From ab475af3890f35980cd224ec8da7143c68834989 Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Thu, 21 Apr 2022 14:30:30 -0500 Subject: subtree updates meta-openembedded: ab9fca485e..fdd1dfe6b4: Akash Hadke (1): tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266 Andre Carvalho (1): netcat: Set CVE_PRODUCT Armin Kuster (7): wireshark: Update to 3.2.18 c-ares: bump PV in recipe to 1.16.1 pw-am.sh: update to new patcwork system p7zip: refresh patches breakpad: Update SRC_URI for protobuf and lss spirv-tools: update SRC_URI for googletest to main Mariadb: update to 10.4.24 Christian Ege (1): cli11: switch from default master branch to main to fix do_fetch failure Christian Eggers (1): graphviz: native: create /usr/lib/graphviz/config6 in populate_sysroot Daniel Stadelmann (1): imagemagick: update SRC_URI branch from master to main Jeremy Puhlman (1): CVE-2021-4034: polkit Local privilege escalation in pkexec due to incorrect handling of argument vector Khem Raj (1): mongodb: Pass OBJCOPY to scons so it does not use it from host Kristian Klausen (1): cryptsetup: Add runtime dependency on lvm2-udevrules for udev Leif Middelschulte (1): dbus-daemon-proxy: add missing `return` statement Mingli Yu (2): polkit: fix CVE-2021-3560 geoip: Switch to use the main branch Minjae Kim (1): multipath-tools: update SRC_URI Nisha Parrakat (2): p7zip: build and package lib7z.so needed for fastboot nodejs: upgrade to 12.22.2 Peter Kjellerstedt (1): googletest: Switch branch from master to main Ralph Siemsen (2): nginx: backport fix for CVE-2019-20372 polkit: fix overlapping changes in recent CVE patches Ranjitsinh Rathod (4): strongswan: Add fix of CVE-2021-45079 nss: Add fix for CVE-2022-22747 polkit: Fix for CVE-2021-4115 python3-urllib3: Fix CVE-2020-26137 and CVE-2021-33503 Robert Joslyn (1): linuxptp: Update to 2.0.1 Ross Burton (1): protobuf: fix patch fuzz Sana Kazi (2): protobuf: Fix CVE-2021-22570 openjpeg: Fix multiple CVE Thomas Perrot (1): breakpad: fix branch for gtest in SRC_URI Virendra Thakur (5): strongswan: Fix for CVE-2021-41990 and CVE-2021-41991 udisks2: Fix for CVE-2021-3802 p7zip: fix for CVE-2018-5996 nodejs: Fix for CVE-2021-44532 p7zip: Fix for CVE-2016-9296 Yi Zhao (1): apache2: upgrade 2.4.52 -> 2.4.53 wangmy (1): apache2: upgrade 2.4.51 -> 2.4.52 meta-security: b76698c788..c62970fda8: Armin Kuster (3): clamav: disable DB creation. clamav: drop creating cvd package chkrootkit: update SRC_URI Jeremy A. Puhlman (1): sssd: re-package to fix QA issues Ralph Siemsen (2): tpm2-tools: backport fix for CVE-2021-3565 tpm2-tools: update to 4.1.3 poky: bba3233897..b6ce93d565: Alexander Kanavin (4): libusb1: correct SRC_URI ruby: correctly set native/target dependencies vim: do not report upstream version check as broken mobile-broadband-provider-info: upgrade 20201225 -> 20210805 Bruce Ashfield (4): linux-yocto/5.4: update to v5.4.173 linux-yocto/5.4: update to v5.4.176 linux-yocto/5.4: update to v5.4.178 perf-tests: add bash into RDEPENDS (v5.12-rc5+) Changhyeok Bae (1): mobile-broadband-provider-info: upgrade 20210805 -> 20220315 Chee Yang Lee (1): ruby: 2.7.4 -> 2.7.5 Christian Eggers (1): sdk: fix search for dynamic loader Davide Gardenal (6): re2c: backport fix for CVE-2018-21232 qemu: backport fix for CVE-2020-13253 qemu: backport patch fix for CVE-2020-13791 apt: backport patch fix for CVE-2020-3810 ghostscript: backport patch fix for CVE-2021-3781 go: backport patch fix for CVE-2021-38297 Florian Amstutz (1): devtool: deploy-target: Remove stripped binaries in pseudo context Jose Quaresma (2): buildhistory.bbclass: create the buildhistory directory when needed sstate: inside the threadedpool don't write to the shared localdata Joshua Watt (5): tzdata: Remove BSD License specifier e2fsprogs: Use specific BSD license variant glib-2.0: Use specific BSD license variant shadow: Use specific BSD license variant libcap: Use specific BSD license variant Kartikey Rameshbhai Parmar (1): puzzles: Upstream changed to main branch for development Konrad Weihmann (1): ruby: fix DEPENDS append Lee Chee Yang (1): poky.conf: update tested distros Marek Vasut (2): binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags. bootchart2: Add missing python3-math dependency Marta Rybczynska (48): grub: add a fix for CVE-2020-25632 grub: add a fix for CVE-2020-25647 grub: fix a memory leak grub: add a fix for a possible NULL dereference grub: fix a dangling memory pointer grub: fix wrong handling of argc == 0 grub: add a fix for malformed device path handling grub: fix memory leak at error in grub_efi_get_filename() grub: add a fix for a possible NULL pointer dereference grub: add a fix for unused variable in gnulib grub: fix an unitialized token in gnulib grub: add a fix a NULL pointer dereference in gnulib grub: add a fix for NULL pointer dereference grub: fix an unitialized re_token in gnulib grub: add a fix for unnecessary assignements grub: add structure initialization in zstd grub: add a missing NULL check grub: fix a memory leak grub: fix a memory leak grub: fix a memory leak grub: fix an integer overflow grub: add a fix for a length check grub: add a fix for a possible negative shift grub: add a fix for a memory leak grub: add a fix for possible integer overflows grub: fix an error check grub: add a fix for a memory leak grub: add a fix for a possible unintended sign extension grub: add a fix for a possible NULL dereference grub: add a fix for a memory leak grub: add a fix for a memory leak grub: fix a memory leak grub: remove unneeded return value grub: fix an integer overflow grub: fix multiple integer overflows grub: fix a possible integer overflow grub: test for malformed jpeg files grub: remove dead code grub: fix checking for NULL grub: add a fix for a memory leak grub: avoid a memory leak grub: add a check for a NULL pointer grub: add a fix for NULL pointer dereference grub: add a fix for an incorrect cast grub: fix incorrect use of a negative value grub: add a fix for a NULL pointer dereference grub: avoid a NULL pointer dereference grub: add a fix for a crash in scripts Martin Beeger (1): cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file Martin Jansa (1): boost: fix native build with glibc-2.34 Michael Halstead (2): releases: update to include 3.1.14 uninative: Upgrade to 3.5 Michael Opdenacker (1): docs: fix hardcoded link warning messages Minjae Kim (6): ghostscript: fix CVE-2021-45949 go: fix CVE-2022-23806 go: fix CVE-2022-23772 bluez5: fix CVE-2021-3658 gnu-config: update SRC_URI virglrenderer: update SRC_URI Nathan Rossi (1): cml1.bbclass: Handle ncurses-native being available via pkg-config Oleksandr Kravchuk (1): tzdata: update to 2022a Ovidiu Panait (1): openssl: upgrade 1.1.1l -> 1.1.1n Peter Kjellerstedt (2): sstate: A third fix for for touching files inside pseudo python3-jinja2: Correct HOMEPAGE Purushottam Choudhary (3): systemd: Fix CVE-2021-3997 freetype: add missing CVE tag CVE-2020-15999 tiff: fix for CVE-2022-22844 Ralph Siemsen (6): bind: update to 9.11.36 libxml2: backport fix for CVE-2022-23308 libxml2: move to gitlab.gnome.org libxml2: fix CVE-2022-23308 regression bluez5: fix CVE-2022-0204 bind: update to 9.11.37 Ranjitsinh Rathod (2): util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 openssl: Add fix for CVE-2021-4160 Richard Purdie (19): bitbake: tests/fetch: Handle upstream master -> main branch change default-distrovars.inc: Switch connectivity check to a yoctoproject.org page vim: Upgrade 4269 -> 4134 vim: Upgrade 8.2.4314 -> 8.2.4424 libxml-parser-perl: Add missing RDEPENDS uninative: Add version to uninative tarball name systemd: Ensure uid/gid ranges are set deterministically vim: Update to 8.2.4524 for further CVE fixes build-appliance-image: Update to dunfell head revision python3targetconfig: Use for nativesdk too oeqa/runtime/ping: Improve failure message to include more detail oeqa/selftest/tinfoil: Improve tinfoil event test debugging bitbake: server/process: Note when commands complete in logs bitbake: tinfoil: Allow run_command not to wait on events poky: Drop PREMIRRORS entries for scms oeqa/selftest/tinfoil: Fix intermittent event loss issue in test mirrors: Add missing gitsm entries for yocto/oe mirrors bitbake: server/process: Disable gc around critical section conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py Ross Burton (13): lsof: correct LICENSE shadow-sysroot: sync license with shadow lighttpd: backport a fix for CVE-2022-22707 vim: set PACKAGECONFIG idiomatically vim: upgrade to 8.2 patch 3752 vim: update to include latest CVE fixes vim: upgrade to patch 4269 coreutils: remove obsolete ignored CVE list cve-check: get_cve_info should open the database read-only Revert "cve-check: add lockfile to task" asciidoc: update git repository python3: ignore CVE-2022-26488 grub: ignore CVE-2021-46705 Rudolf J Streif (1): linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Saul Wold (1): recipetool: Fix circular reference in SRC_URI Scott Weaver (1): bitbake: fetch2: add check for empty SRC_URI hash string Stefan Herbrechtsmeier (1): cve-check: create directory of CVE_CHECK_MANIFEST before copy Steve Sakoman (29): glibc: update to lastest 2.31 release HEAD expat: fix CVE-2022-23852 expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch common-licenses: add Spencer-94 documentation: update for 3.1.14 release expat: fix CVE-2022-23990 connman: fix CVE-2022-23096-7 connman: fix CVE-2022-23098 connman: fix CVE-2021-33833 wpa-supplicant: fix CVE-2022-23303-4 Revert "vim: fix CVE-2021-4069" expat: fix CVE-2022-25235 expat: fix CVE-2022-25236 expat: fix CVE-2022-25313 expat: fix CVE-2022-25314 expat: fix CVE-2022-25315 ref-system-requirements.rst: update list of supported distros linux-yocto: update genericx86* to v5.4.178 poky.conf: Bump version for 3.1.15 release documentation: update for 3.1.15 release libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77 ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native util-linux: fix CVE-2022-0563 xserver-xorg: update to 1.20.9 xserver-xorg: update to 1.20.10 xserver-xorg: update to 1.20.11 xserver-xorg: update to 1.20.12 xserver-xorg: update to 1.20.13 xserver-xorg: update to 1.20.14 Sundeep KOKKONDA (1): binutils: Fix CVE-2021-45078 Tim Orling (1): python3: upgrade 3.8.12 -> 3.8.13 Virendra Thakur (1): libarchive: Fix for CVE-2021-36976 bkylerussell@gmail.com (1): rpm: fix intermittent compression failure in do_package_write_rpm sana kazi (1): tiff: Add backports for two CVEs from upstream wangmy (3): linux-firmware: upgrade 20211216 -> 20220209 wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 linux-firmware: upgrade 20220209 -> 20220310 Signed-off-by: Patrick Williams Change-Id: Ib8eac0ed434df84b23bf80c52a2b3c4be9beff38 --- meta-openembedded/contrib/pw-am.sh | 2 +- .../recipes-support/geoip/geoip_1.6.12.bb | 2 +- .../recipes-support/netcat/netcat_0.7.1.bb | 2 + .../strongswan/files/CVE-2021-41990.patch | 62 + .../strongswan/files/CVE-2021-41991.patch | 41 + .../strongswan/files/CVE-2021-45079.patch | 156 + .../recipes-support/strongswan/strongswan_5.8.4.bb | 3 + .../files/CVE-2020-24265-and-CVE-2020-24266.patch | 37 + .../recipes-support/tcpreplay/tcpreplay_4.3.3.bb | 3 +- .../wireshark/files/fix_lemon_path.patch | 22 + .../recipes-support/wireshark/wireshark_3.2.15.bb | 80 - .../recipes-support/wireshark/wireshark_3.2.18.bb | 81 + .../meta-python/recipes-dbs/mongodb/mongodb_git.bb | 2 + .../linuxptp/linuxptp_2.0.1.bb | 23 + .../recipes-connectivity/linuxptp/linuxptp_2.0.bb | 24 - ...-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch | 2 +- .../recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb | 2 +- .../recipes-dbs/mysql/mariadb-native_10.4.20.bb | 20 - .../recipes-dbs/mysql/mariadb-native_10.4.24.bb | 20 + .../meta-oe/recipes-dbs/mysql/mariadb.inc | 6 +- .../recipes-dbs/mysql/mariadb/c11_atomics.patch | 73 - .../mariadb/clang_version_header_conflict.patch | 32 - .../meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb | 27 - .../meta-oe/recipes-dbs/mysql/mariadb_10.4.24.bb | 27 + .../recipes-devtools/breakpad/breakpad_git.bb | 8 +- .../nodejs/nodejs/CVE-2021-44532.patch | 3090 ++++++++++++++++++++ .../recipes-devtools/nodejs/nodejs_12.21.0.bb | 161 - .../recipes-devtools/nodejs/nodejs_12.22.2.bb | 162 + .../protobuf/protobuf/CVE-2021-22570.patch | 73 + .../recipes-devtools/protobuf/protobuf_3.11.4.bb | 1 + .../p7zip/files/CVE-2016-9296.patch | 27 + .../p7zip/files/CVE-2018-5996.patch | 226 ++ .../change_numMethods_from_bool_to_unsigned.patch | 27 + .../meta-oe/recipes-extended/p7zip/p7zip_16.02.bb | 23 +- .../polkit/files/CVE-2021-4034.patch | 74 + .../polkit/files/CVE-2021-4115.patch | 87 + .../polkit/polkit/CVE-2021-3560.patch | 33 + .../recipes-extended/polkit/polkit_0.116.bb | 3 + .../recipes-graphics/graphviz/graphviz_2.40.1.bb | 11 + .../openjpeg/openjpeg/CVE-2019-12973-1.patch | 72 + .../openjpeg/openjpeg/CVE-2019-12973-2.patch | 86 + .../openjpeg/openjpeg/CVE-2020-15389.patch | 43 + .../openjpeg/openjpeg/CVE-2020-27814-1.patch | 29 + .../openjpeg/openjpeg/CVE-2020-27814-2.patch | 27 + .../openjpeg/openjpeg/CVE-2020-27814-3.patch | 30 + .../openjpeg/openjpeg/CVE-2020-27814-4.patch | 27 + .../openjpeg/openjpeg/CVE-2020-27823.patch | 29 + .../openjpeg/openjpeg/CVE-2020-27824.patch | 24 + .../openjpeg/openjpeg/CVE-2020-27841.patch | 238 ++ .../openjpeg/openjpeg/CVE-2020-27842.patch | 31 + .../openjpeg/openjpeg/CVE-2020-27843.patch | 31 + .../openjpeg/openjpeg/CVE-2020-27845.patch | 74 + .../recipes-graphics/openjpeg/openjpeg_2.3.1.bb | 13 + .../recipes-graphics/spir/spirv-tools_git.bb | 2 +- .../recipes-support/c-ares/c-ares_1.16.1.bb | 2 +- .../imagemagick/imagemagick_7.0.9.bb | 2 +- .../multipath-tools/multipath-tools_0.8.4.bb | 2 +- .../recipes-support/nss/nss/CVE-2022-22747.patch | 63 + .../meta-oe/recipes-support/nss/nss_3.51.1.bb | 1 + .../udisks/udisks2/CVE-2021-3802.patch | 63 + .../meta-oe/recipes-support/udisks/udisks2_git.bb | 1 + .../recipes-test/googletest/googletest_git.bb | 2 +- .../python/python3-urllib3/CVE-2020-26137.patch | 72 + .../python/python3-urllib3/CVE-2021-33503.patch | 67 + .../python/python3-urllib3_1.25.7.bb | 6 +- ...nfigure-use-pkg-config-for-PCRE-detection.patch | 37 +- ...-apxs.in-force-destdir-to-be-empty-string.patch | 49 - ...p-up-the-core-size-limit-if-CoreDumpDirec.patch | 13 +- ...not-export-apr-apr-util-symbols-when-usin.patch | 11 +- ...pache2-log-the-SELinux-context-at-startup.patch | 15 +- ...-replace-lynx-to-curl-in-apachectl-script.patch | 4 +- ...x-the-race-issue-of-parallel-installation.patch | 4 +- ...-apache2-allow-to-disable-selinux-support.patch | 8 +- ...008-Fix-perl-install-directory-to-usr-bin.patch | 36 + ...o-not-use-relative-path-for-gen_test_char.patch | 27 - ...-apxs.in-force-destdir-to-be-empty-string.patch | 49 + ...o-not-use-relative-path-for-gen_test_char.patch | 26 + .../apache2/apache2/apache-configure_perlbin.patch | 34 - .../recipes-httpd/apache2/apache2_2.4.51.bb | 225 -- .../recipes-httpd/apache2/apache2_2.4.53.bb | 225 ++ .../recipes-httpd/nginx/files/CVE-2019-20372.patch | 39 + .../recipes-httpd/nginx/nginx_1.16.1.bb | 2 + ...m2_import-fix-fixed-AES-key-CVE-2021-3565.patch | 48 + .../recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb | 17 - .../recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb | 20 + .../recipes-scanners/clamav/clamav_0.101.5.bb | 16 +- .../recipes-scanners/rootkits/chkrootkit_0.53.bb | 2 +- .../packagegroup/packagegroup-core-security.bb | 4 +- meta-security/recipes-security/sssd/sssd_1.16.4.bb | 21 +- poky/bitbake/lib/bb/fetch2/__init__.py | 5 +- poky/bitbake/lib/bb/server/process.py | 4 + poky/bitbake/lib/bb/tests/fetch.py | 2 +- poky/bitbake/lib/bb/tinfoil.py | 4 +- poky/documentation/bsp-guide/bsp.rst | 5 +- poky/documentation/conf.py | 22 +- .../dev-manual/dev-manual-common-tasks.rst | 2 +- .../overview-manual-development-environment.rst | 4 +- .../overview-manual/overview-manual-yp-intro.rst | 4 +- poky/documentation/poky.yaml | 10 +- .../profile-manual/profile-manual-usage.rst | 5 +- .../ref-manual/ref-system-requirements.rst | 7 +- poky/documentation/releases.rst | 1 + poky/documentation/sphinx-static/switchers.js | 2 +- .../toaster-manual/toaster-manual-reference.rst | 4 +- poky/meta-poky/conf/distro/poky.conf | 15 +- .../recipes-kernel/linux/linux-yocto_5.4.bbappend | 8 +- poky/meta/classes/buildhistory.bbclass | 1 + poky/meta/classes/cml1.bbclass | 8 + poky/meta/classes/cve-check.bbclass | 5 +- poky/meta/classes/mirrors.bbclass | 2 + poky/meta/classes/python3targetconfig.bbclass | 12 + poky/meta/classes/sanity.bbclass | 2 +- poky/meta/classes/sstate.bbclass | 16 +- poky/meta/classes/uninative.bbclass | 2 +- .../conf/distro/include/default-distrovars.inc | 2 +- poky/meta/conf/distro/include/yocto-uninative.inc | 11 +- poky/meta/files/common-licenses/Spencer-94 | 12 + poky/meta/files/toolchain-shar-relocate.sh | 2 +- poky/meta/lib/oeqa/runtime/cases/ping.py | 20 +- poky/meta/lib/oeqa/selftest/cases/tinfoil.py | 6 +- ...mory-leak-when-iterating-over-mapped-memo.patch | 39 + ...-possible-dereference-to-of-a-NULL-pointe.patch | 39 + ...0003-net-tftp-Fix-dangling-memory-pointer.patch | 33 + ...4-kern-parser-Fix-resource-leak-if-argc-0.patch | 50 + ...e-malformed-device-path-arithmetic-errors.patch | 235 ++ .../0006-kern-efi-Fix-memory-leak-on-failure.patch | 30 + ...-mm-Fix-possible-NULL-pointer-dereference.patch | 65 + ...08-gnulib-regexec-Resolve-unused-variable.patch | 59 + ...regcomp-Fix-uninitialized-token-structure.patch | 53 + ...-help-Fix-dereference-of-a-possibly-NULL-.patch | 52 + ...lib-regexec-Fix-possible-null-dereference.patch | 53 + ...gnulib-regcomp-Fix-uninitialized-re_token.patch | 55 + ...esolve-unnecessary-self-assignment-errors.patch | 41 + ...014-zstd-Initialize-seq_t-structure-fully.patch | 34 + ...ion-Check-for-NULL-before-dereferencing-i.patch | 43 + ...ke-sure-comp-data-is-freed-before-exiting.patch | 128 + ...k-ldm-If-failed-then-free-vg-variable-too.patch | 28 + ...x-memory-leak-on-uninserted-lv-references.patch | 50 + ...cryptodisk-Fix-potential-integer-overflow.patch | 50 + ...heck-that-the-volume-name-length-is-valid.patch | 43 + ...zfs-Fix-possible-negative-shift-operation.patch | 42 + ...ix-resource-leaks-while-constructing-path.patch | 121 + .../0023-zfs-Fix-possible-integer-overflows.patch | 56 + ...rrect-a-check-for-error-allocating-memory.patch | 35 + .../grub/files/0025-affs-Fix-memory-leaks.patch | 82 + ...pi-Fix-possible-unintended-sign-extension.patch | 36 + ...bgcrypt-mpi-Fix-possible-NULL-dereference.patch | 33 + ...28-syslinux-Fix-memory-leak-while-parsing.patch | 43 + ...letion-Fix-leaking-of-memory-when-process.patch | 52 + .../0030-commands-hashsum-Fix-a-memory-leak.patch | 56 + ...op-Remove-unnecessary-return-value-of-gru.patch | 94 + ...-fb-fbfill-Fix-potential-integer-overflow.patch | 78 + ...b-video_fb-Fix-multiple-integer-overflows.patch | 104 + ...fb-video_fb-Fix-possible-integer-overflow.patch | 39 + ...rs-jpeg-Test-for-an-invalid-next-marker-r.patch | 38 + ..._list-Remove-code-that-coverity-is-flaggi.patch | 34 + ...37-loader-bsd-Check-for-NULL-arg-up-front.patch | 47 + .../files/0038-loader-xnu-Fix-memory-leak.patch | 38 + ...Free-driverkey-data-when-an-error-is-dete.patch | 77 + ...-Check-if-pointer-is-NULL-before-using-it.patch | 42 + ...rub-install-Fix-NULL-pointer-dereferences.patch | 41 + ...ditenv-Fix-incorrect-casting-of-a-signed-.patch | 46 + ...fi-Fix-incorrect-use-of-a-possibly-negati.patch | 50 + ...ute-Fix-NULL-dereference-in-grub_script_e.patch | 28 + ...-Require-device_name-is-not-NULL-before-p.patch | 33 + ...ute-Avoid-crash-when-using-outside-a-func.patch | 37 + .../recipes-bsp/grub/files/CVE-2020-25632.patch | 90 + .../recipes-bsp/grub/files/CVE-2020-25647.patch | 119 + poky/meta/recipes-bsp/grub/grub2.inc | 52 +- .../meta/recipes-connectivity/bind/bind_9.11.35.bb | 141 - .../meta/recipes-connectivity/bind/bind_9.11.37.bb | 141 + poky/meta/recipes-connectivity/bluez5/bluez5.inc | 2 + .../bluez5/bluez5/CVE-2021-3658.patch | 95 + .../bluez5/bluez5/CVE-2022-0204.patch | 66 + .../connman/connman/CVE-2021-33833.patch | 72 + .../connman/connman/CVE-2022-23096-7.patch | 121 + .../connman/connman/CVE-2022-23098.patch | 50 + .../recipes-connectivity/connman/connman_1.37.bb | 3 + .../mobile-broadband-provider-info_git.bb | 7 +- .../recipes-connectivity/openssl/openssl_1.1.1l.bb | 218 -- .../recipes-connectivity/openssl/openssl_1.1.1n.bb | 219 ++ .../wpa-supplicant/CVE-2022-23303-4.patch | 609 ++++ .../wpa-supplicant/wpa-supplicant_2.9.bb | 1 + poky/meta/recipes-core/coreutils/coreutils_8.31.bb | 3 - .../recipes-core/expat/expat/CVE-2021-46143.patch | 6 + .../recipes-core/expat/expat/CVE-2022-23852.patch | 33 + .../recipes-core/expat/expat/CVE-2022-23990.patch | 49 + .../recipes-core/expat/expat/CVE-2022-25235.patch | 283 ++ .../recipes-core/expat/expat/CVE-2022-25236.patch | 129 + .../expat/expat/CVE-2022-25313-regression.patch | 131 + .../recipes-core/expat/expat/CVE-2022-25313.patch | 230 ++ .../recipes-core/expat/expat/CVE-2022-25314.patch | 32 + .../recipes-core/expat/expat/CVE-2022-25315.patch | 145 + poky/meta/recipes-core/expat/expat_2.2.9.bb | 8 + poky/meta/recipes-core/glib-2.0/glib.inc | 2 +- poky/meta/recipes-core/glibc/glibc-version.inc | 2 +- poky/meta/recipes-core/glibc/glibc_2.31.bb | 1 + .../images/build-appliance-image_15.0.0.bb | 2 +- .../libxml2/CVE-2022-23308-fix-regression.patch | 98 + .../libxml/libxml2/CVE-2022-23308.patch | 204 ++ poky/meta/recipes-core/libxml/libxml2_2.9.10.bb | 12 +- .../systemd/systemd/CVE-2021-3997-1.patch | 65 + .../systemd/systemd/CVE-2021-3997-2.patch | 101 + .../systemd/systemd/CVE-2021-3997-3.patch | 266 ++ ...nally-fsync-after-removing-directory-tree.patch | 35 + ...m-rf-children-split-out-body-of-directory.patch | 318 ++ poky/meta/recipes-core/systemd/systemd_244.5.bb | 7 + .../util-linux/util-linux/CVE-2021-3995.patch | 139 + .../util-linux/util-linux/CVE-2021-3996.patch | 226 ++ .../util-linux/util-linux/CVE-2022-0563.patch | 161 + .../include-strutils-cleanup-strto-functions.patch | 270 ++ .../recipes-core/util-linux/util-linux_2.35.1.bb | 4 + poky/meta/recipes-devtools/apt/apt.inc | 1 + .../recipes-devtools/apt/apt/CVE-2020-3810.patch | 174 ++ .../recipes-devtools/binutils/binutils-2.34.inc | 2 + .../binutils/binutils/0001-CVE-2021-45078.patch | 257 ++ ...bers-in-the-variable-table-used-when-reso.patch | 32 + .../bootchart2/bootchart2_0.14.9.bb | 2 +- .../cmake/cmake/OEToolchainConfig.cmake | 1 - poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- .../recipes-devtools/gnu-config/gnu-config_git.bb | 2 +- poky/meta/recipes-devtools/go/go-1.14.inc | 4 + .../go/go-1.14/CVE-2021-38297.patch | 97 + .../go/go-1.14/CVE-2022-23772.patch | 50 + .../go/go-1.14/CVE-2022-23806.patch | 142 + .../perl/libxml-parser-perl_2.46.bb | 1 + .../python/python3-jinja2_2.11.3.bb | 2 +- ...roper-detection-of-mips-architecture-for-.patch | 42 +- .../meta/recipes-devtools/python/python3_3.8.12.bb | 363 --- .../meta/recipes-devtools/python/python3_3.8.13.bb | 363 +++ poky/meta/recipes-devtools/qemu/qemu.inc | 6 + .../qemu/qemu/CVE-2020-13253_1.patch | 50 + .../qemu/qemu/CVE-2020-13253_2.patch | 112 + .../qemu/qemu/CVE-2020-13253_3.patch | 86 + .../qemu/qemu/CVE-2020-13253_4.patch | 139 + .../qemu/qemu/CVE-2020-13253_5.patch | 54 + .../qemu/qemu/CVE-2020-13791.patch | 44 + ...zopen_internal-mode-parsing-when-Tn-is-us.patch | 34 + poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 1 + poky/meta/recipes-devtools/ruby/ruby.inc | 4 +- poky/meta/recipes-devtools/ruby/ruby_2.7.4.bb | 93 - poky/meta/recipes-devtools/ruby/ruby_2.7.5.bb | 93 + .../recipes-extended/asciidoc/asciidoc_8.6.9.bb | 2 +- .../ghostscript/ghostscript/CVE-2021-3781_1.patch | 121 + .../ghostscript/ghostscript/CVE-2021-3781_2.patch | 37 + .../ghostscript/ghostscript/CVE-2021-3781_3.patch | 238 ++ .../ghostscript/ghostscript/CVE-2021-45949.patch | 65 + ...eck-stack-limits-after-function-evalution.patch | 51 + .../ghostscript/ghostscript_9.52.bb | 7 +- .../libarchive/libarchive/CVE-2021-36976-1.patch | 321 ++ .../libarchive/libarchive/CVE-2021-36976-2.patch | 121 + .../libarchive/libarchive/CVE-2021-36976-3.patch | 93 + .../libarchive/libarchive_3.4.2.bb | 6 +- .../libsolv/files/CVE-2021-3200.patch | 10 + ...ard-fix-out-of-bounds-OOB-write-fixes-313.patch | 100 + .../recipes-extended/lighttpd/lighttpd_1.4.55.bb | 1 + poky/meta/recipes-extended/lsof/lsof_4.91.bb | 2 +- .../recipes-extended/shadow/shadow-sysroot_4.6.bb | 2 +- poky/meta/recipes-extended/shadow/shadow.inc | 2 +- poky/meta/recipes-extended/timezone/timezone.inc | 8 +- .../0001-sfnt-Fix-heap-buffer-overflow-59308.patch | 3 + .../virglrenderer/virglrenderer_0.8.2.bb | 2 +- .../recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- .../xorg-xserver/xserver-xorg/CVE-2020-14345.patch | 182 -- .../xorg-xserver/xserver-xorg/CVE-2020-14346.patch | 36 - .../xorg-xserver/xserver-xorg/CVE-2020-14347.patch | 38 - .../xorg-xserver/xserver-xorg/CVE-2020-14360.patch | 132 - .../xorg-xserver/xserver-xorg/CVE-2020-14361.patch | 36 - .../xorg-xserver/xserver-xorg/CVE-2020-14362.patch | 70 - .../xorg-xserver/xserver-xorg/CVE-2020-25712.patch | 102 - .../xorg-xserver/xserver-xorg_1.20.14.bb | 34 + .../xorg-xserver/xserver-xorg_1.20.8.bb | 41 - .../linux-firmware/linux-firmware_20211216.bb | 1067 ------- .../linux-firmware/linux-firmware_20220310.bb | 1068 +++++++ .../recipes-kernel/linux/linux-yocto-rt_5.4.bb | 6 +- .../recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 8 +- poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- poky/meta/recipes-kernel/perf/perf.bb | 2 +- .../wireless-regdb/wireless-regdb_2021.08.28.bb | 43 - .../wireless-regdb/wireless-regdb_2022.02.18.bb | 43 + ...-global-buffer-overflow-for-ASCII-tags-wh.patch | 52 + .../561599c99f987dc32ae110370cfdd7df7975586b.patch | 28 + .../eecb0712f4c3a5b449f70c57988260a667ddbdef.patch | 30 + poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 3 + poky/meta/recipes-sato/puzzles/puzzles_git.bb | 2 +- ...ompare-warning-with-glibc-2.34-on-Linux-p.patch | 32 + ...ge-to-elide-a-warning-that-caused-Solaris.patch | 24 + poky/meta/recipes-support/boost/boost_1.72.0.bb | 2 + poky/meta/recipes-support/libcap/libcap_2.32.bb | 2 +- poky/meta/recipes-support/libusb/libusb1_1.0.22.bb | 4 +- .../re2c/re2c/CVE-2018-21232-1.patch | 347 +++ .../re2c/re2c/CVE-2018-21232-2.patch | 243 ++ .../re2c/re2c/CVE-2018-21232-3.patch | 156 + .../re2c/re2c/CVE-2018-21232-4.patch | 166 ++ poky/meta/recipes-support/re2c/re2c_1.0.1.bb | 6 +- ...2.3581-reading-character-past-end-of-line.patch | 62 - ...0001-src-Makefile-improve-reproducibility.patch | 13 +- ....2.3428-using-freed-memory-when-replacing.patch | 83 - ...582-reading-uninitialized-memory-when-giv.patch | 63 - ...611-crash-when-using-CTRL-W-f-without-fin.patch | 92 - ...487-illegal-memory-access-if-buffer-name-.patch | 86 - ...3489-ml_get-error-after-search-with-range.patch | 72 - ...564-invalid-memory-access-when-scrolling-.patch | 97 - .../recipes-support/vim/files/CVE-2021-3778.patch | 61 - .../recipes-support/vim/files/CVE-2021-4069.patch | 43 - .../b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 -- .../vim/files/disable_acl_header_check.patch | 15 +- .../recipes-support/vim/files/no-path-adjust.patch | 8 +- poky/meta/recipes-support/vim/files/racefix.patch | 6 +- .../vim-add-knob-whether-elf.h-are-checked.patch | 13 +- poky/meta/recipes-support/vim/vim.inc | 27 +- poky/scripts/lib/devtool/deploy.py | 2 +- poky/scripts/lib/recipetool/create.py | 2 +- 313 files changed, 18400 insertions(+), 4485 deletions(-) create mode 100644 meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-45079.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/tcpreplay/files/CVE-2020-24265-and-CVE-2020-24266.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/wireshark/files/fix_lemon_path.patch delete mode 100644 meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.15.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb create mode 100644 meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb delete mode 100644 meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.24.bb delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.24.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch create mode 100644 meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch create mode 100644 meta-openembedded/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-26137.patch create mode 100644 meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2021-33503.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch delete mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb create mode 100644 meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb create mode 100644 poky/meta/files/common-licenses/Spencer-94 create mode 100644 poky/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch create mode 100644 poky/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2020-25632.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2020-25647.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.35.bb create mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.37.bb create mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch create mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb create mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-23852.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-23990.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25235.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25236.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25313.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25314.patch create mode 100644 poky/meta/recipes-core/expat/expat/CVE-2022-25315.patch create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch create mode 100644 poky/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch create mode 100644 poky/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch create mode 100644 poky/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch create mode 100644 poky/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch create mode 100644 poky/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch create mode 100644 poky/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch create mode 100644 poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch delete mode 100644 poky/meta/recipes-devtools/python/python3_3.8.12.bb create mode 100644 poky/meta/recipes-devtools/python/python3_3.8.13.bb create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_1.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch create mode 100644 poky/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch delete mode 100644 poky/meta/recipes-devtools/ruby/ruby_2.7.4.bb create mode 100644 poky/meta/recipes-devtools/ruby/ruby_2.7.5.bb create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch create mode 100644 poky/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch create mode 100644 poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch create mode 100644 poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch create mode 100644 poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch create mode 100644 poky/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch create mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb delete mode 100644 poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb delete mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb create mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb delete mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb create mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb create mode 100644 poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch create mode 100644 poky/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch create mode 100644 poky/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch create mode 100644 poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-1.patch create mode 100644 poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch create mode 100644 poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch create mode 100644 poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch delete mode 100644 poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch delete mode 100644 poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch delete mode 100644 poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch delete mode 100644 poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch delete mode 100644 poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch delete mode 100644 poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch delete mode 100644 poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch delete mode 100644 poky/meta/recipes-support/vim/files/CVE-2021-3778.patch delete mode 100644 poky/meta/recipes-support/vim/files/CVE-2021-4069.patch delete mode 100644 poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch diff --git a/meta-openembedded/contrib/pw-am.sh b/meta-openembedded/contrib/pw-am.sh index 8987eee8eb..d9d1187b0b 100755 --- a/meta-openembedded/contrib/pw-am.sh +++ b/meta-openembedded/contrib/pw-am.sh @@ -9,7 +9,7 @@ for patchnumber in $@; do - wget -nv http://patches.openembedded.org/patch/$patchnumber/mbox/ -O pw-am-$patchnumber.patch + wget -nv http://patchwork.yoctoproject.org/patch/$patchnumber/mbox/ -O pw-am-$patchnumber.patch git am -s pw-am-$patchnumber.patch rm pw-am-$patchnumber.patch done diff --git a/meta-openembedded/meta-networking/recipes-support/geoip/geoip_1.6.12.bb b/meta-openembedded/meta-networking/recipes-support/geoip/geoip_1.6.12.bb index 3be1313d38..0efcbec1fc 100644 --- a/meta-openembedded/meta-networking/recipes-support/geoip/geoip_1.6.12.bb +++ b/meta-openembedded/meta-networking/recipes-support/geoip/geoip_1.6.12.bb @@ -10,7 +10,7 @@ SECTION = "libdevel" GEOIP_DATABASE_VERSION = "20181205" -SRC_URI = "git://github.com/maxmind/geoip-api-c.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/maxmind/geoip-api-c.git;branch=main;protocol=https \ http://sources.openembedded.org/GeoIP.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoIP-dat; \ http://sources.openembedded.org/GeoIPv6.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoIPv6-dat; \ http://sources.openembedded.org/GeoLiteCity.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoLiteCity-dat; \ diff --git a/meta-openembedded/meta-networking/recipes-support/netcat/netcat_0.7.1.bb b/meta-openembedded/meta-networking/recipes-support/netcat/netcat_0.7.1.bb index 14d743f820..1e113de519 100644 --- a/meta-openembedded/meta-networking/recipes-support/netcat/netcat_0.7.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/netcat/netcat_0.7.1.bb @@ -16,6 +16,8 @@ SRC_URI[sha256sum] = "b55af0bbdf5acc02d1eb6ab18da2acd77a400bafd074489003f3df0967 inherit autotools +CVE_PRODUCT = "netcat_project:netcat" + do_install_append() { install -d ${D}${bindir} mv ${D}${bindir}/nc ${D}${bindir}/nc.${BPN} diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch new file mode 100644 index 0000000000..b7118ba1fb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch @@ -0,0 +1,62 @@ +From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 28 Sep 2021 17:52:08 +0200 +Subject: [PATCH] Reject RSASSA-PSS params with negative salt length + +The `salt_len` member in the struct is of type `ssize_t` because we use +negative values for special automatic salt lengths when generating +signatures. + +Not checking this could lead to an integer overflow. The value is assigned +to the `len` field of a chunk (`size_t`), which is further used in +calculations to check the padding structure and (if that is passed by a +matching crafted signature value) eventually a memcpy() that will result +in a segmentation fault. + +Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") +Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") +Fixes: CVE-2021-41990 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41990] +CVE: CVE-2021-41990 + +Signed-off-by: Virendra Thakur + +--- + src/libstrongswan/credentials/keys/signature_params.c | 6 +++++- + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c +index d89bd2c96bb5..837de8443d43 100644 +--- a/src/libstrongswan/credentials/keys/signature_params.c ++++ b/src/libstrongswan/credentials/keys/signature_params.c +@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) + case RSASSA_PSS_PARAMS_SALT_LEN: + if (object.len) + { +- params->salt_len = (size_t)asn1_parse_integer_uint64(object); ++ params->salt_len = (ssize_t)asn1_parse_integer_uint64(object); ++ if (params->salt_len < 0) ++ { ++ goto end; ++ } + } + break; + case RSASSA_PSS_PARAMS_TRAILER: +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +index f9bd1d314dec..3a775090883e 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c ++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +@@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, + int i; + bool success = FALSE; + +- if (!params) ++ if (!params || params->salt_len < 0) + { + return FALSE; + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch new file mode 100644 index 0000000000..2d898fa5cf --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch @@ -0,0 +1,41 @@ +From b667237b3a84f601ef5a707ce8eb861c3a5002d3 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 28 Sep 2021 19:38:22 +0200 +Subject: [PATCH] cert-cache: Prevent crash due to integer overflow/sign change + +random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually +equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added +directly to that offset before applying`% CACHE_SIZE` to get an index into +the cache array. If the random value was very high, this resulted in an +integer overflow and a negative index value and, therefore, an out-of-bounds +access of the array and in turn dereferencing invalid pointers when trying +to acquire the read lock. This most likely results in a segmentation fault. + +Fixes: 764e8b2211ce ("reimplemented certificate cache") +Fixes: CVE-2021-41991 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41991] +CVE: CVE-2021-41991 + +Signed-off-by: Virendra Thakur + +--- + src/libstrongswan/credentials/sets/cert_cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c +index f1579c60a9bc..ceebb3843725 100644 +--- a/src/libstrongswan/credentials/sets/cert_cache.c ++++ b/src/libstrongswan/credentials/sets/cert_cache.c +@@ -151,7 +151,7 @@ static void cache(private_cert_cache_t *this, + for (try = 0; try < REPLACE_TRIES; try++) + { + /* replace a random relation */ +- offset = random(); ++ offset = random() % CACHE_SIZE; + for (i = 0; i < CACHE_SIZE; i++) + { + rel = &this->relations[(i + offset) % CACHE_SIZE]; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-45079.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-45079.patch new file mode 100644 index 0000000000..97aa6a0efc --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/CVE-2021-45079.patch @@ -0,0 +1,156 @@ +From 76968cdd6b79f6ae40d674554e902ced192fd33e Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 14 Dec 2021 10:51:35 +0100 +Subject: [PATCH] eap-authenticator: Enforce failure if MSK generation fails + +Without this, the authentication succeeded if the server sent an early +EAP-Success message for mutual, key-generating EAP methods like EAP-TLS, +which may be used in EAP-only scenarios but would complete without server +or client authentication. For clients configured for such EAP-only +scenarios, a rogue server could capture traffic after the tunnel is +established or even access hosts behind the client. For non-mutual EAP +methods, public key server authentication has been enforced for a while. + +A server previously could also crash a client by sending an EAP-Success +immediately without initiating an actual EAP method. + +Fixes: 0706c39cda52 ("added support for EAP methods not establishing an MSK") +Fixes: CVE-2021-45079 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-45079/strongswan-5.5.0-5.9.4_eap_success.patch] +CVE: CVE-2021-45079 +Signed-off-by: Ranjitsinh Rathod + +--- + src/libcharon/plugins/eap_gtc/eap_gtc.c | 2 +- + src/libcharon/plugins/eap_md5/eap_md5.c | 2 +- + src/libcharon/plugins/eap_radius/eap_radius.c | 4 ++- + src/libcharon/sa/eap/eap_method.h | 8 ++++- + .../ikev2/authenticators/eap_authenticator.c | 32 ++++++++++++++++--- + 5 files changed, 40 insertions(+), 8 deletions(-) + +diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c +index 95ba090b79ce..cffb6222c2f8 100644 +--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c ++++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c +@@ -195,7 +195,7 @@ METHOD(eap_method_t, get_type, eap_type_t, + METHOD(eap_method_t, get_msk, status_t, + private_eap_gtc_t *this, chunk_t *msk) + { +- return FAILED; ++ return NOT_SUPPORTED; + } + + METHOD(eap_method_t, get_identifier, uint8_t, +diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c +index ab5f7ff6a823..3a92ad7c0a04 100644 +--- a/src/libcharon/plugins/eap_md5/eap_md5.c ++++ b/src/libcharon/plugins/eap_md5/eap_md5.c +@@ -213,7 +213,7 @@ METHOD(eap_method_t, get_type, eap_type_t, + METHOD(eap_method_t, get_msk, status_t, + private_eap_md5_t *this, chunk_t *msk) + { +- return FAILED; ++ return NOT_SUPPORTED; + } + + METHOD(eap_method_t, is_mutual, bool, +diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c +index 2dc7a423e702..5336dead13d9 100644 +--- a/src/libcharon/plugins/eap_radius/eap_radius.c ++++ b/src/libcharon/plugins/eap_radius/eap_radius.c +@@ -733,7 +733,9 @@ METHOD(eap_method_t, get_msk, status_t, + *out = msk; + return SUCCESS; + } +- return FAILED; ++ /* we assume the selected method did not establish an MSK, if it failed ++ * to establish one, process() would have failed */ ++ return NOT_SUPPORTED; + } + + METHOD(eap_method_t, get_identifier, uint8_t, +diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h +index 0b5218dfec15..33564831f86e 100644 +--- a/src/libcharon/sa/eap/eap_method.h ++++ b/src/libcharon/sa/eap/eap_method.h +@@ -114,10 +114,16 @@ struct eap_method_t { + * Not all EAP methods establish a shared secret. For implementations of + * the EAP-Identity method, get_msk() returns the received identity. + * ++ * @note Returning NOT_SUPPORTED is important for implementations of EAP ++ * methods that don't establish an MSK. In particular as client because ++ * key-generating EAP methods MUST fail to process EAP-Success messages if ++ * no MSK is established. ++ * + * @param msk chunk receiving internal stored MSK + * @return +- * - SUCCESS, or ++ * - SUCCESS, if MSK is established + * - FAILED, if MSK not established (yet) ++ * - NOT_SUPPORTED, for non-MSK-establishing methods + */ + status_t (*get_msk) (eap_method_t *this, chunk_t *msk); + +diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +index e1e6cd7ee6f3..87548fc471a6 100644 +--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c ++++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +@@ -305,9 +305,17 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, + this->method->destroy(this->method); + return server_initiate_eap(this, FALSE); + } +- if (this->method->get_msk(this->method, &this->msk) == SUCCESS) ++ switch (this->method->get_msk(this->method, &this->msk)) + { +- this->msk = chunk_clone(this->msk); ++ case SUCCESS: ++ this->msk = chunk_clone(this->msk); ++ break; ++ case NOT_SUPPORTED: ++ break; ++ case FAILED: ++ default: ++ DBG1(DBG_IKE, "failed to establish MSK"); ++ goto failure; + } + if (vendor) + { +@@ -326,6 +334,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, + return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in)); + case FAILED: + default: ++failure: + /* type might have changed for virtual methods */ + type = this->method->get_type(this->method, &vendor); + if (vendor) +@@ -661,9 +670,24 @@ METHOD(authenticator_t, process_client, status_t, + uint32_t vendor; + auth_cfg_t *cfg; + +- if (this->method->get_msk(this->method, &this->msk) == SUCCESS) ++ if (!this->method) + { +- this->msk = chunk_clone(this->msk); ++ DBG1(DBG_IKE, "received unexpected %N", ++ eap_code_names, eap_payload->get_code(eap_payload)); ++ return FAILED; ++ } ++ switch (this->method->get_msk(this->method, &this->msk)) ++ { ++ case SUCCESS: ++ this->msk = chunk_clone(this->msk); ++ break; ++ case NOT_SUPPORTED: ++ break; ++ case FAILED: ++ default: ++ DBG1(DBG_IKE, "received %N but failed to establish MSK", ++ eap_code_names, eap_payload->get_code(eap_payload)); ++ return FAILED; + } + type = this->method->get_type(this->method, &vendor); + if (vendor) +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb index 8a8809243a..8a5855fb87 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.8.4.bb @@ -11,6 +11,9 @@ SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ file://fix-funtion-parameter.patch \ file://0001-memory.h-Include-stdint.h-for-uintptr_t.patch \ file://0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch \ + file://CVE-2021-41990.patch \ + file://CVE-2021-41991.patch \ + file://CVE-2021-45079.patch \ " SRC_URI[md5sum] = "0634e7f40591bd3f6770e583c3f27d29" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/files/CVE-2020-24265-and-CVE-2020-24266.patch b/meta-openembedded/meta-networking/recipes-support/tcpreplay/files/CVE-2020-24265-and-CVE-2020-24266.patch new file mode 100644 index 0000000000..3ca9a831f4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpreplay/files/CVE-2020-24265-and-CVE-2020-24266.patch @@ -0,0 +1,37 @@ +From d3110859064b15408dbca1294dc7e31c2208504d Mon Sep 17 00:00:00 2001 +From: Gabriel Ganne +Date: Mon, 3 Aug 2020 08:26:38 +0200 +Subject: [PATCH] fix heap-buffer-overflow when DLT_JUNIPER_ETHER + +The test logic on datalen was inverted. + +Processing truncated packats should now raise a warning like the +following: + Warning: was captured using a snaplen of 4 bytes. This may mean you have truncated packets. + +Fixes #616 #617 + +CVE: CVE-2020-24265 +CVE: CVE-2020-24266 +Upstream-Status: Backport [https://github.com/appneta/tcpreplay/commit/d3110859064b15408dbca1294dc7e31c2208504d] + +Signed-off-by: Gabriel Ganne +Signed-off-by: Akash Hadke +Signed-off-by: Akash Hadke +--- + src/common/get.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/common/get.c b/src/common/get.c +index f9ee92d3..0517bf0a 100644 +--- a/src/common/get.c ++++ b/src/common/get.c +@@ -178,7 +178,7 @@ get_l2len(const u_char *pktdata, const int datalen, const int datalink) + break; + + case DLT_JUNIPER_ETHER: +- if (datalen >= 5) { ++ if (datalen < 5) { + l2_len = -1; + break; + } diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.3.3.bb b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.3.3.bb index 39be950ad4..557d323311 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.3.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.3.3.bb @@ -6,7 +6,8 @@ SECTION = "net" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=890b830b22fd632e9ffd996df20338f8" -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz \ + file://CVE-2020-24265-and-CVE-2020-24266.patch" SRC_URI[md5sum] = "53b52bf64f0b6b9443428e657b37bc6b" SRC_URI[sha256sum] = "ed2402caa9434ff5c74b2e7b31178c73e7c7c5c4ea1e1d0e2e39a7dc46958fde" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/files/fix_lemon_path.patch b/meta-openembedded/meta-networking/recipes-support/wireshark/files/fix_lemon_path.patch new file mode 100644 index 0000000000..54438dd870 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/files/fix_lemon_path.patch @@ -0,0 +1,22 @@ +Fix update to build for alt arch machine. + +Commit 9ca6e39c7ee26570e29dc87332ffb0f6c1d0e4a4 changed the UseLemon to use +the target lemon built by the target wireshark. Revert to use the one built by +wireshark-native. + +Upstream-Status: Inappropriate [configuration] +Signed-off: Armin Kuster + +Index: wireshark-3.2.18/cmake/modules/UseLemon.cmake +=================================================================== +--- wireshark-3.2.18.orig/cmake/modules/UseLemon.cmake ++++ wireshark-3.2.18/cmake/modules/UseLemon.cmake +@@ -13,7 +13,7 @@ MACRO(ADD_LEMON_FILES _source _generated + # These files are generated as side-effect + ${_out}.h + ${_out}.out +- COMMAND $ ++ COMMAND lemon + -T${_lemonpardir}/lempar.c + -d. + ${_in} diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.15.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.15.bb deleted file mode 100644 index 36e84d0ccd..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.15.bb +++ /dev/null @@ -1,80 +0,0 @@ -DESCRIPTION = "wireshark - a popular network protocol analyzer" -HOMEPAGE = "http://www.wireshark.org" -SECTION = "net" -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77" - -DEPENDS = "pcre expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native" - -DEPENDS_append_class-target = " wireshark-native chrpath-replacement-native " - -SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz" - -UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" - -SRC_URI[sha256sum] = "32f6cfd67b00903a1bfca02ecc4ccf72db6b70d4fda33e4a099fefb03e849bdb" - -PE = "1" - -inherit cmake pkgconfig python3native perlnative upstream-version-is-even mime mime-xdg - -PACKAGECONFIG ?= "libpcap gnutls libnl libcap sbc" - -PACKAGECONFIG_class-native = "libpcap gnutls ssl libssh" - -PACKAGECONFIG[libcap] = "-DENABLE_CAP=ON,-DENABLE_CAP=OFF -DENABLE_PCAP_NG_DEFAULT=ON, libcap" -PACKAGECONFIG[libpcap] = "-DENABLE_PCAP=ON,-DENABLE_PCAP=OFF -DENABLE_PCAP_NG_DEFAULT=ON , libpcap" -PACKAGECONFIG[libsmi] = "-DENABLE_SMI=ON,-DENABLE_SMI=OFF,libsmi" -PACKAGECONFIG[libnl] = ",,libnl" -PACKAGECONFIG[portaudio] = "-DENABLE_PORTAUDIO=ON,-DENABLE_PORTAUDIO=OFF, portaudio-v19" -PACKAGECONFIG[gnutls] = "-DENABLE_GNUTLS=ON,-DENABLE_GNUTLS=OFF, gnutls" -PACKAGECONFIG[ssl] = ",,openssl" -PACKAGECONFIG[krb5] = "-DENABLE_KRB5=ON,-DENABLE_KRB5=OFF, krb5" -PACKAGECONFIG[lua] = "-DENABLE_LUA=ON,-DENABLE_LUA=OFF, lua" -PACKAGECONFIG[zlib] = "-DENABLE_ZLIB=ON,-DENABLE_ZLIB=OFF, zlib" -PACKAGECONFIG[geoip] = ",, geoip" -PACKAGECONFIG[plugins] = "-DENABLE_PLUGINS=ON,-DENABLE_PLUGINS=OFF" -PACKAGECONFIG[sbc] = "-DENABLE_SBC=ON,-DENABLE_SBC=OFF, sbc" -PACKAGECONFIG[libssh] = ",,libssh2" -PACKAGECONFIG[lz4] = "-DENABLE_LZ4=ON,-DENABLE_LZ4=OFF, lz4" - -# these next two options require addional layers -PACKAGECONFIG[c-ares] = "-DENABLE_CARES=ON,-DENABLE_CARES=OFF, c-ares" -PACKAGECONFIG[qt5] = "-DENABLE_QT5=ON -DBUILD_wireshark=ON, -DENABLE_QT5=OFF -DBUILD_wireshark=OFF, qttools-native qtmultimedia qtsvg" - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'qt5', 'cmake_qt5', '', d)} - -EXTRA_OECMAKE += "-DENABLE_NETLINK=ON \ - -DBUILD_mmdbresolve=OFF \ - -DBUILD_randpktdump=OFF \ - -DBUILD_androiddump=OFF \ - -DBUILD_dcerpcidl2wrs=OFF \ - -DM_INCLUDE_DIR=${includedir} \ - -DM_LIBRARY=${libdir} \ - " -CFLAGS_append = " -lm" - -do_install_append_class-native() { - install -d ${D}${bindir} - for f in lemon - do - install -m 0755 ${B}/run/$f ${D}${bindir} - done -} - -do_install_append_class-target() { - for f in `find ${D}${libdir} ${D}${bindir} -type f -executable` - do - chrpath --delete $f - done -} - -PACKAGE_BEFORE_PN += "tshark" - -FILES_tshark = "${bindir}/tshark ${mandir}/man1/tshark.*" - -FILES_${PN} += "${datadir}*" - -RDEPENDS_tshark = "wireshark" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb new file mode 100644 index 0000000000..f9e22141c4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.18.bb @@ -0,0 +1,81 @@ +DESCRIPTION = "wireshark - a popular network protocol analyzer" +HOMEPAGE = "http://www.wireshark.org" +SECTION = "net" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=6e271234ba1a13c6e512e76b94ac2f77" + +DEPENDS = "pcre expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native" + +DEPENDS_append_class-target = " wireshark-native chrpath-replacement-native " + +SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz \ + file://fix_lemon_path.patch " + +UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" + +SRC_URI[sha256sum] = "bbe75d909b052fcd67a850f149f0d5b1e2531026fc2413946b48570293306887" + +PE = "1" + +inherit cmake pkgconfig python3native perlnative upstream-version-is-even mime mime-xdg + +PACKAGECONFIG ?= "libpcap gnutls libnl libcap sbc" + +PACKAGECONFIG_class-native = "libpcap gnutls ssl libssh" + +PACKAGECONFIG[libcap] = "-DENABLE_CAP=ON,-DENABLE_CAP=OFF -DENABLE_PCAP_NG_DEFAULT=ON, libcap" +PACKAGECONFIG[libpcap] = "-DENABLE_PCAP=ON,-DENABLE_PCAP=OFF -DENABLE_PCAP_NG_DEFAULT=ON , libpcap" +PACKAGECONFIG[libsmi] = "-DENABLE_SMI=ON,-DENABLE_SMI=OFF,libsmi" +PACKAGECONFIG[libnl] = ",,libnl" +PACKAGECONFIG[portaudio] = "-DENABLE_PORTAUDIO=ON,-DENABLE_PORTAUDIO=OFF, portaudio-v19" +PACKAGECONFIG[gnutls] = "-DENABLE_GNUTLS=ON,-DENABLE_GNUTLS=OFF, gnutls" +PACKAGECONFIG[ssl] = ",,openssl" +PACKAGECONFIG[krb5] = "-DENABLE_KRB5=ON,-DENABLE_KRB5=OFF, krb5" +PACKAGECONFIG[lua] = "-DENABLE_LUA=ON,-DENABLE_LUA=OFF, lua" +PACKAGECONFIG[zlib] = "-DENABLE_ZLIB=ON,-DENABLE_ZLIB=OFF, zlib" +PACKAGECONFIG[geoip] = ",, geoip" +PACKAGECONFIG[plugins] = "-DENABLE_PLUGINS=ON,-DENABLE_PLUGINS=OFF" +PACKAGECONFIG[sbc] = "-DENABLE_SBC=ON,-DENABLE_SBC=OFF, sbc" +PACKAGECONFIG[libssh] = ",,libssh2" +PACKAGECONFIG[lz4] = "-DENABLE_LZ4=ON,-DENABLE_LZ4=OFF, lz4" + +# these next two options require addional layers +PACKAGECONFIG[c-ares] = "-DENABLE_CARES=ON,-DENABLE_CARES=OFF, c-ares" +PACKAGECONFIG[qt5] = "-DENABLE_QT5=ON -DBUILD_wireshark=ON, -DENABLE_QT5=OFF -DBUILD_wireshark=OFF, qttools-native qtmultimedia qtsvg" + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'qt5', 'cmake_qt5', '', d)} + +EXTRA_OECMAKE += "-DENABLE_NETLINK=ON \ + -DBUILD_mmdbresolve=OFF \ + -DBUILD_randpktdump=OFF \ + -DBUILD_androiddump=OFF \ + -DBUILD_dcerpcidl2wrs=OFF \ + -DM_INCLUDE_DIR=${includedir} \ + -DM_LIBRARY=${libdir} \ + " +CFLAGS_append = " -lm" + +do_install_append_class-native() { + install -d ${D}${bindir} + for f in lemon + do + install -m 0755 ${B}/run/$f ${D}${bindir} + done +} + +do_install_append_class-target() { + for f in `find ${D}${libdir} ${D}${bindir} -type f -executable` + do + chrpath --delete $f + done +} + +PACKAGE_BEFORE_PN += "tshark" + +FILES_tshark = "${bindir}/tshark ${mandir}/man1/tshark.*" + +FILES_${PN} += "${datadir}*" + +RDEPENDS_tshark = "wireshark" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index 7ef8f69827..cc15a8de31 100644 --- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -56,6 +56,8 @@ EXTRA_OESCONS = "--prefix=${D}${prefix} \ LINKFLAGS='${LDFLAGS}' \ CXXFLAGS='${CXXFLAGS}' \ TARGET_ARCH=${TARGET_ARCH} \ + MONGO_VERSION=${PV} \ + OBJCOPY=${OBJCOPY} \ --ssl \ --disable-warnings-as-errors \ --use-system-zlib \ diff --git a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb new file mode 100644 index 0000000000..79e59a8fea --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.1.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v2.0/linuxptp-${PV}.tgz \ + file://build-Allow-CC-and-prefix-to-be-overriden.patch \ + file://Use-cross-cpp-in-incdefs.patch \ + file://time_t_maybe_long_long.patch \ + " + +SRC_URI[sha256sum] = "6f4669db1733747427217a9e74c8b5ca25c4245947463e9cdb860ec8f5ec797a" + +EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} EXTRA_CFLAGS='${CFLAGS}'" + +export KBUILD_OUTPUT="${RECIPE_SYSROOT}" + +do_install () { + install -d ${D}/${bindir} + install -p ${S}/ptp4l ${D}/${bindir} + install -p ${S}/pmc ${D}/${bindir} + install -p ${S}/phc2sys ${D}/${bindir} + install -p ${S}/hwstamp_ctl ${D}/${bindir} +} diff --git a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb deleted file mode 100644 index c989767790..0000000000 --- a/meta-openembedded/meta-oe/recipes-connectivity/linuxptp/linuxptp_2.0.bb +++ /dev/null @@ -1,24 +0,0 @@ -DESCRIPTION = "Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v${PV}/linuxptp-${PV}.tgz \ - file://build-Allow-CC-and-prefix-to-be-overriden.patch \ - file://Use-cross-cpp-in-incdefs.patch \ - file://time_t_maybe_long_long.patch \ - " - -SRC_URI[md5sum] = "d8bb7374943bb747db7786ac26f17f11" -SRC_URI[sha256sum] = "0a24d9401e87d4af023d201e234d91127d82c350daad93432106284aa9459c7d" - -EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} EXTRA_CFLAGS='${CFLAGS}'" - -export KBUILD_OUTPUT="${RECIPE_SYSROOT}" - -do_install () { - install -d ${D}/${bindir} - install -p ${S}/ptp4l ${D}/${bindir} - install -p ${S}/pmc ${D}/${bindir} - install -p ${S}/phc2sys ${D}/${bindir} - install -p ${S}/hwstamp_ctl ${D}/${bindir} -} diff --git a/meta-openembedded/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch b/meta-openembedded/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch index 2c4ca057f2..1c2fc3813f 100644 --- a/meta-openembedded/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch +++ b/meta-openembedded/meta-oe/recipes-core/dbus/dbus-daemon-proxy/0001-dbus-daemon-proxy-Return-DBUS_HANDLER_RESULT_NOT_YET.patch @@ -21,7 +21,7 @@ index 009e4fd..f3f0d80 100644 if (!dbus_conn) - return; -+ DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; if (verbose) g_print ("New message from server: type='%d' path='%s' iface='%s'" diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb index b9668eb099..3c1c8b0beb 100644 --- a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb +++ b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb @@ -54,7 +54,7 @@ PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt" PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" # gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't # recognized. diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb deleted file mode 100644 index e1a038dfa3..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb +++ /dev/null @@ -1,20 +0,0 @@ -require mariadb.inc -inherit native - -PROVIDES += "mysql5-native" -DEPENDS = "ncurses-native zlib-native bison-native" - -RDEPENDS_${PN} = "" -PACKAGES = "" -EXTRA_OEMAKE = "" - -do_install() { - oe_runmake 'DESTDIR=${D}' install - - install -d ${D}${bindir} - install -m 0755 sql/gen_lex_hash ${D}${bindir}/ - install -m 0755 sql/gen_lex_token ${D}${bindir}/ - install -m 0755 extra/comp_err ${D}${bindir}/ - install -m 0755 scripts/comp_sql ${D}${bindir}/ -} - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.24.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.24.bb new file mode 100644 index 0000000000..e1a038dfa3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.24.bb @@ -0,0 +1,20 @@ +require mariadb.inc +inherit native + +PROVIDES += "mysql5-native" +DEPENDS = "ncurses-native zlib-native bison-native" + +RDEPENDS_${PN} = "" +PACKAGES = "" +EXTRA_OEMAKE = "" + +do_install() { + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${bindir} + install -m 0755 sql/gen_lex_hash ${D}${bindir}/ + install -m 0755 sql/gen_lex_token ${D}${bindir}/ + install -m 0755 extra/comp_err ${D}${bindir}/ + install -m 0755 scripts/comp_sql ${D}${bindir}/ +} + diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc index 0fb0c95ec3..9aca7371af 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -15,12 +15,10 @@ SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz file://support-files-CMakeLists.txt-fix-do_populate_sysroot.patch \ file://sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ file://0001-disable-ucontext-on-musl.patch \ - file://c11_atomics.patch \ - file://clang_version_header_conflict.patch \ file://fix-arm-atomic.patch \ " -SRC_URI[md5sum] = "c3bc7a3eca3b0bbae5748f7b22a55c0c" -SRC_URI[sha256sum] = "87d5e29ee1f18de153266ec658138607703ed2a05b3ffb1f89091d33f4abf545" +SRC_URI[md5sum] = "af39316a6803d13f84fb586635598036" +SRC_URI[sha256sum] = "fe975551b37f095640ea5e380eb896a37e331caf113dbe5d05564714338df846" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch deleted file mode 100644 index b1ce963602..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch +++ /dev/null @@ -1,73 +0,0 @@ -Author: Vicențiu Ciorbaru -Date: Fri Dec 21 19:14:04 2018 +0200 - - Link with libatomic to enable C11 atomics support - - Some architectures (mips) require libatomic to support proper - atomic operations. Check first if support is available without - linking, otherwise use the library. - -Upstream-Status: Pending -Signed-off-by: Khem Raj - -Index: mariadb-10.4.17/configure.cmake -=================================================================== ---- mariadb-10.4.17.orig/configure.cmake -+++ mariadb-10.4.17/configure.cmake -@@ -863,7 +863,25 @@ int main() - long long int *ptr= &var; - return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); - }" --HAVE_GCC_C11_ATOMICS) -+HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+IF (HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ELSE() -+ SET(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES}) -+ LIST(APPEND CMAKE_REQUIRED_LIBRARIES "atomic") -+ CHECK_CXX_SOURCE_COMPILES(" -+ int main() -+ { -+ long long int var= 1; -+ long long int *ptr= &var; -+ return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); -+ }" -+ HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ IF(HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ ENDIF() -+ SET(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES}) -+ENDIF() - - IF(WITH_VALGRIND) - SET(HAVE_valgrind 1) -Index: mariadb-10.4.17/mysys/CMakeLists.txt -=================================================================== ---- mariadb-10.4.17.orig/mysys/CMakeLists.txt -+++ mariadb-10.4.17/mysys/CMakeLists.txt -@@ -78,6 +78,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings - ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY}) - DTRACE_INSTRUMENT(mysys) - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(mysys atomic) -+ENDIF() -+ - IF(HAVE_BFD_H) - TARGET_LINK_LIBRARIES(mysys bfd) - ENDIF(HAVE_BFD_H) -Index: mariadb-10.4.17/sql/CMakeLists.txt -=================================================================== ---- mariadb-10.4.17.orig/sql/CMakeLists.txt -+++ mariadb-10.4.17/sql/CMakeLists.txt -@@ -196,6 +196,10 @@ ELSE() - SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL}) - ENDIF() - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(sql atomic) -+ENDIF() -+ - - IF(MSVC AND NOT WITHOUT_DYNAMIC_PLUGINS) - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch deleted file mode 100644 index c77a869441..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/clang_version_header_conflict.patch +++ /dev/null @@ -1,32 +0,0 @@ -libc++ also has a file called version and this file and how cflags are specified -it ends up including this file and resulting in compile errors - -fixes errors like -storage/mroonga/version:1:1: error: expected unqualified-id -7.07 -^ - -Upstream-Status: Pending -Signed-off-by: Khem Raj - ---- a/storage/mroonga/CMakeLists.txt -+++ b/storage/mroonga/CMakeLists.txt -@@ -80,7 +80,7 @@ else() - set(MRN_SOURCE_DIR ${CMAKE_SOURCE_DIR}) - endif() - --file(READ ${MRN_SOURCE_DIR}/version MRN_VERSION) -+file(READ ${MRN_SOURCE_DIR}/ver MRN_VERSION) - file(READ ${MRN_SOURCE_DIR}/version_major MRN_VERSION_MAJOR) - file(READ ${MRN_SOURCE_DIR}/version_minor MRN_VERSION_MINOR) - file(READ ${MRN_SOURCE_DIR}/version_micro MRN_VERSION_MICRO) ---- /dev/null -+++ b/storage/mroonga/ver -@@ -0,0 +1 @@ -+7.07 -\ No newline at end of file ---- a/storage/mroonga/version -+++ /dev/null -@@ -1 +0,0 @@ --7.07 -\ No newline at end of file diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb deleted file mode 100644 index c0b53379d9..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb +++ /dev/null @@ -1,27 +0,0 @@ -require mariadb.inc - -EXTRA_OECMAKE += "-DSTACK_DIRECTION=-1" - -DEPENDS += "mariadb-native bison-native openssl ncurses zlib libaio libedit libevent libxml2" - -PROVIDES += "mysql5 libmysqlclient" - -RPROVIDES_${PN} += "mysql5" -RREPLACES_${PN} += "mysql5" -RCONFLICTS_${PN} += "mysql5" - -RPROVIDES_${PN}-dbg += "mysql5-dbg" -RREPLACES_${PN}-dbg += "mysql5-dbg" -RCONFLICTS_${PN}-dbg += "mysql5-dbg" - -RPROVIDES_${PN}-leftovers += "mysql5-leftovers" -RREPLACES_${PN}-leftovers += "mysql5-leftovers" -RCONFLICTS_${PN}-leftovers += "mysql5-leftovers" - -RPROVIDES_${PN}-client += "mysql5-client" -RREPLACES_${PN}-client += "mysql5-client" -RCONFLICTS_${PN}-client += "mysql5-client" - -RPROVIDES_${PN}-server += "mysql5-server" -RREPLACES_${PN}-server += "mysql5-server" -RCONFLICTS_${PN}-server += "mysql5-server" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.24.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.24.bb new file mode 100644 index 0000000000..c0b53379d9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.24.bb @@ -0,0 +1,27 @@ +require mariadb.inc + +EXTRA_OECMAKE += "-DSTACK_DIRECTION=-1" + +DEPENDS += "mariadb-native bison-native openssl ncurses zlib libaio libedit libevent libxml2" + +PROVIDES += "mysql5 libmysqlclient" + +RPROVIDES_${PN} += "mysql5" +RREPLACES_${PN} += "mysql5" +RCONFLICTS_${PN} += "mysql5" + +RPROVIDES_${PN}-dbg += "mysql5-dbg" +RREPLACES_${PN}-dbg += "mysql5-dbg" +RCONFLICTS_${PN}-dbg += "mysql5-dbg" + +RPROVIDES_${PN}-leftovers += "mysql5-leftovers" +RREPLACES_${PN}-leftovers += "mysql5-leftovers" +RCONFLICTS_${PN}-leftovers += "mysql5-leftovers" + +RPROVIDES_${PN}-client += "mysql5-client" +RREPLACES_${PN}-client += "mysql5-client" +RCONFLICTS_${PN}-client += "mysql5-client" + +RPROVIDES_${PN}-server += "mysql5-server" +RREPLACES_${PN}-server += "mysql5-server" +RCONFLICTS_${PN}-server += "mysql5-server" diff --git a/meta-openembedded/meta-oe/recipes-devtools/breakpad/breakpad_git.bb b/meta-openembedded/meta-oe/recipes-devtools/breakpad/breakpad_git.bb index cbeb99316e..1e474225a2 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/breakpad/breakpad_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/breakpad/breakpad_git.bb @@ -26,10 +26,10 @@ SRCREV_protobuf = "cb6dd4ef5f82e41e06179dcd57d3b1d9246ad6ac" SRCREV_lss = "8048ece6c16c91acfe0d36d1d3cc0890ab6e945c" SRCREV_gyp = "324dd166b7c0b39d513026fa52d6280ac6d56770" -SRC_URI = "git://github.com/google/breakpad;name=breakpad;branch=master;protocol=https \ - git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=master;protocol=https \ - git://github.com/google/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf;branch=master;protocol=https \ - git://chromium.googlesource.com/linux-syscall-support;protocol=https;destsuffix=git/src/third_party/lss;name=lss;branch=master \ +SRC_URI = "git://github.com/google/breakpad;name=breakpad;branch=main;protocol=https \ + git://github.com/google/googletest.git;destsuffix=git/src/testing/gtest;name=gtest;branch=main;protocol=https \ + git://github.com/google/protobuf.git;destsuffix=git/src/third_party/protobuf/protobuf;name=protobuf;branch=main;protocol=https \ + git://chromium.googlesource.com/linux-syscall-support;protocol=https;destsuffix=git/src/third_party/lss;name=lss;branch=main \ git://chromium.googlesource.com/external/gyp;protocol=https;destsuffix=git/src/tools/gyp;name=gyp;branch=master \ file://0001-include-sys-reg.h-to-get-__WORDSIZE-on-musl-libc.patch \ file://0003-Fix-conflict-between-musl-libc-dirent.h-and-lss.patch \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch new file mode 100644 index 0000000000..dff7fe23a2 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2021-44532.patch @@ -0,0 +1,3090 @@ +From 19873abfb24dce75ffff042efe76dc5633052677 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= +Date: Wed, 29 Dec 2021 19:30:57 -0500 +Subject: [PATCH] crypto,tls: implement safe x509 GeneralName format + +This change introduces JSON-compatible escaping rules for strings that +include X.509 GeneralName components (see RFC 5280). This non-standard +format avoids ambiguities and prevents injection attacks that could +previously lead to X.509 certificates being accepted even though they +were not valid for the target hostname. + +These changes affect the format of subject alternative names and the +format of authority information access. The checkServerIdentity function +has been modified to safely handle the new format, eliminating the +possibility of injecting subject alternative names into the verification +logic. + +Because each subject alternative name is only encoded as a JSON string +literal if necessary for security purposes, this change will only be +visible in rare cases. + +This addresses CVE-2021-44532. + +Co-authored-by: Akshay K +CVE-ID: CVE-2021-44532 +Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/306 +PR-URL: https://github.com/nodejs-private/node-private/pull/300 +Reviewed-By: Michael Dawson +Reviewed-By: Rich Trott + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677] + +CVE: CVE-2021-44532 + +Signed-off-by: Virendra Thakur + +--- + doc/api/errors.md | 8 + + lib/_tls_common.js | 9 + + lib/internal/errors.js | 2 + + lib/tls.js | 52 +- + src/node_crypto_common.cc | 340 ++++++++++-- + test/common/index.js | 7 + + test/fixtures/keys/Makefile | 14 + + .../incorrect_san_correct_subject-cert.pem | 11 + + .../incorrect_san_correct_subject-key.pem | 5 + + test/fixtures/x509-escaping/.gitignore | 2 + + test/fixtures/x509-escaping/alt-0-cert.pem | 29 + + test/fixtures/x509-escaping/alt-1-cert.pem | 28 + + test/fixtures/x509-escaping/alt-10-cert.pem | 28 + + test/fixtures/x509-escaping/alt-11-cert.pem | 28 + + test/fixtures/x509-escaping/alt-12-cert.pem | 28 + + test/fixtures/x509-escaping/alt-13-cert.pem | 28 + + test/fixtures/x509-escaping/alt-14-cert.pem | 29 + + test/fixtures/x509-escaping/alt-15-cert.pem | 29 + + test/fixtures/x509-escaping/alt-16-cert.pem | 29 + + test/fixtures/x509-escaping/alt-17-cert.pem | 29 + + test/fixtures/x509-escaping/alt-18-cert.pem | 29 + + test/fixtures/x509-escaping/alt-19-cert.pem | 29 + + test/fixtures/x509-escaping/alt-2-cert.pem | 28 + + test/fixtures/x509-escaping/alt-20-cert.pem | 29 + + test/fixtures/x509-escaping/alt-21-cert.pem | 29 + + test/fixtures/x509-escaping/alt-22-cert.pem | 28 + + test/fixtures/x509-escaping/alt-23-cert.pem | 28 + + test/fixtures/x509-escaping/alt-24-cert.pem | 28 + + test/fixtures/x509-escaping/alt-25-cert.pem | 29 + + test/fixtures/x509-escaping/alt-26-cert.pem | 29 + + test/fixtures/x509-escaping/alt-27-cert.pem | 28 + + test/fixtures/x509-escaping/alt-28-cert.pem | 28 + + test/fixtures/x509-escaping/alt-29-cert.pem | 28 + + test/fixtures/x509-escaping/alt-3-cert.pem | 28 + + test/fixtures/x509-escaping/alt-30-cert.pem | 28 + + test/fixtures/x509-escaping/alt-4-cert.pem | 28 + + test/fixtures/x509-escaping/alt-5-cert.pem | 29 + + test/fixtures/x509-escaping/alt-6-cert.pem | 28 + + test/fixtures/x509-escaping/alt-7-cert.pem | 28 + + test/fixtures/x509-escaping/alt-8-cert.pem | 28 + + test/fixtures/x509-escaping/alt-9-cert.pem | 28 + + test/fixtures/x509-escaping/create-certs.js | 502 ++++++++++++++++++ + .../x509-escaping/google/intermediate.pem | 11 + + test/fixtures/x509-escaping/google/key.pem | 5 + + test/fixtures/x509-escaping/google/leaf0.pem | 10 + + test/fixtures/x509-escaping/google/leaf1.pem | 10 + + test/fixtures/x509-escaping/google/leaf2.pem | 10 + + test/fixtures/x509-escaping/google/leaf3.pem | 10 + + test/fixtures/x509-escaping/google/leaf4.pem | 10 + + test/fixtures/x509-escaping/google/root.pem | 9 + + test/fixtures/x509-escaping/info-0-cert.pem | 30 ++ + test/fixtures/x509-escaping/info-1-cert.pem | 31 ++ + test/fixtures/x509-escaping/info-2-cert.pem | 29 + + test/fixtures/x509-escaping/info-3-cert.pem | 30 ++ + test/fixtures/x509-escaping/info-4-cert.pem | 29 + + test/fixtures/x509-escaping/package.json | 12 + + test/fixtures/x509-escaping/server-key.pem | 52 ++ + test/parallel/test-tls-0-dns-altname.js | 2 +- + test/parallel/test-x509-escaping.js | 349 ++++++++++++ + 59 files changed, 2429 insertions(+), 42 deletions(-) + create mode 100644 test/fixtures/keys/incorrect_san_correct_subject-cert.pem + create mode 100644 test/fixtures/keys/incorrect_san_correct_subject-key.pem + create mode 100644 test/fixtures/x509-escaping/.gitignore + create mode 100644 test/fixtures/x509-escaping/alt-0-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-1-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-10-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-11-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-12-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-13-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-14-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-15-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-16-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-17-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-18-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-19-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-2-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-20-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-21-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-22-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-23-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-24-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-25-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-26-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-27-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-28-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-29-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-3-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-30-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-4-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-5-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-6-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-7-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-8-cert.pem + create mode 100644 test/fixtures/x509-escaping/alt-9-cert.pem + create mode 100644 test/fixtures/x509-escaping/create-certs.js + create mode 100644 test/fixtures/x509-escaping/google/intermediate.pem + create mode 100644 test/fixtures/x509-escaping/google/key.pem + create mode 100644 test/fixtures/x509-escaping/google/leaf0.pem + create mode 100644 test/fixtures/x509-escaping/google/leaf1.pem + create mode 100644 test/fixtures/x509-escaping/google/leaf2.pem + create mode 100644 test/fixtures/x509-escaping/google/leaf3.pem + create mode 100644 test/fixtures/x509-escaping/google/leaf4.pem + create mode 100644 test/fixtures/x509-escaping/google/root.pem + create mode 100644 test/fixtures/x509-escaping/info-0-cert.pem + create mode 100644 test/fixtures/x509-escaping/info-1-cert.pem + create mode 100644 test/fixtures/x509-escaping/info-2-cert.pem + create mode 100644 test/fixtures/x509-escaping/info-3-cert.pem + create mode 100644 test/fixtures/x509-escaping/info-4-cert.pem + create mode 100644 test/fixtures/x509-escaping/package.json + create mode 100644 test/fixtures/x509-escaping/server-key.pem + create mode 100644 test/parallel/test-x509-escaping.js + +diff --git a/doc/api/errors.md b/doc/api/errors.md +index d5d8e1efa7..9d176d9048 100644 +--- a/doc/api/errors.md ++++ b/doc/api/errors.md +@@ -1869,6 +1869,14 @@ An unspecified or non-specific system error has occurred within the Node.js + process. The error object will have an `err.info` object property with + additional details. + ++ ++### `ERR_TLS_CERT_ALTNAME_FORMAT` ++ ++This error is thrown by `checkServerIdentity` if a user-supplied ++`subjectaltname` property violates encoding rules. Certificate objects produced ++by Node.js itself always comply with encoding rules and will never cause ++this error. ++ + + ### `ERR_TLS_CERT_ALTNAME_INVALID` + +diff --git a/lib/_tls_common.js b/lib/_tls_common.js +index b7a3b70a24..a2a74813f1 100644 +--- a/lib/_tls_common.js ++++ b/lib/_tls_common.js +@@ -23,6 +23,7 @@ + + const { + ArrayIsArray, ++ JSONParse, + ObjectCreate, + } = primordials; + +@@ -323,6 +324,14 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) { + + // XXX: More key validation? + info.replace(/([^\n:]*):([^\n]*)(?:\n|$)/g, (all, key, val) => { ++ if (val.charCodeAt(0) === 0x22) { ++ // The translatePeerCertificate function is only ++ // used on internally created legacy certificate ++ // objects, and any value that contains a quote ++ // will always be a valid JSON string literal, ++ // so this should never throw. ++ val = JSONParse(val); ++ } + if (key in c.infoAccess) + c.infoAccess[key].push(val); + else +diff --git a/lib/internal/errors.js b/lib/internal/errors.js +index 2cf7df436b..cd7153ad1a 100644 +--- a/lib/internal/errors.js ++++ b/lib/internal/errors.js +@@ -1345,6 +1345,8 @@ E('ERR_STREAM_WRAP', 'Stream has StringDecoder set or is in objectMode', Error); + E('ERR_STREAM_WRITE_AFTER_END', 'write after end', Error); + E('ERR_SYNTHETIC', 'JavaScript Callstack', Error); + E('ERR_SYSTEM_ERROR', 'A system error occurred', SystemError); ++E('ERR_TLS_CERT_ALTNAME_FORMAT', 'Invalid subject alternative name string', ++ SyntaxError); + E('ERR_TLS_CERT_ALTNAME_INVALID', function(reason, host, cert) { + this.reason = reason; + this.host = host; +diff --git a/lib/tls.js b/lib/tls.js +index 2ccbe409c9..cefb47d10f 100644 +--- a/lib/tls.js ++++ b/lib/tls.js +@@ -24,11 +24,19 @@ + const { + Array, + ArrayIsArray, ++ ArrayPrototypePush, ++ JSONParse, + ObjectDefineProperty, + ObjectFreeze, ++ RegExpPrototypeExec, ++ StringPrototypeIncludes, ++ StringPrototypeIndexOf, ++ StringPrototypeSplit, ++ StringPrototypeSubstring, + } = primordials; + + const { ++ ERR_TLS_CERT_ALTNAME_FORMAT, + ERR_TLS_CERT_ALTNAME_INVALID, + ERR_OUT_OF_RANGE + } = require('internal/errors').codes; +@@ -207,6 +215,45 @@ function check(hostParts, pattern, wildcards) { + return true; + } + ++// This pattern is used to determine the length of escaped sequences within ++// the subject alt names string. It allows any valid JSON string literal. ++// This MUST match the JSON specification (ECMA-404 / RFC8259) exactly. ++const jsonStringPattern = ++ // eslint-disable-next-line no-control-regex ++ /^"(?:[^"\\\u0000-\u001f]|\\(?:["\\/bfnrt]|u[0-9a-fA-F]{4}))*"/; ++ ++function splitEscapedAltNames(altNames) { ++ const result = []; ++ let currentToken = ''; ++ let offset = 0; ++ while (offset !