diff options
Diffstat (limited to 'poky/meta/recipes-support')
30 files changed, 1199 insertions, 93 deletions
diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb index c830a92776..c66ff3a7da 100644 --- a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb +++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb @@ -9,7 +9,7 @@ SECTION = "console/utils" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN}" +SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/boost/boost-build-native_4.4.1.bb b/poky/meta/recipes-support/boost/boost-build-native_4.4.1.bb index 2de05369a8..de566eeb82 100644 --- a/poky/meta/recipes-support/boost/boost-build-native_4.4.1.bb +++ b/poky/meta/recipes-support/boost/boost-build-native_4.4.1.bb @@ -6,7 +6,7 @@ SECTION = "devel" LICENSE = "BSL-1.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" -SRC_URI = "git://github.com/boostorg/build;protocol=https" +SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master" SRCREV = "76da80f33187a3d9e5336157cdfae12ce82e37eb" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))" diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch new file mode 100644 index 0000000000..5c4a32f526 --- /dev/null +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch @@ -0,0 +1,80 @@ +From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 18 Oct 2021 12:05:49 +0200 +Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired + certificates." + +This avoids a dependency on python3-cryptography, and only checks +for expired certs (which is upstream concern, but not ours). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + debian/changelog | 1 - + debian/control | 2 +- + mozilla/certdata2pem.py | 11 ----------- + 3 files changed, 1 insertion(+), 13 deletions(-) + +diff --git a/debian/changelog b/debian/changelog +index 531e4d0..4006509 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low + - "Trustis FPS Root CA" + - "Staat der Nederlanden Root CA - G3" + * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) +- * mozilla/certdata2pem.py: print a warning for expired certificates. + + -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 + +diff --git a/debian/control b/debian/control +index 4434b7a..5c6ba24 100644 +--- a/debian/control ++++ b/debian/control +@@ -3,7 +3,7 @@ Section: misc + Priority: optional + Maintainer: Julien Cristau <jcristau@debian.org> + Build-Depends: debhelper-compat (= 13), po-debconf +-Build-Depends-Indep: python3, openssl, python3-cryptography ++Build-Depends-Indep: python3, openssl + Standards-Version: 4.5.0.2 + Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git + Vcs-Browser: https://salsa.debian.org/debian/ca-certificates +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py +index ede23d4..7d796f1 100644 +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -21,16 +21,12 @@ + # USA. + + import base64 +-import datetime + import os.path + import re + import sys + import textwrap + import io + +-from cryptography import x509 +- +- + objects = [] + + # Dirty file parser. +@@ -121,13 +117,6 @@ for obj in objects: + if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue +- +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\ +-- +2.20.1 + diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch deleted file mode 100644 index f343ebf16e..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -sbin/Makefile: Allow the sbin path to be configurable - -Some project sharing ca-certificates from Debian allow configuration -of the installation location. Make the sbin location configurable. - -Also ensure the target directory exists - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - ---- ca-certificates-20130119.orig/sbin/Makefile -+++ ca-certificates-20130119/sbin/Makefile -@@ -3,9 +3,12 @@ - # - # - -+SBINDIR = /usr/sbin -+ - all: - - clean: - - install: -- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ -+ install -d $(DESTDIR)$(SBINDIR) -+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch deleted file mode 100644 index f78790923c..0000000000 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch +++ /dev/null @@ -1,33 +0,0 @@ -update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir - -According to coreutils docs, mktemp -t is deprecated, switch to the ---tmpdir option instead. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] - -[This was originally for compatibility with toybox but toybox now -supports -t] ---- - sbin/update-ca-certificates | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 79c41bb..ae9e3f1 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -113,9 +113,9 @@ trap cleanup 0 - - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) --TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" --ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" -+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")" -+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the --- -2.1.4 diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index 363203854f..dbee7dc616 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb @@ -14,15 +14,14 @@ DEPENDS:class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" +SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" -SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" diff --git a/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch b/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch new file mode 100644 index 0000000000..2cbe110332 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch @@ -0,0 +1,34 @@ +CVE: CVE-2021-22945 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001 +From: z2_ on hackerone <> +Date: Tue, 24 Aug 2021 09:50:33 +0200 +Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds + +CVE-2021-22945 + +Bug: https://curl.se/docs/CVE-2021-22945.html +--- + lib/mqtt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/mqtt.c b/lib/mqtt.c +index f077e6c3d..fcd40b41e 100644 +--- a/lib/mqtt.c ++++ b/lib/mqtt.c +@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, + mq->sendleftovers = sendleftovers; + mq->nsend = nsend; + } ++ else { ++ mq->sendleftovers = NULL; ++ mq->nsend = 0; ++ } + return result; + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/cve-2021-22946.patch b/poky/meta/recipes-support/curl/curl/cve-2021-22946.patch new file mode 100644 index 0000000000..1a4b3e1144 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/cve-2021-22946.patch @@ -0,0 +1,332 @@ +CVE: CVE-2021-22946 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 089e18aefcee9b5093a96e9e1aa92751dde1f991 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Wed, 8 Sep 2021 11:56:22 +0200 +Subject: [PATCH 2/3] ftp,imap,pop3: do not ignore --ssl-reqd + +In imap and pop3, check if TLS is required even when capabilities +request has failed. + +In ftp, ignore preauthentication (230 status of server greeting) if TLS +is required. + +Bug: https://curl.se/docs/CVE-2021-22946.html + +CVE-2021-22946 +--- + lib/ftp.c | 9 ++++--- + lib/imap.c | 24 ++++++++---------- + lib/pop3.c | 33 +++++++++++------------- + tests/data/Makefile.inc | 2 ++ + tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ + tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ + 7 files changed, 195 insertions(+), 36 deletions(-) + create mode 100644 tests/data/test984 + create mode 100644 tests/data/test985 + create mode 100644 tests/data/test986 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 1a699de59..08d18ca74 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + /* we have now received a full FTP server response */ + switch(ftpc->state) { + case FTP_WAIT220: +- if(ftpcode == 230) +- /* 230 User logged in - already! */ +- return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ if(ftpcode == 230) { ++ /* 230 User logged in - already! Take as 220 if TLS required. */ ++ if(data->set.use_ssl <= CURLUSESSL_TRY || ++ conn->bits.ftp_use_control_ssl) ++ return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ } + else if(ftpcode != 220) { + failf(data, "Got a %03d ftp-server response when 220 was expected", + ftpcode); +diff --git a/lib/imap.c b/lib/imap.c +index ab4d412ee..efc0420ce 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, + line += wordlen; + } + } +- else if(imapcode == IMAP_RESP_OK) { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(imapc->tls_supported) +- /* Switch to TLS connection now */ +- result = imap_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = imap_perform_authentication(data, conn); +- else { +- failf(data, "STARTTLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } ++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ++ /* PREAUTH is not compatible with STARTTLS. */ ++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ++ /* Switch to TLS connection now */ ++ result = imap_perform_starttls(data, conn); + } +- else ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) + result = imap_perform_authentication(data, conn); ++ else { ++ failf(data, "STARTTLS not available."