) recurse; + ++recurse; + + if (screen->cursorp.col >= leftcol +diff --git a/xterm.h b/xterm.h +index e6bd123..c4fe811 100644 +--- a/xterm.h ++++ b/xterm.h +@@ -999,7 +999,7 @@ extern Bool CheckBufPtrs (TScreen * /* screen */); + extern Bool set_cursor_gcs (XtermWidget /* xw */); + extern char * vt100ResourceToString (XtermWidget /* xw */, const char * /* name */); + extern int VTInit (XtermWidget /* xw */); +-extern void FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); ++extern Bool FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); + extern void HideCursor (XtermWidget /* xw */); + extern void RestartBlinking(XtermWidget /* xw */); + extern void ShowCursor (XtermWidget /* xw */); +diff --git a/xterm.log.html b/xterm.log.html +index 03324b1..0f28658 100644 +--- a/xterm.log.html ++++ b/xterm.log.html +@@ -1026,6 +1026,12 @@ + 2022/03/09</a></h1> + + <ul> ++ <li>improve error-recovery when setting a bitmap font for the ++ VT100 window, e.g., in case <em>OSC 50</em> failed, ++ restoring the most recent valid font so that a subsequent ++ <em>OSC 50</em> reports this correctly (report by David ++ Leadbeater).</li> ++ + <li>amend allocation/freeing of scrollback lines, eliminating + an adjustment for status-line added in <a href= + "#xterm_371">patch #371</a> (report/testcase by Rajeev V. +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb index 3e1e9d7042..223bc0a498 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=5ec6748ed90e588caa SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \ file://0001-Add-configure-time-check-for-setsid.patch \ + file://CVE-2022-45063.patch \ " SRC_URI[sha256sum] = "c6d08127cb2409c3a04bcae559b7025196ed770bb7bf26630abcb45d95f60ab1" diff --git a/meta-openembedded/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb b/meta-openembedded/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb index d5e8e4b497..3d97ea0967 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/kernel-selftest/kernel-selftest.bb @@ -85,7 +85,13 @@ do_install() { for i in ${TEST_LIST} do oe_runmake -C ${S}/tools/testing/selftests/${i} INSTALL_PATH=${D}/usr/kernel-selftest/${i} install + # Install kselftest-list.txt that required by kselftest runner. + oe_runmake -s --no-print-directory COLLECTION=${i} -C ${S}/tools/testing/selftests/${i} emit_tests \ + >> ${D}/usr/kernel-selftest/kselftest-list.txt done + # Install kselftest runner. + install -m 0755 ${S}/tools/testing/selftests/run_kselftest.sh ${D}/usr/kernel-selftest/ + cp -R --no-dereference --preserve=mode,links -v ${S}/tools/testing/selftests/kselftest ${D}/usr/kernel-selftest/ if [ -e ${D}/usr/kernel-selftest/bpf/test_offload.py ]; then sed -i -e '1s,#!.*python3,#! /usr/bin/env python3,' ${D}/usr/kernel-selftest/bpf/test_offload.py fi @@ -127,7 +133,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" INHIBIT_PACKAGE_DEBUG_SPLIT="1" FILES:${PN} += "/usr/kernel-selftest" -RDEPENDS:${PN} += "python3" +RDEPENDS:${PN} += "python3 perl" # tools/testing/selftests/vm/Makefile doesn't respect LDFLAGS and tools/testing/selftests/Makefile explicitly overrides to empty INSANE_SKIP:${PN} += "ldflags" diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch new file mode 100644 index 0000000000..d3b203111f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch @@ -0,0 +1,52 @@ +From 415d50fc56b82963e5570c7738c61b22f4a83748 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Mon, 11 Jul 2022 00:56:28 +0200 +Subject: [PATCH] Remove usage of 'U' mode bit for opening files in python + +The 'U' mode bit is removed in python 3.11. It has been +deprecated for a long time. The 'U' mode bit has no effect +so this change doesn't change any behavior. + +See https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api + +Upstream-Status: Submitted [https://github.com/jackaudio/jack2/pull/884] +--- + waflib/ConfigSet.py | 2 +- + waflib/Context.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py +index b300bb56..84736c9c 100644 +--- a/waflib/ConfigSet.py ++++ b/waflib/ConfigSet.py +@@ -312,7 +312,7 @@ class ConfigSet(object): + :type filename: string + """ + tbl = self.table +- code = Utils.readf(filename, m='rU') ++ code = Utils.readf(filename, m='r') + for m in re_imp.finditer(code): + g = m.group + tbl[g(2)] = eval(g(3)) +diff --git a/waflib/Context.py b/waflib/Context.py +index 9fee3fa1..761b521f 100644 +--- a/waflib/Context.py ++++ b/waflib/Context.py +@@ -266,7 +266,7 @@ class Context(ctx): + cache[node] = True + self.pre_recurse(node) + try: +- function_code = node.read('rU', encoding) ++ function_code = node.read('r', encoding) + exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict) + finally: + self.post_recurse(node) +@@ -662,7 +662,7 @@ def load_module(path, encoding=None): + + module = imp.new_module(WSCRIPT_FILE) + try: +- code = Utils.readf(path, m='rU', encoding=encoding) ++ code = Utils.readf(path, m='r', encoding=encoding) + except EnvironmentError: + raise Errors.WafError('Could not read the file %r' % path) + diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb index 452f066559..ea8c0f385a 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb +++ b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb @@ -14,7 +14,9 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "libsamplerate0 libsndfile1 readline" -SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https" +SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https \ + file://0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch \ +" SRCREV = "a2fe7ec2fdbd315f112c8035282d94a429451178" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch new file mode 100644 index 0000000000..fb8fa3427f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch @@ -0,0 +1,60 @@ +Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1 +From: Oliver Kiddle <opk@zsh.org> +Date: Wed, 15 Dec 2021 01:56:40 +0100 +Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on + %F/%K arguments + +Mitigates CVE-2021-45444 + +https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 +++++ + Src/prompt.c | 10 ++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 8d7dfc169..eb248ec06 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2022-01-27 dana <dana@dana.is> ++ ++ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive ++ PROMPT_SUBST ++ + 2020-02-14 dana <dana@dana.is> + + * unposted: Config/version.mk: Update for 5.8 +diff --git a/Src/prompt.c b/Src/prompt.c +index b65bfb86b..91e21c8e9 100644 +--- a/Src/prompt.c ++++ b/Src/prompt.c +@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg) + bv->fm += 2; /* skip over F{ */ + if ((ep = strchr(bv->fm, '}'))) { + char oc = *ep, *col, *coll; ++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; ++ int opp = opts[PROMPTPERCENT]; ++ ++ opts[PROMPTPERCENT] = 1; ++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; ++ + *ep = '\0'; + /* expand the contents of the argument so you can use + * %v for example */ +@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg) + arg = match_colour((const char **)&coll, is_fg, 0); + free(col); + bv->fm = ep; ++ ++ opts[PROMPTSUBST] = ops; ++ opts[PROMPTBANG] = opb; ++ opts[PROMPTPERCENT] = opp; + } else { + arg = match_colour((const char **)&bv->fm, is_fg, 0); + if (*bv->fm != '}') +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch new file mode 100644 index 0000000000..e5b6d7cdc9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch @@ -0,0 +1,140 @@ +From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001 +From: Marc CornellĂ <hello@mcornella.com> +Date: Mon, 24 Jan 2022 09:43:28 +0100 +Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to + work around CVE-2021-45444 in VCS_Info +Comment: Updated to use the same file name without blanks as actually + used in the final 5.8.1 release. + + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 + + Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++ + 2 files changed, 103 insertions(+) + create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch + +diff --git a/ChangeLog b/ChangeLog +index eb248ec06..9a05a09e1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,10 @@ + 2022-01-27 dana <dana@dana.is> + ++ * Marc CornellĂ : security/89: ++ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which ++ can optionally be used to work around recursive PROMPT_SUBST ++ issue in VCS_Info ++ + * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive + PROMPT_SUBST + +diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +new file mode 100644 +index 000000000..13e54be77 +--- /dev/null ++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +@@ -0,0 +1,98 @@ ++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001 ++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com> ++Date: Mon, 24 Jan 2022 09:43:28 +0100 ++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444, ++which is mitigated in the shell itself in 5.8.1 and later versions. It is ++offered for users who are concerned about an exploit but are unable to update ++their binaries to receive the complete fix. ++ ++The patch works around the vulnerability by pre-escaping values substituted ++into format strings in VCS_Info. Please note that this may break some user ++configurations that rely on those values being un-escaped (which is why it was ++not included directly in 5.8.1). It may be possible to limit this breakage by ++adjusting exactly which ones are pre-escaped, but of course this may leave ++them vulnerable again. ++ ++If applying the patch to the file system is inconvenient or not possible, the ++following script can be used to idempotently patch the relevant function ++running in memory (and thus must be re-run when the shell is restarted): ++ ++ ++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version) ++autoload -Uz is-at-least ++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then ++ return ++fi ++ ++# Quote necessary $hook_com[<field>] items just before they are used ++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats ++# function, where <field> is: ++# ++# base: the full path of the repository's root directory. ++# base-name: the name of the repository's root directory. ++# branch: the name of the currently checked out branch. ++# revision: an identifier of the currently checked out revision. ++# subdir: the path of the current directory relative to the ++# repository's root directory. ++# misc: a string that may contain anything the vcs_info backend wants. ++# ++# This patch %-quotes these fields previous to their use in vcs_info hooks and ++# the zformat call and, eventually, when they get expanded in the prompt. ++# It's important to quote these here, and not later after hooks have modified the ++# fields, because then we could be quoting % characters from valid prompt sequences, ++# like %F{color}, %B, etc. ++# ++# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}" ++# 34 │ ++# 35 + │ for tmp in base base-name branch misc revision subdir; do ++# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" ++# 37 + │ done ++# 38 + │ ++# 39 │ VCS_INFO_hook 'post-backend' ++# ++# This is especially important so that no command substitution is performed ++# due to malicious input as a consequence of CVE-2021-45444, which affects ++# zsh versions from 5.0.3 to 5.8. ++# ++autoload -Uz +X regexp-replace VCS_INFO_formats ++ ++# We use $tmp here because it's already a local variable in VCS_INFO_formats ++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"' ++# Unique string to avoid reapplying the patch if this code gets called twice ++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b ++# Only patch the VCS_INFO_formats function if not already patched ++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then ++ regexp-replace 'functions[VCS_INFO_formats]' \ ++ "VCS_INFO_hook 'post-backend'" \ ++ ': ${PATCH_ID}; ${PATCH}; ${MATCH}' ++fi ++unset PATCH PATCH_ID ++ ++ ++--- ++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++ ++ 1 file changed, 4 insertions(+) ++ ++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats ++index e0e1dc738..4d88e28b6 100644 ++--- a/Functions/VCS_Info/VCS_INFO_formats +++++ b/Functions/VCS_Info/VCS_INFO_formats ++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}" ++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++ hook_com[subdir_orig]="${hook_com[subdir]}" ++ +++for tmp in base base-name branch misc revision subdir; do +++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" +++done +++ ++ VCS_INFO_hook 'post-backend' ++ ++ ## description (for backend authors): ++-- ++2.34.1 +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch new file mode 100644 index 0000000000..adfc00ae57 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch @@ -0,0 +1,77 @@ +From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 +From: dana <dana@dana.is> +Date: Tue, 21 Dec 2021 13:13:33 -0600 +Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 2 ++ + NEWS | 20 ++++++++++++++++++++ + README | 6 ++++++ + 3 files changed, 28 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 9a05a09e1..93b0bc337 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,7 @@ + 2022-01-27 dana <dana@dana.is> + ++ * CVE-2021-45444: NEWS, README: Document preceding two changes ++ + * Marc CornellĂ : security/89: + Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which + can optionally be used to work around recursive PROMPT_SUBST +diff --git a/NEWS b/NEWS +index 964e1633f..d34b3f79e 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH + + Note also the list of incompatibilities in the README file. + ++Changes since 5.8 ++----------------- ++ ++CVE-2021-45444: Some prompt expansion sequences, such as %F, support ++'arguments' which are themselves expanded in case they contain colour ++values, etc. This additional expansion would trigger PROMPT_SUBST ++evaluation, if enabled. This could be abused to execute code the user ++didn't expect. e.g., given a certain prompt configuration, an attacker ++could trick a user into executing arbitrary code by having them check ++out a Git branch with a specially crafted name. ++ ++This is fixed in the shell itself by no longer performing PROMPT_SUBST ++evaluation on these prompt-expansion arguments. ++ ++Users who are concerned about an exploit but unable to update their ++binaries may apply the partial work-around described in the file ++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell ++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to ++Marc CornellĂ <hello@mcornella.com>. ] ++ + Changes since 5.7.1-test-3 + -------------------------- + +diff --git a/README b/README +index 7f1dd5f92..c9e994ab3 100644 +--- a/README ++++ b/README +@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the + file FEATURES, and for the latest changes see NEWS. For more + details, see the documentation. + ++Incompatibilities since 5.8 ++--------------------------- ++ ++PROMPT_SUBST expansion is no longer performed on arguments to prompt- ++expansion sequences such as %F. ++ + Incompatibilities since 5.7.1 + ----------------------------- + +-- +2.34.1 diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb index 0429cb9cc7..7602ff9f64 100644 --- a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb +++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb @@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec" DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \ + file://CVE-2021-45444_1.patch \ + file://CVE-2021-45444_2.patch \ + file://CVE-2021-45444_3.patch \ + " SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27" inherit autotools-brokensep gettext update-alternatives manpages @@ -18,8 +22,8 @@ inherit autotools-brokensep gettext update-alternatives manpages EXTRA_OECONF = " \ --bindir=${base_bindir} \ --enable-etcdir=${sysconfdir} \ - --enable-fndir=${datadir}/${PN}/${PV}/functions \ - --enable-site-fndir=${datadir}/${PN}/site-functions \ + --enable-fndir=${datadir}/${BPN}/${PV}/functions \ + --enable-site-fndir=${datadir}/${BPN}/site-functions \ --with-term-lib='ncursesw ncurses' \ --with-tcsetpgrp \ --enable-cap \ diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch new file mode 100644 index 0000000000..0a0e8f0b61 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch @@ -0,0 +1,66 @@ +From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001 +From: hopper-vul <118949689+hopper-vul@users.noreply.github.com> +Date: Wed, 18 Jan 2023 22:14:26 +0800 +Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow + (#497) + +In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse +the input str and initialize a sortlist configuration. + +However, ares_set_sortlist has not any checks about the validity of the input str. +It is very easy to create an arbitrary length stack overflow with the unchecked +`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` +statements in the config_sortlist call, which could potentially cause severe +security impact in practical programs. + +This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the +potential stack overflows. + +fixes #496 + +Fix By: @hopper-vul + +CVE: CVE-2022-4415 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + src/lib/ares_init.c | 4 ++++ + test/ares-test-init.cc | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c +index 51668a5c..3f9cec65 100644 +--- a/src/lib/ares_init.c ++++ b/src/lib/ares_init.c +@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + q = str; + while (*q && *q != '/' && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 16) ++ return ARES_EBADSTR; + memcpy(ipbuf, str, q-str); + ipbuf[q-str] = '\0'; + /* Find the prefix */ +@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + const char *str2 = q+1; + while (*q && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 32) ++ return ARES_EBADSTR; + memcpy(ipbufpfx, str, q-str); + ipbufpfx[q-str] = '\0'; + str = str2; +diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc +index 63c6a228..ee845181 100644 +--- a/test/ares-test-init.cc ++++ b/test/ares-test-init.cc +@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) { + + TEST_F(DefaultChannelTest, SetSortlistFailures) { + EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123")); + } diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 2cd00cb578..5614d1310f 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -5,7 +5,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https" +SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ + file://CVE-2022-4904.patch \ + " SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)" diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch new file mode 100644 index 0000000000..8d576f5d58 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch @@ -0,0 +1,261 @@ +From 689c65fb050976d5a548a5b9a0f5d2c14eaa3301 Mon Sep 17 00:00:00 2001 +From: Alexander Stein <alexander.stein@tq-group.com> +Date: Thu, 8 Dec 2022 14:11:46 +0100 +Subject: [PATCH 1/1] Fix rename in docs + +The content of dool.1.adoc is completly unchanged from dstat.1.adoc. +Unfortunately the 'NAME' specifies the created file name. So +building/cleaning docs is currently broken + +Upstream-Status: Pending +https://github.com/scottchiefbaker/dool/pull/30 + +Signed-off-by: Alexander Stein <alexander.stein@tq-group.com> +--- + docs/dool.1.adoc | 108 +++++++++++++++++++++++------------------------ + 1 file changed, 54 insertions(+), 54 deletions(-) + +diff --git a/docs/dool.1.adoc b/docs/dool.1.adoc +index 24c4a54..921df1f 100644 +--- a/docs/dool.1.adoc ++++ b/docs/dool.1.adoc +@@ -1,35 +1,35 @@ +-= dstat(1) ++= dool(1) + Dag Wieers <dag@wieers.com> + v0.7.3, August 2014 + + + == NAME +-dstat - versatile tool for generating system resource statistics ++dool - versatile tool for generating system resource statistics + + + == SYNOPSIS +-dstat [-afv] [options..] [delay [count]] ++dool [-afv] [options..] [delay [count]] + + + == DESCRIPTION +-Dstat is a versatile replacement for vmstat, iostat and ifstat. Dstat ++Dool is a versatile replacement for vmstat, iostat and ifstat. Dool + overcomes some of the limitations and adds some extra features. + +-Dstat allows you to view all of your system resources instantly, you ++Dool allows you to view all of your system resources instantly, you + can eg. compare disk usage in combination with interrupts from your + IDE controller, or compare the network bandwidth numbers directly with + the disk throughput (in the same interval). + +-Dstat also cleverly gives you the most detailed information in columns ++Dool also cleverly gives you the most detailed information in columns + and clearly indicates in what magnitude and unit the output is displayed. + Less confusion, less mistakes, more efficient. + +-Dstat is unique in letting you aggregate block device throughput for a ++Dool is unique in letting you aggregate block device throughput for a + certain diskset or network bandwidth for a group of interfaces, ie. + you can see the throughput for all the block devices that make up a + single filesystem or storage system. + +-Dstat allows its data to be directly written to a CSV file to be ++Dool allows its data to be directly written to a CSV file to be + imported and used by OpenOffice, Gnumeric or Excel to create graphs. + + [NOTE] +@@ -187,13 +187,13 @@ Possible internal stats are:: + write CSV output to file + + --profile:: +- show profiling statistics when exiting dstat ++ show profiling statistics when exiting dool + + + == PLUGINS +-While anyone can create their own dstat plugins (and contribute them) dstat ++While anyone can create their own dool plugins (and contribute them) dool + ships with a number of plugins already that extend its capabilities greatly. +-Here is an overview of the plugins dstat ships with: ++Here is an overview of the plugins dool