== altNames.length) { ++ const nextSep = StringPrototypeIndexOf(altNames, ', ', offset); ++ const nextQuote = StringPrototypeIndexOf(altNames, '"', offset); ++ if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) { ++ // There is a quote character and there is no separator before the quote. ++ currentToken += StringPrototypeSubstring(altNames, offset, nextQuote); ++ const match = RegExpPrototypeExec( ++ jsonStringPattern, StringPrototypeSubstring(altNames, nextQuote)); ++ if (!match) { ++ throw new ERR_TLS_CERT_ALTNAME_FORMAT(); ++ } ++ currentToken += JSONParse(match[0]); ++ offset = nextQuote + match[0].length; ++ } else if (nextSep !== -1) { ++ // There is a separator and no quote before it. ++ currentToken += StringPrototypeSubstring(altNames, offset, nextSep); ++ ArrayPrototypePush(result, currentToken); ++ currentToken = ''; ++ offset = nextSep + 2; ++ } else { ++ currentToken += StringPrototypeSubstring(altNames, offset); ++ offset = altNames.length; ++ } ++ } ++ ArrayPrototypePush(result, currentToken); ++ return result; ++} ++ + let urlWarningEmitted = false; + exports.checkServerIdentity = function checkServerIdentity(hostname, cert) { + const subject = cert.subject; +@@ -218,7 +265,10 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert) { + hostname = '' + hostname; + + if (altNames) { +- for (const name of altNames.split(', ')) { ++ const splitAltNames = StringPrototypeIncludes(altNames, '"') ? ++ splitEscapedAltNames(altNames) : ++ StringPrototypeSplit(altNames, ', '); ++ for (const name of splitAltNames) { + if (name.startsWith('DNS:')) { + dnsNames.push(name.slice(4)); + } else if (name.startsWith('URI:')) { +diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc +index 74bc0a9756..53fbc576ef 100644 +--- a/src/node_crypto_common.cc ++++ b/src/node_crypto_common.cc +@@ -480,39 +480,320 @@ void AddFingerprintDigest( + } + } + +-bool SafeX509ExtPrint(const BIOPointer& out, X509_EXTENSION* ext) { +- const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext); ++static inline bool IsSafeAltName(const char* name, size_t length, bool utf8) { ++ for (size_t i = 0; i < length; i++) { ++ char c = name[i]; ++ switch (c) { ++ case '"': ++ case '\\': ++ // These mess with encoding rules. ++ // Fall through. ++ case ',': ++ // Commas make it impossible to split the list of subject alternative ++ // names unambiguously, which is why we have to escape. ++ // Fall through. ++ case '\'': ++ // Single quotes are unlikely to appear in any legitimate values, but they ++ // could be used to make a value look like it was escaped (i.e., enclosed ++ // in single/double quotes). ++ return false; ++ default: ++ if (utf8) { ++ // In UTF8 strings, we require escaping for any ASCII control character, ++ // but NOT for non-ASCII characters. Note that all bytes of any code ++ // point that consists of more than a single byte have their MSB set. ++ if (static_cast(c) < ' ' || c == '\x7f') { ++ return false; ++ } ++ } else { ++ // Check if the char is a control character or non-ASCII character. Note ++ // that char may or may not be a signed type. Regardless, non-ASCII ++ // values will always be outside of this range. ++ if (c < ' ' || c > '~') { ++ return false; ++ } ++ } ++ } ++ } ++ return true; ++} + +- if (method != X509V3_EXT_get_nid(NID_subject_alt_name)) +- return false; ++static inline void PrintAltName(const BIOPointer& out, const char* name, ++ size_t length, bool utf8, ++ const char* safe_prefix) { ++ if (IsSafeAltName(name, length, utf8)) { ++ // For backward-compatibility, append "safe" names without any ++ // modifications. ++ if (safe_prefix != nullptr) { ++ BIO_printf(out.get(), "%s:", safe_prefix); ++ } ++ BIO_write(out.get(), name, length); ++ } else { ++ // If a name is not "safe", we cannot embed it without special ++ // encoding. This does not usually happen, but we don't want to hide ++ // it from the user either. We use JSON compatible escaping here. ++ BIO_write(out.get(), "\"", 1); ++ if (safe_prefix != nullptr) { ++ BIO_printf(out.get(), "%s:", safe_prefix); ++ } ++ for (size_t j = 0; j < length; j++) { ++ char c = static_cast(name[j]); ++ if (c == '\\') { ++ BIO_write(out.get(), "\\\\", 2); ++ } else if (c == '"') { ++ BIO_write(out.get(), "\\\"", 2); ++ } else if ((c >= ' ' && c != ',' && c <= '~') || (utf8 && (c & 0x80))) { ++ // Note that the above condition explicitly excludes commas, which means ++ // that those are encoded as Unicode escape sequences in the "else" ++ // block. That is not strictly necessary, and Node.js itself would parse ++ // it correctly either way. We only do this to account for third-party ++ // code that might be splitting the string at commas (as Node.js itself ++ // used to do). ++ BIO_write(out.get(), &c, 1); ++ } else { ++ // Control character or non-ASCII character. We treat everything as ++ // Latin-1, which corresponds to the first 255 Unicode code points. ++ const char hex[] = "0123456789abcdef"; ++ char u[] = { '\\', 'u', '0', '0', hex[(c & 0xf0) >> 4], hex[c & 0x0f] }; ++ BIO_write(out.get(), u, sizeof(u)); ++ } ++ } ++ BIO_write(out.get(), "\"", 1); ++ } ++} ++ ++static inline void PrintLatin1AltName(const BIOPointer& out, ++ const ASN1_IA5STRING* name, ++ const char* safe_prefix = nullptr) { ++ PrintAltName(out, reinterpret_cast(name->data), name->length, ++ false, safe_prefix); ++} ++ ++static inline void PrintUtf8AltName(const BIOPointer& out, ++ const ASN1_UTF8STRING* name, ++ const char* safe_prefix = nullptr) { ++ PrintAltName(out, reinterpret_cast(name->data), name->length, ++ true, safe_prefix); ++} ++ ++// This function currently emulates the behavior of i2v_GENERAL_NAME in a safer ++// and less ambiguous way. ++// TODO(tniessen): gradually improve the format in the next major version(s) ++static bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { ++ if (gen->type == GEN_DNS) { ++ ASN1_IA5STRING* name = gen->d.dNSName; ++ BIO_write(out.get(), "DNS:", 4); ++ // Note that the preferred name syntax (see RFCs 5280 and 1034) with ++ // wildcards is a subset of what we consider "safe", so spec-compliant DNS ++ // names will never need to be escaped. ++ PrintLatin1AltName(out, name); ++ } else if (gen->type == GEN_EMAIL) { ++ ASN1_IA5STRING* name = gen->d.rfc822Name; ++ BIO_write(out.get(), "email:", 6); ++ PrintLatin1AltName(out, name); ++ } else if (gen->type == GEN_URI) { ++ ASN1_IA5STRING* name = gen->d.uniformResourceIdentifier; ++ BIO_write(out.get(), "URI:", 4); ++ // The set of "safe" names was designed to include just about any URI, ++ // with a few exceptions, most notably URIs that contains commas (see ++ // RFC 2396). In other words, most legitimate URIs will not require ++ // escaping. ++ PrintLatin1AltName(out, name); ++ } else if (gen->type == GEN_DIRNAME) { ++ // For backward compatibility, use X509_NAME_oneline to print the ++ // X509_NAME object. The format is non standard and should be avoided ++ // elsewhere, but conveniently, the function produces ASCII and the output ++ // is unlikely to contains commas or other characters that would require ++ // escaping. With that in mind, note that it SHOULD NOT produce ASCII ++ // output since an RFC5280 AttributeValue may be a UTF8String. ++ // TODO(tniessen): switch to RFC2253 rules in a major release ++ BIO_printf(out.get(), "DirName:"); ++ char oline[256]; ++ if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) != nullptr) { ++ PrintAltName(out, oline, strlen(oline), false, nullptr); ++ } else { ++ return false; ++ } ++ } else if (gen->type == GEN_IPADD) { ++ BIO_printf(out.get(), "IP Address:"); ++ const ASN1_OCTET_STRING* ip = gen->d.ip; ++ const unsigned char* b = ip->data; ++ if (ip->length == 4) { ++ BIO_printf(out.get(), "%d.%d.%d.%d", b[0], b[1], b[2], b[3]); ++ } else if (ip->length == 16) { ++ for (unsigned int j = 0; j < 8; j++) { ++ uint16_t pair = (b[2 * j] << 8) | b[2 * j + 1]; ++ BIO_printf(out.get(), (j == 0) ? "%X" : ":%X", pair); ++ } ++ } else { ++#if OPENSSL_VERSION_MAJOR >= 3 ++ BIO_printf(out.get(), "", ip->length); ++#else ++ BIO_printf(out.get(), ""); ++#endif ++ } ++ } else if (gen->type == GEN_RID) { ++ // TODO(tniessen): unlike OpenSSL's default implementation, never print the ++ // OID as text and instead always print its numeric representation, which is ++ // backward compatible in practice and more future proof (see OBJ_obj2txt). ++ char oline[256]; ++ i2t_ASN1_OBJECT(oline, sizeof(oline), gen->d.rid); ++ BIO_printf(out.get(), "Registered ID:%s", oline); ++ } else if (gen->type == GEN_OTHERNAME) { ++ // TODO(tniessen): the format that is used here is based on OpenSSL's ++ // implementation of i2v_GENERAL_NAME (as of OpenSSL 3.0.1), mostly for ++ // backward compatibility. It is somewhat awkward, especially when passed to ++ // translatePeerCertificate, and should be changed in the future, probably ++ // to the format used by GENERAL_NAME_print (in a major release). ++ bool unicode = true; ++ const char* prefix = nullptr; ++ // OpenSSL 1.1.1 does not support othername in i2v_GENERAL_NAME and may not ++ // define these NIDs. ++#if OPENSSL_VERSION_MAJOR >= 3 ++ int nid = OBJ_obj2nid(gen->d.otherName->type_id); ++ switch (nid) { ++ case NID_id_on_SmtpUTF8Mailbox: ++ prefix = " SmtpUTF8Mailbox:"; ++ break; ++ case NID_XmppAddr: ++ prefix = " XmppAddr:"; ++ break; ++ case NID_SRVName: ++ prefix = " SRVName:"; ++ unicode = false; ++ break; ++ case NID_ms_upn: ++ prefix = " UPN:"; ++ break; ++ case NID_NAIRealm: ++ prefix = " NAIRealm:"; ++ break; ++ } ++#endif // OPENSSL_VERSION_MAJOR >= 3 ++ int val_type = gen->d.otherName->value->type; ++ if (prefix == nullptr || ++ (unicode && val_type != V_ASN1_UTF8STRING) || ++ (!unicode && val_type != V_ASN1_IA5STRING)) { ++ BIO_printf(out.get(), "othername:"); ++ } else { ++ BIO_printf(out.get(), "othername:"); ++ if (unicode) { ++ PrintUtf8AltName(out, gen->d.otherName->value->value.utf8string, ++ prefix); ++ } else { ++ PrintLatin1AltName(out, gen->d.otherName->value->value.ia5string, ++ prefix); ++ } ++ } ++ } else if (gen->type == GEN_X400) { ++ // TODO(tniessen): this is what OpenSSL does, implement properly instead ++ BIO_printf(out.get(), "X400Name:"); ++ } else if (gen->type == GEN_EDIPARTY) { ++ // TODO(tniessen): this is what OpenSSL does, implement properly instead ++ BIO_printf(out.get(), "EdiPartyName:"); ++ } else { ++ // This is safe because X509V3_EXT_d2i would have returned nullptr in this ++ // case already. ++ UNREACHABLE(); ++ } ++ ++ return true; ++} ++ ++bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) { ++ const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext); ++ CHECK(method == X509V3_EXT_get_nid(NID_subject_alt_name)); + + GENERAL_NAMES* names = static_cast(X509V3_EXT_d2i(ext)); + if (names == nullptr) + return false; + ++ bool ok = true; ++ + for (int i = 0; i < sk_GENERAL_NAME_num(names); i++) { + GENERAL_NAME* gen = sk_GENERAL_NAME_value(names, i); + + if (i != 0) + BIO_write(out.get(), ", ", 2); + +- if (gen->type == GEN_DNS) { +- ASN1_IA5STRING* name = gen->d.dNSName; +- +- BIO_write(out.get(), "DNS:", 4); +- BIO_write(out.get(), name->data, name->length); +- } else { +- STACK_OF(CONF_VALUE)* nval = i2v_GENERAL_NAME( +- const_cast(method), gen, nullptr); +- if (nval == nullptr) +- return false; +- X509V3_EXT_val_prn(out.get(), nval, 0, 0); +- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); ++ if (!(ok = PrintGeneralName(out, gen))) { ++ break; + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + +- return true; ++ return ok; ++} ++ ++bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) { ++ const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext); ++ CHECK(method == X509V3_EXT_get_nid(NID_info_access)); ++ ++ AUTHORITY_INFO_ACCESS* descs = ++ static_cast(X509V3_EXT_d2i(ext)); ++ if (descs == nullptr) ++ return false; ++ ++ bool ok = true; ++ ++ for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(descs); i++) { ++ ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(descs, i); ++ ++ if (i != 0) ++ BIO_write(out.get(), "\n", 1); ++ ++ char objtmp[80]; ++ i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); ++ BIO_printf(out.get(), "%s - ", objtmp); ++ if (!(ok = PrintGeneralName(out, desc->location))) { ++ break; ++ } ++ } ++ sk_ACCESS_DESCRIPTION_pop_free(descs, ACCESS_DESCRIPTION_free); ++ ++#if OPENSSL_VERSION_MAJOR < 3 ++ BIO_write(out.get(), "\n", 1); ++#endif ++ ++ return ok; ++} ++ ++v8::MaybeLocal GetSubjectAltNameString( ++ Environment* env, ++ const BIOPointer& bio, ++ X509* cert) { ++ int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); ++ if (index < 0) ++ return Undefined(env->isolate()); ++ ++ X509_EXTENSION* ext = X509_get_ext(cert, index); ++ CHECK_NOT_NULL(ext); ++ ++ if (!SafeX509SubjectAltNamePrint(bio, ext)) { ++ USE(BIO_reset(bio.get())); ++ return v8::Null(env->isolate()); ++ } ++ ++ return ToV8Value(env, bio); ++} ++ ++v8::MaybeLocal GetInfoAccessString( ++ Environment* env, ++ const BIOPointer& bio, ++ X509* cert) { ++ int index = X509_get_ext_by_NID(cert, NID_info_access, -1); ++ if (index < 0) ++ return Undefined(env->isolate()); ++ ++ X509_EXTENSION* ext = X509_get_ext(cert, index); ++ CHECK_NOT_NULL(ext); ++ ++ if (!SafeX509InfoAccessPrint(bio, ext)) { ++ USE(BIO_reset(bio.get())); ++ return v8::Null(env->isolate()); ++ } ++ ++ return ToV8Value(env, bio); + } + + MaybeLocal GetFingerprintDigest( +@@ -628,27 +909,6 @@ MaybeLocal GetModulusString( + return ToV8Value(env, bio); + } + +-template +-MaybeLocal GetInfoString( +- Environment* env, +- const BIOPointer& bio, +- X509* cert) { +- int index = X509_get_ext_by_NID(cert, nid, -1); +- if (index < 0) +- return Undefined(env->isolate()); +- +- X509_EXTENSION* ext = X509_get_ext(cert, index); +- CHECK_NOT_NULL(ext); +- +- if (!SafeX509ExtPrint(bio, ext) && +- X509V3_EXT_print(bio.get(), ext, 0, 0) != 1) { +- USE(BIO_reset(bio.get())); +- return Null(env->isolate()); +- } +- +- return ToV8Value(env, bio); +-} +- + MaybeLocal GetIssuerString( + Environment* env, + const BIOPointer& bio, +@@ -917,11 +1177,11 @@ MaybeLocal X509ToObject(Environment* env, X509* cert) { + !Set(context, + info, + env->subjectaltname_string(), +- GetInfoString(env, bio, cert)) || ++ GetSubjectAltNameString(env, bio, cert)) || + !Set(context, + info, + env->infoaccess_string(), +- GetInfoString(env, bio, cert))) { ++ GetInfoAccessString(env, bio, cert))) { + return MaybeLocal(); + } + +diff --git a/test/common/index.js b/test/common/index.js +index 8cd9841527..98b586cafd 100644 +--- a/test/common/index.js ++++ b/test/common/index.js +@@ -51,6 +51,11 @@ const noop = () => {}; + const hasCrypto = Boolean(process.versions.openssl) && + !process.env.NODE_SKIP_CRYPTO; + ++const hasOpenSSL3 = hasCrypto && ++ require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368; ++ ++const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; ++ + // Check for flags. Skip this for workers (both, the `cluster` module and + // `worker_threads`) and child processes. + // If the binary was built without-ssl then the crypto flags are +@@ -714,6 +719,8 @@ const common = { + getTTYfd, + hasIntl, + hasCrypto, ++ hasOpenSSL3, ++ hasQuic, + hasMultiLocalhost, + invalidArgTypeHelper, + isAIX, +diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile +index 824704c724..49cc29ad1c 100644 +--- a/test/fixtures/keys/Makefile ++++ b/test/fixtures/keys/Makefile +@@ -75,6 +75,8 @@ all: \ + ed448_public.pem \ + x448_private.pem \ + x448_public.pem \ ++ incorrect_san_correct_subject-cert.pem \ ++ incorrect_san_correct_subject-key.pem \ + + # + # Create Certificate Authority: ca1 +@@ -733,6 +735,18 @@ x448_private.pem: + x448_public.pem: x448_private.pem + openssl pkey -in x448_private.pem -pubout -out x448_public.pem + ++incorrect_san_correct_subject-cert.pem: incorrect_san_correct_subject-key.pem ++ openssl req -x509 \ ++ -key incorrect_san_correct_subject-key.pem \ ++ -out incorrect_san_correct_subject-cert.pem \ ++ -sha256 \ ++ -days 3650 \ ++ -subj "/CN=good.example.com" \ ++ -addext "subjectAltName = DNS:evil.example.com" ++ ++incorrect_san_correct_subject-key.pem: ++ openssl ecparam -name prime256v1 -genkey -noout -out incorrect_san_correct_subject-key.pem ++ + clean: + rm -f *.pfx *.pem *.srl ca2-database.txt ca2-serial fake-startcom-root-serial *.print *.old fake-startcom-root-issued-certs/*.pem + @> fake-startcom-root-database.txt +diff --git a/test/fixtures/keys/incorrect_san_correct_subject-cert.pem b/test/fixtures/keys/incorrect_san_correct_subject-cert.pem +new file mode 100644 +index 0000000000..787d9f1135 +--- /dev/null ++++ b/test/fixtures/keys/incorrect_san_correct_subject-cert.pem +@@ -0,0 +1,11 @@ ++-----BEGIN CERTIFICATE----- ++MIIBqDCCAU6gAwIBAgIUE3Kx4WUjkwuKy/fBOM+UJkb9aSAwCgYIKoZIzj0EAwIw ++GzEZMBcGA1UEAwwQZ29vZC5leGFtcGxlLmNvbTAeFw0yMTEyMTExNjUxNDVaFw0z ++MTEyMDkxNjUxNDVaMBsxGTAXBgNVBAMMEGdvb2QuZXhhbXBsZS5jb20wWTATBgcq ++hkjOPQIBBggqhkjOPQMBBwNCAASQ/CKa5uMZuLYssnNOm7DPdw3I5Doa0Qpyf3cS ++7aGatfK3tuY8qG7nJ5OGtl1WOL/gN0vRRN0/KA/iRJyjafzzo3AwbjAdBgNVHQ4E ++FgQUFkpgPzE1ePjK5UsPcR0gk5uLsTUwHwYDVR0jBBgwFoAUFkpgPzE1ePjK5UsP ++cR0gk5uLsTUwDwYDVR0TAQH/BAUwAwEB/zAbBgNVHREEFDASghBldmlsLmV4YW1w ++bGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCMZAinQXkOEhfp+moxVnLbcUPAAqsl ++1KCq3NRG91TGCgIgC4grmOhCRqJMF1RPNWobGogX/yNrYNjiGzNVyJzMR0s= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/keys/incorrect_san_correct_subject-key.pem b/test/fixtures/keys/incorrect_san_correct_subject-key.pem +new file mode 100644 +index 0000000000..f7f51253a8 +--- /dev/null ++++ b/test/fixtures/keys/incorrect_san_correct_subject-key.pem +@@ -0,0 +1,5 @@ ++-----BEGIN EC PRIVATE KEY----- ++MHcCAQEEIOOVRgLS3H2T2fUhj4ASCFq60ySwO6yvSK6rvZHldAHuoAoGCCqGSM49 ++AwEHoUQDQgAEkPwimubjGbi2LLJzTpuwz3cNyOQ6GtEKcn93Eu2hmrXyt7bmPKhu ++5yeThrZdVji/4DdL0UTdPygP4kSco2n88w== ++-----END EC PRIVATE KEY----- +diff --git a/test/fixtures/x509-escaping/.gitignore b/test/fixtures/x509-escaping/.gitignore +new file mode 100644 +index 0000000000..504afef81f +--- /dev/null ++++ b/test/fixtures/x509-escaping/.gitignore +@@ -0,0 +1,2 @@ ++node_modules/ ++package-lock.json +diff --git a/test/fixtures/x509-escaping/alt-0-cert.pem b/test/fixtures/x509-escaping/alt-0-cert.pem +new file mode 100644 +index 0000000000..30e6fa6c3f +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-0-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++NTAzMDEGA1UdEQQqMCiCJmdvb2QuZXhhbXBsZS5jb20sIEROUzpldmlsLmV4YW1w ++bGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQAcsy+PIduM8NRrdqcTqufiajsAajQz ++eB5+5+lZLi9MliXqoS4HsdrDMDevMa2cC+wB+XZW9SJXjtqrwXAxTAHtEyhsCi25 ++XV0sJPWmZM+OQkGTtp7Ain12htr/t/DJ13YJpT03W6kYogA1kKJ5OMYMTcGT+7UB ++zM4G2LUSrrSisxhfz9bF8Q9s1piG2gb5ACEQUiMLRrZXl8WLlaY59lloKyMa/9g6 ++i3TgLxhp7XNS/bh/f2tDx+7ZgdtHUlkNhl1MycIVQRGK3BaZBEd+sDxS52kwym5I ++CWLXGLutU3OeaNgqyvZuMvy//2oER3PysizyjwNoFlUbIz3zMnXvBeEjeGtEHsCJ ++EBtX+xBWwMhUKE2QcMLxQaZNJCZFVFw8fDeEgFjTdEBcLsZ1PngT3jgXSHEWA+YL ++C3rQhFMjyjy2h8u1sjySFrTlbZPm8gC3q/+LaXxhf5i5xiZOOcVfeYiWFUa5gQal ++FaWj2SlQFaN2nidPaQO62vRIYn0Y/qbtUQAPkq4VVeycgxiuZaVVWCdct8UCYb9F ++b9QSMpK4r99MKy+s41RiJodDJy0XraOxy7hUDjyObL2fuuPUK6mQAFGwWtajv3qq ++vrRMvBEXdOPVmbETyzIosUHvOXT+v8WoCbC14mqMZTWVywRg7bD/NTHJDRIBrqvi ++O6Zqbod3EImVnQ== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-1-cert.pem b/test/fixtures/x509-escaping/alt-1-cert.pem +new file mode 100644 +index 0000000000..63883c2bbf +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-1-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++IjAgMB4GA1UdEQQXMBWGE2h0dHA6Ly9leGFtcGxlLmNvbS8wDQYJKoZIhvcNAQEL ++BQADggIBACFwNHWQ5w3UBbyq17emn7Z0BT0Zm5iFr8Qeik75WzbyzXd5QIeFWewB ++qmiuaoKGGZ674sGcuomnIwoZBCoqvzbBBqBHp+O3/6pq59THQxeE6vhjKAe8oaih ++emdigRmkX+Qi8UwUh76B51wHtkp6zAZnLDn8M67qmP7bjNrrMQeE81wRWYz9ssfd ++N63dzu2BdD3EGl4CepdszpfUYLkz6iiDwFkc1NaBcQbBDoGqn2ubNXTHAyGGeL5a ++ulDCND0FQtg+jhHHE3zXBqh1nPg/cXXRUG2zjxzUnaU2eMs5b4yqoLN/2n7fb7mV ++HRh0T6X1HZcYpf5BSsgmr3Ngd/9b3sYRvNXBkVmKAu8dH7zguksczsvbL9r/u2YX ++hgGjNT3xSphJbZTzqsACcoDo67EFkJ5p25f0N1i/rxk7O6uLMtrUqnzOXs6NXgEQ ++8lyfVEgLFrXzdKXuk2l/6bwym80Eqdpjv5yCckCl24cFVpc15MRP3MPwIHrtoOLw ++bdNZA5NUAnppLmG6zTdPPgBWEmf5+4ei9WjmpG1hq72/nJ1qM2dLIgV5nLggr1UH ++i+vih+ujceBLVumAu/naP440xO5HRvpPfDWI+eU/wuXjUyAqe6YlYS+Txu/5YnFh ++aMHO+PIgudWwGPhkABtrc/1jC+Yfy+GCtih10zBagoN9/DSugh0H ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-10-cert.pem b/test/fixtures/x509-escaping/alt-10-cert.pem +new file mode 100644 +index 0000000000..14bec45d28 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-10-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIExTCCAq2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++FDASMBAGA1UdEQQJMAeHBQAICAQEMA0GCSqGSIb3DQEBCwUAA4ICAQA+jnyjJ/9X ++ENWXApq2g+GlWBM07KpsrxzwDXc6wsOnZCIiMoDqpcH96X8Q2Lahc4mZuz4yOZtv ++z8Q9YUDTnJY+RtKYNDbxlz7wI1ASxKdP0X1qdzkYtHH752tG/zwVU2FSvqJLw+nl ++rPJvQQ82/30BspejbW0JIfO7JnfN5BHPzzJp/V5tI1KQe+Wh0gEq6UvXjFrkCoeU ++gaedPaG2RYDi1LWawRque7pnYzrcJCtc+wb8wiL1dRv7fDDmI7fFm3Bj6Rnid4/6 ++/CxK3WqLBQrXoGnPGwI4iR17Rx08hPCL2V8NvDuJlagJe/Vc6LzOEixofoHGx4rG ++Cm0AKubKbak/ML/rjyP2TiUmOhhm3Xdml3xexedErkgTLtlvmC0jesYuc4MeypNx ++Q0eKRnChRGZYT9kaNgXZG1Scq63vpxKhayVvwU4ahGQS+nmuZdbRMEMIH6YkGxo/ ++i5qmNxQPLMLE6HclSdDtUxN4ywQAQ49CaTCxVYq7dLTzpII3ldQ+KuefenaXrYGE ++7TyqJBVdsTq0Bg2Ftf7GaoidJ/ZjjkB3Sj5uVQFMfU8uSATOolBOzh6fSiQJ60Zn ++CtAAkb9uOwTl67Qijo4qAe9JRNqR9H5d65D0Vx+gdhcZVEriqIVhXVcgsvYQ55Ju ++VGhc/foVd+vBuM3jXEdGR+DN/dEu+HZrhQ== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-11-cert.pem b/test/fixtures/x509-escaping/alt-11-cert.pem +new file mode 100644 +index 0000000000..694cb7e9d8 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-11-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIExjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++FTATMBEGA1UdEQQKMAiHBgABAgMEBTANBgkqhkiG9w0BAQsFAAOCAgEAp2nxfYla ++giNJ9S2owtp/5DxB3jIhQJzmdSxuUKVwWBffmzxrTkOoK/IcGkq3hu27GIy+ICFc ++YkSsAE3DfboSTStxhkVZKMVv+e5tXPQ0i+Z+CSgHZbrnaA7nH0UPEgFFddhqogGw ++LGE54iZ3D7ZYebTw/ELCIHNu9KeOStF7j04WXG7qRrqza5NmKqlxTC5tGoWAljzN ++cdC2BdK7H2+6de3c4dBsYqcL2IgwNhA1uKIsDjJwwkOPmCEPl+7DjleI3IAKpROh ++vX66DLaAsLEkoHsN7XTienHF8o/avIMGUfb0rtNLbwW8tzfjeAaJ7iTSm7ibhBLP ++fK+n7Osh9QH+lG0K7M2zez7Kd3u+eNgTEG63gVR+zDZQwkA2Hy1o4zmZ+a3iCtdi ++w6JGq3TT8nfPNO4kSoq7EYs6daPnGi3sqNRC20t4FZw0jOpvI4Uw7rPcTTqmAeAw ++9H37WU3URD2EP8BpkoZiOShMHzNGqlC9qbqr5dd83Lkdz9gN4w3ipdbiiGFGPXhT ++YubUecjwXoBUUI+be/edVbg7RtSSuplDv5l4bBSy+BG8JEUL6CKAUEtt2Tpt2SVD ++AIaj0B19/DSYq1e4x8IBVBsI2RnEEpP70bdLiSYLhVhMdzp0PRqDVDE+zt4mm0lx ++NRDSdNS1/rJEH1gLQEh4SGMs9iY5Vv+kx28= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-12-cert.pem b/test/fixtures/x509-escaping/alt-12-cert.pem +new file mode 100644 +index 0000000000..7e48ebdf05 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-12-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++HzAdMBsGA1UdEQQUMBKHEAoLDA0ODwAAAAAAAHp7fH0wDQYJKoZIhvcNAQELBQAD ++ggIBAEMU6XcjSdQ+EG22BsyAYin2d3g9Fd0gljsuyEyw2qwFE1zeNqz2sFX7GdmP ++hEmUVdzQ0EQsHtKiO2BIhU5fkLoGIkJQT0MY/Tkc3xCLjVBG9ryHNjhv4aYfcvZ2 ++K8LwWu5na5YtpmEHppFTmhQFHK9Yf2Jeh5Ms1VH2jwKR8iFM9dk0wcB74Y1WqyX0 ++bhNUzv0ISvz/DK6rN0CM0OiZ7D1toMFJIslEcZD/MCZ0icFwRgGLzooDbm1xtixo ++NjgdswdiL0cS/wgSdzu9eIugUQZU2KvUWYXGqYMDpn7iukiZSKQuFhZGcuK17zyR ++y6TkDFe9rTxVtw9SAxjlo94rEqWN9Cns0n7tqAI/Wg6ILHUjUFwqSdrZQTEgH4O3 ++tfhRkV4HCgP1Tzfz/20uMBqjCLbdt7xcSfLIiHgaxgwM0LGhH2Uk3oYinL2WIUDi ++bZPI+1bzeyZ/tHw4sDxkGn3W3Nr44Td/5DAFz1lRMxAliVwHNzFTiY7IjCqmB0DL ++z91agdgPMdh/huFvGJZHS/v7EXMSXyNLyIw+5JO12iwf4+pu8NLnOtMoHDB4yY0w ++MEerc4e8SmygBQGF0MrcmirdT+7yiKRktZZFuyQoj4fBSKeBaBKUrnnk4UYw9H8f ++j/EQwM87PmYjTwYPrJ0Kz5r4dmAUvq4z2ReLgM08Ve4SPa79 ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-13-cert.pem b/test/fixtures/x509-escaping/alt-13-cert.pem +new file mode 100644 +index 0000000000..574ad1ca8f +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-13-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIEzzCCAregAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++HjAcMBoGA1UdEQQTMBGBD2Zvb0BleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC ++AgEAkx9jG86PMjL+/UxlhX0B/gIKHyTVrEt8j+/fn74uMnd7CV7toK6f5DANIxYp ++3OJWAFYZ2lNS3MQMxpbjpd7D0BeNwhiJyBnRPhJ9KdsvdXnupF5ANNzr3oMioWwL ++3WxvmQDEz35sorae5nzuZu8EpuwgodR0NCEmoPdW9JOUiB7k3Ku5goZHqlrdzM8f ++YPbRDNOxSIpRqr5eqhEM9tEf+TF6qOM/NZJlXxtGDVdaDTbaULuCJGEW8TdVajnY ++FfWWtIHwF64G5qJTgENqJjR1kkJy5vg2lFoDXE8MG+LvTHfyY0rMilncD2YOBLcj ++gb3mBTxZGI2w2KZbchgEvA9+0heumAVJQPfdGs+pCUdvlhwWh8FCvu3aQb5X57OU ++3D97vwvEs8Mxm0KHf0o0ZnTvaBWN5htX2bbpvYxGGB0SsWM8r1LIXj8bwGNdViV8 ++UWNrg37XyGCppL1jXJ1q+DDKOvi0JR384ocRmS8mWUf9qiAMOqveix38rHezWlEm ++4TCscq4tv135nM194D6uilzv4mUxLAMTX8Lvag1R3aKuOHio9lCGep4v776kALE6 ++9/rekRGoMwNApoaC96x+V/dkbfnjWcxRXL5TvjDwVInl+RCcn6ijYZM0HYc+U1Dw ++MwqBCbP2Y9Ee7xcnAgPbqH2svWG7XadQHAcOEDc/DFsPRG8= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-14-cert.pem b/test/fixtures/x509-escaping/alt-14-cert.pem +new file mode 100644 +index 0000000000..0265b5992c +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-14-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++NDAyMDAGA1UdEQQpMCeBJWZvb0BleGFtcGxlLmNvbSwgRE5TOmdvb2QuZXhhbXBs ++ZS5jb20wDQYJKoZIhvcNAQELBQADggIBABf7bojDeoFEFyk/Xzo50sAL+5irJYzV ++n//5aEvUotYxQt5coi7UnkKUgdiUhIXD8WaxD9KP3nUH+C3cxAQ+I7iVjFhjqFQB ++X4c/ZjJA2QIX7VMWA3kpOFvR5N0HHest097Fi/HUEEXNkcUtCkRNtI2Msse9uz09 ++DIv9P0IQ2TFgBRCTJwq2ZfVebHk/xoQ5fV9b0b39ts6ToiuMvGJVng2zz8fVNMah ++hycCn0WSb6dPi9k0ItSvRTYL6vp9X842+Q0Xkq0FxQPUcvzN7D1tSmHXDM7nYXp3 ++FB6DKASp0+nn+J88RXVSpO0JedEyRDEluxHJcan+hqhWJ4DgamlVTEPN3q5yE4lt ++Jr/R5tnx0Lv0CxDTAfZLaFiKb2jz9nVhzbCh7t21mxyb2mOM+GAxRaIgxodeNJoY ++QA6Ezz4cbjjA72Rgi+tBxy2abXpbbJ/vX7FUhs0ICFKZJHvFoxazgtSGgHHYNxhc ++/+9o6Y9jhunwGn/MaoxWJsdSjZ8VX7HY0iOSU3z4d4PWvIz05n4sGoJET6s1JuKe ++dZAAeQy0V5/EzxIu4GPGrzVtk2SQhNHVJZKponZeCRruruGT5Z1T+gF5YSqVM6BA ++XA0ZVXwOEbZ5XRIzBBbaiX3Eeful50ILOiP/uxLlcZtTtOyT4wNBgijfJehRHbED ++ppJk42EFZKb2 ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-15-cert.pem b/test/fixtures/x509-escaping/alt-15-cert.pem +new file mode 100644 +index 0000000000..70a98fb90b +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-15-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwISGFubm92 ++ZXIwDQYJKoZIhvcNAQELBQADggIBABIv7Wlg5F1gh0+0v/+LnushmLeypcXQGqkg ++E2IxXC2VnZxq8xTFCHy/m1qTBLPJK5VIg5qmtstL9zIk9rOUshQvusvNLplC0j3o ++GuQdQJNKV7rrzYYpUZO1en11q27AgDsO6lwSNg4U+mqzJxxIHc8IMeJpfaGTkUz/ ++ZXXNz04JJalUff+W2436vSvu8Y82fD72/qNu6EMiOl0EHJFQ/7eCAlz6hSNleLT/ ++N2GztApNzujbPgH7+PHOeVpwppDuXY1rkmPJMxCqkY8yOwyM5dMov0bjIN1f+QXv ++7voxVGMTefUajKADaNGMShH5rhgjIWBgujvdCyLPr6W2R4S1QPzjx4X26eTX1G8V ++/eTsJ6mMc+3cd6CEmEahUnc6LdEdwm+1SMRG2nejea4o8c+crwYX5KQVrqx92FqB ++SdkdCtS6qlnxJVvSz+HW6lEM0EShvjKEz/udsnttALQjhxfB7AHNWA073o/OiH25 ++Y9QpUudmWJjOoqRokN0SV4rDQnfNcLKIoVFPu+rG2CpBDjUsoxG3/aC8Owcd8Ceh ++w+O/DqQXudXFS3RsePbz4rPfID9YtBHrihCE10B70DUutWPsbe5lKie3wJpQbqvl ++zp5kkI5RffVU7OFD6os3+wPomdIG21Cf/fru56nV3FmkINCabLQddes7OarQcZ5y ++xsumEzq+ ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-16-cert.pem b/test/fixtures/x509-escaping/alt-16-cert.pem +new file mode 100644 +index 0000000000..64f852ceeb +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-16-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwITcO8bmNo ++ZW4wDQYJKoZIhvcNAQELBQADggIBAEID22h5WK1YJrKUmmO0owley+tL519YwJbs ++FwbwPz7+SJKA+UQNqVXYOGLwDJ6A6OzsV1TnJuwGotTmvNwr7eOVyLf03qggIYEj ++5Twgk57gJmqE+Q8UXUq2ocALUcgReZhluhNoL1XYQMbDaHYwh9HSOP7udEszVQoE ++m1D74cSiW803XnqPJGj0i1s9mD6AEewPl2k0mQ0hTMM3rlE1jOCj4Jx81tWH5KNY ++LXn/LhFomeo/LAU4PCFTt65tAomKTNXq0GwuunU62fy8pwh9QUpD3Vfrkm4+08uz ++WXSk9PeaF8tOs5pRwVMRr0GIdnQHa9GKuBBSZEvkGTxLM+cxO7jp5qSs2IRVpI5s ++ztlJQcJpeTRNCEF7gM98nMqDqve/IySGle9s1RjpnBuSD9UKzbMGeBuZK8d0JfBt ++7XF3i6Tu74EbBL/mP/0xoHausW9Yo8HZhXjm5k9P7m9xxlq2JSSXeQCLbKFT/SN+ ++Q3bS6rh0HaqLP8Gd3OyU+aOOy13Tr167LEFNK6DlfSadITuHwRMNvCk8UIDRDzAZ ++kXVXdT5UfUe4IJU6OPVsFfntTX6G8s2/K4WropnjD5NjBJ0ppvPgCBqEA03mCGVt ++IunRhQypiA0+SilM7BX6jD97IcmnbSyQ6fUkIdDBTMlX3MoYXkT00gDT3y8D/aKw ++KTd5SKbD ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-17-cert.pem b/test/fixtures/x509-escaping/alt-17-cert.pem +new file mode 100644 +index 0000000000..f09f41b918 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-17-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++RTBDMEEGA1UdEQQ6MDikNjA0MQswCQYDVQQGEwJERTElMCMGA1UEBwwcQmVybGlu ++LCBETlM6Z29vZC5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAchR9+hds ++zMK0NKgiX32XxJJ79tlo2sRMCZqij8Lqfyz7JDlTMSvIVqcrmimlAMX5u8BxKRXG ++99KzXhbJb6Hnj2i6fQobxpD6nKnPSUcoiiWccmp8jmcKQW7M6TuqOfEdEnKpf0BF ++vNFBjXGxs0KqOArX/1d0DqYS1LTnxaC6NimgvjAqKVRm9mqj62pc9//ixCgHkqLJ ++stuoSerbo/mO0ieY1wq9r9TZT1epacVrQpJFWeJWhow94WutMNesJSWLcxX63mH4 ++j0LHEEkHLa1UkMzM2RkHTVhKrthCiuyrtqrglLsdPInU7ZYVONyUrR2D1tMy52mB ++b1HzzP43pomBJtp3OeEZtBDwmmGgD8RBdVK/T9hcK02cvB1w1yr4LHUeYLMqrZaP ++SJHQ7kv9AV5Os64SYW9+7cqjt1q4VmaEqcuCqvB6mORHWHnsa6PQ19myA7OdqNpT ++WAK3D94tpbGPTzfhUCHk0w0fPzJ4A1+S6g4eHX4iQQxxDg9sXV4ZRvAEKnJhs2S7 ++OhtXdfyu/1+lfaunN13SyxMwyyxHzylEU707Sisxse2usX1Zy2zxqD+LO/9iIu1S ++76/rquhiOFRWxSpjb7ewpH97OGFmtzfH70vBBukn0alT4xjkje10NlBfzcFwHWQH ++59nxPd5sUEqq+DxTjoAgwO91woU7UTs98lw= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-18-cert.pem b/test/fixtures/x509-escaping/alt-18-cert.pem +new file mode 100644 +index 0000000000..341ac0b7ce +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-18-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIFBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++VjBUMFIGA1UdEQRLMEmkRzBFMQswCQYDVQQGEwJERTE2MDQGA1UEBwwtQmVybGlu ++LCBETlM6Z29vZC5leGFtcGxlLmNvbQBldmlsLmV4YW1wbGUuY29tMA0GCSqGSIb3 ++DQEBCwUAA4ICAQBFUk2Z1E5Q4mW7S8dLz5h78AmfNbwx9eNtECc8iLQq2Q0MuIzQ ++noURyNSHhH2hkohU4afXjolCr54DkJNYogrBwHaNDt3Y3wqGQXc+BKRnqblfr1+A ++1EoIaqRFjv/Mu2gB0H4U3vBRYriZu7BhQFXiQHAr6hWLG91B1eN1i+my9zOSoSZF ++7BuemB/9F4wjvwmDJieSwOgGk3FhNV64Ce9M95RwDKNSJBTBqOTLoyvOw2jgs22m ++MntqW9oRywGeHdJ5EucPBrZQKDNysNFj3We8H7PedGNlnG/QknE6pzpRgqbRCAax ++hcvGQIaMcUJ3oWhJuPNscjsJ/nfaitz58nH5raj4O8JhlS1h49NpbJO/pAWMHh0d ++ZruXspxdEwW17aMJJ365q0XyVysRHiwQuIQYCo8L7oVUsH5FUJ9xxPH22b+PG05r ++EABdID+aDV7X/MNwBxgeBOFVOgE5bfrH8NBjkx/F7ID/hjcQDLVWWoFnpIjekebC ++EeqTRl5TcnoN9Dc7zkfwmuYGoaYJrGhj7WRvfFgcw1Cr1xujiJtoKbEbMoeD45+H ++SQ8MwBb37Gm3aBNakpVmJlp/QZSJY403hA8QrZdjnqoS4THrC0+gN2q71aZ9ZCZY ++3+OPNg659ZcYvo1onBSA0p1WGKEAWdHKqZCVRdsl5LnRg4H5gEVW4gmhjA== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-19-cert.pem b/test/fixtures/x509-escaping/alt-19-cert.pem +new file mode 100644 +index 0000000000..f163184204 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-19-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIFCDCCAvCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++VzBVMFMGA1UdEQRMMEqkSDBGMQswCQYDVQQGEwJERTE3MDUGA1UEBwwuQmVybGlu ++LCBETlM6Z29vZC5leGFtcGxlLmNvbVwAZXZpbC5leGFtcGxlLmNvbTANBgkqhkiG ++9w0BAQsFAAOCAgEAWtSJOhwRpYdB/aq/AixRTIpwf5VR3MWaDNh7clpnpYhYoLDY ++7dJ8cv3AR5dOScFXLrCZ2UYVD+tTPyt18opnYDT4h6If/U9TTHVu5tRSX0wGIdPc ++j3zVVegty/HWMA5LfwygNTvZjgXhocckNND7hC42+BuXE2bqoqnkqMRer/R+9PmU ++FXpyLk0aDl2QmspDAz86FYpEuxpMfmDNmM1nWDz+n+uBbeuriTttsFqFWkfOGoNN ++/3tAmUjAt5IqkL+7rnDt6Lc9inY0z3uYGJEdqa0GJJFJ7U+8wcw8rUwvKETqAtW1 ++mBOswkoCImPeNDpiqiotwl4cfrsb1+j9gNpYTP2oSurh/bF0mxGLoJa1iDeibwqg +++f6oWcCdYQ94ItvS3d+lNXT0MWM6HU6sHXf3+5SqvsvsKjUBRyy1Nvnug1bha6Qv ++bdeErN0ZSGy12Vc90Y5fpl8kebmYiJc79OqvuTNDeRfgBm+U4ASAj/AEhtbN+wDd ++HrUHbk/9U9h0UFRZ5s7Pqoy5PEoLRoFeA/jQQa/fLC8nl7YTSwidVgj8cyAy36sV ++uaBNXrcgelqlR26SBynXM3APaFlv5IdSlF199swMCusQrGbiNajl21TUm+Iv+84g ++x7rnUPnQ1grkLpMOBtGaraKc93e2VfH5bAZvyaIq99qdA10ERCtE2grvjik= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-2-cert.pem b/test/fixtures/x509-escaping/alt-2-cert.pem +new file mode 100644 +index 0000000000..6ae58f5636 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-2-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++KjAoMCYGA1UdEQQfMB2GG2h0dHA6Ly9leGFtcGxlLmNvbS8/YT1iJmM9ZDANBgkq ++hkiG9w0BAQsFAAOCAgEANTZFCjNmspLkZaVYkcAXfT2poPPWAu7wS/wG4VEmKwPV ++A4dnFV2McXNW/iyABeoofeIjsjiYLpxTvz3teD2JJh+hidNED77PV7f4hj7vs4Dn ++DGB3HKJvTD63AVOiPJ4bbfUyiuvLO5TwdxAGm+q9lsf/fWFraTF2qlnFwyWf6Qul +++NQo3bM8mErvntZMscq7wo0cOdAXA0bNqxKS+IDnc+HLxoEr2egbRJmEagMgV4/U +++AGVQ1sY+HrEszOPUA6NZ/OzLuXUT3swm+4rqJZEQ3AVr2BdqSzoiGHqqzmfKO33 ++sODcYXuED0sUkIhRZE1vW+wXR94WQsT5C4MtHabNjpPLSH7cVjGvEfTX8DJH/F7p ++OdMmXxvPey0wLGJwoZMMhG/XC8Nb1g+qCLLou9WuA7KHMibfiYdBnPcMDg3fwWwg ++pYzrvK/S6f5h6TS8y9zKxCJwTdfC7f4KT6EjxQFhgHCm8oFupOLSEZKF0UmLMeOA ++J504ZnGdhEG5p9AqQNBlyBsGGmSyQkSJg1BPB6U7wFBSwrXS+3b2ph4J5RivH68O ++CKjR7yWl7M75LOa1dt133GmhPUUGHLsjHTnuCDVB0eHcgboonKTjCSAmckNKm/uw ++tAUMkO3puty5JM38b8AwFRDXLnlWdSsNr9j243SHOfKyFWidjwglRpVGBhoECtA= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-20-cert.pem b/test/fixtures/x509-escaping/alt-20-cert.pem +new file mode 100644 +index 0000000000..eca176f2df +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-20-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++MTAvMC0GA1UdEQQmMCSkIjAgMQswCQYDVQQGEwJERTERMA8GA1UEBwwIQmVybGlu ++DQowDQYJKoZIhvcNAQELBQADggIBAKvkEHjR6lk0AlKiC7oltE+gp7SpVHdKs7I4 ++zswnbZ1EcddA9D6hjemU+nIUriLkt8BxY+KxNtkwDm5mvXZn5E4XDXzRDsCdNZXE ++qx9og9LhkhfGbPJ1LPutQ0VmqPwY17mRUeaLhNIwOmD7g++oVHYmZWqA8tHVB9f+ ++gP5Ni2x/PX772Vt/hIpI14VoYIsMFs4Ewjc0Gc02DvOdsDT9eUmAo6GNOAbxeRS/ ++D2D0w6CQhwJ+cemcAo0lGw8KemCYfqzL+MQd8wUGPsiZgm5wQACOp+ImL4guy2gX ++h60W9Gtxu77jsjF7n0n4LlInylrZAgw09CkehUfF4+cP2kZDTcsuqOoCVYATAGxa ++49ZvuRHoo5Ine5PcfuARS09LmxgI0fdsjaRvRELYIRWHTvE+zCLlNkxkpwXULgZZ ++bpJ08L52P+jz+HJPeiHZnYKXgtXyGLpwG1danS600tqiMmDh0G9Ss+UzwhS+jhN5 ++viIvpmns0zvI1Z1IWPw3y27pw7rmLVcFMbEZFK5mwHiT10iRrT4sxihWIT+sn6n5 ++5baup/od4kSJABQy9LAuhhuZHyCfxC2yPYz70sP8qGVtY+rA3LNe0ns6pY1L77DR ++QIRD/Mm2hql91+U222mxikdT4WQEheh2cLwdg/T1uo/SQDruliNZncdNbTGDmnhc ++cg1mw5tk ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-21-cert.pem b/test/fixtures/x509-escaping/alt-21-cert.pem +new file mode 100644 +index 0000000000..16d5e7265b +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-21-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++QzBBMD8GA1UdEQQ4MDakNDAyMQswCQYDVQQGEwJERTEjMCEGA1UEBwwaQmVybGlu ++L0NOPWdvb2QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAHdccJEkqezS ++GSNNVIWv9XffNTrZnejms90h66UDC4O9shHMy0aNWgmGuu7uFi1BK4sTciXT+ZR5 ++3+1ni3WKMhJ5Iu1aNlNeXULOlmuHKVJKrAj8BR7lflSFqj/MHnw22HU+BTmddZPj ++F/OCl2W+O+eUNBTTmYI2+pZgmyyU9v8qEwLZn57qlpAJa4gpnSRYQS1xfSaUgAcM ++xtZM/AE4F9mDFOdO86/RxXsYRyT0+sOGmaoJrlTWoKduoI7fhzQAIGHnhn9yBT60 ++0K6LmCR2dXRyLxxVTy0Laiz487IXpQTJ8jo6c0wT6SeiQBlE0W3FTH3IM8Shzd7b ++5tbix0bCR1pUT2Q46oaB4xkEweKNGKS46kIps6mpTav3TMhNDVyalUfF4fOu4FQu ++RLB6B/I1TI1KHiTeD9xfNInBAdO9ewjWQ9spFei3EExZmvnnWKZIA82mjG/9Wcdh ++HFK/uEylzo1Nsxujv2V6ueMYc0pF4XH2U1Azjxb0+pWUZhoy537Nlf8b+PO/GSG8 ++del0yPwf6JP5AZdXfiV8vNqwEGCC/BEIPrbZ6Zz1q6lT+7GZAGkzbMYlfkzA1lXh ++JteRIracA38WfQOHf3FOPYvTBOPlVHWB+tJbwlalYQqCPupMaaxxizCLPIsNvqdy ++TAtC5Jbx6N1DdeyHpRuKRUe1M926oKTp ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-22-cert.pem b/test/fixtures/x509-escaping/alt-22-cert.pem +new file mode 100644 +index 0000000000..5f89b00dfd +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-22-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIEyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++GDAWMBQGA1UdEQQNMAuICSqGSIb3DQEBCzANBgkqhkiG9w0BAQsFAAOCAgEAE8vG ++nLYo/G+3Cuzir4toX726vLOkCEqZrkRE18dc3px/CgmEI/6+4lWjp3u/9MxER+kT ++t5o5Xin+vmg5F+hocR16mMeX6pjD6tXJ+uzDacTxDgRBFdbqX4x8Fjiig0FXsr3H ++jFBY2c4UcKszFlCTqjH1/RfwLYJPU6Q1WZM+1iJotSKnhK7y4A/3jho7sL0PPuMG ++WEoxbTBmpAf+jPT+LRe2MY++VnVJHjlPba+S4Y9PHOzizQuIJs7YnhNIqA9So7Iv ++eA7Lp8GID+w/eY4DEq4z6CIuCplKZTrrWH0kQbG1sV4J5+W+JL0DOXDk91JwkOPH ++rWf6aOb3akFRk5Z/PrrcTAlqtApPQF4uGycQBo8KgcatZyP/3HZZHyyxhEjF9sw/ ++STHm93GlCIwocJ+SkwjBmdupv6Yk8fRmA7LinjVvi7EnQQ7qcRE3oUCPPReDD96G ++TuDsGkQbv5WQSh+0mBAiTFze3C6FSNcldQBrlWReqOj6pVWtUN49lpYOJ2XfLCQe ++RjS7IUYNn7Ku3xXi2etgNzmJXcSnNXZkh+3henpFqkwEFJ5b5RgOHXULTwoqo9KS ++YMs3eKHp62J6l0pQD+wTGUyVU8cJghJ0hR1WnNR7o32Bos2dfBmIQgET4ZH/P2+H ++A2gtbJO5mRsTvuD+kZut1jxJvUzuO0yZoNpuUVQ= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-23-cert.pem b/test/fixtures/x509-escaping/alt-23-cert.pem +new file mode 100644 +index 0000000000..5cd6795cde +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-23-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIExTCCAq2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++FDASMBAGA1UdEQQJMAeIBSvODwwiMA0GCSqGSIb3DQEBCwUAA4ICAQBps3VQshvW ++9HDR2oDXSldWNW2SWksa+9npI4IEMDusiDbLdR0VBphw2R3iUuJ4IAPDc1s/SMi0 ++1t1o92lC5zVeTq9LvOOC1KxwbZXDubFDmdsuJ/DYPDkaRoDqoH7eFsJuIyD/TKqm ++HXPYmWmjUNv51SSLTTqPRz2TmLQVA1Iw7J7H3fz2LExsAtczx6gRZJPIZGdMx6do ++E67SUp/2RPYtkEmmCELOxCAh/Pzm6pBPncI86AMTNwppl+FpqaH0LPrqMre40tTt ++cQq/0XrMWRoWsS3VU8uor+aGTnNp5VT3ZLVmXZNyG7nISW7ERaGCeTZJRcqwjeH/ ++yPxhQc7IpYCm5x+HN2sDuvVC7l/q1A7+CbO3jNR5Gb7aEEyGiKb5ZkElbsulfwom ++JOg1K8+SBDGrErEf0MDCenKY2g0lhpKGBwu6O+RVmKbhlHEjt2/31/NCSBMLopdU ++AmCNoBo3+KaRljo1lVf7tWbffNRCqsbPZPHtq9uXs0DliJTUroaJ584h92VrSLJB ++SdAUVLAwzmwu2Pa4bp0STv5tJy1hFNJdVFQ4rgAfaFudXy41K9zqrDCB7RbzX7Yi ++97TCDu/phzkoFpOZabqTrvcP13N0wfDeOx4Y9nx77aeqTAaQ0ooTG9IWrHmjuUKF ++wpEXQBfkuXug5+xq/hlCllkPj67cIaldDQ== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-24-cert.pem b/test/fixtures/x509-escaping/alt-24-cert.pem +new file mode 100644 +index 0000000000..2a858dd39a +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-24-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAWgCAwGYWJjMTIzMA0GCSqGSIb3DQEB ++CwUAA4ICAQCKRaPaQO4+oztra70h3g1qwmJurQ1vGBdcXh27nf9epFAwhU1zL5v7 ++7wN7iclY15BX3w3WrZ+ag74AvQLG6WQkDY1JCmidEjjt2bmVTxIus0H9Bb2AlUEw ++BtVYMJrr+fiWbfSwRxhMQa9BQ6ZcUA7EluYQFApo2m7GIcMc4x51L/bwzmsXYj4t ++2tjnkU7clL+7GR/w/+ZB7nIe80j7wYvIbOfMS3Yxh+uu0aQCNdoh9Tsdtu1jtmJv ++4lJ5aZIDABE/XIFVkWRyHv2ou14J/LXUKE3HPEhSKWu7GShrdTeS+gZpOixM+uPG ++ieHah1GfJMS69P82Z72Cr7XWpQY0NKwMB+ePhTzz1LMBHQ5ySXQCViQRClRMc5K+ ++cXZm8cs6oe4IEhMcf3kc/9xblgRWqxX7vsb6Gcrn1eXsfxco17S1yNBzTt75ybt9 ++kvPmrWqpg+sQ0r4473DjEASoSCPwlzCpd7AHOw+XxSwsOUNXkEnXMa2v2VHBjx06 ++QnrLenB/n7EQ5Vo9JLDMLM6ie4gfehHxfdyoBg21jN9eUPpKGnjARVvyfDWV+7rI ++ZHU7wc2iMnqroAqm9FZ0YBqZ/eI8M4ZAYSvDKnGZQlUWfhdNDhI4FsHBPymMFtjW ++ln5eFUNLMoitMGs12Ib+omr9WSTxRj97GvRkRTNK5Gxmo9Mi/Pkxng== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-25-cert.pem b/test/fixtures/x509-escaping/alt-25-cert.pem +new file mode 100644 +index 0000000000..695b8ebba8 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-25-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++OTA3MDUGA1UdEQQuMCygKgYIKwYBBQUHCAWgHgwcYWJjMTIzLCBETlM6Z29vZC5l ++eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAIgp7IrYYdLCoUqg7E4igLD3u ++C68B896uoeenMmTKDfCzvB5svYKZlfIi3njJUZ2G6kgBNcSd/mwQ2ggex9AEUiGp ++uaT7Dpev3RpwtCz5zpOZxN+B0LJk4hPzzE4sjJFrmHRgJVzADL5RdcEF7+GV81nP ++X/cXviffkxSihAFALArAaOA6/hBoT6unvlDsY3cxgZWFl3ao76vTQFLs7ZNHYbHe ++WDkkNpheWmNlOrVTEz0vjNCQz5wYOM6HJ0O3cxzR/6+OnhPQagZRCWApPopYGuxc ++kXHAPbEkXpVzJTrNgHIvZ3l3JdJSHsh+DdGVz1NY4bogQNKCVa3xt+zLpUrr34XM ++61Z91MekMijfjOsy7LGLSBdCPCZ00enXPkflDEhv1kRlbo/ZdYGHynzl6Xzu1A5B ++nuwDbpsCzR6ij8fZDXGUS7F8Iemdfag4XTtrXnVXLgPpD/FMzJUx4kCIAjgh2MaP ++0nUvZDVYt+GKGohCNDrSt2ByFtbYGaX5GeMIp8zW+GT8KUW/K7pp9PjsmzG6vvQd ++kqxB45ddf87E8NoDWh/ptdj3pjfbDc5A1SeXKGXrt1TwgWHtUNW0zF8qOuG+PZ1P ++u10lUx4gayyF3unaSLZwYu8nYq5C7mC9DjjnbjLhsh0VOIEEh+Q8vJH8OvZFkyti ++l2ADXC+6evQTvqLwXi8= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-26-cert.pem b/test/fixtures/x509-escaping/alt-26-cert.pem +new file mode 100644 +index 0000000000..1204d95a8a +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-26-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++NDAyMDAGA1UdEQQpMCegJQYIKwYBBQUHCAWgGQwXZ29vZC5leGFtcGxlLmNvbQBh ++YmMxMjMwDQYJKoZIhvcNAQELBQADggIBAKmgEHc9b/bscpyO5mTKrITyoYtbhz/P ++0Uz2Uc4tKokUI9EBuuD/XX4EjtVzne9mssAAs9EhBSFmNhDjpAUYh9n2cFvAJQit ++4d9EbaNbB3SuzG5onu8ZBtfLsABr5L5tQspO3tinamSM2ZuRo4dvcQ2a38C38LAQ ++HBnvZ744Th3LckPMLTWNChe3E2jAt8Av0XA2yVJ/B+EeEaqSYDALKhI49CLeq96L ++m/Vq/mqADborW51pMNFn7CAF1jxizQNHy6K0E95ziq8q/OL7j4+j8Erh4x7bcjrQ ++X04Z+hrA9q5AjG++ieztKqGuGxHeSclqBhOdnU0UI528Vn0OXRxeMmbqMF+qhx17 ++nHuxxs4z5CIdTwHA6LgMUpDxcOhdUctIj32gwZM3UHI8lmdRTWn13y/Ht6CpIXCL ++1ohSXne5y34z4AKeJQpdUfwQD552Ui8B+bhH1JBm5phjLn1fboXCYiCgnPQ+SJzx ++3hsIv7Fji7lfk1UPkr0s7Ze8b/seYS8nVB5rg4qXEwFDMo9zsjCEIyg0tKwj5Ani ++HlYzqjjsIK50TPjXYOA9J+NHcBDCDa3r8TBtRGtQqOXQGzvWTqAyT8Uwn7jimmh+ ++EGDr4PJSTJxv43EYL+of0sRHkOhnfFfJYF9vQLT+wD6l+6T1xNPE/gjX8DyQS9a3 ++zOgdOiTp0AKH ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-27-cert.pem b/test/fixtures/x509-escaping/alt-27-cert.pem +new file mode 100644 +index 0000000000..268abdd300 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-27-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++IDAeMBwGA1UdEQQVMBOgEQYFK84PDCKgCAwGYWJjMTIzMA0GCSqGSIb3DQEBCwUA ++A4ICAQBtXT+t0fuBRClJdY6y01k1jqcsXEkmKOr4czznuiloGVEjpbjmxzxsgvzw ++nz3od6Sx56SHG1xYbKDCapX9Ld2IDsPvpF2wdH2wpIS5DI7tQdBpLm7vr3vTYKwm ++Wns+WKO5VBHDLCyuYvHNo37MJCAfBlr1ni7BCLOg3eycPiANJHPD2T9BnXlJm49K ++166VMviuiLBEyO9tadhvQHGqCX3D4pW31zwsKHvS4wau15N4yt053Iac6eaysdTp ++mspw5jX85tlQ9XxKNTftUVJU9Uzk2ll4A0Gvnq2FEjiqf6m3tye2nsqDI3C81Dwb ++Y/+AeO7ZsVyLpIstfUBFmpLGPUoZ5MNmgrboGf8K8dPPgVbmbS0msrsI4LWSQb8P ++R2hzj0F7bFvgbZad7rFXJW9FQOqTwvJrZBkkDpZpeNbhah14avV2Ftrc5+PtVfP0 ++jB1L3nhc5KGpGL4xqE19K+GVR/KBREgiFD7B7NYUOPt9NjFTrbbC3XA8L0MC7PNh ++ySDN/NCiIF9K9MtpC8BYuNBlRt5C82L37qPY4Tw3z9sCyXK5oOQ4xdbdDEWdwzc5 ++F2S4zfQiB7y+C9RigOyGPChxBqDK/bCExrG1S2b95oP4QMuaL55iXnaG9ME8sCoa ++cUd62cMPk7piQW29oFiQPYsStfo09u9JXbalKhol9oPrDtQfrQ== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-28-cert.pem b/test/fixtures/x509-escaping/alt-28-cert.pem +new file mode 100644 +index 0000000000..147fba3aff +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-28-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAegCBYGYWJjMTIzMA0GCSqGSIb3DQEB ++CwUAA4ICAQA2KjgKCSLg/rDajrBTtVIu14rAP1pMwFZWrxcpTbN+fOs2dYQXZf7d ++/GaozSMSchjPAJ8lTFfEB20Mur/E284LlQPuQKqHHn3gIh92VkHHBHjj0ohnfigg ++eBHNMUisuGyNzKV7VI1+iwCoPBZC7ptbE4X08osVxxRESj+IT0TwtKDONTIIeogW ++6VhsKTQ1HM6AMbhVe0Led/ENxFFMquB25GG/hVB4ZzPmsJZzNdZYNNMa34kNcMN3 ++5OFcxWV/4Hc77JYsqM9fE9gBaKC9pQE0XwIrOMQSaGYx+GO8Ty33YlM+oYBt6TMH ++/9oU8HVvEYW9GAyptNbXPOwyv/wikNBsJyDGfvuDoiTZ9iMFb/bEoWHSK/rYmAgk ++D272zxiPS3YgaZkvhlYZ+60w5CCgXoN5L0Zq9yAOTv92/VHFnMPrTP7zfD+4eUHY ++lg+A7pOCIUK4cIDUXQefn1dU5/8DHJ8aM+KQDBfkKOH3me3GzIKjtKQjhwYFiJ8L ++vD4V6+nq90GasShQDKUbMVbCxfyqlvrXOP0an+FxdknadnD5hRT3UsU9SRxAdkXi ++3er2sXpuULYqOst55Ahnj7D5uDN4KBoatZwFd1iw0CVPoox7ixZ2zOAkwVqzaEAq ++0yWyIlELm9/FdF78fu6LPrFKI1H4MH+0TQrF4MiyJWPvET7t8WKJsA== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-29-cert.pem b/test/fixtures/x509-escaping/alt-29-cert.pem +new file mode 100644 +index 0000000000..434bda3e8e +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-29-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE1DCCArygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++IzAhMB8GA1UdEQQYMBagFAYIKwYBBQUHCAegCAwGYWJjMTIzMA0GCSqGSIb3DQEB ++CwUAA4ICAQCIFfHE09aftJrS629ZBBRKjRiVcxN0/FjeEHWbnb+3Re/LoU/Y64BT ++LmjMBB6wik3JxxUtLs2UYExQKfz3zmB+O99lR94of3V3RXPCe9Dz8C12iohYBvVO ++q+WzXyg8g4zoIndn9+ByR+JJsuk+WVTZd50wRaRvssUB5yhpLaFdZpnLUBdV5J2d ++shmefZxr0NgMb9p75wvWgZ2BiZQDeTR93+PWaZTMdSxZh6ynfG//5sxxw5fLm3pv ++eVo3oQQ8px9j8G83ouiDZJn7XZgNfXYNq7wo3yaqXX0zlCE00K6tXGI6FkKJnVdQ ++si+JYfGjzTM39JqFU9YYOOc3Gfw20iKIEQ0jnE0Z+z9Pv2GAel0UNdovluttxu9R ++CJcPJOLS+TMd/sAwCAELvhPpeWsDLhfd+lG7ofE/nM6hzec6apWYyCqqlYIdE8WK ++rtHXBIMGk/5Eo+2KDGQHgpMs/P8fNUL6FBx/i1pjm5nSHveDQryepEmOJq9NJCBW ++1AJhE4jCXMv+43Fnr1OSATNiOd+1KfQ7KC5PFkpZLY4GDFZcbLBKYj1TWx4WzRnm ++EW7cC/00Z3Cd76L5i+y1Xr44nbQcAMw6TlT6vvZjFCbCO+ZDUJSZBZMpWwBI/gAf ++MNzYPltOGm+GZUuxib2MSF9Qy8c9NegENmsK+zyPT3N9mUHCl9nknA== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-3-cert.pem b/test/fixtures/x509-escaping/alt-3-cert.pem +new file mode 100644 +index 0000000000..59185b64a4 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-3-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE1jCCAr6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++JTAjMCEGA1UdEQQaMBiGFmh0dHA6Ly9leGFtcGxlLmNvbS9hLGIwDQYJKoZIhvcN ++AQELBQADggIBAEKwv45Zp5xJEGENPrOIwrGmuBDMtBPmXtSKydKSNUgrv08u4dHL ++n295L7jIwQ3SnRjS8PrZWD8RQ46hgFRY9pqk1uTys4jB7lki0eAUBC7oPn7q0GUv ++ojdSwOEjp5bfXyuRv7Z+3y2gD8pcCZsqcCjF5Svim6Q3pXMLRKQFhzhzL9k/gsNF ++lJ8KcLBECJSm5nUrZIRHPdIGYmWJG+t8CfS3E6OIyHILK1xCc1MasEpmYVoY9uzT ++2W2z+3pvwQqfdXO+lEOsT9dnjM/WbnkQMTWAn+++YFtkvA4kON4b/cp9imnXok02 ++vq7MCbN+b5CJXIhKMC5eNA36ez5hou0MUmnsNo9ai1gVJXRoL67YgUh1yMfcAaSM ++Sfy3UBF++Az/yQo4AWtqWk4KPePdcsrYo9Fke1inUl+M12gkdIz+efbElHMqehbt ++lunbyFI/7CY6/Tno+T1cDkQlTouHK8Ddb1cPhkJbE4euRuLGdtn2AcFSemYGtib0 ++ffuhnEBF8M8enPVyLjYA/3sELkmmaHMtgDTm0+XYQJtjIbvGcY7+bftPZgbXPVGv ++7+tiYjwarIexXN5yzMasgFI5+7qLSQJHcmwrzOm8K+Bzx34f20vwR4M2FJ6cqUeN ++qzdN1HSNp8aYNilaFa3+hfGRG9CZnVP8up8BwYx736EMu0G3yAp6UqqJ ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-30-cert.pem b/test/fixtures/x509-escaping/alt-30-cert.pem +new file mode 100644 +index 0000000000..1b67d1f782 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-30-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE1TCCAr2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++JDAiMCAGA1UdEQQZMBegFQYIKwYBBQUHCAegCRYHYWJjAGRlZjANBgkqhkiG9w0B ++AQsFAAOCAgEAgG06c7GRpPohHa1X/YQVQGWa/J/f3qok3cu1nrD2H5Dkw1eAVPcQ ++lsng08lOxwSI0OgqJw0jl+ljLKuhHI3U68KbFmUO3Jw7uLDk1+UniRSNkfxVOrlc ++7YTlmsxiDgQdX6/TAHu6bERx147NqVzB4/I6qpX7ouLv4E7xdQgjKuvhWlJ+Fg/0 ++pQ7EleQymRN6Y8qO6RwEWYao5pypg8/22cE3jgXleLM+5qWHqJs2ZewPQf7uo4Bf ++IwSUV5H0weftiSN+kOLYiNfUago108VHuk5sCIKr92q4WAJgA5C6ylcUWaJCKbCv ++HQYR/QG10Mrn4JCzzni90aBHrQoYQ8msEDH1QKyMJiNz6XXzwBP6bvgPlB2f7nPW ++ERpH45M2I4Z3dZYFw8bF7CcOIUuR0/Zu2WN22IhqhjVQSZPzdRWJt5Rr1mFUz+Nv ++Ymdi0w68KyRUiuOpKNLczDDnYpc9EqGBprnMOxALS4mQn1ySBXbZAXnTTdEzN5fM ++L4CXWUzIBVKv56Mn5YskhbCd+N8GV9Nj/A6dBwa004CQxbgAj+ndNWc7+h4iSNlz ++9VPHK2Kju6j4fVpe10jzSoEs0nnrsPy5Lxa6C4KhXBBJ3cPl6wWNe2mgbEqG9Pq2 ++KrCizuFkIfZTAeSrR+prZXLw6cjmKPPEtNbK2JbteL2SEDT/3AjmmZE= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-4-cert.pem b/test/fixtures/x509-escaping/alt-4-cert.pem +new file mode 100644 +index 0000000000..086af8e02e +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-4-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE2DCCAsCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++JzAlMCMGA1UdEQQcMBqGGGh0dHA6Ly9leGFtcGxlLmNvbS9hJTJDYjANBgkqhkiG ++9w0BAQsFAAOCAgEAPu7ubyZw1rOQJhFX6nBHyCYaBzaKxRZOHOFCjMrD/YQXPUNM ++Hs+8ChOeQ4M82jTyiP7XgF8EumDcckDIlIYvGXGrCB/6VcCVL1vPPtzjSaiF3PlG ++/dh0OlPvevr5Ajz7ZtFFwxeQ2EfsHiry8qnlDJSEjrh4Trcx9YzdkSZz8DaoODXz ++ctR/p1JEnQ6h/Axa6hdqTzbzTsINN7gD5Wi3ObfQbK6Ug/CuH6Zr8bdTsmeGcnD0 ++fqHptuLVNcROykneYziXDzcqGwrZnYaOF54a4ibV/OfrBcgEKeDwsCrLs3nztSC4 ++whV7DXZwaLl2KWl4/suBNI1cIKbxII1xTFLTog+UYz0zSZGPrtbt7zrlM4yG033t ++h9xIGUKebaNpQYkoxOc/+kKhbKCeL3klfxJoX+6Gf8DkTP7byX2HovfWV1rJbh57 ++YZ04Bh69VmyxE4iyb1tAh5xh1bArCR9m96eXS/0KIZbykxltQGyHf1jpWw/4Wi3n ++oadkpMcyNX76M1xBJ5u03JL8+LWrXuzf/ScWdmPUWulAEhbo4fn4oRwP2C3l0vVQ ++iL482cIq1zF91lssRwQ17k38phulRdm+7W65/VI7hLoG6lXiSiHLH8e39hHO8Jey ++Z+BBvn8x+aFgIvpBK/MX35s0gSrl/UiIZPU9glnktSsX5D+aaQynbuvbOW8= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-5-cert.pem b/test/fixtures/x509-escaping/alt-5-cert.pem +new file mode 100644 +index 0000000000..04a918008c +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-5-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++OTA3MDUGA1UdEQQuMCyGKmh0dHA6Ly9leGFtcGxlLmNvbS9hLCBETlM6Z29vZC5l ++eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEANAyZnL8f81Aax/0Rhw3CCdcQ ++SXF3dpAolObQB8rlirRZ7yOY1v3Poj411aV0x9zM6mjOJZwarUTL7kbO7odQxGhB ++x7O0DvUoG15VTvs0XLNHTPgnXtNjKOZ7XXVMzb46APfYSqdzMqhRWfy+Iaikp494 ++urtqkVt05q2amzq7EXbXI8JQWhkJkhjBTowfZnpZUw4JeeqMNRZT9Ldv2XDZjaYS ++lkHOLzTmSmm2mf1oxhKGcRCgUCr/pzVUfDA3RBz25a6PWAQt4b2r8k5jydWyOeCZ +++sjacoK5/E1PcdaOFJAjuAfbRMeK/gz2+yJwaB39Yh77t/9vQC0G6aiAmO0HxjJE ++L6Lb8BG/QNYBS7gGhzKFVXVVv5yXRioO9vMv0i8uxShqD2Lo/MbrNtRgi3eMFESd ++3NxUPXS1jMq2/SaXrENdKqNNi06LbnLaYpI3BLZ/Katq0V9ESlhcC2nT5uNBPiLr ++DNSekaIGobbTDkuV896L7jqsQpU+sgs4XqaISGgk2wAfnwbfpeiBCL8oH9yCYAO0 ++1YlevrMGjBNvhysoABv7qaorqeL97ffRhjOZ72/fm2axD5l9MvWEFIf7L5uOah0f ++hF5vScQYgyWNuK8wjzT2tl0CuxvEyI7N4fkUEk+ZMkyI1Obx17p+d4SFyuq7wTXR ++05oWMsCMDyzxvFDv92w= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-6-cert.pem b/test/fixtures/x509-escaping/alt-6-cert.pem +new file mode 100644 +index 0000000000..6643519957 +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-6-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIEyzCCArOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++GjAYMBYGA1UdEQQPMA2CC2V45G1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBB ++lBfIjUH7/PbpC00TWTOSR6sAzyBr681lSxYAgFLduDdfR/bTkI1p7txIAgennoUq +++9slIIMaR799BUtQDfAQRYdbsWiG/+5Lj3JXs33LPPTdW1C97LOPlnnbRJh1sjbi ++UfGdxvdPA6iuyWhfwPZd+4IrcN+kefkvEnRkvDMGwmfmKQDjbu2mSIAIe+ECyLLu ++wdSI2sPBSUKQEKk+dABYq9TcdxlA+OSPjgs5ZF3NK3s/or7ay2r/i8be5TswY4Up ++IwByEk+7AST6ijwi3P8EN0HAyyuOfpBelWZCQgdEGt40Mpa58AwBGqdrCZ5wDAz5 ++nBx6GscZUsqG9sVM71Tgq7Bc1b69FXUYAhmFucnXizHv1Ys0oGQVza1tkKbaLEFQ ++WvXWc7zW/0hTzvmtogKn/oM6GoNcQiW8KCwaCJq1TTv7Tip9znfB496tDruOr+2w ++HoqZTJ7ERklz0mlZ38ISTuaz+Qkn1KjBYh4tgP/wZIjIyppAaAr+JdqXzBejfb4M ++6x0S1AG9QgvyR1xDv3Vljjkh3m55kktTWSOfjS6aSzomaAyVAgi/vhHkxhsoBhgQ ++41+ffkhM9ps9wkmguwqOXsByQAZUQEJQigO39qYuGuJEDV8Bu8i/T5BuuJWP4BRF ++X+now5ObP73ufyFwYGsSgblivHUX4z/zAt4kp4AMXw== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-7-cert.pem b/test/fixtures/x509-escaping/alt-7-cert.pem +new file mode 100644 +index 0000000000..6c0f287a1b +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-7-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++ITAfMB0GA1UdEQQWMBSCEiJldmlsLmV4YW1wbGUuY29tIjANBgkqhkiG9w0BAQsF ++AAOCAgEAKmYr4QEnNq1Sy9lYePNRR60jufFXk44bczNT/wA6kvXKgv472V9wltVb ++yJVvYUWkTO8ahlELNLfqRcuih6myV64WJoewog8mwby0lBYr6bAz86DdeN/B9rFD ++OYnev1Ux4um45l42XP8acgJCoqn8+EE+H4AeMrz2xxHt+IDy4vUOowZna82f1Pcp ++O+vhod2uXlukfnhofVK4lMHl4++4kECkmUYl8U+L/zXwzOb4S3Yksffmadgo7ERk ++rJYLMLztvCk6TtP+p4NcvrE90dmss7R8hfw3asfjXsRbAMigdfSMKzGB2IHoHeV6 ++fpmJy6kotfwulDrbr2QtrWOYdMrm1wT6ohT355KZQxcZr3VcK9gqEjcYafqIsXtA ++wYAaorKXaz7UkmFCDbk/24UuHgNgCl4KkGsFNwW6whTMpb9WnvPR7F798tiIbOL+ ++FK6yA1q3Z2500lmloQWcUFBX48DViG3bsTJ9wmQ28aPqHVd5gTmTm/7W2iRGx36N ++PmbAk17J/bUzUSORgrPi2FLNNFg64x40pfdAyrF9ZBNcsVCFCUgOQHgMh4OjX/n7 ++khmNbMYiOvJEoUbZ9flNr4AYY3ucpxQ2peTl4DNsVZZ8Xyh96h3URu63Ji9+xLrQ ++jSUtNHUCJaC3E9yTaIDc8jMli9s5/ElDZRkPxRP8o4VOt9KcLvU= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-8-cert.pem b/test/fixtures/x509-escaping/alt-8-cert.pem +new file mode 100644 +index 0000000000..201b520f8b +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-8-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIExDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++EzARMA8GA1UdEQQIMAaHBAgICAgwDQYJKoZIhvcNAQELBQADggIBAHfvavrzBLuS ++MMJwNkJGVt1W856zeZ6NZJ5vx2ZXziYxAkzw9N0pLHwgfzS8pXEPSZ6vMoeYMaH0 ++zr/S5tHSMGEwOp/dIoxE4Hm1uMzugHFxNp34hvqsaDbwKMpQQzEPhN1QvAkD9IXL ++H2wOLqm+ZaTkT3OvOyJoml56wyUJ0nU746RuXgJHTFiWsUTPqT9bvofedC80MUyH ++MX2lA1oy8nzJa9h7JqsxOE4uccRhpCRf+PxeYvOdsUxyDWw8+rjwe4Ulr0yVjwnD ++x9ha/fTl96mYXyJGLtQvZmkllrctxcs0o82+wMZWBw4iPH/VnI7dj36b2uIHdrrf ++cVurEPcVE03zLwukjQPZh9otleTwmQI1wqg/Gm2OahXy/0f0fpBDQnPycczn8nFw ++nj6avmHubWVvzmEoKmOtavGEAbUn7ntQfsvM5JpiM+ck3MDMP9i9cMZvWKH8Eial ++ZnYcXkgAatWwp4Cbsv4H7LMNisKjrcY+r+MpaYYIpTRNp/s/P5bMCIVt07yosePg ++m9VWy03+hQJmD4/THeJsjuczPSBtsoJiKoTJ5TndmpFaG6J6lBVvpXJhoiW/QIgX ++u2QIb8Z6bRK/eQ8UVYm0/ZQLN+OOzYiQfm0AFbFpYhl46o6QNZ03P6GRLshv+N3E ++CX66ucPLd4QJitUy39LZjMlC0YxTZUry ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/alt-9-cert.pem b/test/fixtures/x509-escaping/alt-9-cert.pem +new file mode 100644 +index 0000000000..660e65b8ed +--- /dev/null ++++ b/test/fixtures/x509-escaping/alt-9-cert.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIExDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++EzARMA8GA1UdEQQIMAaHBAgIBAQwDQYJKoZIhvcNAQELBQADggIBAIefUJjnOtt8 ++viFkr3lupabUMwSgtBXVCp+M9xhKqcSnYReSgg/LcqVDaXmU4s23n0Bc0M51HQMG ++puTpfr34ZUSQiLup9huELm5L+lcpYANJsKrBo+vz1w+fkPlcxXvXHpLzgb393XSJ ++/Prn7lNBrrh9b74azUEhz1KPmFbbMs7IwlhE1+stQ107VeSGvKlAOmaYdnVG1PXl ++AG7KJynpE5Ex8XF1ONQLneTdvo8gXZueb07SY+my5wrCQhSlh4/6Y2MnE9h+9ugx ++BfdU72okDaYRH1MAfFeAsUE7Y52cQqm26b7nBz0+IeP+uk7oqDLF+PGHfjeUGXGW ++aGFfaLk8Dl2gMg1DsRE8zcT215Dl4rqOtwbhW8kX7XzYE0sA7cnyZ0daLrrtxwe6 ++MhrAOjYklRZpwUvy6E2IyipKwWSuKHLUk3mVxPrxVqvye2enZWW1PJeHNdL//Ogx ++5Mm++BOTNR+61pg/UrATlO3GMK6ggAfkP8H1r3jp24hc/TkXRkoUuWZqtjC5+qwB ++KVIPlr+/0zIhzDjNbN0TMgqv/Yz4/wCUjsmCPJu21C3+BP2O5ZD2e4hYe/X9kuhC ++YGWTf8dpq0LgYgVHqwXo0gCU/Ich9KtaJmCgZRUrzMl1aIYhqpuR2EW8H1bs3a0P ++/7wXhGudHCwm6j2H5/tbsREeYInl3mv4 ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/create-certs.js b/test/fixtures/x509-escaping/create-certs.js +new file mode 100644 +index 0000000000..b84547e1d0 +--- /dev/null ++++ b/test/fixtures/x509-escaping/create-certs.js +@@ -0,0 +1,502 @@ ++'use strict'; ++ ++const asn1 = require('asn1.js'); ++const crypto = require('crypto'); ++const { writeFileSync } = require('fs'); ++const rfc5280 = require('asn1.js-rfc5280'); ++const BN = asn1.bignum; ++ ++const oid = { ++ commonName: [2, 5, 4, 3], ++ countryName: [2, 5, 4, 6], ++ localityName: [2, 5, 4, 7], ++ rsaEncryption: [1, 2, 840, 113549, 1, 1, 1], ++ sha256WithRSAEncryption: [1, 2, 840, 113549, 1, 1, 11], ++ xmppAddr: [1, 3, 6, 1, 5, 5, 7, 8, 5], ++ srvName: [1, 3, 6, 1, 5, 5, 7, 8, 7], ++ ocsp: [1, 3, 6, 1, 5, 5, 7, 48, 1], ++ caIssuers: [1, 3, 6, 1, 5, 5, 7, 48, 2], ++ privateUnrecognized: [1, 3, 9999, 12, 34] ++}; ++ ++const digest = 'SHA256'; ++ ++const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', { ++ modulusLength: 4096, ++ publicKeyEncoding: { ++ type: 'pkcs1', ++ format: 'der' ++ } ++}); ++ ++writeFileSync('server-key.pem', privateKey.export({ ++ type: 'pkcs8', ++ format: 'pem' ++})); ++ ++const now = Date.now(); ++const days = 3650; ++ ++function utilType(name, fn) { ++ return asn1.define(name, function() { ++ this[fn](); ++ }); ++} ++ ++const Null_ = utilType('Null_', 'null_'); ++const null_ = Null_.encode('der'); ++ ++const IA5String = utilType('IA5String', 'ia5str'); ++const PrintableString = utilType('PrintableString', 'printstr'); ++const UTF8String = utilType('UTF8String', 'utf8str'); ++ ++const subjectCommonName = PrintableString.encode('evil.example.com', 'der'); ++ ++const sans = [ ++ { type: 'dNSName', value: 'good.example.com, DNS:evil.example.com' }, ++ { type: 'uniformResourceIdentifier', value: 'http://example.com/' }, ++ { type: 'uniformResourceIdentifier', value: 'http://example.com/?a=b&c=d' }, ++ { type: 'uniformResourceIdentifier', value: 'http://example.com/a,b' }, ++ { type: 'uniformResourceIdentifier', value: 'http://example.com/a%2Cb' }, ++ { ++ type: 'uniformResourceIdentifier', ++ value: 'http://example.com/a, DNS:good.example.com' ++ }, ++ { type: 'dNSName', value: Buffer.from('exämple.com', 'latin1') }, ++ { type: 'dNSName', value: '"evil.example.com"' }, ++ { type: 'iPAddress', value: Buffer.from('08080808', 'hex') }, ++ { type: 'iPAddress', value: Buffer.from('08080404', 'hex') }, ++ { type: 'iPAddress', value: Buffer.from('0008080404', 'hex') }, ++ { type: 'iPAddress', value: Buffer.from('000102030405', 'hex') }, ++ { ++ type: 'iPAddress', ++ value: Buffer.from('0a0b0c0d0e0f0000000000007a7b7c7d', 'hex') ++ }, ++ { type: 'rfc822Name', value: 'foo@example.com' }, ++ { type: 'rfc822Name', value: 'foo@example.com, DNS:good.example.com' }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('Hannover', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('München', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('Berlin, DNS:good.example.com', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('Berlin, DNS:good.example.com\0evil.example.com', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode( ++ 'Berlin, DNS:good.example.com\\\0evil.example.com', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('Berlin\r\n', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'directoryName', ++ value: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { ++ type: oid.countryName, ++ value: PrintableString.encode('DE', 'der') ++ } ++ ], ++ [ ++ { ++ type: oid.localityName, ++ value: UTF8String.encode('Berlin/CN=good.example.com', 'der') ++ } ++ ] ++ ] ++ } ++ }, ++ { ++ type: 'registeredID', ++ value: oid.sha256WithRSAEncryption ++ }, ++ { ++ type: 'registeredID', ++ value: oid.privateUnrecognized ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.xmppAddr, ++ value: UTF8String.encode('abc123', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.xmppAddr, ++ value: UTF8String.encode('abc123, DNS:good.example.com', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.xmppAddr, ++ value: UTF8String.encode('good.example.com\0abc123', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.privateUnrecognized, ++ value: UTF8String.encode('abc123', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.srvName, ++ value: IA5String.encode('abc123', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.srvName, ++ value: UTF8String.encode('abc123', 'der') ++ } ++ }, ++ { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.srvName, ++ value: IA5String.encode('abc\0def', 'der') ++ } ++ } ++]; ++ ++for (let i = 0; i < sans.length; i++) { ++ const san = sans[i]; ++ ++ const tbs = { ++ version: 'v3', ++ serialNumber: new BN('01', 16), ++ signature: { ++ algorithm: oid.sha256WithRSAEncryption, ++ parameters: null_ ++ }, ++ issuer: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { type: oid.commonName, value: subjectCommonName } ++ ] ++ ] ++ }, ++ validity: { ++ notBefore: { type: 'utcTime', value: now }, ++ notAfter: { type: 'utcTime', value: now + days * 86400000 } ++ }, ++ subject: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { type: oid.commonName, value: subjectCommonName } ++ ] ++ ] ++ }, ++ subjectPublicKeyInfo: { ++ algorithm: { ++ algorithm: oid.rsaEncryption, ++ parameters: null_ ++ }, ++ subjectPublicKey: { ++ unused: 0, ++ data: publicKey ++ } ++ }, ++ extensions: [ ++ { ++ extnID: 'subjectAlternativeName', ++ critical: false, ++ extnValue: [san] ++ } ++ ] ++ }; ++ ++ // Self-sign the certificate. ++ const tbsDer = rfc5280.TBSCertificate.encode(tbs, 'der'); ++ const signature = crypto.createSign(digest).update(tbsDer).sign(privateKey); ++ ++ // Construct the signed certificate. ++ const cert = { ++ tbsCertificate: tbs, ++ signatureAlgorithm: { ++ algorithm: oid.sha256WithRSAEncryption, ++ parameters: null_ ++ }, ++ signature: { ++ unused: 0, ++ data: signature ++ } ++ }; ++ ++ // Store the signed certificate. ++ const pem = rfc5280.Certificate.encode(cert, 'pem', { ++ label: 'CERTIFICATE' ++ }); ++ writeFileSync(`./alt-${i}-cert.pem`, `${pem}\n`); ++} ++ ++const infoAccessExtensions = [ ++ [ ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'uniformResourceIdentifier', ++ value: 'http://good.example.com/\nOCSP - URI:http://evil.example.com/', ++ }, ++ }, ++ ], ++ [ ++ { ++ accessMethod: oid.caIssuers, ++ accessLocation: { ++ type: 'uniformResourceIdentifier', ++ value: 'http://ca.example.com/\nOCSP - URI:http://evil.example.com', ++ }, ++ }, ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'dNSName', ++ value: 'good.example.com\nOCSP - URI:http://ca.nodejs.org/ca.cert', ++ }, ++ }, ++ ], ++ [ ++ { ++ accessMethod: oid.privateUnrecognized, ++ accessLocation: { ++ type: 'uniformResourceIdentifier', ++ value: 'http://ca.example.com/', ++ }, ++ }, ++ ], ++ [ ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.xmppAddr, ++ value: UTF8String.encode('good.example.com', 'der'), ++ }, ++ }, ++ }, ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.privateUnrecognized, ++ value: UTF8String.encode('abc123', 'der') ++ }, ++ }, ++ }, ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.srvName, ++ value: IA5String.encode('abc123', 'der') ++ } ++ } ++ }, ++ ], ++ [ ++ { ++ accessMethod: oid.ocsp, ++ accessLocation: { ++ type: 'otherName', ++ value: { ++ 'type-id': oid.xmppAddr, ++ value: UTF8String.encode('good.example.com\0abc123', 'der'), ++ }, ++ }, ++ }, ++ ], ++]; ++ ++for (let i = 0; i < infoAccessExtensions.length; i++) { ++ const infoAccess = infoAccessExtensions[i]; ++ ++ const tbs = { ++ version: 'v3', ++ serialNumber: new BN('01', 16), ++ signature: { ++ algorithm: oid.sha256WithRSAEncryption, ++ parameters: null_ ++ }, ++ issuer: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { type: oid.commonName, value: subjectCommonName } ++ ] ++ ] ++ }, ++ validity: { ++ notBefore: { type: 'utcTime', value: now }, ++ notAfter: { type: 'utcTime', value: now + days * 86400000 } ++ }, ++ subject: { ++ type: 'rdnSequence', ++ value: [ ++ [ ++ { type: oid.commonName, value: subjectCommonName } ++ ] ++ ] ++ }, ++ subjectPublicKeyInfo: { ++ algorithm: { ++ algorithm: oid.rsaEncryption, ++ parameters: null_ ++ }, ++ subjectPublicKey: { ++ unused: 0, ++ data: publicKey ++ } ++ }, ++ extensions: [ ++ { ++ extnID: 'authorityInformationAccess', ++ critical: false, ++ extnValue: infoAccess ++ } ++ ] ++ }; ++ ++ // Self-sign the certificate. ++ const tbsDer = rfc5280.TBSCertificate.encode(tbs, 'der'); ++ const signature = crypto.createSign(digest).update(tbsDer).sign(privateKey); ++ ++ // Construct the signed certificate. ++ const cert = { ++ tbsCertificate: tbs, ++ signatureAlgorithm: { ++ algorithm: oid.sha256WithRSAEncryption, ++ parameters: null_ ++ }, ++ signature: { ++ unused: 0, ++ data: signature ++ } ++ }; ++ ++ // Store the signed certificate. ++ const pem = rfc5280.Certificate.encode(cert, 'pem', { ++ label: 'CERTIFICATE' ++ }); ++ writeFileSync(`./info-${i}-cert.pem`, `${pem}\n`); ++} +diff --git a/test/fixtures/x509-escaping/google/intermediate.pem b/test/fixtures/x509-escaping/google/intermediate.pem +new file mode 100644 +index 0000000000..9d2aeb32c4 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/intermediate.pem +@@ -0,0 +1,11 @@ ++-----BEGIN CERTIFICATE----- ++MIIBjjCCATSgAwIBAgIBAjAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRSb290MCAX ++DTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAXMRUwEwYDVQQDEwxJbnRl ++cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM ++qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY ++tM/Bo3cwdTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQlGcYbYohaK3S+XGeq ++CTi4LLHeLTAfBgNVHSMEGDAWgBQlGcYbYohaK3S+XGeqCTi4LLHeLTAiBgNVHR4B ++Af8EGDAWoBQwEoIQYXR0YWNrZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNIADBFAiEA ++uZhmF3buUdhzHjXLZQSOyT41DqUUX/VKBEraDu+gj+wCIG/R1arbHFRFnEuoVgZI ++bihwUpUZjIZ5YwJcBu6yuXlZ ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/key.pem b/test/fixtures/x509-escaping/google/key.pem +new file mode 100644 +index 0000000000..102a9d8816 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/key.pem +@@ -0,0 +1,5 @@ ++-----BEGIN PRIVATE KEY----- ++MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaNbpDxJET5xVHxd/ ++ig5x2u2KUIe0jaCVWqarpIN/582hRANCAAR7DaOQvpvA47q2XxjMqxJVf/FvZm2f ++tiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/B ++-----END PRIVATE KEY----- +diff --git a/test/fixtures/x509-escaping/google/leaf0.pem b/test/fixtures/x509-escaping/google/leaf0.pem +new file mode 100644 +index 0000000000..ce19dc9699 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/leaf0.pem +@@ -0,0 +1,10 @@ ++-----BEGIN CERTIFICATE----- ++MIIBajCCARCgAwIBAgIBAzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l ++ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV ++BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM ++qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY ++tM/Bo1MwUTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ ++OLgssd4tMCAGA1UdEQQZMBeCFWJsYWguYXR0YWNrZXIuZXhhbXBsZTAKBggqhkjO ++PQQDAgNIADBFAiEA4NgHDxVrBjNW+So4MrRZMwDknvjRaBsB4j2IwVRKl4sCIDpg ++Bhm4ZdHwlUYrALkXa3dFBy8kXBkVumY7UJpbB2mO ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/leaf1.pem b/test/fixtures/x509-escaping/google/leaf1.pem +new file mode 100644 +index 0000000000..0b45056656 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/leaf1.pem +@@ -0,0 +1,10 @@ ++-----BEGIN CERTIFICATE----- ++MIIBdTCCARygAwIBAgIBBDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l ++ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV ++BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM ++qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY ++tM/Bo18wXTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ ++OLgssd4tMCwGA1UdEQQlMCOCCm5vZGVqcy5vcmeCFWJsYWguYXR0YWNrZXIuZXhh ++bXBsZTAKBggqhkjOPQQDAgNHADBEAiAOFFOCfA6c/iZWxbDn5QMjNdtZbtJPBcRv ++uEgSqWrGTAIgK5RK0xGK8UZb2aM2VjGNTYozlcwKaLgQukA+UnKrrJg= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/leaf2.pem b/test/fixtures/x509-escaping/google/leaf2.pem +new file mode 100644 +index 0000000000..9cf03fae7d +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/leaf2.pem +@@ -0,0 +1,10 @@ ++-----BEGIN CERTIFICATE----- ++MIIBejCCASCgAwIBAgIBBTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l ++ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV ++BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM ++qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY ++tM/Bo2MwYTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ ++OLgssd4tMDAGA1UdEQQpMCeCJW5vZGVqcy5vcmcsIEROUzpibGFoLmF0dGFja2Vy ++LmV4YW1wbGUwCgYIKoZIzj0EAwIDSAAwRQIgWfT1VXQA79PxgM0DsfeoiwZCc2Be ++v3/RCRYoRky9DgICIQDUTjndnBQ0KeIWhuMjtSz1C5uPUYofKe7pV2qb/57kvA== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/leaf3.pem b/test/fixtures/x509-escaping/google/leaf3.pem +new file mode 100644 +index 0000000000..55a64fdc89 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/leaf3.pem +@@ -0,0 +1,10 @@ ++-----BEGIN CERTIFICATE----- ++MIIBZzCCAQ2gAwIBAgIBBjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l ++ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNV ++BAMTBExlYWYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjM ++qxJVf/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkY ++tM/Bo1AwTjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJ ++OLgssd4tMB0GA1UdEQQWMBSGEmh0dHBzOi8vbm9kZWpzLm9yZzAKBggqhkjOPQQD ++AgNIADBFAiEArZgaxFBuPYFWCXeFTkXhV57MKxG/tIJ2Z3Wzts2Im7QCICoukuRf ++EsQN7g6h30fRuLOIdbfCCduc7YVpkkSlwe99 ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/leaf4.pem b/test/fixtures/x509-escaping/google/leaf4.pem +new file mode 100644 +index 0000000000..668a659f45 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/leaf4.pem +@@ -0,0 +1,10 @@ ++-----BEGIN CERTIFICATE----- ++MIIBdTCCARugAwIBAgIBBzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxJbnRlcm1l ++ZGlhdGUwIBcNMDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMDwxHzAdBgNV ++BAsMFm9yZyB1bml0CkNOPW5vZGVqcy5vcmcxGTAXBgNVBAMTEGF0dGFja2VyLmV4 ++YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjMqxJV ++f/FvZm2ftiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/B ++ozEwLzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCUZxhtiiFordL5cZ6oJOLgs ++sd4tMAoGCCqGSM49BAMCA0gAMEUCIQCpchwik2NT0v8ifDT8aMqOLv5YwqB7oeOu ++LincYQYMagIgZc2U7DBrdEAWNfuAJx4I+ZkluIcswcdnOhbriOrTSHg= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/google/root.pem b/test/fixtures/x509-escaping/google/root.pem +new file mode 100644 +index 0000000000..68eb00ae86 +--- /dev/null ++++ b/test/fixtures/x509-escaping/google/root.pem +@@ -0,0 +1,9 @@ ++-----BEGIN CERTIFICATE----- ++MIIBQTCB56ADAgECAgEBMAoGCCqGSM49BAMCMA8xDTALBgNVBAMTBFJvb3QwIBcN ++MDAwMTAxMDAwMDAwWhgPMjA5OTAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFJvb3Qw ++WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7DaOQvpvA47q2XxjMqxJVf/FvZm2f ++tiFRXNJMe/fhSlDh2CybdkFIw2mE5g4ShW5UBJe+sohqy5V9WRkYtM/BozIwMDAP ++BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQlGcYbYohaK3S+XGeqCTi4LLHeLTAK ++BggqhkjOPQQDAgNJADBGAiEA+Y5oEpcG6aRK5qQFLYRi2FrOSSLF1/dI4HtBh0mk ++GFoCIQD1DpNg6m5ZaogRW1mY1wmR5HFIr3gG8PYDRimQogXUxg== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/info-0-cert.pem b/test/fixtures/x509-escaping/info-0-cert.pem +new file mode 100644 +index 0000000000..6872b9870a +--- /dev/null ++++ b/test/fixtures/x509-escaping/info-0-cert.pem +@@ -0,0 +1,30 @@ ++-----BEGIN CERTIFICATE----- ++MIIFDTCCAvWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++XDBaMFgGCCsGAQUFBwEBBEwwSjBIBggrBgEFBQcwAYY8aHR0cDovL2dvb2QuZXhh ++bXBsZS5jb20vCk9DU1AgLSBVUkk6aHR0cDovL2V2aWwuZXhhbXBsZS5jb20vMA0G ++CSqGSIb3DQEBCwUAA4ICAQAAd/bIBmSIOJg+Rp96/BDpsZQYgYTyBNWrnBkuHQ0M ++bovgqEEI/5xiYGEzXhrzmWrUoG40PDeVrpCSsW5m+bsO4zDQeWW5mXejbr0Iwflf ++TYDxwGUUakAcZ1c5yJ/ABjKy0Tocb9bSzln+tc+HNStp86bbgrhb/wjddn6ca21V ++cuNFZbN+0SM0LxcWO8oGKXF0HFo0durGhamcH5B/D38FYkaVR5QXoOsWVqtPFjW2 ++t67rmKS6XKaz2JhZDpWDZmDofCoFu/zlkPHXkq7yyrkJ/8qpJCznkZmLn+B1WA+y ++SrSOYMpQ6RnzMx7wK5UafX5J+lMv16+LTb/n1KAd4zElcqt5eRPLcEuknIEgC2X/ ++AY1ooyN/Xb4QnqvtTmhzIDb7lzzMowi5QrG3rRYMldxG2Rdqwjc8qa5Tgh7EsiU8 ++A/n5X/6cxA1zoyakSHFXzGtazIkPc+zFfOaV1+gpJtd2vD2T+FrmkL1fgazuHXNZ ++hAQq0RGZWPsCdxm7dG4w5bd3YgRKfD2ck+b9Imu0ta4pqMDHZYgncaeOuuHzHgXA ++MIvxIG5JfwYUJLUqBUz8hwDVcNMpnscyn2msdpiwXK0AahucBQjbyZ6sovoxmgk5 ++xLdnq2GTtdghwdkF9DYK0ZekDlk1XWbP0tR5Cevo6WlMx+cbEBG+OSfNd8/dFrkd ++aw== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/info-1-cert.pem b/test/fixtures/x509-escaping/info-1-cert.pem +new file mode 100644 +index 0000000000..05247873d8 +--- /dev/null ++++ b/test/fixtures/x509-escaping/info-1-cert.pem +@@ -0,0 +1,31 @@ ++-----BEGIN CERTIFICATE----- ++MIIFVTCCAz2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++gaMwgaAwgZ0GCCsGAQUFBwEBBIGQMIGNMEUGCCsGAQUFBzAChjlodHRwOi8vY2Eu ++ZXhhbXBsZS5jb20vCk9DU1AgLSBVUkk6aHR0cDovL2V2aWwuZXhhbXBsZS5jb20w ++RAYIKwYBBQUHMAGCOGdvb2QuZXhhbXBsZS5jb20KT0NTUCAtIFVSSTpodHRwOi8v ++Y2Eubm9kZWpzLm9yZy9jYS5jZXJ0MA0GCSqGSIb3DQEBCwUAA4ICAQCbwqw8YKIt ++Ht9qegR076xpnxuiH0THPGsgazvhCmEr5YHJ68sR1LexjneQDhpNXcnpYpfk6J4d ++Tu0ApMSbVypFyHcd88g0qVYI9JF+CTNnzut/Zn6xgnUjVjrSz6SZPhkMcBX9ahtY ++tzswzcyTzso5Do5pxvCWDI+bshgIhC3CYNyAjyOyyhnQrwcOcoatlhDmX1fCk+dC ++fhmzurBFNIz2gwDC7aRjcaUdTIlYnd6qHk5xLs3neBm44gNk17GazPIPo04LTKXs ++ZYzvDEUAdJ2FJMiYqSvvEv4k9ozx5HtwtncZpu46El2PQRANgj1UhemYVmHfbdU+ ++7Q+rCv+Loq2v76fddhc1cM3gCQ+6SW2QmRo2rShRGxpuSuZiTngwgdQEGrkQq7Sv ++r695V7NlHWJgvv1r49wGmqWkviH5l6A0QdzL6TNYhwqCRsjxgsvCZUpOlZPASiME ++jhwBIOMy1YUSdEMnBrbuemawvbfocSuUlHaodwLZvwMgqHvNz/8ebMyRyyZrnmCx ++TYh8d0JIcA57VvfaZvvsPPV7TO7WLoJgbmuqM02JzzkJMh0fbt2oi1cqJL65V5Sn ++z0sXh/A/BzB4QawI93f9m0hX7RtuT1SolTNVyhg7dm1MwfO8khpfz5LLgflVwgN8 ++6egKc6L755SlqZRMT03txH2UCBizLz1gjA== ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/info-2-cert.pem b/test/fixtures/x509-escaping/info-2-cert.pem +new file mode 100644 +index 0000000000..06212d4e12 +--- /dev/null ++++ b/test/fixtures/x509-escaping/info-2-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++MzAxMC8GCCsGAQUFBwEBBCMwITAfBgUrzg8MIoYWaHR0cDovL2NhLmV4YW1wbGUu ++Y29tLzANBgkqhkiG9w0BAQsFAAOCAgEABR5VyTZEQ0AQvdqlk+IDQT85qyf891eN ++BREiSg5KCei9Kmubv3ZJGoNVwZgybr5sCi5GqWOtG7S0GXvzS6c2Qy+cW0R4DDYs ++s6IIUn+ex1XygGrRHTDHu6tEUwSJMmOMKBh+iLjhtamD+YHjgOLG3MfadO5/9mvp ++r412MPhU1VvQ3FC3dZmBUW2gIKNEU4mzwISgPkLJXmBsnxu8F9YqHPgppqsfJ9AF ++KIc2nX7N3s8w9fCc03FrihdkE2C802jy71px5aPqa1xrIT/YBq/1fKTcYRAWF/pd ++iy2G1v0pz0kYu2/yPIC/xlFcUgeFqR/biwxAD9T9rp7rq+dpIJA5BUCpXVULqhY1 ++SVZ22WKS0NR5rbu4BPDMShTOiwaDSwFQtI0OxM0g5zVFVjFOc6YbFu7ZyfLQ582S ++vgVU5/vaHANnEsCSUegXyLofqxTMPbM1rqibFmv2A4pm1Mp18ZFmqwh8cm6C0f7F ++qjdzBuSkcktTCq/dLX5yTm9aocyzye9cfNBjiGUregJEF7sD3nzsokEGj+S320w2 ++5yUl95xgrHr+5bdDUEox+trTeBnddC4VxrieeH+Wv45try0Go48yK7b1Aqfu9G4B ++B/as+upQ+YjMG8mAe6JJ9JibpTvTmatYAsssEKT1vDZ5trqo4C5/utfbuyaf7qtx ++O+jFfYToPtE= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/info-3-cert.pem b/test/fixtures/x509-escaping/info-3-cert.pem +new file mode 100644 +index 0000000000..1825949bd3 +--- /dev/null ++++ b/test/fixtures/x509-escaping/info-3-cert.pem +@@ -0,0 +1,30 @@ ++-----BEGIN CERTIFICATE----- ++MIIFMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++fzB9MHsGCCsGAQUFBwEBBG8wbTAqBggrBgEFBQcwAaAeBggrBgEFBQcIBaASDBBn ++b29kLmV4YW1wbGUuY29tMB0GCCsGAQUFBzABoBEGBSvODwwioAgMBmFiYzEyMzAg ++BggrBgEFBQcwAaAUBggrBgEFBQcIB6AIFgZhYmMxMjMwDQYJKoZIhvcNAQELBQAD ++ggIBACR9nH4pRlcSIIF9DEExlJvLtkeFWHGIAYLBuauHmdzPdbq9Py9M5DOcc7yd ++OQYVYwW26hASb+3CYzhRQaWKOR+T/OwP+QMUl5Y6nc3HzLdYTSen2LLAYHySXK3G ++gTdOhmVQwdh+IzhpjLXC67/9gn/F1p73Ixv/0PBZzmC64DOp1ogso9RICu0xTAbo ++h8mdN4/Tbh9Ikd89lb91x1Xf86NyC7ZvSA9dUO07/3B6B0kkqCdP9Ytlsrt2wbt3 ++2TVPp+ghjbPjdLrJUi3fbdC2CgjV2oLiYr1h7qn7SmYPNgOpDPKBI4Cei7UO+Wow ++yLCxBO0HgLZKcZorJFofekPjqtQYYj1sw3OEIcifMAmoHT7H57onfoQbRDpt57k2 ++rHJKgzrRuT8Qbl3OHSkiWRE3u0S9kAg7QEq27e2fuvh23p+YHEiYIjAR9XLVh7/Q ++EG5QDfDq3MvtgD/khAd36il61T5h8F4u3MhONFMuwJ/TYtGR6QINrv4DqLBM1pRr ++LMApQYi0w/MCRj2wLeAro9NflE+PFDk+l44ojvnEUYAGUyIzWp80bjQrV7Up6sgQ ++HehcmxxTrOmiqrfw08c1aHhmGeplmPpQEET1wIjnyj49sfdSPYxg5Lh+f/l79fLb ++jFemE8otKfog84vNGbPFl/AHwxjKCeCA/MaNJz3y3RYVsZn6 ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/info-4-cert.pem b/test/fixtures/x509-escaping/info-4-cert.pem +new file mode 100644 +index 0000000000..8f1e69afec +--- /dev/null ++++ b/test/fixtures/x509-escaping/info-4-cert.pem +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIE9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDExBldmls ++LmV4YW1wbGUuY29tMB4XDTIxMTIyMDE0NTczNVoXDTMxMTIxODE0NTczNVowGzEZ ++MBcGA1UEAxMQZXZpbC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ++ADCCAgoCggIBALERZ3TS70T1P+SjpZwIqOFnu2Od9XKWcDszQQc7C92K+APjp4Bv ++WiayictqCJWtmsbsSli4yG3P6Ddi/V3Se8W+/yB71Qh2c3wQNMPMukncps2odRGt ++qJe4EOpret1jgkFqQJy5geXVuPU5N7DvGXUVZzWN7TisFNAZMUhF2YlljJz1sjD1 ++aRjqayh3TDU8NwuFlLd6aH95hovjMBBatWFB9bN/itnMVoj9rmfSjvlpSRO6/EMN ++DnVXZ3paRJTcps6d/Ylb5Ald/Ow056JgD0Cd9jn16+vgYR4bxVl0a5Qbf24MIhaY ++BRPx6WFdepWr410GpzpVQ0sMluoKYzH8RynjwQc7pfm5ebTFWJkhU80jOqKJGFW3 ++icV/A9BmtOBqrb60Pv/MPXIQPg7UWGUOXm3AfY3v6gbToewSW5B0s+uPsh52md4Z ++UoyzTvwN2i/uPqJxi/9FkdV60OWvMMMeMslbDHIBbN0Z2SG0wY93oH2LhO0X89Tc ++nedukufld8QEW7iMn7D7la+TlrrSAXURHL84sEz97yyujawQEimnW03XAlUFk61M ++iLhVUOHANFBSLBvZ3VF7sZDv6ZzPkP/TWrFbpL7DQgqunAlSNHealrQ5T3wp8pUm ++R7J4QEuQSEN2cZMOpn0T+JyQaiytbaAABgqDNeTvbl2nFN2ksSix8NunAgMBAAGj ++RTBDMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAaAlBggrBgEFBQcIBaAZDBdn ++b29kLmV4YW1wbGUuY29tAGFiYzEyMzANBgkqhkiG9w0BAQsFAAOCAgEAQERLvjQB ++E2fmTVgHbr4MVXPfse9Xxk9TK8/IhxDNnql4bor3xat5oP+tDHVRi2StajfIcJlX ++C9blYOWg4w6QH3pmD6M7eQGOw7ntOUid4R2vhX3XiK3QB1h8lWSPFmSwBHA47mMJ ++IkrKNIo9+M9b7M05YwbAENi3TPgT8h2Ej9V4DUjLIEhDcu8fSh3FkNpZ2HohZ2I3 ++QPe23FB052jX7uPfeZ9gcjL/iGxuTuPbKWxzZ/Gy2RmS8xfLkJESvvQ8a0H4f7Ij ++yjn7qYUkY6FoHxyg5BU34YNaJCmfgzRIE53Kv2FMPwj2JaXmIguR+mSDAbc0xjw3 ++G3dRoCqhZugn8C6I5FhuXHdu6zSuuHtwOGEf07y5Im2sBsPVoq+Txh/mv3Zy9Ydy ++0yCDuq87jKSZd7FKorHOEoQY94UMs33PYjS4h/hYWiysYUeR0mlbjr4gyv1KH6K8 ++JERGpI/OE+vzfOtgj/Z46/+wn7jF0LBCin7Jn5Zw1a1TNsiHKAjqW/P4vJxxUW++ ++FtYwJhI7XJehwNNFra9rSC5M4TkpaqAZnbPvWZWxWVJIEYFgNjnt+b/VOpRpv5bJ ++7BOlVvP+56KF+vlmCnzVBmlHcr45sZUZ3mw3Sb6dcF0V0VaNQKw/F5EteQyafIIl ++dvCwwV4OwLwPliPAvwYfVEI41Dv3mF4fN7k= ++-----END CERTIFICATE----- +diff --git a/test/fixtures/x509-escaping/package.json b/test/fixtures/x509-escaping/package.json +new file mode 100644 +index 0000000000..37d9f2a938 +--- /dev/null ++++ b/test/fixtures/x509-escaping/package.json +@@ -0,0 +1,12 @@ ++{ ++ "name": "x509-escaping", ++ "version": "1.0.0", ++ "description": "create certificates for x509-escaping test", ++ "main": "createCert.js", ++ "license": "SEE LICENSE IN ../../../LICENSE", ++ "private": true, ++ "dependencies": { ++ "asn1.js": "^5.4.1", ++ "asn1.js-rfc5280": "^3.0.0" ++ } ++} +diff --git a/test/fixtures/x509-escaping/server-key.pem b/test/fixtures/x509-escaping/server-key.pem +new file mode 100644 +index 0000000000..db1d2652d0 +--- /dev/null ++++ b/test/fixtures/x509-escaping/server-key.pem +@@ -0,0 +1,52 @@ ++-----BEGIN PRIVATE KEY----- ++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxEWd00u9E9T/k ++o6WcCKjhZ7tjnfVylnA7M0EHOwvdivgD46eAb1omsonLagiVrZrG7EpYuMhtz+g3 ++Yv1d0nvFvv8ge9UIdnN8EDTDzLpJ3KbNqHURraiXuBDqa3rdY4JBakCcuYHl1bj1 ++OTew7xl1FWc1je04rBTQGTFIRdmJZYyc9bIw9WkY6msod0w1PDcLhZS3emh/eYaL ++4zAQWrVhQfWzf4rZzFaI/a5n0o75aUkTuvxDDQ51V2d6WkSU3KbOnf2JW+QJXfzs ++NOeiYA9AnfY59evr4GEeG8VZdGuUG39uDCIWmAUT8elhXXqVq+NdBqc6VUNLDJbq ++CmMx/Ecp48EHO6X5uXm0xViZIVPNIzqiiRhVt4nFfwPQZrTgaq2+tD7/zD1yED4O ++1FhlDl5twH2N7+oG06HsEluQdLPrj7IedpneGVKMs078Ddov7j6icYv/RZHVetDl ++rzDDHjLJWwxyAWzdGdkhtMGPd6B9i4TtF/PU3J3nbpLn5XfEBFu4jJ+w+5Wvk5a6 ++0gF1ERy/OLBM/e8sro2sEBIpp1tN1wJVBZOtTIi4VVDhwDRQUiwb2d1Re7GQ7+mc ++z5D/01qxW6S+w0IKrpwJUjR3mpa0OU98KfKVJkeyeEBLkEhDdnGTDqZ9E/ickGos ++rW2gAAYKgzXk725dpxTdpLEosfDbpwIDAQABAoICAAwUElkTPHQZQKsBiL38jzyU ++/WDduQ0AexZmuCRcoEIUBTgKsvXdYqpqGmEwUfaX2YuBOc8Uh8OJ357Ll1nrjjre ++fPvDxrPllJodZuQGVpzMOuqjd5zlmi8DRNAg1cg9TfjVXSPzuYsqiYvcw9JDdRqa ++A6jRDiIEBwVs+oIiFaU8MpvQXL/fNbSX5QhlHuMwwNZ93beoV3F+ojFvpWswLNg+ ++DhsY86lIuYxttZRqdgtIZc49PpD6VoalmC7t8mivJofImi9g/8ytxx97umNGpzOy ++ssWgY1/7NdS+czdXbDE1sPsaQ8cDxrDmGxPjswV7rK4/Um/1ufnoGXFMlRinS1lQ ++nns4VAFefVUCk81LRyFb+X97NXPGC1p4zNlC1ZoihMgWKJBzH0uk5K/hURS/wDNZ ++epm9ssnEQrFGJhEI+635srfn9SVRZ8xNh+oCguo5NaZm/BezC6iBQeoaBmVL2lY8 ++KLztN/JQd6MMZi3CWhTn0ZAtVNMxGjU9/yrdWIkX9EV8Sw68fqLGoKQXI67AOynQ ++5AnUyEjhVu7M39gYL71l7BVpuG7qaX8l4brzBcgzFldvuhuNCx0SW4gU2/Nx4OwY ++BLOX1LOrpD+5M9YwcbtSxcxz97nP8efb3hUK3QD2iuZ9Fa6zKWsoreMb7Jku38i7 ++e41lupAIkxxuxGBe1YrZAoIBAQDVF7Kru6tsaWtvJw5cbZpKxcuUHHQ0X3XRgA+H ++uWfT8EbxmDpgcG8polqiYuXPFWcrElmtWeBCYXazGZocHRV8y+ri/9c2rMTH6Bni ++TcYfsc4E8WY6adxfUqajgQ2zShdZbxZtBvSP50HheZ0a+L2qn2MWDUN/mbwYEmom ++SonVx3MSJWm/Vrh5i4b/L/+9u7uumIjWYFK6pKdLerTfbXO7ZsNR9KDIOBLDnUcf +++6K2vcclZN7aga1S7wTsrX+k9C/OQuj8ONMWQHCxryp5RAmgtArTBrJZq8el1lcG ++518Vo4QuOqsqTdAhqiImoPKe4NNCs1iTS9BdCqNYiF8sbmeJAoIBAQDUuL5ebQ68 ++6vqTKYD47ZtCzeqziN3Y/0a1BsyZh0/snNmK5WIr4T0vX0Y/XG0EpkZdpW3odMBv ++CemKs6Zm+pfOUGu20PTJcdSOXRbFiVYSeQnfa0l3iXZvY9Ottz/IU/mWPuU3hc18 ++hOZD9tKiwYDzZREg6L4XRizfT70UkD2eTz4lGBjR092TTj8WqSaI9GF6d9B6Aw9Y ++OCZdTqV7hPe0Rnvd1XiGsk68HN2Np47HHwwPsKMCYj8YNKmsUF8QSXmCkijlDeJW ++bC6TjAHlvnN6n1LjaLwULUs9Rb2fkNUOqsgR+T8YlqbclJbzC7gW53M/68c9eOQ1 ++Y01JnzsB3S2vAoIBAQDT8DP2djtzIg6GiNPRvfj9cWifMQWqqV8nNTU9Cnxn4MzO ++sVcuX+VQBXgblj13D5SC1Ed5ELDplMJYM5iBabPbYX2GtGq6qG83XHOSD0SEdXWw ++mN/SLUPPUwcGC+8yaPh8LO6jFY3cKmft9+T31Hnf35LPdfWyTZc0YexNlUkt5Kdg ++XvGkKn5j9RAZcwXrEXMDnhZLEZZ2qBj0C2El71hyBS0ysBnRyWNwR1dcSgx1sJ8H ++ZCH6NYvLtoqxU4Zm6684eHf9lA7uTL1JHC0kWzUwLqGtbTWp1h5FpL790NVTUkS/ ++Lf7bnnTpZqt8vAtTVc0IxBPOvFLKlzALd+cg69XxAoIBAQCv6Sbkh2NMrzUQRZ42 ++PKfMkuSoG2L6dABQ65J+0/swPHVZ+1830kf6yNsawqAU3DwMbSV6ujH4oUXUQcQ2 ++HL01DCRHRn1nqQ6RvEF8kZnwJNAZRmu2wqKCcxc17Ph9/ZPEv7ZmN+w6MN0LDy4Z ++EdRFcyq7AD1SmeG5ugMu4ilSpU1K96ZuvrnZezeI0dDgKNgDotlwTN9/oM95EfSf ++NNJy7ma4iDPnj8S0o1pELnBQEkizIOtsqTpsFgDKUpyKp3golh3jbZvixAuwUHOx ++PdHZca/mB1KhjONPhEDPl8HZIznYQzn+Z3cNqoM58lMF/di834ogN7zguYHMhDUT ++0YhZAoIBAHlYhuni+gyrn4tyZgep68VXW7wQxSvgSj8cpZAuT/w0UKAU53J5QTWZ ++aGHeICXvgvpalUL+2dGwASlOvPa52ekcOPd2+qKWyss0zA4ksI7mNE2vjFUcOr+S ++n9QSNvu3E8dYAjzSIsizcQbPTlk6A/TmytNJ4x67ZVGCmKXw1ZzzSrxSbAIdY254 ++TxSGchrfcy0ofXIL2HXq16FRmesORTJFkkyQaldzn4y7S6HJ/vGppImTfeac1MwG ++jLYljIkIbt+nB1c8HeNvARmBa6M2pxB9f72oRMVqFdUUc5AxXuWP9v6xk227EuCq ++TBORAafu9WxKVwUsHa1rE1uGgNEfRJ8= ++-----END PRIVATE KEY----- +diff --git a/test/parallel/test-tls-0-dns-altname.js b/test/parallel/test-tls-0-dns-altname.js +index 4bc87e44cb..e5cb8e3d48 100644 +--- a/test/parallel/test-tls-0-dns-altname.js ++++ b/test/parallel/test-tls-0-dns-altname.js +@@ -44,7 +44,7 @@ const server = tls.createServer({ + }, common.mustCall(() => { + const cert = c.getPeerCertificate(); + assert.strictEqual(cert.subjectaltname, +- 'DNS:good.example.org\0.evil.example.com, ' + ++ 'DNS:"good.example.org\\u0000.evil.example.com", ' + + 'DNS:just-another.example.com, ' + + 'IP Address:8.8.8.8, ' + + 'IP Address:8.8.4.4, ' + +diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js +new file mode 100644 +index 0000000000..4e0f82767d +--- /dev/null ++++ b/test/parallel/test-x509-escaping.js +@@ -0,0 +1,349 @@ ++'use strict'; ++ ++const common = require('../common'); ++if (!common.hasCrypto) ++ common.skip('missing crypto'); ++ ++const assert = require('assert'); ++const tls = require('tls'); ++const fixtures = require('../common/fixtures'); ++ ++const { hasOpenSSL3 } = common; ++ ++// Test that all certificate chains provided by the reporter are rejected. ++{ ++ const rootPEM = fixtures.readSync('x509-escaping/google/root.pem'); ++ const intermPEM = fixtures.readSync('x509-escaping/google/intermediate.pem'); ++ const keyPEM = fixtures.readSync('x509-escaping/google/key.pem'); ++ ++ const numLeaves = 5; ++ ++ for (let i = 0; i < numLeaves; i++) { ++ // TODO(tniessen): this test case requires proper handling of URI SANs, ++ // which node currently does not implement. ++ if (i === 3) continue; ++ ++ const name = `x509-escaping/google/leaf${i}.pem`; ++ const leafPEM = fixtures.readSync(name, 'utf8'); ++ ++ const server = tls.createServer({ ++ key: keyPEM, ++ cert: leafPEM + intermPEM, ++ }, common.mustNotCall()).listen(common.mustCall(() => { ++ const { port } = server.address(); ++ const socket = tls.connect(port, { ++ ca: rootPEM, ++ servername: 'nodejs.org', ++ }, common.mustNotCall()); ++ socket.on('error', common.mustCall()); ++ })).unref(); ++ } ++} ++ ++// Test escaping rules for subject alternative names. ++{ ++ const expectedSANs = [ ++ 'DNS:"good.example.com\\u002c DNS:evil.example.com"', ++ // URIs should not require escaping. ++ 'URI:http://example.com/', ++ 'URI:http://example.com/?a=b&c=d', ++ // Unless they contain commas. ++ 'URI:"http://example.com/a\\u002cb"', ++ // Percent encoding should not require escaping. ++ 'URI:http://example.com/a%2Cb', ++ // Malicious attempts should be escaped. ++ 'URI:"http://example.com/a\\u002c DNS:good.example.com"', ++ // Non-ASCII characters in DNS names should be treated as Latin-1. ++ 'DNS:"ex\\u00e4mple.com"', ++ // It should not be possible to cause unescaping without escaping. ++ 'DNS:"\\"evil.example.com\\""', ++ // IPv4 addresses should be represented as usual. ++ 'IP Address:8.8.8.8', ++ 'IP Address:8.8.4.4', ++ // For backward-compatibility, include invalid IP address lengths. ++ hasOpenSSL3 ? 