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + else + result = imap_perform_authentication(data, conn); +diff --git a/lib/pop3.c b/lib/pop3.c +index 5fdd6f3e0..f97e10eab 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -741,28 +741,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, + } + } + } +- else if(pop3code == '+') { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(pop3c->tls_supported) +- /* Switch to TLS connection now */ +- result = pop3_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = pop3_perform_authentication(data, conn); +- else { +- failf(data, "STLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } +- } +- else +- result = pop3_perform_authentication(data, conn); +- } + else { + /* Clear text is supported when CAPA isn't recognised */ +- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ++ if(pop3code != '+') ++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + +- result = pop3_perform_authentication(data, conn); ++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ++ result = pop3_perform_authentication(data, conn); ++ else if(pop3code == '+' && pop3c->tls_supported) ++ /* Switch to TLS connection now */ ++ result = pop3_perform_starttls(data, conn); ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) ++ /* Fallback and carry on with authentication */ ++ result = pop3_perform_authentication(data, conn); ++ else { ++ failf(data, "STLS not supported."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + + return result; +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 163696962..5cd092192 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + test972 \ + \ ++test984 test985 test986 \ ++\ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ + test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ +diff --git a/tests/data/test984 b/tests/data/test984 +new file mode 100644 +index 000000000..e573f23c1 +--- /dev/null ++++ b/tests/data/test984 +@@ -0,0 +1,56 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPABILITY A001 BAD Not implemented ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP require STARTTLS with failing capabilities ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test985 b/tests/data/test985 +new file mode 100644 +index 000000000..d0db4aadf +--- /dev/null ++++ b/tests/data/test985 +@@ -0,0 +1,54 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY CAPA -ERR Not implemented ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 require STARTTLS with failing capabilities ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++CAPA ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test986 b/tests/data/test986 +new file mode 100644 +index 000000000..a709437a4 +--- /dev/null ++++ b/tests/data/test986 +@@ -0,0 +1,53 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY welcome 230 Welcome ++REPLY AUTH 500 unknown command ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP require STARTTLS while preauthenticated ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 64 is CURLE_USE_SSL_FAILED ++<errorcode> ++64 ++</errorcode> ++<protocol> ++AUTH SSL ++AUTH TLS ++</protocol> ++</verify> ++</testcase> +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/cve-2021-22947.patch b/poky/meta/recipes-support/curl/curl/cve-2021-22947.patch new file mode 100644 index 0000000000..8a5031275a --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/cve-2021-22947.patch @@ -0,0 +1,355 @@ +CVE: CVE-2021-22947 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From aefa7370cb02801a571d51287d290d67068998b8 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat <patrick@monnerat.net> +Date: Tue, 7 Sep 2021 13:26:42 +0200 +Subject: [PATCH 3/3] ftp,imap,pop3,smtp: reject STARTTLS server response + pipelining + +If a server pipelines future responses within the STARTTLS response, the +former are preserved in the pingpong cache across TLS negotiation and +used as responses to the encrypted commands. + +This fix detects pipelined STARTTLS responses and rejects them with an +error. + +CVE-2021-22947 + +Bug: https://curl.se/docs/CVE-2021-22947.html +--- + lib/ftp.c | 3 +++ + lib/imap.c | 4 +++ + lib/pop3.c | 4 +++ + lib/smtp.c | 4 +++ + tests/data/Makefile.inc | 2 +- + tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ + tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ + tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 236 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test980 + create mode 100644 tests/data/test981 + create mode 100644 tests/data/test982 + create mode 100644 tests/data/test983 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 08d18ca74..0b9c9b732 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + case FTP_AUTH: + /* we have gotten the response to a previous AUTH command */ + ++ if(pp->cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ ++ + /* RFC2228 (page 5) says: + * + * If the server is willing to accept the named security mechanism, +diff --git a/lib/imap.c b/lib/imap.c +index efc0420ce..d1a48d7e3 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.imapc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(imapcode != IMAP_RESP_OK) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/pop3.c b/lib/pop3.c +index f97e10eab..a06acb7b8 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -772,6 +772,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.pop3c.