ships with: + + --battery:: + battery in percentage (needs ACPI) +@@ -225,17 +225,17 @@ Here is an overview of the plugins dstat ships with: + --disk-wait:: + average time (in milliseconds) for I/O requests issued to the device to be served + +---dstat:: +- show dstat cputime consumption and latency ++--dool:: ++ show dool cputime consumption and latency + +---dstat-cpu:: +- show dstat advanced cpu usage ++--dool-cpu:: ++ show dool advanced cpu usage + +---dstat-ctxt:: +- show dstat context switches ++--dool-ctxt:: ++ show dool context switches + +---dstat-mem:: +- show dstat advanced memory usage ++--dool-mem:: ++ show dool advanced memory usage + + --fan:: + fan speed (needs ACPI) +@@ -250,7 +250,7 @@ Here is an overview of the plugins dstat ships with: + GPFS filesystem operations (needs mmpmon) + + --helloworld:: +- Hello world example dstat plugin ++ Hello world example dool plugin + + --innodb-buffer:: + show innodb buffer stats +@@ -340,22 +340,22 @@ Here is an overview of the plugins dstat ships with: + show sendmail queue size (needs sendmail) + + --snmp-cpu:: +- show CPU stats using SNMP from DSTAT_SNMPSERVER ++ show CPU stats using SNMP from DOOL_SNMPSERVER + + --snmp-load:: +- show load stats using SNMP from DSTAT_SNMPSERVER ++ show load stats using SNMP from DOOL_SNMPSERVER + + --snmp-mem:: +- show memory stats using SNMP from DSTAT_SNMPSERVER ++ show memory stats using SNMP from DOOL_SNMPSERVER + + --snmp-net:: +- show network stats using SNMP from DSTAT_SNMPSERVER ++ show network stats using SNMP from DOOL_SNMPSERVER + + --snmp-net-err: +- show network errors using SNMP from DSTAT_SNMPSERVER ++ show network errors using SNMP from DOOL_SNMPSERVER + + --snmp-sys:: +- show system stats (interrupts and context switches) using SNMP from DSTAT_SNMPSERVER ++ show system stats (interrupts and context switches) using SNMP from DOOL_SNMPSERVER + + --snooze:: + show number of ticks per second +@@ -463,7 +463,7 @@ The default delay is 1 and count is unspecified (unlimited) + + + == INTERMEDIATE UPDATES +-When invoking dstat with a *delay* greater than 1 and without the ++When invoking dool with a *delay* greater than 1 and without the + *--noupdate* option, it will show intermediate updates, ie. the first + time a 1 sec average, the second update a 2 second average, etc. until + the delay has been reached. +@@ -475,34 +475,34 @@ average on a new line, just like with vmstat. + + + == EXAMPLES +-Using dstat to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: ++Using dool to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: + ---- +-dstat -dnyc -N eth0 -C total -f 5 ++dool -dnyc -N eth0 -C total -f 5 + ---- + +-Checking dstat's behaviour and the system impact of dstat: ++Checking dool's behaviour and the system impact of dool: + ---- +-dstat -taf --debug ++dool -taf --debug + ---- + + Using the time plugin together with cpu, net, disk, system, load, proc and + top_cpu plugins: + ---- +-dstat -tcndylp --top-cpu ++dool -tcndylp --top-cpu + ---- + this is identical to + ---- +-dstat --time --cpu --net --disk --sys --load --proc --top-cpu ++dool --time --cpu --net --disk --sys --load --proc --top-cpu + ---- + +-Using dstat to relate advanced cpu stats with interrupts per device: ++Using dool to relate advanced cpu stats with interrupts per device: + ---- +-dstat -t --cpu-adv -yif ++dool -t --cpu-adv -yif + ---- + + + == BUGS +-Since it is practically impossible to test dstat on every possible ++Since it is practically impossible to test dool on every possible + permutation of kernel, python or distribution version, I need your + help and your feedback to fix the remaining problems. If you have + improvements or bugreports, please send them to: +@@ -513,40 +513,40 @@ Please see the TODO file for known bugs and future plans. + + + == FILES +-Paths that may contain external dstat_*.py plugins: ++Paths that may contain external dool_*.py plugins: + +- ~/.dstat/ ++ ~/.dool/ + (path of binary)/plugins/ +- /usr/share/dstat/ +- /usr/local/share/dstat/ ++ /usr/share/dool/ ++ /usr/local/share/dool/ + + == ENVIRONMENT VARIABLES + +-Dstat will read additional command line arguments from the environment +-variable *DSTAT_OPTS*. You can use this to configure Dstat's default ++Dool will read additional command line arguments from the environment ++variable *DOOL_OPTS*. You can use this to configure Dool's default + behavior, e.g. if you have a black-on-white terminal: + +- export DSTAT_OPTS="--bw --noupdate" ++ export DOOL_OPTS="--bw --noupdate" + + Other internal or external plugins have their own environment variables + to influence their behavior, e.g. + + +- DSTAT_NTPSERVER ++ DOOL_NTPSERVER + +- DSTAT_MYSQL +- DSTAT_MYSQL_HOST +- DSTAT_MYSQL_PORT +- DSTAT_MYSQL_SOCKET +- DSTAT_MYSQL_USER +- DSTAT_MYSQL_PWD ++ DOOL_MYSQL ++ DOOL_MYSQL_HOST ++ DOOL_MYSQL_PORT ++ DOOL_MYSQL_SOCKET ++ DOOL_MYSQL_USER ++ DOOL_MYSQL_PWD + +- DSTAT_SNMPSERVER +- DSTAT_SNMPCOMMUNITY ++ DOOL_SNMPSERVER ++ DOOL_SNMPCOMMUNITY + +- DSTAT_SQUID_OPTS ++ DOOL_SQUID_OPTS + +- DSTAT_TIMEFMT ++ DOOL_TIMEFMT + + == SEE ALSO + +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.0.0.bb b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.0.0.bb index d34397c12a..b70f41cb98 100644 --- a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.0.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.0.0.bb @@ -11,6 +11,7 @@ DEPENDS += "asciidoc-native xmlto-native" SRC_URI = "git://github.com/scottchiefbaker/dool.git;branch=master;protocol=https \ file://0001-Fix-build-error-as-following.patch \ + file://0001-Fix-rename-in-docs.patch \ " SRCREV = "34a3244b46aa70a31f871a7ca8ffa8d3a7b950d2" diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 31afe78e45..b210fa6340 100644 --- a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" DEPENDS = "zlib expat" -SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz" +SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz" SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778" # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch new file mode 100644 index 0000000000..dd6af413ef --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch @@ -0,0 +1,159 @@ +From 23e13a52a6213b11eda9a3b09df455f495f74e8d Mon Sep 17 00:00:00 2001 +From: Yogita Urade <yogita.urade@windriver.com> +Date: Tue, 13 Dec 2022 09:18:33 +0000 +Subject: [PATCH] multipath-tools: use /run instead of /dev/shm + +/dev/shm may have unsafe permissions. Use /run instead. +Use systemd's tmpfiles.d mechanism to create /run/multipath +early during boot. + +For backward compatibilty, make the runtime directory configurable +via the "runtimedir" make variable. + +Signed-off-by: Martin Wilck <mwilck@suse.com> +Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> + +CVE: CVE-2022-41973 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2022-41973 + +Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + .gitignore | 2 ++ + Makefile.inc | 7 ++++++- + libmultipath/defaults.h | 3 +-- + multipath/Makefile | 11 ++++++++--- + multipath/{multipath.rules => multipath.rules.in} | 4 ++-- + multipath/tmpfiles.conf.in | 1 + + 6 files changed, 20 insertions(+), 8 deletions(-) + rename multipath/{multipath.rules => multipath.rules.in} (95%) + create mode 100644 multipath/tmpfiles.conf.in + +diff --git a/.gitignore b/.gitignore +index 9926756b..f90b0350 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -8,6 +8,8 @@ + *.d + kpartx/kpartx + multipath/multipath ++multipath/multipath.rules ++multipath/tmpfiles.conf + multipathd/multipathd + mpathpersist/mpathpersist + .nfs* +diff --git a/Makefile.inc b/Makefile.inc +index 4eb08eed..648f91b4 100644 +--- a/Makefile.inc ++++ b/Makefile.inc +@@ -44,6 +44,7 @@ exec_prefix = $(prefix) + usr_prefix = $(prefix) + bindir = $(exec_prefix)/usr/sbin + libudevdir = $(prefix)/$(SYSTEMDPATH)/udev ++tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d + udevrulesdir = $(libudevdir)/rules.d + multipathdir = $(TOPDIR)/libmultipath + man8dir = $(prefix)/usr/share/man/man8 +@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp + nvmedir = $(TOPDIR)/libmultipath/nvme + includedir = $(prefix)/usr/include + pkgconfdir = $(usrlibdir)/pkgconfig ++runtimedir := /$(RUN) + + GZIP = gzip -9 -c + RM = rm -f +@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \ + -Wno-unused-parameter -Werror=cast-qual \ + -Werror=discarded-qualifiers + +-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2 ++CPPFLAGS := $(FORTIFY_OPT) \ ++ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ ++ -DRUNTIME_DIR=\"$(runtimedir)\" \ ++ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP + CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \ + -MMD -MP $(CFLAGS) + BIN_CFLAGS = -fPIE -DPIE +diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h +index c2164c16..908e0ca3 100644 +--- a/libmultipath/defaults.h ++++ b/libmultipath/defaults.h +@@ -64,8 +64,7 @@ + #define DEFAULT_WWIDS_FILE "/etc/multipath/wwids" + #define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys" + #define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d" +-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/" +- ++#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/" + + static inline char *set_default(char *str) + { +diff --git a/multipath/Makefile b/multipath/Makefile +index e720c7f6..28976546 100644 +--- a/multipath/Makefile ++++ b/multipath/Makefile +@@ -12,7 +12,7 @@ EXEC = multipath + + OBJS = main.o + +-all: $(EXEC) ++all: $(EXEC) multipath.rules tmpfiles.conf + + $(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so + $(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS) +@@ -26,7 +26,9 @@ install: + $(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/ + $(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir) + $(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir) +- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules ++ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules ++ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir) ++ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf + $(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir) + $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir) + $(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir) +@@ -43,9 +45,12 @@ uninstall: + $(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz + + clean: dep_clean +- $(RM) core *.o $(EXEC) *.gz ++ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf + + include $(wildcard $(OBJS:.o=.d)) + + dep_clean: + $(RM) $(OBJS:.o=.d) ++ ++%: %.in ++ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@ +diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in +similarity index 95% +rename from multipath/multipath.rules +rename to multipath/multipath.rules.in +index 0486bf70..5fb499e6 100644 +--- a/multipath/multipath.rules ++++ b/multipath/multipath.rules.in +@@ -1,8 +1,8 @@ + # Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath + SUBSYSTEM!