'IP Address:' : 'IP Address:', ++ hasOpenSSL3 ? 'IP Address:' : 'IP Address:', ++ // IPv6 addresses are represented as OpenSSL does. ++ 'IP Address:A0B:C0D:E0F:0:0:0:7A7B:7C7D', ++ // Regular email addresses don't require escaping. ++ 'email:foo@example.com', ++ // ... but should be escaped if they contain commas. ++ 'email:"foo@example.com\\u002c DNS:good.example.com"', ++ 'DirName:/C=DE/L=Hannover', ++ // TODO(tniessen): support UTF8 in DirName ++ 'DirName:"/C=DE/L=M\\\\xC3\\\\xBCnchen"', ++ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com"', ++ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com\\\\x00' + ++ 'evil.example.com"', ++ 'DirName:"/C=DE/L=Berlin\\u002c DNS:good.example.com\\\\\\\\x00' + ++ 'evil.example.com"', ++ // These next two tests might be surprising. OpenSSL applies its own rules ++ // first, which introduce backslashes, which activate node's escaping. ++ // Unfortunately, there are also differences between OpenSSL 1.1.1 and 3.0. ++ 'DirName:"/C=DE/L=Berlin\\\\x0D\\\\x0A"', ++ hasOpenSSL3 ? ++ 'DirName:"/C=DE/L=Berlin\\\\/CN=good.example.com"' : ++ 'DirName:/C=DE/L=Berlin/CN=good.example.com', ++ // TODO(tniessen): even OIDs that are well-known (such as the following, ++ // which is sha256WithRSAEncryption) should be represented numerically only. ++ 'Registered ID:sha256WithRSAEncryption', ++ // This is an OID that will likely never be assigned to anything, thus ++ // OpenSSL should not know it. ++ 'Registered ID:1.3.9999.12.34', ++ hasOpenSSL3 ? ++ 'othername: XmppAddr::abc123' : ++ 'othername:', ++ hasOpenSSL3 ? ++ 'othername:" XmppAddr::abc123\\u002c DNS:good.example.com"' : ++ 'othername:', ++ hasOpenSSL3 ? ++ 'othername:" XmppAddr::good.example.com\\u0000abc123"' : ++ 'othername:', ++ // This is unsupported because the OID is not recognized. ++ 'othername:', ++ hasOpenSSL3 ? 'othername: SRVName::abc123' : 'othername:', ++ // This is unsupported because it is an SRVName with a UTF8String value, ++ // which is not allowed for SRVName. ++ 'othername:', ++ hasOpenSSL3 ? ++ 'othername:" SRVName::abc\\u0000def"' : ++ 'othername:', ++ ]; ++ ++ const serverKey = fixtures.readSync('x509-escaping/server-key.pem', 'utf8'); ++ ++ for (let i = 0; i < expectedSANs.length; i++) { ++ const pem = fixtures.readSync(`x509-escaping/alt-${i}-cert.pem`, 'utf8'); ++ ++ // X509Certificate interface is not supported in v12.x & v14.x. Disable ++ // checks for subjectAltName with expectedSANs. The testcase is ported ++ // from v17.x ++ // ++ // Test the subjectAltName property of the X509Certificate API. ++ // const cert = new X509Certificate(pem); ++ // assert.strictEqual(cert.subjectAltName, expectedSANs[i]); ++ ++ // Test that the certificate obtained by checkServerIdentity has the correct ++ // subjectaltname property. ++ const server = tls.createServer({ ++ key: serverKey, ++ cert: pem, ++ }, common.mustCall((conn) => { ++ conn.destroy(); ++ server.close(); ++ })).listen(common.mustCall(() => { ++ const { port } = server.address(); ++ tls.connect(port, { ++ ca: pem, ++ servername: 'example.com', ++ checkServerIdentity: (hostname, peerCert) => { ++ assert.strictEqual(hostname, 'example.com'); ++ assert.strictEqual(peerCert.subjectaltname, expectedSANs[i]); ++ }, ++ }, common.mustCall()); ++ })); ++ } ++} ++ ++// Test escaping rules for authority info access. ++{ ++ const expectedInfoAccess = [ ++ { ++ text: 'OCSP - URI:"http://good.example.com/\\u000a' + ++ 'OCSP - URI:http://evil.example.com/"', ++ legacy: { ++ 'OCSP - URI': [ ++ 'http://good.example.com/\nOCSP - URI:http://evil.example.com/', ++ ], ++ }, ++ }, ++ { ++ text: 'CA Issuers - URI:"http://ca.example.com/\\u000a' + ++ 'OCSP - URI:http://evil.example.com"\n' + ++ 'OCSP - DNS:"good.example.com\\u000a' + ++ 'OCSP - URI:http://ca.nodejs.org/ca.cert"', ++ legacy: { ++ 'CA Issuers - URI': [ ++ 'http://ca.example.com/\nOCSP - URI:http://evil.example.com', ++ ], ++ 'OCSP - DNS': [ ++ 'good.example.com\nOCSP - URI:http://ca.nodejs.org/ca.cert', ++ ], ++ }, ++ }, ++ { ++ text: '1.3.9999.12.34 - URI:http://ca.example.com/', ++ legacy: { ++ '1.3.9999.12.34 - URI': [ ++ 'http://ca.example.com/', ++ ], ++ }, ++ }, ++ hasOpenSSL3 ? { ++ text: 'OCSP - othername: XmppAddr::good.example.com\n' + ++ 'OCSP - othername:\n' + ++ 'OCSP - othername: SRVName::abc123', ++ legacy: { ++ 'OCSP - othername': [ ++ ' XmppAddr::good.example.com', ++ '', ++ ' SRVName::abc123', ++ ], ++ }, ++ } : { ++ text: 'OCSP - othername:\n' + ++ 'OCSP - othername:\n' + ++ 'OCSP - othername:', ++ legacy: { ++ 'OCSP - othername': [ ++ '', ++ '', ++ '', ++ ], ++ }, ++ }, ++ hasOpenSSL3 ? { ++ text: 'OCSP - othername:" XmppAddr::good.example.com\\u0000abc123"', ++ legacy: { ++ 'OCSP - othername': [ ++ ' XmppAddr::good.example.com\0abc123', ++ ], ++ }, ++ } : { ++ text: 'OCSP - othername:', ++ legacy: { ++ 'OCSP - othername': [ ++ '', ++ ], ++ }, ++ }, ++ ]; ++ ++ const serverKey = fixtures.readSync('x509-escaping/server-key.pem', 'utf8'); ++ ++ for (let i = 0; i < expectedInfoAccess.length; i++) { ++ const pem = fixtures.readSync(`x509-escaping/info-${i}-cert.pem`, 'utf8'); ++ const expected = expectedInfoAccess[i]; ++ ++ // X509Certificate interface is not supported in v12.x & v14.x. Disable ++ // checks for cert.infoAccess with expected text. The testcase is ported ++ // from v17.x ++ // Test the subjectAltName property of the X509Certificate API. ++ // const cert = new X509Certificate(pem); ++ // assert.strictEqual(cert.infoAccess, ++ // `${expected.text}${hasOpenSSL3 ? '' : '\n'}`); ++ ++ // Test that the certificate obtained by checkServerIdentity has the correct ++ // subjectaltname property. ++ const server = tls.createServer({ ++ key: serverKey, ++ cert: pem, ++ }, common.mustCall((conn) => { ++ conn.destroy(); ++ server.close(); ++ })).listen(common.mustCall(() => { ++ const { port } = server.address(); ++ tls.connect(port, { ++ ca: pem, ++ servername: 'example.com', ++ checkServerIdentity: (hostname, peerCert) => { ++ assert.strictEqual(hostname, 'example.com'); ++ assert.deepStrictEqual(peerCert.infoAccess, ++ Object.assign(Object.create(null), ++ expected.legacy)); ++ }, ++ }, common.mustCall()); ++ })); ++ } ++} ++ ++// The internal parsing logic must match the JSON specification exactly. ++{ ++ // This list is partially based on V8's own JSON tests. ++ const invalidJSON = [ ++ '"\\a invalid escape"', ++ '"\\v invalid escape"', ++ '"\\\' invalid escape"', ++ '"\\x42 invalid escape"', ++ '"\\u202 invalid escape"', ++ '"\\012 invalid escape"', ++ '"Unterminated string', ++ '"Unterminated string\\"', ++ '"Unterminated string\\\\\\"', ++ '"\u0000 control character"', ++ '"\u001e control character"', ++ '"\u001f control character"', ++ ]; ++ ++ for (const invalidStringLiteral of invalidJSON) { ++ // Usually, checkServerIdentity returns an error upon verification failure. ++ // In this case, however, it should throw an error since this is not a ++ // verification error. Node.js itself will never produce invalid JSON string ++ // literals, so this can only happen when users construct invalid subject ++ // alternative name strings (that do not follow escaping rules). ++ assert.throws(() => { ++ tls.checkServerIdentity('example.com', { ++ subjectaltname: `DNS:${invalidStringLiteral}`, ++ }); ++ }, { ++ code: 'ERR_TLS_CERT_ALTNAME_FORMAT', ++ message: 'Invalid subject alternative name string' ++ }); ++ } ++} ++ ++// While node does not produce commas within SAN entries, it should parse them ++// correctly (i.e., not simply split at commas). ++{ ++ // Regardless of the quotes, splitting this SAN string at commas would ++ // cause checkServerIdentity to see 'DNS:b.example.com' and thus to accept ++ // the certificate for b.example.com. ++ const san = 'DNS:"a.example.com, DNS:b.example.com, DNS:c.example.com"'; ++ ++ // This is what node used to do, and which is not correct! ++ const hostname = 'b.example.com'; ++ assert.strictEqual(san.split(', ')[1], `DNS:${hostname}`); ++ ++ // The new implementation should parse the string correctly. ++ const err = tls.checkServerIdentity(hostname, { subjectaltname: san }); ++ assert(err); ++ assert.strictEqual(err.code, 'ERR_TLS_CERT_ALTNAME_INVALID'); ++ assert.strictEqual(err.message, 'Hostname/IP does not match certificate\'s ' + ++ 'altnames: Host: b.example.com. is not in ' + ++ 'the cert\'s altnames: DNS:"a.example.com, ' + ++ 'DNS:b.example.com, DNS:c.example.com"'); ++} ++ ++// The subject MUST be ignored if a dNSName subject alternative name exists. ++{ ++ const key = fixtures.readKey('incorrect_san_correct_subject-key.pem'); ++ const cert = fixtures.readKey('incorrect_san_correct_subject-cert.pem'); ++ ++ // The hostname is the CN, but not a SAN entry. ++ const servername = 'good.example.com'; ++ ++ // X509Certificate interface is not supported in v12.x & v14.x. Disable ++ // checks for certX509.subject and certX509.subjectAltName with expected ++ // value. The testcase is ported from v17.x ++ // ++ // const certX509 = new X509Certificate(cert); ++ // assert.strictEqual(certX509.subject, `CN=${servername}`); ++ // assert.strictEqual(certX509.subjectAltName, 'DNS:evil.example.com'); ++ ++ // Try connecting to a server that uses the self-signed certificate. ++ const server = tls.createServer({ key, cert }, common.mustNotCall()); ++ server.listen(common.mustCall(() => { ++ const { port } = server.address(); ++ const socket = tls.connect(port, { ++ ca: cert, ++ servername, ++ }, common.mustNotCall()); ++ socket.on('error', common.mustCall((err) => { ++ assert.strictEqual(err.code, 'ERR_TLS_CERT_ALTNAME_INVALID'); ++ assert.strictEqual(err.message, 'Hostname/IP does not match ' + ++ "certificate's altnames: Host: " + ++ "good.example.com. is not in the cert's" + ++ ' altnames: DNS:evil.example.com'); ++ })); ++ })).unref(); ++} +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb deleted file mode 100644 index b9e3821776..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb +++ /dev/null @@ -1,161 +0,0 @@ -DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" -HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & BSD & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" - -DEPENDS = "openssl" -DEPENDS_append_class-target = " nodejs-native" - -inherit pkgconfig python3native - -COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" -COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" -COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" - -COMPATIBLE_HOST_riscv64 = "null" -COMPATIBLE_HOST_riscv32 = "null" - -SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ - file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0003-Install-both-binaries-and-use-libdir.patch \ - file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://big-endian.patch \ - file://mips-warnings.patch \ - file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ - " -SRC_URI_append_class-target = " \ - file://0002-Using-native-binaries.patch \ - " -SRC_URI[sha256sum] = "052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d" - -S = "${WORKDIR}/node-v${PV}" - -# v8 errors out if you have set CCACHE -CCACHE = "" - -def map_nodejs_arch(a, d): - import re - - if re.match('i.86$', a): return 'ia32' - elif re.match('x86_64$', a): return 'x64' - elif re.match('aarch64$', a): return 'arm64' - elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' - elif re.match('powerpc$', a): return 'ppc' - return a - -ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ - ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ - '--with-arm-fpu=vfp', d), d), d)}" -GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " -ARCHFLAGS ?= "" - -PACKAGECONFIG ??= "ares brotli icu zlib" - -PACKAGECONFIG[ares] = "--shared-cares,,c-ares" -PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" -PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" -PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" -PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" -PACKAGECONFIG[shared] = "--shared" -PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" - -# We don't want to cross-compile during target compile, -# and we need to use the right flags during host compile, -# too. -EXTRA_OEMAKE = "\ - CC.host='${CC}' \ - CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ - CXX.host='${CXX}' \ - CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ - LDFLAGS.host='${LDFLAGS}' \ - AR.host='${AR}' \ - \ - builddir_name=./ \ -" - -python do_unpack() { - import shutil - - bb.build.exec_func('base_do_unpack', d) - - shutil.rmtree(d.getVar('S') + '/deps/openssl', True) - if 'ares' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/cares', True) - if 'brotli' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/brotli', True) - if 'libuv' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/uv', True) - if 'nghttp2' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) - if 'zlib' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/zlib', True) -} - -# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi -do_configure () { - export LD="${CXX}" - GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES - # $TARGET_ARCH settings don't match --dest-cpu settings - python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ - --without-dtrace \ - --without-etw \ - --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ - --dest-os=linux \ - --libdir=${D}${libdir} \ - ${ARCHFLAGS} \ - ${PACKAGECONFIG_CONFARGS} -} - -do_compile () { - export LD="${CXX}" - oe_runmake BUILDTYPE=Release -} - -do_install () { - oe_runmake install DESTDIR=${D} - - # wasn't updated since 2009 and is the only thing requiring python2 in runtime - # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] - rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples -} - -do_install_append_class-native() { - # use node from PATH instead of absolute path to sysroot - # node-v0.10.25/tools/install.py is using: - # shebang = os.path.join(node_prefix, 'bin/node') - # update_shebang(link_path, shebang) - # and node_prefix can be very long path to bindir in native sysroot and - # when it exceeds 128 character shebang limit it's stripped to incorrect path - # and npm fails to execute like in this case with 133 characters show in log.do_install: - # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node - # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js - # use sed on npm-cli.js because otherwise symlink is replaced with normal file and - # npm-cli.js continues to use old shebang - sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js - - # Install the native binaries to provide it within sysroot for the target compilation - install -d ${D}${bindir} - install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque - install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator - if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then - install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case - fi - install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache - install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot -} - -do_install_append_class-target() { - sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js -} - -PACKAGES =+ "${PN}-npm" -FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" -RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ - python3-misc python3-multiprocessing" - -PACKAGES =+ "${PN}-systemtap" -FILES_${PN}-systemtap = "${datadir}/systemtap" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb new file mode 100644 index 0000000000..2c7d3b3edd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.22.2.bb @@ -0,0 +1,162 @@ +DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" +HOMEPAGE = "http://nodejs.org" +LICENSE = "MIT & BSD & Artistic-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" + +DEPENDS = "openssl" +DEPENDS_append_class-target = " nodejs-native" + +inherit pkgconfig python3native + +COMPATIBLE_MACHINE_armv4 = "(!.*armv4).*" +COMPATIBLE_MACHINE_armv5 = "(!.*armv5).*" +COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*" + +COMPATIBLE_HOST_riscv64 = "null" +COMPATIBLE_HOST_riscv32 = "null" + +SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ + file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ + file://0003-Install-both-binaries-and-use-libdir.patch \ + file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://big-endian.patch \ + file://mips-warnings.patch \ + file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ + file://CVE-2021-44532.patch \ + " +SRC_URI_append_class-target = " \ + file://0002-Using-native-binaries.patch \ + " +SRC_URI[sha256sum] = "7fd805571df106f086f4c45e131efed98bfd62628d9dec96bd62f8c11b0c48dc" + +S = "${WORKDIR}/node-v${PV}" + +# v8 errors out if you have set CCACHE +CCACHE = "" + +def map_nodejs_arch(a, d): + import re + + if re.match('i.86$', a): return 'ia32' + elif re.match('x86_64$', a): return 'x64' + elif re.match('aarch64$', a): return 'arm64' + elif re.match('(powerpc64|ppc64le)$', a): return 'ppc64' + elif re.match('powerpc$', a): return 'ppc' + return a + +ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ + ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ + '--with-arm-fpu=vfp', d), d), d)}" +GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " +ARCHFLAGS ?= "" + +PACKAGECONFIG ??= "ares brotli icu zlib" + +PACKAGECONFIG[ares] = "--shared-cares,,c-ares" +PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" +PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" +PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" +PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" +PACKAGECONFIG[shared] = "--shared" +PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" + +# We don't want to cross-compile during target compile, +# and we need to use the right flags during host compile, +# too. +EXTRA_OEMAKE = "\ + CC.host='${CC}' \ + CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ + CXX.host='${CXX}' \ + CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ + LDFLAGS.host='${LDFLAGS}' \ + AR.host='${AR}' \ + \ + builddir_name=./ \ +" + +python do_unpack() { + import shutil + + bb.build.exec_func('base_do_unpack', d) + + shutil.rmtree(d.getVar('S') + '/deps/openssl', True) + if 'ares' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/cares', True) + if 'brotli' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/brotli', True) + if 'libuv' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/uv', True) + if 'nghttp2' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/nghttp2', True) + if 'zlib' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/zlib', True) +} + +# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi +do_configure () { + export LD="${CXX}" + GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES + # $TARGET_ARCH settings don't match --dest-cpu settings + python3 configure.py --prefix=${prefix} --cross-compiling --without-snapshot --shared-openssl \ + --without-dtrace \ + --without-etw \ + --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ + --dest-os=linux \ + --libdir=${D}${libdir} \ + ${ARCHFLAGS} \ + ${PACKAGECONFIG_CONFARGS} +} + +do_compile () { + export LD="${CXX}" + oe_runmake BUILDTYPE=Release +} + +do_install () { + oe_runmake install DESTDIR=${D} + + # wasn't updated since 2009 and is the only thing requiring python2 in runtime + # ERROR: nodejs-12.14.1-r0 do_package_qa: QA Issue: /usr/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples contained in package nodejs-npm requires /usr/bin/python, but no providers found in RDEPENDS_nodejs-npm? [file-rdeps] + rm -f ${D}${exec_prefix}/lib/node_modules/npm/node_modules/node-gyp/gyp/samples/samples +} + +do_install_append_class-native() { + # use node from PATH instead of absolute path to sysroot + # node-v0.10.25/tools/install.py is using: + # shebang = os.path.join(node_prefix, 'bin/node') + # update_shebang(link_path, shebang) + # and node_prefix can be very long path to bindir in native sysroot and + # when it exceeds 128 character shebang limit it's stripped to incorrect path + # and npm fails to execute like in this case with 133 characters show in log.do_install: + # updating shebang of /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/work/x86_64-linux/nodejs-native/0.10.15-r0/image/home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/npm to /home/jenkins/workspace/build-webos-nightly/device/qemux86/label/open-webos-builder/BUILD-qemux86/sysroots/x86_64-linux/usr/bin/node + # /usr/bin/npm is symlink to /usr/lib/node_modules/npm/bin/npm-cli.js + # use sed on npm-cli.js because otherwise symlink is replaced with normal file and + # npm-cli.js continues to use old shebang + sed "1s^.*^#\!/usr/bin/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js + + # Install the native binaries to provide it within sysroot for the target compilation + install -d ${D}${bindir} + install -m 0755 ${S}/out/Release/torque ${D}${bindir}/torque + install -m 0755 ${S}/out/Release/bytecode_builtins_list_generator ${D}${bindir}/bytecode_builtins_list_generator + if ${@bb.utils.contains('PACKAGECONFIG','icu','true','false',d)}; then + install -m 0755 ${S}/out/Release/gen-regexp-special-case ${D}${bindir}/gen-regexp-special-case + fi + install -m 0755 ${S}/out/Release/mkcodecache ${D}${bindir}/mkcodecache + install -m 0755 ${S}/out/Release/node_mksnapshot ${D}${bindir}/node_mksnapshot +} + +do_install_append_class-target() { + sed "1s^.*^#\!${bindir}/env node^g" -i ${D}${exec_prefix}/lib/node_modules/npm/bin/npm-cli.js +} + +PACKAGES =+ "${PN}-npm" +FILES_${PN}-npm = "${exec_prefix}/lib/node_modules ${bindir}/npm ${bindir}/npx" +RDEPENDS_${PN}-npm = "bash python3-core python3-shell python3-datetime \ + python3-misc python3-multiprocessing" + +PACKAGES =+ "${PN}-systemtap" +FILES_${PN}-systemtap = "${datadir}/systemtap" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch new file mode 100644 index 0000000000..bb9594e968 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf/CVE-2021-22570.patch @@ -0,0 +1,73 @@ +From f5ce0700d80c776186b0fb0414ef20966a3a6a03 Mon Sep 17 00:00:00 2001 +From: "Sana.Kazi" +Date: Wed, 23 Feb 2022 15:50:16 +0530 +Subject: [PATCH] protobuf: Fix CVE-2021-22570 + +CVE: CVE-2021-22570 +Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch] +Comment: Removed first and second hunk +Signed-off-by: Sana.Kazi + +--- + src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc +index 6835a3cde..1514ae531 100644 +--- a/src/google/protobuf/descriptor.cc ++++ b/src/google/protobuf/descriptor.cc +@@ -2603,6 +2603,8 @@ void Descriptor::DebugString(int depth, std::string* contents, + const Descriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start + 1) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end > FieldDescriptor::kMaxNumber) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end - 1); +@@ -2815,6 +2817,8 @@ void EnumDescriptor::DebugString( + const EnumDescriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end == INT_MAX) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start, + range->end); +@@ -4002,6 +4006,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + // Use its file as the parent instead. + if (parent == nullptr) parent = file_; + ++ if (full_name.find('\0') != std::string::npos) { ++ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + full_name + "\" contains null character."); ++ return false; ++ } + if (tables_->AddSymbol(full_name, symbol)) { + if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) { + // This is only possible if there was already an error adding something of +@@ -4041,6 +4050,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name, + void DescriptorBuilder::AddPackage(const std::string& name, + const Message& proto, + const FileDescriptor* file) { ++ if (name.find('\0') != std::string::npos) { ++ AddError(name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + name + "\" contains null character."); ++ return; ++ } + if (tables_->AddSymbol(name, Symbol(file))) { + // Success. Also add parent package, if any. + std::string::size_type dot_pos = name.find_last_of('.'); +@@ -4354,6 +4368,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl( + } + result->pool_ = pool_; + ++ if (result->name().find('\0') != std::string::npos) { ++ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + result->name() + "\" contains null character."); ++ return nullptr; ++ } ++ + // Add to tables. + if (!tables_->AddFile(result)) { + AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER, diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb index d2f22ba6b8..55d56ff08e 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/google/protobuf.git;branch=3.11.x;protocol=https \ file://0001-protobuf-fix-configure-error.patch \ file://0001-Makefile.am-include-descriptor.cc-when-building-libp.patch \ file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ + file://CVE-2021-22570.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 0000000000..98e186cbf0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch @@ -0,0 +1,27 @@ +p7zip: Update CVE-2016-9296 patch URL. +From: Robert Luberda +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip + +Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] +CVE: CVE-2016-9296 + +Signed-off-by: Virendra Thakur + +Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp ++++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch new file mode 100644 index 0000000000..b6deb5d3a7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch @@ -0,0 +1,226 @@ +From: Robert Luberda +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 + +Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch] +CVE: CVE-2018-5996 + +Signed-off-by: Virendra Thakur +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialIn + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialI + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +Index: p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBi + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialIn + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +Index: p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepD + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProg + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProg + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialI + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +Index: p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h ++++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/meta-openembedded/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch new file mode 100644 index 0000000000..dcde83e8a4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch @@ -0,0 +1,27 @@ +fixes the below error + +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)': +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 308 | numMethods++; +| | ^~~~~~~~~~ +| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17 +| 318 | numMethods++; + + +use unsigned instead of bool +Signed-off-by: Nisha Parrakat + +Upstream-Status: Pending +Index: p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +=================================================================== +--- p7zip_16.02.orig/CPP/7zip/Archive/Wim/WimHandler.cpp ++++ p7zip_16.02/CPP/7zip/Archive/Wim/WimHandler.cpp +@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchivePropert + + AString res; + +- bool numMethods = 0; ++ unsigned numMethods = 0; + for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++) + { + if (methodMask & ((UInt32)1 << i)) diff --git a/meta-openembedded/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-openembedded/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 13479a90fe..79677c6487 100644 --- a/meta-openembedded/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-openembedded/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb @@ -9,6 +9,9 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al file://do_not_override_compiler_and_do_not_strip.patch \ file://CVE-2017-17969.patch \ file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ + file://change_numMethods_from_bool_to_unsigned.patch \ + file://CVE-2018-5996.patch \ + file://CVE-2016-9296.patch \ " SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" @@ -16,10 +19,26 @@ SRC_URI[sha256sum] = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6 S = "${WORKDIR}/${BPN}_${PV}" +do_compile_append() { + oe_runmake 7z +} +FILES_${PN} += "${libdir}/* ${bindir}/7z" + +FILES_SOLIBSDEV = "" +INSANE_SKIP_${PN} += "dev-so" + do_install() { install -d ${D}${bindir} - install -m 0755 ${S}/bin/* ${D}${bindir} + install -d ${D}${bindir}/Codecs + install -d ${D}${libdir} + install -d ${D}${libdir}/Codecs + install -m 0755 ${S}/bin/7za ${D}${bindir} ln -s 7za ${D}${bindir}/7z + install -m 0755 ${S}/bin/Codecs/* ${D}${libdir}/Codecs/ + install -m 0755 ${S}/bin/7z.so ${D}${libdir}/lib7z.so } -BBCLASSEXTEND = "native" +RPROVIDES_${PN} += "lib7z.so()(64bit) 7z lib7z.so" +RPROVIDES_${PN}-dev += "lib7z.so()(64bit) 7z lib7z.so" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch new file mode 100644 index 0000000000..cab1c83c09 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4034.patch @@ -0,0 +1,74 @@ +From ed8b418f1341cf7fc576f6b17de5c6dd4017e034 Mon Sep 17 00:00:00 2001 +From: "Jeremy A. Puhlman" +Date: Thu, 27 Jan 2022 00:01:27 +0000 +Subject: [PATCH] CVE-2021-4034: Local privilege escalation in pkexec due to + incorrect handling of argument vector + +Upstream-Status: Backport https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 +CVE: CVE-2021-4034 + +Signed-off-by: Jeremy A. Puhlman +--- + src/programs/pkcheck.c | 6 ++++++ + src/programs/pkexec.c | 21 ++++++++++++++++++++- + 2 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index f1bb4e1..aff4f60 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -363,6 +363,12 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++ { ++ help(); ++ exit(1); ++ } ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7698c5c..3ff4c58 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -488,6 +488,17 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called wrong, just show help and bail out. ++ */ ++ if (argc<1) ++ { ++ clearenv(); ++ usage(argc, argv); ++ exit(1); ++ } ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -636,7 +647,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++ argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +-- +2.26.2 + diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch new file mode 100644 index 0000000000..37e0d6063c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/files/CVE-2021-4115.patch @@ -0,0 +1,87 @@ +From 41cb093f554da8772362654a128a84dd8a5542a7 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Mon, 21 Feb 2022 08:29:05 +0000 +Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7.patch] +CVE: CVE-2021-4115 +Signed-off-by: Ranjitsinh Rathod + +--- + src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++---- + 1 file changed, 34 insertions(+), 4 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, +@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + on_retrieved_unix_uid_pid, + &data); + +- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) +- g_main_context_iteration (tmp_context, TRUE); ++ while (TRUE) ++ { ++ /* If one dbus call returns error, we must wait until the other call ++ * calls _call_finish(), otherwise fd leak is possible. ++ * Resolves: GHSL-2021-077 ++ */ + +- if (data.caught_error) +- goto out; ++ if ( (dbus_call_respond_fails > 1) ) ++ { ++ // we got two faults, we can leave ++ goto out; ++ } ++ ++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) ++ { ++ // we got one fault and the other call finally finished, we can leave ++ goto out; ++ } ++ ++ if ( !(data.retrieved_uid && data.retrieved_pid) ) ++ { ++ g_main_context_iteration (tmp_context, TRUE); ++ } ++ else ++ { ++ break; ++ } ++ } + + if (out_uid) + *out_uid = data.uid; +-- +GitLab + diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch new file mode 100644 index 0000000000..76308ffdb9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch @@ -0,0 +1,33 @@ +From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Wed, 2 Jun 2021 15:43:38 +0200 +Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit + +initial values returned if error caught + +CVE: CVE-2021-3560 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81] + +Signed-off-by: Mingli Yu +--- + src/polkit/polkitsystembusname.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8daa12c..8ed1363 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) +-- +2.29.2 + diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.116.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.116.bb index ad1973b136..dd8e208616 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.116.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.116.bb @@ -25,6 +25,9 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0003-make-netgroup-support-optional.patch \ + file://CVE-2021-3560.patch \ + file://CVE-2021-4034.patch \ + file://CVE-2021-4115.patch \ " SRC_URI[md5sum] = "4b37258583393e83069a0e2e89c0162a" SRC_URI[sha256sum] = "88170c9e711e8db305a12fdb8234fac5706c61969b94e084d0f117d8ec5d34b1" diff --git a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb index 81ab86c762..72e2f5cc7a 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/graphviz/graphviz_2.40.1.bb @@ -55,6 +55,17 @@ do_install_append_class-native() { install -m755 ${B}/lib/gvpr/mkdefs ${D}${bindir} } +# create /usr/lib/graphviz/config6 +graphviz_sstate_postinst() { + mkdir -p ${SYSROOT_DESTDIR}${bindir} + dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} + echo '#!/bin/sh' > $dest + echo '' >> $dest + echo 'dot -c' >> $dest + chmod 0755 $dest +} +SYSROOT_PREPROCESS_FUNCS_append_class-native = " graphviz_sstate_postinst" + PACKAGES =+ "${PN}-python ${PN}-perl ${PN}-demo" FILES_${PN}-python += "${libdir}/python*/site-packages/ ${libdir}/graphviz/python/" diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch new file mode 100644 index 0000000000..98988e686e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-1.patch @@ -0,0 +1,72 @@ +From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001 +From: Young Xiao +Date: Sat, 16 Mar 2019 19:57:27 +0800 +Subject: [PATCH] convertbmp: detect invalid file dimensions early + +width/length dimensions read from bmp headers are not necessarily +valid. For instance they may have been maliciously set to very large +values with the intention to cause DoS (large memory allocation, stack +overflow). In these cases we want to detect the invalid size as early +as possible. + +This commit introduces a counter which verifies that the number of +written bytes corresponds to the advertized width/length. + +See commit 8ee335227bbc for details. + +Signed-off-by: Young Xiao + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2019-12973 +Signed-off-by: Virendra Thakur +--- + src/bin/jp2/convertbmp.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index 0af52f816..ec34f535b 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + } else { /* absolute mode */ + c = getc(IN); +@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + c1 = (OPJ_UINT8)getc(IN); + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ + getc(IN); +@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } + } + } /* while(y < height) */ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } + return OPJ_TRUE; + } + diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch new file mode 100644 index 0000000000..2177bfdbdb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2019-12973-2.patch @@ -0,0 +1,86 @@ +From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001 +From: Young Xiao +Date: Sat, 16 Mar 2019 20:09:59 +0800 +Subject: [PATCH] bmp_read_rle4_data(): avoid potential infinite loop + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2019-12973 +Signed-off-by: Virendra Thakur +--- + src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ec34f535b..2fc4e9bc4 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + while (y < height) { + int c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c) { /* encoded mode */ +- int j; +- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN); ++ int j, c1_int; ++ OPJ_UINT8 c1; ++ ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { +@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } else { /* absolute mode */ + c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c == 0x00) { /* EOL */ +@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + break; + } else if (c == 0x02) { /* MOVE by dxdy */ + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + x += (OPJ_UINT32)c; + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + y += (OPJ_UINT32)c; + pix = pData + y * stride + x; + } else { /* 03 .. 255 : absolute mode */ +@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + if ((j & 1) == 0) { +- c1 = (OPJ_UINT8)getc(IN); ++ int c1_int; ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); + written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ +- getc(IN); ++ c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + } + } + } diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch new file mode 100644 index 0000000000..f22e153b52 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch @@ -0,0 +1,43 @@ +From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sun, 28 Jun 2020 14:19:59 +0200 +Subject: [PATCH] opj_decompress: fix double-free on input directory with mix + of valid and invalid images (CVE-2020-15389) + +Fixes #1261 + +Credits to @Ruia-ruia for reporting and analysis. + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-15389 +Signed-off-by: Virendra Thakur +--- + src/bin/jp2/opj_decompress.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 7eeb0952f..2634907f0 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original) + int main(int argc, char **argv) + { + opj_decompress_parameters parameters; /* decompression parameters */ +- opj_image_t* image = NULL; +- opj_stream_t *l_stream = NULL; /* Stream */ +- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ +- opj_codestream_index_t* cstr_index = NULL; + + OPJ_INT32 num_images, imageno; + img_fol_t img_fol; +@@ -1393,6 +1389,10 @@ int main(int argc, char **argv) + + /*Decoding image one by one*/ + for (imageno = 0; imageno < num_images ; imageno++) { ++ opj_image_t* image = NULL; ++ opj_stream_t *l_stream = NULL; /* Stream */ ++ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ ++ opj_codestream_index_t* cstr_index = NULL; + + if (!parameters.quiet) { + fprintf(stderr, "\n"); diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch new file mode 100644 index 0000000000..da06db6db7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-1.patch @@ -0,0 +1,29 @@ +From eaa098b59b346cb88e4d10d505061f669d7134fc Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 23 Nov 2020 13:49:05 +0100 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/tcd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + + /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ ++ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch new file mode 100644 index 0000000000..9c5894c720 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-2.patch @@ -0,0 +1,27 @@ +From 15cf3d95814dc931ca0ecb132f81cb152e051bae Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 23 Nov 2020 18:14:02 +0100 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/tcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1237,9 +1237,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ + /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ + /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ ++ /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch new file mode 100644 index 0000000000..1eb030af46 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-3.patch @@ -0,0 +1,30 @@ +From 649298dcf84b2f20cfe458d887c1591db47372a6 Mon Sep 17 00:00:00 2001 +From: yuan +Date: Wed, 25 Nov 2020 20:41:39 +0800 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/tcd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1238,10 +1238,12 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ + /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ + /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ ++ /* and +33 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4) */ ++ /* and +63 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -IMF 2K) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * +- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); ++ l_data_size = 63 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { + if (p_code_block->data) { diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch new file mode 100644 index 0000000000..1c267c313b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27814-4.patch @@ -0,0 +1,27 @@ +From 4ce7d285a55d29b79880d0566d4b010fe1907aa9 Mon Sep 17 00:00:00 2001 +From: yuan +Date: Fri, 4 Dec 2020 19:00:22 +0800 +Subject: [PATCH] Encoder: grow again buffer size in + opj_tcd_code_block_enc_allocate_data() (fixes #1283) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27814 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/tcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1240,9 +1240,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ + /* and +33 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4) */ + /* and +63 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -IMF 2K) */ ++ /* and +74 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 4 -n 8 -s 7,7 -I) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 63 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 74 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch new file mode 100644 index 0000000000..e4373d0d32 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27823.patch @@ -0,0 +1,29 @@ +From b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 30 Nov 2020 22:31:51 +0100 +Subject: [PATCH] pngtoimage(): fix wrong computation of x1,y1 if -d option is + used, that would result in a heap buffer overflow (fixes #1284) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27823 +Signed-off-by: Virendra Thakur +--- + src/bin/jp2/convertpng.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c +index 328c91beb..00f596e27 100644 +--- a/src/bin/jp2/convertpng.c ++++ b/src/bin/jp2/convertpng.c +@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) + image->x0 = (OPJ_UINT32)params->image_offset_x0; + image->y0 = (OPJ_UINT32)params->image_offset_y0; + image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) +- params->subsampling_dx + 1 + image->x0); ++ params->subsampling_dx + 1); + image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) +- params->subsampling_dy + 1 + image->y0); ++ params->subsampling_dy + 1); + + row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); + if (row32s == NULL) { diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch new file mode 100644 index 0000000000..5f3deb4dda --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch @@ -0,0 +1,24 @@ +From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 30 Nov 2020 22:37:07 +0100 +Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible + conversion when too many decomposition levels are specified (fixes #1286) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27824 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/dwt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/lib/openjp2/dwt.c ++++ b/src/lib/openjp2/dwt.c +@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj + if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { + stepsize = 1.0; + } else { +- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; ++ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); + stepsize = (1 << (gain)) / norm; + } + opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch new file mode 100644 index 0000000000..db6d12dc2c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27841.patch @@ -0,0 +1,238 @@ +From 00383e162ae2f8fc951f5745bf1011771acb8dce Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Wed, 2 Dec 2020 14:02:17 +0100 +Subject: [PATCH] pi.c: avoid out of bounds access with POC (refs + https://github.com/uclouvain/openjpeg/issues/1293#issuecomment-737122836) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27841 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/pi.c | 49 +++++++++++++++++++++++++++++--------------- + src/lib/openjp2/pi.h | 10 +++++++-- + src/lib/openjp2/t2.c | 4 ++-- + 3 files changed, 42 insertions(+), 21 deletions(-) + +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet + * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. + * @param p_cp the coding parameters. + * @param tileno the index of the tile from which creating the packet iterator. ++ * @param manager Event manager + */ + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, + const opj_cp_t *p_cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * FIXME DOC + */ +@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level( + ========================================================== + */ + +-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) +-{ +- (void)pi; +- (void)msg; +-} +- + static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + { + opj_pi_comp_t *comp = NULL; +@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + /* include should be resized when a POC arises, or */ + /* the POC should be rejected */ + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_cprl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet + + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + const opj_cp_t *cp, +- OPJ_UINT32 tileno) ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager) + { + /* loop*/ + OPJ_UINT32 pino, compno; +@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create + l_current_pi = l_pi; + for (pino = 0; pino < l_poc_bound ; ++pino) { + ++ l_current_pi->manager = manager; ++ + l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, + sizeof(opj_pi_comp_t)); + if (! l_current_pi->comps) { +@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level( + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + opj_cp_t *p_cp, +- OPJ_UINT32 p_tile_no) ++ OPJ_UINT32 p_tile_no, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode( + } + + /* memory allocation for pi */ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode( + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + opj_cp_t *p_cp, + OPJ_UINT32 p_tile_no, +- J2K_T2_MODE p_t2_mode) ++ J2K_T2_MODE p_t2_mode, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc + } + + /* memory allocation for pi*/ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +--- a/src/lib/openjp2/pi.h ++++ b/src/lib/openjp2/pi.h +@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { + OPJ_INT32 x, y; + /** FIXME DOC*/ + OPJ_UINT32 dx, dy; ++ /** event manager */ ++ opj_event_mgr_t* manager; + } opj_pi_iterator_t; + + /** @name Exported functions */ +@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { + * @param cp the coding parameters. + * @param tileno index of the tile being encoded. + * @param t2_mode the type of pass for generating the packet iterator ++ * @param manager Event manager + * + * @return a list of packet iterator that points to the first packet of the tile (not true). + */ + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, + opj_cp_t *cp, + OPJ_UINT32 tileno, +- J2K_T2_MODE t2_mode); ++ J2K_T2_MODE t2_mode, ++ opj_event_mgr_t* manager); + + /** + * Updates the encoding parameters of the codec. +@@ -161,12 +165,14 @@ Create a packet iterator for Decoder + @param image Raw image for which the packets will be listed + @param cp Coding parameters + @param tileno Number that identifies the tile for which to list the packets ++@param manager Event manager + @return Returns a packet iterator that points to the first packet of the tile + @see opj_pi_destroy + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, + opj_cp_t * cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * Destroys a packet iterator array. + * +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* + l_image->numcomps : 1; + OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; + +- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); ++ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } +@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t + #endif + + /* create a packet iterator */ +- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); ++ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch new file mode 100644 index 0000000000..6984aa8602 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27842.patch @@ -0,0 +1,31 @@ +From fbd30b064f8f9607d500437b6fedc41431fd6cdc Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 1 Dec 2020 19:51:35 +0100 +Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1294, + but likely not the proper fix + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27842 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/t2.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + opj_tgt_reset(prc->incltree); + opj_tgt_reset(prc->imsbtree); diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch new file mode 100644 index 0000000000..53c86ea5e4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27843.patch @@ -0,0 +1,31 @@ +From 38d661a3897052c7ff0b39b30c29cb067e130121 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Wed, 2 Dec 2020 13:13:26 +0100 +Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1297, + but likely not the proper fix + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27843 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/t2.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + l_nb_blocks = prc->cw * prc->ch; + cblk = prc->cblks.enc; diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch new file mode 100644 index 0000000000..a1aa49a217 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch @@ -0,0 +1,74 @@ +From 8f5aff1dff510a964d3901d0fba281abec98ab63 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Fri, 4 Dec 2020 20:45:25 +0100 +Subject: [PATCH] pi.c: avoid out of bounds access with POC (fixes #1302) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz] +CVE: CVE-2020-27845 +Signed-off-by: Virendra Thakur +--- + src/lib/openjp2/pi.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_lrcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rlcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rpcl(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + goto LABEL_SKIP; + } else { +@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ "opj_pi_next_pcrl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + +@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_cprl(): invalid compno0/compno1"); ++ "opj_pi_next_cprl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + diff --git a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb index 2fdcec0ec2..218dc911fe 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb @@ -8,8 +8,21 @@ DEPENDS = "libpng tiff lcms zlib" SRC_URI = " \ git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \ file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ + file://CVE-2019-12973-1.patch \ + file://CVE-2019-12973-2.patch \ file://CVE-2020-6851.patch \ file://CVE-2020-8112.patch \ + file://CVE-2020-15389.patch \ + file://CVE-2020-27814-1.patch \ + file://CVE-2020-27814-2.patch \ + file://CVE-2020-27814-3.patch \ + file://CVE-2020-27814-4.patch \ + file://CVE-2020-27823.patch \ + file://CVE-2020-27824.patch \ + file://CVE-2020-27841.patch \ + file://CVE-2020-27842.patch \ + file://CVE-2020-27843.patch \ + file://CVE-2020-27845.patch \ " SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-graphics/spir/spirv-tools_git.bb b/meta-openembedded/meta-oe/recipes-graphics/spir/spirv-tools_git.bb index ec68edf098..a76c97ad60 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/spir/spirv-tools_git.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/spir/spirv-tools_git.bb @@ -12,7 +12,7 @@ SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;name=spirv-tools;branch git://github.com/KhronosGroup/SPIRV-Headers.git;name=spirv-headers;destsuffix=${DEST_DIR}/spirv-headers;branch=master;protocol=https \ git://github.com/google/effcee.git;name=effcee;destsuffix=${DEST_DIR}/effcee;branch=master;protocol=https \ git://github.com/google/re2.git;name=re2;destsuffix=${DEST_DIR}/re2;branch=master;protocol=https \ - git://github.com/google/googletest.git;name=googletest;destsuffix=${DEST_DIR}/googletest;branch=master;protocol=https \ + git://github.com/google/googletest.git;name=googletest;destsuffix=${DEST_DIR}/googletest;branch=main;protocol=https \ file://0001-Respect-CMAKE_INSTALL_LIBDIR-in-installed-CMake-file.patch \ file://0001-Avoid-pessimizing-std-move-3124.patch \ " diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb index b77604797d..692a5f0d6e 100644 --- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb @@ -5,7 +5,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -PV = "1.16.0+gitr${SRCPV}" +PV = "1.16.1+gitr${SRCPV}" SRC_URI = "\ git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ diff --git a/meta-openembedded/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb b/meta-openembedded/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb index 26a5d4a4d2..21f51ff155 100644 --- a/meta-openembedded/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb +++ b/meta-openembedded/meta-oe/recipes-support/imagemagick/imagemagick_7.0.9.bb @@ -10,7 +10,7 @@ DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" BASE_PV := "${PV}" PV .= "_13" -SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=master;protocol=https" +SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https" SRCREV = "15b935d64f613b5a0fc9d3fead5c6ec1b0e3908f" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb index 3cff3b90e5..90cfd7d202 100644 --- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb +++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb @@ -29,7 +29,7 @@ DEPENDS = "libdevmapper \ LICENSE = "GPLv2" -SRC_URI = "git://git.opensvc.com/multipath-tools/.git;protocol=http;branch=master \ +SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=master \ file://multipathd.oe \ file://multipath.conf.example \ file://0021-RH-fixup-udev-rules-for-redhat.patch \ diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch new file mode 100644 index 0000000000..cccb73187d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2022-22747.patch @@ -0,0 +1,63 @@ +# HG changeset patch +# User John M. Schanck +# Date 1633990165 0 +# Node ID 7ff99e71f3e37faed12bc3cc90a3eed27e3418d0 +# Parent f80fafd04cf82b4d315c8fe42bb4639703f6ee4f +Bug 1735028 - check for missing signedData field r=keeler + +Differential Revision: https://phabricator.services.mozilla.com/D128112 + +Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/raw-rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0] +CVE: CVE-2022-22747 +Signed-off-by: Ranjitsinh Rathod + +diff --git a/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/nss/gtests/certdb_gtest/decode_certs_unittest.cc +--- a/nss/gtests/certdb_gtest/decode_certs_unittest.cc ++++ b/nss/gtests/certdb_gtest/decode_certs_unittest.cc +@@ -21,8 +21,21 @@ TEST_F(DecodeCertsTest, EmptyCertPackage + unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + 0x05, 0xa0, 0x02, 0x30, 0x00}; + EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage( + reinterpret_cast(emptyCertPackage), + sizeof(emptyCertPackage))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); + } ++ ++TEST_F(DecodeCertsTest, EmptySignedData) { ++ // This represents a PKCS#7 ContentInfo of contentType ++ // 1.2.840.113549.1.7.2 (signedData) with missing content. ++ unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, ++ 0x02, 0x00, 0x00, 0x05, 0x00}; ++ ++ EXPECT_EQ(nullptr, ++ CERT_DecodeCertFromPackage(reinterpret_cast(emptySignedData), ++ sizeof(emptySignedData))); ++ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); ++} +diff --git a/nss/lib/pkcs7/certread.c b/nss/lib/pkcs7/certread.c +--- a/nss/lib/pkcs7/certread.c ++++ b/nss/lib/pkcs7/certread.c +@@ -134,16 +134,21 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, C + pkcs7Item) != SECSuccess) { + goto done; + } + + if (GetContentTypeTag(&contentInfo) != SEC_OID_PKCS7_SIGNED_DATA) { + goto done; + } + ++ if (contentInfo.content.signedData == NULL) { ++ PORT_SetError(SEC_ERROR_BAD_DER); ++ goto done; ++ } ++ + rv = SECSuccess; + + certs = contentInfo.content.signedData->certificates; + if (certs) { + count = 0; + + while (*certs) { + count++; diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb index f03473b1a0..8b59f7ea8f 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -40,6 +40,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://CVE-2020-12403_1.patch \ file://CVE-2020-12403_2.patch \ file://CVE-2021-43527.patch \ + file://CVE-2022-22747.patch \ " SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" diff --git a/meta-openembedded/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch new file mode 100644 index 0000000000..0189833b49 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch @@ -0,0 +1,63 @@ +From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001 +From: Emilio Pozuelo Monfort +Date: Fri, 5 Nov 2021 09:29:13 +0100 +Subject: [PATCH] udisks2 security update + +mount options: Always use errors=remount-ro for ext filesystems + +Stefan Walter found that udisks2, a service to access and manipulate +storage devices, could cause denial of service via system crash if a +corrupted or specially crafted ext2/3/4 device or image was mounted, +which could happen automatically on certain environments. + +For Debian 9 stretch, this problem has been fixed in version +2.1.8-1+deb9u1. + +Default mount options are focused primarily on data safety, mounting +damaged ext2/3/4 filesystem as readonly would indicate something's wrong. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz] +CVE: CVE-2021-3802 + +Signed-off-by: Virendra Thakur + +--- + src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c +index a5a3898c..eac8cab3 100644 +--- a/src/udiskslinuxfilesystem.c ++++ b/src/udiskslinuxfilesystem.c +@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", " + static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL }; + static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL }; + ++/* ---------------------- ext2 -------------------- */ ++ ++static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext2_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext3 -------------------- */ ++ ++static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext3_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext4 -------------------- */ ++ ++static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext4_allow[] = { "errors=remount-ro", NULL }; ++ + /* ------------------------------------------------ */ + /* TODO: support context= */ + +@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] = + { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self }, + { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self }, + { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self }, ++ { "ext2", ext2_defaults, ext2_allow, NULL, NULL }, ++ { "ext3", ext3_defaults, ext3_allow, NULL, NULL }, ++ { "ext4", ext4_defaults, ext4_allow, NULL, NULL }, + }; + + /* ------------------------------------------------ */ diff --git a/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_git.bb b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_git.bb index c4d0fa75ee..58c8a9899a 100644 --- a/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_git.bb +++ b/meta-openembedded/meta-oe/recipes-support/udisks/udisks2_git.bb @@ -18,6 +18,7 @@ RDEPENDS_${PN} = "acl" SRC_URI = " \ git://github.com/storaged-project/udisks.git;branch=master;protocol=https \ + file://CVE-2021-3802.patch \ " PV = "2.8.4+git${SRCREV}" SRCREV = "db5f487345da2eaa87976450ea51c2c465d9b82e" diff --git a/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb index 898f23fafb..35fe1bed00 100644 --- a/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb +++ b/meta-openembedded/meta-oe/recipes-test/googletest/googletest_git.bb @@ -11,7 +11,7 @@ PROVIDES += "gmock gtest" S = "${WORKDIR}/git" SRCREV = "703bd9caab50b139428cea1aaff9974ebee5742e" -SRC_URI = "git://github.com/google/googletest.git;branch=master;protocol=https" +SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https" inherit cmake diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-26137.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-26137.patch new file mode 100644 index 0000000000..3cc8bcd02a --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-26137.patch @@ -0,0 +1,72 @@ +From 1dd69c5c5982fae7c87a620d487c2ebf7a6b436b Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Mon, 17 Feb 2020 15:34:48 -0600 +Subject: [PATCH] Raise ValueError if method contains control characters + (#1800) + +CVE: CVE-2020-26137 +Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b.patch] +Signed-off-by: Nikhil R +Signed-off-by: Ranjitsinh Rathod +Comment: Removed one hunk in CHANGES.rst and refresh other to remove +patch fuzz warnings + +--- + src/urllib3/connection.py | 14 ++++++++++++++ + test/with_dummyserver/test_connectionpool.py | 6 ++++++ + 2 files changed, 20 insertions(+) + +diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py +index 71e6790b1b..f7b1760938 100644 +--- a/src/urllib3/connection.py ++++ b/src/urllib3/connection.py +@@ -1,4 +1,5 @@ + from __future__ import absolute_import ++import re + import datetime + import logging + import os +@@ -58,6 +59,8 @@ port_by_scheme = {"http": 80, "https": 443} + # (ie test_recent_date is failing) update it to ~6 months before the current date. + RECENT_DATE = datetime.date(2019, 1, 1) + ++_CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]") ++ + + class DummyConnection(object): + """Used to detect a failed ConnectionCls import.""" +@@ -184,6 +187,17 @@ class HTTPConnection(_HTTPConnection, object): + conn = self._new_conn() + self._prepare_conn(conn) + ++ def putrequest(self, method, url, *args, **kwargs): ++ """Send a request to the server""" ++ match = _CONTAINS_CONTROL_CHAR_RE.search(method) ++ if match: ++ raise ValueError( ++ "Method cannot contain non-token characters %r (found at least %r)" ++ % (method, match.group()) ++ ) ++ ++ return _HTTPConnection.putrequest(self, method, url, *args, **kwargs) ++ + def request_chunked(self, method, url, body=None, headers=None): + """ + Alternative to the common request method, which sends the +diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py +index 57f0dbd2f4..79cbd27185 100644 +--- a/test/with_dummyserver/test_connectionpool.py ++++ b/test/with_dummyserver/test_connectionpool.py +@@ -677,6 +677,12 @@ class TestConnectionPool(HTTPDummyServerTestCase): + with pytest.raises(MaxRetryError): + pool.request("GET", "/test", retries=2) + ++ @pytest.mark.parametrize("char", [" ", "\r", "\n", "\x00"]) ++ def test_invalid_method_not_allowed(self, char): ++ with pytest.raises(ValueError): ++ with HTTPConnectionPool(self.host, self.port) as pool: ++ pool.request("GET" + char, "/") ++ + def test_percent_encode_invalid_target_chars(self): + with HTTPConnectionPool(self.host, self.port) as pool: + r = pool.request("GET", "/echo_params?q=\r&k=\n \n") diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2021-33503.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2021-33503.patch new file mode 100644 index 0000000000..838add9555 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3/CVE-2021-33503.patch @@ -0,0 +1,67 @@ +From 2d4a3fee6de2fa45eb82169361918f759269b4ec Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Wed, 26 May 2021 10:43:12 -0500 +Subject: [PATCH] Improve performance of sub-authority splitting in URL + +CVE: CVE-2021-33503 +Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec.patch] +Signed-off-by: Nikhil R +Signed-off-by: Ranjitsinh Rathod +Comment: Refresh hunks to remove patch fuzz warnings + +--- + src/urllib3/util/url.py | 8 +++++--- + test/test_util.py | 10 ++++++++++ + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py +index 6ff238fe3c..81a03da9e3 100644 +--- a/src/urllib3/util/url.py ++++ b/src/urllib3/util/url.py +@@ -63,12 +63,12 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$") + BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$") + ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$") + +-SUBAUTHORITY_PAT = (u"^(?:(.*)@)?(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( ++_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( + REG_NAME_PAT, + IPV4_PAT, + IPV6_ADDRZ_PAT, + ) +-SUBAUTHORITY_RE = re.compile(SUBAUTHORITY_PAT, re.UNICODE | re.DOTALL) ++_HOST_PORT_RE = re.compile(_HOST_PORT_PAT, re.UNICODE | re.DOTALL) + + UNRESERVED_CHARS = set( + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~" +@@ -368,7 +368,9 @@ def parse_url(url): + scheme = scheme.lower() + + if authority: +- auth, host, port = SUBAUTHORITY_RE.match(authority).groups() ++ auth, _, host_port = authority.rpartition("@") ++ auth = auth or None ++ host, port = _HOST_PORT_RE.match(host_port).groups() + if auth and normalize_uri: + auth = _encode_invalid_chars(auth, USERINFO_CHARS) + if port == "": +diff --git a/test/test_util.py b/test/test_util.py +index a5b68a084b..88409e2d6c 100644 +--- a/test/test_util.py ++++ b/test/test_util.py +@@ -425,6 +425,16 @@ class TestUtil(object): + query="%0D%0ASET%20test%20failure12%0D%0A:8080/test/?test=a", + ), + ), ++ # Tons of '@' causing backtracking ++ ("https://" + ("@" * 10000) + "[", False), ++ ( ++ "https://user:" + ("@" * 10000) + "example.com", ++ Url( ++ scheme="https", ++ auth="user:" + ("%40" * 9999), ++ host="example.com", ++ ), ++ ), + ] + + @pytest.mark.parametrize("url, expected_url", url_vulnerabilities) diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb index 8d987a1f30..73399d9439 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-urllib3_1.25.7.bb @@ -8,8 +8,10 @@ SRC_URI[sha256sum] = "f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e4 inherit pypi setuptools3 -SRC_URI += "file://CVE-2020-7212.patch" - +SRC_URI += "file://CVE-2020-7212.patch \ + file://CVE-2020-26137.patch \ + file://CVE-2021-33503.patch \ + " RDEPENDS_${PN} += "\ ${PYTHON_PN}-certifi \ ${PYTHON_PN}-cryptography \ diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch index 6c0286457c..50775be533 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-configure-use-pkg-config-for-PCRE-detection.patch @@ -1,44 +1,43 @@ -From d2cedfa3394365689a3f7c8cfe8e0dd56b29bed9 Mon Sep 17 00:00:00 2001 +From ba9015386cbc044e111d7c266f13e2be045e4bf1 Mon Sep 17 00:00:00 2001 From: Koen Kooi Date: Tue, 17 Jun 2014 09:10:57 +0200 Subject: [PATCH] configure: use pkg-config for PCRE detection -Upstream-Status: Pending +Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Koen Kooi --- - configure.in | 27 +++++---------------------- - 1 file changed, 5 insertions(+), 22 deletions(-) + configure.in | 26 +++++--------------------- + 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/configure.in b/configure.in -index 9feaceb..dc6ea15 100644 +index 38c1d0a..c799aec 100644 --- a/configure.in +++ b/configure.in -@@ -215,28 +215,11 @@ fi - AC_ARG_WITH(pcre, - APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) +@@ -221,27 +221,11 @@ else if which $with_pcre 2>/dev/null; then :; else + fi + fi --AC_PATH_PROG(PCRE_CONFIG, pcre-config, false) --if test -d "$with_pcre" && test -x "$with_pcre/bin/pcre-config"; then -- PCRE_CONFIG=$with_pcre/bin/pcre-config --elif test -x "$with_pcre"; then -- PCRE_CONFIG=$with_pcre --fi +-AC_CHECK_TARGET_TOOLS(PCRE_CONFIG, [pcre2-config pcre-config], +- [`which $with_pcre 2>/dev/null`], $with_pcre) - --if test "$PCRE_CONFIG" != "false"; then +-if test "x$PCRE_CONFIG" != "x"; then - if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else -- AC_MSG_ERROR([Did not find pcre-config script at $PCRE_CONFIG]) +- AC_MSG_ERROR([Did not find working script at $PCRE_CONFIG]) - fi - case `$PCRE_CONFIG --version` in +- [1[0-9].*]) +- AC_DEFINE(HAVE_PCRE2, 1, [Detected PCRE2]) +- ;; - [[1-5].*]) - AC_MSG_ERROR([Need at least pcre version 6.0]) - ;; - esac - AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG]) - APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`]) -- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`]) +- APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs8 2>/dev/null || $PCRE_CONFIG --libs`]) -else -- AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/]) +- AC_MSG_ERROR([pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/]) -fi +PKG_CHECK_MODULES([PCRE], [libpcre], [ + AC_DEFINE([HAVE_PCRE], [1], [Define if you have PCRE library]) @@ -49,5 +48,5 @@ index 9feaceb..dc6ea15 100644 AC_MSG_NOTICE([]) -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch deleted file mode 100644 index bdedd146c2..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0001-support-apxs.in-force-destdir-to-be-empty-string.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 705c0a7e9d9c1e64ee09fc0b54f6b5a4e27de1ca Mon Sep 17 00:00:00 2001 -From: Trevor Gamblin -Date: Fri, 17 Apr 2020 06:31:35 -0700 -Subject: [PATCH] support/apxs.in: force destdir to be empty string - -If destdir is assigned to anything other than the empty string, the -search path for apache2 config files is appended to itself, and -related packages like apache-websocket will be unable to locate them: - -| cannot open -/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: -No such file or directory at -/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs -line 213. - -Ensure that it is always the empty string so that apache-websocket -is able to find the required config files. - -Upstream-Status: Inappropriate (embedded-specific) - -Signed-off-by: Trevor Gamblin ---- - support/apxs.in | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/support/apxs.in b/support/apxs.in -index 65e1288527..9d96e33728 100644 ---- a/support/apxs.in -+++ b/support/apxs.in -@@ -28,10 +28,12 @@ package apxs; - # is the empty string. - - my $destdir = ""; --my $ddi = rindex($0, "@exp_bindir@"); --if ($ddi >= 0) { -- $destdir = substr($0, 0, $ddi); --} -+# Comment out assignment of destdir so that it doesn't affect bitbake -+# cross-compilation setup -+#my $ddi = rindex($0, "@exp_bindir@"); -+#if ($ddi >= 0) { -+# $destdir = substr($0, 0, $ddi); -+#} - - my %config_vars = (); - --- -2.17.1 - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch index 85fe6ae4bd..bbe8b325b5 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch @@ -1,8 +1,8 @@ -From 7df207ad4d0dcda2ad36e5642296e0dec7e13647 Mon Sep 17 00:00:00 2001 +From 5074ab3425e5f1e01fd9cfa2d9b7300ea1b3f38f Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Tue, 17 Jul 2012 11:27:39 +0100 -Subject: [PATCH] apache2: bump up the core size limit if CoreDumpDirectory - is configured +Subject: [PATCH] apache2: bump up the core size limit if CoreDumpDirectory is + configured Bump up the core size limit if CoreDumpDirectory is configured. @@ -11,16 +11,15 @@ Upstream-Status: Pending Note: upstreaming was discussed but there are competing desires; there are portability oddities here too. - --- server/core.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/server/core.c b/server/core.c -index eacb54f..7aa841f 100644 +index 090e397..3020090 100644 --- a/server/core.c +++ b/server/core.c -@@ -4965,6 +4965,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5107,6 +5107,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, apr_pool_cleanup_null); @@ -47,5 +46,5 @@ index eacb54f..7aa841f 100644 } -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch index 081a02baa3..adb728ba31 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch @@ -1,8 +1,8 @@ -From ddd560024a6d526187fd126f306b59533ca3f7e2 Mon Sep 17 00:00:00 2001 +From 9c03ed909b8da0e1a288f53fda535a3f15bcf791 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Tue, 17 Jul 2012 11:27:39 +0100 -Subject: [PATCH] apache2: do not export apr/apr-util symbols when using - shared libapr +Subject: [PATCH] apache2: do not export apr/apr-util symbols when using shared + libapr There is no need to "suck in" the apr/apr-util symbols when using a shared libapr{,util}, it just bloats the symbol table; so don't. @@ -10,13 +10,12 @@ a shared libapr{,util}, it just bloats the symbol table; so don't. Upstream-Status: Pending Note: EXPORT_DIRS change is conditional on using shared apr - --- server/Makefile.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/Makefile.in b/server/Makefile.in -index 1fa3344..f635d76 100644 +index 8111877..8c0c396 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -60,9 +60,6 @@ export_files: @@ -30,5 +29,5 @@ index 1fa3344..f635d76 100644 exports.c: export_files -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch index 78a04d9af4..5d82919685 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch @@ -1,4 +1,4 @@ -From dfa834ebd449df299f54e98f0fb3a7bb4008fb03 Mon Sep 17 00:00:00 2001 +From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Tue, 17 Jul 2012 11:27:39 +0100 Subject: [PATCH] Log the SELinux context at startup. @@ -8,17 +8,16 @@ Log the SELinux context at startup. Upstream-Status: Inappropriate [other] Note: unlikely to be any interest in this upstream - --- configure.in | 5 +++++ server/core.