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(pop3code != '+') { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/smtp.c b/lib/smtp.c +index 1a3da1559..9b9403b3d 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -835,6 +835,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.smtpc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(smtpcode != 220) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied, code %d", smtpcode); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 5cd092192..c524b993e 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + test972 \ + \ +-test984 test985 test986 \ ++test980 test981 test982 test983 test984 test985 test986 \ + \ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ +diff --git a/tests/data/test980 b/tests/data/test980 +new file mode 100644 +index 000000000..97567f856 +--- /dev/null ++++ b/tests/data/test980 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++SMTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++AUTH PLAIN ++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted ++REPLY AUTH 535 5.7.8 Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++smtp ++</server> ++ <name> ++SMTP STARTTLS pipelined server response ++ </name> ++<stdin> ++mail body ++</stdin> ++ <command> ++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++EHLO %TESTNUMBER ++STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test981 b/tests/data/test981 +new file mode 100644 +index 000000000..2b98ce42a +--- /dev/null ++++ b/tests/data/test981 +@@ -0,0 +1,59 @@ ++<testcase> ++<info> ++<keywords> ++IMAP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STARTTLS ++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted ++REPLY LOGIN A003 BAD Authentication credentials invalid ++</servercmd> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++imap ++</server> ++ <name> ++IMAP STARTTLS pipelined server response ++ </name> ++ <command> ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl ++</command> ++<file name="log/upload%TESTNUMBER"> ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar <foobar@example.COM> ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: <B27397-0100000@example.COM> ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++</file> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++A001 CAPABILITY ++A002 STARTTLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test982 b/tests/data/test982 +new file mode 100644 +index 000000000..9e07cc0b3 +--- /dev/null ++++ b/tests/data/test982 +@@ -0,0 +1,57 @@ ++<testcase> ++<info> ++<keywords> ++POP3 ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++CAPA STLS USER ++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated ++REPLY PASS -ERR Authentication credentials invalid ++</servercmd> ++<data nocheck="yes"> ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++</data> ++</reply> ++ ++# ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++pop3 ++</server> ++ <name> ++POP3 STARTTLS pipelined server response ++ </name> ++ <command> ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl ++ </command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++CAPA ++STLS ++</protocol> ++</verify> ++</testcase> +diff --git a/tests/data/test983 b/tests/data/test983 +new file mode 100644 +index 000000000..300ec459c +--- /dev/null ++++ b/tests/data/test983 +@@ -0,0 +1,52 @@ ++<testcase> ++<info> ++<keywords> ++FTP ++STARTTLS ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<servercmd> ++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete ++REPLY PASS 530 Login incorrect ++</servercmd> ++</reply> ++ ++# Client-side ++<client> ++<features> ++SSL ++</features> ++<server> ++ftp ++</server> ++ <name> ++FTP STARTTLS pipelined server response ++ </name> ++<file name="log/test%TESTNUMBER.txt"> ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++</file> ++ <command> ++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# 8 is CURLE_WEIRD_SERVER_REPLY ++<errorcode> ++8 ++</errorcode> ++<protocol> ++AUTH SSL ++</protocol> ++</verify> ++</testcase> +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl_7.78.0.bb b/poky/meta/recipes-support/curl/curl_7.78.0.bb index dece0babb2..3f736d8da6 100644 --- a/poky/meta/recipes-support/curl/curl_7.78.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.78.0.bb @@ -11,6 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b" SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://cve-2021-22945.patch \ + file://cve-2021-22946.patch \ + file://cve-2021-22947.patch \ " SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a" diff --git a/poky/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb b/poky/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb index 15d097ebed..509a0a0ddc 100644 --- a/poky/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb +++ b/poky/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb @@ -8,7 +8,7 @@ SECTION = "support" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8a7c3499a1142df819e727253cd53a12" -SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix" +SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))" SRCREV = "72596f0ae21faa25a07a872d4843bc885475115d" diff --git a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb index 10200f539f..8cd27e9075 100644 --- a/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb +++ b/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb @@ -9,7 +9,7 @@ LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \ file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4" -SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http \ +SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master \ file://0001-fix-non-literal-format-string-issue-with-clang.patch \ " SRCREV = "e346cd4ed2e2102c9b195b614f3c642d23f5f6e7" diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb b/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb index ae30a7a100..fcf80e4809 100644 --- a/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb +++ b/poky/meta/recipes-support/libgit2/libgit2_1.1.1.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e" DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2" -SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1" +SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1;protocol=https" SRCREV = "8a0dc6783c340e61a44c179c48f832165ad2053c" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/libical/libical_3.0.10.bb b/poky/meta/recipes-support/libical/libical_3.0.10.bb index aa5f11e817..209a50217c 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.10.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.10.bb @@ -19,7 +19,7 @@ UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases" inherit cmake pkgconfig -DEPENDS:append:class-target = "libical-native" +DEPENDS:append:class-target = " libical-native" PACKAGECONFIG ??= "icu glib" PACKAGECONFIG[bdb] = ",-DCMAKE_DISABLE_FIND_PACKAGE_BDB=True,db" diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb index d9fbb5e9d6..b5d816f864 100644 --- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb +++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \ file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \ file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ " -SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \ +SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https \ file://0001-Makefile-restore-build-reproducibility.patch \ " SRCREV = "409828cfccf4b3b07edc40a7840a821ce074e2c3" diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb index 74bface4a1..27954ca6b1 100644 --- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb +++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb @@ -10,7 +10,7 @@ DEPENDS += "gperf-native" PV .= "+git${SRCPV}" SRCREV = "5822e50c2920ce597d038077dea4a0eedf193f86" -SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main \ +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main;protocol=https \ file://0001-configure.ac-Bump-version-to-2.5.99.patch \ file://0001-arch-Add-riscv32-architecture-support.patch \ file://0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch \ diff --git a/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb index 0a7b18ed08..589faacb05 100644 --- a/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb +++ b/poky/meta/recipes-support/libunistring/libunistring_0.9.10.bb @@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \ file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \ " +DEPENDS = "gperf-native" SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb b/poky/meta/recipes-support/lz4/lz4_1.9.3.bb index b22eea3156..a3c48bccfb 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.3.bb @@ -12,7 +12,7 @@ PE = "1" SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release \ +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ file://CVE-2021-3520.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" diff --git a/poky/meta/recipes-support/numactl/numactl_git.bb b/poky/meta/recipes-support/numactl/numactl_git.bb index 7b1b14d1d5..19f2293a51 100644 --- a/poky/meta/recipes-support/numactl/numactl_git.bb +++ b/poky/meta/recipes-support/numactl/numactl_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e SRCREV = "dd6de072c92c892a86e18c0fd0dfa1ba57a9a05d" PV = "2.0.14" -SRC_URI = "git://github.com/numactl/numactl \ +SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \ file://Fix-the-test-output-format.patch \ file://Makefile \ file://run-ptest \ diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb index 9cac87ed32..7fe3c37fde 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb @@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" -SRC_URI = "git://github.com/p11-glue/p11-kit" +SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https" SRCREV = "34826623f58399b24c21f1788e2cdaea34521b7b" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index 1d3c24a177..72922d8453 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -10,12 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa" PV .