="block", GOTO="end_mpath" + KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath" +-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \ +- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor" ++ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \ ++ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor" + ACTION!="add|change", GOTO="end_mpath" + + IMPORT{cmdline}="nompath" +diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in +new file mode 100644 +index 00000000..21be438a +--- /dev/null ++++ b/multipath/tmpfiles.conf.in +@@ -0,0 +1 @@ ++d @RUNTIME_DIR@/multipath 0700 root root - +-- +2.32.0 + diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch new file mode 100644 index 0000000000..7cdb5f9bda --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch @@ -0,0 +1,164 @@ +From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski <bmarzins@redhat.com> +Date: Tue, 27 Sep 2022 12:36:37 +0200 +Subject: [PATCH] multipathd: ignore duplicated multipathd command keys + +multipath adds rather than or-s the values of command keys. Fix this. +Also, return an invalid fingerprint if a key is used more than once. + +CVE: CVE-2022-41974 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2022-41974 +https://github.com/opensvc/multipath-tools/issues/59 + +Upstream-Status: Backport +[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c] + +Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + multipathd/cli.c | 8 ++-- + multipathd/main.c | 104 +++++++++++++++++++++++----------------------- + 2 files changed, 57 insertions(+), 55 deletions(-) + +diff --git a/multipathd/cli.c b/multipathd/cli.c +index 800c0fbe..0a266761 100644 +--- a/multipathd/cli.c ++++ b/multipathd/cli.c +@@ -336,9 +336,11 @@ fingerprint(vector vec) + if (!vec) + return 0; + +- vector_foreach_slot(vec, kw, i) +- fp += kw->code; +- ++ vector_foreach_slot(vec, kw, i) { ++ if (fp & kw->code) ++ return (uint64_t)-1; ++ fp |= kw->code; ++ } + return fp; + } + +diff --git a/multipathd/main.c b/multipathd/main.c +index 8baf9abe..975287d2 100644 +--- a/multipathd/main.c ++++ b/multipathd/main.c +@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap) + /* Tell main thread that thread has started */ + post_config_state(DAEMON_CONFIGURE); + +- set_handler_callback(LIST+PATHS, cli_list_paths); +- set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt); +- set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw); +- set_handler_callback(LIST+PATH, cli_list_path); +- set_handler_callback(LIST+MAPS, cli_list_maps); +- set_handler_callback(LIST+STATUS, cli_list_status); +- set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon); +- set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status); +- set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats); +- set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt); +- set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw); +- set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json); +- set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology); +- set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+JSON, cli_list_map_json); +- set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local); +- set_handler_callback(LIST+CONFIG, cli_list_config); +- set_handler_callback(LIST+BLACKLIST, cli_list_blacklist); +- set_handler_callback(LIST+DEVICES, cli_list_devices); +- set_handler_callback(LIST+WILDCARDS, cli_list_wildcards); +- set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats); +- set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats); +- set_handler_callback(ADD+PATH, cli_add_path); +- set_handler_callback(DEL+PATH, cli_del_path); +- set_handler_callback(ADD+MAP, cli_add_map); +- set_handler_callback(DEL+MAP, cli_del_map); +- set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group); ++ set_handler_callback(LIST|PATHS, cli_list_paths); ++ set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt); ++ set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw); ++ set_handler_callback(LIST|PATH, cli_list_path); ++ set_handler_callback(LIST|MAPS, cli_list_maps); ++ set_handler_callback(LIST|STATUS, cli_list_status); ++ set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon); ++ set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status); ++ set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats); ++ set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt); ++ set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw); ++ set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json); ++ set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology); ++ set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|JSON, cli_list_map_json); ++ set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local); ++ set_handler_callback(LIST|CONFIG, cli_list_config); ++ set_handler_callback(LIST|BLACKLIST, cli_list_blacklist); ++ set_handler_callback(LIST|DEVICES, cli_list_devices); ++ set_handler_callback(LIST|WILDCARDS, cli_list_wildcards); ++ set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats); ++ set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats); ++ set_handler_callback(ADD|PATH, cli_add_path); ++ set_handler_callback(DEL|PATH, cli_del_path); ++ set_handler_callback(ADD|MAP, cli_add_map); ++ set_handler_callback(DEL|MAP, cli_del_map); ++ set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group); + set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure); +- set_handler_callback(SUSPEND+MAP, cli_suspend); +- set_handler_callback(RESUME+MAP, cli_resume); +- set_handler_callback(RESIZE+MAP, cli_resize); +- set_handler_callback(RELOAD+MAP, cli_reload); +- set_handler_callback(RESET+MAP, cli_reassign); +- set_handler_callback(REINSTATE+PATH, cli_reinstate); +- set_handler_callback(FAIL+PATH, cli_fail); +- set_handler_callback(DISABLEQ+MAP, cli_disable_queueing); +- set_handler_callback(RESTOREQ+MAP, cli_restore_queueing); +- set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing); +- set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing); ++ set_handler_callback(SUSPEND|MAP, cli_suspend); ++ set_handler_callback(RESUME|MAP, cli_resume); ++ set_handler_callback(RESIZE|MAP, cli_resize); ++ set_handler_callback(RELOAD|MAP, cli_reload); ++ set_handler_callback(RESET|MAP, cli_reassign); ++ set_handler_callback(REINSTATE|PATH, cli_reinstate); ++ set_handler_callback(FAIL|PATH, cli_fail); ++ set_handler_callback(DISABLEQ|MAP, cli_disable_queueing); ++ set_handler_callback(RESTOREQ|MAP, cli_restore_queueing); ++ set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing); ++ set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing); + set_unlocked_handler_callback(QUIT, cli_quit); + set_unlocked_handler_callback(SHUTDOWN, cli_shutdown); +- set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus); +- set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus); +- set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus); +- set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q); +- set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q); +- set_handler_callback(GETPRKEY+MAP, cli_getprkey); +- set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey); +- set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey); +- set_handler_callback(SETMARGINAL+PATH, cli_set_marginal); +- set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal); +- set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal); ++ set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus); ++ set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus); ++ set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus); ++ set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q); ++ set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q); ++ set_handler_callback(GETPRKEY|MAP, cli_getprkey); ++ set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey); ++ set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey); ++ set_handler_callback(SETMARGINAL|PATH, cli_set_marginal); ++ set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal); ++ set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal); + + umask(077); + uxsock_listen(&uxsock_trigger, ux_sock, ap); +-- +2.31.1 diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb index 5a8db08771..0d51263f66 100644 --- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb @@ -48,6 +48,8 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas file://0001-add-explicit-dependency-on-libraries.patch \ file://0001-fix-boolean-value-with-json-c-0.14.patch \ file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \ + file://0001-multipath-tools-use-run-instead-of-dev-shm.patch \ + file://CVE-2022-41974.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" @@ -120,3 +122,6 @@ FILES:kpartx = "${base_sbindir}/kpartx \ RDEPENDS:${PN} += "kpartx" PARALLEL_MAKE = "" + +FILES:${PN}-libs += "usr/lib/*.so.*" +FILES:${PN}-libs += "usr/lib/tmpfiles.d/*" diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch index eb6174a7b0..950fae667a 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -18,7 +18,12 @@ diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk index 2012d18..78fca62 100644 --- a/nss/coreconf/arch.mk +++ b/nss/coreconf/arch.mk -@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) +@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s) + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) ifeq ($(OS_TEST),i86pc) OS_RELEASE := $(shell uname -r)_$(OS_TEST) else diff --git a/meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch new file mode 100644 index 0000000000..4a8ea233c8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch @@ -0,0 +1,41 @@ +From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Thu, 25 Aug 2022 00:14:22 +0200 +Subject: [PATCH] JBIG2Stream: Fix crash on broken file + +https://github.com/jeffssh/CVE-2021-30860 + +Thanks to David Warren for the heads up + +CVE: CVE-2021-30860 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2021-30860 + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + poppler/JBIG2Stream.cc | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 662276e5..9f70431d 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless + for (i = 0; i < nRefSegs; ++i) { + if ((seg = findSegment(refSegs[i]))) { + if (seg->getType() == jbig2SegSymbolDict) { +- numSyms += ((JBIG2SymbolDict *)seg)->getSize(); ++ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize(); ++ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) { ++ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region"); ++ return; ++ } + } else if (seg->getType() == jbig2SegCodeTable) { + codeTables.push_back(seg); + } +-- +2.25.1 diff --git a/meta-openembedded/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-openembedded/meta-oe/recipes-support/poppler/poppler_22.04.0.bb index b7cdb4f1be..816c9f1608 100644 --- a/meta-openembedded/meta-oe/recipes-support/poppler/poppler_22.04.0.bb +++ b/meta-openembedded/meta-oe/recipes-support/poppler/poppler_22.04.0.