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/configure.in b/configure.in -index dc6ea15..caa6f54 100644 +index c799aec..76811e7 100644 --- a/configure.in +++ b/configure.in -@@ -466,6 +466,11 @@ getloadavg +@@ -491,6 +491,11 @@ getloadavg dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -31,10 +30,10 @@ index dc6ea15..caa6f54 100644 [AC_TRY_RUN(#define _GNU_SOURCE #include diff --git a/server/core.c b/server/core.c -index 7aa841f..79f34db 100644 +index 3020090..8fef5fd 100644 --- a/server/core.c +++ b/server/core.c -@@ -59,6 +59,10 @@ +@@ -65,6 +65,10 @@ #include #endif @@ -45,7 +44,7 @@ index 7aa841f..79f34db 100644 /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -4984,6 +4988,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif @@ -75,5 +74,5 @@ index 7aa841f..79f34db 100644 } -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch index 47320a9ee5..7b4a1b932b 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0005-replace-lynx-to-curl-in-apachectl-script.patch @@ -1,4 +1,4 @@ -From 7db1b650bb4b01a5194a34cd7573f915656a595b Mon Sep 17 00:00:00 2001 +From e59aab44a28c654e518080693d573ca472ca5a08 Mon Sep 17 00:00:00 2001 From: Yulong Pei Date: Thu, 1 Sep 2011 01:03:14 +0800 Subject: [PATCH] replace lynx to curl in apachectl script @@ -48,5 +48,5 @@ index 3281c2e..6ab4ba5 100644 *) $HTTPD "$@" -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch index 227d04064b..dbaf01d2c5 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0006-apache2-fix-the-race-issue-of-parallel-installation.patch @@ -1,4 +1,4 @@ -From 4f4d7d6b88b6e440263ebeb22dfb40c52bb30fd8 Mon Sep 17 00:00:00 2001 +From fb09f1fe4525058b16b3d4edb2e3ae693154026e Mon Sep 17 00:00:00 2001 From: Zhenhua Luo Date: Fri, 25 Jan 2013 18:10:50 +0800 Subject: [PATCH] apache2: fix the race issue of parallel installation @@ -31,5 +31,5 @@ index e2d5bb6..dde5ae0 100755 pathcomp="$pathcomp/" done -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch index fed6b5010b..3ff6894409 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0007-apache2-allow-to-disable-selinux-support.patch @@ -1,4 +1,4 @@ -From 964ef2c1af74984602f46e7db938d3b95b148385 Mon Sep 17 00:00:00 2001 +From 0686564f64130f230870db8b4846973e3edbd646 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Mon, 1 Dec 2014 02:08:27 -0500 Subject: [PATCH] apache2: allow to disable selinux support @@ -11,10 +11,10 @@ Signed-off-by: Wenzong Fan 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in -index caa6f54..eab2090 100644 +index 76811e7..4df3ff3 100644 --- a/configure.in +++ b/configure.in -@@ -466,10 +466,16 @@ getloadavg +@@ -491,10 +491,16 @@ getloadavg dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -36,5 +36,5 @@ index caa6f54..eab2090 100644 AC_CACHE_CHECK([for gettid()], ac_cv_gettid, [AC_TRY_RUN(#define _GNU_SOURCE -- -2.7.4 +2.25.1 diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch new file mode 100644 index 0000000000..dc5b5c88f2 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-Fix-perl-install-directory-to-usr-bin.patch @@ -0,0 +1,36 @@ +From 443d15b91d4e4979d92405610303797663f31102 Mon Sep 17 00:00:00 2001 +From: echo +Date: Tue, 28 Apr 2009 03:11:06 +0000 +Subject: [PATCH] Fix perl install directory to /usr/bin + +Upstream-Status: Inappropriate [configuration] + +Add back this patch. Without this patch, apxs's shebang will use +perl under hosttools, which can be too long for shebang, and cause +error: +bad interpreter: No such file or directory + +Signed-off-by: Changqing Li +--- + configure.in | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/configure.in b/configure.in +index 4df3ff3..4eeb609 100644 +--- a/configure.in ++++ b/configure.in +@@ -903,10 +903,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", + AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", + [Location of the MIME types config file, relative to the Apache root directory]) + +-perlbin=`$ac_aux_dir/PrintPath perl` +-if test "x$perlbin" = "x"; then +- perlbin="/replace/with/path/to/perl/interpreter" +-fi ++perlbin='/usr/bin/perl' + AC_SUBST(perlbin) + + dnl If we are running on BSD/OS, we need to use the BSD .include syntax. +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch deleted file mode 100644 index 82e9e8c35f..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0008-apache2-do-not-use-relative-path-for-gen_test_char.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b62c4cd2295c98b2ebe12641e5f01590bd96ae94 Mon Sep 17 00:00:00 2001 -From: Paul Eggleton -Date: Tue, 17 Jul 2012 11:27:39 +0100 -Subject: [PATCH] apache2: do not use relative path for gen_test_char - -Upstream-Status: Inappropriate [embedded specific] - ---- - server/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/server/Makefile.in b/server/Makefile.in -index f635d76..0d48924 100644 ---- a/server/Makefile.in -+++ b/server/Makefile.in -@@ -29,7 +29,7 @@ gen_test_char: $(gen_test_char_OBJECTS) - $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) - - test_char.h: gen_test_char -- ./gen_test_char > test_char.h -+ gen_test_char > test_char.h - - util.lo: test_char.h - --- -2.7.4 - diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch new file mode 100644 index 0000000000..d1f9bb0f43 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0009-support-apxs.in-force-destdir-to-be-empty-string.patch @@ -0,0 +1,49 @@ +From 43a4ad04e0d8771267a73f98b5918bcd10b167ec Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin +Date: Fri, 17 Apr 2020 06:31:35 -0700 +Subject: [PATCH] support/apxs.in: force destdir to be empty string + +If destdir is assigned to anything other than the empty string, the +search path for apache2 config files is appended to itself, and +related packages like apache-websocket will be unable to locate them: + +| cannot open +/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot//usr/share/apache2/build/config_vars.mk: +No such file or directory at +/ala-lpggp31/tgamblin/yocto/poky.git/build/tmp/work/core2-64-poky-linux/apache-websocket/0.1.1+gitAUTOINC+6968083264-r0/recipe-sysroot/usr/bin/crossscripts/apxs +line 213. + +Ensure that it is always the empty string so that apache-websocket +is able to find the required config files. + +Upstream-Status: Inappropriate (embedded-specific) + +Signed-off-by: Trevor Gamblin +--- + support/apxs.in | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/support/apxs.in b/support/apxs.in +index b2705fa..781f2ab 100644 +--- a/support/apxs.in ++++ b/support/apxs.in +@@ -28,10 +28,12 @@ package apxs; + # is the empty string. + + my $destdir = ""; +-my $ddi = rindex($0, "@exp_bindir@"); +-if ($ddi >= 0) { +- $destdir = substr($0, 0, $ddi); +-} ++# Comment out assignment of destdir so that it doesn't affect bitbake ++# cross-compilation setup ++#my $ddi = rindex($0, "@exp_bindir@"); ++#if ($ddi >= 0) { ++# $destdir = substr($0, 0, $ddi); ++#} + + my %config_vars = (); + +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch new file mode 100644 index 0000000000..ced8469f3a --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0010-apache2-do-not-use-relative-path-for-gen_test_char.patch @@ -0,0 +1,26 @@ +From d9993cbc33565c0acd29b0127d651dafa2a16975 Mon Sep 17 00:00:00 2001 +From: Paul Eggleton +Date: Tue, 17 Jul 2012 11:27:39 +0100 +Subject: [PATCH] apache2: do not use relative path for gen_test_char + +Upstream-Status: Inappropriate [embedded specific] +--- + server/Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/Makefile.in b/server/Makefile.in +index 8c0c396..3544f55 100644 +--- a/server/Makefile.in ++++ b/server/Makefile.in +@@ -29,7 +29,7 @@ gen_test_char: $(gen_test_char_OBJECTS) + $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) + + test_char.h: gen_test_char +- ./gen_test_char > test_char.h ++ gen_test_char > test_char.h + + util.lo: test_char.h + +-- +2.25.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch deleted file mode 100644 index 61669e3641..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/apache-configure_perlbin.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5412077c398dec74321388fe6e593a44c4c80de6 Mon Sep 17 00:00:00 2001 -From: echo -Date: Tue, 28 Apr 2009 03:11:06 +0000 -Subject: [PATCH] Fix perl install directory to /usr/bin - -Upstream-Status: Inappropriate [configuration] - -Add back this patch. Without this patch, apxs's shebang will use -perl under hosttools, which can be too long for shebang, and cause -error: -bad interpreter: No such file or directory - -Signed-off-by: Changqing Li - ---- - configure.in | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/configure.in b/configure.in -index d828512..be7bd25 100644 ---- a/configure.in -+++ b/configure.in -@@ -855,10 +855,7 @@ AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf", - AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types", - [Location of the MIME types config file, relative to the Apache root directory]) - --perlbin=`$ac_aux_dir/PrintPath perl` --if test "x$perlbin" = "x"; then -- perlbin="/replace/with/path/to/perl/interpreter" --fi -+perlbin='/usr/bin/perl' - AC_SUBST(perlbin) - - dnl If we are running on BSD/OS, we need to use the BSD .include syntax. diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb deleted file mode 100644 index d6e736d31d..0000000000 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb +++ /dev/null @@ -1,225 +0,0 @@ -DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ -extensible web server." -SUMMARY = "Apache HTTP Server" -HOMEPAGE = "http://httpd.apache.org/" -SECTION = "net" -LICENSE = "Apache-2.0" - -SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ - file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ - file://0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch \ - file://0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch \ - file://0004-apache2-log-the-SELinux-context-at-startup.patch \ - file://0005-replace-lynx-to-curl-in-apachectl-script.patch \ - file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \ - file://0007-apache2-allow-to-disable-selinux-support.patch \ - file://apache-configure_perlbin.patch \ - file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \ - " - -SRC_URI_append_class-target = " \ - file://0008-apache2-do-not-use-relative-path-for-gen_test_char.patch \ - file://init \ - file://apache2-volatile.conf \ - file://apache2.service \ - file://volatiles.04_apache2 \ - " - -LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4" - -S = "${WORKDIR}/httpd-${PV}" - -inherit autotools update-rc.d pkgconfig systemd update-alternatives - -DEPENDS = "openssl expat pcre apr apr-util apache2-native " - -CVE_PRODUCT = "http_server" - -SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" - -PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" -PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap" -PACKAGECONFIG[zlib] = "--enable-deflate,,zlib,zlib" - -CFLAGS_append = " -DPATH_MAX=4096" - -EXTRA_OECONF_class-target = "\ - --enable-layout=Debian \ - --prefix=${base_prefix} \ - --exec_prefix=${exec_prefix} \ - --includedir=${includedir}/${BPN} \ - --sysconfdir=${sysconfdir}/${BPN} \ - --datadir=${datadir}/${BPN} \ - --libdir=${libdir} \ - --libexecdir=${libexecdir}/${BPN}/modules \ - --localstatedir=${localstatedir} \ - --enable-ssl \ - --with-dbm=sdbm \ - --with-gdbm=no \ - --with-ndbm=no \ - --with-berkeley-db=no \ - --enable-info \ - --enable-rewrite \ - --enable-mpms-shared \ - ap_cv_void_ptr_lt_long=no \ - ac_cv_have_threadsafe_pollset=no \ - " - -EXTRA_OECONF_class-native = "\ - --prefix=${prefix} \ - --includedir=${includedir}/${BPN} \ - --sysconfdir=${sysconfdir}/${BPN} \ - --datadir=${datadir}/${BPN} \ - --libdir=${libdir} \ - --libexecdir=${libdir}/${BPN}/modules \ - --localstatedir=${localstatedir} \ - " - -do_configure_prepend() { - sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libexecdir}/cgi-bin:g' ${S}/config.layout -} - -do_install_append_class-target() { - install -d ${D}/${sysconfdir}/init.d - - cat ${WORKDIR}/init | \ - sed -e 's,/usr/sbin/,${sbindir}/,g' \ - -e 's,/usr/bin/,${bindir}/,g' \ - -e 's,/usr/lib/,${libdir}/,g' \ - -e 's,/etc/,${sysconfdir}/,g' \ - -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} - - chmod 755 ${D}/${sysconfdir}/init.d/${BPN} - - # Remove the goofy original files... - rm -rf ${D}/${sysconfdir}/${BPN}/original - - install -d ${D}${sysconfdir}/${BPN}/conf.d - install -d ${D}${sysconfdir}/${BPN}/modules.d - - # Ensure configuration file pulls in conf.d and modules.d - printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - - # Match with that is in init script - printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf - - # Set 'ServerName' to fix error messages when restart apache service - sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf - - sed -i 's/^ServerRoot/#ServerRoot/' ${D}/${sysconfdir}/${BPN}/httpd.conf - - sed -i -e 's,${STAGING_DIR_TARGET},,g' \ - -e 's,${DEBUG_PREFIX_MAP},,g' \ - -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \ - -e 's,${HOSTTOOLS_DIR}/,,g' \ - -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ - -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk - - sed -i -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,${DEBUG_PREFIX_MAP},,g' \ - -e 's,${RECIPE_SYSROOT},,g' \ - -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \ - -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ - -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service - elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2 - fi - - rm -rf ${D}${localstatedir} ${D}${sbindir}/envvars* - chown -R root:root ${D} -} - -do_install_append_class-native() { - install -d ${D}${bindir} ${D}${libdir} - install -m 755 server/gen_test_char ${D}${bindir} -} - -SYSROOT_PREPROCESS_FUNCS_append_class-target = " apache_sysroot_preprocess" - -apache_sysroot_preprocess() { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts} - install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts} - install -d ${SYSROOT_DESTDIR}${sbindir} - install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir} - sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs - - sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk - sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk -} - -# Implications - used by update-rc.d scripts -INITSCRIPT_NAME = "apache2" -INITSCRIPT_PARAMS = "defaults 91 20" - -SYSTEMD_SERVICE_${PN} = "apache2.service" -SYSTEMD_AUTO_ENABLE_${PN} = "enable" - -ALTERNATIVE_${PN}-doc = "htpasswd.1" -ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1" - -PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" - -CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ - ${sysconfdir}/${BPN}/magic \ - ${sysconfdir}/${BPN}/mime.types \ - ${sysconfdir}/${BPN}/extra/*" - -# We override here rather than append so that .so links are -# included in the runtime package rather than here (-dev) -# and to get build, icons, error into the -dev package -FILES_${PN}-dev = "${datadir}/${BPN}/build \ - ${datadir}/${BPN}/icons \ - ${datadir}/${BPN}/error \ - ${includedir}/${BPN} \ - ${bindir}/apxs \ - " - -# Add the manual to -doc -FILES_${PN}-doc += " ${datadir}/${BPN}/manual" - -FILES_${PN}-scripts += "${bindir}/dbmmanage" - -# Override this too - here is the default, less datadir -FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir} \ - ${sysconfdir} ${libdir}/${BPN}" - -# We want htdocs and cgi-bin to go with the binary -FILES_${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin" - -FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" - -RDEPENDS_${PN} += "openssl libgcc" -RDEPENDS_${PN}-scripts += "perl ${PN}" -RDEPENDS_${PN}-dev = "perl" - -BBCLASSEXTEND = "native" - -pkg_postinst_${PN}() { - if [ -z "$D" ]; then - if type systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - fi -} diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb new file mode 100644 index 0000000000..225f6fc4f6 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb @@ -0,0 +1,225 @@ +DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ +extensible web server." +SUMMARY = "Apache HTTP Server" +HOMEPAGE = "http://httpd.apache.org/" +SECTION = "net" +LICENSE = "Apache-2.0" + +SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ + file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ + file://0002-apache2-bump-up-the-core-size-limit-if-CoreDumpDirec.patch \ + file://0003-apache2-do-not-export-apr-apr-util-symbols-when-usin.patch \ + file://0004-apache2-log-the-SELinux-context-at-startup.patch \ + file://0005-replace-lynx-to-curl-in-apachectl-script.patch \ + file://0006-apache2-fix-the-race-issue-of-parallel-installation.patch \ + file://0007-apache2-allow-to-disable-selinux-support.patch \ + file://0008-Fix-perl-install-directory-to-usr-bin.patch \ + file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ + " + +SRC_URI:append:class-target = " \ + file://0010-apache2-do-not-use-relative-path-for-gen_test_char.patch \ + file://init \ + file://apache2-volatile.conf \ + file://apache2.service \ + file://volatiles.04_apache2 \ + " + +LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" +SRC_URI[sha256sum] = "d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63" + +S = "${WORKDIR}/httpd-${PV}" + +inherit autotools update-rc.d pkgconfig systemd update-alternatives + +DEPENDS = "openssl expat pcre apr apr-util apache2-native " + +CVE_PRODUCT = "http_server" + +SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" + +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" +PACKAGECONFIG[openldap] = "--enable-ldap --enable-authnz-ldap,--disable-ldap --disable-authnz-ldap,openldap" +PACKAGECONFIG[zlib] = "--enable-deflate,,zlib,zlib" + +CFLAGS_append = " -DPATH_MAX=4096" + +EXTRA_OECONF_class-target = "\ + --enable-layout=Debian \ + --prefix=${base_prefix} \ + --exec_prefix=${exec_prefix} \ + --includedir=${includedir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --libdir=${libdir} \ + --libexecdir=${libexecdir}/${BPN}/modules \ + --localstatedir=${localstatedir} \ + --enable-ssl \ + --with-dbm=sdbm \ + --with-gdbm=no \ + --with-ndbm=no \ + --with-berkeley-db=no \ + --enable-info \ + --enable-rewrite \ + --enable-mpms-shared \ + ap_cv_void_ptr_lt_long=no \ + ac_cv_have_threadsafe_pollset=no \ + " + +EXTRA_OECONF_class-native = "\ + --prefix=${prefix} \ + --includedir=${includedir}/${BPN} \ + --sysconfdir=${sysconfdir}/${BPN} \ + --datadir=${datadir}/${BPN} \ + --libdir=${libdir} \ + --libexecdir=${libdir}/${BPN}/modules \ + --localstatedir=${localstatedir} \ + " + +do_configure_prepend() { + sed -i -e 's:$''{prefix}/usr/lib/cgi-bin:$''{libexecdir}/cgi-bin:g' ${S}/config.layout +} + +do_install_append_class-target() { + install -d ${D}/${sysconfdir}/init.d + + cat ${WORKDIR}/init | \ + sed -e 's,/usr/sbin/,${sbindir}/,g' \ + -e 's,/usr/bin/,${bindir}/,g' \ + -e 's,/usr/lib/,${libdir}/,g' \ + -e 's,/etc/,${sysconfdir}/,g' \ + -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${BPN} + + chmod 755 ${D}/${sysconfdir}/init.d/${BPN} + + # Remove the goofy original files... + rm -rf ${D}/${sysconfdir}/${BPN}/original + + install -d ${D}${sysconfdir}/${BPN}/conf.d + install -d ${D}${sysconfdir}/${BPN}/modules.d + + # Ensure configuration file pulls in conf.d and modules.d + printf "\nIncludeOptional ${sysconfdir}/${BPN}/conf.d/*.conf" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.load" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + printf "\nIncludeOptional ${sysconfdir}/${BPN}/modules.d/*.conf\n\n" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + + # Match with that is in init script + printf "\nPidFile /run/httpd.pid" >> ${D}/${sysconfdir}/${BPN}/httpd.conf + + # Set 'ServerName' to fix error messages when restart apache service + sed -i 's/^#ServerName www.example.com/ServerName localhost/' ${D}/${sysconfdir}/${BPN}/httpd.conf + + sed -i 's/^ServerRoot/#ServerRoot/' ${D}/${sysconfdir}/${BPN}/httpd.conf + + sed -i -e 's,${STAGING_DIR_TARGET},,g' \ + -e 's,${DEBUG_PREFIX_MAP},,g' \ + -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \ + -e 's,${HOSTTOOLS_DIR}/,,g' \ + -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ + -e 's,APU_CONFIG = .*,APU_CONFIG = ,g' ${D}${datadir}/apache2/build/config_vars.mk + + sed -i -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,${DEBUG_PREFIX_MAP},,g' \ + -e 's,${RECIPE_SYSROOT},,g' \ + -e 's,-fdebug-prefix-map[^ ]*,,g; s,-fmacro-prefix-map[^ ]*,,g' \ + -e 's,APU_INCLUDEDIR = .*,APU_INCLUDEDIR = ,g' \ + -e 's,".*/configure","configure",g' ${D}${datadir}/apache2/build/config.nice + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/apache2-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/apache2.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/apache2.service + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' ${D}${systemd_unitdir}/system/apache2.service + elif ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.04_apache2 ${D}${sysconfdir}/default/volatiles/04_apache2 + fi + + rm -rf ${D}${localstatedir} ${D}${sbindir}/envvars* + chown -R root:root ${D} +} + +do_install_append_class-native() { + install -d ${D}${bindir} ${D}${libdir} + install -m 755 server/gen_test_char ${D}${bindir} +} + +SYSROOT_PREPROCESS_FUNCS_append_class-target = " apache_sysroot_preprocess" + +apache_sysroot_preprocess() { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts} + install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts} + install -d ${SYSROOT_DESTDIR}${sbindir} + install -m 755 ${D}${sbindir}/apachectl ${SYSROOT_DESTDIR}${sbindir} + sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${BPN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs + + sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^includedir = .*!includedir = ${STAGING_INCDIR}/apache2!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^CFLAGS = -I[^ ]*!CFLAGS = -I${STAGING_INCDIR}/openssl!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^EXTRA_LDFLAGS = .*!EXTRA_LDFLAGS = -L${STAGING_LIBDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!^EXTRA_INCLUDES = .*!EXTRA_INCLUDES = -I$(includedir) -I. -I${STAGING_INCDIR}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk + sed -i 's!--sysroot=[^ ]*!--sysroot=${STAGING_DIR_HOST}!' ${SYSROOT_DESTDIR}${datadir}/${BPN}/build/config_vars.mk +} + +# Implications - used by update-rc.d scripts +INITSCRIPT_NAME = "apache2" +INITSCRIPT_PARAMS = "defaults 91 20" + +SYSTEMD_SERVICE_${PN} = "apache2.service" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +ALTERNATIVE_${PN}-doc = "htpasswd.1" +ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1" + +PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/httpd.conf \ + ${sysconfdir}/${BPN}/magic \ + ${sysconfdir}/${BPN}/mime.types \ + ${sysconfdir}/${BPN}/extra/*" + +# We override here rather than append so that .so links are +# included in the runtime package rather than here (-dev) +# and to get build, icons, error into the -dev package +FILES_${PN}-dev = "${datadir}/${BPN}/build \ + ${datadir}/${BPN}/icons \ + ${datadir}/${BPN}/error \ + ${includedir}/${BPN} \ + ${bindir}/apxs \ + " + +# Add the manual to -doc +FILES_${PN}-doc += " ${datadir}/${BPN}/manual" + +FILES_${PN}-scripts += "${bindir}/dbmmanage" + +# Override this too - here is the default, less datadir +FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir} \ + ${sysconfdir} ${libdir}/${BPN}" + +# We want htdocs and cgi-bin to go with the binary +FILES_${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin" + +FILES_${PN}-dbg += "${libdir}/${BPN}/modules/.debug" + +RDEPENDS_${PN} += "openssl libgcc" +RDEPENDS_${PN}-scripts += "perl ${PN}" +RDEPENDS_${PN}-dev = "perl" + +BBCLASSEXTEND = "native" + +pkg_postinst_${PN}() { + if [ -z "$D" ]; then + if type systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch new file mode 100644 index 0000000000..45653e422e --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch @@ -0,0 +1,39 @@ +From 6511195c023bf03e0fb19a36f41f42f4edde6e88 Mon Sep 17 00:00:00 2001 +From: Ruslan Ermilov +Date: Mon, 23 Dec 2019 15:45:46 +0300 +Subject: [PATCH] Discard request body when redirecting to a URL via + error_page. + +Reported by Bert JW Regeer and Francisco Oca Gonzalez. + +Upstream-Status: Backport +CVE: CVE-2019-20372 + +Reference to upstream patch: +https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e + +Signed-off-by: Ralph Siemsen +--- + src/http/ngx_http_special_response.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c +index 4ffb2cc8..76e67058 100644 +--- a/src/http/ngx_http_special_response.c ++++ b/src/http/ngx_http_special_response.c +@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page) + return ngx_http_named_location(r, &uri); + } + ++ r->expect_tested = 1; ++ ++ if (ngx_http_discard_request_body(r) != NGX_OK) { ++ r->keepalive = 0; ++ } ++ + location = ngx_list_push(&r->headers_out.headers); + + if (location == NULL) { +-- +2.17.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb index 207642575b..09d58b8fb9 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb @@ -4,3 +4,5 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=52e384aaac868b755b93ad5535e2d075" SRC_URI[md5sum] = "45a80f75336c980d240987badc3dcf60" SRC_URI[sha256sum] = "f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b" + +SRC_URI += "file://CVE-2019-20372.patch" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch new file mode 100644 index 0000000000..3832063967 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch @@ -0,0 +1,48 @@ +From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001 +From: William Roberts +Date: Fri, 21 May 2021 12:22:31 -0500 +Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565 + +tpm2_import used a fixed AES key for the inner wrapper, which means that +a MITM attack would be able to unwrap the imported key. Even the +use of an encrypted session will not prevent this. The TPM only +encrypts the first parameter which is the fixed symmetric key. + +To fix this, ensure the key size is 16 bytes or bigger and use +OpenSSL to generate a secure random AES key. + +Fixes: #2738 + +Signed-off-by: William Roberts + +Upstream-Status: Backport +https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 +CVE: CVE-2021-3565 +Signed-off-by: Ralph Siemsen +--- + tools/tpm2_import.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c +index 6404cac..acd8ac8 100644 +--- a/tools/tpm2_import.c ++++ b/tools/tpm2_import.c +@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub, + TPM2B_DATA enc_sensitive_key = { + .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8 + }; +- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size); ++ ++ if(enc_sensitive_key.size < 16) { ++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size); ++ return tool_rc_general_error; ++ } ++ ++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size); ++ if (ossl_rc != 1) { ++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL)); ++ return tool_rc_general_error; ++ } + + /* + * Calculate the object name. diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb deleted file mode 100644 index e90dcfe6e4..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" -SECTION = "tpm" - -DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395" -SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1" -SRC_URI[sha1sum] = "d097d321237983435f05c974533ad90e6f20acef" -SRC_URI[sha384sum] = "396547f400e4f5626d7741d77ec543f312d94e6697899f4c36260d15fab3f4f971ad2c0487e6eaa2d60256f3cf68f85f" -SRC_URI[sha512sum] = "25952cf947f0acd16b1a8dbd3ac8573bce85ff970a7e24c290c4f9cd29418e77a3e48ac82c932fbd250887a9303ab301ff92db594c2fffaba47b873382444d26" - -inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb new file mode 100644 index 0000000000..39854d5121 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb @@ -0,0 +1,20 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" +SECTION = "tpm" + +DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" +SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch" + +SRC_URI[md5sum] = "48e0f58232b6a86fe4d007acf12af283" +SRC_URI[sha256sum] = "bb5d3310620e75468fe33dbd530bd73dd648c70ec707b4579c74d9f63fc82704" +SRC_URI[sha1sum] = "b2cef4d06817a6859082d50863464a858a493a63" +SRC_URI[sha384sum] = "996c33201c92bcbdbf8f11f84d25a8e2938c330fb7fb66a47eafb3c5a41fab9bcb9a769dc20226accdea2486b626bd68" +SRC_URI[sha512sum] = "bf1ba9f8a4e12c71987650b309710574cc796e78d26c5de1cae77b0e150cea0f3b3695e56415be1994c4a6ad90e8f991d5db603138933fd21c46f7b86148a9b4" + +inherit autotools pkgconfig bash-completion diff --git a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb index 47fbae49ff..5fc9ac3eef 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb @@ -29,7 +29,7 @@ inherit autotools pkgconfig useradd systemd multilib_header multilib_script CLAMAV_UID ?= "clamav" CLAMAV_GID ?= "clamav" -INSTALL_CLAMAV_CVD ?= "1" +INSTALL_CLAMAV_CVD ?= "0" CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr" CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr" @@ -45,7 +45,7 @@ PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, b PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat" +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config" EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \ --disable-mempool \ @@ -71,14 +71,6 @@ do_configure_class-native () { ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} } -do_compile_append_class-target() { - if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then - bbnote "CLAMAV creating cvd" - install -d ${S}/clamav_db - ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf - fi -} - do_install_append_class-target () { install -d ${D}/${sysconfdir} install -d ${D}/${localstatedir}/lib/clamav @@ -111,7 +103,7 @@ pkg_postinst_ontarget_${PN} () { } -PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \ +PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \ ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ @@ -155,8 +147,6 @@ FILES_${PN}-doc = "${mandir}/man/* \ ${datadir}/man/* \ ${docdir}/* " -FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat" - USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}" USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \ diff --git a/meta-security/recipes-scanners/rootkits/chkrootkit_0.53.bb b/meta-security/recipes-scanners/rootkits/chkrootkit_0.53.bb index 4536be3934..8d4b3b5175 100644 --- a/meta-security/recipes-scanners/rootkits/chkrootkit_0.53.bb +++ b/meta-security/recipes-scanners/rootkits/chkrootkit_0.53.bb @@ -5,7 +5,7 @@ SECTION = "security" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fdbe53788f7081c63387d8087273f5ff" -SRC_URI = "ftp://ftp.pangeia.com.br/pub/seg/pac/${BPN}.tar.gz" +SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz" SRC_URI[sha256sum] = "7262dae33b338976828b5d156b70d159e0043c0db43ada8dee66c97387cf45b5" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb index fd6da9ecca..bd9abcc134 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb @@ -37,9 +37,9 @@ SUMMARY_packagegroup-security-scanners = "Security scanners" RDEPENDS_packagegroup-security-scanners = "\ nikto \ checksecurity \ - ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam clamav-cvd",d)} \ + ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-freshclam",d)} \ " -RDEPENDS_packagegroup-security-scanners_remove_libc-musl = "clamav clamav-freshclam clamav-cvd" +RDEPENDS_packagegroup-security-scanners_remove_libc-musl = "clamav clamav-freshclam" SUMMARY_packagegroup-security-audit = "Security Audit tools " RDEPENDS_packagegroup-security-audit = " \ diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb index 916f1ac2a5..186c9e0b9e 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb @@ -116,10 +116,17 @@ SYSTEMD_SERVICE_${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -FILES_${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss.so" -FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" - -# The package contains symlinks that trip up insane -INSANE_SKIP_${PN} = "dev-so" - -RDEPENDS_${PN} = "bind dbus libldb libpam" +PACKAGES =+ "libsss-sudo libsss-autofs" +ALLOW_EMPTY_libsss-sudo = "1" +ALLOW_EMPTY_libsss-autofs = "1" + +FILES_${PN}-dev += "${libdir}/sssd/modules/lib*.so" +FILES_${PN} += "${base_libdir}/security/pam_sss*.so \ + ${datadir}/dbus-1/system-services/*.service \ + ${libdir}/krb5/* \ + ${libdir}/ldb/* \ + " +FILES_libsss-autofs = "${libdir}/sssd/modules/libsss_autofs.so" +FILES_libsss-sudo = "${libdir}/libsss_sudo.so" + +RDEPENDS_${PN} = "bind dbus libldb libpam libsss-sudo libsss-autofs" diff --git a/poky/bitbake/lib/bb/fetch2/__init__.py b/poky/bitbake/lib/bb/fetch2/__init__.py index dc99914cd9..3e6555bd67 100644 --- a/poky/bitbake/lib/bb/fetch2/__init__.py +++ b/poky/bitbake/lib/bb/fetch2/__init__.py @@ -562,6 +562,9 @@ def verify_checksum(ud, d, precomputed={}): checksum_expected = getattr(ud, "%s_expected" % checksum_id) + if checksum_expected == '': + checksum_expected = None + return { "id": checksum_id, "name": checksum_name, @@ -612,7 +615,7 @@ def verify_checksum(ud, d, precomputed={}): for ci in checksum_infos: if ci["expected"] and ci["expected"] != ci["data"]: - messages.append("File: '%s' has %s checksum %s when %s was " \ + messages.append("File: '%s' has %s checksum '%s' when '%s' was " \ "expected" % (ud.localpath, ci["id"], ci["data"], ci["expected"])) bad_checksum = ci["data"] diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py index 7b13576274..4bdb84ae37 100644 --- a/poky/bitbake/lib/bb/server/process.py +++ b/poky/bitbake/lib/bb/server/process.py @@ -25,6 +25,7 @@ import subprocess import errno import re import datetime +import gc import bb.server.xmlrpcserver from bb import daemonize from multiprocessing import queues @@ -221,6 +222,7 @@ class ProcessServer(multiprocessing.Process): try: print("Running command %s" % command) self.command_channel_reply.send(self.cooker.command.runCommand(command)) + print("Command Completed") except Exception as e: logger.exception('Exception in server main event loop running command %s (%s)' % (command, str(e))) @@ -670,8 +672,10 @@ class ConnectionWriter(object): def send(self, obj): obj = multiprocessing.reduction.ForkingPickler.dumps(obj) + gc.disable() with self.wlock: self.writer.send_bytes(obj) + gc.enable() def fileno(self): return self.writer.fileno() diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py index 44dc0945a0..301c468399 100644 --- a/poky/bitbake/lib/bb/tests/fetch.py +++ b/poky/bitbake/lib/bb/tests/fetch.py @@ -991,7 +991,7 @@ class FetcherNetworkTest(FetcherTest): """ Prevent regression on deeply nested submodules not being checked out properly, even though they were fetched. """ # This repository also has submodules where the module (name), path and url do not align - url = "gitsm://github.com/azure/iotedge.git;protocol=https;rev=d76e0316c6f324345d77c48a83ce836d09392699" + url = "gitsm://github.com/azure/iotedge.git;protocol=https;rev=d76e0316c6f324345d77c48a83ce836d09392699;branch=main" fetcher = bb.fetch.Fetch([url], self.d) fetcher.download() # Previous cwd has been deleted diff --git a/poky/bitbake/lib/bb/tinfoil.py b/poky/bitbake/lib/bb/tinfoil.py index ae69038952..28f1e5623f 100644 --- a/poky/bitbake/lib/bb/tinfoil.py +++ b/poky/bitbake/lib/bb/tinfoil.py @@ -448,7 +448,7 @@ class Tinfoil: self.run_actions(config_params) self.recipes_parsed = True - def run_command(self, command, *params): + def run_command(self, command, *params, handle_events=True): """ Run a command on the server (as implemented in bb.command). Note that there are two types of command - synchronous and @@ -468,7 +468,7 @@ class Tinfoil: try: result = self.server_connection.connection.runCommand(commandline) finally: - while True: + while handle_events: event = self.wait_event() if not event: break diff --git a/poky/documentation/bsp-guide/bsp.rst b/poky/documentation/bsp-guide/bsp.rst index d0275eea9a..efb5328911 100644 --- a/poky/documentation/bsp-guide/bsp.rst +++ b/poky/documentation/bsp-guide/bsp.rst @@ -166,8 +166,9 @@ section. #. *Determine the BSP Layer You Want:* The Yocto Project supports many BSPs, which are maintained in their own layers or in layers designed to contain several BSPs. To get an idea of machine support through - BSP layers, you can look at the `index of - machines <&YOCTO_RELEASE_DL_URL;/machines>`__ for the release. + BSP layers, you can look at the + :yocto_dl:`index of machines ` + for the release. #. *Optionally Clone the meta-intel BSP Layer:* If your hardware is based on current Intel CPUs and devices, you can leverage this BSP diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py index 0d61afc9da..df67a5cdf2 100644 --- a/poky/documentation/conf.py +++ b/poky/documentation/conf.py @@ -15,9 +15,27 @@ import os import sys import datetime +try: + import yaml +except ImportError: + sys.stderr.write("The Yocto Project Sphinx documentation requires PyYAML.\ + \nPlease make sure to install pyyaml python package.\n") + sys.exit(1) -current_version = "3.1.13" -bitbake_version = "1.46" +# current_version = "dev" +# bitbake_version = "" # Leave empty for development branch +# Obtain versions from poky.yaml instead +with open("poky.yaml") as data: + buff = data.read() + subst_vars = yaml.safe_load(buff) + if "DOCCONF_VERSION" not in subst_vars: + sys.stderr.write("Please set DOCCONF_VERSION in poky.yaml") + sys.exit(1) + current_version = subst_vars["DOCCONF_VERSION"] + if "BITBAKE_SERIES" not in subst_vars: + sys.stderr.write("Please set BITBAKE_SERIES in poky.yaml") + sys.exit(1) + bitbake_version = subst_vars["BITBAKE_SERIES"] # String used in sidebar version = 'Version: ' + current_version diff --git a/poky/documentation/dev-manual/dev-manual-common-tasks.rst b/poky/documentation/dev-manual/dev-manual-common-tasks.rst index d401d3b4ee..159da6a019 100644 --- a/poky/documentation/dev-manual/dev-manual-common-tasks.rst +++ b/poky/documentation/dev-manual/dev-manual-common-tasks.rst @@ -2168,7 +2168,7 @@ recipe, but which one? You can configure your build to call out the kernel recipe you want by using the :term:`PREFERRED_PROVIDER` variable. As an example, consider the -`x86-base.inc `_ +:yocto_git:`x86-base.inc ` include file, which is a machine (i.e. :term:`MACHINE`) configuration file. This include file is the reason all x86-based machines use the diff --git a/poky/documentation/overview-manual/overview-manual-development-environment.rst b/poky/documentation/overview-manual/overview-manual-development-environment.rst index 4bedd6df67..a5469d4d78 100644 --- a/poky/documentation/overview-manual/overview-manual-development-environment.rst +++ b/poky/documentation/overview-manual/overview-manual-development-environment.rst @@ -422,7 +422,7 @@ files. Git uses "branches" to organize different development efforts. For example, the ``poky`` repository has several branches that include the current "&DISTRO_NAME_NO_CAP;" branch, the "master" branch, and many branches for past Yocto Project releases. You can see all the branches -by going to https://git.yoctoproject.org/cgit.cgi/poky/ and clicking on the +by going to :yocto_git:`/cgit.cgi/poky/` and clicking on the ``[...]`` link beneath the "Branch" heading. Each of these branches represents a specific area of development. The @@ -468,7 +468,7 @@ Git uses "tags" to mark specific changes in a repository branch structure. Typically, a tag is used to mark a special point such as the final change (or commit) before a project is released. You can see the tags used with the ``poky`` Git repository by going to -https://git.yoctoproject.org/cgit.cgi/poky/ and clicking on the ``[...]`` link +:yocto_git:`/cgit.cgi/poky/` and clicking on the ``[...]`` link beneath the "Tag" heading. Some key tags for the ``poky`` repository are ``jethro-14.0.3``, diff --git a/poky/documentation/overview-manual/overview-manual-yp-intro.rst b/poky/documentation/overview-manual/overview-manual-yp-intro.rst index f1c725ac27..6dd10f2187 100644 --- a/poky/documentation/overview-manual/overview-manual-yp-intro.rst +++ b/poky/documentation/overview-manual/overview-manual-yp-intro.rst @@ -271,8 +271,8 @@ with the string ``meta-``. , but it is a commonly accepted standard in the Yocto Project community. -For example, if you were to examine the `tree -view `__ of the +For example, if you were to examine the :yocto_git:`tree +view ` of the ``poky`` repository, you will see several layers: ``meta``, ``meta-skeleton``, ``meta-selftest``, ``meta-poky``, and ``meta-yocto-bsp``. Each of these repositories represents a distinct diff --git a/poky/documentation/poky.yaml b/poky/documentation/poky.yaml index 8da5f5915d..edc23f8aa7 100644 --- a/poky/documentation/poky.yaml +++ b/poky/documentation/poky.yaml @@ -1,11 +1,13 @@ -DISTRO : "3.1.13" +DISTRO : "3.1.15" DISTRO_NAME_NO_CAP : "dunfell" DISTRO_NAME : "Dunfell" DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus" -YOCTO_DOC_VERSION : "3.1.13" +YOCTO_DOC_VERSION : "3.1.15" YOCTO_DOC_VERSION_MINUS_ONE : "3.0.4" -DISTRO_REL_TAG : "yocto-3.1.13" -POKYVERSION : "23.0.13" +DISTRO_REL_TAG : "yocto-3.1.15" +DOCCONF_VERSION : "3.1.15" +BITBAKE_SERIES : "1.46" +POKYVERSION : "23.0.15" YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;" YOCTO_DL_URL : "https://downloads.yoctoproject.org" YOCTO_AB_URL : "https://autobuilder.yoctoproject.org" diff --git a/poky/documentation/profile-manual/profile-manual-usage.rst b/poky/documentation/profile-manual/profile-manual-usage.rst index d3c020a1cf..15cf1efe1c 100644 --- a/poky/documentation/profile-manual/profile-manual-usage.rst +++ b/poky/documentation/profile-manual/profile-manual-usage.rst @@ -1169,9 +1169,8 @@ e.g. 'perf help' or 'perf help record'. However, by default Yocto doesn't install man pages, but perf invokes the man pages for most help functionality. This is a bug and is being -addressed by a Yocto bug: `Bug 3388 - perf: enable man pages for basic -'help' -functionality `__. +addressed by a Yocto bug: :yocto_bugs:`Bug 3388 - perf: enable man pages for basic +'help' functionality `. The man pages in text form, along with some other files, such as a set of examples, can be found in the 'perf' directory of the kernel tree: :: diff --git a/poky/documentation/ref-manual/ref-system-requirements.rst b/poky/documentation/ref-manual/ref-system-requirements.rst index 041f64c598..109aa60d05 100644 --- a/poky/documentation/ref-manual/ref-system-requirements.rst +++ b/poky/documentation/ref-manual/ref-system-requirements.rst @@ -59,6 +59,8 @@ distributions: - Fedora 34 +- Fedora 35 + - CentOS 7.x - Debian GNU/Linux 8.x (Jessie) @@ -73,6 +75,9 @@ distributions: - OpenSUSE Leap 15.2 +- OpenSUSE Leap 15.3 + +- AlmaLinux 8.5 .. note:: @@ -346,7 +351,7 @@ Downloading a Pre-Built ``buildtools`` Tarball Downloading and running a pre-built buildtools installer is the easiest of the two methods by which you can get these tools: -1. Locate and download the ``*.sh`` at &YOCTO_RELEASE_DL_URL;/buildtools/ +1. Locate and download the ``*.sh`` at :yocto_dl:`/releases/yocto/&DISTRO_REL_TAG;/buildtools/` 2. Execute the installation script. Here is an example for the traditional installer: diff --git a/poky/documentation/releases.rst b/poky/documentation/releases.rst index 57e4566e1b..affe63403c 100644 --- a/poky/documentation/releases.rst +++ b/poky/documentation/releases.rst @@ -39,6 +39,7 @@ Release Series 3.1 (dunfell) - :yocto_docs:`3.1.11 Documentation ` - :yocto_docs:`3.1.12 Documentation ` - :yocto_docs:`3.1.13 Documentation ` +- :yocto_docs:`3.1.14 Documentation ` ========================== Outdated Release Manuals diff --git a/poky/documentation/sphinx-static/switchers.js b/poky/documentation/sphinx-static/switchers.js index bda15485c0..1d65fa7fae 100644 --- a/poky/documentation/sphinx-static/switchers.js +++ b/poky/documentation/sphinx-static/switchers.js @@ -6,7 +6,7 @@ '3.4.1': '3.4.1', '3.3.4': '3.3.4', '3.2.4': '3.2.4', - '3.1.13': '3.1.13', + '3.1.14': '3.1.14', '3.0.4': '3.0.4', '2.7.4': '2.7.4', }; diff --git a/poky/documentation/toaster-manual/toaster-manual-reference.rst b/poky/documentation/toaster-manual/toaster-manual-reference.rst index e5e3531e83..bd3a060eee 100644 --- a/poky/documentation/toaster-manual/toaster-manual-reference.rst +++ b/poky/documentation/toaster-manual/toaster-manual-reference.rst @@ -173,13 +173,13 @@ As shipped, Toaster is configured to work with the following releases: - *Yocto Project &DISTRO; "&DISTRO_NAME;" or OpenEmbedded "&DISTRO_NAME;":* This release causes your Toaster projects to build against the head of the &DISTRO_NAME_NO_CAP; branch at - https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=&DISTRO_NAME_NO_CAP; or + :yocto_git:`/cgit/cgit.cgi/poky/log/?h=&DISTRO_NAME_NO_CAP;` or http://git.openembedded.org/openembedded-core/commit/?h=&DISTRO_NAME_NO_CAP;. - *Yocto Project "Master" or OpenEmbedded "Master":* This release causes your Toaster Projects to build against the head of the master branch, which is where active development takes place, at - https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/ or + :yocto_git:`/cgit/cgit.cgi/poky/log/` or http://git.openembedded.org/openembedded-core/log/. - *Local Yocto Project or Local OpenEmbedded:* This release causes your diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 7274657037..6ade4e07c8 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "3.1.14" +DISTRO_VERSION = "3.1.15" DISTRO_CODENAME = "dunfell" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}" @@ -39,16 +39,6 @@ DISTRO_EXTRA_RDEPENDS_append_qemux86-64 = " ${POKYQEMUDEPS}" TCLIBCAPPEND = "" -PREMIRRORS ??= "\ -bzr://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -cvs://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -git://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -gitsm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -hg://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -osc://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ -svn://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n" - SANITY_TESTED_DISTROS ?= " \ poky-2.7 \n \ poky-3.0 \n \ @@ -62,6 +52,7 @@ SANITY_TESTED_DISTROS ?= " \ fedora-32 \n \ fedora-33 \n \ fedora-34 \n \ + fedora-35 \n \ centos-7 \n \ centos-8 \n \ debian-8 \n \ @@ -70,6 +61,8 @@ SANITY_TESTED_DISTROS ?= " \ debian-11 \n \ opensuseleap-15.1 \n \ opensuseleap-15.2 \n \ + opensuseleap-15.3 \n \ + almalinux-8.5 \n \ " # add poky sanity bbclass INHERIT += "poky-sanity" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend index cd059c06c4..b2824cbb1d 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.4.bbappend @@ -7,8 +7,8 @@ KMACHINE_genericx86 ?= "common-pc" KMACHINE_genericx86-64 ?= "common-pc-64" KMACHINE_beaglebone-yocto ?= "beaglebone" -SRCREV_machine_genericx86 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" -SRCREV_machine_genericx86-64 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" +SRCREV_machine_genericx86 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_machine_genericx86-64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd" SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE_edgerouter = "edgerouter" COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION_genericx86 = "5.4.158" -LINUX_VERSION_genericx86-64 = "5.4.158" +LINUX_VERSION_genericx86 = "5.4.178" +LINUX_VERSION_genericx86-64 = "5.4.178" LINUX_VERSION_edgerouter = "5.4.58" LINUX_VERSION_beaglebone-yocto = "5.4.58" diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass index 2746996cbb..6a1a20653a 100644 --- a/poky/meta/classes/buildhistory.bbclass +++ b/poky/meta/classes/buildhistory.bbclass @@ -865,6 +865,7 @@ python buildhistory_eventhandler() { if os.path.isdir(olddir): shutil.rmtree(olddir) rootdir = e.data.getVar("BUILDHISTORY_DIR") + bb.utils.mkdirhier(rootdir) entries = [ x for x in os.listdir(rootdir) if not x.startswith('.') ] bb.utils.mkdirhier(olddir) for entry in entries: diff --git a/poky/meta/classes/cml1.bbclass b/poky/meta/classes/cml1.bbclass index 8ab240589a..46a19fce32 100644 --- a/poky/meta/classes/cml1.bbclass +++ b/poky/meta/classes/cml1.bbclass @@ -36,6 +36,14 @@ python do_menuconfig() { except OSError: mtime = 0 + # setup native pkg-config variables (kconfig scripts call pkg-config directly, cannot generically be overriden to pkg-config-native) + d.setVar("PKG_CONFIG_DIR", "${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig") + d.setVar("PKG_CONFIG_PATH", "${PKG_CONFIG_DIR}:${STAGING_DATADIR_NATIVE}/pkgconfig") + d.setVar("PKG_CONFIG_LIBDIR", "${PKG_CONFIG_DIR}") + d.setVarFlag("PKG_CONFIG_SYSROOT_DIR", "unexport", "1") + # ensure that environment variables are overwritten with this tasks 'd' values + d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR") + oe_terminal("sh -c \"make %s; if [ \\$? -ne 0 ]; then echo 'Command failed.'; printf 'Press any key to continue... '; read r; fi\"" % d.getVar('KCONFIG_CONFIG_COMMAND'), d.getVar('PN') + ' Configuration', d) diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 6eecbdbf13..75c5b92b96 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -110,7 +110,6 @@ python do_cve_check () { } addtask cve_check before do_build after do_fetch -do_cve_check[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1" @@ -143,6 +142,7 @@ python cve_check_write_rootfs_manifest () { manifest_name = d.getVar("CVE_CHECK_MANIFEST") cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") + bb.utils.mkdirhier(os.path.dirname(manifest_name)) shutil.copyfile(cve_tmp_file, manifest_name) if manifest_name and os.path.exists(manifest_name): @@ -322,7 +322,8 @@ def get_cve_info(d, cves): import sqlite3 cve_data = {} - conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) + db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") + conn = sqlite3.connect(db_file, uri=True) for cve in cves: for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): diff --git a/poky/meta/classes/mirrors.bbclass b/poky/meta/classes/mirrors.bbclass index a36236df9f..669d0cc8ff 100644 --- a/poky/meta/classes/mirrors.bbclass +++ b/poky/meta/classes/mirrors.bbclass @@ -42,6 +42,7 @@ ftp://sourceware.org/pub http://ftp.gwdg.de/pub/linux/sources.redhat.com/sourcew cvs://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ svn://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ git://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ +gitsm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ hg://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ bzr://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \ @@ -52,6 +53,7 @@ npm://.*/?.* http://downloads.yoctoproject.org/mirror/sources/ \n \ cvs://.*/.* http://sources.openembedded.org/ \n \ svn://.*/.* http://sources.openembedded.org/ \n \ git://.*/.* http://sources.openembedded.org/ \n \ +gitsm://.*/.* http://sources.openembedded.org/ \n \ hg://.*/.* http://sources.openembedded.org/ \n \ bzr://.*/.* http://sources.openembedded.org/ \n \ p4://.*/.* http://sources.openembedded.org/ \n \ diff --git a/poky/meta/classes/python3targetconfig.bbclass b/poky/meta/classes/python3targetconfig.bbclass index fc1025c207..a6e67f1bf8 100644 --- a/poky/meta/classes/python3targetconfig.bbclass +++ b/poky/meta/classes/python3targetconfig.bbclass @@ -15,3 +15,15 @@ do_compile_prepend_class-target() { do_install_prepend_class-target() { export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" } + +do_configure:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} + +do_compile:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} + +do_install:prepend:class-nativesdk() { + export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata" +} diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index 2325ee2747..37354af9d5 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -395,7 +395,7 @@ def check_connectivity(d): msg += " Please ensure your host's network is configured correctly.\n" msg += " If your ISP or network is blocking the above URL,\n" msg += " try with another domain name, for example by setting:\n" - msg += " CONNECTIVITY_CHECK_URIS = \"https://www.yoctoproject.org/\"" + msg += " CONNECTIVITY_CHECK_URIS = \"https://www.example.com/\"" msg += " You could also set BB_NO_NETWORK = \"1\" to disable network\n" msg += " access if all required sources are on local disk.\n" retval = msg diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index c2720cde92..3d6fb84d63 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -841,14 +841,18 @@ sstate_create_package () { fi chmod 0664 $TFILE # Skip if it was already created by some other process - if [ ! -e ${SSTATE_PKG} ]; then + if [ -h ${SSTATE_PKG} ] && [ ! -e ${SSTATE_PKG} ]; then + # There is a symbolic link, but it links to nothing. + # Forcefully replace it with the new file. + ln -f $TFILE ${SSTATE_PKG} || true + elif [ ! -e ${SSTATE_PKG} ]; then # Move into place using ln to attempt an atomic op. # Abort if it already exists - ln $TFILE ${SSTATE_PKG} && rm $TFILE + ln $TFILE ${SSTATE_PKG} || true else - rm $TFILE + touch ${SSTATE_PKG} 2>/dev/null || true fi - touch ${SSTATE_PKG} 2>/dev/null || true + rm $TFILE } python sstate_sign_package () { @@ -878,7 +882,7 @@ python sstate_report_unihash() { sstate_unpack_package () { tar -xvzf ${SSTATE_PKG} # update .siginfo atime on local/NFS mirror if it is a symbolic link - [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true + [ ! -h ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true # update each symbolic link instead of any referenced file touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true @@ -957,7 +961,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, localdata2 = bb.data.createCopy(localdata) srcuri = "file://" + sstatefile - localdata.setVar('SRC_URI', srcuri) + localdata2.setVar('SRC_URI', srcuri) bb.debug(2, "SState: Attempting to fetch %s" % srcuri) try: diff --git a/poky/meta/classes/uninative.bbclass b/poky/meta/classes/uninative.bbclass index 3c7ccd66f4..4412d7c567 100644 --- a/poky/meta/classes/uninative.bbclass +++ b/poky/meta/classes/uninative.bbclass @@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/ UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}" UNINATIVE_URL ?= "unset" -UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz" +UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc-${UNINATIVE_VERSION}.tar.xz" # Example checksums #UNINATIVE_CHECKSUM[aarch64] = "dead" #UNINATIVE_CHECKSUM[i686] = "dead" diff --git a/poky/meta/conf/distro/include/default-distrovars.inc b/poky/meta/conf/distro/include/default-distrovars.inc index 0240589c81..038acc1504 100644 --- a/poky/meta/conf/distro/include/default-distrovars.inc +++ b/poky/meta/conf/distro/include/default-distrovars.inc @@ -48,4 +48,4 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}" # fetch from the network (and warn you if not). To disable the test set # the variable to be empty. # Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master -CONNECTIVITY_CHECK_URIS ?= "https://www.example.com/" +CONNECTIVITY_CHECK_URIS ?= "https://yoctoproject.org/connectivity.html" diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 3165fc93b8..bfe05ce1eb 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,9 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.34" +UNINATIVE_MAXGLIBCVERSION = "2.35" +UNINATIVE_VERSION = "3.5" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.4/" -UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100" -UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376" -UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" +UNINATIVE_CHECKSUM[aarch64] ?= "6de0771bd21e0fcb5e80388e5b561a8023b24083bcbf46e056a089982aff75d7" +UNINATIVE_CHECKSUM[i686] ?= "8c8745becbfa1c341bae839c7eab56ddf17ce36c303bcd73d3b2f2f788b631c2" +UNINATIVE_CHECKSUM[x86_64] ?= "e8047a5748e6f266165da141eb6d08b23674f30e477b0e5505b6403d50fbc4b2" diff --git a/poky/meta/files/common-licenses/Spencer-94 b/poky/meta/files/common-licenses/Spencer-94 new file mode 100644 index 0000000000..75ba7f7d2e --- /dev/null +++ b/poky/meta/files/common-licenses/Spencer-94 @@ -0,0 +1,12 @@ +Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved. +This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions: + +1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. diff --git a/poky/meta/files/toolchain-shar-relocate.sh b/poky/meta/files/toolchain-shar-relocate.sh index 3ece04db0a..cee9adbf39 100644 --- a/poky/meta/files/toolchain-shar-relocate.sh +++ b/poky/meta/files/toolchain-shar-relocate.sh @@ -5,7 +5,7 @@ fi # fix dynamic loader paths in all ELF SDK binaries native_sysroot=$($SUDO_EXEC cat $env_setup_script |grep 'OECORE_NATIVE_SYSROOT='|cut -d'=' -f2|tr -d '"') -dl_path=$($SUDO_EXEC find $native_sysroot/lib -name "ld-linux*") +dl_path=$($SUDO_EXEC find $native_sysroot/lib -maxdepth 1 -name "ld-linux*") if [ "$dl_path" = "" ] ; then echo "SDK could not be set up. Relocate script unable to find ld-linux.so. Abort!" exit 1 diff --git a/poky/meta/lib/oeqa/runtime/cases/ping.py b/poky/meta/lib/oeqa/runtime/cases/ping.py index f6603f75ec..498f80d0a5 100644 --- a/poky/meta/lib/oeqa/runtime/cases/ping.py +++ b/poky/meta/lib/oeqa/runtime/cases/ping.py @@ -6,6 +6,7 @@ from subprocess import Popen, PIPE from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.oetimeout import OETimeout +from oeqa.core.exception import OEQATimeoutError class PingTest(OERuntimeTestCase): @@ -13,14 +14,17 @@ class PingTest(OERuntimeTestCase): def test_ping(self): output = '' count = 0 - while count < 5: - cmd = 'ping -c 1 %s' % self.target.ip - proc = Popen(cmd, shell=True, stdout=PIPE) - output += proc.communicate()[0].decode('utf-8') - if proc.poll() == 0: - count += 1 - else: - count = 0 + try: + while count < 5: + cmd = 'ping -c 1 %s' % self.target.ip + proc = Popen(cmd, shell=True, stdout=PIPE) + output += proc.communicate()[0].decode('utf-8') + if proc.poll() == 0: + count += 1 + else: + count = 0 + except OEQATimeoutError: + self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output)) msg = ('Expected 5 consecutive, got %d.\n' 'ping output is:\n%s' % (count,output)) self.assertEqual(count, 5, msg = msg) diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py index 4fcbe594c9..686ce7e6b9 100644 --- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py +++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py @@ -87,14 +87,14 @@ class TinfoilTests(OESelftestTestCase): with bb.tinfoil.Tinfoil() as tinfoil: tinfoil.prepare(config_only=True) - tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted']) + tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted', 'bb.command.CommandFailed', 'bb.command.CommandExit']) # Need to drain events otherwise events that were masked may still be in the queue while tinfoil.wait_event(): pass pattern = 'conf' - res = tinfoil.run_command('testCookerCommandEvent', pattern) + res = tinfoil.run_command('testCookerCommandEvent', pattern, handle_events=False) self.assertTrue(res) eventreceived = False @@ -118,7 +118,7 @@ class TinfoilTests(OESelftestTestCase): else: self.fail('Unexpected event: %s' % event) - self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server') + self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server (Matching event received: %s)' % str(eventreceived)) self.assertTrue(eventreceived, 'Did not receive FilesMatchingFound event from bitbake server') def test_setvariable_clean(self): diff --git a/poky/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch b/poky/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch new file mode 100644 index 0000000000..eaaa7effae --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch @@ -0,0 +1,39 @@ +From 0900f11def2e7fbb4880efff0cd9c9b32f1cdb86 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 3 Dec 2020 14:39:45 +0000 +Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory + +When returning from grub_mmap_iterate() the memory allocated to present +is not being released causing it to leak. + +Fixes: CID 96655 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8cb2848f9699642a698af84b12ba187cab722031] +Signed-off-by: Marta Rybczynska +--- + grub-core/mmap/mmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 7ebf32e..8bf235f 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + hook_data)) + { + grub_free (ctx.scanline_events); ++ grub_free (present); + return GRUB_ERR_NONE; + } + +@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + } + + grub_free (ctx.scanline_events); ++ grub_free (present); + return GRUB_ERR_NONE; + } + diff --git a/poky/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch b/poky/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch new file mode 100644 index 0000000000..d00821f5c3 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch @@ -0,0 +1,39 @@ +From f216a75e884ed5e4e94bf86965000dde51148f94 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 27 Nov 2020 15:10:26 +0000 +Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer + +It is always possible that grub_zalloc() could fail, so we should check for +a NULL return. Otherwise we run the risk of dereferencing a NULL pointer. + +Fixes: CID 296221 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03f2515ae0c503406f1a99a2178405049c6555db] +Signed-off-by: Marta Rybczynska +--- + grub-core/net/net.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 38f19df..7c2cdf2 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -86,8 +86,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card, + + /* Add sender to cache table. */ + if (card->link_layer_table == NULL) +- card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE +- * sizeof (card->link_layer_table[0])); ++ { ++ card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE ++ * sizeof (card->link_layer_table[0])); ++ if (card->link_layer_table == NULL) ++ return; ++ } ++ + entry = &(card->link_layer_table[card->new_ll_entry]); + entry->avail = 1; + grub_memcpy (&entry->ll_address, ll, sizeof (entry->ll_address)); diff --git a/poky/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch b/poky/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch new file mode 100644 index 0000000000..3b4633507d --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch @@ -0,0 +1,33 @@ +From 09cc0df477758b60f51fbc0da1dee2f5d54c333d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 19 Feb 2021 17:12:23 +0000 +Subject: [PATCH] net/tftp: Fix dangling memory pointer + +The static code analysis tool, Parfait, reported that the valid of +file->data was left referencing memory that was freed by the call to +grub_free(data) where data was initialized from file->data. + +To ensure that there is no unintentional access to this memory +referenced by file->data we should set the pointer to NULL. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0cb838b281a68b536a09681f9557ea6a7ac5da7a] +Signed-off-by: Marta Rybczynska +--- + grub-core/net/tftp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 7d90bf6..f76b19f 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -468,6 +468,7 @@ tftp_close (struct grub_file *file) + } + destroy_pq (data); + grub_free (data); ++ file->data = NULL; + return GRUB_ERR_NONE; + } + diff --git a/poky/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch b/poky/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch new file mode 100644 index 0000000000..933416605c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch @@ -0,0 +1,50 @@ +From 8861fa6226f7229105722ba669465e879b56ee2b Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 22 Jan 2021 12:32:41 +0000 +Subject: [PATCH] kern/parser: Fix resource leak if argc == 0 + +After processing the command-line yet arriving at the point where we are +setting argv, we are allocating memory, even if argc == 0, which makes +no sense since we never put anything into the allocated argv. + +The solution is to simply return that we've successfully processed the +arguments but that argc == 0, and also ensure that argv is NULL when +we're not allocating anything in it. + +There are only 2 callers of this function, and both are handling a zero +value in argc assuming nothing is allocated in argv. + +Fixes: CID 96680 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d06161b035dde4769199ad65aa0a587a5920012b] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/parser.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 619db31..d1cf061 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline, + int i; + + *argc = 0; ++ *argv = NULL; + do + { + if (!rd || !*rd) +@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline, + (*argc)++; + } + ++ /* If there are no args, then we're done. */ ++ if (!*argc) ++ return 0; ++ + /* Reserve memory for the return values. */ + args = grub_malloc (bp - buffer); + if (!args) diff --git a/poky/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch b/poky/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch new file mode 100644 index 0000000000..04748befc8 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch @@ -0,0 +1,235 @@ +From 16a4d739b19f8680cf93a3c8fa0ae9fc1b1c310b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: [PATCH] efi: Fix some malformed device path arithmetic errors + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d2cf823d0e31818d1b7a223daff6d5e006596543] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/efi.c | 64 +++++++++++++++++++++++++----- + grub-core/loader/efi/chainloader.c | 13 +++++- + grub-core/loader/i386/xnu.c | 9 +++-- + include/grub/efi/api.h | 14 ++++--- + 4 files changed, 79 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index ad170c7..6a38080 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -360,7 +360,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -370,9 +370,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -388,7 +394,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -404,8 +410,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -480,7 +493,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -525,7 +557,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -937,7 +969,10 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -973,5 +1008,14 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index daf8c6b..a8d7b91 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -156,9 +156,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index b7d176b..c50cb54 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index addcbfa..cf1355a 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -625,6 +625,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -633,13 +634,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff --git a/poky/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch b/poky/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch new file mode 100644 index 0000000000..9d7327cee6 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch @@ -0,0 +1,30 @@ +From d4fd0243920b71cc6e03cc0cadf23b4fe03c352f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:15:25 +0000 +Subject: [PATCH] kern/efi: Fix memory leak on failure + +Free the memory allocated to name before returning on failure. + +Fixes: CID 296222 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ed286ceba6015d37a9304f04602451c47bf195d7] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/efi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 6a38080..baeeef0 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -415,6 +415,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); ++ grub_free (name); + return NULL; + } + diff --git a/poky/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch b/poky/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch new file mode 100644 index 0000000000..d55709406b --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch @@ -0,0 +1,65 @@ +From be03a18b8767be50f16a845c389fd5ed29aae055 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 11 Dec 2020 15:03:13 +0000 +Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference + +The model of grub_efi_get_memory_map() is that if memory_map is NULL, +then the purpose is to discover how much memory should be allocated to +it for the subsequent call. + +The problem here is that with grub_efi_is_finished set to 1, there is no +check at all that the function is being called with a non-NULL memory_map. + +While this MAY be true, we shouldn't assume it. + +The solution to this is to behave as expected, and if memory_map is NULL, +then don't try to use it and allow memory_map_size to be filled in, and +return 0 as is done later in the code if the buffer is too small (or NULL). + +Additionally, drop unneeded ret = 1. + +Fixes: CID 96632 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6aee4bfd6973c714056fb7b56890b8d524e94ee1] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/mm.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index b02fab1..5afcef7 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size, + if (grub_efi_is_finished) + { + int ret = 1; +- if (*memory_map_size < finish_mmap_size) ++ ++ if (memory_map != NULL) + { +- grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); +- ret = 0; ++ if (*memory_map_size < finish_mmap_size) ++ { ++ grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); ++ ret = 0; ++ } ++ else ++ grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); + } + else + { +- grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); +- ret = 1; ++ /* ++ * Incomplete, no buffer to copy into, same as ++ * GRUB_EFI_BUFFER_TOO_SMALL below. ++ */ ++ ret = 0; + } + *memory_map_size = finish_mmap_size; + if (map_key) diff --git a/poky/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch b/poky/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch new file mode 100644 index 0000000000..74ffb559e9 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch @@ -0,0 +1,59 @@ +From 9d36bce5d516b6379ba3a0dd1a94a9c035838827 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:41:27 +0000 +Subject: [PATCH] gnulib/regexec: Resolve unused variable + +This is a really minor issue where a variable is being assigned to but +not checked before it is overwritten again. + +The reason for this issue is that we are not building with DEBUG set and +this in turn means that the assert() that reads the value of the +variable match_last is being processed out. + +The solution, move the assignment to match_last in to an ifdef DEBUG too. + +Fixes: CID 292459 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a983d36bd9178d377d2072fd4b11c635fdc404b4] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-unused-value.patch | 14 ++++++++++++++ + 2 files changed, 15 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 46c4e95..9b01152 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch + +diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch +new file mode 100644 +index 0000000..ba51f1b +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-unused-value.patch +@@ -0,0 +1,14 @@ ++--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000 +++++ b/lib/regexec.c 2020-10-21 14:32:07.961765604 +0000 ++@@ -828,7 +828,11 @@ ++ break; ++ if (__glibc_unlikely (err != REG_NOMATCH)) ++ goto free_return; +++#ifdef DEBUG +++ /* Only used for assertion below when DEBUG is set, otherwise +++ it will be over-written when we loop around. */ ++ match_last = -1; +++#endif ++ } ++ else ++ break; /* We found a match. */ diff --git a/poky/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch b/poky/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch new file mode 100644 index 0000000000..b6e3c7edbe --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch @@ -0,0 +1,53 @@ +From 2af8df02cca7fd4b584575eac304cd03fa23f5cc Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 22 Oct 2020 13:54:06 +0000 +Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure + +The code is assuming that the value of br_token.constraint was +initialized to zero when it wasn't. + +While some compilers will ensure that, not all do, so it is better to +fix this explicitly than leave it to chance. + +Fixes: CID 73749 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=75c3d3cec4f408848f575d6d5e30a95bd6313db0] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-uninit-structure.patch | 11 +++++++++++ + 2 files changed, 12 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 9b01152..9e55458 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch +diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +new file mode 100644 +index 0000000..7b4d9f6 +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +@@ -0,0 +1,11 @@ ++--- a/lib/regcomp.c 2020-10-22 13:49:06.770168928 +0000 +++++ b/lib/regcomp.c 2020-10-22 13:50:37.026528298 +0000 ++@@ -3662,7 +3662,7 @@ ++ Idx alloc = 0; ++ #endif /* not RE_ENABLE_I18N */ ++ reg_errcode_t ret; ++- re_token_t br_token; +++ re_token_t br_token = {0}; ++ bin_tree_t *tree; ++ ++ sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/poky/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch b/poky/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch new file mode 100644 index 0000000000..102a494561 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch @@ -0,0 +1,52 @@ +From eaf9da8b5f8349c51cfc89dd8e39a1a61f89790a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 28 Oct 2020 14:43:01 +0000 +Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state + +All other instances of call to __argp_failure() where there is +a dgettext() call is first checking whether state is NULL before +attempting to dereference it to get the root_argp->argp_domain. + +Fixes: CID 292436 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3a37bf120a9194c373257c70175cdb5b337bc107] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-null-state-deref.patch | 12 ++++++++++++ + 2 files changed, 13 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 9e55458..96d7e69 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch +diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch +new file mode 100644 +index 0000000..813ec09 +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/argp-help.c 2020-10-28 14:32:19.189215988 +0000 +++++ b/lib/argp-help.c 2020-10-28 14:38:21.204673940 +0000 ++@@ -145,7 +145,8 @@ ++ if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin) ++ { ++ __argp_failure (state, 0, 0, ++- dgettext (state->root_argp->argp_domain, +++ dgettext (state == NULL ? NULL +++ : state->root_argp->argp_domain, ++ "\ ++ ARGP_HELP_FMT: %s value is less than or equal to %s"), ++ "rmargin", up->name); diff --git a/poky/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/poky/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch new file mode 100644 index 0000000000..4f43fcf7d5 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch @@ -0,0 +1,53 @@ +From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:57:14 +0000 +Subject: [PATCH] gnulib/regexec: Fix possible null-dereference + +It appears to be possible that the mctx->state_log field may be NULL, +and the name of this function, clean_state_log_if_needed(), suggests +that it should be checking that it is valid to be cleaned before +assuming that it does. + +Fixes: CID 86720 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++ + 2 files changed, 13 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 96d7e69..d27d3a9 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch +diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch +new file mode 100644 +index 0000000..db6dac9 +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000 +++++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000 ++@@ -1692,6 +1692,9 @@ ++ { ++ Idx top = mctx->state_log_top; ++ +++ if (mctx->state_log == NULL) +++ return REG_NOERROR; +++ ++ if ((next_state_log_idx >= mctx->input.bufs_len ++ && mctx->input.bufs_len < mctx->input.len) ++ || (next_state_log_idx >= mctx->input.valid_len diff --git a/poky/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch b/poky/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch new file mode 100644 index 0000000000..0507e0cd66 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch @@ -0,0 +1,55 @@ +From 512b6bb380a77233b88c84b7a712896c70281d2f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 18:04:22 +0000 +Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token + +This issue has been fixed in the latest version of gnulib, so to +maintain consistency, I've backported that change rather than doing +something different. + +Fixes: CID 73828 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03477085f9a33789ba6cca7cd49ab9326a1baa0e] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++++++++++++++ + 2 files changed, 16 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index d27d3a9..ffe6829 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch +diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch +new file mode 100644 +index 0000000..02e0631 +--- /dev/null ++++ b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch +@@ -0,0 +1,15 @@ ++--- a/lib/regcomp.c 2020-11-24 17:06:08.159223858 +0000 +++++ b/lib/regcomp.c 2020-11-24 17:06:15.630253923 +0000 ++@@ -3808,11 +3808,7 @@ ++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right, ++ re_token_type_t type) ++ { ++- re_token_t t; ++-#if defined GCC_LINT || defined lint ++- memset (&t, 0, sizeof t); ++-#endif ++- t.type = type; +++ re_token_t t = { .type = type }; ++ return create_token_tree (dfa, left, right, &t); ++ } ++ diff --git a/poky/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch b/poky/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch new file mode 100644 index 0000000000..1190b0d090 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch @@ -0,0 +1,41 @@ +From c529ca446424f1a9c64f0007dfe31fa7645d13ac Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:44:10 +0000 +Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors + +These 2 assignments are unnecessary since they are just assigning +to themselves. + +Fixes: CID 73643 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=59666e520f44177c97b82a44c169b3b315d63b42] +Signed-off-by: Marta Rybczynska +--- + grub-core/io/lzopio.