= "+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ +SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \ " S = "${WORKDIR}/git" -FILES:${PN} = "${bindir}/ptest-runner" +FILES:${PN} = "${bindir}/ptest-runner ${bindir}/ptest-runner-collect-system-data" EXTRA_OEMAKE = "-e MAKEFLAGS= CFLAGS="${CFLAGS} -DDEFAULT_DIRECTORY=\\\"${libdir}\\\""" @@ -25,6 +25,10 @@ do_compile () { do_install () { install -D -m 0755 ${S}/ptest-runner ${D}${bindir}/ptest-runner + install -D -m 0755 ${S}/ptest-runner-collect-system-data ${D}${bindir}/ptest-runner-collect-system-data } RDEPENDS:${PN}:append:libc-glibc = " libgcc" + +# pstree is called by ptest-runner-collect-system-data +RDEPENDS:${PN}:append = " pstree" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.14.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.14.bb index 6b79a3b040..222d7cc630 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.14.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.14.bb @@ -8,7 +8,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "sysfsutils openssl" -SRC_URI = "git://github.com/nhorman/rng-tools.git \ +SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ file://init \ file://default \ file://rngd.service \ diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index b2b830cc1f..2dca36a7df 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native" -SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https" +SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master" SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70" PV = "2.1" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch new file mode 100644 index 0000000000..ecfae0301e --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch @@ -0,0 +1,83 @@ +CVE: CVE-2021-3796 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 1160e5f74b229336502fc376416f21108d36cfc2 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 11 Sep 2021 21:14:20 +0200 +Subject: [PATCH] patch 8.2.3428: using freed memory when replacing + +Problem: Using freed memory when replacing. (Dhiraj Mishra) +Solution: Get the line pointer after calling ins_copychar(). +--- + src/normal.c | 10 +++++++--- + src/testdir/test_edit.vim | 14 ++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/src/normal.c b/src/normal.c +index c4963e621..d6333b948 100644 +--- a/src/normal.c ++++ b/src/normal.c +@@ -5009,19 +5009,23 @@ nv_replace(cmdarg_T *cap) + { + /* + * Get ptr again, because u_save and/or showmatch() will have +- * released the line. At the same time we let know that the +- * line will be changed. ++ * released the line. This may also happen in ins_copychar(). ++ * At the same time we let know that the line will be changed. + */ +- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y) + { + int c = ins_copychar(curwin->w_cursor.lnum + + (cap->nchar == Ctrl_Y ? -1 : 1)); ++ ++ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + if (c != NUL) + ptr[curwin->w_cursor.col] = c; + } + else ++ { ++ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); + ptr[curwin->w_cursor.col] = cap->nchar; ++ } + if (p_sm && msg_silent == 0) + showmatch(cap->nchar); + ++curwin->w_cursor.col; +diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim +index 4e29e7fe1..f94e6c181 100644 +--- a/src/testdir/test_edit.vim ++++ b/src/testdir/test_edit.vim +@@ -1519,3 +1519,17 @@ func Test_edit_noesckeys() + bwipe! + set esckeys + endfunc ++ ++" Test for getting the character of the line below after "p" ++func Test_edit_put_CTRL_E() ++ set encoding=latin1 ++ new ++ let @" = '' ++ sil! norm orggRx ++ sil! norm pr ++ call assert_equal(['r', 'r'], getline(1, 2)) ++ bwipe! ++ set encoding=utf-8 ++endfunc ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 85bdfc601..1046993d6 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3428, + /**/ + 3409, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch b/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch new file mode 100644 index 0000000000..576664f436 --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch @@ -0,0 +1,86 @@ +CVE: CVE-2021-3872 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 61629ea24a2fff1f89c37479d3fb52f17c3480fc Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Fri, 8 Oct 2021 18:39:28 +0100 +Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very + long + +Problem: Illegal memory access if buffer name is very long. +Solution: Make sure not to go over the end of the buffer. +--- + src/drawscreen.c | 10 +++++----- + src/testdir/test_statusline.vim | 11 +++++++++++ + src/version.c | 2 ++ + 3 files changed, 18 insertions(+), 5 deletions(-) + +diff --git a/src/drawscreen.c b/src/drawscreen.c +index 3a88ee979..9acb70552 