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ file://0001-Do-not-overwrite-all-our-build-flags.patch \ file://basename-include.patch \ + file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ " SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" diff --git a/meta-openembedded/meta-oe/recipes-support/re2/re2_2020.11.01.bb b/meta-openembedded/meta-oe/recipes-support/re2/re2_2020.11.01.bb index 698fe7e497..5ec1c6b5ab 100644 --- a/meta-openembedded/meta-oe/recipes-support/re2/re2_2020.11.01.bb +++ b/meta-openembedded/meta-oe/recipes-support/re2/re2_2020.11.01.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b5c31eb512bdf3cb11ffd5713963760" SRCREV = "166dbbeb3b0ab7e733b278e8f42a84f6882b8a25" -SRC_URI = "git://github.com/google/re2.git;branch=master;protocol=https" +SRC_URI = "git://github.com/google/re2.git;branch=main;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb b/meta-openembedded/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb index d377241ad1..6362fc7a4b 100644 --- a/meta-openembedded/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/spdlog/spdlog_1.9.2.bb @@ -12,7 +12,7 @@ DEPENDS += "fmt" S = "${WORKDIR}/git" BBCLASSEXTEND = "native" -# no need to build example&text&benchmarks on pure yocto -EXTRA_OECMAKE += "-DSPDLOG_INSTALL=on -DSPDLOG_BUILD_SHARED=on -DSPDLOG_BUILD_EXAMPLES=off -DSPDLOG_BUILD_TESTS=off -DSPDLOG_BUILD_BENCH=off -DSPDLOG_FMT_EXTERNAL=on" +# no need to build example & tests & benchmarks on pure yocto +EXTRA_OECMAKE += "-DSPDLOG_INSTALL=on -DSPDLOG_BUILD_SHARED=on -DSPDLOG_BUILD_EXAMPLE=off -DSPDLOG_BUILD_TESTS=off -DSPDLOG_BUILD_BENCH=off -DSPDLOG_FMT_EXTERNAL=on" inherit cmake diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch new file mode 100644 index 0000000000..7d1dd6582f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch @@ -0,0 +1,65 @@ +From b5a060f2ebb8d794f508436a12e4d4163f94b1b8 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:26:05 +0200 +Subject: [PATCH 1/8] syslogformat: fix out-of-bounds reading of data buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/b5a060f2ebb8d794f508436a12e4d4163f94b1b8] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/syslog-format.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c +index aacb525b3..872cc1d71 100644 +--- a/modules/syslogformat/syslog-format.c ++++ b/modules/syslogformat/syslog-format.c +@@ -223,6 +223,9 @@ log_msg_parse_cisco_timestamp_attributes(LogMessage *self, const guchar **data, + const guchar *src = *data; + gint left = *length; + ++ if (!left) ++ return; ++ + /* Cisco timestamp extensions, the first '*' indicates that the clock is + * unsynced, '.' if it is known to be synced */ + if (G_UNLIKELY(src[0] == '*')) +@@ -562,7 +565,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + open_sd++; + do + { +- if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') ++ if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') + goto error; + /* read sd_id */ + pos = 0; +@@ -595,7 +598,8 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + sd_id_len = pos; + strcpy(sd_value_name, logmsg_sd_prefix); + strncpy(sd_value_name + logmsg_sd_prefix_len, sd_id_name, sizeof(sd_value_name) - logmsg_sd_prefix_len); +- if (*src == ']') ++ ++ if (left && *src == ']') + { + log_msg_set_value_by_name(self, sd_value_name, "", 0); + } +@@ -612,7 +616,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + else + goto error; + +- if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') ++ if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') + goto error; + + /* read sd-param */ +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch new file mode 100644 index 0000000000..9ccb24ddea --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch @@ -0,0 +1,150 @@ +From 81a07263f1e522a376d3a30f96f51df3f2879f8a Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:22:44 +0200 +Subject: [PATCH 2/8] syslogformat: add bug reproducer test for non-zero terminated + input +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/CMakeLists.txt | 1 + + modules/syslogformat/Makefile.am | 2 + + modules/syslogformat/tests/CMakeLists.txt | 1 + + modules/syslogformat/tests/Makefile.am | 9 +++ + .../syslogformat/tests/test_syslog_format.c | 72 +++++++++++++++++++ + 5 files changed, 85 insertions(+) + create mode 100644 modules/syslogformat/tests/CMakeLists.txt + create mode 100644 modules/syslogformat/tests/Makefile.am + create mode 100644 modules/syslogformat/tests/test_syslog_format.c + +diff --git a/modules/syslogformat/CMakeLists.txt b/modules/syslogformat/CMakeLists.txt +index 94ee01aa2..64848efee 100644 +--- a/modules/syslogformat/CMakeLists.txt ++++ b/modules/syslogformat/CMakeLists.txt +@@ -14,3 +14,4 @@ add_module( + SOURCES ${SYSLOGFORMAT_SOURCES} + ) + ++add_test_subdirectory(tests) +diff --git a/modules/syslogformat/Makefile.am b/modules/syslogformat/Makefile.am +index f13f88c1b..14cdf589d 100644 +--- a/modules/syslogformat/Makefile.am ++++ b/modules/syslogformat/Makefile.am +@@ -31,3 +31,5 @@ modules_syslogformat_libsyslogformat_la_DEPENDENCIES = \ + modules/syslogformat modules/syslogformat/ mod-syslogformat: \ + modules/syslogformat/libsyslogformat.la + .PHONY: modules/syslogformat/ mod-syslogformat ++ ++include modules/syslogformat/tests/Makefile.am +diff --git a/modules/syslogformat/tests/CMakeLists.txt b/modules/syslogformat/tests/CMakeLists.txt +new file mode 100644 +index 000000000..2e45b7194 +--- /dev/null ++++ b/modules/syslogformat/tests/CMakeLists.txt +@@ -0,0 +1 @@ ++add_unit_test(CRITERION TARGET test_syslog_format DEPENDS syslogformat) +diff --git a/modules/syslogformat/tests/Makefile.am b/modules/syslogformat/tests/Makefile.am +new file mode 100644 +index 000000000..7ee66a59c +--- /dev/null ++++ b/modules/syslogformat/tests/Makefile.am +@@ -0,0 +1,9 @@ ++modules_syslogformat_tests_TESTS = \ ++ modules/syslogformat/tests/test_syslog_format ++ ++check_PROGRAMS += ${modules_syslogformat_tests_TESTS} ++ ++EXTRA_DIST += modules/syslogformat/tests/CMakeLists.txt ++ ++modules_syslogformat_tests_test_syslog_format_CFLAGS = $(TEST_CFLAGS) -I$(top_srcdir)/modules/syslogformat ++modules_syslogformat_tests_test_syslog_format_LDADD = $(TEST_LDADD) $(PREOPEN_SYSLOGFORMAT) +diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c +new file mode 100644 +index 000000000..b247fe3c5 +--- /dev/null ++++ b/modules/syslogformat/tests/test_syslog_format.c +@@ -0,0 +1,72 @@ ++/* ++ * Copyright (c) 2022 One Identity ++ * Copyright (c) 2022 LĂ¡szlĂ³ VĂ¡rady ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 as published ++ * by the Free Software Foundation, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ * ++ * As an additional exemption you are allowed to compile & link against the ++ * OpenSSL libraries as published by the OpenSSL project. See the file ++ * COPYING for details. ++ * ++ */ ++ ++#include <criterion/criterion.h> ++ ++#include "apphook.h" ++#include "cfg.h" ++#include "syslog-format.h" ++#include "logmsg/logmsg.h" ++#include "msg-format.h" ++#include "scratch-buffers.h" ++ ++#include <string.h> ++ ++GlobalConfig *cfg; ++MsgFormatOptions parse_options; ++ ++static void ++setup(void) ++{ ++ app_startup(); ++ syslog_format_init(); ++ ++ cfg = cfg_new_snippet(); ++ msg_format_options_defaults(&parse_options); ++} ++ ++static void ++teardown(void) ++{ ++ scratch_buffers_explicit_gc(); ++ app_shutdown(); ++ cfg_free(cfg); ++} ++ ++TestSuite(syslog_format, .init = setup, .fini = teardown); ++ ++Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeout = 10) ++{ ++ const gchar *data = "<182>2022-08-17T05:02:28.217 mymachine su: 'su root' failed for lonvick on /dev/pts/8"; ++ /* chosen carefully to reproduce a bug */ ++ gsize data_length = 27; ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch new file mode 100644 index 0000000000..5801165048 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch @@ -0,0 +1,77 @@ +From 4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sun, 21 Aug 2022 18:44:28 +0200 +Subject: [PATCH 3/8] syslogformat: fix reading cisco sequence id out of bounds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/syslog-format.c | 2 +- + .../syslogformat/tests/test_syslog_format.c | 32 +++++++++++++++++++ + 2 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c +index 872cc1d71..a3d48d6f2 100644 +--- a/modules/syslogformat/syslog-format.c ++++ b/modules/syslogformat/syslog-format.c +@@ -207,7 +207,7 @@ log_msg_parse_cisco_sequence_id(LogMessage *self, const guchar **data, gint *len + + /* if the next char is not space, then we may try to read a date */ + +- if (*src != ' ') ++ if (!left || *src != ' ') + return; + + log_msg_set_value(self, handles.cisco_seqid, (gchar *) *data, *length - left - 1); +diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c +index b247fe3c5..d0f5b4043 100644 +--- a/modules/syslogformat/tests/test_syslog_format.c ++++ b/modules/syslogformat/tests/test_syslog_format.c +@@ -70,3 +70,35 @@ Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeou + msg_format_options_destroy(&parse_options); + log_msg_unref(msg); + } ++ ++Test(syslog_format, cisco_sequence_id_non_zero_termination) ++{ ++ const gchar *data = "<189>65536: "; ++ gsize data_length = strlen(data); ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ cr_assert_str_eq(log_msg_get_value_by_name(msg, ".SDATA.meta.sequenceId", NULL), "65536"); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} ++ ++Test(syslog_format, minimal_non_zero_terminated_numeric_message_is_parsed_as_program_name) ++{ ++ const gchar *data = "<189>65536"; ++ gsize data_length = strlen(data); ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ cr_assert_str_eq(log_msg_get_value_by_name(msg, "PROGRAM", NULL), "65536"); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch new file mode 100644 index 0000000000..cb81b1c122 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch @@ -0,0 +1,37 @@ +From 73b5c300b8fde5e7a4824baa83a04931279abb37 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:42:38 +0200 +Subject: [PATCH 4/8] timeutils: fix iterating out of the range of timestamp buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> +Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 304a57673..4fbe94a36 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -332,7 +332,7 @@ __parse_usec(const guchar **data, gint *length) + src++; + (*length)--; + } +- while (isdigit(*src)) ++ while (*length > 0 && isdigit(*src)) + { + src++; + (*length)--; +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch new file mode 100644 index 0000000000..70964b328b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch @@ -0,0 +1,211 @@ +From 