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c +index 3014485..a7d4425 100644 +--- a/grub-core/io/lzopio.c ++++ b/grub-core/io/lzopio.c +@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ucheck)) != + sizeof (lzopio->block.ucheck)) + return -1; +- +- lzopio->block.ucheck = lzopio->block.ucheck; + } + + /* Read checksum of compressed data. */ +@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ccheck)) != + sizeof (lzopio->block.ccheck)) + return -1; +- +- lzopio->block.ccheck = lzopio->block.ccheck; + } + } + diff --git a/poky/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch b/poky/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch new file mode 100644 index 0000000000..19d881c1ca --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch @@ -0,0 +1,34 @@ +From f55ffe6bd8b844a8cd9956702f42ac2eb96ad56f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:29:59 +0000 +Subject: [PATCH] zstd: Initialize seq_t structure fully + +While many compilers will initialize this to zero, not all will, so it +is better to be sure that fields not being explicitly set are at known +values, and there is code that checks this fields value elsewhere in the +code. + +Fixes: CID 292440 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2777cf4466719921dbe4b30af358a75e7d76f217] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/zstd/zstd_decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c +index 711b5b6..e4b5670 100644 +--- a/grub-core/lib/zstd/zstd_decompress.c ++++ b/grub-core/lib/zstd/zstd_decompress.c +@@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, ZSTD_lo_isLongOffset=1 } ZSTD_longOffset + FORCE_INLINE_TEMPLATE seq_t + ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets) + { +- seq_t seq; ++ seq_t seq = {0}; + U32 const llBits = seqState->stateLL.table[seqState->stateLL.state].nbAdditionalBits; + U32 const mlBits = seqState->stateML.table[seqState->stateML.state].nbAdditionalBits; + U32 const ofBits = seqState->stateOffb.table[seqState->stateOffb.state].nbAdditionalBits; diff --git a/poky/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch b/poky/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch new file mode 100644 index 0000000000..af9fcd45cc --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch @@ -0,0 +1,43 @@ +From 0da8ef2e03a8591586b53a29af92d2ace76a04e3 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 09:49:59 +0000 +Subject: [PATCH] kern/partition: Check for NULL before dereferencing input + string + +There is the possibility that the value of str comes from an external +source and continuing to use it before ever checking its validity is +wrong. So, needs fixing. + +Additionally, drop unneeded part initialization. + +Fixes: CID 292444 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bc9c468a2ce84bc767234eec888b71f1bc744fff] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/partition.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c +index e499147..b10a184 100644 +--- a/grub-core/kern/partition.c ++++ b/grub-core/kern/partition.c +@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap, + grub_partition_t + grub_partition_probe (struct grub_disk *disk, const char *str) + { +- grub_partition_t part = 0; ++ grub_partition_t part; + grub_partition_t curpart = 0; + grub_partition_t tail; + const char *ptr; + ++ if (str == NULL) ++ return 0; ++ + part = tail = disk->partition; + + for (ptr = str; *ptr;) diff --git a/poky/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch b/poky/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch new file mode 100644 index 0000000000..c1687c75d0 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch @@ -0,0 +1,128 @@ +From 0c5d0fd796e6cafba179321de396681a493c4158 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 7 Dec 2020 11:53:03 -0300 +Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from + make_vg() + +Several error handling paths in make_vg() do not free comp data before +jumping to fail2 label and returning from the function. This will leak +memory. So, let's fix all issues of that kind. + +Fixes: CID 73804 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=23e39f50ca7a107f6b66396ed4d177a914dee035] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 44 insertions(+), 7 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 58f8a53..428415f 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk, + comp->segments = grub_calloc (comp->segment_alloc, + sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + } + else + { +@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk, + comp->segment_count = 1; + comp->segments = grub_malloc (sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + comp->segments->start_extent = 0; + comp->segments->extent_count = lv->size; + comp->segments->layout = 0; +@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk, + comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK; + } + else +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + ptr += *ptr + 1; + ptr++; + if (!(vblk[i].flags & 0x10)) +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic) + || ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++ grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk, + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++ grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk, + comp->segments->nodes = grub_calloc (comp->segments->node_alloc, + sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + } + + if (lv->segments->node_alloc == lv->segments->node_count) +@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk, + + if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || + grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) +- goto fail2; ++ { ++ grub_free (comp->segments->nodes); ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + + t = grub_realloc (lv->segments->nodes, sz); + if (!t) +- goto fail2; ++ { ++ grub_free (comp->segments->nodes); ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + lv->segments->nodes = t; + } + lv->segments->nodes[lv->segments->node_count].pv = 0; diff --git a/poky/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch b/poky/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch new file mode 100644 index 0000000000..ecdb230f76 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch @@ -0,0 +1,28 @@ +From 253485e8df3c9dedac848567e638157530184295 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 7 Dec 2020 10:07:47 -0300 +Subject: [PATCH] disk/ldm: If failed then free vg variable too + +Fixes: CID 73809 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e0b83df5da538d2a38f770e60817b3a4b9d5b4d7] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 428415f..54713f4 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk, + { + grub_free (vg->uuid); + grub_free (vg->name); ++ grub_free (vg); + return NULL; + } + grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN); diff --git a/poky/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch b/poky/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch new file mode 100644 index 0000000000..26932f674c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch @@ -0,0 +1,50 @@ +From 3e1d2f1959acbe5152cdd5818d495f6455d1a158 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 10:00:51 +0000 +Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references + +The problem here is that the memory allocated to the variable lv is not +yet inserted into the list that is being processed at the label fail2. + +As we can already see at line 342, which correctly frees lv before going +to fail2, we should also be doing that at these earlier jumps to fail2. + +Fixes: CID 73824 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=156c281a1625dc73fd350530630c6f2d5673d4f6] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 54713f4..e82e989 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk, + lv->visible = 1; + lv->segments = grub_zalloc (sizeof (*lv->segments)); + if (!lv->segments) +- goto fail2; ++ { ++ grub_free (lv); ++ goto fail2; ++ } + lv->segments->start_extent = 0; + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; +@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk, + lv->segments->nodes = grub_calloc (lv->segments->node_alloc, + sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++ grub_free (lv); ++ goto fail2; ++ } + ptr = vblk[i].dynamic; + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) diff --git a/poky/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch b/poky/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000000..dd7fda357d --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch @@ -0,0 +1,50 @@ +From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 21 Jan 2021 11:38:31 +0000 +Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow + +The encrypt and decrypt functions expect a grub_size_t. So, we need to +ensure that the constant bit shift is using grub_size_t rather than +unsigned int when it is performing the shift. + +Fixes: CID 307788 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/cryptodisk.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index 5037768..6883f48 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_CBC: + if (do_encrypt) + err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; +@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_PCBC: + if (do_encrypt) + err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; diff --git a/poky/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch b/poky/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch new file mode 100644 index 0000000000..eb459c547f --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch @@ -0,0 +1,43 @@ +From 7c1813eeec78892fa651046cc224ae4e80d0c94d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 17:09:31 +0000 +Subject: [PATCH] hfsplus: Check that the volume name length is valid + +HFS+ documentation suggests that the maximum filename and volume name is +255 Unicode characters in length. + +So, when converting from big-endian to little-endian, we should ensure +that the name of the volume has a length that is between 0 and 255, +inclusive. + +Fixes: CID 73641 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2298f6e0d951251bb9ca97d891d1bc8b74515f8c] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/hfsplus.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index dae43be..03c3c4c 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -1007,6 +1007,15 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); ++ ++ /* Ensure that the length is >= 0. */ ++ if (label_len < 0) ++ label_len = 0; ++ ++ /* Ensure label length is at most 255 Unicode characters. */ ++ if (label_len > 255) ++ label_len = 255; ++ + label_name = grub_calloc (label_len, sizeof (*label_name)); + if (!label_name) + { diff --git a/poky/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch b/poky/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch new file mode 100644 index 0000000000..12418858f9 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch @@ -0,0 +1,42 @@ +From c757779e5d09719666c3b155afd2421978a107bd Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 16:41:49 +0000 +Subject: [PATCH] zfs: Fix possible negative shift operation + +While it is possible for the return value from zfs_log2() to be zero +(0), it is quite unlikely, given that the previous assignment to blksz +is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the +assignment to epbs. + +But, while unlikely during a normal operation, it may be that a carefully +crafted ZFS filesystem could result in a zero (0) value to the +dn_datalbkszsec field, which means that the shift left does nothing +and assigns zero (0) to blksz, resulting in a negative epbs value. + +Fixes: CID 73608 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a02091834d3e167320d8a262ff04b8e83c5e616d] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 36d0373..0c42cba 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type, + blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, + mdn->endian) << SPA_MINBLOCKSHIFT; + epbs = zfs_log2 (blksz) - DNODE_SHIFT; ++ ++ /* While this should never happen, we should check that epbs is not negative. */ ++ if (epbs < 0) ++ epbs = 0; ++ + blkid = objnum >> epbs; + idx = objnum & ((1 << epbs) - 1); + diff --git a/poky/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch b/poky/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch new file mode 100644 index 0000000000..5ded5520e9 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch @@ -0,0 +1,121 @@ +From 83fdffc07ec4586b375ab36189f255ffbd8f99c2 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 14 Dec 2020 18:54:49 -0300 +Subject: [PATCH] zfs: Fix resource leaks while constructing path + +There are several exit points in dnode_get_path() that are causing possible +memory leaks. + +In the while(1) the correct exit mechanism should not be to do a direct return, +but to instead break out of the loop, setting err first if it is not already set. + +The reason behind this is that the dnode_path is a linked list, and while doing +through this loop, it is being allocated and built up - the only way to +correctly unravel it is to traverse it, which is what is being done at the end +of the function outside of the loop. + +Several of the existing exit points correctly did a break, but not all so this +change makes that more consistent and should resolve the leaking of memory as +found by Coverity. + +Fixes: CID 73741 + +Signed-off-by: Paulo Flabiano Smorigo +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=89bdab965805e8d54d7f75349024e1a11cbe2eb8] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 0c42cba..9087a72 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS) + { +- grub_free (path_buf); +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++ break; + } + err = zap_lookup (&(dnode_path->dn), cname, &objnum, + data, subvol->case_insensitive); +@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + << SPA_MINBLOCKSHIFT); + + if (blksz == 0) +- return grub_error(GRUB_ERR_BAD_FS, "0-sized block"); ++ { ++ err = grub_error (GRUB_ERR_BAD_FS, "0-sized block"); ++ break; ++ } + + sym_value = grub_malloc (sym_sz); + if (!sym_value) +- return grub_errno; ++ { ++ err = grub_errno; ++ break; ++ } ++ + for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++) + { + void *t; +@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + if (err) + { + grub_free (sym_value); +- return err; ++ break; + } + + movesize = sym_sz - block * blksz; +@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_memcpy (sym_value + block * blksz, t, movesize); + grub_free (t); + } ++ if (err) ++ break; + free_symval = 1; + } + path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1); +@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_free (oldpathbuf); + if (free_symval) + grub_free (sym_value); +- return grub_errno; ++ err = grub_errno; ++ break; + } + grub_memcpy (path, sym_value, sym_sz); + if (free_symval) +@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + err = zio_read (bp, dnode_path->dn.endian, &sahdrp, NULL, data); + if (err) +- return err; ++ break; + } + else + { +- return grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt"); ++ err = grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt"); ++ break; + } + + hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp)); +@@ -2974,7 +2985,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + if (!path_buf) + { + grub_free (oldpathbuf); +- return grub_errno; ++ err = grub_errno; ++ break; + } + grub_memcpy (path, sym_value, sym_sz); + path [sym_sz] = 0; diff --git a/poky/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch b/poky/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch new file mode 100644 index 0000000000..8df758b41f --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch @@ -0,0 +1,56 @@ +From ec35d862f3567671048aa0d0d8ad1ded1fd25336 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 22:17:04 +0000 +Subject: [PATCH] zfs: Fix possible integer overflows + +In all cases the problem is that the value being acted upon by +a left-shift is a 32-bit number which is then being used in the +context of a 64-bit number. + +To avoid overflow we ensure that the number being shifted is 64-bit +before the shift is done. + +Fixes: CID 73684, CID 73695, CID 73764 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=302c12ff5714bc455949117c1c9548ccb324d55b] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 9087a72..b078ccc 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array, + ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array + + ((i << ub_shift) + / sizeof (grub_properly_aligned_t))); +- err = uberblock_verify (ubptr, offset, 1 << ub_shift); ++ err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift); + if (err) + { + grub_errno = GRUB_ERR_NONE; +@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + high = grub_divmod64 ((offset >> desc->ashift) + c, + desc->n_children, &devn); +- csize = bsize << desc->ashift; ++ csize = (grub_size_t) bsize << desc->ashift; + if (csize > len) + csize = len; + +@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + while (len > 0) + { +- grub_size_t csize; +- csize = ((s / (desc->n_children - desc->nparity)) ++ grub_size_t csize = s; ++ csize = ((csize / (desc->n_children - desc->nparity)) + << desc->ashift); + if (csize > len) + csize = len; diff --git a/poky/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch b/poky/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch new file mode 100644 index 0000000000..555dc19168 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch @@ -0,0 +1,35 @@ +From b085da8efda9b81f94aa197ee045226563554fdf Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:56:45 +0000 +Subject: [PATCH] zfsinfo: Correct a check for error allocating memory + +While arguably the check for grub_errno is correct, we should really be +checking the return value from the function since it is always possible +that grub_errno was set elsewhere, making this code behave incorrectly. + +Fixes: CID 73668 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7aab03418ec6a9b991aa44416cb2585aff4e7972] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfsinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c +index c8a28ac..bf29180 100644 +--- a/grub-core/fs/zfs/zfsinfo.c ++++ b/grub-core/fs/zfs/zfsinfo.c +@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc, + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + devname = grub_file_get_device_name (args[0]); +- if (grub_errno) +- return grub_errno; ++ if (devname == NULL) ++ return GRUB_ERR_OUT_OF_MEMORY; + + dev = grub_device_open (devname); + grub_free (devname); diff --git a/poky/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch b/poky/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch new file mode 100644 index 0000000000..435130516c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch @@ -0,0 +1,82 @@ +From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:48:07 +0000 +Subject: [PATCH] affs: Fix memory leaks + +The node structure reference is being allocated but not freed if it +reaches the end of the function. If any of the hooks had returned +a non-zero value, then node would have been copied in to the context +reference, but otherwise node is not stored and should be freed. + +Similarly, the call to grub_affs_create_node() replaces the allocated +memory in node with a newly allocated structure, leaking the existing +memory pointed by node. + +Finally, when dir->parent is set, then we again replace node with newly +allocated memory, which seems unnecessary when we copy in the values +from dir->parent immediately after. + +Fixes: CID 73759 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/affs.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index 220b371..230e26a 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + { + unsigned int i; + struct grub_affs_file file; +- struct grub_fshelp_node *node = 0; ++ struct grub_fshelp_node *node, *orig_node; + struct grub_affs_data *data = dir->data; + grub_uint32_t *hashtable; + + /* Create the directory entries for `.' and `..'. */ +- node = grub_zalloc (sizeof (*node)); ++ node = orig_node = grub_zalloc (sizeof (*node)); + if (!node) + return 1; + +@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + if (dir->parent) + { +- node = grub_zalloc (sizeof (*node)); +- if (!node) +- return 1; + *node = *dir->parent; + if (hook ("..", GRUB_FSHELP_DIR, node, hook_data)) + return 1; +@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + + if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable, + next, &file)) +- return 1; ++ { ++ /* Node has been replaced in function. */ ++ grub_free (orig_node); ++ return 1; ++ } + + next = grub_be_to_cpu32 (file.next); + } + } + +- grub_free (hashtable); +- return 0; +- + fail: +- grub_free (node); ++ grub_free (orig_node); + grub_free (hashtable); + return 0; + } diff --git a/poky/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch b/poky/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch new file mode 100644 index 0000000000..f500f1a296 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch @@ -0,0 +1,36 @@ +From 9b16d7bcad1c7fea7f26eb2fb3af1a5ca70ba34e Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 3 Nov 2020 16:43:37 +0000 +Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension + +The array of unsigned char gets promoted to a signed 32-bit int before +it is finally promoted to a size_t. There is the possibility that this +may result in the signed-bit being set for the intermediate signed +32-bit int. We should ensure that the promotion is to the correct type +before we bitwise-OR the values. + +Fixes: CID 96697 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e8814c811132a70f9b55418f7567378a34ad3883] +Signed-off-by: Marta Rybczynska + +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index a3435ed..7ecad27 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c ++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + if (len && len < 4) + return gcry_error (GPG_ERR_TOO_SHORT); + +- n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]); ++ n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]); + s += 4; + if (len) + len -= 4; diff --git a/poky/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch b/poky/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch new file mode 100644 index 0000000000..08299d021e --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch @@ -0,0 +1,33 @@ +From d26c8771293637b0465f2cb67d97cb58bacc62da Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:41:54 +0000 +Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference + +The code in gcry_mpi_scan() assumes that buffer is not NULL, but there +is no explicit check for that, so we add one. + +Fixes: CID 73757 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ae0f3fabeba7b393113d5dc185b6aff9b728136d] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index 7ecad27..6fe3891 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c ++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + unsigned int len; + int secure = (buffer && gcry_is_secure (buffer)); + ++ if (!buffer) ++ return gcry_error (GPG_ERR_INV_ARG); ++ + if (format == GCRYMPI_FMT_SSH) + len = 0; + else diff --git a/poky/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch b/poky/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch new file mode 100644 index 0000000000..d8c21d88f7 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch @@ -0,0 +1,43 @@ +From ea12feb69b6af93c7e2fa03df7ac3bd1f4edd599 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 15:31:53 +0000 +Subject: [PATCH] syslinux: Fix memory leak while parsing + +In syslinux_parse_real() the 2 points where return is being called +didn't release the memory stored in buf which is no longer required. + +Fixes: CID 176634 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=95bc016dba94cab3d398dd74160665915cd08ad6] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/syslinux_parse.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 4afa992..3acc6b4 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu) + && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0)) + { + if (helptext (ptr5, file, menu)) +- return 1; ++ { ++ grub_free (buf); ++ return 1; ++ } + continue; + } + +@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu) + } + fail: + grub_file_close (file); ++ grub_free (buf); + return err; + } + diff --git a/poky/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch b/poky/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch new file mode 100644 index 0000000000..8a26e5bc5b --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch @@ -0,0 +1,52 @@ +From 2367049d2021e00d82d19cee923e06a4b04ebc30 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 18:56:48 +0000 +Subject: [PATCH] normal/completion: Fix leaking of memory when processing a + completion + +It is possible for the code to reach the end of the function without +freeing the memory allocated to argv and argc still to be 0. + +We should always call grub_free(argv). The grub_free() will handle +a NULL argument correctly if it reaches that code without the memory +being allocated. + +Fixes: CID 96672 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9213575b7a95b514bce80be5964a28d407d7d56d] +Signed-off-by: Marta Rybczynska +--- + grub-core/normal/completion.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c +index 5961028..46e473c 100644 +--- a/grub-core/normal/completion.c ++++ b/grub-core/normal/completion.c +@@ -400,8 +400,8 @@ char * + grub_normal_do_completion (char *buf, int *restore, + void (*hook) (const char *, grub_completion_type_t, int)) + { +- int argc; +- char **argv; ++ int argc = 0; ++ char **argv = NULL; + + /* Initialize variables. */ + match = 0; +@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore, + + fail: + if (argc != 0) +- { +- grub_free (argv[0]); +- grub_free (argv); +- } ++ grub_free (argv[0]); ++ grub_free (argv); + grub_free (match); + grub_errno = GRUB_ERR_NONE; + diff --git a/poky/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch b/poky/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch new file mode 100644 index 0000000000..e34a19e12c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch @@ -0,0 +1,56 @@ +From b136fa14d26d1833ffcb852f86e65da5960cfb99 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 1 Dec 2020 23:41:24 +0000 +Subject: [PATCH] commands/hashsum: Fix a memory leak + +check_list() uses grub_file_getline(), which allocates a buffer. +If the hash list file contains invalid lines, the function leaks +this buffer when it returns an error. + +Fixes: CID 176635 + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3] +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/hashsum.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c +index 456ba90..b8a22b0 100644 +--- a/grub-core/commands/hashsum.c ++++ b/grub-core/commands/hashsum.c +@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + high = hextoval (*p++); + low = hextoval (*p++); + if (high < 0 || low < 0) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++ grub_free (buf); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + expected[i] = (high << 4) | low; + } + if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t')) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++ grub_free (buf); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + p += 2; + if (prefix) + { +@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + + filename = grub_xasprintf ("%s/%s", prefix, p); + if (!filename) +- return grub_errno; ++ { ++ grub_free (buf); ++ return grub_errno; ++ } + file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH + | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS + : GRUB_FILE_TYPE_NONE)); diff --git a/poky/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch b/poky/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch new file mode 100644 index 0000000000..7e4e951245 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch @@ -0,0 +1,94 @@ +From 2a1e5659763790201a342f8a897c8c9d8d91b1cc Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:14:31 +0000 +Subject: [PATCH] video/efi_gop: Remove unnecessary return value of + grub_video_gop_fill_mode_info() + +The return value of grub_video_gop_fill_mode_info() is never able to be +anything other than GRUB_ERR_NONE. So, rather than continue to return +a value and checking it each time, it is more correct to redefine the +function to not return anything and remove checks of its return value +altogether. + +Fixes: CID 96701 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fc5951d3b1616055ef81a019a5affc09d13344d0] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/efi_gop.c | 25 ++++++------------------- + 1 file changed, 6 insertions(+), 19 deletions(-) + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index 7f9d1c2..db2ee98 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, + return GRUB_ERR_NONE; + } + +-static grub_err_t ++static void + grub_video_gop_fill_mode_info (unsigned mode, + struct grub_efi_gop_mode_info *in, + struct grub_video_mode_info *out) +@@ -252,8 +252,6 @@ grub_video_gop_fill_mode_info (unsigned mode, + out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_8888; + out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED + | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); +- +- return GRUB_ERR_NONE; + } + + static int +@@ -266,7 +264,6 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_uintn_t size; + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; +- grub_err_t err; + struct grub_video_mode_info mode_info; + + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); +@@ -277,12 +274,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + continue; + } + +- err = grub_video_gop_fill_mode_info (mode, info, &mode_info); +- if (err) +- { +- grub_errno = GRUB_ERR_NONE; +- continue; +- } ++ grub_video_gop_fill_mode_info (mode, info, &mode_info); + if (hook (&mode_info, hook_arg)) + return 1; + } +@@ -466,13 +458,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + + info = gop->mode->info; + +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- &framebuffer.mode_info); +- if (err) +- { +- grub_dprintf ("video", "GOP: couldn't fill mode info\n"); +- return err; +- } ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ &framebuffer.mode_info); + + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen +@@ -486,8 +473,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); + grub_errno = 0; +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- &framebuffer.mode_info); ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ &framebuffer.mode_info); + buffer = framebuffer.ptr; + } + diff --git a/poky/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch b/poky/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000000..8165ea3f71 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch @@ -0,0 +1,78 @@ +From 99ecf5a44b99d529a6405fe276bedcefa3657a0a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 15:10:51 +0000 +Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow + +The multiplication of 2 unsigned 32-bit integers may overflow before +promotion to unsigned 64-bit. We should ensure that the multiplication +is done with overflow detection. Additionally, use grub_sub() for +subtraction. + +Fixes: CID 73640, CID 73697, CID 73702, CID 73823 + +Signed-off-by: Darren Kenny +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/fbfill.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c +index 11816d0..a37acd1 100644 +--- a/grub-core/video/fb/fbfill.c ++++ b/grub-core/video/fb/fbfill.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include + + /* Generic filler that works for every supported mode. */ +@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info *dst, + #endif + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width); ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); diff --git a/poky/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch b/poky/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch new file mode 100644 index 0000000000..544e7f31ae --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch @@ -0,0 +1,104 @@ +From 69b91f7466a5ad5fb85039a5b4118efb77ad6347 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 14:43:44 +0000 +Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows + +The calculation of the unsigned 64-bit value is being generated by +multiplying 2, signed or unsigned, 32-bit integers which may overflow +before promotion to unsigned 64-bit. Fix all of them. + +Fixes: CID 73703, CID 73767, CID 73833 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08e098b1dbf01e96376f594b337491bc4cfa48dd] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++----------- + 1 file changed, 36 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1a602c8..1c9a138 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void) + { + if (framebuffer.current_dirty.first_line + <= framebuffer.current_dirty.last_line) +- grub_memcpy ((char *) framebuffer.pages[0] +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (framebuffer.current_dirty.last_line +- - framebuffer.current_dirty.first_line)); ++ { ++ grub_size_t copy_size; ++ ++ if (grub_sub (framebuffer.current_dirty.last_line, ++ framebuffer.current_dirty.first_line, ©_size) || ++ grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, ©_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[0] + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *) framebuffer.back_target->data + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ copy_size); ++ } + framebuffer.current_dirty.first_line + = framebuffer.back_target->mode_info.height; + framebuffer.current_dirty.last_line = 0; +@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct grub_video_fbrender_target **back, + volatile void *framebuf) + { + grub_err_t err; +- grub_size_t page_size = mode_info.pitch * mode_info.height; ++ grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height; + + framebuffer.offscreen_buffer = grub_zalloc (page_size); + if (! framebuffer.offscreen_buffer) +@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void) + last_line = framebuffer.previous_dirty.last_line; + + if (first_line <= last_line) +- grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] +- + first_line * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + first_line * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (last_line - first_line)); ++ { ++ grub_size_t copy_size; ++ ++ if (grub_sub (last_line, first_line, ©_size) || ++ grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, ©_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *) framebuffer.back_target->data + first_line * ++ framebuffer.back_target->mode_info.pitch, ++ copy_size); ++ } ++ + framebuffer.previous_dirty = framebuffer.current_dirty; + framebuffer.current_dirty.first_line + = framebuffer.back_target->mode_info.height; diff --git a/poky/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch b/poky/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch new file mode 100644 index 0000000000..c82b2c7df0 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch @@ -0,0 +1,39 @@ +From aac5574ff340a665ccc78d4c3d61596ac67acbbe Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 14:51:30 +0000 +Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow + +It is minimal possibility that the values being used here will overflow. +So, change the code to use the safemath function grub_mul() to ensure +that doesn't happen. + +Fixes: CID 73761 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/video_fb.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1c9a138..ae6b89f 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info, + volatile void *page1_ptr) + { + grub_err_t err; +- grub_size_t page_size = mode_info->pitch * mode_info->height; ++ grub_size_t page_size = 0; ++ ++ if (grub_mul (mode_info->pitch, mode_info->height, &page_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } + + framebuffer.offscreen_buffer = grub_malloc (page_size); + if (! framebuffer.offscreen_buffer) diff --git a/poky/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch b/poky/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch new file mode 100644 index 0000000000..3fca2aecb5 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch @@ -0,0 +1,38 @@ +From 88361a7fd4e481a76e1159a63c9014fa997ef29c Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:39:00 +0000 +Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference + from a jpeg file + +While it may never happen, and potentially could be caught at the end of +the function, it is worth checking up front for a bad reference to the +next marker just in case of a maliciously crafted file being provided. + +Fixes: CID 73694 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5f5eb7ca8e971227e95745abe541df3e1509360e] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/readers/jpeg.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 31359a4..0b6ce3c 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (next_marker > data->file->size) ++ { ++ /* Should never be set beyond the size of the file. */ ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next reference"); ++ } ++ + while (data->file->offset + sizeof (data->quan_table[id]) + 1 + <= next_marker) + { diff --git a/poky/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch b/poky/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch new file mode 100644 index 0000000000..61e5e5797d --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch @@ -0,0 +1,34 @@ +From 9433cb3a37c03f22c2fa769121f1f509fd031ae9 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Mon, 7 Dec 2020 14:44:47 +0000 +Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as + dead + +The test of value for NULL before calling grub_strdup() is not required, +since the if condition prior to this has already tested for value being +NULL and cannot reach this code if it is. + +Fixes: CID 73659 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4a1aa5917595650efbd46b581368c470ebee42ab] +Signed-off-by: Marta Rybczynska +--- + grub-core/gfxmenu/gui_list.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c +index 01477cd..df334a6 100644 +--- a/grub-core/gfxmenu/gui_list.c ++++ b/grub-core/gfxmenu/gui_list.c +@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value) + { + self->need_to_recreate_boxes = 1; + grub_free (self->selected_item_box_pattern); +- self->selected_item_box_pattern = value ? grub_strdup (value) : 0; ++ self->selected_item_box_pattern = grub_strdup (value); + self->selected_item_box_pattern_inherit = 0; + } + } diff --git a/poky/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch b/poky/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch new file mode 100644 index 0000000000..34643e10ab --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch @@ -0,0 +1,47 @@ +From 7899384c8fdf9ed96566978c49b0c6e40e70703d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:47:13 +0000 +Subject: [PATCH] loader/bsd: Check for NULL arg up-front + +The code in the next block suggests that it is possible for .set to be +true but .arg may still be NULL. + +This code assumes that it is never NULL, yet later is testing if it is +NULL - that is inconsistent. + +So we should check first if .arg is not NULL, and remove this check that +is being flagged by Coverity since it is no longer required. + +Fixes: CID 292471 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/i386/bsd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index b92cbe9..8432283 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + kernel_type = KERNEL_TYPE_OPENBSD; + bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags); + +- if (ctxt->state[OPENBSD_ROOT_ARG].set) ++ if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL) + { + const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg; + unsigned type, unit, part; +@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + "unknown disk type name"); + + unit = grub_strtoul (arg, (char **) &arg, 10); +- if (! (arg && *arg >= 'a' && *arg <= 'z')) ++ if (! (*arg >= 'a' && *arg <= 'z')) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + "only device specifications of form " + " are supported"); diff --git a/poky/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch b/poky/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch new file mode 100644 index 0000000000..41f09a22fc --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch @@ -0,0 +1,38 @@ +From 0a4aa7c16f65cdfaa1013f0796afa929f8d6dc1a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:53:10 +0000 +Subject: [PATCH] loader/xnu: Fix memory leak + +The code here is finished with the memory stored in name, but it only +frees it if there curvalue is valid, while it could actually free it +regardless. + +The fix is a simple relocation of the grub_free() to before the test +of curvalue. + +Fixes: CID 96646 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bcb59ece3263d118510c4440c4da0950f224bb7f] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 07232d2..b3029a8 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -1388,9 +1388,9 @@ grub_xnu_fill_devicetree (void) + name[len] = 0; + + curvalue = grub_xnu_create_value (curkey, name); ++ grub_free (name); + if (!curvalue) + return grub_errno; +- grub_free (name); + + data = grub_malloc (grub_strlen (var->value) + 1); + if (!data) diff --git a/poky/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch b/poky/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch new file mode 100644 index 0000000000..f9ad0fc34c --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch @@ -0,0 +1,77 @@ +From 81117a77a9e945ee5e7c1f12bd5667e2a16cbe32 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 30 Nov 2020 12:18:24 -0300 +Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in + grub_xnu_writetree_toheap() + +... to avoid memory leaks. + +Fixes: CID 96640 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4b4027b6b1c877d7ab467896b04c7bd1aadcfa15] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index b3029a8..39ceff8 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -224,26 +224,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + if (! memorymap) + return grub_errno; + +- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey)); ++ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey)); + if (! driverkey) + return grub_errno; + driverkey->name = grub_strdup ("DeviceTree"); + if (! driverkey->name) +- return grub_errno; ++ { ++ err = grub_errno; ++ goto fail; ++ } ++ + driverkey->datasize = sizeof (*extdesc); + driverkey->next = memorymap->first_child; + memorymap->first_child = driverkey; + driverkey->data = extdesc + = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc)); + if (! driverkey->data) +- return grub_errno; ++ { ++ err = grub_errno; ++ goto fail; ++ } + + /* Allocate the space based on the size with dummy value. */ + *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/"); + err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE), + &src, target); + if (err) +- return err; ++ goto fail; + + /* Put real data in the dummy. */ + extdesc->addr = *target; +@@ -252,6 +259,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + /* Write the tree to heap. */ + grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/"); + return GRUB_ERR_NONE; ++ ++ fail: ++ memorymap->first_child = NULL; ++ ++ grub_free (driverkey->data); ++ grub_free (driverkey->name); ++ grub_free (driverkey); ++ ++ return err; + } + + /* Find a key or value in parent key. */ diff --git a/poky/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch b/poky/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch new file mode 100644 index 0000000000..8081f7763a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch @@ -0,0 +1,42 @@ +From 778a3fffd19229e5650a1abfb06c974949991cd4 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 30 Nov 2020 10:36:00 -0300 +Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it + +Fixes: CID 73654 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7c8a2b5d1421a0f2a33d33531f7561f3da93b844] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 39ceff8..adc048c 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -667,6 +667,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + char *name, *nameend; + int namelen; + ++ if (infoplistname == NULL) ++ return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename")); ++ + name = get_name_ptr (infoplistname); + nameend = grub_strchr (name, '/'); + +@@ -698,10 +701,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + else + macho = 0; + +- if (infoplistname) +- infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); +- else +- infoplist = 0; ++ infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); + grub_errno = GRUB_ERR_NONE; + if (infoplist) + { diff --git a/poky/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch b/poky/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch new file mode 100644 index 0000000000..ea563a41a0 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch @@ -0,0 +1,41 @@ +From 5d2dd0052474a882a22e47cc8c3ed87a01819f6b Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 25 Feb 2021 18:35:01 +0100 +Subject: [PATCH] util/grub-install: Fix NULL pointer dereferences + +Two grub_device_open() calls does not have associated NULL checks +for returned values. Fix that and appease the Coverity. + +Fixes: CID 314583 + +Signed-off-by: Daniel Kiper +Reviewed-by: Javier Martinez Canillas + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b3a95655b4391122e7b0315d8cc6f876caf8183] +Signed-off-by: Marta Rybczynska +--- + util/grub-install.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/util/grub-install.c b/util/grub-install.c +index a82725f..367350f 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1775,6 +1775,8 @@ main (int argc, char *argv[]) + fill_core_services (core_services); + + ins_dev = grub_device_open (install_drive); ++ if (ins_dev == NULL) ++ grub_util_error ("%s", grub_errmsg); + + bless (ins_dev, core_services, 0); + +@@ -1875,6 +1877,8 @@ main (int argc, char *argv[]) + fill_core_services(core_services); + + ins_dev = grub_device_open (install_drive); ++ if (ins_dev == NULL) ++ grub_util_error ("%s", grub_errmsg); + + bless (ins_dev, boot_efi, 1); + if (!removable && update_nvram) diff --git a/poky/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch b/poky/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch new file mode 100644 index 0000000000..0cd8ec3611 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch @@ -0,0 +1,46 @@ +From 3d68daf2567aace4b52bd238cfd4a8111af3bc04 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 14:33:50 +0000 +Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value + +The return value of ftell() may be negative (-1) on error. While it is +probably unlikely to occur, we should not blindly cast to an unsigned +value without first testing that it is not negative. + +Fixes: CID 73856 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5dc41edc4eba259c6043ae7698c245ec1baaacc6] +Signed-off-by: Marta Rybczynska +--- + util/grub-editenv.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/util/grub-editenv.c b/util/grub-editenv.c +index f3662c9..db6f187 100644 +--- a/util/grub-editenv.c ++++ b/util/grub-editenv.c +@@ -125,6 +125,7 @@ open_envblk_file (const char *name) + { + FILE *fp; + char *buf; ++ long loc; + size_t size; + grub_envblk_t envblk; + +@@ -143,7 +144,12 @@ open_envblk_file (const char *name) + grub_util_error (_("cannot seek `%s': %s"), name, + strerror (errno)); + +- size = (size_t) ftell (fp); ++ loc = ftell (fp); ++ if (loc < 0) ++ grub_util_error (_("cannot get file location `%s': %s"), name, ++ strerror (errno)); ++ ++ size = (size_t) loc; + + if (fseek (fp, 0, SEEK_SET) < 0) + grub_util_error (_("cannot seek `%s': %s"), name, diff --git a/poky/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch b/poky/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch new file mode 100644 index 0000000000..66d7c0aa42 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch @@ -0,0 +1,50 @@ +From e301a0f38a2130eb80f346c31e43bf5089af583c Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:04:28 +0000 +Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value + +It is possible for the ftell() function to return a negative value, +although it is fairly unlikely here, we should be checking for +a negative value before we assign it to an unsigned value. + +Fixes: CID 73744 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72] +Signed-off-by: Marta Rybczynska +--- + util/glue-efi.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/util/glue-efi.c b/util/glue-efi.c +index 68f5316..de0fa6d 100644 +--- a/util/glue-efi.c ++++ b/util/glue-efi.c +@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename, + struct grub_macho_fat_header head; + struct grub_macho_fat_arch arch32, arch64; + grub_uint32_t size32, size64; ++ long size; + char *buf; + + fseek (in32, 0, SEEK_END); +- size32 = ftell (in32); ++ size = ftell (in32); ++ if (size < 0) ++ grub_util_error ("cannot get end of input file '%s': %s", ++ name32, strerror (errno)); ++ size32 = (grub_uint32_t) size; + fseek (in32, 0, SEEK_SET); ++ + fseek (in64, 0, SEEK_END); +- size64 = ftell (in64); ++ size = ftell (in64); ++ if (size < 0) ++ grub_util_error ("cannot get end of input file '%s': %s", ++ name64, strerror (errno)); ++ size64 = (grub_uint64_t) size; + fseek (in64, 0, SEEK_SET); + + head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC); diff --git a/poky/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch b/poky/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch new file mode 100644 index 0000000000..b279222fff --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch @@ -0,0 +1,28 @@ +From f5fb56954e5926ced42a980c3e0842ffd5fea2aa Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 3 Apr 2020 23:05:13 +1100 +Subject: [PATCH] script/execute: Fix NULL dereference in + grub_script_execute_cmdline() + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=41ae93b2e6c75453514629bcfe684300e3aec0ce] +Signed-off-by: Marta Rybczynska +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 7e028e1..5ea2aef 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + struct grub_script_argv argv = { 0, 0, 0 }; + + /* Lookup the command. */ +- if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0]) ++ if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args || ! argv.args[0]) + return grub_errno; + + for (i = 0; i < argv.argc; i++) diff --git a/poky/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch b/poky/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch new file mode 100644 index 0000000000..5a327fe1d2 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch @@ -0,0 +1,33 @@ +From dd82f98fa642907817f59aeaf3761b786898df85 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 16:57:37 +1100 +Subject: [PATCH] commands/ls: Require device_name is not NULL before printing + +This can be triggered with: + ls -l (0 0*) +and causes a NULL deref in grub_normal_print_device_info(). + +I'm not sure if there's any implication with the IEEE 1275 platform. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6afbe6063c95b827372f9ec310c9fc7461311eb1] +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/ls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c +index 5b7491a..326d2d6 100644 +--- a/grub-core/commands/ls.c ++++ b/grub-core/commands/ls.c +@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) + goto fail; + } + +- if (! *path) ++ if (! *path && device_name) + { + if (grub_errno == GRUB_ERR_UNKNOWN_FS) + grub_errno = GRUB_ERR_NONE; diff --git a/poky/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch b/poky/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch new file mode 100644 index 0000000000..84117a9073 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch @@ -0,0 +1,37 @@ +From df2505c4c3cf42b0c419c99a5f9e1ce63e5a5938 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 17:30:42 +1100 +Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a + function scope + +"$#" represents the number of arguments to a function. It is only +defined in a function scope, where "scope" is non-NULL. Currently, +if we attempt to evaluate "$#" outside a function scope, "scope" will +be NULL and we will crash with a NULL pointer dereference. + +Do not attempt to count arguments for "$#" if "scope" is NULL. This +will result in "$#" being interpreted as an empty string if evaluated +outside a function scope. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fe0586347ee46f927ae27bb9673532da9f5dead5] +Signed-off-by: Marta Rybczynska +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 5ea2aef..23d34bd 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len, + return 0; + + /* Enough for any number. */ +- if (len == 1 && str[0] == '#') ++ if (len == 1 && str[0] == '#' && scope != NULL) + { + grub_snprintf (*ptr, 30, "%u", scope->argv.argc); + *ptr += grub_strlen (*ptr); diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-25632.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-25632.patch new file mode 100644 index 0000000000..0b37c72f0f --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-25632.patch @@ -0,0 +1,90 @@ +From 7630ec5397fe418276b360f9011934b8c034936c Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 29 Sep 2020 14:08:55 +0200 +Subject: [PATCH] dl: Only allow unloading modules that are not dependencies + +When a module is attempted to be removed its reference counter is always +decremented. This means that repeated rmmod invocations will cause the +module to be unloaded even if another module depends on it. + +This may lead to a use-after-free scenario allowing an attacker to execute +arbitrary code and by-pass the UEFI Secure Boot protection. + +While being there, add the extern keyword to some function declarations in +that header file. + +Fixes: CVE-2020-25632 + +Reported-by: Chris Coulson +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7630ec5397fe418276b360f9011934b8c034936c] +CVE: CVE-2020-25632 +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/minicmd.c | 7 +++++-- + grub-core/kern/dl.c | 9 +++++++++ + include/grub/dl.h | 8 +++++--- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 6bbce3128..fa498931e 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), + if (grub_dl_is_persistent (mod)) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); + +- if (grub_dl_unref (mod) <= 0) +- grub_dl_unload (mod); ++ if (grub_dl_ref_count (mod) > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module"); ++ ++ grub_dl_unref (mod); ++ grub_dl_unload (mod); + + return 0; + } +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 48eb5e7b6..48f8a7907 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -549,6 +549,15 @@ grub_dl_unref (grub_dl_t mod) + return --mod->ref_count; + } + ++int ++grub_dl_ref_count (grub_dl_t mod) ++{ ++ if (mod == NULL) ++ return 0; ++ ++ return mod->ref_count; ++} ++ + static void + grub_dl_flush_cache (grub_dl_t mod) + { +diff --git a/include/grub/dl.h b/include/grub/dl.h +index f03c03561..b3753c9ca 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); + grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); + grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); + int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); +-void grub_dl_unload_unneeded (void); +-int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); +-int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern void grub_dl_unload_unneeded (void); ++extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); ++ + extern grub_dl_t EXPORT_VAR(grub_dl_head); + + #ifndef GRUB_UTIL +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-25647.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-25647.patch new file mode 100644 index 0000000000..cb77fd4772 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-25647.patch @@ -0,0 +1,119 @@ +From 128c16a682034263eb519c89bc0934eeb6fa8cfa Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 11 Dec 2020 19:19:21 +0100 +Subject: [PATCH] usb: Avoid possible out-of-bound accesses caused by malicious + devices + +The maximum number of configurations and interfaces are fixed but there is +no out-of-bound checking to prevent a malicious USB device to report large +values for these and cause accesses outside the arrays' memory. + +Fixes: CVE-2020-25647 + +Reported-by: Joseph Tartaro +Reported-by: Ilja Van Sprundel +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=128c16a682034263eb519c89bc0934eeb6fa8cfa] +CVE: CVE-2020-25647 +Signed-off-by: Marta Rybczynska +--- + grub-core/bus/usb/usb.c | 15 ++++++++++++--- + include/grub/usb.h | 10 +++++++--- + 2 files changed, 19 insertions(+), 6 deletions(-) + +diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c +index 8da5e4c74..7cb3cc230 100644 +--- a/grub-core/bus/usb/usb.c ++++ b/grub-core/bus/usb/usb.c +@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, + grub_usb_err_t + grub_usb_clear_halt (grub_usb_device_t dev, int endpoint) + { ++ if (endpoint >= GRUB_USB_MAX_TOGGLE) ++ return GRUB_USB_ERR_BADDEVICE; ++ + dev->toggle[endpoint] = 0; + return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT + | GRUB_USB_REQTYPE_STANDARD +@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev) + return err; + descdev = &dev->descdev; + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + dev->config[i].descconf = NULL; + +- if (descdev->configcnt == 0) ++ if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF) + { + err = GRUB_USB_ERR_BADDEVICE; + goto fail; +@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev) + /* Skip the configuration descriptor. */ + pos = dev->config[i].descconf->length; + ++ if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF) ++ { ++ err = GRUB_USB_ERR_BADDEVICE; ++ goto fail; ++ } ++ + /* Read all interfaces. */ + for (currif = 0; currif < dev->config[i].descconf->numif; currif++) + { +@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev) + + fail: + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + grub_free (dev->config[i].descconf); + + return err; +diff --git a/include/grub/usb.h b/include/grub/usb.h +index 512ae1dd0..6475c552f 100644 +--- a/include/grub/usb.h ++++ b/include/grub/usb.h +@@ -23,6 +23,10 @@ + #include + #include + ++#define GRUB_USB_MAX_CONF 8 ++#define GRUB_USB_MAX_IF 32 ++#define GRUB_USB_MAX_TOGGLE 256 ++ + typedef struct grub_usb_device *grub_usb_device_t; + typedef struct grub_usb_controller *grub_usb_controller_t; + typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t; +@@ -167,7 +171,7 @@ struct grub_usb_configuration + struct grub_usb_desc_config *descconf; + + /* Interfaces associated to this configuration. */ +- struct grub_usb_interface interf[32]; ++ struct grub_usb_interface interf[GRUB_USB_MAX_IF]; + }; + + struct grub_usb_hub_port +@@ -191,7 +195,7 @@ struct grub_usb_device + struct grub_usb_controller controller; + + /* Device configurations (after opening the device). */ +- struct grub_usb_configuration config[8]; ++ struct grub_usb_configuration config[GRUB_USB_MAX_CONF]; + + /* Device address. */ + int addr; +@@ -203,7 +207,7 @@ struct grub_usb_device + int initialized; + + /* Data toggle values (used for bulk transfers only). */ +- int toggle[256]; ++ int toggle[GRUB_USB_MAX_TOGGLE]; + + /* Used by libusb wrapper. Schedulded for removal. */ + void *data; +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index db7c23a84a..0d3f6d05da 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -15,6 +15,8 @@ CVE_PRODUCT = "grub2" # Applies only to RHEL CVE_CHECK_WHITELIST += "CVE-2019-14865" +# Applies only to SUSE +CVE_CHECK_WHITELIST += "CVE-2021-46705" SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \ @@ -45,7 +47,55 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_5.patch \ file://CVE-2020-27779_6.patch \ file://CVE-2020-27779_7.patch \ -" + file://CVE-2020-25632.patch \ + file://CVE-2020-25647.patch \ + file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \ + file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \ + file://0003-net-tftp-Fix-dangling-memory-pointer.patch \ + file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \ + file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \ + file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ + file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ + file://0008-gnulib-regexec-Resolve-unused-variable.patch \ + file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ + file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ + file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ + file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \ + file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \ + file://0014-zstd-Initialize-seq_t-structure-fully.patch \ + file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \ + file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ + file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ + file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ + file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ + file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \ + file://0021-zfs-Fix-possible-negative-shift-operation.patch \ + file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \ + file://0023-zfs-Fix-possible-integer-overflows.patch \ + file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \ + file://0025-affs-Fix-memory-leaks.patch \ + file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ + file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ + file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ + file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ + file://0030-commands-hashsum-Fix-a-memory-leak.patch \ + file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \ + file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \ + file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \ + file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ + file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ + file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ + file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ + file://0038-loader-xnu-Fix-memory-leak.patch \ + file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \ + file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \ + file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \ + file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ + file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ + file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \ + file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \ + file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \ + " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.35.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.35.bb deleted file mode 100644 index 4652529623..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.35.bb +++ /dev/null @@ -1,141 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "https://www.isc.org/bind/" -DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6" - -DEPENDS = "openssl libcap zlib" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - " - -SRC_URI[sha256sum] = "1c882705827b6aafa45d917ae3b20eccccc8d5df3c4477df44b04382e6c47562" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" - -# BIND >= 9.11.2 need dhcpd >= 4.4.0, -# don't report it here since dhcpd is already recent enough. -CVE_CHECK_WHITELIST += "CVE-2019-6470" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header - -MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," -PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ - --with-lmdb=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi - - oe_multilib_header isc/platform.h -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE_${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.37.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.37.bb new file mode 100644 index 0000000000..afc8cf0b3b --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.37.bb @@ -0,0 +1,141 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "https://www.isc.org/bind/" +DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89a97ebbf713f7125fe5c02223d3ae95" + +DEPENDS = "openssl libcap zlib" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[sha256sum] = "0d8efbe7ec166ada90e46add4267b7e7c934790cba9bd5af6b8380a4fbfb5aff" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 +UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" + +# BIND >= 9.11.2 need dhcpd >= 4.4.0, +# don't report it here since dhcpd is already recent enough. +CVE_CHECK_WHITELIST += "CVE-2019-6470" + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header + +MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," + +ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ + --disable-devpoll --enable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ + --with-lmdb=no \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "named.service" + +do_install_prepend() { + # clean host path in isc-config.sh before the hardlink created + # by "make install": + # bind9-config -> isc-config.sh + sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh +} + +do_install_append() { + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ + ${D}${sbindir}/dnssec-coverage \ + ${D}${sbindir}/dnssec-checkds \ + ${D}${sbindir}/dnssec-keymgr + fi + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi + + oe_multilib_header isc/platform.h +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +FILES_${PN}-libs = "${libdir}/*.so*" +FILES_${PN}-staticdev += "${libdir}/*.la" + +PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" +FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ + ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN}-dev = "" +RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 34796fdd20..4d4348898a 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -54,6 +54,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-test-gatt-Fix-hung-issue.patch \ file://CVE-2021-0129.patch \ file://CVE-2021-3588.patch \ + file://CVE-2021-3658.patch \ + file://CVE-2022-0204.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch new file mode 100644 index 0000000000..1738ca13da --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3658.patch @@ -0,0 +1,95 @@ +From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Thu, 24 Jun 2021 16:32:04 -0700 +Subject: [PATCH] adapter: Fix storing discoverable setting + +discoverable setting shall only be store when changed via Discoverable +property and not when discovery client set it as that be considered +temporary just for the lifetime of the discovery. + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055] +Signed-off-by:Minjae Kim +--- + src/adapter.c | 35 ++++++++++++++++++++++------------- + 1 file changed, 22 insertions(+), 13 deletions(-) + +diff --git a/src/adapter.c b/src/adapter.c +index 12e4ff5c0..663b778e4 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) + if (changed_mask & MGMT_SETTING_DISCOVERABLE) { + g_dbus_emit_property_changed(dbus_conn, adapter->path, + ADAPTER_INTERFACE, "Discoverable"); +- store_adapter_info(adapter); ++ /* Only persist discoverable setting if it was not set ++ * temporarily by discovery. ++ */ ++ if (!adapter->discovery_discoverable) ++ store_adapter_info(adapter); + btd_adv_manager_refresh(adapter->adv_manager); + } + +@@ -2162,8 +2166,6 @@ static bool filters_equal(struct mgmt_cp_start_service_discovery *a, + static int update_discovery_filter(struct btd_adapter *adapter) + { + struct mgmt_cp_start_service_discovery *sd_cp; +- GSList *l; +- + + DBG(""); + +@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct btd_adapter *adapter) + return -ENOMEM; + } + +- for (l = adapter->discovery_list; l; l = g_slist_next(l)) { +- struct discovery_client *client = l->data; ++ /* Only attempt to overwrite current discoverable setting when not ++ * discoverable. ++ */ ++ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)) { ++ GSList *l; + +- if (!client->discovery_filter) +- continue; ++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { ++ struct discovery_client *client = l->data; + +- if (client->discovery_filter->discoverable) +- break; +- } ++ if (!client->discovery_filter) ++ continue; + +- set_discovery_discoverable(adapter, l ? true : false); ++ if (client->discovery_filter->discoverable) { ++ set_discovery_discoverable(adapter, true); ++ break; ++ } ++ } ++ } + + /* + * If filters are equal, then don't update scan, except for when +@@ -2216,8 +2225,7 @@ static int discovery_stop(struct discovery_client *client) + return 0; + } + +- if (adapter->discovery_discoverable) +- set_discovery_discoverable(adapter, false); ++ set_discovery_discoverable(adapter, false); + + /* + * In the idle phase of a discovery, there is no need to stop it +@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter *adapter) + g_free(adapter->current_discovery_filter); + adapter->current_discovery_filter = NULL; + ++ set_discovery_discoverable(adapter, false); + adapter->discovering = false; + + while (adapter->connections) { +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch new file mode 100644 index 0000000000..646b5ddfc8 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch @@ -0,0 +1,66 @@ +From 0d328fdf6564b67fc2ec3533e3da201ebabcc9e3 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Tue, 8 Jun 2021 16:46:49 -0700 +Subject: [PATCH] shared/gatt-server: Fix heap overflow when appending prepare + writes + +The code shall check if the prepare writes would append more the +allowed maximum attribute length. + +Fixes https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q + +Upstream-Status: Backport [https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0] +Signed-off-by: Ralph Siemsen +CVE: CVE-2022-0204 + +--- + src/shared/gatt-server.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c +index 0c25a97..20e14bc 100644 +--- a/src/shared/gatt-server.c ++++ b/src/shared/gatt-server.c +@@ -816,6 +816,20 @@ static uint8_t authorize_req(struct bt_gatt_server *server, + server->authorize_data); + } + ++static uint8_t check_length(uint16_t length, uint16_t offset) ++{ ++ if (length > BT_ATT_MAX_VALUE_LEN) ++ return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN; ++ ++ if (offset > BT_ATT_MAX_VALUE_LEN) ++ return BT_ATT_ERROR_INVALID_OFFSET; ++ ++ if (length + offset > BT_ATT_MAX_VALUE_LEN) ++ return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN; ++ ++ return 0; ++} ++ + static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, + uint16_t length, void *user_data) + { +@@ -846,6 +860,10 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, + (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", + handle); + ++ ecode = check_length(length, 0); ++ if (ecode) ++ goto error; ++ + ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; +@@ -1353,6 +1371,10 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode, + util_debug(server->debug_callback, server->debug_data, + "Prep Write Req - handle: 0x%04x", handle); + ++ ecode = check_length(length, offset); ++ if (ecode) ++ goto error; ++ + ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch new file mode 100644 index 0000000000..770948fb69 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch @@ -0,0 +1,72 @@ +From eceb2e8d2341c041df55a5e2f047d9a8c491463c Mon Sep 17 00:00:00 2001 +From: Valery Kashcheev +Date: Mon, 7 Jun 2021 18:58:24 +0200 +Subject: dnsproxy: Check the length of buffers before memcpy + +Fix using a stack-based buffer overflow attack by checking the length of +the ptr and uptr buffers. + +Fix debug message output. + +Fixes: CVE-2021-33833 + +Upstream-Status: Backport +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c +CVE: CVE-2021-33833 +Signed-off-by: Steve Sakoman + +--- + src/dnsproxy.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index de52df5a..38dbdd71 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -1788,17 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * tmp buffer. + */ + +- debug("pos %d ulen %d left %d name %s", pos, ulen, +- (int)(uncomp_len - (uptr - uncompressed)), uptr); +- +- ulen = strlen(name); +- if ((uptr + ulen + 1) > uncomp_end) { ++ ulen = strlen(name) + 1; ++ if ((uptr + ulen) > uncomp_end) + goto out; +- } +- strncpy(uptr, name, uncomp_len - (uptr - uncompressed)); ++ strncpy(uptr, name, ulen); ++ ++ debug("pos %d ulen %d left %d name %s", pos, ulen, ++ (int)(uncomp_end - (uptr + ulen)), uptr); + + uptr += ulen; +- *uptr++ = '\0'; + + ptr += pos; + +@@ -1841,7 +1839,7 @@ static char *uncompress(int16_t field_count, char *start, char *end, + } else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) { + dlen = uptr[-2] << 8 | uptr[-1]; + +- if (ptr + dlen > end) { ++ if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) { + debug("data len %d too long", dlen); + goto out; + } +@@ -1880,6 +1878,10 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * refresh interval, retry interval, expiration + * limit and minimum ttl). They are 20 bytes long. + */ ++ if ((uptr + 20) > uncomp_end || (ptr + 20) > end) { ++ debug("soa record too long"); ++ goto out; ++ } + memcpy(uptr, ptr, 20); + uptr += 20; + ptr += 20; +-- +cgit 1.2.3-1.el7 + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch new file mode 100644 index 0000000000..7f27474830 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch @@ -0,0 +1,121 @@ +From e5a313736e13c90d19085e953a26256a198e4950 Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Tue, 25 Jan 2022 10:00:24 +0100 +Subject: dnsproxy: Validate input data before using them + +dnsproxy is not validating various input data. Add a bunch of checks. + +Fixes: CVE-2022-23097 +Fixes: CVE-2022-23096 + +Upstream-Status: Backport +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 + +CVE: CVE-2022-23096 CVE-2022-23097 +Signed-off-by: Steve Sakoman + +--- + src/dnsproxy.c | 31 ++++++++++++++++++++++++++----- + 1 file changed, 26 insertions(+), 5 deletions(-) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index cdfafbc2..c027bcb9 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -1951,6 +1951,12 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + + if (offset < 0) + return offset; ++ if (reply_len < 0) ++ return -EINVAL; ++ if (reply_len < offset + 1) ++ return -EINVAL; ++ if ((size_t)reply_len < sizeof(struct domain_hdr)) ++ return -EINVAL; + + hdr = (void *)(reply + offset); + dns_id = reply[offset] | reply[offset + 1] << 8; +@@ -1986,23 +1992,31 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + */ + if (req->append_domain && ntohs(hdr->qdcount) == 1) { + uint16_t domain_len = 0; +- uint16_t header_len; ++ uint16_t header_len, payload_len; + uint16_t dns_type, dns_class; + uint8_t host_len, dns_type_pos; + char uncompressed[NS_MAXDNAME], *uptr; + char *ptr, *eom = (char *)reply + reply_len; ++ char *domain; + + /* + * ptr points to the first char of the hostname. + * ->hostname.domain.net + */ + header_len = offset + sizeof(struct domain_hdr); ++ if (reply_len < header_len) ++ return -EINVAL; ++ payload_len = reply_len - header_len; ++ + ptr = (char *)reply + header_len; + + host_len = *ptr; ++ domain = ptr + 1 + host_len; ++ if (domain > eom) ++ return -EINVAL; ++ + if (host_len > 0) +- domain_len = strnlen(ptr + 1 + host_len, +- reply_len - header_len); ++ domain_len = strnlen(domain, eom - domain); + + /* + * If the query type is anything other than A or AAAA, +@@ -2011,6 +2025,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + */ + dns_type_pos = host_len + 1 + domain_len + 1; + ++ if (ptr + (dns_type_pos + 3) > eom) ++ return -EINVAL; + dns_type = ptr[dns_type_pos] << 8 | + ptr[dns_type_pos + 1]; + dns_class = ptr[dns_type_pos + 2] << 8 | +@@ -2040,6 +2056,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + int new_len, fixed_len; + char *answers; + ++ if (len > payload_len) ++ return -EINVAL; + /* + * First copy host (without domain name) into + * tmp buffer. +@@ -2054,6 +2072,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + * Copy type and class fields of the question. + */ + ptr += len + domain_len + 1; ++ if (ptr + NS_QFIXEDSZ > eom) ++ return -EINVAL; + memcpy(uptr, ptr, NS_QFIXEDSZ); + + /* +@@ -2063,6 +2083,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol, + uptr += NS_QFIXEDSZ; + answers = uptr; + fixed_len = answers - uncompressed; ++ if (ptr + offset > eom) ++ return -EINVAL; + + /* + * We then uncompress the result to buffer +@@ -2257,8 +2279,7 @@ static gboolean udp_server_event(GIOChannel *channel, GIOCondition condition, + + len = recv(sk, buf, sizeof(buf), 0); + +- if (len >= 12) +- forward_dns_reply(buf, len, IPPROTO_UDP, data); ++ forward_dns_reply(buf, len, IPPROTO_UDP, data); + + return TRUE; + } +-- +cgit 1.2.3-1.el7 + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch new file mode 100644 index 0000000000..a40c9f583f --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch @@ -0,0 +1,50 @@ +From d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Tue, 25 Jan 2022 10:00:25 +0100 +Subject: dnsproxy: Avoid 100 % busy loop in TCP server case + +Once the TCP socket is connected and until the remote server is +responding (if ever) ConnMan executes a 100 % CPU loop, since +the connected socket will always be writable (G_IO_OUT). + +To fix this, modify the watch after the connection is established to +remove the G_IO_OUT from the callback conditions. + +Fixes: CVE-2022-23098 + +Upstream-Status: Backport +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 + +CVE: CVE-2022-23098 +Signed-off-by: Steve Sakoman + +--- + src/dnsproxy.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index c027bcb9..1ccf36a9 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -2360,6 +2360,18 @@ hangup: + } + } + ++ /* ++ * Remove the G_IO_OUT flag from the watch, otherwise we end ++ * up in a busy loop, because the socket is constantly writable. ++ * ++ * There seems to be no better way in g_io to do that than ++ * re-adding the watch. ++ */ ++ g_source_remove(server->watch); ++ server->watch = g_io_add_watch(server->channel, ++ G_IO_IN | G_IO_HUP | G_IO_NVAL | G_IO_ERR, ++ tcp_server_event, server); ++ + server->connected = true; + server_list = g_slist_append(server_list, server); + +-- +cgit 1.2.3-1.el7 + diff --git a/poky/meta/recipes-connectivity/connman/connman_1.37.bb b/poky/meta/recipes-connectivity/connman/connman_1.37.bb index bdab4c4f18..bdd1e590ec 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.37.