100644 +--- a/src/drawscreen.c ++++ b/src/drawscreen.c +@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +- STRCPY(p + len, _("[Help]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); + len += (int)STRLEN(p + len); + } + #ifdef FEAT_QUICKFIX + if (wp->w_p_pvw) + { +- STRCPY(p + len, _("[Preview]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); + len += (int)STRLEN(p + len); + } + #endif +@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) + #endif + ) + { +- STRCPY(p + len, "[+]"); +- len += 3; ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ++ len += (int)STRLEN(p + len); + } + if (wp->w_buffer->b_p_ro) + { +- STRCPY(p + len, _("[RO]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); + len += (int)STRLEN(p + len); + } + +diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim +index 1f705b847..91bce1407 100644 +--- a/src/testdir/test_statusline.vim ++++ b/src/testdir/test_statusline.vim +@@ -393,3 +393,14 @@ func Test_statusline_visual() + bwipe! x1 + bwipe! x2 + endfunc ++" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. ++func Test_statusline_verylong_filename() ++ let fname = repeat('x', 4090) ++ exe "new " .. fname ++ set buftype=help ++ set previewwindow ++ redraw ++ bwipe! ++endfunc ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 1046993d6..2b5de5ccf 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3487, + /**/ + 3428, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch b/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch new file mode 100644 index 0000000000..045081579c --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch @@ -0,0 +1,72 @@ +CVE: CVE-2021-3875 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b8968e26d7508e7d64bfc86808142818b0a9288c Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 9 Oct 2021 13:58:55 +0100 +Subject: [PATCH] patch 8.2.3489: ml_get error after search with range + +Problem: ml_get error after search with range. +Solution: Limit the line number to the buffer line count. +--- + src/ex_docmd.c | 6 ++++-- + src/testdir/test_search.vim | 17 +++++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 23 insertions(+), 2 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fb07450f8..fde726477 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -3586,8 +3586,10 @@ get_address( + + // When '/' or '?' follows another address, start from + // there. +- if (lnum != MAXLNUM) +- curwin->w_cursor.lnum = lnum; ++ if (lnum > 0 && lnum != MAXLNUM) ++ curwin->w_cursor.lnum = ++ lnum > curbuf->b_ml.ml_line_count ++ ? curbuf->b_ml.ml_line_count : lnum; + + // Start a forward search at the end of the line (unless + // before the first line). +diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim +index 187671305..e142c3547 100644 +--- a/src/testdir/test_search.vim ++++ b/src/testdir/test_search.vim +@@ -1366,3 +1366,20 @@ func Test_searchdecl() + + bwipe! + endfunc ++ ++func Test_search_with_invalid_range() ++ new ++ let lines =<< trim END ++ /\%.v ++ 5/ ++ c ++ END ++ call writefile(lines, 'Xrangesearch') ++ source Xrangesearch ++ ++ bwipe! ++ call delete('Xrangesearch') ++endfunc ++ ++ ++" vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 2b5de5ccf..092864bbb 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3489, + /**/ + 3487, + /**/ diff --git a/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch b/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch new file mode 100644 index 0000000000..7184b37cad --- /dev/null +++ b/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch @@ -0,0 +1,97 @@ +CVE: CVE-2021-3903 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b15919c1fe0f7fc3d98ff5207ed2feb43c59009d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Mon, 25 Oct 2021 17:07:04 +0100 +Subject: [PATCH] patch 8.2.3564: invalid memory access when scrolling without + valid screen + +Problem: Invalid memory access when scrolling without a valid screen. +Solution: Do not set VALID_BOTLINE in w_valid. +--- + src/move.c | 1 - + src/testdir/test_normal.vim | 23 ++++++++++++++++++++--- + src/version.c | 2 ++ + 3 files changed, 22 insertions(+), 4 deletions(-) + +diff --git a/src/move.c b/src/move.c +index 8e53d8bcb..10165ef4d 100644 +--- a/src/move.c ++++ b/src/move.c +@@ -198,7 +198,6 @@ update_topline(void) + { + curwin->w_topline = curwin->w_cursor.lnum; + curwin->w_botline = curwin->w_topline; +- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; + curwin->w_scbind_pos = 1; + return; + } +diff --git a/src/testdir/test_normal.vim b/src/testdir/test_normal.vim +index d45cf4159..ca87928f5 100644 +--- a/src/testdir/test_normal.vim ++++ b/src/testdir/test_normal.vim +@@ -33,14 +33,14 @@ func CountSpaces(type, ...) + else + silent exe "normal! `[v`]y" + endif +- let g:a=strlen(substitute(@@, '[^ ]', '', 'g')) ++ let g:a = strlen(substitute(@@, '[^ ]', '', 'g')) + let &selection = sel_save + let @@ = reg_save + endfunc + + func OpfuncDummy(type, ...) + " for testing operatorfunc +- let g:opt=&linebreak ++ let g:opt = &linebreak + + if a:0 " Invoked from Visual mode, use gv command. + silent exe "normal! gvy" +@@ -51,7 +51,7 @@ func OpfuncDummy(type, ...) + endif + " Create a new dummy window + new +- let g:bufnr=bufnr('%') ++ let g:bufnr = bufnr('%') + endfunc + + fun! Test_normal00_optrans() +@@ -718,6 +718,23 @@ func Test_normal17_z_scroll_hor2() + bw! + endfunc + ++ ++func Test_scroll_in_ex_mode() ++ " This was using invalid memory because w_botline was invalid. ++ let lines =<< trim END ++ diffsplit ++ norm os00( ++ call writefile(['done'], 'Xdone') ++ qa! ++ END ++ call writefile(lines, 'Xscript') ++ call assert_equal(1, RunVim([], [], '--clean -X -Z -e -s -S Xscript')) ++ call assert_equal(['done'], readfile('Xdone')) ++ ++ call delete('Xscript') ++ call delete('Xdone') ++endfunc ++ + func Test_normal18_z_fold() + " basic tests for foldopen/folddelete + if !has("folding") +diff --git a/src/version.c b/src/version.c +index 092864bbb..a9e8be0e7 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3564, + /**/ + 3489, + /**/ diff --git a/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch b/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch index 769a7a07ac..544af04458 100644 --- a/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch +++ b/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch @@ -1,4 +1,4 @@ -From eb41373c8c88b0789e5cf04669d6116f9a199264 Mon Sep 17 00:00:00 2001 +From 6d351cec5b97cb72b226d03bd727e453a235ed8d Mon Sep 17 00:00:00 2001 From: Minjae Kim <flowergom@gmail.com> Date: Sun, 26 Sep 2021 23:48:00 +0000 Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 @@ -10,16 +10,18 @@ Solution: Check for NUL when advancing. Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] CVE: CVE-2021-3778 Signed-off-by: Minjae Kim <flowergom@gmail.com> + --- src/regexp_nfa.c | 3 ++- src/testdir/test_regexp_utf8.vim | 7 +++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) + src/version.c | 2 ++ + 3 files changed, 11 insertions(+), 1 deletion(-) -Index: git/src/regexp_nfa.c -=================================================================== ---- git.orig/src/regexp_nfa.c -+++ git/src/regexp_nfa.c -@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int re +diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c +index fb512f961..ace83a1a3 100644 +--- a/src/regexp_nfa.c ++++ b/src/regexp_nfa.c +@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) match = FALSE; break; } @@ -29,10 +31,10 @@ Index: git/src/regexp_nfa.c } if (match // check that no composing char follows -Index: git/src/testdir/test_regexp_utf8.vim -=================================================================== ---- git.orig/src/testdir/test_regexp_utf8.vim -+++ git/src/testdir/test_regexp_utf8.vim +diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim +index 19ff882be..e0665818b 100644 +--- a/src/testdir/test_regexp_utf8.vim ++++ b/src/testdir/test_regexp_utf8.vim @@ -215,3 +215,10 @@ func Test_optmatch_toolong() set re=0 endfunc @@ -44,3 +46,16 @@ Index: git/src/testdir/test_regexp_utf8.vim + bwipe! + call delete('Xinvalid') +endfunc +diff --git a/src/version.c b/src/version.c +index 8912f6215..85bdfc601 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3409, + /**/ + 3402, + /**/ diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index db1e9caf4d..943856e07c 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -11,15 +11,19 @@ RSUGGESTS:${PN} = "diffutils" LICENSE = "vim" LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a" -SRC_URI = "git://github.com/vim/vim.git \ +SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ - file://CVE-2021-3778.patch \ -" + file://CVE-2021-3778.patch \ + file://0002-patch-8.2.3428-using-freed-memory-when-replacing.patch \ + file://0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch \ + file://0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch \ + file://0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch \ + " SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" diff --git a/poky/meta/recipes-support/xxhash/xxhash_0.8.0.bb b/poky/meta/recipes-support/xxhash/xxhash_0.8.0.bb index 4e48365a71..686fbea591 100644 --- a/poky/meta/recipes-support/xxhash/xxhash_0.8.0.bb +++ b/poky/meta/recipes-support/xxhash/xxhash_0.8.0.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/" LICENSE = "BSD-2-Clause & GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=b335320506abb0505437e39295e799cb" -SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=git \ +SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=https \ file://0001-Makefile-escape-special-regex-characters-in-paths.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" |