diff options
Diffstat (limited to 'poky/meta/recipes-support')
30 files changed, 1026 insertions, 122 deletions
diff --git a/poky/meta/recipes-support/apr/apr_1.7.3.bb b/poky/meta/recipes-support/apr/apr_1.7.4.bb index 9a93fe0967..e571469341 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.3.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.4.bb @@ -24,7 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ " -SRC_URI[sha256sum] = "455e218c060c474f2c834816873f6ed69c0cf0e4cfee54282cc93e8e989ee59e" +SRC_URI[sha256sum] = "fc648de983f3a2a6c9e78dea1f180639bd2fad6c06d556d4367a701fe5c35577" inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch new file mode 100644 index 0000000000..c843a18174 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch @@ -0,0 +1,38 @@ +From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 8 May 2023 14:33:54 +0200 +Subject: [PATCH] libssh2: free fingerprint better + +Reported-by: Wei Chong Tan +Closes #11088 + +CVE: CVE-2023-28319 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + +--- + lib/vssh/libssh2.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c +index bfcc94e16..dd39a844c 100644 +--- a/lib/vssh/libssh2.c ++++ b/lib/vssh/libssh2.c +@@ -728,11 +728,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) + */ + if((pub_pos != b64_pos) || + strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { +- free(fingerprint_b64); +- + failf(data, + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); ++ free(fingerprint_b64); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch new file mode 100644 index 0000000000..3c06d8c518 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch @@ -0,0 +1,80 @@ +From e442feb37ba25c80b8480b908d1c570fd9f41c5e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 16 May 2023 23:40:42 +0200 +Subject: [PATCH] hostip: include easy_lock.h before using + GLOBAL_INIT_IS_THREADSAFE + +Since that header file is the only place that define can be defined. + +Reported-by: Marc Deslauriers + +Follow-up to 13718030ad4b3209 + +Closes #11121 + +CVE: CVE-2023-28320 +Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269] + +(cherry picked from commit f446258f0269a62289cca0210157cb8558d0edc3) +Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com> + +--- + lib/hostip.c | 10 ++++------ + lib/hostip.h | 9 --------- + 2 files changed, 4 insertions(+), 15 deletions(-) + +diff --git a/lib/hostip.c b/lib/hostip.c +index d6906a2e8..2d26b5628 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -70,6 +70,8 @@ + #include <SystemConfiguration/SCDynamicStoreCopySpecific.h> + #endif + ++#include "easy_lock.h" ++ + #if defined(CURLRES_SYNCH) && \ + defined(HAVE_ALARM) && \ + defined(SIGALRM) && \ +@@ -79,10 +81,6 @@ + #define USE_ALARM_TIMEOUT + #endif + +-#ifdef USE_ALARM_TIMEOUT +-#include "easy_lock.h" +-#endif +- + #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */ + + /* +@@ -265,8 +263,8 @@ void Curl_hostcache_prune(struct Curl_easy *data) + /* Beware this is a global and unique instance. This is used to store the + return address that we can jump back to from inside a signal handler. This + is not thread-safe stuff. */ +-sigjmp_buf curl_jmpenv; +-curl_simple_lock curl_jmpenv_lock; ++static sigjmp_buf curl_jmpenv; ++static curl_simple_lock curl_jmpenv_lock; + #endif + + /* lookup address, returns entry if found and not stale */ +diff --git a/lib/hostip.h b/lib/hostip.h +index 4b5481f65..0dd19e87c 100644 +--- a/lib/hostip.h ++++ b/lib/hostip.h +@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, + #define CURL_INADDR_NONE INADDR_NONE + #endif + +-#ifdef HAVE_SIGSETJMP +-/* Forward-declaration of variable defined in hostip.c. Beware this +- * is a global and unique instance. This is used to store the return +- * address that we can jump back to from inside a signal handler. +- * This is not thread-safe stuff. +- */ +-extern sigjmp_buf curl_jmpenv; +-#endif +- + /* + * Function provided by the resolver backend to set DNS servers to use. + */ diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch new file mode 100644 index 0000000000..c7cfd6a42f --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch @@ -0,0 +1,88 @@ +From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001 +From: Harry Sintonen <sintonen@iki.fi> +Date: Tue, 25 Apr 2023 09:22:26 +0200 +Subject: [PATCH] hostip: add locks around use of global buffer for alarm() + +When building with the sync name resolver and timeout ability we now +require thread-safety to be present to enable it. + +Closes #11030 + +CVE: CVE-2023-28320 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/13718030ad4b3209a7583b] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/hostip.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/lib/hostip.c b/lib/hostip.c +index 2381290fd..e410cda69 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -70,12 +70,19 @@ + #include <SystemConfiguration/SCDynamicStoreCopySpecific.h> + #endif + +-#if defined(CURLRES_SYNCH) && \ +- defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP) ++#if defined(CURLRES_SYNCH) && \ ++ defined(HAVE_ALARM) && \ ++ defined(SIGALRM) && \ ++ defined(HAVE_SIGSETJMP) && \ ++ defined(GLOBAL_INIT_IS_THREADSAFE) + /* alarm-based timeouts can only be used with all the dependencies satisfied */ + #define USE_ALARM_TIMEOUT + #endif + ++#ifdef USE_ALARM_TIMEOUT ++#include "easy_lock.h" ++#endif ++ + #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */ + + /* +@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data) + Curl_share_unlock(data, CURL_LOCK_DATA_DNS); + } + +-#ifdef HAVE_SIGSETJMP ++#ifdef USE_ALARM_TIMEOUT + /* Beware this is a global and unique instance. This is used to store the + return address that we can jump back to from inside a signal handler. This + is not thread-safe stuff. */ + sigjmp_buf curl_jmpenv; ++curl_simple_lock curl_jmpenv_lock; + #endif + + /* lookup address, returns entry if found and not stale */ +@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, + static + void alarmfunc(int sig) + { +- /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */ + (void)sig; + siglongjmp(curl_jmpenv, 1); + } +@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, + This should be the last thing we do before calling Curl_resolv(), + as otherwise we'd have to worry about variables that get modified + before we invoke Curl_resolv() (and thus use "volatile"). */ ++ curl_simple_lock_lock(&curl_jmpenv_lock); ++ + if(sigsetjmp(curl_jmpenv, 1)) { + /* this is coming from a siglongjmp() after an alarm signal */ + failf(data, "name lookup timed out"); +@@ -980,6 +989,8 @@ clean_up: + #endif + #endif /* HAVE_SIGACTION */ + ++ curl_simple_lock_unlock(&curl_jmpenv_lock); ++ + /* switch back the alarm() to either zero or to what it was before minus + the time we spent until now! */ + if(prev_alarm) { +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch new file mode 100644 index 0000000000..d328d83afa --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch @@ -0,0 +1,111 @@ +From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 24 Apr 2023 21:07:02 +0200 +Subject: [PATCH] hostcheck: fix host name wildcard checking + +The leftmost "label" of the host name can now only match against single +'*'. Like the browsers have worked for a long time. + +Reported-by: Hiroki Kurosawa +Closes #11018 + +CVE: CVE-2023-28321 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/199f2d440d8659b42] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/vtls/hostcheck.c | 50 +++++++-------- + 1 file changed, 202 insertions(+), 180 deletions(-) + +diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c +index e827dc58f..d061c6356 100644 +--- a/lib/vtls/hostcheck.c ++++ b/lib/vtls/hostcheck.c +@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen, + * apparent distinction between a name and an IP. We need to detect the use of + * an IP address and not wildcard match on such names. + * ++ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor ++ * "*b". ++ * + * Return TRUE on a match. FALSE if not. ++ * ++ * @unittest: 1397 + */ + + static bool hostmatch(const char *hostname, +@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname, + const char *pattern, + size_t patternlen) + { +- const char *pattern_label_end, *wildcard, *hostname_label_end; +- size_t prefixlen, suffixlen; ++ const char *pattern_label_end; + +- /* normalize pattern and hostname by stripping off trailing dots */ ++ DEBUGASSERT(pattern); + DEBUGASSERT(patternlen); ++ DEBUGASSERT(hostname); ++ DEBUGASSERT(hostlen); ++ ++ /* normalize pattern and hostname by stripping off trailing dots */ + if(hostname[hostlen-1]=='.') + hostlen--; + if(pattern[patternlen-1]=='.') + patternlen--; + +- wildcard = memchr(pattern, '*', patternlen); +- if(!wildcard) ++ if(strncmp(pattern, "*.", 2)) + return pmatch(hostname, hostlen, pattern, patternlen); + + /* detect IP address as hostname and fail the match if so */ +- if(Curl_host_is_ipnum(hostname)) ++ else if(Curl_host_is_ipnum(hostname)) + return FALSE; + + /* We require at least 2 dots in the pattern to avoid too wide wildcard + match. */ + pattern_label_end = memchr(pattern, '.', patternlen); + if(!pattern_label_end || +- (memrchr(pattern, '.', patternlen) == pattern_label_end) || +- strncasecompare(pattern, "xn--", 4)) ++ (memrchr(pattern, '.', patternlen) == pattern_label_end)) + return pmatch(hostname, hostlen, pattern, patternlen); +- +- hostname_label_end = memchr(hostname, '.', hostlen); +- if(!hostname_label_end) +- return FALSE; + else { +- size_t skiphost = hostname_label_end - hostname; +- size_t skiplen = pattern_label_end - pattern; +- if(!pmatch(hostname_label_end, hostlen - skiphost, +- pattern_label_end, patternlen - skiplen)) +- return FALSE; ++ const char *hostname_label_end = memchr(hostname, '.', hostlen); ++ if(hostname_label_end) { ++ size_t skiphost = hostname_label_end - hostname; ++ size_t skiplen = pattern_label_end - pattern; ++ return pmatch(hostname_label_end, hostlen - skiphost, ++ pattern_label_end, patternlen - skiplen); ++ } + } +- /* The wildcard must match at least one character, so the left-most +- label of the hostname is at least as large as the left-most label +- of the pattern. */ +- if(hostname_label_end - hostname < pattern_label_end - pattern) +- return FALSE; +- +- prefixlen = wildcard - pattern; +- suffixlen = pattern_label_end - (wildcard + 1); +- return strncasecompare(pattern, hostname, prefixlen) && +- strncasecompare(wildcard + 1, hostname_label_end - suffixlen, +- suffixlen) ? TRUE : FALSE; ++ return FALSE; + } + + /* +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28322.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28322.patch new file mode 100644 index 0000000000..d0786d7a4b --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28322.patch @@ -0,0 +1,441 @@ +From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 25 Apr 2023 08:28:01 +0200 +Subject: [PATCH] lib: unify the upload/method handling + +By making sure we set state.upload based on the set.method value and not +independently as set.upload, we reduce confusion and mixup risks, both +internally and externally. + +Closes #11017 + +CVE: CVE-2023-28322 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + +--- + lib/curl_rtmp.c | 4 ++-- + lib/file.c | 4 ++-- + lib/ftp.c | 8 ++++---- + lib/http.c | 4 ++-- + lib/imap.c | 6 +++--- + lib/rtsp.c | 4 ++-- + lib/setopt.c | 6 ++---- + lib/smb.c | 6 +++--- + lib/smtp.c | 4 ++-- + lib/tftp.c | 8 ++++---- + lib/transfer.c | 4 ++-- + lib/urldata.h | 2 +- + lib/vssh/libssh.c | 6 +++--- + lib/vssh/libssh2.c | 6 +++--- + lib/vssh/wolfssh.c | 2 +- + 15 files changed, 36 insertions(+), 38 deletions(-) + +diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c +index 2679a2cdc..406fb42ac 100644 +--- a/lib/curl_rtmp.c ++++ b/lib/curl_rtmp.c +@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done) + /* We have to know if it's a write before we send the + * connect request packet + */ +- if(data->set.upload) ++ if(data->state.upload) + r->Link.protocol |= RTMP_FEATURE_WRITE; + + /* For plain streams, use the buffer toggle trick to keep data flowing */ +@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done) + if(!RTMP_ConnectStream(r, 0)) + return CURLE_FAILED_INIT; + +- if(data->set.upload) { ++ if(data->state.upload) { + Curl_pgrsSetUploadSize(data, data->state.infilesize); + Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); + } +diff --git a/lib/file.c b/lib/file.c +index 51c5d07ce..c751e8861 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) + file->freepath = real_path; /* free this when done */ + + file->fd = fd; +- if(!data->set.upload && (fd == -1)) { ++ if(!data->state.upload && (fd == -1)) { + failf(data, "Couldn't open file %s", data->state.up.path); + file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE); + return CURLE_FILE_COULDNT_READ_FILE; +@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) + + Curl_pgrsStartNow(data); + +- if(data->set.upload) ++ if(data->state.upload) + return file_upload(data); + + file = data->req.p.file; +diff --git a/lib/ftp.c b/lib/ftp.c +index f50d7baf6..4ff68cc45 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -1348,7 +1348,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data) + data->set.str[STRING_CUSTOMREQUEST]? + data->set.str[STRING_CUSTOMREQUEST]: + (data->state.list_only?"NLST":"LIST")); +- else if(data->set.upload) ++ else if(data->state.upload) + result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s", + conn->proto.ftpc.file); + else +@@ -3384,7 +3384,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, + /* the response code from the transfer showed an error already so no + use checking further */ + ; +- else if(data->set.upload) { ++ else if(data->state.upload) { + if((-1 != data->state.infilesize) && + (data->state.infilesize != data->req.writebytecount) && + !data->set.crlf && +@@ -3640,7 +3640,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) + connected back to us */ + } + } +- else if(data->set.upload) { ++ else if(data->state.upload) { + result = ftp_nb_type(data, conn, data->state.prefer_ascii, + FTP_STOR_TYPE); + if(result) +@@ -4225,7 +4225,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) + ftpc->file = NULL; /* instead of point to a zero byte, + we make it a NULL pointer */ + +- if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { ++ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { + /* We need a file name when uploading. Return error! */ + failf(data, "Uploading to a URL without a file name"); + free(rawPath); +diff --git a/lib/http.c b/lib/http.c +index 80e43f6f3..bffdd3468 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2112,7 +2112,7 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn, + Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq; + const char *request; + if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && +- data->set.upload) ++ data->state.upload) + httpreq = HTTPREQ_PUT; + + /* Now set the 'request' pointer to the proper request string */ +@@ -2423,7 +2423,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && + http->postsize < 0) || +- ((data->set.upload || httpreq == HTTPREQ_POST) && ++ ((data->state.upload || httpreq == HTTPREQ_POST) && + data->state.infilesize == -1))) { + if(conn->bits.authneg) + /* don't enable chunked during auth neg */ +diff --git a/lib/imap.c b/lib/imap.c +index c2f675d4b..1952e66a1 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status, + result = status; /* use the already set error code */ + } + else if(!data->set.connect_only && !imap->custom && +- (imap->uid || imap->mindex || data->set.upload || ++ (imap->uid || imap->mindex || data->state.upload || + data->set.mimepost.kind != MIMEKIND_NONE)) { + /* Handle responses after FETCH or APPEND transfer has finished */ + +- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) ++ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE) + state(data, IMAP_FETCH_FINAL); + else { + /* End the APPEND command first by sending an empty line */ +@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected, + selected = TRUE; + + /* Start the first command in the DO phase */ +- if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) ++ if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE) + /* APPEND can be executed directly */ + result = imap_perform_append(data); + else if(imap->custom && (selected || !imap->mailbox)) +diff --git a/lib/rtsp.c b/lib/rtsp.c +index ea99d720e..ccd7264b0 100644 +--- a/lib/rtsp.c ++++ b/lib/rtsp.c +@@ -493,7 +493,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) + rtspreq == RTSPREQ_SET_PARAMETER || + rtspreq == RTSPREQ_GET_PARAMETER) { + +- if(data->set.upload) { ++ if(data->state.upload) { + putsize = data->state.infilesize; + data->state.httpreq = HTTPREQ_PUT; + +@@ -512,7 +512,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) + result = + Curl_dyn_addf(&req_buffer, + "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", +- (data->set.upload ? putsize : postsize)); ++ (data->state.upload ? putsize : postsize)); + if(result) + return result; + } +diff --git a/lib/setopt.c b/lib/setopt.c +index 38f5711e4..0c3b9634d 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -333,8 +333,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + * We want to sent data to the remote host. If this is HTTP, that equals + * using the PUT request. + */ +- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; +- if(data->set.upload) { ++ arg = va_arg(param, long); ++ if(arg) { + /* If this is HTTP, PUT is what's needed to "upload" */ + data->set.method = HTTPREQ_PUT; + data->set.opt_no_body = FALSE; /* this is implied */ +@@ -664,7 +664,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + } + else + data->set.method = HTTPREQ_GET; +- data->set.upload = FALSE; + break; + + #ifndef CURL_DISABLE_MIME +@@ -888,7 +887,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + */ + if(va_arg(param, long)) { + data->set.method = HTTPREQ_GET; +- data->set.upload = FALSE; /* switch off upload */ + data->set.opt_no_body = FALSE; /* this is implied */ + } + break; +diff --git a/lib/smb.c b/lib/smb.c +index a1e444ee6..d68222135 