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.37.bb @@ -9,6 +9,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://CVE-2021-26675.patch \ file://CVE-2021-26676-0001.patch \ file://CVE-2021-26676-0002.patch \ + file://CVE-2021-33833.patch \ + file://CVE-2022-23096-7.patch \ + file://CVE-2022-23098.patch \ " SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index b4cbc1a76c..781b9216c5 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -4,11 +4,12 @@ DESCRIPTION = "Mobile Broadband Service Provider Database stores service provide SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a" -PV = "20201225" + +SRCREV = "4cbb44a9fe26aa6f0b28beb79f9488b37c097b5e" +PV = "20220315" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" S = "${WORKDIR}/git" inherit autotools diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb deleted file mode 100644 index bf7cd6527e..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb +++ /dev/null @@ -1,218 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - file://reproducible.patch \ - file://reproducibility.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" - -inherit lib_package multilib_header multilib_script ptest -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-powerpc64le) - target=linux-ppc64le - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target - perl ${B}/configdata.pm --dump -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ - ${libdir}/ssl-1.1/openssl.cnf* \ - " -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" - -RDEPENDS_${PN}-bin += "openssl-conf" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" - -CVE_VERSION_SUFFIX = "alphabetical" - -# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 -# Apache in meta-webserver is already recent enough -CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb new file mode 100644 index 0000000000..8538bd5a18 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb @@ -0,0 +1,219 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-skip-test_symbol_presence.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://reproducible.patch \ + file://reproducibility.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a" + +inherit lib_package multilib_header multilib_script ptest +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-1.1 +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-1.1/openssl.cnf* \ + " +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" + +RDEPENDS_${PN}-bin += "openssl-conf" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +CVE_VERSION_SUFFIX = "alphabetical" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch new file mode 100644 index 0000000000..21e65ba961 --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch @@ -0,0 +1,609 @@ +From 208e5687ff2e48622e28d8888ce5444a54353bbd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 27 Aug 2019 16:33:15 +0300 +Subject: [PATCH 1/4] crypto: Add more bignum/EC helper functions + +These are needed for implementing SAE hash-to-element. + +Signed-off-by: Jouni Malinen + +Upstream-Status: Backport +https://w1.fi/security/2022-1/ + +CVE: CVE-2022-23303 CVE-2022-23304 +Signed-off-by: Steve Sakoman + +--- + src/crypto/crypto.h | 45 ++++++++++++++++++ + src/crypto/crypto_openssl.c | 94 +++++++++++++++++++++++++++++++++++++ + src/crypto/crypto_wolfssl.c | 66 ++++++++++++++++++++++++++ + 3 files changed, 205 insertions(+) + +diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h +index 15f8ad04cea4..68476dbce96c 100644 +--- a/src/crypto/crypto.h ++++ b/src/crypto/crypto.h +@@ -518,6 +518,13 @@ struct crypto_bignum * crypto_bignum_init(void); + */ + struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); + ++/** ++ * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint) ++ * @val: Value to set ++ * Returns: Pointer to allocated bignum or %NULL on failure ++ */ ++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val); ++ + /** + * crypto_bignum_deinit - Free bignum + * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() +@@ -612,6 +619,19 @@ int crypto_bignum_div(const struct crypto_bignum *a, + const struct crypto_bignum *b, + struct crypto_bignum *c); + ++/** ++ * crypto_bignum_addmod - d = a + b (mod c) ++ * @a: Bignum ++ * @b: Bignum ++ * @c: Bignum ++ * @d: Bignum; used to store the result of (a + b) % c ++ * Returns: 0 on success, -1 on failure ++ */ ++int crypto_bignum_addmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ const struct crypto_bignum *c, ++ struct crypto_bignum *d); ++ + /** + * crypto_bignum_mulmod - d = a * b (mod c) + * @a: Bignum +@@ -625,6 +645,28 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a, + const struct crypto_bignum *c, + struct crypto_bignum *d); + ++/** ++ * crypto_bignum_sqrmod - c = a^2 (mod b) ++ * @a: Bignum ++ * @b: Bignum ++ * @c: Bignum; used to store the result of a^2 % b ++ * Returns: 0 on success, -1 on failure ++ */ ++int crypto_bignum_sqrmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c); ++ ++/** ++ * crypto_bignum_sqrtmod - returns sqrt(a) (mod b) ++ * @a: Bignum ++ * @b: Bignum ++ * @c: Bignum; used to store the result ++ * Returns: 0 on success, -1 on failure ++ */ ++int crypto_bignum_sqrtmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c); ++ + /** + * crypto_bignum_rshift - r = a >> n + * @a: Bignum +@@ -731,6 +773,9 @@ const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); + */ + const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); + ++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e); ++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e); ++ + /** + * struct crypto_ec_point - Elliptic curve point + * +diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c +index bab33a537293..ed463105e8f1 100644 +--- a/src/crypto/crypto_openssl.c ++++ b/src/crypto/crypto_openssl.c +@@ -1283,6 +1283,24 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len) + } + + ++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val) ++{ ++ BIGNUM *bn; ++ ++ if (TEST_FAIL()) ++ return NULL; ++ ++ bn = BN_new(); ++ if (!bn) ++ return NULL; ++ if (BN_set_word(bn, val) != 1) { ++ BN_free(bn); ++ return NULL; ++ } ++ return (struct crypto_bignum *) bn; ++} ++ ++ + void crypto_bignum_deinit(struct crypto_bignum *n, int clear) + { + if (clear) +@@ -1449,6 +1467,28 @@ int crypto_bignum_div(const struct crypto_bignum *a, + } + + ++int crypto_bignum_addmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ const struct crypto_bignum *c, ++ struct crypto_bignum *d) ++{ ++ int res; ++ BN_CTX *bnctx; ++ ++ if (TEST_FAIL()) ++ return -1; ++ ++ bnctx = BN_CTX_new(); ++ if (!bnctx) ++ return -1; ++ res = BN_mod_add((BIGNUM *) d, (const BIGNUM *) a, (const BIGNUM *) b, ++ (const BIGNUM *) c, bnctx); ++ BN_CTX_free(bnctx); ++ ++ return res ? 0 : -1; ++} ++ ++ + int crypto_bignum_mulmod(const struct crypto_bignum *a, + const struct crypto_bignum *b, + const struct crypto_bignum *c, +@@ -1472,6 +1512,48 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a, + } + + ++int crypto_bignum_sqrmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c) ++{ ++ int res; ++ BN_CTX *bnctx; ++ ++ if (TEST_FAIL()) ++ return -1; ++ ++ bnctx = BN_CTX_new(); ++ if (!bnctx) ++ return -1; ++ res = BN_mod_sqr((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b, ++ bnctx); ++ BN_CTX_free(bnctx); ++ ++ return res ? 0 : -1; ++} ++ ++ ++int crypto_bignum_sqrtmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c) ++{ ++ BN_CTX *bnctx; ++ BIGNUM *res; ++ ++ if (TEST_FAIL()) ++ return -1; ++ ++ bnctx = BN_CTX_new(); ++ if (!bnctx) ++ return -1; ++ res = BN_mod_sqrt((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b, ++ bnctx); ++ BN_CTX_free(bnctx); ++ ++ return res ? 0 : -1; ++} ++ ++ + int crypto_bignum_rshift(const struct crypto_bignum *a, int n, + struct crypto_bignum *r) + { +@@ -1682,6 +1764,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e) + } + + ++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e) ++{ ++ return (const struct crypto_bignum *) e->a; ++} ++ ++ ++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e) ++{ ++ return (const struct crypto_bignum *) e->b; ++} ++ ++ + void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear) + { + if (clear) +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c +index 4cedab4367cd..e9894b335e53 100644 +--- a/src/crypto/crypto_wolfssl.c ++++ b/src/crypto/crypto_wolfssl.c +@@ -1042,6 +1042,26 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len) + } + + ++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val) ++{ ++ mp_int *a; ++ ++ if (TEST_FAIL()) ++ return NULL; ++ ++ a = (mp_int *) crypto_bignum_init(); ++ if (!a) ++ return NULL; ++ ++ if (mp_set_int(a, val) != MP_OKAY) { ++ os_free(a); ++ a = NULL; ++ } ++ ++ return (struct crypto_bignum *) a; ++} ++ ++ + void crypto_bignum_deinit(struct crypto_bignum *n, int clear) + { + if (!n) +@@ -1168,6 +1188,19 @@ int crypto_bignum_div(const struct crypto_bignum *a, + } + + ++int crypto_bignum_addmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ const struct crypto_bignum *c, ++ struct crypto_bignum *d) ++{ ++ if (TEST_FAIL()) ++ return -1; ++ ++ return mp_addmod((mp_int *) a, (mp_int *) b, (mp_int *) c, ++ (mp_int *) d) == MP_OKAY ? 0 : -1; ++} ++ ++ + int crypto_bignum_mulmod(const struct crypto_bignum *a, + const struct crypto_bignum *b, + const struct crypto_bignum *m, +@@ -1181,6 +1214,27 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a, + } + + ++int crypto_bignum_sqrmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c) ++{ ++ if (TEST_FAIL()) ++ return -1; ++ ++ return mp_sqrmod((mp_int *) a, (mp_int *) b, ++ (mp_int *) c) == MP_OKAY ? 0 : -1; ++} ++ ++ ++int crypto_bignum_sqrtmod(const struct crypto_bignum *a, ++ const struct crypto_bignum *b, ++ struct crypto_bignum *c) ++{ ++ /* TODO */ ++ return -1; ++} ++ ++ + int crypto_bignum_rshift(const struct crypto_bignum *a, int n, + struct crypto_bignum *r) + { +@@ -1386,6 +1440,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e) + } + + ++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e) ++{ ++ return (const struct crypto_bignum *) &e->a; ++} ++ ++ ++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e) ++{ ++ return (const struct crypto_bignum *) &e->b; ++} ++ ++ + void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear) + { + ecc_point *point = (ecc_point *) p; +-- +2.25.1 + +From 2232d3d5f188b65dbb6c823ac62175412739eb16 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 7 Jan 2022 13:47:16 +0200 +Subject: [PATCH 2/4] dragonfly: Add sqrt() helper function + +This is a backport of "SAE: Move sqrt() implementation into a helper +function" to introduce the helper function needed for the following +patches. + +Signed-off-by: Jouni Malinen +--- + src/common/dragonfly.c | 34 ++++++++++++++++++++++++++++++++++ + src/common/dragonfly.h | 2 ++ + 2 files changed, 36 insertions(+) + +diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c +index 547be66f1561..1e842716668e 100644 +--- a/src/common/dragonfly.c ++++ b/src/common/dragonfly.c +@@ -213,3 +213,37 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order, + "dragonfly: Unable to get randomness for own scalar"); + return -1; + } ++ ++ ++/* res = sqrt(val) */ ++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val, ++ struct crypto_bignum *res) ++{ ++ const struct crypto_bignum *prime; ++ struct crypto_bignum *tmp, *one; ++ int ret = 0; ++ u8 prime_bin[DRAGONFLY_MAX_ECC_PRIME_LEN]; ++ size_t prime_len; ++ ++ /* For prime p such that p = 3 mod 4, sqrt(w) = w^((p+1)/4) mod p */ ++ ++ prime = crypto_ec_get_prime(ec); ++ prime_len = crypto_ec_prime_len(ec); ++ tmp = crypto_bignum_init(); ++ one = crypto_bignum_init_uint(1); ++ ++ if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin), ++ prime_len) < 0 || ++ (prime_bin[prime_len - 1] & 0x03) != 3 || ++ !tmp || !one || ++ /* tmp = (p+1)/4 */ ++ crypto_bignum_add(prime, one, tmp) < 0 || ++ crypto_bignum_rshift(tmp, 2, tmp) < 0 || ++ /* res = sqrt(val) */ ++ crypto_bignum_exptmod(val, tmp, prime, res) < 0) ++ ret = -1; ++ ++ crypto_bignum_deinit(tmp, 0); ++ crypto_bignum_deinit(one, 0); ++ return ret; ++} +diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h +index ec3dd593eda4..84d67f575c54 100644 +--- a/src/common/dragonfly.h ++++ b/src/common/dragonfly.h +@@ -27,5 +27,7 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order, + struct crypto_bignum *_rand, + struct crypto_bignum *_mask, + struct crypto_bignum *scalar); ++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val, ++ struct crypto_bignum *res); + + #endif /* DRAGONFLY_H */ +-- +2.25.1 + +From fe534b0baaa8c0e6ddeb24cf529d6e50e33dc501 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 7 Jan 2022 13:47:16 +0200 +Subject: [PATCH 3/4] SAE: Derive the y coordinate for PWE with own + implementation + +The crypto_ec_point_solve_y_coord() wrapper function might not use +constant time operations in the crypto library and as such, could leak +side channel information about the password that is used to generate the +PWE in the hunting and pecking loop. As such, calculate the two possible +y coordinate values and pick the correct one to use with constant time +selection. + +Signed-off-by: Jouni Malinen +--- + src/common/sae.c | 47 +++++++++++++++++++++++++++++++++-------------- + 1 file changed, 33 insertions(+), 14 deletions(-) + +diff --git a/src/common/sae.c b/src/common/sae.c +index 08fdbfd18173..8d79ed962768 100644 +--- a/src/common/sae.c ++++ b/src/common/sae.c +@@ -286,14 +286,16 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, + int pwd_seed_odd = 0; + u8 prime[SAE_MAX_ECC_PRIME_LEN]; + size_t prime_len; +- struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL; ++ struct crypto_bignum *x = NULL, *y = NULL, *qr = NULL, *qnr = NULL; + u8 x_bin[SAE_MAX_ECC_PRIME_LEN]; + u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN]; + u8 qr_bin[SAE_MAX_ECC_PRIME_LEN]; + u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN]; ++ u8 x_y[2 * SAE_MAX_ECC_PRIME_LEN]; + int res = -1; + u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_* + * mask */ ++ unsigned int is_eq; + + os_memset(x_bin, 0, sizeof(x_bin)); + +@@ -402,25 +404,42 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, + goto fail; + } + +- if (!sae->tmp->pwe_ecc) +- sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec); +- if (!sae->tmp->pwe_ecc) +- res = -1; +- else +- res = crypto_ec_point_solve_y_coord(sae->tmp->ec, +- sae->tmp->pwe_ecc, x, +- pwd_seed_odd); +- if (res < 0) { +- /* +- * This should not happen since we already checked that there +- * is a result. +- */ ++ /* y = sqrt(x^3 + ax + b) mod p ++ * if LSB(save) == LSB(y): PWE = (x, y) ++ * else: PWE = (x, p - y) ++ * ++ * Calculate y and the two possible values for PWE and after that, ++ * use constant time selection to copy the correct alternative. ++ */ ++ y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x); ++ if (!y || ++ dragonfly_sqrt(sae->tmp->ec, y, y) < 0 || ++ crypto_bignum_to_bin(y, x_y, SAE_MAX_ECC_PRIME_LEN, ++ prime_len) < 0 || ++ crypto_bignum_sub(sae->tmp->prime, y, y) < 0 || ++ crypto_bignum_to_bin(y, x_y + SAE_MAX_ECC_PRIME_LEN, ++ SAE_MAX_ECC_PRIME_LEN, prime_len) < 0) { + wpa_printf(MSG_DEBUG, "SAE: Could not solve y"); ++ goto fail; ++ } ++ ++ is_eq = const_time_eq(pwd_seed_odd, x_y[prime_len - 1] & 0x01); ++ const_time_select_bin(is_eq, x_y, x_y + SAE_MAX_ECC_PRIME_LEN, ++ prime_len, x_y + prime_len); ++ os_memcpy(x_y, x_bin, prime_len); ++ wpa_hexdump_key(MSG_DEBUG, "SAE: PWE", x_y, 2 * prime_len); ++ crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1); ++ sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y); ++ if (!sae->tmp->pwe_ecc) { ++ wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE"); ++ res = -1; + } + + fail: ++ forced_memzero(x_y, sizeof(x_y)); + crypto_bignum_deinit(qr, 0); + crypto_bignum_deinit(qnr, 0); ++ crypto_bignum_deinit(y, 1); + os_free(dummy_password); + bin_clear_free(tmp_password, password_len); + crypto_bignum_deinit(x, 1); +-- +2.25.1 + +From 603cd880e7f90595482658a7136fa6a7be5cb485 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 7 Jan 2022 18:52:27 +0200 +Subject: [PATCH 4/4] EAP-pwd: Derive the y coordinate for PWE with own + implementation + +The crypto_ec_point_solve_y_coord() wrapper function might not use +constant time operations in the crypto library and as such, could leak +side channel information about the password that is used to generate the +PWE in the hunting and pecking loop. As such, calculate the two possible +y coordinate values and pick the correct one to use with constant time +selection. + +Signed-off-by: Jouni Malinen +--- + src/eap_common/eap_pwd_common.c | 46 ++++++++++++++++++++++++++------- + 1 file changed, 36 insertions(+), 10 deletions(-) + +diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c +index 2b2b8efdbd01..ff22b29b087a 100644 +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -127,7 +127,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN]; + u8 x_bin[MAX_ECC_PRIME_LEN]; + u8 prime_bin[MAX_ECC_PRIME_LEN]; +- struct crypto_bignum *tmp2 = NULL; ++ u8 x_y[2 * MAX_ECC_PRIME_LEN]; ++ struct crypto_bignum *tmp2 = NULL, *y = NULL; + struct crypto_hash *hash; + unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr; + int ret = 0, res; +@@ -139,6 +140,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + u8 found_ctr = 0, is_odd = 0; + int cmp_prime; + unsigned int in_range; ++ unsigned int is_eq; + + if (grp->pwe) + return -1; +@@ -151,11 +153,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin), + primebytelen) < 0) + return -1; +- grp->pwe = crypto_ec_point_init(grp->group); +- if (!grp->pwe) { +- wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums"); +- goto fail; +- } + + if ((prfbuf = os_malloc(primebytelen)) == NULL) { + wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf " +@@ -261,10 +258,37 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + */ + crypto_bignum_deinit(x_candidate, 1); + x_candidate = crypto_bignum_init_set(x_bin, primebytelen); +- if (!x_candidate || +- crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate, +- is_odd) != 0) { +- wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y"); ++ if (!x_candidate) ++ goto fail; ++ ++ /* y = sqrt(x^3 + ax + b) mod p ++ * if LSB(y) == LSB(pwd-seed): PWE = (x, y) ++ * else: PWE = (x, p - y) ++ * ++ * Calculate y and the two possible values for PWE and after that, ++ * use constant time selection to copy the correct alternative. ++ */ ++ y = crypto_ec_point_compute_y_sqr(grp->group, x_candidate); ++ if (!y || ++ dragonfly_sqrt(grp->group, y, y) < 0 || ++ crypto_bignum_to_bin(y, x_y, MAX_ECC_PRIME_LEN, primebytelen) < 0 || ++ crypto_bignum_sub(prime, y, y) < 0 || ++ crypto_bignum_to_bin(y, x_y + MAX_ECC_PRIME_LEN, ++ MAX_ECC_PRIME_LEN, primebytelen) < 0) { ++ wpa_printf(MSG_DEBUG, "SAE: Could not solve y"); ++ goto fail; ++ } ++ ++ /* Constant time selection of the y coordinate from the two ++ * options */ ++ is_eq = const_time_eq(is_odd, x_y[primebytelen - 1] & 0x01); ++ const_time_select_bin(is_eq, x_y, x_y + MAX_ECC_PRIME_LEN, ++ primebytelen, x_y + primebytelen); ++ os_memcpy(x_y, x_bin, primebytelen); ++ wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: PWE", x_y, 2 * primebytelen); ++ grp->pwe = crypto_ec_point_from_bin(grp->group, x_y); ++ if (!grp->pwe) { ++ wpa_printf(MSG_DEBUG, "EAP-pwd: Could not generate PWE"); + goto fail; + } + +@@ -289,6 +313,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + /* cleanliness and order.... */ + crypto_bignum_deinit(x_candidate, 1); + crypto_bignum_deinit(tmp2, 1); ++ crypto_bignum_deinit(y, 1); + crypto_bignum_deinit(qr, 1); + crypto_bignum_deinit(qnr, 1); + bin_clear_free(prfbuf, primebytelen); +@@ -296,6 +321,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num, + os_memset(qnr_bin, 0, sizeof(qnr_bin)); + os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin)); + os_memset(pwe_digest, 0, sizeof(pwe_digest)); ++ forced_memzero(x_y, sizeof(x_y)); + + return ret; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index cddcfb6811..a8fb34b1a1 100644 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -33,6 +33,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://CVE-2021-0326.patch \ file://CVE-2021-27803.patch \ file://CVE-2021-30004.patch \ + file://CVE-2022-23303-4.patch \ " SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb index aabeee882c..3d569881e8 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb @@ -206,6 +206,3 @@ do_install_ptest () { } FILES_${PN}-ptest += "${bindir}/getlimits" - -# These are specific to Opensuse -CVE_WHITELIST += "CVE-2013-0221 CVE-2013-0222 CVE-2013-0223" diff --git a/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch index d6bafba0ff..b1a726d9a8 100644 --- a/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch +++ b/poky/meta/recipes-core/expat/expat/CVE-2021-46143.patch @@ -4,6 +4,12 @@ Date: Sat, 25 Dec 2021 20:52:08 +0100 Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b + +CVE: CVE-2021-46143 + +Signed-off-by: Steve Sakoman --- expat/lib/xmlparse.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/poky/meta/recipes-core/expat/expat/CVE-2022-23852.patch b/poky/meta/recipes-core/expat/expat/CVE-2022-23852.patch new file mode 100644 index 0000000000..41425c108b --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2022-23852.patch @@ -0,0 +1,33 @@ +From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Sat, 22 Jan 2022 17:48:00 +0100 +Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer + (CVE-2022-23852) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 + +CVE: CVE-2022-23852 + +Signed-off-by: Steve Sakoman + +--- + expat/lib/xmlparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d54af683..5ce31402 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) { + keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer); + if (keep > XML_CONTEXT_BYTES) + keep = XML_CONTEXT_BYTES; ++ /* Detect and prevent integer overflow */ ++ if (keep > INT_MAX - neededSize) { ++ parser->m_errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } + neededSize += keep; + #endif /* defined XML_CONTEXT_BYTES */ + if (neededSize diff --git a/poky/meta/recipes-core/expat/expat/CVE-2022-23990.patch b/poky/meta/recipes-core/expat/expat/CVE-2022-23990.patch new file mode 100644 index 0000000000..c599517b3e --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2022-23990.patch @@ -0,0 +1,49 @@ +From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Wed, 26 Jan 2022 02:36:43 +0100 +Subject: [PATCH] lib: Prevent integer overflow in doProlog (CVE-2022-23990) + +The change from "int nameLen" to "size_t nameLen" +addresses the overflow on "nameLen++" in code +"for (; name[nameLen++];)" right above the second +change in the patch. + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1 + +CVE: CVE-2022-23990 + +Signed-off-by: Steve Sakoman + +--- + lib/xmlparse.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/lib/xmlparse.c b/expat/lib/xmlparse.c +index 5ce31402..d1d17005 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + if (dtd->in_eldecl) { + ELEMENT_TYPE *el; + const XML_Char *name; +- int nameLen; ++ size_t nameLen; + const char *nxt + = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar); + int myindex = nextScaffoldPart(parser); +@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + nameLen = 0; + for (; name[nameLen++];) + ; +- dtd->contentStringLen += nameLen; ++ ++ /* Detect and prevent integer overflow */ ++ if (nameLen > UINT_MAX - dtd->contentStringLen) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ ++ dtd->contentStringLen += (unsigned)nameLen; + if (parser->m_elementDeclHandler) + handleDefault = XML_FALSE; + } diff --git a/poky/meta/recipes-core/expat/expat/CVE-2022-25235.patch b/poky/meta/recipes-core/expat/expat/CVE-2022-25235.patch new file mode 100644 index 0000000000..be9182a5c1 --- /dev/null +++ b/poky/meta/recipes-core/expat/expat/CVE-2022-25235.patch @@ -0,0 +1,283 @@ +From ee2a5b50e7d1940ba8745715b62ceb9efd3a96da Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Tue, 8 Feb 2022 17:37:14 +0100 +Subject: [PATCH] lib: Drop unused macro UTF8_GET_NAMING + +Upstream-Status: Backport +https://github.com/libexpat/libexpat/pull/562/commits + +CVE: CVE-2022-25235 + +Signed-off-by: Steve Sakoman + +--- + expat/lib/xmltok.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/lib/xmltok.c b/lib/xmltok.c +index a72200e8..3bddf125 100644 +--- a/lib/xmltok.c ++++ b/lib/xmltok.c +@@ -95,11 +95,6 @@ + + ((((byte)[1]) & 3) << 1) + ((((byte)[2]) >> 5) & 1)] \ + & (1u << (((byte)[2]) & 0x1F))) + +-#define UTF8_GET_NAMING(pages, p, n) \ +- ((n) == 2 \ +- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \ +- : ((n) == 3 ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) : 0)) +- + /* Detection of invalid UTF-8 sequences is based on Table 3.1B + of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/ + with the additional restriction of not allowing the Unicode +From 3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Tue, 8 Feb 2022 04:32:20 +0100 +Subject: [PATCH] lib: Add missing validation of encoding (CVE-2022-25235) + +--- + expat/lib/xmltok_impl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c +index 0430591b4..64a3b2c15 100644 +--- a/lib/xmltok_impl.c ++++ b/lib/xmltok_impl.c +@@ -61,7 +61,7 @@ + case BT_LEAD##n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ +- if (! IS_NAME_CHAR(enc, ptr, n)) { \ ++ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ +@@ -90,7 +90,7 @@ + case BT_LEAD##n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ +- if (! IS_NMSTRT_CHAR(enc, ptr, n)) { \ ++ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ +@@ -1134,6 +1134,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, + case BT_LEAD##n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ ++ if (IS_INVALID_CHAR(enc, ptr, n)) { \ ++ *nextTokPtr = ptr; \ ++ return XML_TOK_INVALID; \ ++ } \ + if (IS_NMSTRT_CHAR(enc, ptr, n)) { \ + ptr += n; \ + tok = XML_TOK_NAME; \ +From c85a3025e7a1be086dc34e7559fbc543914d047f Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Wed, 9 Feb 2022 01:00:38 +0100 +Subject: [PATCH] lib: Add comments to BT_LEAD* cases where encoding has + already been validated + +--- + expat/lib/xmltok_impl.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c +index 64a3b2c1..84ff35f9 100644 +--- a/lib/xmltok_impl.c ++++ b/lib/xmltok_impl.c +@@ -1266,7 +1266,7 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr, const char *end, + switch (BYTE_TYPE(enc, ptr)) { + # define LEAD_CASE(n) \ + case BT_LEAD##n: \ +- ptr += n; \ ++ ptr += n; /* NOTE: The encoding has already been validated. */ \ + break; + LEAD_CASE(2) + LEAD_CASE(3) +@@ -1335,7 +1335,7 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr, const char *end, + switch (BYTE_TYPE(enc, ptr)) { + # define LEAD_CASE(n) \ + case BT_LEAD##n: \ +- ptr += n; \ ++ ptr += n; /* NOTE: The encoding has already been validated. */ \ + break; + LEAD_CASE(2) + LEAD_CASE(3) +@@ -1514,7 +1514,7 @@ PREFIX(getAtts)(const ENCODING *enc, const char *ptr, int attsMax, + state = inName; \ + } + # define LEAD_CASE(n) \ +- case BT_LEAD##n: \ ++ case BT_LEAD##n: /* NOTE: The encoding has already been validated. */ \ + START_NAME ptr += (n - MINBPC(enc)); \ + break; + LEAD_CASE(2) +@@ -1726,7 +1726,7 @@ PREFIX(nameLength)(const ENCODING *enc, const char *ptr) { + switch (BYTE_TYPE(enc, ptr)) { + # define LEAD_CASE(n) \ + case BT_LEAD##n: \ +- ptr += n; \ ++ ptr += n; /* NOTE: The encoding has already been validated. */ \ + break; + LEAD_CASE(2) + LEAD_CASE(3) +@@ -1771,7 +1771,7 @@ PREFIX(updatePosition)(const ENCODING *enc, const char *ptr, const char *end, + switch (BYTE_TYPE(enc, ptr)) { + # define LEAD_CASE(n) \ + case BT_LEAD##n: \ +- ptr += n; \ ++ ptr += n; /* NOTE: The encoding has already been validated. */ \ + break; + LEAD_CASE(2) + LEAD_CASE(3) +From 6a5510bc6b7efe743356296724e0b38300f05379 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Tue, 8 Feb 2022 04:06:21 +0100 +Subject: [PATCH] tests: Cover missing validation of encoding (CVE-2022-25235) + +--- + expat/tests/runtests.c | 109 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 109 insertions(+) + +diff --git a/tests/runtests.c b/tests/runtests.c +index bc5344b1..9b155b82 100644 +--- a/tests/runtests.c ++++ b/tests/runtests.c +@@ -5998,6 +5998,105 @@ START_TEST(test_utf8_in_cdata_section_2) { + } + END_TEST + ++START_TEST(test_utf8_in_start_tags) { ++ struct test_case { ++ bool goodName; ++ bool goodNameStart; ++ const char *tagName; ++ }; ++ ++ // The idea with the tests below is this: ++ // We want to cover 1-, 2- and 3-byte sequences, 4-byte sequences ++ // go to isNever and are hence not a concern. ++ // ++ // We start with a character that is a valid name character ++ // (or even name-start character, see XML 1.0r4 spec) and then we flip ++ // single bits at places where (1) the result leaves the UTF-8 encoding space ++ // and (2) we stay in the same n-byte sequence family. ++ // ++ // The flipped bits are highlighted in angle brackets in comments, ++ // e.g. "[<1>011 1001]" means we had [0011 1001] but we now flipped ++ // the most significant bit to 1 to leave UTF-8 encoding space. ++ struct test_case cases[] = { ++ // 1-byte UTF-8: [0xxx xxxx] ++ {true, true, "\x3A"}, // [0011 1010] = ASCII colon ':' ++ {false, false, "\xBA"}, // [<1>011 1010] ++ {true, false, "\x39"}, // [0011 1001] = ASCII nine '9' ++ {false, false, "\xB9"}, // [<1>011 1001] ++ ++ // 2-byte UTF-8: [110x xxxx] [10xx xxxx] ++ {true, true, "\xDB\xA5"}, // [1101 1011] [1010 0101] = ++ // Arabic small waw U+06E5 ++ {false, false, "\x9B\xA5"}, // [1<0>01 1011] [1010 0101] ++ {false, false, "\xDB\x25"}, // [1101 1011] [<0>010 0101] ++ {false, false, "\xDB\xE5"}, // [1101 1011] [1<1>10 0101] ++ {true, false, "\xCC\x81"}, // [1100 1100] [1000 0001] = ++ // combining char U+0301 ++ {false, false, "\x8C\x81"}, // [1<0>00 1100] [1000 0001] ++ {false, false, "\xCC\x01"}, // [1100 1100] [<0>000 0001] ++ {false, false, "\xCC\xC1"}, // [1100 1100] [1<1>00 0001] ++ ++ // 3-byte UTF-8: [1110 xxxx] [10xx xxxx] [10xxxxxx] ++ {true, true, "\xE0\xA4\x85"}, // [1110 0000] [1010 0100] [1000 0101] = ++ // Devanagari Letter A U+0905 ++ {false, false, "\xA0\xA4\x85"}, // [1<0>10 0000] [1010 0100] [1000 0101] ++ {false, false, "\xE0\x24\x85"}, // [1110 0000] [<0>010 0100] [1000 0101] ++ {false, false, "\xE0\xE4\x85"}, // [1110 0000] [1<1>10 0100] [1000 0101] ++ {false, false, "\xE0\xA4\x05"}, // [1110 0000] [1010 0100] [<0>000 0101] ++ {false, false, "\xE0\xA4\xC5"}, // [1110 0000] [1010 0100] [1<1>00 0101] ++ {true, false, "\xE0\xA4\x81"}, // [1110 0000] [1010 0100] [1000 0001] = ++ // combining char U+0901 ++ {false, false, "\xA0\xA4\x81"}, // [1<0>10 0000] [1010 0100] [1000 0001] ++ {false, false, "\xE0\x24\x81"}, // [1110 0000] [<0>010 0100] [1000 0001] ++ {false, false, "\xE0\xE4\x81"}, // [1110 0000] [1<1>10 0100] [1000 0001] ++ {false, false, "\xE0\xA4\x01"}, // [1110 0000] [1010 0100] [<0>000 0001] ++ {false, false, "\xE0\xA4\xC1"}, // [1110 0000] [1010 0100] [1<1>00 0001] ++ }; ++ const bool atNameStart[] = {true, false}; ++ ++ size_t i = 0; ++ char doc[1024]; ++ size_t failCount = 0; ++ ++ for (; i < sizeof(cases) / sizeof(cases[0]); i++) { ++ size_t j = 0; ++ for (; j < sizeof(atNameStart) / sizeof(atNameStart[0]); j++) { ++ const bool expectedSuccess ++ = atNameStart[j] ? cases[i].goodNameStart : cases[i].goodName; ++ sprintf(doc, "<%s%s> %ju\n", argv[2], (uintmax_t) n); ++ return EXIT_SUCCESS; ++ } ++ } ++ + else { + fprintf(stderr, "usage: %1$s --size [suffix]\n" +- " %1$s --cmp-paths \n", ++ " %1$s --cmp-paths \n" ++ " %1$s --num2num \n", + argv[0]); + exit(EXIT_FAILURE); + } diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 731f0618eb..89dc564ecb 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.35.1.bb @@ -12,6 +12,10 @@ SRC_URI += "file://configure-sbindir.patch \ file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ file://0001-include-cleanup-pidfd-inckudes.patch \ file://CVE-2021-37600.patch \ + file://include-strutils-cleanup-strto-functions.patch \ + file://CVE-2021-3995.patch \ + file://CVE-2021-3996.patch \ + file://CVE-2022-0563.patch \ " SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" diff --git a/poky/meta/recipes-devtools/apt/apt.inc b/poky/meta/recipes-devtools/apt/apt.inc index 3c4fc6df07..ba827848a7 100644 --- a/poky/meta/recipes-devtools/apt/apt.inc +++ b/poky/meta/recipes-devtools/apt/apt.inc @@ -18,6 +18,7 @@ SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/${BPN}/${P file://0001-environment.mak-musl-based-systems-can-generate-shar.patch \ file://0001-apt-1.2.12-Fix-musl-build.patch \ file://0001-Include-array.h-for-std-array.patch \ + file://CVE-2020-3810.patch \ " SRC_URI[md5sum] = "d30eed9304e82ea8238c854b5c5a34d9" SRC_URI[sha256sum] = "03ded4f5e9b8d43ecec083704b2dcabf20c182ed382db9ac7251da0b0b038059" diff --git a/poky/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch b/poky/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch new file mode 100644 index 0000000000..cf1206a3fa --- /dev/null +++ b/poky/meta/recipes-devtools/apt/apt/CVE-2020-3810.patch @@ -0,0 +1,174 @@ +From dceb1e49e4b8e4dadaf056be34088b415939cda6 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 12 May 2020 11:49:09 +0200 +Subject: [PATCH] SECURITY UPDATE: Fix out of bounds read in .ar and .tar + implementation (CVE-2020-3810) + +When normalizing ar member names by removing trailing whitespace +and slashes, an out-out-bound read can be caused if the ar member +name consists only of such characters, because the code did not +stop at 0, but would wrap around and continue reading from the +stack, without any limit. + +Add a check to abort if we reached the first character in the +name, effectively rejecting the use of names consisting just +of slashes and spaces. + +Furthermore, certain error cases in arfile.cc and extracttar.cc have +included member names in the output that were not checked at all and +might hence not be nul terminated, leading to further out of bound reads. + +Fixes Debian/apt#111 +LP: #1878177 + +CVE: CVE-2020-3810 + +Upstream-Status: Backport: +https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 + +Signed-off-by: Davide Gardenal +--- +apt-inst/contrib/arfile.cc | 11 ++- +apt-inst/contrib/extracttar.cc | 2 +- +.../test-github-111-invalid-armember | 88 +++++++++++++++++++ + 3 files changed, 98 insertions(+), 3 deletions(-) + create mode 100755 test/integration/test-github-111-invalid-armember + +diff --git a/apt-inst/contrib/arfile.cc b/st/contrib/arfile.cc +index 3fc3afedb..5cb43c690 100644 +--- a/apt-inst/contrib/arfile.cc ++++ b/apt-inst/contrib/arfile.cc +@@ -92,7 +92,7 @@ bool ARArchive::LoadHeaders() + StrToNum(Head.Size,Memb->Size,sizeof(Head.Size)) == false) + { + delete Memb; +- return _error->Error(_("Invalid archive member header %s"), Head.Name); ++ return _error->Error(_("Invalid archive member header")); + } + + // Check for an extra long name string +@@ -119,7 +119,14 @@ bool ARArchive::LoadHeaders() + else + { + unsigned int I = sizeof(Head.Name) - 1; +- for (; Head.Name[I] == ' ' || Head.Name[I] == '/'; I--); ++ for (; Head.Name[I] == ' ' || Head.Name[I] == '/'; I--) ++ { ++ if (I == 0) ++ { ++ delete Memb; ++ return _error->Error(_("Invalid archive member header")); ++ } ++ } + Memb->Name = std::string(Head.Name,I+1); + } + +diff --git a/apt-inst/contrib/extracttar.cc b/apt-inst/contrib/extracttar.cc +index 9bb0a55c0..b22f59dbc 100644 +--- a/apt-inst/contrib/extracttar.cc ++++ b/apt-inst/contrib/extracttar.cc +@@ -254,7 +254,7 @@ bool ExtractTar::Go(pkgDirStream &Stream) + + default: + BadRecord = true; +- _error->Warning(_("Unknown TAR header type %u, member %s"),(unsigned)Tar->LinkFlag,Tar->Name); ++ _error->Warning(_("Unknown TAR header type %u"), (unsigned)Tar->LinkFlag); + break; + } + +diff --git a/test/integration/test-github-111-invalid-armember b/test/integration/test-github-111-invalid-armember +new file mode 100755 +index 000000000..ec2163bf6 +--- /dev/null ++++ b/test/integration/test-github-111-invalid-armember +@@ -0,0 +1,88 @@ ++#!/bin/sh ++set -e ++ ++TESTDIR="$(readlink -f "$(dirname "$0")")" ++. "$TESTDIR/framework" ++setupenvironment ++configarchitecture "amd64" ++setupaptarchive ++ ++# this used to crash, but it should treat it as an invalid member header ++touch ' ' ++ar -q test.deb ' ' ++testsuccessequal "E: Invalid archive member header" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++rm test.deb ++touch 'x' ++ar -q test.deb 'x' ++testsuccessequal "E: This is not a valid DEB archive, missing 'debian-binary' member" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++# [ other fields] - name is not nul terminated here, it ends in . ++msgmsg "Unterminated ar member name" ++printf '!\0120123456789ABCDE.A123456789A.01234.01234.0123456.012345678.0.' > test.deb ++testsuccessequal "E: Invalid archive member header" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb ++ ++ ++# unused source code for generating $tar below ++maketar() { ++ cat > maketar.c << EOF ++ #include ++ #include ++ struct tar { ++ char Name[100]; ++ char Mode[8]; ++ char UserID[8]; ++ char GroupID[8]; ++ char Size[12]; ++ char MTime[12]; ++ char Checksum[8]; ++ char LinkFlag; ++ char LinkName[100]; ++ char MagicNumber[8]; ++ char UserName[32]; ++ char GroupName[32]; ++ char Major[8]; ++ char Minor[8]; ++ }; ++ ++ int main(void) ++ { ++ union { ++ struct tar t; ++ char buf[512]; ++ } t; ++ for (int i = 0; i < sizeof(t.buf); i++) ++ t.buf[i] = '7'; ++ memcpy(t.t.Name, "unterminatedName", 16); ++ memcpy(t.t.UserName, "userName", 8); ++ memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); ++ t.t.LinkFlag = 'X'; // I AM BROKEN ++ memcpy(t.t.Size, "000000000000", sizeof(t.t.Size)); ++ memset(t.t.Checksum,' ',sizeof(t.t.Checksum)); ++ ++ unsigned long sum = 0; ++ for (int i = 0; i < sizeof(t.buf); i++) ++ sum += t.buf[i]; ++ ++ int written = sprintf(t.t.Checksum, "%lo", sum); ++ for (int i = written; i < sizeof(t.t.Checksum); i++) ++ t.t.Checksum[i] = ' '; ++ fwrite(t.buf, sizeof(t.buf), 1, stdout); ++ } ++EOF ++ ++ gcc maketar.c -o maketar -Wall ++ ./maketar ++} ++ ++ ++# ++tar="unterminatedName77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777700000000000077777777777773544 X777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777userName777777777777777777777777thisIsAGroupNamethisIsAGroupName777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777" ++printf '%s' "$tar" | gzip > control.tar.gz ++cp control.tar.gz data.tar.gz ++touch debian-binary ++rm test.deb ++ar -q test.deb debian-binary control.tar.gz data.tar.gz ++testsuccessequal "W: Unknown TAR header type 88" ${BUILDDIRECTORY}/../test/interactive-helper/testdeb test.deb +-- +GitLab diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc index 6104bec591..6a55de2d45 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -42,6 +42,7 @@ SRC_URI = "\ file://0015-sync-with-OE-libtool-changes.patch \ file://0016-Check-for-clang-before-checking-gcc-version.patch \ file://0017-binutils-drop-redundant-program_name-definition-fno-.patch \ + file://0018-Include-members-in-the-variable-table-used-when-reso.patch \ file://CVE-2020-0551.patch \ file://0001-gas-improve-reproducibility-for-stabs-debugging-data.patch \ file://CVE-2020-16592.patch \ @@ -50,5 +51,6 @@ SRC_URI = "\ file://CVE-2021-3487.patch \ file://CVE-2021-3549.patch \ file://CVE-2020-16593.patch \ + file://0001-CVE-2021-45078.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch new file mode 100644 index 0000000000..2af82477ac --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch @@ -0,0 +1,257 @@ +From 161e87d12167b1e36193385485c1f6ce92f74f02 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 15 Dec 2021 11:48:42 +1030 +Subject: [PATCH] PR28694, Out-of-bounds write in stab_xcoff_builtin_type + + PR 28694 + * stabs.c (stab_xcoff_builtin_type): Make typenum unsigned. + Negate typenum earlier, simplifying bounds checking. Correct + off-by-one indexing. Adjust switch cases. + + +CVE: CVE-2021-45078 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02] + +Signed-off-by: Sundeep KOKKONDA +Signed-off-by: Purushottam Choudhary +Signed-off-by: Purushottam Choudhary +--- + binutils/stabs.c | 87 ++++++++++++++++++++++++------------------------ + 1 file changed, 43 insertions(+), 44 deletions(-) + + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 274bfb0e7fa..83ee3ea5fa4 100644 +--- a/binutils/stabs.c ++++ b/binutils/stabs.c +@@ -202,7 +202,7 @@ static debug_type stab_find_type (void *, struct stab_handle *, const int *); + static bfd_boolean stab_record_type + (void *, struct stab_handle *, const int *, debug_type); + static debug_type stab_xcoff_builtin_type +- (void *, struct stab_handle *, int); ++ (void *, struct stab_handle *, unsigned int); + static debug_type stab_find_tagged_type + (void *, struct stab_handle *, const char *, int, enum debug_type_kind); + static debug_type *stab_demangle_argtypes +@@ -3496,166 +3496,167 @@ stab_record_type (void *dhandle ATTRIBUTE_UNUSED, struct stab_handle *info, + + static debug_type + stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info, +- int typenum) ++ unsigned int typenum) + { + debug_type rettype; + const char *name; + +- if (typenum >= 0 || typenum < -XCOFF_TYPE_COUNT) ++ typenum = -typenum - 1; ++ if (typenum >= XCOFF_TYPE_COUNT) + { +- fprintf (stderr, _("Unrecognized XCOFF type %d\n"), typenum); ++ fprintf (stderr, _("Unrecognized XCOFF type %d\n"), -typenum - 1); + return DEBUG_TYPE_NULL; + } +- if (info->xcoff_types[-typenum] != NULL) +- return info->xcoff_types[-typenum]; ++ if (info->xcoff_types[typenum] != NULL) ++ return info->xcoff_types[typenum]; + +- switch (-typenum) ++ switch (typenum) + { +- case 1: ++ case 0: + /* The size of this and all the other types are fixed, defined + by the debugging format. */ + name = "int"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +- case 2: ++ case 1: + name = "char"; + rettype = debug_make_int_type (dhandle, 1, FALSE); + break; +- case 3: ++ case 2: + name = "short"; + rettype = debug_make_int_type (dhandle, 2, FALSE); + break; +- case 4: ++ case 3: + name = "long"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +- case 5: ++ case 4: + name = "unsigned char"; + rettype = debug_make_int_type (dhandle, 1, TRUE); + break; +- case 6: ++ case 5: + name = "signed char"; + rettype = debug_make_int_type (dhandle, 1, FALSE); + break; +- case 7: ++ case 6: + name = "unsigned short"; + rettype = debug_make_int_type (dhandle, 2, TRUE); + break; +- case 8: ++ case 7: + name = "unsigned int"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +- case 9: ++ case 8: + name = "unsigned"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +- case 10: ++ case 9: + name = "unsigned long"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +- case 11: ++ case 10: + name = "void"; + rettype = debug_make_void_type (dhandle); + break; +- case 12: ++ case 11: + /* IEEE single precision (32 bit). */ + name = "float"; + rettype = debug_make_float_type (dhandle, 4); + break; +- case 13: ++ case 12: + /* IEEE double precision (64 bit). */ + name = "double"; + rettype = debug_make_float_type (dhandle, 8); + break; +- case 14: ++ case 13: + /* This is an IEEE double on the RS/6000, and different machines + with different sizes for "long double" should use different + negative type numbers. See stabs.texinfo. */ + name = "long double"; + rettype = debug_make_float_type (dhandle, 8); + break; +- case 15: ++ case 14: + name = "integer"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +- case 16: ++ case 15: + name = "boolean"; + rettype = debug_make_bool_type (dhandle, 4); + break; +- case 17: ++ case 16: + name = "short real"; + rettype = debug_make_float_type (dhandle, 4); + break; +- case 18: ++ case 17: + name = "real"; + rettype = debug_make_float_type (dhandle, 8); + break; +- case 19: ++ case 18: + /* FIXME */ + name = "stringptr"; + rettype = NULL; + break; +- case 20: ++ case 19: + /* FIXME */ + name = "character"; + rettype = debug_make_int_type (dhandle, 1, TRUE); + break; +- case 21: ++ case 20: + name = "logical*1"; + rettype = debug_make_bool_type (dhandle, 1); + break; +- case 22: ++ case 21: + name = "logical*2"; + rettype = debug_make_bool_type (dhandle, 2); + break; +- case 23: ++ case 22: + name = "logical*4"; + rettype = debug_make_bool_type (dhandle, 4); + break; +- case 24: ++ case 23: + name = "logical"; + rettype = debug_make_bool_type (dhandle, 4); + break; +- case 25: ++ case 24: + /* Complex type consisting of two IEEE single precision values. */ + name = "complex"; + rettype = debug_make_complex_type (dhandle, 8); + break; +- case 26: ++ case 25: + /* Complex type consisting of two IEEE double precision values. */ + name = "double complex"; + rettype = debug_make_complex_type (dhandle, 16); + break; +- case 27: ++ case 26: + name = "integer*1"; + rettype = debug_make_int_type (dhandle, 1, FALSE); + break; +- case 28: ++ case 27: + name = "integer*2"; + rettype = debug_make_int_type (dhandle, 2, FALSE); + break; +- case 29: ++ case 28: + name = "integer*4"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +- case 30: ++ case 29: + /* FIXME */ + name = "wchar"; + rettype = debug_make_int_type (dhandle, 2, FALSE); + break; +- case 31: ++ case 30: + name = "long long"; + rettype = debug_make_int_type (dhandle, 8, FALSE); + break; +- case 32: ++ case 31: + name = "unsigned long long"; + rettype = debug_make_int_type (dhandle, 8, TRUE); + break; +- case 33: ++ case 32: + name = "logical*8"; + rettype = debug_make_bool_type (dhandle, 8); + break; +- case 34: ++ case 33: + name = "integer*8"; + rettype = debug_make_int_type (dhandle, 8, FALSE); + break; +@@ -3664,9 +3665,7 @@ stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info, + } + + rettype = debug_name_type (dhandle, name, rettype); +- +- info->xcoff_types[-typenum] = rettype; +- ++ info->xcoff_types[typenum] = rettype; + return rettype; + } + +-- +2.27.0 + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch b/poky/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch new file mode 100644 index 0000000000..dc1e09d46b --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch @@ -0,0 +1,32 @@ +From bf2252dca8c76e4c1f1c2dbf98dab7ffc9f5e5af Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Sat, 29 Aug 2020 08:03:15 +0100 +Subject: [PATCH] Include members in the variable table used when resolving + DW_AT_specification tags. + + PR 26520 + * dwarf2.c (scan_unit_for_symbols): Add member entries to the + variable table. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6f04d55f681149a69102a73937d0987719c3f16] +--- + bfd/dwarf2.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index dd3568a8532..ef2f6a3c63c 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -3248,7 +3248,8 @@ scan_unit_for_symbols (struct comp_unit *unit) + else + { + func = NULL; +- if (abbrev->tag == DW_TAG_variable) ++ if (abbrev->tag == DW_TAG_variable ++ || abbrev->tag == DW_TAG_member) + { + bfd_size_type amt = sizeof (struct varinfo); + var = (struct varinfo *) bfd_zalloc (abfd, amt); +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index 66bd897a9a..7f05bd1b0b 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -144,7 +144,7 @@ do_install () { PACKAGES =+ "pybootchartgui" FILES_pybootchartgui += "${PYTHON_SITEPACKAGES_DIR}/pybootchartgui ${bindir}/pybootchartgui" -RDEPENDS_pybootchartgui = "python3-pycairo python3-compression python3-image python3-shell python3-compression python3-codecs" +RDEPENDS_pybootchartgui = "python3-pycairo python3-compression python3-image python3-math python3-shell python3-compression python3-codecs" RDEPENDS_${PN}_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'sysvinit-pidof', 'procps', d)}" RDEPENDS_${PN}_class-target += "lsb-release" DEPENDS_append_class-native = " python3-pycairo-native" diff --git a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake index 398069eef2..f8af79ddd5 100644 --- a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake +++ b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -2,7 +2,6 @@ set( CMAKE_SYSTEM_NAME Linux ) set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE ) set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS} CACHE STRING "" FORCE ) set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) -set( CMAKE_LDFLAGS_FLAGS ${CMAKE_CXX_FLAGS} CACHE STRING "" FORCE ) set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} ) set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} ) diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc index 45fb9720ee..57e4665a34 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc @@ -3,7 +3,7 @@ DESCRIPTION = "The Ext2 Filesystem Utilities (e2fsprogs) contain all of the stan fixing, configuring , and debugging ext2 filesystems." HOMEPAGE = "http://e2fsprogs.sourceforge.net/" -LICENSE = "GPLv2 & LGPLv2 & BSD & MIT" +LICENSE = "GPLv2 & LGPLv2 & BSD-3-Clause & MIT" LICENSE_e2fsprogs-dumpe2fs = "GPLv2" LICENSE_e2fsprogs-e2fsck = "GPLv2" LICENSE_e2fsprogs-mke2fs = "GPLv2" diff --git a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb index df8947e425..05cd6a1e63 100644 --- a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb +++ b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb @@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1" SRCREV = "5256817ace8493502ec88501a19e4051c2e220b0" PV = "20200117+git${SRCPV}" -SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \ +SRC_URI = "git://git.savannah.gnu.org/git/config.git;protocol=https;branch=master \ file://gnu-configize.in" S = "${WORKDIR}/git" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-devtools/go/go-1.14.inc b/poky/meta/recipes-devtools/go/go-1.14.inc index abc6f42184..08d547a837 100644 --- a/poky/meta/recipes-devtools/go/go-1.14.inc +++ b/poky/meta/recipes-devtools/go/go-1.14.inc @@ -19,7 +19,11 @@ SRC_URI += "\ file://CVE-2021-34558.patch \ file://CVE-2021-33196.patch \ file://CVE-2021-33197.patch \ + file://CVE-2021-38297.patch \ + file://CVE-2022-23806.patch \ + file://CVE-2022-23772.patch \ " + SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch new file mode 100644 index 0000000000..24ceabf808 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch @@ -0,0 +1,97 @@ +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001 +From: Michael Knyszek +Date: Thu, 2 Sep 2021 16:51:59 -0400 +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let + command line args overwrite global data + +On Wasm, wasm_exec.js puts command line arguments at the beginning +of the linear memory (following the "zero page"). Currently there +is no limit for this, and a very long command line can overwrite +the program's data section. Prevent this by limiting the command +line to 4096 bytes, and in the linker ensuring the data section +starts at a high enough address (8192). + +(Arguably our address assignment on Wasm is a bit confusing. This +is the minimum fix I can come up with.) + +Thanks to Ben Lubar for reporting this issue. + +Change by Cherry Mui . + +For #48797 +Fixes #48799 +Fixes CVE-2021-38297 + +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933 +Reviewed-by: Roland Shoemaker +Reviewed-by: Than McIntosh +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591 +Trust: Michael Knyszek +Reviewed-by: Heschi Kreinick + +CVE: CVE-2021-38297 + +Upstream-Status: Backport: +https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 + +Inline of ctxt.isWAsm followin this implemetation: +https://github.com/golang/go/blob/4548fcc8dfd933c237f29bba6f90040a85922564/src/cmd/link/internal/ld/target.go#L127 + +Signed-off-by: Davide Gardenal +--- + misc/wasm/wasm_exec.js | 7 +++++++ + src/cmd/link/internal/ld/data.go | 11 ++++++++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js +index 82041e6bb901..a0a264278b1b 100644 +--- a/misc/wasm/wasm_exec.js ++++ b/misc/wasm/wasm_exec.js +@@ -564,6 +564,13 @@ + offset += 8; + }); + ++ // The linker guarantees global data starts from at least wasmMinDataAddr. ++ // Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr. ++ const wasmMinDataAddr = 4096 + 4096; ++ if (offset >= wasmMinDataAddr) { ++ throw new Error("command line too long"); ++ } ++ + this._inst.exports.run(argc, argv); + if (this.exited) { + this._resolveExitPromise(); +diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go +index 52035e96301c..54a1d188cdb9 100644 +--- a/src/cmd/link/internal/ld/data.go ++++ b/src/cmd/link/internal/ld/data.go +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64 + return sect, n, va + } + ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js ++// to store command line args. Data sections starts from at least address 8192. ++// Keep in sync with wasm_exec.js. ++const wasmMinDataAddr = 4096 + 4096 ++ + // address assigns virtual addresses to all segments and sections and + // returns all segments in file order. + func (ctxt *Link) address() []*sym.Segment { +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment { + order = append(order, &Segtext) + Segtext.Rwx = 05 + Segtext.Vaddr = va +- for _, s := range Segtext.Sections { ++ for i, s := range Segtext.Sections { + va = uint64(Rnd(int64(va), int64(s.Align))) + s.Vaddr = va + va += s.Length ++ ++ if ctxt.Arch.Family == sys.Wasm && i == 0 && va < wasmMinDataAddr { ++ va = wasmMinDataAddr ++ } + } + + Segtext.Length = va - uint64(*FlagTextAddr) + \ No newline at end of file diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch new file mode 100644 index 0000000000..f0daee3624 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch @@ -0,0 +1,50 @@ +From 70882eedccac803ddcf1c3215e0ae8fd59847e39 Mon Sep 17 00:00:00 2001 +From: Katie Hockman +Date: Sat, 26 Feb 2022 20:03:38 +0000 +Subject: [PATCH] [release-branch.go1.16] math/big: prevent overflow in + (*Rat).SetString + +Credit to rsc@ for the original patch. + +Thanks to the OSS-Fuzz project for discovering this +issue and to Emmanuel Odeke (@odeke_et) for reporting it. + +Updates #50699 +Fixes #50700 +Fixes CVE-2022-23772 +--- + src/math/big/ratconv.go | 5 +++++ + src/math/big/ratconv_test.go | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go +index 941139e..e8cbdbe 100644 +--- a/src/math/big/ratconv.go ++++ b/src/math/big/ratconv.go +@@ -168,6 +168,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + n := exp5 + if n < 0 { + n = -n ++ if n < 0 { ++ // This can occur if -n overflows. -(-1 << 63) would become ++ // -1 << 63, which is still negative. ++ return nil, false ++ } + } + pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs + if exp5 > 0 { +diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go +index ba0d1ba..b820df4 100644 +--- a/src/math/big/ratconv_test.go ++++ b/src/math/big/ratconv_test.go +@@ -104,6 +104,7 @@ var setStringTests = []StringTest{ + {in: "4/3/"}, + {in: "4/3."}, + {in: "4/"}, ++ {in: "13e-9223372036854775808"}, // CVE-2022-23772 + + // valid + {"0", "0", true}, +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch new file mode 100644 index 0000000000..772acdcbf6 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch @@ -0,0 +1,142 @@ +From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Sat, 26 Feb 2022 10:40:57 +0000 +Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid + + field elements + +Updates #50974 +Fixes #50977 +Fixes CVE-2022-23806 + +Signed-off-by: Minjae Kim + +--- + src/crypto/elliptic/elliptic.go | 6 +++ + src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++ + src/crypto/elliptic/p224.go | 6 +++ + 3 files changed, 93 insertions(+) + +diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go +index e2f71cd..bd574a4 100644 +--- a/src/crypto/elliptic/elliptic.go ++++ b/src/crypto/elliptic/elliptic.go +@@ -53,6 +53,12 @@ func (curve *CurveParams) Params() *CurveParams { + } + + func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool { ++ ++ if x.Sign() < 0 || x.Cmp(curve.P) >= 0 || ++ y.Sign() < 0 || y.Cmp(curve.P) >= 0 { ++ return false ++ } ++ + // y² = x³ - 3x + b + y2 := new(big.Int).Mul(y, y) + y2.Mod(y2, curve.P) +diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go +index 09c5483..b13a620 100644 +--- a/src/crypto/elliptic/elliptic_test.go ++++ b/src/crypto/elliptic/elliptic_test.go +@@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) { + t.Errorf("Unmarshal accepts invalid Y coordinate") + } + } ++ ++func testAllCurves(t *testing.T, f func(*testing.T, Curve)) { ++ tests := []struct { ++ name string ++ curve Curve ++ }{ ++ {"P256", P256()}, ++ {"P256/Params", P256().Params()}, ++ {"P224", P224()}, ++ {"P224/Params", P224().Params()}, ++ {"P384", P384()}, ++ {"P384/Params", P384().Params()}, ++ {"P521", P521()}, ++ {"P521/Params", P521().Params()}, ++ } ++ if testing.Short() { ++ tests = tests[:1] ++ } ++ for _, test := range tests { ++ curve := test.curve ++ t.Run(test.name, func(t *testing.T) { ++ t.Parallel() ++ f(t, curve) ++ }) ++ } ++} ++ ++// TestInvalidCoordinates tests big.Int values that are not valid field elements ++// (negative or bigger than P). They are expected to return false from ++// IsOnCurve, all other behavior is undefined. ++func TestInvalidCoordinates(t *testing.T) { ++ testAllCurves(t, testInvalidCoordinates) ++} ++ ++func testInvalidCoordinates(t *testing.T, curve Curve) { ++ checkIsOnCurveFalse := func(name string, x, y *big.Int) { ++ if curve.IsOnCurve(x, y) { ++ t.Errorf("IsOnCurve(%s) unexpectedly returned true", name) ++ } ++ } ++ ++ p := curve.Params().P ++ _, x, y, _ := GenerateKey(curve, rand.Reader) ++ xx, yy := new(big.Int), new(big.Int) ++ ++ // Check if the sign is getting dropped. ++ xx.Neg(x) ++ checkIsOnCurveFalse("-x, y", xx, y) ++ yy.Neg(y) ++ checkIsOnCurveFalse("x, -y", x, yy) ++ ++ // Check if negative values are reduced modulo P. ++ xx.Sub(x, p) ++ checkIsOnCurveFalse("x-P, y", xx, y) ++ yy.Sub(y, p) ++ checkIsOnCurveFalse("x, y-P", x, yy) ++ ++ // Check if positive values are reduced modulo P. ++ xx.Add(x, p) ++ checkIsOnCurveFalse("x+P, y", xx, y) ++ yy.Add(y, p) ++ checkIsOnCurveFalse("x, y+P", x, yy) ++ ++ // Check if the overflow is dropped. ++ xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y) ++ yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535)) ++ checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy) ++ ++ // Check if P is treated like zero (if possible). ++ // y^2 = x^3 - 3x + B ++ // y = mod_sqrt(x^3 - 3x + B) ++ // y = mod_sqrt(B) if x = 0 ++ // If there is no modsqrt, there is no point with x = 0, can't test x = P. ++ if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil { ++ if !curve.IsOnCurve(big.NewInt(0), yy) { ++ t.Fatal("(0, mod_sqrt(B)) is not on the curve?") ++ } ++ checkIsOnCurveFalse("P, y", p, yy) ++ } ++} +diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go +index 8c76021..f1bfd7e 100644 +--- a/src/crypto/elliptic/p224.go ++++ b/src/crypto/elliptic/p224.go +@@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams { + } + + func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool { ++ ++ if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 || ++ bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 { ++ return false ++ } ++ + var x, y p224FieldElement + p224FromBig(&x, bigX) + p224FromBig(&y, bigY) diff --git a/poky/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb b/poky/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb index bc154bbdc5..ef2b292352 100644 --- a/poky/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb +++ b/poky/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb @@ -53,6 +53,7 @@ do_install_ptest() { chown -R root:root ${D}${PTEST_PATH}/samples } +RDEPENDS_${PN} += "perl-module-carp perl-module-file-spec" RDEPENDS_${PN}-ptest += "perl-module-filehandle perl-module-if perl-module-test perl-module-test-more" BBCLASSEXTEND="native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb index dbdf563f87..9f054c6024 100644 --- a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb +++ b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb @@ -1,5 +1,5 @@ DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." -HOMEPAGE = "https://pypi.org/project/Jinja/" +HOMEPAGE = "https://pypi.org/project/Jinja2/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" diff --git a/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch index c4fae09a5b..4ac0e140cc 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch @@ -14,17 +14,21 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196] Signed-off-by: Matthias Schoepfer %% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch + +Updated to apply after dea270a2a80214de22afadaaca2043d0d782eb7d + +Signed-off-by: Tim Orling --- configure.ac | 175 +++++++-------------------------------------------- 1 file changed, 21 insertions(+), 154 deletions(-) diff --git a/configure.ac b/configure.ac -index ede710e..bc81b0b 100644 +index de83332dd3..16b02d0798 100644 --- a/configure.ac +++ b/configure.ac -@@ -710,160 +710,27 @@ fi - MULTIARCH=$($CC --print-multiarch 2>/dev/null) - AC_SUBST(MULTIARCH) +@@ -719,160 +719,27 @@ then + fi + -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics]) -cat >> conftest.c </dev/null) -- -2.24.1 +2.32.0 diff --git a/poky/meta/recipes-devtools/python/python3_3.8.12.bb b/poky/meta/recipes-devtools/python/python3_3.8.12.bb deleted file mode 100644 index cfcc91b396..0000000000 --- a/poky/meta/recipes-devtools/python/python3_3.8.12.bb +++ /dev/null @@ -1,363 +0,0 @@ -SUMMARY = "The Python Programming Language" -HOMEPAGE = "http://www.python.org" -DESCRIPTION = "Python is a programming language that lets you work more quickly and integrate your systems more effectively." -LICENSE = "PSF-2.0 & BSD-0-Clause" -SECTION = "devel/python" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=c22d2438294c784731bf9dd224a467b7" - -SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ - file://run-ptest \ - file://create_manifest3.py \ - file://get_module_deps3.py \ - file://python3-manifest.json \ - file://check_build_completeness.py \ - file://cgi_py.patch \ - file://0001-Do-not-add-usr-lib-termcap-to-linker-flags-to-avoid-.patch \ - ${@bb.utils.contains('PACKAGECONFIG', 'tk', '', 'file://avoid_warning_about_tkinter.patch', d)} \ - file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \ - file://python-config.patch \ - file://0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch \ - file://0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch \ - file://0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch \ - file://0001-Lib-sysconfig.py-fix-another-place-where-lib-is-hard.patch \ - file://0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch \ - file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \ - file://crosspythonpath.patch \ - file://reformat_sysconfig.py \ - file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ - file://0001-test_locale.py-correct-the-test-output-format.patch \ - file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \ - file://0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch \ - file://0001-Makefile-do-not-compile-.pyc-in-parallel.patch \ - file://0001-configure.ac-fix-LIBPL.patch \ - file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ - file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ - file://makerace.patch \ - " - -SRC_URI_append_class-native = " \ - file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \ - file://12-distutils-prefix-is-inside-staging-area.patch \ - file://0001-Don-t-search-system-for-headers-libraries.patch \ - " - -SRC_URI[md5sum] = "9dd8f82e586b776383c82e27923f8795" -SRC_URI[sha256sum] = "b1d3a76420375343b5e8a22fceb1ac65b77193e9ed27146524f0a9db058728ea" - -# exclude pre-releases for both python 2.x and 3.x -UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" - -CVE_PRODUCT = "python" - -# Upstream consider this expected behaviour -CVE_CHECK_WHITELIST += "CVE-2007-4559" -# This is not exploitable when glibc has CVE-2016-10739 fixed. -CVE_CHECK_WHITELIST += "CVE-2019-18348" - -# This is windows only issue. -CVE_CHECK_WHITELIST += "CVE-2020-15523" - -PYTHON_MAJMIN = "3.8" - -S = "${WORKDIR}/Python-${PV}" - -BBCLASSEXTEND = "native nativesdk" - -inherit autotools pkgconfig qemu ptest multilib_header update-alternatives - -MULTILIB_SUFFIX = "${@d.getVar('base_libdir',1).split('/')[-1]}" - -ALTERNATIVE_${PN}-dev = "python3-config" -ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config" -ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" - - -DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive" -DEPENDS_append_class-target = " python3-native" -DEPENDS_append_class-nativesdk = " python3-native" - -EXTRA_OECONF = " --without-ensurepip --enable-shared" -EXTRA_OECONF_append_class-native = " --bindir=${bindir}/${PN}" - -export CROSSPYTHONPATH="${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/" - -EXTRANATIVEPATH += "python3-native" - -CACHED_CONFIGUREVARS = " \ - ac_cv_file__dev_ptmx=yes \ - ac_cv_file__dev_ptc=no \ - ac_cv_working_tzset=yes \ -" -python() { - # PGO currently causes builds to not be reproducible, so disable it for - # now. See YOCTO #13407 - if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) and d.getVar('BUILD_REPRODUCIBLE_BINARIES') != '1': - d.setVar('PACKAGECONFIG_PGO', 'pgo') - else: - d.setVar('PACKAGECONFIG_PGO', '') -} - -PACKAGECONFIG_class-target ??= "readline ${PACKAGECONFIG_PGO} gdbm" -PACKAGECONFIG_class-native ??= "readline gdbm" -PACKAGECONFIG_class-nativesdk ??= "readline gdbm" -PACKAGECONFIG[readline] = ",,readline" -# Use profile guided optimisation by running PyBench inside qemu-user -PACKAGECONFIG[pgo] = "--enable-optimizations,,qemu-native" -PACKAGECONFIG[tk] = ",,tk" -PACKAGECONFIG[gdbm] = ",,gdbm" - -do_configure_prepend () { - mkdir -p ${B}/Modules - cat > ${B}/Modules/Setup.local << EOF -*disabled* -${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)} -${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)} -EOF -} - -CPPFLAGS_append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" - -EXTRA_OEMAKE = '\ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - LIB=${baselib} \ -' - -do_compile_prepend_class-target() { - if ${@bb.utils.contains('PACKAGECONFIG', 'pgo', 'true', 'false', d)}; then - qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_TARGET}', ['${B}', '${STAGING_DIR_TARGET}/${base_libdir}'])}" - cat >pgo-wrapper < ${B}/Modules/Setup.local << EOF +*disabled* +${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)} +${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)} +EOF +} + +CPPFLAGS_append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" + +EXTRA_OEMAKE = '\ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + LIB=${baselib} \ +' + +do_compile_prepend_class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'pgo', 'true', 'false', d)}; then + qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_TARGET}', ['${B}', '${STAGING_DIR_TARGET}/${base_libdir}'])}" + cat >pgo-wrapper < +Date: Tue, 5 Jun 2018 22:28:51 -0300 +Subject: [PATCH 1/1] hw/sd/sdcard: Simplify realize() a bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +We don't need to check if sd->blk is set twice. + +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-18-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=6dd3a164f5b31c703c7d8372841ad3bd6a57de6d + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 1cc16bf..edd60a0 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -2105,12 +2105,12 @@ static void sd_realize(DeviceState *dev, Error **errp) + return; + } + +- if (sd->blk && blk_is_read_only(sd->blk)) { +- error_setg(errp, "Cannot use read-only drive as SD card"); +- return; +- } +- + if (sd->blk) { ++ if (blk_is_read_only(sd->blk)) { ++ error_setg(errp, "Cannot use read-only drive as SD card"); ++ return; ++ } ++ + ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, + BLK_PERM_ALL, errp); + if (ret < 0) { +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch new file mode 100644 index 0000000000..53145d059f --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_2.patch @@ -0,0 +1,112 @@ +From a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 7 Jul 2020 13:02:34 +0200 +Subject: [PATCH] hw/sd/sdcard: Do not allow invalid SD card sizes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +QEMU allows to create SD card with unrealistic sizes. This could +work, but some guests (at least Linux) consider sizes that are not +a power of 2 as a firmware bug and fix the card size to the next +power of 2. + +While the possibility to use small SD card images has been seen as +a feature, it became a bug with CVE-2020-13253, where the guest is +able to do OOB read/write accesses past the image size end. + +In a pair of commits we will fix CVE-2020-13253 as: + + Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + WP_VIOLATION errors are not modified: the error bit is set, we + stay in receive-data state, wait for a stop command. All further + data transfer is ignored. See the check on sd->card_status at the + beginning of sd_read_data() and sd_write_data(). + +While this is the correct behavior, in case QEMU create smaller SD +cards, guests still try to access past the image size end, and QEMU +considers this is an invalid address, thus "all further data transfer +is ignored". This is wrong and make the guest looping until +eventually timeouts. + +Fix by not allowing invalid SD card sizes (suggesting the expected +size as a hint): + + $ qemu-system-arm -M orangepi-pc -drive file=rootfs.ext2,if=sd,format=raw + qemu-system-arm: Invalid SD card size: 60 MiB + SD card size has to be a power of 2, e.g. 64 MiB. + You can resize disk images with 'qemu-img resize ' + (note that this will lose data if you make the image smaller than it currently is). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Reviewed-by: Peter Maydell +Message-Id: <20200713183209.26308-8-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36 + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index edd60a09c0..76d68359a4 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -32,6 +32,7 @@ + + #include "qemu/osdep.h" + #include "qemu/units.h" ++#include "qemu/cutils.h" + #include "hw/irq.h" + #include "hw/registerfields.h" + #include "sysemu/block-backend.h" +@@ -2106,11 +2107,35 @@ static void sd_realize(DeviceState *dev, Error **errp) + } + + if (sd->blk) { ++ int64_t blk_size; ++ + if (blk_is_read_only(sd->blk)) { + error_setg(errp, "Cannot use read-only drive as SD card"); + return; + } + ++ blk_size = blk_getlength(sd->blk); ++ if (blk_size > 0 && !is_power_of_2(blk_size)) { ++ int64_t blk_size_aligned = pow2ceil(blk_size); ++ char *blk_size_str; ++ ++ blk_size_str = size_to_str(blk_size); ++ error_setg(errp, "Invalid SD card size: %s", blk_size_str); ++ g_free(blk_size_str); ++ ++ blk_size_str = size_to_str(blk_size_aligned); ++ error_append_hint(errp, ++ "SD card size has to be a power of 2, e.g. %s.\n" ++ "You can resize disk images with" ++ " 'qemu-img resize '\n" ++ "(note that this will lose data if you make the" ++ " image smaller than it currently is).\n", ++ blk_size_str); ++ g_free(blk_size_str); ++ ++ return; ++ } ++ + ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, + BLK_PERM_ALL, errp); + if (ret < 0) { +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch new file mode 100644 index 0000000000..b512b2bd7f --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_3.patch @@ -0,0 +1,86 @@ +From 794d68de2f021a6d3874df41d6bbe8590ec05207 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Mon, 13 Jul 2020 09:27:35 +0200 +Subject: [PATCH] hw/sd/sdcard: Update coding style to make checkpatch.pl happy +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +To make the next commit easier to review, clean this code first. + +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Reviewed-by: Alexander Bulekov +Message-Id: <20200630133912.9428-3-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;f=hw/sd/sd.c;h=794d68de2f021a6d3874df41d6bbe8590ec05207 + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +--- a/hw/sd/sd.c (revision b0ca999a43a22b38158a222233d3f5881648bb4f) ++++ b/hw/sd/sd.c (date 1647514442924) +@@ -1154,8 +1154,9 @@ + sd->data_start = addr; + sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ } + return sd_r1; + + default: +@@ -1170,8 +1171,9 @@ + sd->data_start = addr; + sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ } + return sd_r1; + + default: +@@ -1216,12 +1218,15 @@ + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; +- if (sd_wp_addr(sd, sd->data_start)) ++ } ++ if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; +- if (sd->csd[14] & 0x30) ++ } ++ if (sd->csd[14] & 0x30) { + sd->card_status |= WP_VIOLATION; ++ } + return sd_r1; + + default: +@@ -1240,12 +1245,15 @@ + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) ++ if (sd->data_start + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; +- if (sd_wp_addr(sd, sd->data_start)) ++ } ++ if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; +- if (sd->csd[14] & 0x30) ++ } ++ if (sd->csd[14] & 0x30) { + sd->card_status |= WP_VIOLATION; ++ } + return sd_r1; + + default: diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch new file mode 100644 index 0000000000..6b4c1ec050 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_4.patch @@ -0,0 +1,139 @@ +From 790762e5487114341cccc5bffcec4cb3c022c3cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Thu, 4 Jun 2020 19:22:29 +0200 +Subject: [PATCH] hw/sd/sdcard: Do not switch to ReceivingData if address is + invalid +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Only move the state machine to ReceivingData if there is no +pending error. This avoids later OOB access while processing +commands queued. + + "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" + + 4.3.3 Data Read + + Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + + 4.3.4 Data Write + + Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR + occurred and no data transfer is performed. + +WP_VIOLATION errors are not modified: the error bit is set, we +stay in receive-data state, wait for a stop command. All further +data transfer is ignored. See the check on sd->card_status at the +beginning of sd_read_data() and sd_write_data(). + +Fixes: CVE-2020-13253 + +Cc: qemu-stable@nongnu.org +Reported-by: Alexander Bulekov +Buglink: https://bugs.launchpad.net/qemu/+bug/1880822 +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-6-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=790762e5487114341cccc5bffcec4cb3c022c3cd + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 38 ++++++++++++++++++++++++-------------- + 1 file changed, 24 insertions(+), 14 deletions(-) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index f4f76f8fd2..fad9cf1ee7 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -1171,13 +1171,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 17: /* CMD17: READ_SINGLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: +- sd->state = sd_sendingdata_state; +- sd->data_start = addr; +- sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { ++ if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; + } ++ ++ sd->state = sd_sendingdata_state; ++ sd->data_start = addr; ++ sd->data_offset = 0; + return sd_r1; + + default: +@@ -1188,13 +1190,15 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + case 18: /* CMD18: READ_MULTIPLE_BLOCK */ + switch (sd->state) { + case sd_transfer_state: +- sd->state = sd_sendingdata_state; +- sd->data_start = addr; +- sd->data_offset = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { ++ if (addr + sd->blk_len > sd->size) { + sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; + } ++ ++ sd->state = sd_sendingdata_state; ++ sd->data_start = addr; ++ sd->data_offset = 0; + return sd_r1; + + default: +@@ -1234,14 +1238,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { +- sd->card_status |= ADDRESS_ERROR; +- } + if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; + } +@@ -1261,14 +1268,17 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + /* Writing in SPI mode not implemented. */ + if (sd->spi) + break; ++ ++ if (addr + sd->blk_len > sd->size) { ++ sd->card_status |= ADDRESS_ERROR; ++ return sd_r1; ++ } ++ + sd->state = sd_receivingdata_state; + sd->data_start = addr; + sd->data_offset = 0; + sd->blk_written = 0; + +- if (sd->data_start + sd->blk_len > sd->size) { +- sd->card_status |= ADDRESS_ERROR; +- } + if (sd_wp_addr(sd, sd->data_start)) { + sd->card_status |= WP_VIOLATION; + } +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch new file mode 100644 index 0000000000..ffce610f79 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13253_5.patch @@ -0,0 +1,54 @@ +From 9157dd597d293ab7f599f4d96c3fe8a6e07c633d Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 3 Jun 2020 19:59:16 +0200 +Subject: [PATCH] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Only SCSD cards support Class 6 (Block Oriented Write Protection) +commands. + + "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" + + 4.3.14 Command Functional Difference in Card Capacity Types + + * Write Protected Group + + SDHC and SDXC do not support write-protected groups. Issuing + CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. + +Cc: qemu-stable@nongnu.org +Reviewed-by: Peter Maydell +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Message-Id: <20200630133912.9428-7-f4bug@amsat.org> + +Upstram-Status: Backport: +https://git.qemu.org/?p=qemu.git;a=commit;h=9157dd597d293ab7f599f4d96c3fe8a6e07c633d + +CVE: CVE-2020-13253 + +Signed-off-by: Davide Gardenal +--- + hw/sd/sd.