45f051239312e43bd4f92b9339fe67c6798a0321 Mon Sep 17 00:00:00 2001 +From: Balazs Scheidler <bazsi77@gmail.com> +Date: Sat, 20 Aug 2022 12:43:42 +0200 +Subject: [PATCH 5/8] timeutils: add tests for non-zero terminated inputs + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/45f051239312e43bd4f92b9339fe67c6798a0321] + +Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/tests/test_scan-timestamp.c | 126 +++++++++++++++++++--- + 1 file changed, 113 insertions(+), 13 deletions(-) + +diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c +index 27b76f12d..468bbf779 100644 +--- a/lib/timeutils/tests/test_scan-timestamp.c ++++ b/lib/timeutils/tests/test_scan-timestamp.c +@@ -50,17 +50,21 @@ fake_time_add(time_t diff) + } + + static gboolean +-_parse_rfc3164(const gchar *ts, gchar isotimestamp[32]) ++_parse_rfc3164(const gchar *ts, gint len, gchar isotimestamp[32]) + { + UnixTime stamp; +- const guchar *data = (const guchar *) ts; +- gint length = strlen(ts); ++ const guchar *tsu = (const guchar *) ts; ++ gint tsu_len = len < 0 ? strlen(ts) : len; + GString *result = g_string_new(""); + WallClockTime wct = WALL_CLOCK_TIME_INIT; + +- ++ const guchar *data = tsu; ++ gint length = tsu_len; + gboolean success = scan_rfc3164_timestamp(&data, &length, &wct); + ++ cr_assert(length >= 0); ++ cr_assert(data == &tsu[tsu_len - length]); ++ + unix_time_unset(&stamp); + convert_wall_clock_time_to_unix_time(&wct, &stamp); + +@@ -71,16 +75,21 @@ _parse_rfc3164(const gchar *ts, gchar isotimestamp[32]) + } + + static gboolean +-_parse_rfc5424(const gchar *ts, gchar isotimestamp[32]) ++_parse_rfc5424(const gchar *ts, gint len, gchar isotimestamp[32]) + { + UnixTime stamp; +- const guchar *data = (const guchar *) ts; +- gint length = strlen(ts); ++ const guchar *tsu = (const guchar *) ts; ++ gint tsu_len = len < 0 ? strlen(ts) : len; + GString *result = g_string_new(""); + WallClockTime wct = WALL_CLOCK_TIME_INIT; + ++ const guchar *data = tsu; ++ gint length = tsu_len; + gboolean success = scan_rfc5424_timestamp(&data, &length, &wct); + ++ cr_assert(length >= 0); ++ cr_assert(data == &tsu[tsu_len - length]); ++ + unix_time_unset(&stamp); + convert_wall_clock_time_to_unix_time(&wct, &stamp); + +@@ -91,31 +100,60 @@ _parse_rfc5424(const gchar *ts, gchar isotimestamp[32]) + } + + static gboolean +-_rfc3164_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32]) ++_rfc3164_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32]) + { +- cr_assert(_parse_rfc3164(ts, converted)); ++ cr_assert(_parse_rfc3164(ts, len, converted)); + return strcmp(converted, expected) == 0; + } + + static gboolean +-_rfc5424_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32]) ++_rfc5424_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32]) + { +- cr_assert(_parse_rfc5424(ts, converted)); ++ cr_assert(_parse_rfc5424(ts, len, converted)); + return strcmp(converted, expected) == 0; + } + + #define _expect_rfc3164_timestamp_eq(ts, expected) \ + ({ \ + gchar converted[32]; \ +- cr_expect(_rfc3164_timestamp_eq(ts, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ cr_expect(_rfc3164_timestamp_eq(ts, -1, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc3164_timestamp_len_eq(ts, len, expected) \ ++ ({ \ ++ gchar converted[32]; \ ++ cr_expect(_rfc3164_timestamp_eq(ts, len, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc3164_fails(ts, len) \ ++ ({ \ ++ WallClockTime wct = WALL_CLOCK_TIME_INIT; \ ++ const guchar *data = (guchar *) ts; \ ++ gint length = len < 0 ? strlen(ts) : len; \ ++ cr_assert_not(scan_rfc3164_timestamp(&data, &length, &wct)); \ + }) + + #define _expect_rfc5424_timestamp_eq(ts, expected) \ + ({ \ + gchar converted[32]; \ +- cr_expect(_rfc5424_timestamp_eq(ts, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ cr_expect(_rfc5424_timestamp_eq(ts, -1, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc5424_timestamp_len_eq(ts, len, expected) \ ++ ({ \ ++ gchar converted[32]; \ ++ cr_expect(_rfc5424_timestamp_eq(ts, len, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc5424_fails(ts, len) \ ++ ({ \ ++ WallClockTime wct = WALL_CLOCK_TIME_INIT; \ ++ const guchar *data = (guchar *) ts; \ ++ gint length = len < 0 ? strlen(ts) : len; \ ++ cr_assert_not(scan_rfc5424_timestamp(&data, &length, &wct)); \ + }) + ++ + Test(parse_timestamp, standard_bsd_format) + { + _expect_rfc3164_timestamp_eq("Oct 1 17:46:12", "2017-10-01T17:46:12.000+02:00"); +@@ -164,6 +202,68 @@ Test(parse_timestamp, standard_bsd_format_year_in_the_past) + _expect_rfc3164_timestamp_eq("Dec 31 17:46:12", "2017-12-31T17:46:12.000+01:00"); + } + ++Test(parse_timestamp, non_zero_terminated_rfc3164_iso_input_is_handled_properly) ++{ ++ gchar *ts = "2022-08-17T05:02:28.417Z whatever"; ++ gint ts_len = 24; ++ ++ _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00"); ++ ++ /* no "Z" parsed, timezone defaults to local, forced CET */ ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00"); ++ ++ /* msec is partially parsed as we trim the string from the right */ ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00"); ++ ++ for (gint i = 6; i < ts_len; i++) ++ _expect_rfc3164_fails(ts, ts_len - i); ++ ++} ++ ++Test(parse_timestamp, non_zero_terminated_rfc3164_bsd_pix_or_asa_input_is_handled_properly) ++{ ++ gchar *ts = "Aug 17 2022 05:02:28: whatever"; ++ gint ts_len = 21; ++ ++ _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.000+02:00"); ++ ++ /* no ":" at the end, that's a problem, unrecognized */ ++ _expect_rfc3164_fails(ts, ts_len - 1); ++ ++ for (gint i = 1; i < ts_len; i++) ++ _expect_rfc3164_fails(ts, ts_len - i); ++} ++ ++Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) ++{ ++ gchar *ts = "2022-08-17T05:02:28.417Z whatever"; ++ gint ts_len = 24; ++ ++ _expect_rfc5424_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00"); ++ ++ /* no "Z" parsed, timezone defaults to local, forced CET */ ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00"); ++ ++ /* msec is partially parsed as we trim the string from the right */ ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00"); ++ ++ for (gint i = 6; i < ts_len; i++) ++ _expect_rfc5424_fails(ts, ts_len - i); ++ ++} ++ + + Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) + { +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch new file mode 100644 index 0000000000..81e36c6501 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch @@ -0,0 +1,180 @@ +From 09f489c89c826293ff8cbd282cfc866ab56054c4 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:29:43 +0200 +Subject: [PATCH 6/8] timeutils: name repeating constant +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 54 ++++++++++++++++++---------------- + 1 file changed, 29 insertions(+), 25 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 4fbe94a36..d22d50973 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -34,41 +34,43 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) + { + *wday = -1; + +- if (*left < 3) ++ const gsize abbrev_length = 3; ++ ++ if (*left < abbrev_length) + return FALSE; + + switch (**buf) + { + case 'S': +- if (strncasecmp(*buf, "Sun", 3) == 0) ++ if (strncasecmp(*buf, "Sun", abbrev_length) == 0) + *wday = 0; +- else if (strncasecmp(*buf, "Sat", 3) == 0) ++ else if (strncasecmp(*buf, "Sat", abbrev_length) == 0) + *wday = 6; + else + return FALSE; + break; + case 'M': +- if (strncasecmp(*buf, "Mon", 3) == 0) ++ if (strncasecmp(*buf, "Mon", abbrev_length) == 0) + *wday = 1; + else + return FALSE; + break; + case 'T': +- if (strncasecmp(*buf, "Tue", 3) == 0) ++ if (strncasecmp(*buf, "Tue", abbrev_length) == 0) + *wday = 2; +- else if (strncasecmp(*buf, "Thu", 3) == 0) ++ else if (strncasecmp(*buf, "Thu", abbrev_length) == 0) + *wday = 4; + else + return FALSE; + break; + case 'W': +- if (strncasecmp(*buf, "Wed", 3) == 0) ++ if (strncasecmp(*buf, "Wed", abbrev_length) == 0) + *wday = 3; + else + return FALSE; + break; + case 'F': +- if (strncasecmp(*buf, "Fri", 3) == 0) ++ if (strncasecmp(*buf, "Fri", abbrev_length) == 0) + *wday = 5; + else + return FALSE; +@@ -77,8 +79,8 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) + return FALSE; + } + +- (*buf) += 3; +- (*left) -= 3; ++ (*buf) += abbrev_length; ++ (*left) -= abbrev_length; + return TRUE; + } + +@@ -87,63 +89,65 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) + { + *mon = -1; + +- if (*left < 3) ++ const gsize abbrev_length = 3; ++ ++ if (*left < abbrev_length) + return FALSE; + + switch (**buf) + { + case 'J': +- if (strncasecmp(*buf, "Jan", 3) == 0) ++ if (strncasecmp(*buf, "Jan", abbrev_length) == 0) + *mon = 0; +- else if (strncasecmp(*buf, "Jun", 3) == 0) ++ else if (strncasecmp(*buf, "Jun", abbrev_length) == 0) + *mon = 5; +- else if (strncasecmp(*buf, "Jul", 3) == 0) ++ else if (strncasecmp(*buf, "Jul", abbrev_length) == 0) + *mon = 6; + else + return FALSE; + break; + case 'F': +- if (strncasecmp(*buf, "Feb", 3) == 0) ++ if (strncasecmp(*buf, "Feb", abbrev_length) == 0) + *mon = 1; + else + return FALSE; + break; + case 'M': +- if (strncasecmp(*buf, "Mar", 3) == 0) ++ if (strncasecmp(*buf, "Mar", abbrev_length) == 0) + *mon = 2; +- else if (strncasecmp(*buf, "May", 3) == 0) ++ else if (strncasecmp(*buf, "May", abbrev_length) == 0) + *mon = 4; + else + return FALSE; + break; + case 'A': +- if (strncasecmp(*buf, "Apr", 3) == 0) ++ if (strncasecmp(*buf, "Apr", abbrev_length) == 0) + *mon = 3; +- else if (strncasecmp(*buf, "Aug", 3) == 0) ++ else if (strncasecmp(*buf, "Aug", abbrev_length) == 0) + *mon = 7; + else + return FALSE; + break; + case 'S': +- if (strncasecmp(*buf, "Sep", 3) == 0) ++ if (strncasecmp(*buf, "Sep", abbrev_length) == 0) + *mon = 8; + else + return FALSE; + break; + case 'O': +- if (strncasecmp(*buf, "Oct", 3) == 0) ++ if (strncasecmp(*buf, "Oct", abbrev_length) == 0) + *mon = 9; + else + return FALSE; + break; + case 'N': +- if (strncasecmp(*buf, "Nov", 3) == 0) ++ if (strncasecmp(*buf, "Nov", abbrev_length) == 0) + *mon = 10; + else + return FALSE; + break; + case 'D': +- if (strncasecmp(*buf, "Dec", 3) == 0) ++ if (strncasecmp(*buf, "Dec", abbrev_length) == 0) + *mon = 11; + else + return FALSE; +@@ -152,8 +156,8 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) + return FALSE; + } + +- (*buf) += 3; +- (*left) -= 3; ++ (*buf) += abbrev_length; ++ (*left) -= abbrev_length; + return TRUE; + } + +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch new file mode 100644 index 0000000000..abb36fdf5f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch @@ -0,0 +1,81 @@ +From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:30:22 +0200 +Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 8 ++++++-- + lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++ + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index d22d50973..125264677 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length) + static gboolean + __has_iso_timezone(const guchar *src, gint