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -530,7 +530,7 @@ static CURLcode smb_send_open(struct Curl_easy *data) + byte_count = strlen(req->path); + msg.name_length = smb_swap16((unsigned short)byte_count); + msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); +- if(data->set.upload) { ++ if(data->state.upload) { + msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); + msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF); + } +@@ -762,7 +762,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + void *msg = NULL; + const struct smb_nt_create_response *smb_m; + +- if(data->set.upload && (data->state.infilesize < 0)) { ++ if(data->state.upload && (data->state.infilesize < 0)) { + failf(data, "SMB upload needs to know the size up front"); + return CURLE_SEND_ERROR; + } +@@ -813,7 +813,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) + smb_m = (const struct smb_nt_create_response*) msg; + req->fid = smb_swap16(smb_m->fid); + data->req.offset = 0; +- if(data->set.upload) { ++ if(data->state.upload) { + data->req.size = data->state.infilesize; + Curl_pgrsSetUploadSize(data, data->req.size); + next_state = SMB_UPLOAD; +diff --git a/lib/smtp.c b/lib/smtp.c +index 7a030308d..c182cace7 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status, + result = status; /* use the already set error code */ + } + else if(!data->set.connect_only && data->set.mail_rcpt && +- (data->set.upload || data->set.mimepost.kind)) { ++ (data->state.upload || data->set.mimepost.kind)) { + /* Calculate the EOB taking into account any terminating CRLF from the + previous line of the email or the CRLF of the DATA command when there + is "no mail data". RFC-5321, sect. 4.1.1.4. +@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, + smtp->eob = 2; + + /* Start the first command in the DO phase */ +- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) ++ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt) + /* MAIL transfer */ + result = smtp_perform_mail(data); + else +diff --git a/lib/tftp.c b/lib/tftp.c +index 164d3c723..8ed1b887b 100644 +--- a/lib/tftp.c ++++ b/lib/tftp.c +@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, + + /* tsize should be ignored on upload: Who cares about the size of the + remote file? */ +- if(!data->set.upload) { ++ if(!data->state.upload) { + if(!tsize) { + failf(data, "invalid tsize -:%s:- value in OACK packet", value); + return CURLE_TFTP_ILLEGAL; +@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + return result; + } + +- if(data->set.upload) { ++ if(data->state.upload) { + /* If we are uploading, send an WRQ */ + setpacketevent(&state->spacket, TFTP_EVENT_WRQ); + state->data->req.upload_fromhere = +@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + if(!data->set.tftp_no_options) { + char buf[64]; + /* add tsize option */ +- if(data->set.upload && (data->state.infilesize != -1)) ++ if(data->state.upload && (data->state.infilesize != -1)) + msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, + data->state.infilesize); + else +@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, + break; + + case TFTP_EVENT_OACK: +- if(data->set.upload) { ++ if(data->state.upload) { + result = tftp_connect_for_tx(state, event); + } + else { +diff --git a/lib/transfer.c b/lib/transfer.c +index e9ab8fbf0..cb69f3365 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1293,6 +1293,7 @@ void Curl_init_CONNECT(struct Curl_easy *data) + { + data->state.fread_func = data->set.fread_func_set; + data->state.in = data->set.in_set; ++ data->state.upload = (data->state.httpreq == HTTPREQ_PUT); + } + + /* +@@ -1732,7 +1733,6 @@ CURLcode Curl_follow(struct Curl_easy *data, + data->state.httpreq != HTTPREQ_POST_MIME) || + !(data->set.keep_post & CURL_REDIR_POST_303))) { + data->state.httpreq = HTTPREQ_GET; +- data->set.upload = false; + infof(data, "Switch to %s", + data->req.no_body?"HEAD":"GET"); + } +@@ -1770,7 +1770,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url) + + /* if we're talking upload, we can't do the checks below, unless the protocol + is HTTP as when uploading over HTTP we will still get a response */ +- if(data->set.upload && ++ if(data->state.upload && + !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) + return CURLE_OK; + +diff --git a/lib/urldata.h b/lib/urldata.h +index cca992a02..a8580bdb6 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1462,6 +1462,7 @@ struct UrlState { + BIT(rewindbeforesend);/* TRUE when the sending couldn't be stopped even + though it will be discarded. We must call the data + rewind callback before trying to send again. */ ++ BIT(upload); /* upload request */ + }; + + /* +@@ -1838,7 +1839,6 @@ struct UserDefined { + BIT(http_auto_referer); /* set "correct" referer when following + location: */ + BIT(opt_no_body); /* as set with CURLOPT_NOBODY */ +- BIT(upload); /* upload request */ + BIT(verbose); /* output verbosity */ + BIT(krb); /* Kerberos connection requested */ + BIT(reuse_forbid); /* forbidden to be reused, close after use */ +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index b31f741ba..d60edaa30 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -1209,7 +1209,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(protop->path[strlen(protop->path)-1] == '/') +@@ -1802,7 +1802,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */ + ssh_set_blocking(sshc->ssh_session, 1); + +- if(data->set.upload) { ++ if(data->state.upload) { + if(data->state.infilesize < 0) { + failf(data, "SCP requires a known file size for upload"); + sshc->actualcode = CURLE_UPLOAD_FAILED; +@@ -1907,7 +1907,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + case SSH_SCP_DONE: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SCP_SEND_EOF); + else + state(data, SSH_SCP_CHANNEL_FREE); +diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c +index f1154dc47..f2e5352d1 100644 +--- a/lib/vssh/libssh2.c ++++ b/lib/vssh/libssh2.c +@@ -2019,7 +2019,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + } + + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(sshp->path[strlen(sshp->path)-1] == '/') +@@ -2691,7 +2691,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- if(data->set.upload) { ++ if(data->state.upload) { + if(data->state.infilesize < 0) { + failf(data, "SCP requires a known file size for upload"); + sshc->actualcode = CURLE_UPLOAD_FAILED; +@@ -2831,7 +2831,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) + break; + + case SSH_SCP_DONE: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SCP_SEND_EOF); + else + state(data, SSH_SCP_CHANNEL_FREE); +diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c +index 17d59ecd2..2ca91b736 100644 +--- a/lib/vssh/wolfssh.c ++++ b/lib/vssh/wolfssh.c +@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) + } + break; + case SSH_SFTP_TRANS_INIT: +- if(data->set.upload) ++ if(data->state.upload) + state(data, SSH_SFTP_UPLOAD_INIT); + else { + if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') +-- +2.25.1 + diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-32001.patch new file mode 100644 index 0000000000..c9ca3ae514 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-32001.patch @@ -0,0 +1,39 @@ +CVE: CVE-2023-32001 +Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + + +From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 +From: SaltyMilk <soufiane.elmelcaoui@gmail.com> +Date: Mon, 10 Jul 2023 21:43:28 +0200 +Subject: [PATCH] fopen: optimize + +Closes #11419 +--- + lib/fopen.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index c9c9e3d6e73a2..b6e3cadddef65 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + int fd = -1; + *tempname = NULL; + +- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { +- /* a non-regular file, fallback to direct fopen() */ +- *fh = fopen(filename, FOPEN_WRITETEXT); +- if(*fh) +- return CURLE_OK; ++ *fh = fopen(filename, FOPEN_WRITETEXT); ++ if(!*fh) + goto fail; +- } ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ return CURLE_OK; ++ fclose(*fh); ++ *fh = NULL; + + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); + if(result) diff --git a/poky/meta/recipes-support/curl/curl/disable-tests b/poky/meta/recipes-support/curl/curl/disable-tests index 92056bd8ca..b687b2bb76 100644 --- a/poky/meta/recipes-support/curl/curl/disable-tests +++ b/poky/meta/recipes-support/curl/curl/disable-tests @@ -18,6 +18,8 @@ 1165 # This CRL test is looking for src files 1185 +# This test is scanning the source tree +1222 # These CRL tests need --libcurl option to be enabled 1400 1401 diff --git a/poky/meta/recipes-support/curl/curl/run-ptest b/poky/meta/recipes-support/curl/curl/run-ptest index 614e822922..2c74c58f5d 100644 --- a/poky/meta/recipes-support/curl/curl/run-ptest +++ b/poky/meta/recipes-support/curl/curl/run-ptest @@ -1,6 +1,6 @@ #!/bin/sh cd tests -./runtests.pl -a -n -s | sed \ +{ ./runtests.pl -a -n -s || echo "FAIL: curl" ; } | sed \ -e 's|\([^ ]* *\) \([^ ]* *\)...OK|PASS: \1 \2|' \ -e 's|\([^ ]* *\) \([^ ]* *\)...FAILED|FAIL: \1 \2|' \ -e 's/Warning: test[0-9]\+ not present in tests\/data\/Makefile.inc//' diff --git a/poky/meta/recipes-support/curl/curl_8.0.1.bb b/poky/meta/recipes-support/curl/curl_8.0.1.bb index 5cf044615f..708f622fe1 100644 --- a/poky/meta/recipes-support/curl/curl_8.0.1.bb +++ b/poky/meta/recipes-support/curl/curl_8.0.1.bb @@ -13,6 +13,12 @@ SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ file://run-ptest \ file://disable-tests \ + file://CVE-2023-28322.patch \ + file://CVE-2023-28319.patch \ + file://CVE-2023-28320.patch \ + file://CVE-2023-28321.patch \ + file://CVE-2023-32001.patch \ + file://CVE-2023-28320-fol1.patch \ " SRC_URI[sha256sum] = "0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0" diff --git a/poky/meta/recipes-support/fribidi/fribidi_1.0.12.bb b/poky/meta/recipes-support/fribidi/fribidi_1.0.13.bb index 9e46d958e9..5d0476a375 100644 --- a/poky/meta/recipes-support/fribidi/fribidi_1.0.12.bb +++ b/poky/meta/recipes-support/fribidi/fribidi_1.0.13.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.xz \ " -SRC_URI[sha256sum] = "0cd233f97fc8c67bb3ac27ce8440def5d3ffacf516765b91c2cc654498293495" +SRC_URI[sha256sum] = "7fa16c80c81bd622f7b198d31356da139cc318a63fc7761217af4130903f54a2" inherit meson lib_package pkgconfig github-releases diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index 0cd4c45907..81aeaf5d3a 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 346a6b17a07b658954db65f814461b59824d9fcd Mon Sep 17 00:00:00 2001 +From 8b9e3d286e87bc978ec6bb9cfd790d8d253b79c3 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 099c6a8..e8cf408 100644 +index a547401..60bc2c5 100644 --- a/configure.ac +++ b/configure.ac -@@ -1935,7 +1935,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1922,7 +1922,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch index 071dd93ff5..f7dd12fbcc 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From b1117adeb476304ce2792814516a5b7cd44d0d38 Mon Sep 17 00:00:00 2001 +From c4ddea8e6070d1df51058aac08088e27c37e7e73 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common/homedir.c b/common/homedir.c -index 67bbde8..7f360ba 100644 +index 286685f..212a945 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -1171,7 +1171,7 @@ gnupg_socketdir (void) +@@ -1213,7 +1213,7 @@ gnupg_socketdir (void) if (!name) { unsigned int dummy; @@ -26,7 +26,7 @@ index 67bbde8..7f360ba 100644 gpgrt_annotate_leaked_object (name); } -@@ -1203,7 +1203,7 @@ gnupg_sysconfdir (void) +@@ -1245,7 +1245,7 @@ gnupg_sysconfdir (void) if (dir) return dir; else @@ -35,7 +35,7 @@ index 67bbde8..7f360ba 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1239,7 +1239,7 @@ gnupg_bindir (void) +@@ -1281,7 +1281,7 @@ gnupg_bindir (void) return name; } else @@ -44,7 +44,7 @@ index 67bbde8..7f360ba 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1266,7 +1266,7 @@ gnupg_libexecdir (void) +@@ -1308,7 +1308,7 @@ gnupg_libexecdir (void) return name; } else @@ -53,7 +53,7 @@ index 67bbde8..7f360ba 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1296,7 +1296,7 @@ gnupg_libdir (void) +@@ -1338,7 +1338,7 @@ gnupg_libdir (void) return name; } else @@ -62,7 +62,7 @@ index 67bbde8..7f360ba 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1327,7 +1327,7 @@ gnupg_datadir (void) +@@ -1369,7 +1369,7 @@ gnupg_datadir (void) return name; } else @@ -71,7 +71,7 @@ index 67bbde8..7f360ba 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1359,7 +1359,7 @@ gnupg_localedir (void) +@@ -1401,7 +1401,7 @@ gnupg_localedir (void) return name; } else diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.4.0.bb b/poky/meta/recipes-support/gnupg/gnupg_2.4.2.bb index 900aa8ad73..631df8ac9d 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.4.0.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.4.2.bb @@ -23,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483" +SRC_URI[sha256sum] = "97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ @@ -33,6 +33,8 @@ EXTRA_OECONF = "--disable-ldap \ --with-mailprog=${sbindir}/sendmail \ --enable-gpg-is-gpg2 \ " +# yat2m can be found from recipe-sysroot-native non-deterministically with different versioning otherwise +CACHED_CONFIGUREVARS += "ac_cv_path_YAT2M=./yat2m" # A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg) PACKAGES =+ "${PN}-gpg" diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb index 2bab3ac955..7e899e7399 100644 --- a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb +++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb @@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \ file://libassuan-add-pkgconfig-support.patch \ " -SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4" +SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426" BINCONFIG = "${bindir}/libassuan-config" diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb index dc39693be4..f9636f9433 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb @@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c" +SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b" do_configure:prepend () { # Else these could be used in preference to those in aclocal-copy diff --git a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.77.bb index 7bd66f63cf..16159a0fd8 100644 --- a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb +++ b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.77.bb @@ -7,7 +7,7 @@ SECTION = "net" DEPENDS = "file" SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c" +SRC_URI[sha256sum] = "9e7023a151120060d2806a6ea4c13ca9933ece4eacfc5c9464d20edddb76b0a0" inherit autotools lib_package pkgconfig gettext diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb index 01ba2a6fe9..748b1bd2c0 100644 --- a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb +++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb @@ -12,10 +12,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ DEPENDS = "glib-2.0" -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "69b5856e9ea42c38ac77e6b8c92ffc86a71d341fef74e77bef85f9cc6c47a4b1" +SRC_URI = "git://github.com/libproxy/libproxy;protocol=https;branch=main" +SRCREV = "caccaf28e3df6ea612d2d4b39f781c4324019fdb" +S = "${WORKDIR}/git" -inherit cmake pkgconfig github-releases +inherit cmake pkgconfig PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)} gnome3" PACKAGECONFIG[gnome] = "-DWITH_GNOME=yes,-DWITH_GNOME=no,gconf" diff --git a/poky/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch b/poky/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch new file mode 100644 index 0000000000..066233fcae --- /dev/null +++ b/poky/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch @@ -0,0 +1,34 @@ +CVE: CVE-2020-22218 +Upstream-Status: Backport [ https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + + +From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001 +From: lutianxiong <lutianxiong@huawei.com> +Date: Fri, 29 May 2020 01:25:40 +0800 +Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476) + +file:transport.c + +notes: +return error if malloc(0) + +credit: +lutianxiong +--- + src/transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/transport.c b/src/transport.c +index 96fca6b8cc..adf96c2437 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + /* Get a packet handle put data into. We get one to + hold all data, including padding and MAC. */ + p->payload = LIBSSH2_ALLOC(session, total_num); +- if(!p->payload) { ++ if(total_num == 0 || !p->payload) { + return LIBSSH2_ERROR_ALLOC; + } + p->total_num = total_num; diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb index d5513373b0..8483a292c2 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://fix-ssh2-test.patch \ file://run-ptest \ + file://CVE-2020-22218.patch \ " SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" diff --git a/poky/meta/recipes-support/nghttp2/nghttp2/CVE-2023-35945.patch b/poky/meta/recipes-support/nghttp2/nghttp2/CVE-2023-35945.patch new file mode 100644 index 0000000000..04d2086e1c --- /dev/null +++ b/poky/meta/recipes-support/nghttp2/nghttp2/CVE-2023-35945.patch @@ -0,0 +1,151 @@ +From ce385d3f55a4b76da976b3bdf71fe2deddf315ba Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +Date: Mon, 4 Sep 2023 06:48:30 +0000 +Subject: [PATCH] Fix memory leak + +This commit fixes memory leak that happens when PUSH_PROMISE or +HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback +fails with a fatal error. For example, if GOAWAY frame has been +received, a HEADERS frame that opens new stream cannot be sent. + +This issue has already been made public via CVE-2023-35945 [1] issued +by envoyproxy/envoy project. During embargo period, the patch to fix +this bug was accidentally submitted to nghttp2/nghttp2 repository [2]. +And they decided to disclose CVE early. I was notified just 1.5 hours +before disclosure. I had no time to respond. + +PoC described in [1] is quite simple, but I think it is not enough to +trigger this bug. While it is true that receiving GOAWAY prevents a +client from opening new stream, and nghttp2 enters error handling +branch, in order to cause the memory leak, +nghttp2_session_close_stream function must return a fatal error. +nghttp2 defines 2 fatal error codes: + +- NGHTTP2_ERR_NOMEM +- NGHTTP2_ERR_CALLBACK_FAILURE + +NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It +is unlikely that a process gets short of memory with this simple PoC +scenario unless application does something memory heavy processing. + +NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined +callback function (nghttp2_on_stream_close_callback, in this case), +which indicates something fatal happened inside a callback, and a +connection must be closed immediately without any further action. As +nghttp2_on_stream_close_error_callback documentation says, any error +code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal +error code. More specifically, it is treated as if +NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns +NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated +into NGHTTP2_ERR_CALLBACK_FAILURE. + +[1] https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r +[2] https://github.com/nghttp2/nghttp2/pull/1929 + +CVE: CVE-2023-35945 + +Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/ce385d3f55a4b76da976b3bdf71fe2deddf315ba] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/nghttp2_session.c | 10 +++++----- + tests/nghttp2_session_test.c | 34 ++++++++++++++++++++++++++++++++++ + 2 files changed, 39 insertions(+), 5 deletions(-) + +diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c +index 93f3f07..9bb32b2 100644 +--- a/lib/nghttp2_session.c ++++ b/lib/nghttp2_session.c +@@ -3300,6 +3300,7 @@ static ssize_t nghttp2_session_mem_send_internal(nghttp2_session *session, + if (rv < 0) { + int32_t opened_stream_id = 0; + uint32_t error_code = NGHTTP2_INTERNAL_ERROR; ++ int rv2 = 0; + + DEBUGF("send: frame preparation failed with %s\n", + nghttp2_strerror(rv)); +@@ -3342,19 +3343,18 @@ static ssize_t nghttp2_session_mem_send_internal(nghttp2_session *session, + } + if (opened_stream_id) { + /* careful not to override rv */ +- int rv2; + rv2 = nghttp2_session_close_stream(session, opened_stream_id, + error_code); +- +- if (nghttp2_is_fatal(rv2)) { +- return rv2; +- } + } + + nghttp2_outbound_item_free(item, mem); + nghttp2_mem_free(mem, item); + active_outbound_item_reset(aob, mem); + ++ if (nghttp2_is_fatal(rv2)) { ++ return rv2; ++ } ++ + if (rv == NGHTTP2_ERR_HEADER_COMP) { + /* If header compression error occurred, should terminiate + connection. */ +diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c +index 08152d4..14ab132 100644 +--- a/tests/nghttp2_session_test.c ++++ b/tests/nghttp2_session_test.c +@@ -585,6 +585,15 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id, + return 0; + } + ++static int fatal_error_on_stream_close_callback(nghttp2_session *session, ++ int32_t stream_id, ++ uint32_t error_code, ++ void *user_data) { ++ on_stream_close_callback(session, stream_id, error_code, user_data); ++ ++ return NGHTTP2_ERR_CALLBACK_FAILURE; ++} ++ + static ssize_t pack_extension_callback(nghttp2_session *session, uint8_t *buf, + size_t len, const nghttp2_frame *frame, + void *user_data) { +@@ -4297,6 +4306,8 @@ void test_nghttp2_session_on_goaway_received(void) { + nghttp2_frame frame; + int i; + nghttp2_mem *mem; ++ const uint8_t *data; ++ ssize_t datalen; + + mem = nghttp2_mem_default(); + user_data.frame_recv_cb_called = 0; +@@ -4338,6 +4349,29 @@ void test_nghttp2_session_on_goaway_received(void) { + + nghttp2_frame_goaway_free(&frame.goaway, mem); + nghttp2_session_del(session); ++ ++ /* Make sure that no memory leak when stream_close callback fails ++ with a fatal error */ ++ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); ++ callbacks.on_stream_close_callback = fatal_error_on_stream_close_callback; ++ ++ memset(&user_data, 0, sizeof(user_data)); ++ ++ nghttp2_session_client_new(&session, &callbacks, &user_data); ++ ++ nghttp2_frame_goaway_init(&frame.goaway, 0, NGHTTP2_NO_ERROR, NULL, 0); ++ ++ CU_ASSERT(0 == nghttp2_session_on_goaway_received(session, &frame)); ++ ++ nghttp2_submit_request(session, NULL, reqnv, ARRLEN(reqnv), NULL, NULL); ++ ++ datalen = nghttp2_session_mem_send(session, &data); ++ ++ CU_ASSERT(NGHTTP2_ERR_CALLBACK_FAILURE == datalen); ++ CU_ASSERT(1 == user_data.stream_close_cb_called); ++ ++ nghttp2_frame_goaway_free(&frame.goaway, mem); ++ nghttp2_session_del(session); + } + + void test_nghttp2_session_on_window_update_received(void) { +-- +2.35.5 diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.52.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.52.0.bb index f57a15954d..0fba554919 100644 --- a/poky/meta/recipes-support/nghttp2/nghttp2_1.52.0.bb +++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.52.0.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=764abdf30b2eadd37ce47dcbce0ea1ec" SRC_URI = "\ ${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \ file://0001-fetch-ocsp-response-use-python3.patch \ + file://CVE-2023-35945.patch \ " SRC_URI[sha256sum] = "3ea9f0439e60469ad4d39cb349938684ffb929dd7e8e06a7bffe9f9d21f8ba7d" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index ff5629c6f9..60918a3892 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" -SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa" +SRCREV = "4148e75284e443fc8ffaef425c467aa5523528ff" PV .= "+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \ diff --git a/poky/meta/recipes-support/serf/serf/0001-Fix-syntax-of-a-print-in-the-scons-file-to-unbreak-b.patch b/poky/meta/recipes-support/serf/serf/0001-Fix-syntax-of-a-print-in-the-scons-file-to-unbreak-b.patch deleted file mode 100644 index 4a5832ac1a..0000000000 --- a/poky/meta/recipes-support/serf/serf/0001-Fix-syntax-of-a-print-in-the-scons-file-to-unbreak-b.