length) + { +- return (length >= 5) && ++ return (length >= 6) && + (*src == '+' || *src == '-') && + isdigit(*(src+1)) && + isdigit(*(src+2)) && + *(src+3) == ':' && + isdigit(*(src+4)) && + isdigit(*(src+5)) && +- !isdigit(*(src+6)); ++ (length < 7 || !isdigit(*(src+6))); + } + + static guint32 + __parse_iso_timezone(const guchar **data, gint *length) + { ++ g_assert(*length >= 6); ++ + gint hours, mins; + const guchar *src = *data; + guint32 tz = 0; +@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length) + hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0'; + mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0'; + tz = sign * (hours * 3600 + mins * 60); ++ + src += 6; + (*length) -= 6; ++ + *data = src; + return tz; + } +diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c +index 468bbf779..d18bdc65d 100644 +--- a/lib/timeutils/tests/test_scan-timestamp.c ++++ b/lib/timeutils/tests/test_scan-timestamp.c +@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) + + } + ++Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only) ++{ ++ const gchar *ts = "2022-08-17T05:02:28.417+03:00"; ++ gint ts_len = strlen(ts); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts); ++} ++ + + Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) + { +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch new file mode 100644 index 0000000000..56c71e8a21 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch @@ -0,0 +1,45 @@ +From 56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:30:51 +0200 +Subject: [PATCH 8/8/] timeutils: fix out-of-bounds reading of data buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d] + +Signed-off-by: LĂ¡szlĂ³ VĂ¡rady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 125264677..c00d8e6a9 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -431,7 +431,7 @@ __parse_bsd_timestamp(const guchar **data, gint *length, WallClockTime *wct) + if (!scan_pix_timestamp((const gchar **) &src, &left, wct)) + return FALSE; + +- if (*src == ':') ++ if (left && *src == ':') + { + src++; + left--; +@@ -482,7 +482,7 @@ scan_rfc3164_timestamp(const guchar **data, gint *length, WallClockTime *wct) + * looking at you, skip that as well, so we can reliably detect IPv6 + * addresses as hostnames, which would be using ":" as well. */ + +- if (*src == ':') ++ if (left && *src == ':') + { + ++src; + --left; +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb b/meta-openembedded/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb index 40bbfe495a..045b9b71c9 100644 --- a/meta-openembedded/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb @@ -22,6 +22,14 @@ SRC_URI = "https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta file://volatiles.03_syslog-ng \ file://syslog-ng-tmp.conf \ file://syslog-ng.service-the-syslog-ng-service.patch \ + file://CVE-2022-38725-0001.patch \ + file://CVE-2022-38725-0002.patch \ + file://CVE-2022-38725-0003.patch \ + file://CVE-2022-38725-0004.patch \ + file://CVE-2022-38725-0005.patch \ + file://CVE-2022-38725-0006.patch \ + file://CVE-2022-38725-0007.patch \ + file://CVE-2022-38725-0008.patch \ " SRC_URI[sha256sum] = "90a25c9767fe749db50f118ddfc92ec71399763d2ecd5ad4f11ff5eea049e60b" diff --git a/meta-openembedded/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch b/meta-openembedded/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch deleted file mode 100644 index a5ea43f88b..0000000000 --- a/meta-openembedded/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5e8202458e41ba1f7801746c503fe7c60ae340d5 Mon Sep 17 00:00:00 2001 -From: kambe-mikb <77083885+kambe-mikb@users.noreply.github.com> -Date: Tue, 28 Sep 2021 17:40:18 +1000 -Subject: [PATCH] Fix for Issue 31 - -Fix Issue 31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0) - -Upstream-Status: Submitted [https://github.com/toddr/Crypt-OpenSSL-RSA/pull/32] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - RSA.xs | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/RSA.xs b/RSA.xs -index 46cb199..4f65dfc 100644 ---- a/RSA.xs -+++ b/RSA.xs -@@ -640,12 +640,16 @@ use_pkcs1_oaep_padding(p_rsa) - CODE: - p_rsa->padding = RSA_PKCS1_OAEP_PADDING; - -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+ - void - use_sslv23_padding(p_rsa) - rsaData* p_rsa; - CODE: - p_rsa->padding = RSA_SSLV23_PADDING; - -+#endif -+ - # Sign text. Returns the signature. - - SV* --- -2.33.1 - diff --git a/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb b/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb index fd92c8a8db..aa8d138f2c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb @@ -4,10 +4,9 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=a67ceecc5d9a91a5a0d003ba50c26346" SRC_URI = "http://www.cpan.org/modules/by-module/Crypt/Crypt-OpenSSL-RSA-${PV}.tar.gz \ - file://0001-Fix-for-Issue-31.patch \ " -SRC_URI[sha256sum] = "adc74f0ae125c77f65d5dd32abb9c3429300a79543bf263494f333f9c0b62a61" +SRC_URI[sha256sum] = "bdbe630f6d6f540325746ad99977272ac8664ff81bd19f0adaba6d6f45efd864" DEPENDS += "libcrypt-openssl-guess-perl-native openssl" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb index e7f7f0b47b..566279d71c 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" -SRC_URI[sha256sum] = "23a8208d75b902797ea29fd31fa80a15ed9dc2c6c16fe73f5d346f83f6fa27a2" +SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918" inherit pypi setuptools3 diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest new file mode 100644 index 0000000000..3385d68939 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}' diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb index fb86322f77..86705d2d8e 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb @@ -3,15 +3,16 @@ Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ Contributors." HOMEPAGE = "https://pillow.readthedocs.io" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1" -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.0.x;protocol=https \ +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \ file://0001-support-cross-compiling.patch \ file://0001-explicitly-set-compile-options.patch \ -" + file://run-ptest \ + " SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" -inherit setuptools3 +inherit setuptools3 ptest PIP_INSTALL_PACKAGE = "Pillow" PIP_INSTALL_DIST_PATH = "${S}/dist" @@ -31,12 +32,33 @@ RDEPENDS:${PN} += " \ ${PYTHON_PN}-numbers \ " +RDEPENDS:${PN}-ptest += " \ + bash \ + ghostscript \ + jpeg-tools \ + libwebp \ + ${PYTHON_PN}-core \ + ${PYTHON_PN}-distutils \ + ${PYTHON_PN}-image \ + ${PYTHON_PN}-mmap \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytest-timeout \ + ${PYTHON_PN}-resource \ + ${PYTHON_PN}-unixadmin\ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \ +" + CVE_PRODUCT = "pillow" S = "${WORKDIR}/git" RPROVIDES:${PN} += "python3-imaging" +do_install_ptest() { + install -d ${D}${PTEST_PATH}/Tests + cp -rf ${S}/Tests ${D}${PTEST_PATH}/ +} + BBCLASSEXTEND = "native" -SRCREV = "6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d" +SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da" diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb index 5c4de4ac2b..76b48e1ffc 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=53dbfa56f61b90215a inherit pypi setuptools3 -SRC_URI[sha256sum] = "71b2c3d1cd26ed1ec7c8196834143258b2ad7f444efff26fdc366c6f5e752702" +SRC_URI[sha256sum] = "2e3427429c9cffebf259491be0af70189607f365c2f41c7c3764af6f337105f2" # http://errors.yoctoproject.org/Errors/Details/184715/ # Can't find required file: ../src/google/protobuf/descriptor.proto diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch new file mode 100644 index 0000000000..baa833b6d2 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch @@ -0,0 +1,41 @@ +From 7188b06330e5260be20bce8cbcf0d5ae44e34eaf Mon Sep 17 00:00:00 2001 +From: Jon Dufresne <jon.dufresne@gmail.com> +Date: Fri, 1 Feb 2019 16:30:01 -0800 +Subject: [PATCH] Fix collections.abc deprecation warning in downloadutils + +Warning appears as: + +tests/test_downloadutils.py::test_stream_response_to_specific_filename + requests_toolbelt/downloadutils/stream.py:161: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working + if path and isinstance(getattr(path, 'write', None), collections.Callable): + +Upstream-Status: Backport [https://github.com/requests/toolbelt/commit/7188b06330e5260be20bce8cbcf0d5ae44e34eaf] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + requests_toolbelt/downloadutils/stream.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/requests_toolbelt/downloadutils/stream.py b/requests_toolbelt/downloadutils/stream.py +index eed60a7..1d1c31b 100644 +--- a/requests_toolbelt/downloadutils/stream.py ++++ b/requests_toolbelt/downloadutils/stream.py +@@ -1,6 +1,5 @@ + # -*- coding: utf-8 -*- + """Utilities for dealing with streamed requests.""" +-import collections + import os.path + import re + +@@ -158,7 +157,7 @@ def stream_response_to_file(response, path=None, chunksize=_DEFAULT_CHUNKSIZE): + pre_opened = False + fd = None + filename = None +- if path and isinstance(getattr(path, 'write', None), collections.Callable): ++ if path and callable(getattr(path, 'write', None)): + pre_opened = True + fd = path + filename = getattr(fd, 'name', None) +-- +2.25.1 + diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb index 366f41ca81..72ad7a6180 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb @@ -6,7 +6,8 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=71760e0f1dda8cff91b0bc9246caf571" SRC_URI = "file://run-ptest \ - " + file://0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch \ + " SRC_URI[md5sum] = "b1509735c4b4cf95df2619facbc3672e" SRC_URI[sha256sum] = "968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0" @@ -31,4 +32,4 @@ do_install_ptest() { # remove test test_multipart_encoder.py as it fails, # downloaded file is not supported rm -f ${D}${PTEST_PATH}/tests/test_multipart_encoder.py -} +} diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb index 37d498f52e..8b857d2f0c 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340" +SRC_URI[sha256sum] = "d8d45f1398ba84edd05bb33ca7593ac2989b17cb9c7a0cafe5442d41afdb2d7c" S = "${WORKDIR}/httpd-${PV}" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf index ff2c587046..0852a8859a 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf @@ -1,2 +1,2 @@ -d /var/run/apache2 0755 root root - +d /run/apache2 0755 root root - d /var/log/apache2 0755 root root - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch b/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch new file mode 100644 index 0000000000..f4bab49aa7 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch @@ -0,0 +1,30 @@ +From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 28 Aug 2022 14:24:02 -0700 +Subject: [PATCH] fastcgi: Use value instead of address of sin6_port + +This seems to be wrongly assigned where ipv4 sin_port is +equated to address of sin6_port and not value of sin6_port + +Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + plugins/fastcgi/fcgi_handler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c +index 9e095e3c..e8e1eec1 100644 +--- a/plugins/fastcgi/fcgi_handler.c ++++ b/plugins/fastcgi/fcgi_handler.c +@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler) + struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4; + memset(&addr4, 0, sizeof(addr4)); + addr4.sin_family = AF_INET; +- addr4.sin_port = &s->sin6_port; ++ addr4.sin_port = s->sin6_port; + memcpy(&addr4.sin_addr.s_addr, + s->sin6_addr.s6_addr + 12, + sizeof(addr4.sin_addr.s_addr)); +-- +2.37.2 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb index fff406a3f2..d3e22757c4 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb @@ -7,11 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93" SECTION = "net" -SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \ +SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \ + file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \ file://monkey.service \ file://monkey.init" -SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb" +SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c" +S = "${WORKDIR}/git" UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases" UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch new file mode 100644 index 0000000000..d151256b37 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch @@ -0,0 +1,319 @@ +From 91a3b5302d6a2467df70d3b43450991a53f9946b Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Wed, 16 Nov 2022 11:24:25 +0530 +Subject: [PATCH] CVE-2022-41741, CVE-2022-41742 + +Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea] +CVE: CVE-2022-41741, CVE-2022-41742 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +Mp4: disabled duplicate atoms. + +Most atoms should not appear more than once in a container. Previously, +this was not enforced by the module, which could result in worker process +crash, memory corruption and disclosure. +--- + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ + 1 file changed, 147 insertions(+) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 0e93fbd..4f4d89d 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_ERROR; + } + ++ if (mp4->ftyp_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); +@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_DECLINED; + } + ++ if (mp4->moov_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); + + if (atom_data_size > mp4->buffer_size) { +@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); + ++ if (mp4->mdat_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + data = &mp4->mdat_data_buf; + data->file = &mp4->file; + data->in_file = 1; +@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); + ++ if (mp4->mvhd_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_header = ngx_mp4_atom_header(mp4); + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; +@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->tkhd_size = atom_size; + + ngx_mp4_set_32value(tkhd_atom->size, atom_size); +@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->mdia_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->mdhd_size = atom_size; + trak->timescale = timescale; + +@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->hdlr_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->minf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->vmhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->smhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->dinf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stbl_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stsd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->time_to_sample_entries = entries; + + atom = &trak->stts_atom_buf; +@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sync sample entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sync_samples_entries = entries; + + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); +@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "composition offset entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->composition_offset_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); +@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_to_chunk_entries = entries; + + atom = &trak->stsc_atom_buf; +@@ -3024,6 +3144,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sample uniform size:%uD, entries:%uD", size, entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_sizes_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); +@@ -3207,6 +3334,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint32_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->stco_atom_buf; +@@ -3413,6 +3550,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint64_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->co64_atom_buf; +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb index d686c627f2..09a1b45591 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb @@ -1,6 +1,8 @@ require nginx.inc -SRC_URI += "file://CVE-2021-3618.patch" +SRC_URI += "file://CVE-2021-3618.patch \ + file://CVE-2022-41741-CVE-2022-41742.patch \ + " LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505" diff --git a/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch b/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch new file mode 100644 index 0000000000..707334a517 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch @@ -0,0 +1,37 @@ +From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev> +Date: Fri, 5 Aug 2022 20:18:16 -0300 +Subject: [PATCH] Fix not escaped title when using drag and drop upload +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: MaurĂcio Meneghini Fauth <mauricio@fauth.dev> + +Upstream-Status: Backport +CVE: CVE-2023-25727 + +Reference to upstream patch: +https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e + +Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> +--- + js/src/drag_drop_import.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js +index 55250c2..9b8710e 100644 +--- a/js/src/drag_drop_import.js ++++ b/js/src/drag_drop_import.js +@@ -130,7 +130,7 @@ var DragDropImport = { + var filename = $this.parent('span').attr('data-filename'); + $('body').append('<div class="pma_drop_result"><h2>' + + Messages.dropImportImportResultHeader + ' - ' + +- filename + '<span class="close">x</span></h2>' + value.message + '</div>'); ++ Functions.escapeHtml(filename) + '<span class="close">x</span></h2>' + value.message + '</div>'); + $('.pma_drop_result').draggable(); // to make this dialog draggable + } + }); +-- +2.39.1 + diff --git a/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb index 7ccc05ec3e..3f19194391 100644 --- a/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb +++ b/meta-openembedded/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ file://apache.conf \ + file://CVE-2023-25727.patch \ " SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f" diff --git a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb index aa4265f7b0..4a4e9f1883 100644 --- a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb +++ b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb @@ -9,7 +9,7 @@ inherit xfce features_check mime-xdg REQUIRED_DISTRO_FEATURES = "x11" SRC_URI += "file://0001-xsettings.xml-Set-default-themes.patch" -SRC_URI[sha256sum] = "4dd7cb420860535e687f673c0b5c0274e0d2fb67181281d4b85be9197da03d7e" +SRC_URI[sha256sum] = "7a4f74802486d7e77a1c9fa4fda19b13fc8a8dec3e5074f367e34fa82b40d28e" EXTRA_OECONF += "--enable-maintainer-mode --disable-debug" diff --git a/meta-openembedded/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch b/meta-openembedded/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch new file mode 100644 index 0000000000..8e58f73097 --- /dev/null +++ b/meta-openembedded/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch @@ -0,0 +1,190 @@ +From 203d62efefe6f79080863dda61593003b4c31f25 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@gnome.org> +Date: Thu, 13 Aug 2020 20:03:05 -0500 +Subject: [PATCH] libcroco parser: limit recursion in block and any productions + +If we don't have any limits, we can recurse forever and overflow the +stack. + +This is for CVE-2020-12825: Stack overflow in cr_parser_parse_any_core +in cr-parser.c. + +Bug: https://gitlab.gnome.org/Archive/libcroco/-/issues/8 +Patch from https://gitlab.gnome.org/Archive/libcroco/-/merge_requests/5 + +CVE: CVE-2020-12825 +Upstream Status: Backport [https://gitlab.com/inkscape/inkscape/-/commit/203d62efefe6f79080863dda61593003b4c31f25.patch] +--- + src/cr-parser.c | 44 ++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index d85e71f0fc..cd7b6ebd4a 100644 +--- a/src/cr-parser.c ++++ b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, &init_pos); + +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token); +@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + ref++; + goto continue_parsing; +@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + if (status == CR_OK) { + ref++; + goto continue_parsing; +@@ -1162,10 +1162,12 @@ + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; + * + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *@return CR_OK upon successfull completion, an error code otherwise. + */ + static enum CRStatus +-cr_parser_parse_any_core (CRParser * a_this) ++cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token1 = NULL, + *token2 = NULL; +@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this) + + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1); +@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this) + *We consider parameter as being an "any*" production. + */ + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +-- +GitLab diff --git a/meta-openembedded/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/meta-openembedded/meta/recipes-support/libcroco/libcroco_0.6.13.bb new file mode 100644 index 0000000000..fd5927e014 --- /dev/null +++ b/meta-openembedded/meta/recipes-support/libcroco/libcroco_0.6.13.bb @@ -0,0 +1,22 @@ +SUMMARY = "Cascading Style Sheet (CSS) parsing and manipulation toolkit" +HOMEPAGE = "http://www.gnome.org/" +BUGTRACKER = "https://bugzilla.gnome.org/" + +LICENSE = "LGPLv2 & LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605 \ + file://src/cr-rgb.c;endline=22;md5=31d5f0944d556c8589d04ea6055fcc66 \ + file://tests/cr-test-utils.c;endline=21;md5=2382c27934cae1d3792fcb17a6142c4e" + +SECTION = "x11/utils" +DEPENDS = "glib-2.0 libxml2 zlib" +BBCLASSEXTEND = "native nativesdk" +EXTRA_OECONF += "--enable-Bsymbolic=auto" + +BINCONFIG = "${bindir}/croco-0.6-config" + +inherit gnomebase gtk-doc binconfig-disabled + +SRC_URI += "file://CVE-2020-12825.patch" + +SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce" +SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4" |