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 99f6e1b0d68281b63218d6adfe68cd9e331ac5be Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 3 Sep 2018 10:50:08 -0700 -Subject: [PATCH] Fix syntax of a print() in the scons file to unbreak building - with most recent scons version. - -* SConstruct Use Python 3.0 valid syntax to make Scons 3.0.0 happy on both python - 3.0 and 2.7. - -Upstream-Status: Backport -[https://svn.apache.org/viewvc/serf/trunk/SConstruct?r1=1809132&r2=1811083&diff_format=h] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - SConstruct | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SConstruct b/SConstruct -index 1670459..18a45fa 100644 ---- a/SConstruct -+++ b/SConstruct -@@ -184,7 +184,7 @@ CALLOUT_OKAY = not (env.GetOption('clean') or env.GetOption('help')) - - unknown = opts.UnknownVariables() - if unknown: -- print 'Warning: Used unknown variables:', ', '.join(unknown.keys()) -+ print('Warning: Used unknown variables:', ', '.join(unknown.keys())) - - apr = str(env['APR']) - apu = str(env['APU']) diff --git a/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch b/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch deleted file mode 100644 index 91ccc8a474..0000000000 --- a/poky/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2f45711a66ff99886b6e4a5708e2db01a63e5af4 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Fri, 10 Sep 2021 11:05:10 +0200 -Subject: [PATCH] buckets/ssl_buckets.c: do not use ERR_GET_FUNC - -Upstream removed it in -https://github.com/openssl/openssl/pull/16004 - -Upstream-Status: Inactive-Upstream [lastrelease: 2015, lastcommit: 2019] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - buckets/ssl_buckets.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c -index b01e535..9801f87 100644 ---- a/buckets/ssl_buckets.c -+++ b/buckets/ssl_buckets.c -@@ -1325,8 +1325,7 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) - return 0; - } - else { -- printf("OpenSSL cert error: %d %d %d\n", ERR_GET_LIB(err), -- ERR_GET_FUNC(err), -+ printf("OpenSSL cert error: %d %d\n", ERR_GET_LIB(err), - ERR_GET_REASON(err)); - PKCS12_free(p12); - bio_meth_free(biom); diff --git a/poky/meta/recipes-support/serf/serf/0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch b/poky/meta/recipes-support/serf/serf/0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch deleted file mode 100644 index 02fa9e3a06..0000000000 --- a/poky/meta/recipes-support/serf/serf/0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 565211fd082ef653ca9c44a345350fc1451f5a0f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 3 Sep 2018 11:12:38 -0700 -Subject: [PATCH] Follow-up to r1811083 fix building with scons 3.0.0 and - Python3 - -* SConstruct: Append decode('utf-8) to FILE.get_contents() to avoid - TypeError: cannot use a string pattern on a bytes-like object - -Upstream-Status: Backport -[https://svn.apache.org/viewvc/serf/trunk/SConstruct?r1=1811088&r2=1814604] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - SConstruct | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SConstruct b/SConstruct -index 877731e..7678bb1 100644 ---- a/SConstruct -+++ b/SConstruct -@@ -169,7 +169,7 @@ env.Append(BUILDERS = { - match = re.search('SERF_MAJOR_VERSION ([0-9]+).*' - 'SERF_MINOR_VERSION ([0-9]+).*' - 'SERF_PATCH_VERSION ([0-9]+)', -- env.File('serf.h').get_contents(), -+ env.File('serf.h').get_contents().decode('utf-8'), - re.DOTALL) - MAJOR, MINOR, PATCH = [int(x) for x in match.groups()] - env.Append(MAJOR=str(MAJOR)) diff --git a/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch b/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch index 4105868a7e..91640d6044 100644 --- a/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch +++ b/poky/meta/recipes-support/serf/serf/SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch @@ -31,7 +31,7 @@ ERROR: scons install execution failed. and the installed paths (including the paths inside libserf*.pc) look correct -Upstream-Status: Inactive-Upstream [lastrelease: 2015, lastcommit: 2019] +Upstream-Status: Pending Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> diff --git a/poky/meta/recipes-support/serf/serf_1.3.9.bb b/poky/meta/recipes-support/serf/serf_1.3.10.bb index 669f42b8e7..c6b51452aa 100644 --- a/poky/meta/recipes-support/serf/serf_1.3.9.bb +++ b/poky/meta/recipes-support/serf/serf_1.3.10.bb @@ -7,16 +7,12 @@ HOMEPAGE = "http://serf.apache.org/" SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://norpath.patch \ file://env.patch \ - file://0001-Fix-syntax-of-a-print-in-the-scons-file-to-unbreak-b.patch \ file://0002-SConstruct-Fix-path-quoting-for-.def-generator.patch \ file://0003-gen_def.patch \ - file://0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch \ file://SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch \ - file://0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch \ " -SRC_URI[md5sum] = "370a6340ff20366ab088012cd13f2b57" -SRC_URI[sha256sum] = "549c2d21c577a8a9c0450facb5cca809f26591f048e466552240947bdf7a87cc" +SRC_URI[sha256sum] = "be81ef08baa2516ecda76a77adf7def7bc3227eeb578b9a33b45f7b41dc064e6" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" diff --git a/poky/meta/recipes-support/taglib/taglib_1.13.bb b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb index 6560bc3660..3f0a759f95 100644 --- a/poky/meta/recipes-support/taglib/taglib_1.13.bb +++ b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib" SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz" -SRC_URI[sha256sum] = "58f08b4db3dc31ed152c04896ee9172d22052bc7ef12888028c01d8b1d60ade0" +SRC_URI[sha256sum] = "c8da2b10f1bfec2cd7dbfcd33f4a2338db0765d851a50583d410bacf055cfd0b" UPSTREAM_CHECK_URI = "https://taglib.org/" diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index e1d2563316..5f55f590e6 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -10,7 +10,7 @@ DEPENDS = "ncurses gettext-native" RSUGGESTS:${PN} = "diffutils" LICENSE = "Vim" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d1a651ab770b45d41c0f8cb5a8ca930e" SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ @@ -19,14 +19,13 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1527" -SRCREV = "c28e7a2b2f23dbd246a1ad7ad7aaa6f7ab2e5887" - -# Remove when 8.3 is out -UPSTREAM_VERSION_UNKNOWN = "1" +PV .= ".1894" +SRCREV = "e5f7cd0a60d0eeab84f7aeb35c13d3af7e50072e" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" +# Ignore that the upstream version .z in x.y.z is always newer +UPSTREAM_VERSION_UNKNOWN = "1" S = "${WORKDIR}/git" |