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 5137168..1cc16bf 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -920,6 +920,11 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) + sd->multi_blk_cnt = 0; + } + ++ if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { ++ /* Only Standard Capacity cards support class 6 commands */ ++ return sd_illegal; ++ } ++ + switch (req.cmd) { + /* Basic commands (Class 0 and Class 1) */ + case 0: /* CMD0: GO_IDLE_STATE */ +-- +1.8.3.1 diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch new file mode 100644 index 0000000000..1e8278f7b7 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch @@ -0,0 +1,44 @@ +Date: Thu, 4 Jun 2020 16:25:24 +0530 +From: Prasad J Pandit +Subject: [PATCH v3] ati-vga: check address before reading configuration bytes (CVE-2020-13791) + +While reading PCI configuration bytes, a guest may send an +address towards the end of the configuration space. It may lead +to an OOB access issue. Add check to ensure 'address + size' is +within PCI configuration space. + +CVE: CVE-2020-13791 + +Upstream-Status: Submitted +https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00979.html + +Reported-by: Ren Ding +Reported-by: Hanqing Zhao +Reported-by: Yi Ren +Suggested-by: BALATON Zoltan +Signed-off-by: Prasad J Pandit +Signed-off-by: Davide Gardenal +--- + hw/display/ati.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +Update v3: avoid modifying 'addr' variable + -> https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00834.html + +diff --git a/hw/display/ati.c b/hw/display/ati.c +index 67604e68de..b4d0fd88b7 100644 +--- a/hw/display/ati.c ++++ b/hw/display/ati.c +@@ -387,7 +387,9 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size) + val = s->regs.crtc_pitch; + break; + case 0xf00 ... 0xfff: +- val = pci_default_read_config(&s->dev, addr - 0xf00, size); ++ if ((addr - 0xf00) + size <= pci_config_size(&s->dev)) { ++ val = pci_default_read_config(&s->dev, addr - 0xf00, size); ++ } + break; + case CUR_OFFSET: + val = s->regs.cur_offset; +-- +2.26.2 diff --git a/poky/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch b/poky/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch new file mode 100644 index 0000000000..9a5ebb9115 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch @@ -0,0 +1,34 @@ +From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001 +From: Vitaly Chikunov +Date: Wed, 6 Jan 2021 23:43:41 +0300 +Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used + +When there is number after "T" (suggested number of threads or "0" for +getncpus), lzopen_internal() mode parser would skip one byte, and when +it's at the end of the string it would then parse undesired garbage from +the memory, making intermittent compression failures. + +Fixes: 7740d1098 ("Add support for multithreaded xz compression") +Signed-off-by: Vitaly Chikunov + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/405fc8998181353bd510864ca251dc233afec276] + +--- + rpmio/rpmio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c +index ed1e25140..9d32ec6d9 100644 +--- a/rpmio/rpmio.c ++++ b/rpmio/rpmio.c +@@ -798,6 +798,7 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz) + * should've processed + * */ + while (isdigit(*++mode)); ++ --mode; + } + #ifdef HAVE_LZMA_MT + else +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb index c39a5208e5..376021d913 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x;protoc file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \ file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \ file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ + file://0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch \ file://CVE-2021-3421.patch \ file://CVE-2021-20266.patch \ " diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc index 7b6d4edc61..a9f4240932 100644 --- a/poky/meta/recipes-devtools/ruby/ruby.inc +++ b/poky/meta/recipes-devtools/ruby/ruby.inc @@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "\ file://LEGAL;md5=2b6d62dc0d608f34d510ca3f428110ec \ " -DEPENDS = "ruby-native zlib openssl libyaml gdbm readline libffi" -DEPENDS_class-native = "openssl-native libyaml-native readline-native zlib-native" +DEPENDS = "zlib openssl libyaml gdbm readline libffi" +DEPENDS_append_class-target = " ruby-native" SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ diff --git a/poky/meta/recipes-devtools/ruby/ruby_2.7.4.bb b/poky/meta/recipes-devtools/ruby/ruby_2.7.4.bb deleted file mode 100644 index dafa7d2f6b..0000000000 --- a/poky/meta/recipes-devtools/ruby/ruby_2.7.4.bb +++ /dev/null @@ -1,93 +0,0 @@ -require ruby.inc - -DEPENDS_append_libc-musl = " libucontext" - -SRC_URI += " \ - file://remove_has_include_macros.patch \ - file://run-ptest \ - file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \ - file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ - " - -SRC_URI[md5sum] = "823cd21d93c69e4168b03dd127369343" -SRC_URI[sha256sum] = "3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b" - -PACKAGECONFIG ??= "" -PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" - -PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" -PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp" -PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6," - -EXTRA_OECONF = "\ - --disable-versioned-paths \ - --disable-rpath \ - --disable-dtrace \ - --enable-shared \ - --enable-load-relative \ - --with-pkg-config=pkg-config \ -" - -EXTRA_OECONF_append_libc-musl = "\ - LIBS='-lucontext' \ - ac_cv_func_isnan=yes \ - ac_cv_func_isinf=yes \ -" - -do_install() { - oe_runmake 'DESTDIR=${D}' install -} - -do_install_append_class-target () { - # Find out rbconfig.rb from .installed.list - rbconfig_rb=`grep rbconfig.rb ${B}/.installed.list` - # Remove build host directories - sed -i -e 's:--sysroot=${STAGING_DIR_TARGET}::g' \ - -e s:'--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - -e 's:${HOSTTOOLS_DIR}/::g' \ - -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ - -e 's:${RECIPE_SYSROOT}::g' \ - -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ - ${D}$rbconfig_rb -} - -do_install_ptest () { - cp -rf ${S}/test ${D}${PTEST_PATH}/ - - install -D ${S}/tool/test/runner.rb ${D}${PTEST_PATH}/tool/test/runner.rb - cp -r ${S}/tool/lib ${D}${PTEST_PATH}/tool/ - mkdir -p ${D}${PTEST_PATH}/lib - cp -r ${S}/lib/did_you_mean ${S}/lib/rdoc ${D}${PTEST_PATH}/lib - - # install test-binaries - find $(find ./.ext -path '*/-test-') -name '*.so' -print0 \ - | tar --no-recursion --null -T - --no-same-owner --preserve-permissions -cf - \ - | tar -C ${D}${libdir}/ruby/${SHRT_VER}.0/ --no-same-owner --preserve-permissions --strip-components=2 -xf - - # adjust path to not assume build directory layout - sed -e 's|File.expand_path(.*\.\./bin/erb[^)]*|File.expand_path("${bindir}/erb"|g' \ - -i ${D}${PTEST_PATH}/test/erb/test_erb_command.rb - - cp -r ${S}/include ${D}/${libdir}/ruby/ - test_case_rb=`grep rubygems/test_case.rb ${B}/.installed.list` - sed -i -e 's:../../../test/:../../../ptest/test/:g' ${D}/$test_case_rb -} - -PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc" - -SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library" -RDEPENDS_${PN}-ri-docs = "${PN}" -FILES_${PN}-ri-docs += "${datadir}/ri" - -SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source" -RDEPENDS_${PN}-rdoc = "${PN}" -FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc" - -FILES_${PN} += "${datadir}/rubygems" - -FILES_${PN}-ptest_append_class-target = "\ - ${libdir}/ruby/include \ - ${libdir}/ruby/${SHRT_VER}.0/*/-test- \ -" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/ruby/ruby_2.7.5.bb b/poky/meta/recipes-devtools/ruby/ruby_2.7.5.bb new file mode 100644 index 0000000000..44a2527ee7 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby_2.7.5.bb @@ -0,0 +1,93 @@ +require ruby.inc + +DEPENDS_append_libc-musl = " libucontext" + +SRC_URI += " \ + file://remove_has_include_macros.patch \ + file://run-ptest \ + file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \ + file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ + " + +SRC_URI[md5sum] = "ede247b56fb862f1f67f9471189b04d4" +SRC_URI[sha256sum] = "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1" + +PACKAGECONFIG ??= "" +PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" + +PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" +PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp" +PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6," + +EXTRA_OECONF = "\ + --disable-versioned-paths \ + --disable-rpath \ + --disable-dtrace \ + --enable-shared \ + --enable-load-relative \ + --with-pkg-config=pkg-config \ +" + +EXTRA_OECONF_append_libc-musl = "\ + LIBS='-lucontext' \ + ac_cv_func_isnan=yes \ + ac_cv_func_isinf=yes \ +" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} + +do_install_append_class-target () { + # Find out rbconfig.rb from .installed.list + rbconfig_rb=`grep rbconfig.rb ${B}/.installed.list` + # Remove build host directories + sed -i -e 's:--sysroot=${STAGING_DIR_TARGET}::g' \ + -e s:'--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ + -e 's:${RECIPE_SYSROOT}::g' \ + -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ + ${D}$rbconfig_rb +} + +do_install_ptest () { + cp -rf ${S}/test ${D}${PTEST_PATH}/ + + install -D ${S}/tool/test/runner.rb ${D}${PTEST_PATH}/tool/test/runner.rb + cp -r ${S}/tool/lib ${D}${PTEST_PATH}/tool/ + mkdir -p ${D}${PTEST_PATH}/lib + cp -r ${S}/lib/did_you_mean ${S}/lib/rdoc ${D}${PTEST_PATH}/lib + + # install test-binaries + find $(find ./.ext -path '*/-test-') -name '*.so' -print0 \ + | tar --no-recursion --null -T - --no-same-owner --preserve-permissions -cf - \ + | tar -C ${D}${libdir}/ruby/${SHRT_VER}.0/ --no-same-owner --preserve-permissions --strip-components=2 -xf - + # adjust path to not assume build directory layout + sed -e 's|File.expand_path(.*\.\./bin/erb[^)]*|File.expand_path("${bindir}/erb"|g' \ + -i ${D}${PTEST_PATH}/test/erb/test_erb_command.rb + + cp -r ${S}/include ${D}/${libdir}/ruby/ + test_case_rb=`grep rubygems/test_case.rb ${B}/.installed.list` + sed -i -e 's:../../../test/:../../../ptest/test/:g' ${D}/$test_case_rb +} + +PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc" + +SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library" +RDEPENDS_${PN}-ri-docs = "${PN}" +FILES_${PN}-ri-docs += "${datadir}/ri" + +SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source" +RDEPENDS_${PN}-rdoc = "${PN}" +FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc" + +FILES_${PN} += "${datadir}/rubygems" + +FILES_${PN}-ptest_append_class-target = "\ + ${libdir}/ruby/include \ + ${libdir}/ruby/${SHRT_VER}.0/*/-test- \ +" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb b/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb index 62738dc8d9..325ff9aa15 100644 --- a/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb +++ b/poky/meta/recipes-extended/asciidoc/asciidoc_8.6.9.bb @@ -8,7 +8,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \ file://COPYRIGHT;md5=029ad5428ba5efa20176b396222d4069" -SRC_URI = "git://github.com/asciidoc/asciidoc-py3;protocol=https;branch=main \ +SRC_URI = "git://github.com/asciidoc/asciidoc-py;protocol=https;branch=main \ file://auto-catalogs.patch \ file://detect-python-version.patch" SRCREV = "618f6e6f6b558ed1e5f2588cd60a5a6b4f881ca0" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch new file mode 100644 index 0000000000..033ba77f9a --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch @@ -0,0 +1,121 @@ +From 3920a727fb19e19f597e518610ce2416d08cb75f Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 20 Aug 2020 17:19:09 +0100 +Subject: [PATCH] Fix pdfwrite "%d" mode with file permissions + +Firstly, in gx_device_delete_output_file the iodev pointer was being passed +to the delete_method incorrectly (passing a pointer to that pointer). Thus +when we attempted to use that to confirm permission to delete the file, it +crashed. Credit to Ken for finding that. + +Secondly, due to the way pdfwrite works, when running with an output file per +page, it creates the current output file immediately it has completed writing +the previous one. Thus, it has to delete that partial file on exit. + +Previously, the output file was not added to the "control" permission list, +so an attempt to delete it would result in an error. So add the output file +to the "control" as well as "write" list. + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;f=base/gslibctx.c;h=3920a727fb19e19f597e518610ce2416d08cb75f + +Signed-off-by: Davide Gardenal +--- + base/gsdevice.c | 2 +- + base/gslibctx.c | 20 ++++++++++++++------ + 2 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/base/gsdevice.c b/base/gsdevice.c +index 913119495..ac78af93f 100644 +--- a/base/gsdevice.c ++++ b/base/gsdevice.c +@@ -1185,7 +1185,7 @@ int gx_device_delete_output_file(const gx_device * dev, const char *fname) + parsed.len = strlen(parsed.fname); + } + if (parsed.iodev) +- code = parsed.iodev->procs.delete_file((gx_io_device *)(&parsed.iodev), (const char *)parsed.fname); ++ code = parsed.iodev->procs.delete_file((gx_io_device *)(parsed.iodev), (const char *)parsed.fname); + else + code = gs_note_error(gs_error_invalidfileaccess); + +diff --git a/base/gslibctx.c b/base/gslibctx.c +index d726c58b5..ff8fc895e 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -647,7 +647,7 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + char *fp, f[gp_file_name_sizeof]; + const int pipe = 124; /* ASCII code for '|' */ + const int len = strlen(fname); +- int i; ++ int i, code; + + /* Be sure the string copy will fit */ + if (len >= gp_file_name_sizeof) +@@ -658,8 +658,6 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + rewrite_percent_specifiers(f); + for (i = 0; i < len; i++) { + if (f[i] == pipe) { +- int code; +- + fp = &f[i + 1]; + /* Because we potentially have to check file permissions at two levels + for the output file (gx_device_open_output_file and the low level +@@ -671,10 +669,16 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + if (code < 0) + return code; + break; ++ code = gs_add_control_path(mem, gs_permit_file_control, f); ++ if (code < 0) ++ return code; + } + if (!IS_WHITESPACE(f[i])) + break; + } ++ code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ if (code < 0) ++ return code; + return gs_add_control_path(mem, gs_permit_file_writing, fp); + } + +@@ -684,7 +688,7 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + char *fp, f[gp_file_name_sizeof]; + const int pipe = 124; /* ASCII code for '|' */ + const int len = strlen(fname); +- int i; ++ int i, code; + + /* Be sure the string copy will fit */ + if (len >= gp_file_name_sizeof) +@@ -694,8 +698,6 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + /* Try to rewrite any %d (or similar) in the string */ + for (i = 0; i < len; i++) { + if (f[i] == pipe) { +- int code; +- + fp = &f[i + 1]; + /* Because we potentially have to check file permissions at two levels + for the output file (gx_device_open_output_file and the low level +@@ -704,6 +706,9 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + the pipe_fopen(), the leading '|' has been stripped. + */ + code = gs_remove_control_path(mem, gs_permit_file_writing, f); ++ if (code < 0) ++ return code; ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; + break; +@@ -711,6 +716,9 @@ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + if (!IS_WHITESPACE(f[i])) + break; + } ++ code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ if (code < 0) ++ return code; + return gs_remove_control_path(mem, gs_permit_file_writing, fp); + } + +-- +2.25.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch new file mode 100644 index 0000000000..beade79eef --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch @@ -0,0 +1,37 @@ +From 9daf042fd7bb19e93388d89d9686a2fa4496f382 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 24 Aug 2020 09:24:31 +0100 +Subject: [PATCH] Coverity 361429: move "break" to correct place. + +We had to add the outputfile to the "control" file permission list (as well +as write), but for the "pipe" case, I accidentally added the call after the +break out of loop that checks for a pipe. + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;f=base/gslibctx.c;h=9daf042fd7bb19e93388d89d9686a2fa4496f382 + +Signed-off-by: Davide Gardenal +--- + base/gslibctx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gslibctx.c b/base/gslibctx.c +index ff8fc895e..63dfbe2e0 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -668,10 +668,10 @@ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + code = gs_add_control_path(mem, gs_permit_file_writing, f); + if (code < 0) + return code; +- break; + code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; ++ break; + } + if (!IS_WHITESPACE(f[i])) + break; +-- +2.25.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch new file mode 100644 index 0000000000..e3f9e81c45 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch @@ -0,0 +1,238 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +CVE: CVE-2021-3781 + +Upstream-Status: Backport: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde + +Signed-off-by: Davide Gardenal +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + unsigned long *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.25.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch new file mode 100644 index 0000000000..f312f89e04 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch @@ -0,0 +1,65 @@ +From 6643ff0cb837db3eade489ffff21e3e92eee2ae0 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 28 Jan 2022 08:21:19 +0000 +Subject: [PATCH] [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7] +CVE: CVE-2021-45949 +Signed-off-by: Minjae Kim +--- + psi/zfsample.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0023fa4..f84671f 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -534,14 +534,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } + pop(num_out); /* Move op to base of result values */ +- ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ + /* Check if we are done collecting data. */ + + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;i +Date: Fri, 12 Feb 2021 10:34:23 +0000 +Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation. + +During function result sampling, after the callout to the Postscript +interpreter, make sure there is enough stack space available before pushing +or popping entries. + +In thise case, the Postscript procedure for the "function" is totally invalid +(as a function), and leaves the op stack in an unrecoverable state (as far as +function evaluation is concerned). We end up popping more entries off the +stack than are available. + +To cope, add in stack limit checking to throw an appropriate error when this +happens. + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] +Signed-off-by: Minjae Kim +--- + psi/zfsample.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 290809405..652ae02c6 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + } else { + if (stack_depth_adjust) { + stack_depth_adjust -= num_out; +- push(O_STACK_PAD - stack_depth_adjust); +- for (i=0;ibits.in_addr]) << 24; + bits |= p[rar->bits.in_addr + 1] << 16; + bits |= p[rar->bits.in_addr + 2] << 8; +@@ -1023,7 +1032,16 @@ static int read_bits_32(struct rar5* rar + return ARCHIVE_OK; + } + +-static int read_bits_16(struct rar5* rar, const uint8_t* p, uint16_t* value) { ++static int read_bits_16(struct archive_read* a, struct rar5* rar, ++ const uint8_t* p, uint16_t* value) ++{ ++ if(rar->bits.in_addr >= rar->cstate.cur_block_size) { ++ archive_set_error(&a->archive, ++ ARCHIVE_ERRNO_PROGRAMMER, ++ "Premature end of stream during extraction of data (#2)"); ++ return ARCHIVE_FATAL; ++ } ++ + int bits = (int) ((uint32_t) p[rar->bits.in_addr]) << 16; + bits |= (int) p[rar->bits.in_addr + 1] << 8; + bits |= (int) p[rar->bits.in_addr + 2]; +@@ -1039,8 +1057,8 @@ static void skip_bits(struct rar5* rar, + } + + /* n = up to 16 */ +-static int read_consume_bits(struct rar5* rar, const uint8_t* p, int n, +- int* value) ++static int read_consume_bits(struct archive_read* a, struct rar5* rar, ++ const uint8_t* p, int n, int* value) + { + uint16_t v; + int ret, num; +@@ -1051,7 +1069,7 @@ static int read_consume_bits(struct rar5 + return ARCHIVE_FATAL; + } + +- ret = read_bits_16(rar, p, &v); ++ ret = read_bits_16(a, rar, p, &v); + if(ret != ARCHIVE_OK) + return ret; + +@@ -2425,13 +2443,13 @@ static int create_decode_tables(uint8_t* + static int decode_number(struct archive_read* a, struct decode_table* table, + const uint8_t* p, uint16_t* num) + { +- int i, bits, dist; ++ int i, bits, dist, ret; + uint16_t bitfield; + uint32_t pos; + struct rar5* rar = get_context(a); + +- if(ARCHIVE_OK != read_bits_16(rar, p, &bitfield)) { +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &bitfield))) { ++ return ret; + } + + bitfield &= 0xfffe; +@@ -2537,14 +2555,6 @@ static int parse_tables(struct archive_r + for(i = 0; i < HUFF_TABLE_SIZE;) { + uint16_t num; + +- if((rar->bits.in_addr + 6) >= rar->cstate.cur_block_size) { +- /* Truncated data, can't continue. */ +- archive_set_error(&a->archive, +- ARCHIVE_ERRNO_FILE_FORMAT, +- "Truncated data in huffman tables (#2)"); +- return ARCHIVE_FATAL; +- } +- + ret = decode_number(a, &rar->cstate.bd, p, &num); + if(ret != ARCHIVE_OK) { + archive_set_error(&a->archive, +@@ -2561,8 +2571,8 @@ static int parse_tables(struct archive_r + /* 16..17: repeat previous code */ + uint16_t n; + +- if(ARCHIVE_OK != read_bits_16(rar, p, &n)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &n))) ++ return ret; + + if(num == 16) { + n >>= 13; +@@ -2590,8 +2600,8 @@ static int parse_tables(struct archive_r + /* other codes: fill with zeroes `n` times */ + uint16_t n; + +- if(ARCHIVE_OK != read_bits_16(rar, p, &n)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &n))) ++ return ret; + + if(num == 18) { + n >>= 13; +@@ -2707,22 +2717,22 @@ static int parse_block_header(struct arc + } + + /* Convenience function used during filter processing. */ +-static int parse_filter_data(struct rar5* rar, const uint8_t* p, +- uint32_t* filter_data) ++static int parse_filter_data(struct archive_read* a, struct rar5* rar, ++ const uint8_t* p, uint32_t* filter_data) + { +- int i, bytes; ++ int i, bytes, ret; + uint32_t data = 0; + +- if(ARCHIVE_OK != read_consume_bits(rar, p, 2, &bytes)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_consume_bits(a, rar, p, 2, &bytes))) ++ return ret; + + bytes++; + + for(i = 0; i < bytes; i++) { + uint16_t byte; + +- if(ARCHIVE_OK != read_bits_16(rar, p, &byte)) { +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_bits_16(a, rar, p, &byte))) { ++ return ret; + } + + /* Cast to uint32_t will ensure the shift operation will not +@@ -2765,16 +2775,17 @@ static int parse_filter(struct archive_r + uint16_t filter_type; + struct filter_info* filt = NULL; + struct rar5* rar = get_context(ar); ++ int ret; + + /* Read the parameters from the input stream. */ +- if(ARCHIVE_OK != parse_filter_data(rar, p, &block_start)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = parse_filter_data(ar, rar, p, &block_start))) ++ return ret; + +- if(ARCHIVE_OK != parse_filter_data(rar, p, &block_length)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = parse_filter_data(ar, rar, p, &block_length))) ++ return ret; + +- if(ARCHIVE_OK != read_bits_16(rar, p, &filter_type)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_bits_16(ar, rar, p, &filter_type))) ++ return ret; + + filter_type >>= 13; + skip_bits(rar, 3); +@@ -2814,8 +2825,8 @@ static int parse_filter(struct archive_r + if(filter_type == FILTER_DELTA) { + int channels; + +- if(ARCHIVE_OK != read_consume_bits(rar, p, 5, &channels)) +- return ARCHIVE_EOF; ++ if(ARCHIVE_OK != (ret = read_consume_bits(ar, rar, p, 5, &channels))) ++ return ret; + + filt->channels = channels + 1; + } +@@ -2823,10 +2834,11 @@ static int parse_filter(struct archive_r + return ARCHIVE_OK; + } + +-static int decode_code_length(struct rar5* rar, const uint8_t* p, +- uint16_t code) ++static int decode_code_length(struct archive_read* a, struct rar5* rar, ++ const uint8_t* p, uint16_t code) + { + int lbits, length = 2; ++ + if(code < 8) { + lbits = 0; + length += code; +@@ -2838,7 +2850,7 @@ static int decode_code_length(struct rar + if(lbits > 0) { + int add; + +- if(ARCHIVE_OK != read_consume_bits(rar, p, lbits, &add)) ++ if(ARCHIVE_OK != read_consume_bits(a, rar, p, lbits, &add)) + return -1; + + length += add; +@@ -2933,7 +2945,7 @@ static int do_uncompress_block(struct ar + continue; + } else if(num >= 262) { + uint16_t dist_slot; +- int len = decode_code_length(rar, p, num - 262), ++ int len = decode_code_length(a, rar, p, num - 262), + dbits, + dist = 1; + +@@ -2975,12 +2987,12 @@ static int do_uncompress_block(struct ar + uint16_t low_dist; + + if(dbits > 4) { +- if(ARCHIVE_OK != read_bits_32( +- rar, p, &add)) { ++ if(ARCHIVE_OK != (ret = read_bits_32( ++ a, rar, p, &add))) { + /* Return EOF if we + * can't read more + * data. */ +- return ARCHIVE_EOF; ++ return ret; + } + + skip_bits(rar, dbits - 4); +@@ -3015,11 +3027,11 @@ static int do_uncompress_block(struct ar + /* dbits is one of [0,1,2,3] */ + int add; + +- if(ARCHIVE_OK != read_consume_bits(rar, +- p, dbits, &add)) { ++ if(ARCHIVE_OK != (ret = read_consume_bits(a, rar, ++ p, dbits, &add))) { + /* Return EOF if we can't read + * more data. */ +- return ARCHIVE_EOF; ++ return ret; + } + + dist += add; +@@ -3076,7 +3088,11 @@ static int do_uncompress_block(struct ar + return ARCHIVE_FATAL; + } + +- len = decode_code_length(rar, p, len_slot); ++ len = decode_code_length(a, rar, p, len_slot); ++ if (len == -1) { ++ return ARCHIVE_FATAL; ++ } ++ + rar->cstate.last_len = len; + + if(ARCHIVE_OK != copy_string(a, len, dist)) +--- a/libarchive/test/test_read_format_rar5.c ++++ b/libarchive/test/test_read_format_rar5.c +@@ -1271,3 +1271,20 @@ DEFINE_TEST(test_read_format_rar5_block_ + + EPILOGUE(); + } ++ ++DEFINE_TEST(test_read_format_rar5_decode_number_out_of_bounds_read) ++{ ++ /* oss fuzz 30448 */ ++ ++ char buf[4096]; ++ PROLOGUE("test_read_format_rar5_decode_number_out_of_bounds_read.rar"); ++ ++ /* Return codes of those calls are ignored, because this sample file ++ * is invalid. However, the unpacker shouldn't produce any SIGSEGV ++ * errors during processing. */ ++ ++ (void) archive_read_next_header(a, &ae); ++ while(0 < archive_read_data(a, buf, sizeof(buf))) {} ++ ++ EPILOGUE(); ++} +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu +@@ -0,0 +1,10 @@ ++begin 644 test_read_format_rar5_decode_number_out_of_bounds_read.rar ++M4F%R(1H'`0!3@"KT`P+G(@(0("`@@`L!!"`@("`@(($D_[BJ2"!::7!)210V ++M+0#ZF#)Q!`+>YPW_("`@("``_R````````````````````````````!__P`` ++M``````!T72`@/EW_(/\@("`@("`@("`@("`@("`@("`@("`@("`@(/\@("`@ ++M("`@("#_("`@("`@("`@("`@("`@("`@("`@("`@("#_("`@("`@("`@_R`@ ++M("`@("`@("`@("`@("`@("`@("`@("`@_R`@("`@("`@(/\@("`@("`@("`@ ++M("`@("`@("`@("`@("`@(/\@("`@("`@("#_("`@("`@("`@("`@("`@("`@ ++E("`@("`@("#_("`@("`@("`@_R`@("`@("`@("`@("`@("`@(``` ++` ++end diff --git a/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch new file mode 100644 index 0000000000..b5da44ec7b --- /dev/null +++ b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch @@ -0,0 +1,121 @@ +From 17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f Mon Sep 17 00:00:00 2001 +From: Grzegorz Antoniak +Date: Fri, 12 Feb 2021 20:18:31 +0100 +Subject: [PATCH] RAR5 reader: fix invalid memory access in some files + +RAR5 reader uses several variables to manage the window buffer during +extraction: the buffer itself (`window_buf`), the current size of the +window buffer (`window_size`), and a helper variable (`window_mask`) +that is used to constrain read and write offsets to the window buffer. + +Some specially crafted files can force the unpacker to update the +`window_mask` variable to a value that is out of sync with current +buffer size. If the `window_mask` will be bigger than the actual buffer +size, then an invalid access operation can happen (SIGSEGV). + +This commit ensures that if the `window_size` and `window_mask` will be +changed, the window buffer will be reallocated to the proper size, so no +invalid memory operation should be possible. + +This commit contains a test file from OSSFuzz #30442. + +Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/libarchive/plain/debian/patches/CVE-2021-36976-2.patch?h=applied/3.4.3-2ubuntu0.1] +CVE: CVE-2021-36976 +Signed-off-by: Virendra Thakur + +--- + Makefile.am | 1 + + libarchive/archive_read_support_format_rar5.c | 27 ++++++++++++++----- + libarchive/test/test_read_format_rar5.c | 17 ++++++++++++ + ...mat_rar5_window_buf_and_size_desync.rar.uu | 11 ++++++++ + 4 files changed, 50 insertions(+), 6 deletions(-) + create mode 100644 libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu + +--- a/Makefile.am ++++ b/Makefile.am +@@ -884,6 +884,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_different_winsize_on_merge.rar.uu \ + libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ + libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \ ++ libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \ + libarchive/test/test_read_format_raw.bufr.uu \ + libarchive/test/test_read_format_raw.data.gz.uu \ + libarchive/test/test_read_format_raw.data.Z.uu \ +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -1730,14 +1730,29 @@ static int process_head_file(struct arch + } + } + +- /* If we're currently switching volumes, ignore the new definition of +- * window_size. */ +- if(rar->cstate.switch_multivolume == 0) { +- /* Values up to 64M should fit into ssize_t on every +- * architecture. */ +- rar->cstate.window_size = (ssize_t) window_size; ++ if(rar->cstate.window_size < (ssize_t) window_size && ++ rar->cstate.window_buf) ++ { ++ /* If window_buf has been allocated before, reallocate it, so ++ * that its size will match new window_size. */ ++ ++ uint8_t* new_window_buf = ++ realloc(rar->cstate.window_buf, window_size); ++ ++ if(!new_window_buf) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_PROGRAMMER, ++ "Not enough memory when trying to realloc the window " ++ "buffer."); ++ return ARCHIVE_FATAL; ++ } ++ ++ rar->cstate.window_buf = new_window_buf; + } + ++ /* Values up to 64M should fit into ssize_t on every ++ * architecture. */ ++ rar->cstate.window_size = (ssize_t) window_size; ++ + if(rar->file.solid > 0 && rar->file.solid_window_size == 0) { + /* Solid files have to have the same window_size across + whole archive. Remember the window_size parameter +--- a/libarchive/test/test_read_format_rar5.c ++++ b/libarchive/test/test_read_format_rar5.c +@@ -1206,6 +1206,23 @@ DEFINE_TEST(test_read_format_rar5_differ + EPILOGUE(); + } + ++DEFINE_TEST(test_read_format_rar5_window_buf_and_size_desync) ++{ ++ /* oss fuzz 30442 */ ++ ++ char buf[4096]; ++ PROLOGUE("test_read_format_rar5_window_buf_and_size_desync.rar"); ++ ++ /* Return codes of those calls are ignored, because this sample file ++ * is invalid. However, the unpacker shouldn't produce any SIGSEGV ++ * errors during processing. */ ++ ++ (void) archive_read_next_header(a, &ae); ++ while(0 < archive_read_data(a, buf, 46)) {} ++ ++ EPILOGUE(); ++} ++ + DEFINE_TEST(test_read_format_rar5_arm_filter_on_window_boundary) + { + char buf[4096]; +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu +@@ -0,0 +1,11 @@ ++begin 644 test_read_format_rar5_window_buf_and_size_desync.rar ++M4F%R(1H'`0`]/-[E`@$`_P$`1#[Z5P("`PL``BXB"?\`!(@B@0`)6.-AF?_1 ++M^0DI&0GG(F%R(0<:)`!3@"KT`P+G(@O_X[\``#&``(?!!0$$[:L``$.M*E)A ++MP0";/P1%``A*2DI*2DYQ<6TN9'%*2DI*2DI*``!DGNGIZ>8_^>GE/_``!. ++` ++end diff --git a/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch new file mode 100644 index 0000000000..0e1549f229 --- /dev/null +++ b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch @@ -0,0 +1,93 @@ +From 313bcd7ac547f7cc25945831f63507420c0874d7 Mon Sep 17 00:00:00 2001 +From: Grzegorz Antoniak +Date: Sat, 13 Feb 2021 10:13:22 +0100 +Subject: [PATCH] RAR5 reader: add more checks for invalid extraction + parameters + +Some specially crafted files declare invalid extraction parameters that +can confuse the RAR5 reader. + +One of the arguments is the declared window size parameter that the +archive file can declare for each file stored in the archive. Some +crafted files declare window size equal to 0, which is clearly wrong. + +This commit adds additional safety checks decreasing the tolerance of +the RAR5 format. + +This commit also contains OSSFuzz sample #30459. +--- + Makefile.am | 1 + + libarchive/archive_read_support_format_rar5.c | 10 ++++++++++ + libarchive/test/test_read_format_rar5.c | 19 +++++++++++++++++++ + ...t_rar5_bad_window_sz_in_mltarc_file.rar.uu | 7 +++++++ + 4 files changed, 37 insertions(+) + create mode 100644 libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/pull/1493/commits/313bcd7ac547f7cc25945831f63507420c0874d7] +CVE: CVE-2021-36976 +Signed-off-by: Virendra Thakur + +--- libarchive-3.4.2.orig/Makefile.am ++++ libarchive-3.4.2/Makefile.am +@@ -882,6 +882,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ + libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \ + libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \ ++ libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu \ + libarchive/test/test_read_format_raw.bufr.uu \ + libarchive/test/test_read_format_raw.data.gz.uu \ + libarchive/test/test_read_format_raw.data.Z.uu \ +--- libarchive-3.4.2.orig/libarchive/archive_read_support_format_rar5.c ++++ libarchive-3.4.2/libarchive/archive_read_support_format_rar5.c +@@ -3637,6 +3637,16 @@ static int do_uncompress_file(struct arc + rar->cstate.initialized = 1; + } + ++ /* Don't allow extraction if window_size is invalid. */ ++ if(rar->cstate.window_size == 0) { ++ archive_set_error(&a->archive, ++ ARCHIVE_ERRNO_FILE_FORMAT, ++ "Invalid window size declaration in this file"); ++ ++ /* This should never happen in valid files. */ ++ return ARCHIVE_FATAL; ++ } ++ + if(rar->cstate.all_filters_applied == 1) { + /* We use while(1) here, but standard case allows for just 1 + * iteration. The loop will iterate if process_block() didn't +--- libarchive-3.4.2.orig/libarchive/test/test_read_format_rar5.c ++++ libarchive-3.4.2/libarchive/test/test_read_format_rar5.c +@@ -1305,3 +1305,22 @@ DEFINE_TEST(test_read_format_rar5_decode + + EPILOGUE(); + } ++ ++DEFINE_TEST(test_read_format_rar5_bad_window_size_in_multiarchive_file) ++{ ++ /* oss fuzz 30459 */ ++ ++ char buf[4096]; ++ PROLOGUE("test_read_format_rar5_bad_window_sz_in_mltarc_file.rar"); ++ ++ /* This file is damaged, so those functions should return failure. ++ * Additionally, SIGSEGV shouldn't be raised during execution ++ * of those functions. */ ++ ++ (void) archive_read_next_header(a, &ae); ++ while(0 < archive_read_data(a, buf, sizeof(buf))) {} ++ (void) archive_read_next_header(a, &ae); ++ while(0 < archive_read_data(a, buf, sizeof(buf))) {} ++ ++ EPILOGUE(); ++} +--- /dev/null ++++ libarchive-3.4.2/libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu +@@ -0,0 +1,7 @@ ++begin 644 test_read_format_rar5_bad_window_size_in_multiarchive_file.rar ++M4F%R(1H'`0`]/-[E`@$`_R`@1#[Z5P("`PL`("`@@"(`"?\@("#___\@("`@ ++M("`@("`@("`@4X`J]`,"YR(#$($@("`@``$@("`@@ Signed-off-by: Chee Yang Lee +Signed-off-by: Steve Sakoman --- ext/testcase.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch new file mode 100644 index 0000000000..da59b7297a --- /dev/null +++ b/poky/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch @@ -0,0 +1,100 @@ +From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001 +From: povcfe +Date: Wed, 5 Jan 2022 11:11:09 +0000 +Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134) + +(thx povcfe) + +(edited: gstrauss) + +There is a potential remote denial of service in lighttpd mod_extforward +under specific, non-default and uncommon 32-bit lighttpd mod_extforward +configurations. + +Under specific, non-default and uncommon lighttpd mod_extforward +configurations, a remote attacker can trigger a 4-byte out-of-bounds +write of value '-1' to the stack. This is not believed to be exploitable +in any way beyond triggering a crash of the lighttpd server on systems +where the lighttpd server has been built 32-bit and with compiler flags +which enable a stack canary -- gcc/clang -fstack-protector-strong or +-fstack-protector-all, but bug not visible with only -fstack-protector. + +With standard lighttpd builds using -O2 optimization on 64-bit x86_64, +this bug has not been observed to cause adverse behavior, even with +gcc/clang -fstack-protector-strong. + +For the bug to be reachable, the user must be using a non-default +lighttpd configuration which enables mod_extforward and configures +mod_extforward to accept and parse the "Forwarded" header from a trusted +proxy. At this time, support for RFC7239 Forwarded is not common in CDN +providers or popular web server reverse proxies. It bears repeating that +for the user to desire to configure lighttpd mod_extforward to accept +"Forwarded", the user must also be using a trusted proxy (in front of +lighttpd) which understands and actively modifies the "Forwarded" header +sent to lighttpd. + +lighttpd natively supports RFC7239 "Forwarded" +hiawatha natively supports RFC7239 "Forwarded" + +nginx can be manually configured to add a "Forwarded" header +https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ + +A 64-bit build of lighttpd on x86_64 (not known to be affected by bug) +in front of another 32-bit lighttpd will detect and reject a malicious +"Forwarded" request header, thereby thwarting an attempt to trigger +this bug in an upstream 32-bit lighttpd. + +The following servers currently do not natively support RFC7239 Forwarded: +nginx +apache2 +caddy +node.js +haproxy +squid +varnish-cache +litespeed + +Given the general dearth of support for RFC7239 Forwarded in popular +CDNs and web server reverse proxies, and given the prerequisites in +lighttpd mod_extforward needed to reach this bug, the number of lighttpd +servers vulnerable to this bug is estimated to be vanishingly small. +Large systems using reverse proxies are likely running 64-bit lighttpd, +which is not known to be adversely affected by this bug. + +In the future, it is desirable for more servers to implement RFC7239 +Forwarded. lighttpd developers would like to thank povcfe for reporting +this bug so that it can be fixed before more CDNs and web servers +implement RFC7239 Forwarded. + +x-ref: + "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1" + https://redmine.lighttpd.net/issues/3134 + (not yet written or published) + CVE-2022-22707 + +Upstream-Status: Backport +CVE: CVE-2022-22707 +Signed-off-by: Ross Burton + +Signed-off-by: Purushottam Choudhary +Signed-off-by: Purushottam Choudhary +--- + src/mod_extforward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mod_extforward.c b/src/mod_extforward.c +index ba957e04..fdaef7f6 100644 +--- a/src/mod_extforward.c ++++ b/src/mod_extforward.c +@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c + while (s[i] == ' ' || s[i] == '\t') ++i; + if (s[i] == ';') { ++i; continue; } + if (s[i] == ',') { +- if (j >= (int)(sizeof(offsets)/sizeof(int))) break; ++ if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break; + offsets[++j] = -1; /*("offset" separating params from next proxy)*/ + ++i; + continue; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb index 737d6ebf7c..357a269015 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb @@ -14,6 +14,7 @@ RRECOMMENDS_${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ diff --git a/poky/meta/recipes-extended/lsof/lsof_4.91.bb b/poky/meta/recipes-extended/lsof/lsof_4.91.bb index b3adfd57af..7c85bf23fc 100644 --- a/poky/meta/recipes-extended/lsof/lsof_4.91.bb +++ b/poky/meta/recipes-extended/lsof/lsof_4.91.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Lsof is a Unix-specific diagnostic tool. \ Its name stands for LiSt Open Files, and it does just that." HOMEPAGE = "http://people.freebsd.org/~abe/" SECTION = "devel" -LICENSE = "BSD" +LICENSE = "Spencer-94" LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429ba3b39dbb9f205172a" # Upstream lsof releases are hosted on an ftp server which times out download diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index 5f7ea00bf1..4e68f826c6 100644 --- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -2,7 +2,7 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" DEPENDS = "base-passwd" diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 7061dc7505..bfe50c18f6 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" DESCRIPTION = "${SUMMARY}" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index e9eb249afe..cdd1a2ac3c 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -3,10 +3,10 @@ DESCRIPTION = "The Time Zone Database contains code and data that represent \ the history of local time for many representative locations around the globe." HOMEPAGE = "http://www.iana.org/time-zones" SECTION = "base" -LICENSE = "PD & BSD & BSD-3-Clause" +LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2021e" +PV = "2022a" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "584666393a5424d13d27ec01183da17703273664742e049d4f62f62dab631775" -SRC_URI[tzdata.sha256sum] = "07ec42b737d0d3c6be9c337f8abb5f00554a0f9cc4fcf01a703d69403b6bb2b1" +SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7" +SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" diff --git a/poky/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch b/poky/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch index fa8a29b798..31f9e32dc2 100644 --- a/poky/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch +++ b/poky/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch @@ -6,10 +6,13 @@ Subject: [PATCH] [sfnt] Fix heap buffer overflow (#59308). This is CVE-2020-15999. * src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier. +CVE: CVE-2020-15999 Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd] Signed-off-by: Diego Santa Cruz +Signed-off-by: Purushottam Choudhary +Signed-off-by: Purushottam Choudhary --- src/sfnt/pngshim.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb index 772db5bbaf..31c45ef89c 100644 --- a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb +++ b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10" DEPENDS = "libdrm mesa libepoxy" SRCREV = "7d204f3927be65fb3365dce01dbcd04d447a4985" -SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=master \ +SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=master \ file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \ file://0001-meson.build-use-python3-directly-for-python.patch \ " diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index c891211c40..ce57982a7d 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -16,7 +16,7 @@ PE = "2" INC_PR = "r8" XORG_PN = "xorg-server" -SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" +SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.gz" CVE_PRODUCT = "xorg-server x_server" # This is specific to Debian's xserver-wrapper.c diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch deleted file mode 100644 index fb3a37c474..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch +++ /dev/null @@ -1,182 +0,0 @@ -From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Tue, 18 Aug 2020 14:46:32 +0200 -Subject: [PATCH] Correct bounds checking in XkbSetNames() - -CVE-2020-14345 / ZDI 11428 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -CVE: CVE-2020-14345 -Affects < 1.20.9 - -Signed-off-by: Armin Kuster - ---- - xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 48 insertions(+) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT; - #define CHK_REQ_KEY_RANGE(err,first,num,r) \ - CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue) - -+static Bool -+_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) { -+ char *cstuff = (char *)stuff; -+ char *cfrom = (char *)from; -+ char *cto = (char *)to; -+ -+ return cfrom < cto && -+ cfrom >= cstuff && -+ cfrom < cstuff + ((size_t)client->req_len << 2) && -+ cto >= cstuff && -+ cto <= cstuff + ((size_t)client->req_len << 2); -+} -+ - /***====================================================================***/ - - int -@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = _XkbErrCode2(0x04, stuff->firstType); - return BadAccess; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes)) -+ return BadLength; - old = tmp; - tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad); - if (!tmp) { -@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - } - width = (CARD8 *) tmp; - tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels)); -+ if (!_XkbCheckRequestBounds(client, stuff, width, tmp)) -+ return BadLength; - type = &xkb->map->types[stuff->firstKTLevel]; - for (i = 0; i < stuff->nKTLevels; i++, type++) { - if (width[i] == 0) -@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi - type->num_levels, width[i]); - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i])) -+ return BadLength; - tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad); - if (!tmp) { - client->errorValue = bad; -@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x08; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->indicators))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators, - client->swapped, &bad); - if (!tmp) { -@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x09; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->virtualMods))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods, - (CARD32) stuff->virtualMods, - client->swapped, &bad); -@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = 0x0a; - return BadMatch; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + Ones(stuff->groupNames))) -+ return BadLength; - tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups, - (CARD32) stuff->groupNames, - client->swapped, &bad); -@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi - stuff->nKeys); - return BadValue; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys)) -+ return BadLength; - tmp += stuff->nKeys; - } - if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) { -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + (stuff->nKeyAliases * 2))) -+ return BadLength; - tmp += stuff->nKeyAliases * 2; - } - if (stuff->which & XkbRGNamesMask) { -@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi - client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups); - return BadValue; - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, -+ tmp + stuff->nRadioGroups)) -+ return BadLength; - tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad); - if (!tmp) { - client->errorValue = bad; -@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client) - /* check device-independent stuff */ - tmp = (CARD32 *) &stuff[1]; - -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbKeycodesNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbGeometryNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbSymbolsNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbPhysSymbolsNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbTypesNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { -@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client) - return BadAtom; - } - } -+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) -+ return BadLength; - if (stuff->which & XkbCompatNameMask) { - tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); - if (!tmp) { diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch deleted file mode 100644 index 4994a21d33..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Tue, 18 Aug 2020 14:49:04 +0200 -Subject: [PATCH] Fix XIChangeHierarchy() integer underflow - -CVE-2020-14346 / ZDI-CAN-11429 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff] -CVE: CVE-2020-14346 -Signed-off-by: Chee Yang Lee ---- - Xi/xichangehierarchy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c -index cbdd91258..504defe56 100644 ---- a/Xi/xichangehierarchy.c -+++ b/Xi/xichangehierarchy.c -@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) - if (!stuff->num_changes) - return rc; - -- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); -+ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq); - - any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; - while (stuff->num_changes--) { --- -2.17.1 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch deleted file mode 100644 index cf3f5f9417..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch +++ /dev/null @@ -1,38 +0,0 @@ -From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Sat, 25 Jul 2020 19:33:50 +0200 -Subject: [PATCH] fix for ZDI-11426 - -Avoid leaking un-initalized memory to clients by zeroing the -whole pixmap on initial allocation. - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb -Reviewed-by: Alan Coopersmith - - -Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816] -CVE: CVE-2020-14347 -Signed-off-by: Chee Yang Lee ---- - dix/pixmap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dix/pixmap.c b/dix/pixmap.c -index 1186d7dbbf..5a0146bbb6 100644 ---- a/dix/pixmap.c -+++ b/dix/pixmap.c -@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) - if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) - return NullPixmap; - -- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); -+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); - if (!pPixmap) - return NullPixmap; - --- -GitLab - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch deleted file mode 100644 index e9ab42742e..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Thu, 12 Nov 2020 19:15:07 +0100 -Subject: [PATCH] Check SetMap request length carefully. - -Avoid out of bounds memory accesses on too short request. - -ZDI-CAN 11572 / CVE-2020-14360 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b -CVE: CVE-2020-14360 -Signed-off-by: Armin Kuster ---- - xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 92 insertions(+) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi, - return (char *) wire; - } - -+#define _add_check_len(new) \ -+ if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \ -+ else len += new -+ -+/** -+ * Check the length of the SetMap request -+ */ -+static int -+_XkbSetMapCheckLength(xkbSetMapReq *req) -+{ -+ size_t len = sz_xkbSetMapReq, req_len = req->length << 2; -+ xkbKeyTypeWireDesc *keytype; -+ xkbSymMapWireDesc *symmap; -+ BOOL preserve; -+ int i, map_count, nSyms; -+ -+ if (req_len < len) -+ goto bad; -+ /* types */ -+ if (req->present & XkbKeyTypesMask) { -+ keytype = (xkbKeyTypeWireDesc *)(req + 1); -+ for (i = 0; i < req->nTypes; i++) { -+ _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc)); -+ if (req->flags & XkbSetMapResizeTypes) { -+ _add_check_len(keytype->nMapEntries -+ * sz_xkbKTSetMapEntryWireDesc); -+ preserve = keytype->preserve; -+ map_count = keytype->nMapEntries; -+ if (preserve) { -+ _add_check_len(map_count * sz_xkbModsWireDesc); -+ } -+ keytype += 1; -+ keytype = (xkbKeyTypeWireDesc *) -+ ((xkbKTSetMapEntryWireDesc *)keytype + map_count); -+ if (preserve) -+ keytype = (xkbKeyTypeWireDesc *) -+ ((xkbModsWireDesc *)keytype + map_count); -+ } -+ } -+ } -+ /* syms */ -+ if (req->present & XkbKeySymsMask) { -+ symmap = (xkbSymMapWireDesc *)((char *)req + len); -+ for (i = 0; i < req->nKeySyms; i++) { -+ _add_check_len(sz_xkbSymMapWireDesc); -+ nSyms = symmap->nSyms; -+ _add_check_len(nSyms*sizeof(CARD32)); -+ symmap += 1; -+ symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms); -+ } -+ } -+ /* actions */ -+ if (req->present & XkbKeyActionsMask) { -+ _add_check_len(req->totalActs * sz_xkbActionWireDesc -+ + XkbPaddedSize(req->nKeyActs)); -+ } -+ /* behaviours */ -+ if (req->present & XkbKeyBehaviorsMask) { -+ _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc); -+ } -+ /* vmods */ -+ if (req->present & XkbVirtualModsMask) { -+ _add_check_len(XkbPaddedSize(Ones(req->virtualMods))); -+ } -+ /* explicit */ -+ if (req->present & XkbExplicitComponentsMask) { -+ /* two bytes per non-zero explicit componen */ -+ _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16))); -+ } -+ /* modmap */ -+ if (req->present & XkbModifierMapMask) { -+ /* two bytes per non-zero modmap component */ -+ _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16))); -+ } -+ /* vmodmap */ -+ if (req->present & XkbVirtualModMapMask) { -+ _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc); -+ } -+ if (len == req_len) -+ return Success; -+bad: -+ ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n", -+ len, req_len); -+ return BadLength; -+} -+ -+ - /** - * Check if the given request can be applied to the given device but don't - * actually do anything.. -@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client) - CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess); - CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask); - -+ /* first verify the request length carefully */ -+ rc = _XkbSetMapCheckLength(stuff); -+ if (rc != Success) -+ return rc; -+ - tmp = (char *) &stuff[1]; - - /* Check if we can to the SetMap on the requested device. If this diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch deleted file mode 100644 index 710cc3873c..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Tue, 18 Aug 2020 14:52:29 +0200 -Subject: [PATCH] Fix XkbSelectEvents() integer underflow - -CVE-2020-14361 ZDI-CAN 11573 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787] -CVE: CVE-2020-14361 -Signed-off-by: Chee Yang Lee ---- - xkb/xkbSwap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c -index 1c1ed5ff4..50cabb90e 100644 ---- a/xkb/xkbSwap.c -+++ b/xkb/xkbSwap.c -@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client) - register unsigned bit, ndx, maskLeft, dataLeft, size; - - from.c8 = (CARD8 *) &stuff[1]; -- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq); -+ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq); - maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask)); - for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) { - if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify)) --- -2.17.1 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch deleted file mode 100644 index 2103e9c198..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Tue, 18 Aug 2020 14:55:01 +0200 -Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow - -CVE-2020-14362 ZDI-CAN-11574 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc] -CVE: CVE-2020-14362 -Signed-off-by: Chee Yang Lee ---- - record/record.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/record/record.c b/record/record.c -index f2d38c877..be154525d 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client) - } /* SProcRecordQueryVersion */ - - static int _X_COLD --SwapCreateRegister(xRecordRegisterClientsReq * stuff) -+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - { - int i; - XID *pClientID; -@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff) - swapl(&stuff->nRanges); - pClientID = (XID *) &stuff[1]; - if (stuff->nClients > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)) - return BadLength; - for (i = 0; i < stuff->nClients; i++, pClientID++) { - swapl(pClientID); - } - if (stuff->nRanges > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) - - stuff->nClients) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); -@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordCreateContext(client); - } /* SProcRecordCreateContext */ -@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordRegisterClients(client); - } /* SProcRecordRegisterClients */ --- -2.17.1 - diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch deleted file mode 100644 index f39f6b32b1..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Sun, 11 Oct 2020 17:05:09 +0200 -Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap - overflows - -ZDI-CAN 11389 / CVE-2020-25712 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb - -Upstream-Status: Backport -https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 -CVE: CVE-2020-25712 -Signed-off-by: Armin Kuster - ---- - xkb/xkb.c | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -Index: xorg-server-1.20.8/xkb/xkb.c -=================================================================== ---- xorg-server-1.20.8.orig/xkb/xkb.c -+++ xorg-server-1.20.8/xkb/xkb.c -@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire, - unsigned changed, - int num, - int *status_rtrn, -- ClientPtr client, xkbExtensionDeviceNotify * ev) -+ ClientPtr client, -+ xkbExtensionDeviceNotify * ev, -+ xkbSetDeviceInfoReq * stuff) - { - xkbDeviceLedsWireDesc *ledWire; - int i; -@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire, - xkbIndicatorMapWireDesc *mapWire; - XkbSrvLedInfoPtr sli; - -+ if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) ledWire; -+ } -+ - namec = mapc = statec = 0; - sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID, - XkbXI_IndicatorMapsMask); -@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire, - memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom)); - for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { - if (ledWire->namesPresent & bit) { -+ if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) atomWire; -+ } - sli->names[n] = (Atom) *atomWire; - if (sli->names[n] == None) - ledWire->namesPresent &= ~bit; -@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire, - if (ledWire->mapsPresent) { - for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { - if (ledWire->mapsPresent & bit) { -+ if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) { -+ *status_rtrn = BadLength; -+ return (char *) mapWire; -+ } - sli->maps[n].flags = mapWire->flags; - sli->maps[n].which_groups = mapWire->whichGroups; - sli->maps[n].groups = mapWire->groups; -@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - ed.deviceID = dev->id; - wire = (char *) &stuff[1]; - if (stuff->change & XkbXI_ButtonActionsMask) { -- int nBtns, sz, i; -+ int nBtns, sz, i; - XkbAction *acts; - DeviceIntPtr kbd; - -@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - return BadAlloc; - dev->button->xkb_acts = acts; - } -+ if (stuff->firstBtn + stuff->nBtns > nBtns) -+ return BadValue; - sz = stuff->nBtns * SIZEOF(xkbActionWireDesc); -+ if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz)) -+ return BadLength; - memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz); - wire += sz; - ed.reason |= XkbXI_ButtonActionsMask; -@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client, - int status = Success; - - wire = SetDeviceIndicators(wire, dev, stuff->change, -- stuff->nDeviceLedFBs, &status, client, &ed); -+ stuff->nDeviceLedFBs, &status, client, &ed, -+ stuff); - if (status != Success) - return status; - } diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb new file mode 100644 index 0000000000..d176f390a4 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb @@ -0,0 +1,34 @@ +require xserver-xorg.inc + +SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ + file://pkgconfig.patch \ + file://0001-test-xtest-Initialize-array-with-braces.patch \ + file://sdksyms-no-build-path.patch \ + file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ + " +SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf" +SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066" + +CFLAGS += "-fcommon" + +# These extensions are now integrated into the server, so declare the migration +# path for in-place upgrades. + +RREPLACES_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " +RPROVIDES_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " +RCONFLICTS_${PN} = "${PN}-extension-dri \ + ${PN}-extension-dri2 \ + ${PN}-extension-record \ + ${PN}-extension-extmod \ + ${PN}-extension-dbe \ + " diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb deleted file mode 100644 index 8c77c3756b..0000000000 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb +++ /dev/null @@ -1,41 +0,0 @@ -require xserver-xorg.inc - -SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ - file://pkgconfig.patch \ - file://0001-test-xtest-Initialize-array-with-braces.patch \ - file://sdksyms-no-build-path.patch \ - file://0001-drmmode_display.c-add-missing-mi.h-include.patch \ - file://CVE-2020-14347.patch \ - file://CVE-2020-14346.patch \ - file://CVE-2020-14361.patch \ - file://CVE-2020-14362.patch \ - file://CVE-2020-14345.patch \ - file://CVE-2020-14360.patch \ - file://CVE-2020-25712.patch \ - " -SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" -SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" - -CFLAGS += "-fcommon" - -# These extensions are now integrated into the server, so declare the migration -# path for in-place upgrades. - -RREPLACES_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " -RPROVIDES_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " -RCONFLICTS_${PN} = "${PN}-extension-dri \ - ${PN}-extension-dri2 \ - ${PN}-extension-record \ - ${PN}-extension-extmod \ - ${PN}-extension-dbe \ - " diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb deleted file mode 100644 index 92b6ff5157..0000000000 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb +++ /dev/null @@ -1,1067 +0,0 @@ -SUMMARY = "Firmware files for use with Linux kernel" -HOMEPAGE = "https://www.kernel.org/" -DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \ -that contains firmware binary blobs necessary for partial or full functionality \ -of certain hardware devices." -SECTION = "kernel" - -LICENSE = "\ - Firmware-Abilis \ - & Firmware-adsp_sst \ - & Firmware-agere \ - & Firmware-amdgpu \ - & Firmware-amd-ucode \ - & Firmware-amlogic_vdec \ - & Firmware-atheros_firmware \ - & Firmware-atmel \ - & Firmware-broadcom_bcm43xx \ - & Firmware-ca0132 \ - & Firmware-cavium \ - & Firmware-chelsio_firmware \ - & Firmware-cw1200 \ - & Firmware-cypress \ - & Firmware-dib0700 \ - & Firmware-e100 \ - & Firmware-ene_firmware \ - & Firmware-fw_sst_0f28 \ - & Firmware-go7007 \ - & Firmware-GPLv2 \ - & Firmware-hfi1_firmware \ - & Firmware-i2400m \ - & Firmware-i915 \ - & Firmware-ibt_firmware \ - & Firmware-ice \ - & Firmware-it913x \ - & Firmware-iwlwifi_firmware \ - & Firmware-IntcSST2 \ - & Firmware-kaweth \ - & Firmware-Lontium \ - & Firmware-Marvell \ - & Firmware-moxa \ - & Firmware-myri10ge_firmware \ - & Firmware-netronome \ - & Firmware-nvidia \ - & Firmware-OLPC \ - & Firmware-ath9k-htc \ - & Firmware-phanfw \ - & Firmware-qat \ - & Firmware-qcom \ - & Firmware-qla1280 \ - & Firmware-qla2xxx \ - & Firmware-qualcommAthos_ar3k \ - & Firmware-qualcommAthos_ath10k \ - & Firmware-r8a779x_usb3 \ - & Firmware-radeon \ - & Firmware-ralink_a_mediatek_company_firmware \ - & Firmware-ralink-firmware \ - & Firmware-rtlwifi_firmware \ - & Firmware-imx-sdma_firmware \ - & Firmware-siano \ - & Firmware-tda7706-firmware \ - & Firmware-ti-connectivity \ - & Firmware-ti-keystone \ - & Firmware-ueagle-atm4-firmware \ - & Firmware-via_vt6656 \ - & Firmware-wl1251 \ - & Firmware-xc4000 \ - & Firmware-xc5000 \ - & Firmware-xc5000c \ - & WHENCE \ -" - -LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ - file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ - file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=d357524f5099e2a3db3c1838921c593f \ - file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ - file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ - file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ - file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ - file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ - file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \ - file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ - file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ - file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ - file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ - file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ - file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \ - file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \ - file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \ - file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \ - file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \ - file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \ - file://LICENCE.i2400m;md5=14b901969e23c41881327c0d9e4b7d36 \ - file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ - file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ - file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ - file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ - file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ - file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ - file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \ - file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ - file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ - file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ - file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ - file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ - file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ - file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ - file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ - file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ - file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ - file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ - file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ - file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ - file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ - file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ - file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ - file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \ - file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \ - file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \ - file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \ - file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \ - file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \ - file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \ - file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \ - file://LICENCE.tda7706-firmware.txt;md5=835997cf5e3c131d0dddd695c7d9103e \ - file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \ - file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \ - file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \ - file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \ - file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \ - file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ - file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ - file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=79f477f9d53eedee5a65b45193785963 \ - " - -# These are not common licenses, set NO_GENERIC_LICENSE for them -# so that the license files will be copied from fetched source -NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis" -NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst" -NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" -NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" -NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" -NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" -NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" -NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" -NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" -NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132" -NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence" -NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium" -NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware" -NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200" -NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress" -NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700" -NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100" -NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware" -NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28" -NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007" -NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2" -NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" -NO_GENERIC_LICENSE[Firmware-i2400m] = "LICENCE.i2400m" -NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" -NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" -NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" -NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" -NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" -NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" -NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth" -NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" -NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" -NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" -NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" -NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" -NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" -NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" -NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" -NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" -NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" -NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" -NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" -NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" -NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" -NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" -NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k" -NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3" -NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon" -NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware" -NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt" -NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt" -NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano" -NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware" -NO_GENERIC_LICENSE[Firmware-tda7706-firmware] = "LICENCE.tda7706-firmware.txt" -NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity" -NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone" -NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware" -NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656" -NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251" -NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000" -NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" -NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" -NO_GENERIC_LICENSE[WHENCE] = "WHENCE" - -PE = "1" - -SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" - -SRC_URI[sha256sum] = "eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d" - -inherit allarch - -CLEANBROKEN = "1" - -do_compile() { - : -} - -do_install() { - oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install - cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ -} - - -PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ - ${PN}-mt7601u-license ${PN}-mt7601u \ - ${PN}-radeon-license ${PN}-radeon \ - ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ - ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ - ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ - ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ - ${PN}-vt6656-license ${PN}-vt6656 \ - ${PN}-rs9113 ${PN}-rs9116 \ - ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ - ${PN}-rtl8168 \ - ${PN}-cypress-license \ - ${PN}-broadcom-license \ - ${PN}-bcm-0bb4-0306 \ - ${PN}-bcm43143 \ - ${PN}-bcm43236b \ - ${PN}-bcm43241b0 \ - ${PN}-bcm43241b4 \ - ${PN}-bcm43241b5 \ - ${PN}-bcm43242a \ - ${PN}-bcm4329 \ - ${PN}-bcm4329-fullmac \ - ${PN}-bcm4330 \ - ${PN}-bcm4334 \ - ${PN}-bcm43340 \ - ${PN}-bcm4335 \ - ${PN}-bcm43362 \ - ${PN}-bcm4339 \ - ${PN}-bcm43430 \ - ${PN}-bcm43430a0 \ - ${PN}-bcm43455 \ - ${PN}-bcm4350 \ - ${PN}-bcm4350c2 \ - ${PN}-bcm4354 \ - ${PN}-bcm4356 \ - ${PN}-bcm4356-pcie \ - ${PN}-bcm43569 \ - ${PN}-bcm43570 \ - ${PN}-bcm4358 \ - ${PN}-bcm43602 \ - ${PN}-bcm4366b \ - ${PN}-bcm4366c \ - ${PN}-bcm4371 \ - ${PN}-bcm4373 \ - ${PN}-bcm43xx \ - ${PN}-bcm43xx-hdr \ - ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \ - ${PN}-gplv2-license ${PN}-carl9170 \ - ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ - \ - ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ - \ - ${PN}-iwlwifi-license ${PN}-iwlwifi \ - ${PN}-iwlwifi-135-6 \ - ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \ - ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \ - ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \ - ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \ - ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \ - ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \ - ${PN}-iwlwifi-7260 \ - ${PN}-iwlwifi-7265 \ - ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ - ${PN}-iwlwifi-9000 \ - ${PN}-iwlwifi-misc \ - ${PN}-ibt-license ${PN}-ibt \ - ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ - ${PN}-ibt-17 \ - ${PN}-ibt-20 \ - ${PN}-ibt-misc \ - ${PN}-i915-license ${PN}-i915 \ - ${PN}-ice-license ${PN}-ice \ - ${PN}-adsp-sst-license ${PN}-adsp-sst \ - ${PN}-bnx2-mips \ - ${PN}-liquidio \ - ${PN}-nvidia-license \ - ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ - ${PN}-nvidia-gpu \ - ${PN}-netronome-license ${PN}-netronome \ - ${PN}-qat ${PN}-qat-license \ - ${PN}-qcom-license \ - ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ - ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ - ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \ - ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ - ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ - ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ - ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ - ${PN}-lt9611uxc ${PN}-lontium-license \ - ${PN}-whence-license \ - ${PN}-license \ - " - -# For atheros -LICENSE_${PN}-ar9170 = "Firmware-atheros_firmware" -LICENSE_${PN}-ath6k = "Firmware-atheros_firmware" -LICENSE_${PN}-ath9k = "Firmware-atheros_firmware" -LICENSE_${PN}-atheros-license = "Firmware-atheros_firmware" - -FILES_${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" -FILES_${PN}-ar9170 = " \ - ${nonarch_base_libdir}/firmware/ar9170*.fw \ -" -FILES_${PN}-ath6k = " \ - ${nonarch_base_libdir}/firmware/ath6k \ -" -FILES_${PN}-ath9k = " \ - ${nonarch_base_libdir}/firmware/ar9271.fw \ - ${nonarch_base_libdir}/firmware/ar7010*.fw \ - ${nonarch_base_libdir}/firmware/htc_9271.fw \ - ${nonarch_base_libdir}/firmware/htc_7010.fw \ - ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \ - ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ -" - -RDEPENDS_${PN}-ar9170 += "${PN}-atheros-license" -RDEPENDS_${PN}-ath6k += "${PN}-atheros-license" -RDEPENDS_${PN}-ath9k += "${PN}-atheros-license" - -# For carl9170 -LICENSE_${PN}-carl9170 = "Firmware-GPLv2" -LICENSE_${PN}-gplv2-license = "Firmware-GPLv2" - -FILES_${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2" -FILES_${PN}-carl9170 = " \ - ${nonarch_base_libdir}/firmware/carl9170*.fw \ -" - -RDEPENDS_${PN}-carl9170 += "${PN}-gplv2-license" - -# For QualCommAthos -LICENSE_${PN}-ar3k = "Firmware-qualcommAthos_ar3k" -LICENSE_${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k" -LICENSE_${PN}-ath10k = "Firmware-qualcommAthos_ath10k" -LICENSE_${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k" -LICENSE_${PN}-qca = "Firmware-qualcommAthos_ath10k" - -FILES_${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k" -FILES_${PN}-ar3k = " \ - ${nonarch_base_libdir}/firmware/ar3k \ -" - -FILES_${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k" -FILES_${PN}-ath10k = " \ - ${nonarch_base_libdir}/firmware/ath10k \ -" - -FILES_${PN}-ath11k = " \ - ${nonarch_base_libdir}/firmware/ath11k \ -" - -FILES_${PN}-qca = " \ - ${nonarch_base_libdir}/firmware/qca \ -" - -RDEPENDS_${PN}-ar3k += "${PN}-ar3k-license" -RDEPENDS_${PN}-ath10k += "${PN}-ath10k-license" -RDEPENDS_${PN}-ath11k += "${PN}-ath10k-license" -RDEPENDS_${PN}-qca += "${PN}-ath10k-license" - -# For ralink -LICENSE_${PN}-ralink = "Firmware-ralink-firmware" -LICENSE_${PN}-ralink-license = "Firmware-ralink-firmware" - -FILES_${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt" -FILES_${PN}-ralink = " \ - ${nonarch_base_libdir}/firmware/rt*.bin \ -" - -RDEPENDS_${PN}-ralink += "${PN}-ralink-license" - -# For mediatek MT7601U -LICENSE_${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware" -LICENSE_${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" - -FILES_${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" -FILES_${PN}-mt7601u = " \ - ${nonarch_base_libdir}/firmware/mt7601u.bin \ -" - -RDEPENDS_${PN}-mt7601u += "${PN}-mt7601u-license" - -# For radeon -LICENSE_${PN}-radeon = "Firmware-radeon" -LICENSE_${PN}-radeon-license = "Firmware-radeon" - -FILES_${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon" -FILES_${PN}-radeon = " \ - ${nonarch_base_libdir}/firmware/radeon \ -" - -RDEPENDS_${PN}-radeon += "${PN}-radeon-license" - -# For lontium -LICENSE_${PN}-lt9611uxc = "Firmware-Lontium" - -FILES_${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium" -FILES_${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin" - -# For marvell -LICENSE_${PN}-pcie8897 = "Firmware-Marvell" -LICENSE_${PN}-pcie8997 = "Firmware-Marvell" -LICENSE_${PN}-sd8686 = "Firmware-Marvell" -LICENSE_${PN}-sd8688 = "Firmware-Marvell" -LICENSE_${PN}-sd8787 = "Firmware-Marvell" -LICENSE_${PN}-sd8797 = "Firmware-Marvell" -LICENSE_${PN}-sd8801 = "Firmware-Marvell" -LICENSE_${PN}-sd8887 = "Firmware-Marvell" -LICENSE_${PN}-sd8897 = "Firmware-Marvell" -LICENSE_${PN}-sd8997 = "Firmware-Marvell" -LICENSE_${PN}-usb8997 = "Firmware-Marvell" -LICENSE_${PN}-marvell-license = "Firmware-Marvell" - -FILES_${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell" -FILES_${PN}-pcie8897 = " \ - ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \ -" -FILES_${PN}-pcie8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \ - ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \ - ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \ -" -FILES_${PN}-sd8686 = " \ - ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \ - ${nonarch_base_libdir}/firmware/sd8686* \ -" -FILES_${PN}-sd8688 = " \ - ${nonarch_base_libdir}/firmware/libertas/sd8688* \ - ${nonarch_base_libdir}/firmware/mrvl/sd8688* \ -" -FILES_${PN}-sd8787 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \ -" -FILES_${PN}-sd8797 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \ -" -FILES_${PN}-sd8801 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \ -" -FILES_${PN}-sd8887 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \ -" -FILES_${PN}-sd8897 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \ -" -do_install_append() { - # The kernel 5.6.x driver still uses the old name, provide a symlink for - # older kernels - ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin -} -FILES_${PN}-sd8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \ - ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \ -" -FILES_${PN}-usb8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \ -" - -RDEPENDS_${PN}-sd8686 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8688 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8787 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8797 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8801 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8887 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8897 += "${PN}-marvell-license" -RDEPENDS_${PN}-sd8997 += "${PN}-marvell-license" -RDEPENDS_${PN}-usb8997 += "${PN}-marvell-license" - -# For netronome -LICENSE_${PN}-netronome = "Firmware-netronome" - -FILES_${PN}-netronome-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.Netronome \ -" -FILES_${PN}-netronome = " \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \ - ${nonarch_base_libdir}/firmware/netronome/bpf \ - ${nonarch_base_libdir}/firmware/netronome/flower \ - ${nonarch_base_libdir}/firmware/netronome/nic \ - ${nonarch_base_libdir}/firmware/netronome/nic-sriov \ -" - -RDEPENDS_${PN}-netronome += "${PN}-netronome-license" - -# For Nvidia -LICENSE_${PN}-nvidia-gpu = "Firmware-nvidia" -LICENSE_${PN}-nvidia-tegra = "Firmware-nvidia" -LICENSE_${PN}-nvidia-tegra-k1 = "Firmware-nvidia" -LICENSE_${PN}-nvidia-license = "Firmware-nvidia" - -FILES_${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia" -FILES_${PN}-nvidia-tegra = " \ - ${nonarch_base_libdir}/firmware/nvidia/tegra* \ - ${nonarch_base_libdir}/firmware/nvidia/gm20b \ - ${nonarch_base_libdir}/firmware/nvidia/gp10b \ -" -FILES_${PN}-nvidia-tegra-k1 = " \ - ${nonarch_base_libdir}/firmware/nvidia/tegra124 \ - ${nonarch_base_libdir}/firmware/nvidia/gk20a \ -" -FILES_${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia" - -RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license" -RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license" -RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" - -# For RSI RS911x WiFi -LICENSE_${PN}-rs9113 = "WHENCE" -LICENSE_${PN}-rs9116 = "WHENCE" - -FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " -FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " - -RDEPENDS_${PN}-rs9113 += "${PN}-whence-license" -RDEPENDS_${PN}-rs9116 += "${PN}-whence-license" - -# For rtl -LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware" -LICENSE_${PN}-rtl8168 = "WHENCE" - -FILES_${PN}-rtl-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ -" -FILES_${PN}-rtl8188 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \ -" -FILES_${PN}-rtl8192cu = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \ -" -FILES_${PN}-rtl8192ce = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \ -" -FILES_${PN}-rtl8192su = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \ -" -FILES_${PN}-rtl8723 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \ -" -FILES_${PN}-rtl8821 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ -" -FILES_${PN}-rtl8168 = " \ - ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ -" - -RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license" -RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license" - -# For ti-connectivity -LICENSE_${PN}-wlcommon = "Firmware-ti-connectivity" -LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity" -LICENSE_${PN}-wl18xx = "Firmware-ti-connectivity" -LICENSE_${PN}-ti-connectivity-license = "Firmware-ti-connectivity" - -FILES_${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity" -# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to -# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c -# and drivers/net/wireless/ti/wlcore/spi.c. -# While they're optional and actually only used to override the MAC -# address on wl18xx, driver loading will delay (by udev timout - 60s) -# if not there. So let's make it available always. Because it's a -# symlink, both need to go to wlcommon. -FILES_${PN}-wlcommon = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \ -" -FILES_${PN}-wl12xx = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \ -" -FILES_${PN}-wl18xx = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \ -" - -RDEPENDS_${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" -RDEPENDS_${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" - -# For vt6656 -LICENSE_${PN}-vt6656 = "Firmware-via_vt6656" -LICENSE_${PN}-vt6656-license = "Firmware-via_vt6656" - -FILES_${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656" -FILES_${PN}-vt6656 = " \ - ${nonarch_base_libdir}/firmware/vntwusb.fw \ -" - -RDEPENDS_${PN}-vt6656 = "${PN}-vt6656-license" - -# For broadcom - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u - -LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx" -FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx" - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES - -FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw" -FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw" -FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin" -FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin" -FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin" -FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*" -FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin" -FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin" -FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \ -" -FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin" -FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin" -FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin" -FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin" -FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \ -" -FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*" -FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \ -" -FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" -FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" -FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ -" -FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" -FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \ -" -FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin" -FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \ -" -FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin" -FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin" -FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin" - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done -# Currently 1st one and last 6 have cypress LICENSE - -LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license" -LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx" -RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license" - -# For broadcom cypress - -LICENSE_${PN}-cypress-license = "Firmware-cypress" -FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress" - -FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd" -FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*" -FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*" -FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*" -FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \ -" -FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \ -" -FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ -" - -LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" -RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license" -LICENSE_${PN}-bcm43340 = "Firmware-cypress" -RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license" -LICENSE_${PN}-bcm43362 = "Firmware-cypress" -RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license" -LICENSE_${PN}-bcm43430 = "Firmware-cypress" -RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license" -LICENSE_${PN}-bcm4354 = "Firmware-cypress" -RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license" -LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress" -RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license" -LICENSE_${PN}-bcm4373 = "Firmware-cypress" -RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license" - -# For Broadcom bnx2-mips -# -# which is a separate case to the other Broadcom firmwares since its -# license is contained in the shared WHENCE file. - -LICENSE_${PN}-bnx2-mips = "WHENCE" -LICENSE_${PN}-whence-license = "WHENCE" - -FILES_${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw" -FILES_${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" - -RDEPENDS_${PN}-bnx2-mips += "${PN}-whence-license" - -# For imx-sdma -LICENSE_${PN}-imx-sdma-imx6q = "Firmware-imx-sdma_firmware" -LICENSE_${PN}-imx-sdma-imx7d = "Firmware-imx-sdma_firmware" -LICENSE_${PN}-imx-sdma-license = "Firmware-imx-sdma_firmware" - -FILES_${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin" - -RPROVIDES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" -RREPLACES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" -RCONFLICTS_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" - -FILES_${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin" - -FILES_${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware" - -RDEPENDS_${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license" -RDEPENDS_${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license" - -# For iwlwifi -LICENSE_${PN}-iwlwifi = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-135-6 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-7 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-8 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-9 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-10 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-12 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-13 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-16 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-3160-17 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6000-4 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6050-4 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-6050-5 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-7260 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" -LICENSE_${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" - - -FILES_${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware" -FILES_${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode" -FILES_${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode" -FILES_${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode" -FILES_${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode" -FILES_${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode" -FILES_${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode" -FILES_${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode" -FILES_${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode" -FILES_${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode" -FILES_${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode" -FILES_${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode" -FILES_${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode" -FILES_${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode" -FILES_${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode" -FILES_${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode" -FILES_${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode" -FILES_${PN}-iwlwifi-7260 = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode" -FILES_${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode" -FILES_${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" -FILES_${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" -FILES_${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" -FILES_${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" -FILES_${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" - -RDEPENDS_${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-7 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-8 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-9 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-10 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-12 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-13 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-16 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-3160-17 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6000-4 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6050-4 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-6050-5 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" -RDEPENDS_${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" - -# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi -# firmwares that are not already included in other -iwlwifi- packages. -# -iwlwifi is a virtual package that depends upon all iwlwifi packages. -# These are distinct in order to allow the -misc firmwares to be installed -# without pulling in every other iwlwifi package. -ALLOW_EMPTY_${PN}-iwlwifi = "1" -ALLOW_EMPTY_${PN}-iwlwifi-misc = "1" - -# Handle package updating for the newly merged iwlwifi groupings -RPROVIDES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" -RREPLACES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" -RCONFLICTS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" - -RPROVIDES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" -RREPLACES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" -RCONFLICTS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" - -# For ibt -LICENSE_${PN}-ibt-license = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-11-5 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-12-16 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-20 = "Firmware-ibt_firmware" -LICENSE_${PN}-ibt-misc = "Firmware-ibt_firmware" - -FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" -FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq" -FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" -FILES_${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc" -FILES_${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc" -FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc" -FILES_${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc" -FILES_${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/intel/ibt-*" - -RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-11-5 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-12-16 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-20 = "${PN}-ibt-license" -RDEPENDS_${PN}-ibt-misc = "${PN}-ibt-license" - -ALLOW_EMPTY_${PN}-ibt= "1" -ALLOW_EMPTY_${PN}-ibt-misc = "1" - -LICENSE_${PN}-i915 = "Firmware-i915" -LICENSE_${PN}-i915-license = "Firmware-i915" -FILES_${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" -FILES_${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" -RDEPENDS_${PN}-i915 = "${PN}-i915-license" - -LICENSE_${PN}-ice = "Firmware-ice" -LICENSE_${PN}-ice-license = "Firmware-ice" -FILES_${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" -FILES_${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" -RDEPENDS_${PN}-ice = "${PN}-ice-license" - -FILES_${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" -LICENSE_${PN}-adsp-sst = "Firmware-adsp_sst" -LICENSE_${PN}-adsp-sst-license = "Firmware-adsp_sst" -FILES_${PN}-adsp-sst = "${nonarch_base_libdir}/firmware/intel/dsp_fw*" -RDEPENDS_${PN}-adsp-sst = "${PN}-adsp-sst-license" - -# For QAT -LICENSE_${PN}-qat = "Firmware-qat" -LICENSE_${PN}-qat-license = "Firmware-qat" -FILES_${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware" -FILES_${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" -RDEPENDS_${PN}-qat = "${PN}-qat-license" - -# For QCOM VPU/GPU and SDM845 -LICENSE_${PN}-qcom-license = "Firmware-qcom" -FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" -FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" -FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" -FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" -FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" -FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" -FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" -FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" -FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" -FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" -FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" -FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" -FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" -FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" -FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" -FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" -FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" -RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license" -RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license" - -FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio" - -# For Amlogic VDEC -LICENSE_${PN}-amlogic-vdec = "Firmware-amlogic_vdec" -FILES_${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec" -FILES_${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*" -RDEPENDS_${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license" - -# For other firmwares -# Maybe split out to separate packages when needed. -LICENSE_${PN} = "\ - Firmware-Abilis \ - & Firmware-agere \ - & Firmware-amdgpu \ - & Firmware-amd-ucode \ - & Firmware-amlogic_vdec \ - & Firmware-atmel \ - & Firmware-ca0132 \ - & Firmware-cavium \ - & Firmware-chelsio_firmware \ - & Firmware-cw1200 \ - & Firmware-dib0700 \ - & Firmware-e100 \ - & Firmware-ene_firmware \ - & Firmware-fw_sst_0f28 \ - & Firmware-go7007 \ - & Firmware-hfi1_firmware \ - & Firmware-i2400m \ - & Firmware-ibt_firmware \ - & Firmware-it913x \ - & Firmware-IntcSST2 \ - & Firmware-kaweth \ - & Firmware-moxa \ - & Firmware-myri10ge_firmware \ - & Firmware-nvidia \ - & Firmware-OLPC \ - & Firmware-ath9k-htc \ - & Firmware-phanfw \ - & Firmware-qat \ - & Firmware-qcom \ - & Firmware-qla1280 \ - & Firmware-qla2xxx \ - & Firmware-r8a779x_usb3 \ - & Firmware-radeon \ - & Firmware-ralink_a_mediatek_company_firmware \ - & Firmware-ralink-firmware \ - & Firmware-imx-sdma_firmware \ - & Firmware-siano \ - & Firmware-tda7706-firmware \ - & Firmware-ti-connectivity \ - & Firmware-ti-keystone \ - & Firmware-ueagle-atm4-firmware \ - & Firmware-wl1251 \ - & Firmware-xc4000 \ - & Firmware-xc5000 \ - & Firmware-xc5000c \ - & WHENCE \ -" - -FILES_${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*" -FILES_${PN} += "${nonarch_base_libdir}/firmware/*" -RDEPENDS_${PN} += "${PN}-license" -RDEPENDS_${PN} += "${PN}-whence-license" - -# Make linux-firmware depend on all of the split-out packages. -# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages. -# Make linux-firmware-ibt depend on all of the split-out ibt packages. -python populate_packages_prepend () { - firmware_pkgs = oe.utils.packages_filter_out_system(d) - d.appendVar('RRECOMMENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs)) - - iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs) - d.appendVar('RRECOMMENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs)) - - ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs) - d.appendVar('RRECOMMENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs)) -} - -# Firmware files are generally not ran on the CPU, so they can be -# allarch despite being architecture specific -INSANE_SKIP = "arch" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb new file mode 100644 index 0000000000..7a6cb1903b --- /dev/null +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb @@ -0,0 +1,1068 @@ +SUMMARY = "Firmware files for use with Linux kernel" +HOMEPAGE = "https://www.kernel.org/" +DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \ +that contains firmware binary blobs necessary for partial or full functionality \ +of certain hardware devices." +SECTION = "kernel" + +LICENSE = "\ + Firmware-Abilis \ + & Firmware-adsp_sst \ + & Firmware-agere \ + & Firmware-amdgpu \ + & Firmware-amd-ucode \ + & Firmware-amlogic_vdec \ + & Firmware-atheros_firmware \ + & Firmware-atmel \ + & Firmware-broadcom_bcm43xx \ + & Firmware-ca0132 \ + & Firmware-cavium \ + & Firmware-chelsio_firmware \ + & Firmware-cw1200 \ + & Firmware-cypress \ + & Firmware-dib0700 \ + & Firmware-e100 \ + & Firmware-ene_firmware \ + & Firmware-fw_sst_0f28 \ + & Firmware-go7007 \ + & Firmware-GPLv2 \ + & Firmware-hfi1_firmware \ + & Firmware-i2400m \ + & Firmware-i915 \ + & Firmware-ibt_firmware \ + & Firmware-ice \ + & Firmware-it913x \ + & Firmware-iwlwifi_firmware \ + & Firmware-IntcSST2 \ + & Firmware-kaweth \ + & Firmware-Lontium \ + & Firmware-Marvell \ + & Firmware-moxa \ + & Firmware-myri10ge_firmware \ + & Firmware-netronome \ + & Firmware-nvidia \ + & Firmware-OLPC \ + & Firmware-ath9k-htc \ + & Firmware-phanfw \ + & Firmware-qat \ + & Firmware-qcom \ + & Firmware-qla1280 \ + & Firmware-qla2xxx \ + & Firmware-qualcommAthos_ar3k \ + & Firmware-qualcommAthos_ath10k \ + & Firmware-r8a779x_usb3 \ + & Firmware-radeon \ + & Firmware-ralink_a_mediatek_company_firmware \ + & Firmware-ralink-firmware \ + & Firmware-rtlwifi_firmware \ + & Firmware-imx-sdma_firmware \ + & Firmware-siano \ + & Firmware-tda7706-firmware \ + & Firmware-ti-connectivity \ + & Firmware-ti-keystone \ + & Firmware-ueagle-atm4-firmware \ + & Firmware-via_vt6656 \ + & Firmware-wl1251 \ + & Firmware-xc4000 \ + & Firmware-xc5000 \ + & Firmware-xc5000c \ + & WHENCE \ +" + +LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ + file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ + file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ + file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ + file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ + file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ + file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ + file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ + file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ + file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \ + file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ + file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ + file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ + file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ + file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ + file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \ + file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \ + file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \ + file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \ + file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \ + file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \ + file://LICENCE.i2400m;md5=14b901969e23c41881327c0d9e4b7d36 \ + file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ + file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ + file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ + file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ + file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ + file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \ + file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ + file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ + file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ + file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ + file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ + file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ + file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ + file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ + file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ + file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ + file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ + file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ + file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ + file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ + file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ + file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \ + file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \ + file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \ + file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \ + file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \ + file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \ + file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \ + file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \ + file://LICENCE.tda7706-firmware.txt;md5=835997cf5e3c131d0dddd695c7d9103e \ + file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \ + file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \ + file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \ + file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \ + file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \ + file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ + file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ + file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ + file://WHENCE;md5=45a9c4a92d152e9495db81e1192f2bdc \ + " + +# These are not common licenses, set NO_GENERIC_LICENSE for them +# so that the license files will be copied from fetched source +NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis" +NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst" +NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" +NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" +NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" +NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" +NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" +NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" +NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" +NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132" +NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence" +NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium" +NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware" +NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200" +NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress" +NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700" +NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100" +NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware" +NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28" +NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007" +NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2" +NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" +NO_GENERIC_LICENSE[Firmware-i2400m] = "LICENCE.i2400m" +NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" +NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" +NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" +NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" +NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" +NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" +NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth" +NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" +NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" +NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" +NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" +NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" +NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" +NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" +NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" +NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" +NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" +NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" +NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" +NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" +NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" +NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" +NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k" +NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3" +NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon" +NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware" +NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt" +NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt" +NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano" +NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware" +NO_GENERIC_LICENSE[Firmware-tda7706-firmware] = "LICENCE.tda7706-firmware.txt" +NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity" +NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone" +NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware" +NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656" +NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251" +NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000" +NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" +NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" +NO_GENERIC_LICENSE[WHENCE] = "WHENCE" + +PE = "1" + +SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" + +SRC_URI[sha256sum] = "5938ee717b2023b48f6bfcf344b40ddc947e3e22c0bc36d4c3418f90fea68182" + +inherit allarch + +CLEANBROKEN = "1" + +do_compile() { + : +} + +do_install() { + oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install + cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ +} + + +PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ + ${PN}-mt7601u-license ${PN}-mt7601u \ + ${PN}-radeon-license ${PN}-radeon \ + ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ + ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ + ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ + ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ + ${PN}-vt6656-license ${PN}-vt6656 \ + ${PN}-rs9113 ${PN}-rs9116 \ + ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8168 \ + ${PN}-cypress-license \ + ${PN}-broadcom-license \ + ${PN}-bcm-0bb4-0306 \ + ${PN}-bcm43143 \ + ${PN}-bcm43236b \ + ${PN}-bcm43241b0 \ + ${PN}-bcm43241b4 \ + ${PN}-bcm43241b5 \ + ${PN}-bcm43242a \ + ${PN}-bcm4329 \ + ${PN}-bcm4329-fullmac \ + ${PN}-bcm4330 \ + ${PN}-bcm4334 \ + ${PN}-bcm43340 \ + ${PN}-bcm4335 \ + ${PN}-bcm43362 \ + ${PN}-bcm4339 \ + ${PN}-bcm43430 \ + ${PN}-bcm43430a0 \ + ${PN}-bcm43455 \ + ${PN}-bcm4350 \ + ${PN}-bcm4350c2 \ + ${PN}-bcm4354 \ + ${PN}-bcm4356 \ + ${PN}-bcm4356-pcie \ + ${PN}-bcm43569 \ + ${PN}-bcm43570 \ + ${PN}-bcm4358 \ + ${PN}-bcm43602 \ + ${PN}-bcm4366b \ + ${PN}-bcm4366c \ + ${PN}-bcm4371 \ + ${PN}-bcm4373 \ + ${PN}-bcm43xx \ + ${PN}-bcm43xx-hdr \ + ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \ + ${PN}-gplv2-license ${PN}-carl9170 \ + ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ + \ + ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ + \ + ${PN}-iwlwifi-license ${PN}-iwlwifi \ + ${PN}-iwlwifi-135-6 \ + ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \ + ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \ + ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \ + ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \ + ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \ + ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \ + ${PN}-iwlwifi-7260 \ + ${PN}-iwlwifi-7265 \ + ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ + ${PN}-iwlwifi-9000 \ + ${PN}-iwlwifi-misc \ + ${PN}-ibt-license ${PN}-ibt \ + ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ + ${PN}-ibt-17 \ + ${PN}-ibt-20 \ + ${PN}-ibt-misc \ + ${PN}-i915-license ${PN}-i915 \ + ${PN}-ice-license ${PN}-ice \ + ${PN}-adsp-sst-license ${PN}-adsp-sst \ + ${PN}-bnx2-mips \ + ${PN}-liquidio \ + ${PN}-nvidia-license \ + ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ + ${PN}-nvidia-gpu \ + ${PN}-netronome-license ${PN}-netronome \ + ${PN}-qat ${PN}-qat-license \ + ${PN}-qcom-license \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ + ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ + ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \ + ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ + ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ + ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ + ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ + ${PN}-lt9611uxc ${PN}-lontium-license \ + ${PN}-whence-license \ + ${PN}-license \ + " + +# For atheros +LICENSE_${PN}-ar9170 = "Firmware-atheros_firmware" +LICENSE_${PN}-ath6k = "Firmware-atheros_firmware" +LICENSE_${PN}-ath9k = "Firmware-atheros_firmware" +LICENSE_${PN}-atheros-license = "Firmware-atheros_firmware" + +FILES_${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" +FILES_${PN}-ar9170 = " \ + ${nonarch_base_libdir}/firmware/ar9170*.fw \ +" +FILES_${PN}-ath6k = " \ + ${nonarch_base_libdir}/firmware/ath6k \ +" +FILES_${PN}-ath9k = " \ + ${nonarch_base_libdir}/firmware/ar9271.fw \ + ${nonarch_base_libdir}/firmware/ar7010*.fw \ + ${nonarch_base_libdir}/firmware/htc_9271.fw \ + ${nonarch_base_libdir}/firmware/htc_7010.fw \ + ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \ + ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ +" + +RDEPENDS_${PN}-ar9170 += "${PN}-atheros-license" +RDEPENDS_${PN}-ath6k += "${PN}-atheros-license" +RDEPENDS_${PN}-ath9k += "${PN}-atheros-license" + +# For carl9170 +LICENSE_${PN}-carl9170 = "Firmware-GPLv2" +LICENSE_${PN}-gplv2-license = "Firmware-GPLv2" + +FILES_${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2" +FILES_${PN}-carl9170 = " \ + ${nonarch_base_libdir}/firmware/carl9170*.fw \ +" + +RDEPENDS_${PN}-carl9170 += "${PN}-gplv2-license" + +# For QualCommAthos +LICENSE_${PN}-ar3k = "Firmware-qualcommAthos_ar3k" +LICENSE_${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k" +LICENSE_${PN}-ath10k = "Firmware-qualcommAthos_ath10k" +LICENSE_${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k" +LICENSE_${PN}-qca = "Firmware-qualcommAthos_ath10k" + +FILES_${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k" +FILES_${PN}-ar3k = " \ + ${nonarch_base_libdir}/firmware/ar3k \ +" + +FILES_${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k" +FILES_${PN}-ath10k = " \ + ${nonarch_base_libdir}/firmware/ath10k \ +" + +FILES_${PN}-ath11k = " \ + ${nonarch_base_libdir}/firmware/ath11k \ +" + +FILES_${PN}-qca = " \ + ${nonarch_base_libdir}/firmware/qca \ +" + +RDEPENDS_${PN}-ar3k += "${PN}-ar3k-license" +RDEPENDS_${PN}-ath10k += "${PN}-ath10k-license" +RDEPENDS_${PN}-ath11k += "${PN}-ath10k-license" +RDEPENDS_${PN}-qca += "${PN}-ath10k-license" + +# For ralink +LICENSE_${PN}-ralink = "Firmware-ralink-firmware" +LICENSE_${PN}-ralink-license = "Firmware-ralink-firmware" + +FILES_${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt" +FILES_${PN}-ralink = " \ + ${nonarch_base_libdir}/firmware/rt*.bin \ +" + +RDEPENDS_${PN}-ralink += "${PN}-ralink-license" + +# For mediatek MT7601U +LICENSE_${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE_${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES_${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" +FILES_${PN}-mt7601u = " \ + ${nonarch_base_libdir}/firmware/mt7601u.bin \ +" + +RDEPENDS_${PN}-mt7601u += "${PN}-mt7601u-license" + +# For radeon +LICENSE_${PN}-radeon = "Firmware-radeon" +LICENSE_${PN}-radeon-license = "Firmware-radeon" + +FILES_${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon" +FILES_${PN}-radeon = " \ + ${nonarch_base_libdir}/firmware/radeon \ +" + +RDEPENDS_${PN}-radeon += "${PN}-radeon-license" + +# For lontium +LICENSE_${PN}-lt9611uxc = "Firmware-Lontium" + +FILES_${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium" +FILES_${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin" + +# For marvell +LICENSE_${PN}-pcie8897 = "Firmware-Marvell" +LICENSE_${PN}-pcie8997 = "Firmware-Marvell" +LICENSE_${PN}-sd8686 = "Firmware-Marvell" +LICENSE_${PN}-sd8688 = "Firmware-Marvell" +LICENSE_${PN}-sd8787 = "Firmware-Marvell" +LICENSE_${PN}-sd8797 = "Firmware-Marvell" +LICENSE_${PN}-sd8801 = "Firmware-Marvell" +LICENSE_${PN}-sd8887 = "Firmware-Marvell" +LICENSE_${PN}-sd8897 = "Firmware-Marvell" +LICENSE_${PN}-sd8997 = "Firmware-Marvell" +LICENSE_${PN}-usb8997 = "Firmware-Marvell" +LICENSE_${PN}-marvell-license = "Firmware-Marvell" + +FILES_${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell" +FILES_${PN}-pcie8897 = " \ + ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \ +" +FILES_${PN}-pcie8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \ + ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \ + ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \ +" +FILES_${PN}-sd8686 = " \ + ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \ + ${nonarch_base_libdir}/firmware/sd8686* \ +" +FILES_${PN}-sd8688 = " \ + ${nonarch_base_libdir}/firmware/libertas/sd8688* \ + ${nonarch_base_libdir}/firmware/mrvl/sd8688* \ +" +FILES_${PN}-sd8787 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \ +" +FILES_${PN}-sd8797 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \ +" +FILES_${PN}-sd8801 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \ +" +FILES_${PN}-sd8887 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \ +" +FILES_${PN}-sd8897 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \ +" +do_install_append() { + # The kernel 5.6.x driver still uses the old name, provide a symlink for + # older kernels + ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin +} +FILES_${PN}-sd8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \ + ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \ +" +FILES_${PN}-usb8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \ +" + +RDEPENDS_${PN}-sd8686 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8688 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8787 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8797 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8801 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8887 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8897 += "${PN}-marvell-license" +RDEPENDS_${PN}-sd8997 += "${PN}-marvell-license" +RDEPENDS_${PN}-usb8997 += "${PN}-marvell-license" + +# For netronome +LICENSE_${PN}-netronome = "Firmware-netronome" + +FILES_${PN}-netronome-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.Netronome \ +" +FILES_${PN}-netronome = " \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \ + ${nonarch_base_libdir}/firmware/netronome/bpf \ + ${nonarch_base_libdir}/firmware/netronome/flower \ + ${nonarch_base_libdir}/firmware/netronome/nic \ + ${nonarch_base_libdir}/firmware/netronome/nic-sriov \ +" + +RDEPENDS_${PN}-netronome += "${PN}-netronome-license" + +# For Nvidia +LICENSE_${PN}-nvidia-gpu = "Firmware-nvidia" +LICENSE_${PN}-nvidia-tegra = "Firmware-nvidia" +LICENSE_${PN}-nvidia-tegra-k1 = "Firmware-nvidia" +LICENSE_${PN}-nvidia-license = "Firmware-nvidia" + +FILES_${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia" +FILES_${PN}-nvidia-tegra = " \ + ${nonarch_base_libdir}/firmware/nvidia/tegra* \ + ${nonarch_base_libdir}/firmware/nvidia/gm20b \ + ${nonarch_base_libdir}/firmware/nvidia/gp10b \ +" +FILES_${PN}-nvidia-tegra-k1 = " \ + ${nonarch_base_libdir}/firmware/nvidia/tegra124 \ + ${nonarch_base_libdir}/firmware/nvidia/gk20a \ +" +FILES_${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia" + +RDEPENDS_${PN}-nvidia-gpu += "${PN}-nvidia-license" +RDEPENDS_${PN}-nvidia-tegra += "${PN}-nvidia-license" +RDEPENDS_${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" + +# For RSI RS911x WiFi +LICENSE_${PN}-rs9113 = "WHENCE" +LICENSE_${PN}-rs9116 = "WHENCE" + +FILES_${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " +FILES_${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " + +RDEPENDS_${PN}-rs9113 += "${PN}-whence-license" +RDEPENDS_${PN}-rs9116 += "${PN}-whence-license" + +# For rtl +LICENSE_${PN}-rtl8188 = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8168 = "WHENCE" + +FILES_${PN}-rtl-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ +" +FILES_${PN}-rtl8188 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \ +" +FILES_${PN}-rtl8192cu = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \ +" +FILES_${PN}-rtl8192ce = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \ +" +FILES_${PN}-rtl8192su = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \ +" +FILES_${PN}-rtl8723 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \ +" +FILES_${PN}-rtl8821 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ +" +FILES_${PN}-rtl8168 = " \ + ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ +" + +RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license" + +# For ti-connectivity +LICENSE_${PN}-wlcommon = "Firmware-ti-connectivity" +LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity" +LICENSE_${PN}-wl18xx = "Firmware-ti-connectivity" +LICENSE_${PN}-ti-connectivity-license = "Firmware-ti-connectivity" + +FILES_${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity" +# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to +# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c +# and drivers/net/wireless/ti/wlcore/spi.c. +# While they're optional and actually only used to override the MAC +# address on wl18xx, driver loading will delay (by udev timout - 60s) +# if not there. So let's make it available always. Because it's a +# symlink, both need to go to wlcommon. +FILES_${PN}-wlcommon = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \ +" +FILES_${PN}-wl12xx = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \ +" +FILES_${PN}-wl18xx = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \ +" + +RDEPENDS_${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" +RDEPENDS_${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" + +# For vt6656 +LICENSE_${PN}-vt6656 = "Firmware-via_vt6656" +LICENSE_${PN}-vt6656-license = "Firmware-via_vt6656" + +FILES_${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656" +FILES_${PN}-vt6656 = " \ + ${nonarch_base_libdir}/firmware/vntwusb.fw \ +" + +RDEPENDS_${PN}-vt6656 = "${PN}-vt6656-license" + +# For broadcom + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u + +LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx" +FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx" + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES + +FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw" +FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw" +FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin" +FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin" +FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin" +FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*" +FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin" +FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin" +FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \ +" +FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin" +FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin" +FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin" +FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin" +FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \ +" +FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*" +FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \ +" +FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" +FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" +FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ +" +FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" +FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \ +" +FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin" +FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \ +" +FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin" +FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin" +FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin" + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done +# Currently 1st one and last 6 have cypress LICENSE + +LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license" +LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx" +RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license" + +# For broadcom cypress + +LICENSE_${PN}-cypress-license = "Firmware-cypress" +FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress" + +FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd" +FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*" +FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*" +FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*" +FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \ +" +FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \ +" +FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ +" + +LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" +RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license" +LICENSE_${PN}-bcm43340 = "Firmware-cypress" +RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license" +LICENSE_${PN}-bcm43362 = "Firmware-cypress" +RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license" +LICENSE_${PN}-bcm43430 = "Firmware-cypress" +RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license" +LICENSE_${PN}-bcm4354 = "Firmware-cypress" +RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license" +LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress" +RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license" +LICENSE_${PN}-bcm4373 = "Firmware-cypress" +RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license" + +# For Broadcom bnx2-mips +# +# which is a separate case to the other Broadcom firmwares since its +# license is contained in the shared WHENCE file. + +LICENSE_${PN}-bnx2-mips = "WHENCE" +LICENSE_${PN}-whence-license = "WHENCE" + +FILES_${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw" +FILES_${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" + +RDEPENDS_${PN}-bnx2-mips += "${PN}-whence-license" + +# For imx-sdma +LICENSE_${PN}-imx-sdma-imx6q = "Firmware-imx-sdma_firmware" +LICENSE_${PN}-imx-sdma-imx7d = "Firmware-imx-sdma_firmware" +LICENSE_${PN}-imx-sdma-license = "Firmware-imx-sdma_firmware" + +FILES_${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin" + +RPROVIDES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" +RREPLACES_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" +RCONFLICTS_${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" + +FILES_${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin" + +FILES_${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware" + +RDEPENDS_${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license" +RDEPENDS_${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license" + +# For iwlwifi +LICENSE_${PN}-iwlwifi = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-135-6 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-7 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-8 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-9 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-10 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-12 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-13 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-16 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-3160-17 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6000-4 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6050-4 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-6050-5 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-7260 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" +LICENSE_${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" + + +FILES_${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware" +FILES_${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode" +FILES_${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode" +FILES_${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode" +FILES_${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode" +FILES_${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode" +FILES_${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode" +FILES_${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode" +FILES_${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode" +FILES_${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode" +FILES_${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode" +FILES_${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode" +FILES_${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode" +FILES_${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode" +FILES_${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode" +FILES_${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode" +FILES_${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode" +FILES_${PN}-iwlwifi-7260 = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode" +FILES_${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode" +FILES_${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" +FILES_${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" +FILES_${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" +FILES_${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" +FILES_${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" + +RDEPENDS_${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-7 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-8 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-9 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-10 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-12 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-13 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-16 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-3160-17 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6000-4 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6050-4 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-6050-5 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" +RDEPENDS_${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" + +# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi +# firmwares that are not already included in other -iwlwifi- packages. +# -iwlwifi is a virtual package that depends upon all iwlwifi packages. +# These are distinct in order to allow the -misc firmwares to be installed +# without pulling in every other iwlwifi package. +ALLOW_EMPTY_${PN}-iwlwifi = "1" +ALLOW_EMPTY_${PN}-iwlwifi-misc = "1" + +# Handle package updating for the newly merged iwlwifi groupings +RPROVIDES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" +RREPLACES_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" +RCONFLICTS_${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" + +RPROVIDES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" +RREPLACES_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" +RCONFLICTS_${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" + +# For ibt +LICENSE_${PN}-ibt-license = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-11-5 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-12-16 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-20 = "Firmware-ibt_firmware" +LICENSE_${PN}-ibt-misc = "Firmware-ibt_firmware" + +FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" +FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq" +FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" +FILES_${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc" +FILES_${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc" +FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc" +FILES_${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc" +FILES_${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/intel/ibt-*" + +RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-11-5 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-12-16 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-20 = "${PN}-ibt-license" +RDEPENDS_${PN}-ibt-misc = "${PN}-ibt-license" + +ALLOW_EMPTY_${PN}-ibt= "1" +ALLOW_EMPTY_${PN}-ibt-misc = "1" + +LICENSE_${PN}-i915 = "Firmware-i915" +LICENSE_${PN}-i915-license = "Firmware-i915" +FILES_${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" +FILES_${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" +RDEPENDS_${PN}-i915 = "${PN}-i915-license" + +LICENSE_${PN}-ice = "Firmware-ice" +LICENSE_${PN}-ice-license = "Firmware-ice" +FILES_${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" +FILES_${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" +RDEPENDS_${PN}-ice = "${PN}-ice-license" + +FILES_${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" +LICENSE_${PN}-adsp-sst = "Firmware-adsp_sst" +LICENSE_${PN}-adsp-sst-license = "Firmware-adsp_sst" +FILES_${PN}-adsp-sst = "${nonarch_base_libdir}/firmware/intel/dsp_fw*" +RDEPENDS_${PN}-adsp-sst = "${PN}-adsp-sst-license" + +# For QAT +LICENSE_${PN}-qat = "Firmware-qat" +LICENSE_${PN}-qat-license = "Firmware-qat" +FILES_${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware" +FILES_${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" +RDEPENDS_${PN}-qat = "${PN}-qat-license" + +# For QCOM VPU/GPU and SDM845 +LICENSE_${PN}-qcom-license = "Firmware-qcom" +FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" +FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" +FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" +FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" +FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" +FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" +FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" +FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" +FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" +FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" +FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" +FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" +FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" +FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" +FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" +RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license" +RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license" + +FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio" + +# For Amlogic VDEC +LICENSE_${PN}-amlogic-vdec = "Firmware-amlogic_vdec" +FILES_${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec" +FILES_${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*" +RDEPENDS_${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license" + +# For other firmwares +# Maybe split out to separate packages when needed. +LICENSE_${PN} = "\ + Firmware-Abilis \ + & Firmware-agere \ + & Firmware-amdgpu \ + & Firmware-amd-ucode \ + & Firmware-amlogic_vdec \ + & Firmware-atmel \ + & Firmware-ca0132 \ + & Firmware-cavium \ + & Firmware-chelsio_firmware \ + & Firmware-cw1200 \ + & Firmware-dib0700 \ + & Firmware-e100 \ + & Firmware-ene_firmware \ + & Firmware-fw_sst_0f28 \ + & Firmware-go7007 \ + & Firmware-hfi1_firmware \ + & Firmware-i2400m \ + & Firmware-ibt_firmware \ + & Firmware-it913x \ + & Firmware-IntcSST2 \ + & Firmware-kaweth \ + & Firmware-moxa \ + & Firmware-myri10ge_firmware \ + & Firmware-nvidia \ + & Firmware-OLPC \ + & Firmware-ath9k-htc \ + & Firmware-phanfw \ + & Firmware-qat \ + & Firmware-qcom \ + & Firmware-qla1280 \ + & Firmware-qla2xxx \ + & Firmware-r8a779x_usb3 \ + & Firmware-radeon \ + & Firmware-ralink_a_mediatek_company_firmware \ + & Firmware-ralink-firmware \ + & Firmware-imx-sdma_firmware \ + & Firmware-siano \ + & Firmware-tda7706-firmware \ + & Firmware-ti-connectivity \ + & Firmware-ti-keystone \ + & Firmware-ueagle-atm4-firmware \ + & Firmware-wl1251 \ + & Firmware-xc4000 \ + & Firmware-xc5000 \ + & Firmware-xc5000c \ + & WHENCE \ +" + +FILES_${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*" +FILES_${PN} += "${nonarch_base_libdir}/firmware/*" +RDEPENDS_${PN} += "${PN}-license" +RDEPENDS_${PN} += "${PN}-whence-license" + +# Make linux-firmware depend on all of the split-out packages. +# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages. +# Make linux-firmware-ibt depend on all of the split-out ibt packages. +python populate_packages_prepend () { + firmware_pkgs = oe.utils.packages_filter_out_system(d) + d.appendVar('RRECOMMENDS_linux-firmware', ' ' + ' '.join(firmware_pkgs)) + + iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs) + d.appendVar('RRECOMMENDS_linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs)) + + ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs) + d.appendVar('RRECOMMENDS_linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs)) +} + +# Firmware files are generally not ran on the CPU, so they can be +# allarch despite being architecture specific +INSANE_SKIP = "arch" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 9e8281c7a1..523ace3e14 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "e92d76afe6d8592917c0e7b948912c085e661df2" -SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" +SRCREV_machine ?= "40423bc7ab2cc609f955a3dc16a0d854c1504ce3" +SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.172" +LINUX_VERSION ?= "5.4.178" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index a75570df93..35177d4f6c 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.172" +LINUX_VERSION ?= "5.4.178" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "10b4756eee78aa43ff9ed64da700ec6e8d97ff22" -SRCREV_machine ?= "6ab93fdc53b64e146e4f16363375c1beb37b82e4" -SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" +SRCREV_machine_qemuarm ?= "f6e09845d8bf3c307da395497b21c1ff17ef575c" +SRCREV_machine ?= "a7ba52065be4401b5d73b6b020770f7d260b7bf1" +SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 2d7f7559e5..081052d87c 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "8de1da3dc354dedef2e435e694eec6d6e72c9822" -SRCREV_machine_qemuarm64 ?= "eed7c0a64f3a7a91a130bc2e507304dc8b446a31" -SRCREV_machine_qemumips ?= "996a9660e4fab70db5cecec9c831141cd03c3d36" -SRCREV_machine_qemuppc ?= "0197cf5754b1bd4eb035c342af9cc27e8c3339ca" -SRCREV_machine_qemuriscv64 ?= "c6b015510134942076c0e111e56357656acf3dd5" -SRCREV_machine_qemux86 ?= "c6b015510134942076c0e111e56357656acf3dd5" -SRCREV_machine_qemux86-64 ?= "c6b015510134942076c0e111e56357656acf3dd5" -SRCREV_machine_qemumips64 ?= "fe2769a7c268ed224ec70fd2aaab850e4eef70dc" -SRCREV_machine ?= "c6b015510134942076c0e111e56357656acf3dd5" -SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8" +SRCREV_machine_qemuarm ?= "b3ee7c62bf5a5ce3c7e30aff6c3dd9f70a847a28" +SRCREV_machine_qemuarm64 ?= "bf6581eba15cb43af60fda7053edaf66990c18ac" +SRCREV_machine_qemumips ?= "05580fff716df568dc3f737b288e0e514a908572" +SRCREV_machine_qemuppc ?= "0a016b0775980f67d686e47cc8637adec46856dc" +SRCREV_machine_qemuriscv64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_machine_qemux86 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_machine_qemux86-64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_machine_qemumips64 ?= "68f35eeca08d2a681495fd3a7b823ac34d9a97bc" +SRCREV_machine ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.172" +LINUX_VERSION ?= "5.4.178" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index e04047e85a..9c9bf1647f 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -267,7 +267,7 @@ RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-archive =+ "bash" RDEPENDS_${PN}-python =+ "bash python3 python3-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" -RDEPENDS_${PN}-tests =+ "python3" +RDEPENDS_${PN}-tests =+ "python3 bash" RSUGGESTS_SCRIPTING = "${@bb.utils.contains('PACKAGECONFIG', 'scripting', '${PN}-perl ${PN}-python', '',d)}" RSUGGESTS_${PN} += "${PN}-archive ${PN}-tests ${RSUGGESTS_SCRIPTING}" diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb deleted file mode 100644 index 376311804e..0000000000 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "Wireless Central Regulatory Domain Database" -HOMEPAGE = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda" -SECTION = "net" -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" - -SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "cff370c410d1e6d316ae0a7fa8ac6278fdf1efca5d3d664aca7cfd2aafa54446" - -inherit bin_package allarch - -do_install() { - install -d -m0755 ${D}${nonarch_libdir}/crda - install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys - install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin - install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem - - install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db - install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s -} - -# Install static regulatory DB in /lib/firmware for kernel to load. -# This requires Linux kernel >= v4.15. -# For kernel <= v4.14, inherit the kernel_wireless_regdb.bbclass -# (in meta-networking) in kernel's recipe. -PACKAGES = "${PN}-static ${PN}" -RCONFLICTS_${PN} = "${PN}-static" - -FILES_${PN}-static = " \ - ${nonarch_base_libdir}/firmware/regulatory.db \ - ${nonarch_base_libdir}/firmware/regulatory.db.p7s \ -" - -# Native users might want to use the source of regulatory DB. -# This is for example used by Linux kernel <= v4.14 and -# kernel_wireless_regdb.bbclass in meta-networking. -do_install_append_class-native() { - install -m 0644 -D db.txt ${D}${libdir}/crda/db.txt -} - -RSUGGESTS_${PN} = "crda" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb new file mode 100644 index 0000000000..4e6da4cbe1 --- /dev/null +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.02.18.bb @@ -0,0 +1,43 @@ +SUMMARY = "Wireless Central Regulatory Domain Database" +HOMEPAGE = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda" +SECTION = "net" +LICENSE = "ISC" +LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" + +SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" +SRC_URI[sha256sum] = "8828c25a4ee25020044004f57374bb9deac852809fad70f8d3d01770bf9ac97f" + +inherit bin_package allarch + +do_install() { + install -d -m0755 ${D}${nonarch_libdir}/crda + install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys + install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin + install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem + + install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db + install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s +} + +# Install static regulatory DB in /lib/firmware for kernel to load. +# This requires Linux kernel >= v4.15. +# For kernel <= v4.14, inherit the kernel_wireless_regdb.bbclass +# (in meta-networking) in kernel's recipe. +PACKAGES = "${PN}-static ${PN}" +RCONFLICTS_${PN} = "${PN}-static" + +FILES_${PN}-static = " \ + ${nonarch_base_libdir}/firmware/regulatory.db \ + ${nonarch_base_libdir}/firmware/regulatory.db.p7s \ +" + +# Native users might want to use the source of regulatory DB. +# This is for example used by Linux kernel <= v4.14 and +# kernel_wireless_regdb.bbclass in meta-networking. +do_install_append_class-native() { + install -m 0644 -D db.txt ${D}${libdir}/crda/db.txt +} + +RSUGGESTS_${PN} = "crda" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch new file mode 100644 index 0000000000..31f867e000 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch @@ -0,0 +1,52 @@ +From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 25 Jan 2022 16:25:28 +0000 +Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where + count is required (fixes #355) + +CVE: CVE-2022-22844 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64] +Signed-off-by: Purushottam Choudhary +Signed-off-by: Purushottam Choudhary +Comments: Add header stdint.h in tiffset.c explicitly for UINT16_MAX +--- + tools/tiffset.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index 8c9e23c5..e7a88c09 100644 +--- a/tools/tiffset.c ++++ b/tools/tiffset.c +@@ -33,6 +33,7 @@ + #include + #include + ++#include + #include "tiffio.h" + + static char* usageMsg[] = { +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++ if(TIFFFieldPassCount( fip )) { ++ size_t len; ++ len = strlen(argv[arg_index]) + 1; ++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), ++ (uint16_t)len, argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } else { ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; +-- +GitLab diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch new file mode 100644 index 0000000000..01ed5dcd24 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch @@ -0,0 +1,28 @@ +From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sat, 5 Feb 2022 20:36:41 +0100 +Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +Upstream-Status: Backport +CVE: CVE-2022-0562 +Signed-off-by: Sana Kazi +Comment: Refreshed patch +--- + libtiff/tif_dirread.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 2bbc4585..23194ced 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -4126,7 +4126,8 @@ + goto bad; + } + +- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); ++ if (old_extrasamples > 0) ++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); + _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); + _TIFFfree(new_sampleinfo); + } diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch new file mode 100644 index 0000000000..fc5d0ab5f4 --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch @@ -0,0 +1,30 @@ +From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sun, 6 Feb 2022 13:08:38 +0100 +Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #362) + +Upstream-Status: Backport +CVE: CVE-2022-0561 +Signed-off-by: Sana Kazi +Comment: Refreshed patch +--- + libtiff/tif_dirread.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 23194ced..50ebf8ac 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -5683,8 +5682,9 @@ + _TIFFfree(data); + return(0); + } +- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); +- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); ++ if( dir->tdir_count ) ++ _TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64)); ++ _TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64)); + _TIFFfree(data); + data=resizeddata; + } diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 43f210111d..9db247ecc7 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -15,6 +15,9 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ file://CVE-2020-35521_and_CVE-2020-35522.patch \ + file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \ + file://561599c99f987dc32ae110370cfdd7df7975586b.patch \ + file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" diff --git a/poky/meta/recipes-sato/puzzles/puzzles_git.bb b/poky/meta/recipes-sato/puzzles/puzzles_git.bb index 2edc9ada2e..3ee441998d 100644 --- a/poky/meta/recipes-sato/puzzles/puzzles_git.bb +++ b/poky/meta/recipes-sato/puzzles/puzzles_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libxt" # The libxt requires x11 in DISTRO_FEATURES REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=master \ +SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=main \ file://fix-compiling-failure-with-option-g-O.patch \ file://0001-palisade-Fix-warnings-with-clang-on-arm.patch \ file://0001-Use-Wno-error-format-overflow-if-the-compiler-suppor.patch \ diff --git a/poky/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch b/poky/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch new file mode 100644 index 0000000000..46c706931b --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch @@ -0,0 +1,32 @@ +From f9d0e594d43afcb4ab0043117249feb266ba4515 Mon Sep 17 00:00:00 2001 +From: Romain Geissler +Date: Tue, 10 Aug 2021 14:22:28 +0000 +Subject: [PATCH] Fix -Wsign-compare warning with glibc 2.34 on Linux + platforms. + +In file included from /data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/thread_only.hpp:17, + from /data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/thread.hpp:12, + from src/GetTest.cpp:12: +/data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/pthread/thread_data.hpp: In member function 'void boost::thread_attributes::set_stack_size(std::size_t)': +/data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/pthread/thread_data.hpp:61:19: error: comparison of integer expressions of different signedness: 'std::size_t' {aka 'long unsigned int'} and 'long int' [-Werror=sign-compare] + 61 | if (size(PTHREAD_STACK_MIN)) size=PTHREAD_STACK_MIN; + #endif + size = ((size+page_size-1)/page_size)*page_size; + int res = pthread_attr_setstacksize(&val_, size); diff --git a/poky/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch b/poky/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch new file mode 100644 index 0000000000..3784cf9165 --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch @@ -0,0 +1,24 @@ +From 74fb0a26099bc51d717f5f154b37231ce7df3e98 Mon Sep 17 00:00:00 2001 +From: Rob Boehne +Date: Wed, 20 Nov 2019 11:25:20 -0600 +Subject: [PATCH] Revert change to elide a warning that caused Solaris builds + to fail. + +Upstream-Status: Backport [1.73.0 https://github.com/boostorg/thread/commit/74fb0a26099bc51d717f5f154b37231ce7df3e98] +--- + boost/thread/pthread/thread_data.hpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/boost/thread/pthread/thread_data.hpp b/boost/thread/pthread/thread_data.hpp +index aefbeb43..bc9b1367 100644 +--- a/boost/thread/pthread/thread_data.hpp ++++ b/boost/thread/pthread/thread_data.hpp +@@ -57,7 +57,7 @@ namespace boost + #else + std::size_t page_size = ::sysconf( _SC_PAGESIZE); + #endif +-#if PTHREAD_STACK_MIN > 0 ++#ifdef PTHREAD_STACK_MIN + if (size +Date: Tue, 21 Apr 2020 21:28:32 +0100 +Subject: [PATCH] Rewrite recursion into iteration (Tarjan's SCC algorithm and + YYFILL states). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Stack overflow reported by Agostino Sarubbo. +Related to #219 "overflow-1.re test fails on system with small stack". + +Upstram-Status: Backport: +https://github.com/skvadrik/re2c/commit/fd634998f813340768c333cdad638498602856e5 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/dfa/fillpoints.cc b/src/dfa/fillpoints.cc +--- a/src/dfa/fillpoints.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/dfa/fillpoints.cc (date 1646929180243) +@@ -5,151 +5,186 @@ + + #include "src/dfa/dfa.h" + +-namespace re2c +-{ ++ ++/* ++ * note [finding strongly connected components of DFA] ++ * ++ * A slight modification of Tarjan's algorithm. ++ * ++ * The algorithm traverses the DFA in depth-first order. It maintains a stack ++ * of states that have already been visited but haven't been assigned to an SCC ++ * yet. For each state the algorithm calculates 'lowlink': index of the highest ++ * ancestor state reachable in one step from a descendant of this state. ++ * Lowlink is used to determine when a set of states should be popped off stack ++ * into a new SCC. ++ * ++ * We use lowlink to hold different kinds of information: ++ * - values in range [0 .. stack size] mean that the state is on stack (a ++ * link to a state with the smallest index reachable from this one) ++ * - SCC_UND means that this state has not been visited yet ++ * - SCC_INF means that this state has already been popped off stack ++ * ++ * We use stack size (rather than topological sort index) as a unique index of ++ * the state on stack. This is safe because the indices of states on stack are ++ * unique and less than the indices of states that have been popped off stack ++ * (SCC_INF). ++ */ ++ ++namespace re2c { ++ namespace { + +-static const size_t SCC_INF = std::numeric_limits::max(); +-static const size_t SCC_UND = SCC_INF - 1; ++ static const size_t SCC_INF = std::numeric_limits::max(); ++ static const size_t SCC_UND = SCC_INF - 1; + +-static bool loopback(size_t node, size_t narcs, const size_t *arcs) +-{ +- for (size_t i = 0; i < narcs; ++i) +- { +- if (arcs[i] == node) +- { +- return true; +- } +- } +- return false; +-} ++ static bool loopback(size_t state, size_t narcs, const size_t *arcs) ++ { ++ for (size_t i = 0; i < narcs; ++i) { ++ if (arcs[i] == state) return true; ++ } ++ return false; ++ } + +-/* +- * node [finding strongly connected components of DFA] +- * +- * A slight modification of Tarjan's algorithm. +- * +- * The algorithm walks graph in deep-first order. It maintains a stack +- * of nodes that have already been visited but haven't been assigned to +- * SCC yet. For each node the algorithm calculates 'lowlink': index of +- * the highest ancestor node reachable in one step from a descendant of +- * the node. Lowlink is used to determine when a set of nodes should be +- * popped off the stack into a new SCC. +- * +- * We use lowlink to hold different kinds of information: +- * - values in range [0 .. stack size] mean that this node is on stack +- * (link to a node with the smallest index reachable from this one) +- * - SCC_UND means that this node has not been visited yet +- * - SCC_INF means that this node has already been popped off stack +- * +- * We use stack size (rather than topological sort index) as unique index +- * of a node on stack. This is safe because indices of nodes on stack are +- * still unique and less than indices of nodes that have been popped off +- * stack (SCC_INF). +- * +- */ +-static void scc( +- const dfa_t &dfa, +- std::stack &stack, +- std::vector &lowlink, +- std::vector &trivial, +- size_t i) +-{ +- const size_t link = stack.size(); +- lowlink[i] = link; +- stack.push(i); ++ struct StackItem { ++ size_t state; // current state ++ size_t symbol; // next arc to be visited in this state ++ size_t link; // Tarjan's "lowlink" ++ }; ++ ++// Tarjan's algorithm ++ static void scc(const dfa_t &dfa, std::vector &trivial, ++ std::vector &stack_dfs) ++ { ++ std::vector lowlink(dfa.states.size(), SCC_UND); ++ std::stack stack; ++ ++ StackItem x0 = {0, 0, 0}; ++ stack_dfs.push_back(x0); ++ ++ while (!stack_dfs.empty()) { ++ const size_t i = stack_dfs.back().state; ++ size_t c = stack_dfs.back().symbol; ++ size_t link = stack_dfs.back().link; ++ stack_dfs.pop_back(); ++ ++ const size_t *arcs = dfa.states[i]->arcs; ++ ++ if (c == 0) { ++ // DFS recursive enter ++ //DASSERT(lowlink[i] == SCC_UND); ++ link = lowlink[i] = stack.size(); ++ stack.push(i); ++ } ++ else { ++ // DFS recursive return (from one of successor states) ++ const size_t j = arcs[c - 1]; ++ //DASSERT(lowlink[j] != SCC_UND); ++ lowlink[i] = std::min(lowlink[i], lowlink[j]); ++ } + +- const size_t *arcs = dfa.states[i]->arcs; +- for (size_t c = 0; c < dfa.nchars; ++c) +- { +- const size_t j = arcs[c]; +- if (j != dfa_t::NIL) +- { +- if (lowlink[j] == SCC_UND) +- { +- scc(dfa, stack, lowlink, trivial, j); +- } +- if (lowlink[j] < lowlink[i]) +- { +- lowlink[i] = lowlink[j]; +- } +- } +- } ++ // find the next successor state that hasn't been visited yet ++ for (; c < dfa.nchars; ++c) { ++ const size_t j = arcs[c]; ++ if (j != dfa_t::NIL) { ++ if (lowlink[j] == SCC_UND) { ++ break; ++ } ++ lowlink[i] = std::min(lowlink[i], lowlink[j]); ++ } ++ } + +- if (lowlink[i] == link) +- { +- // SCC is non-trivial (has loops) iff it either: +- // - consists of multiple nodes (they all must be interconnected) +- // - consists of single node which loops back to itself +- trivial[i] = i == stack.top() +- && !loopback(i, dfa.nchars, arcs); ++ if (c < dfa.nchars) { ++ // recurse into the next successor state ++ StackItem x1 = {i, c + 1, link}; ++ stack_dfs.push_back(x1); ++ StackItem x2 = {arcs[c], 0, SCC_UND}; ++ stack_dfs.push_back(x2); ++ } ++ else if (lowlink[i] == link) { ++ // all successors have been visited ++ // SCC is non-trivial (has loops) if either: ++ // - it contains multiple interconnected states ++ // - it contains a single self-looping state ++ trivial[i] = i == stack.top() && !loopback(i, dfa.nchars, arcs); + +- size_t j; +- do +- { +- j = stack.top(); +- stack.pop(); +- lowlink[j] = SCC_INF; +- } +- while (j != i); +- } +-} ++ for (;;) { ++ const size_t j = stack.top(); ++ stack.pop(); ++ lowlink[j] = SCC_INF; ++ if (i == j) break; ++ } ++ } ++ } ++ } + +-static void calc_fill( +- const dfa_t &dfa, +- const std::vector &trivial, +- std::vector &fill, +- size_t i) +-{ +- if (fill[i] == SCC_UND) +- { +- fill[i] = 0; +- const size_t *arcs = dfa.states[i]->arcs; +- for (size_t c = 0; c < dfa.nchars; ++c) +- { +- const size_t j = arcs[c]; +- if (j != dfa_t::NIL) +- { +- calc_fill(dfa, trivial, fill, j); +- size_t max = 1; +- if (trivial[j]) +- { +- max += fill[j]; +- } +- if (max > fill[i]) +- { +- fill[i] = max; +- } +- } +- } +- } +-} +- +-void fillpoints(const dfa_t &dfa, std::vector &fill) +-{ +- const size_t size = dfa.states.size(); +- +- // find DFA states that belong to non-trivial SCC +- std::stack stack; +- std::vector lowlink(size, SCC_UND); +- std::vector trivial(size, false); +- scc(dfa, stack, lowlink, trivial, 0); +- +- // for each DFA state, calculate YYFILL argument: +- // maximal path length to the next YYFILL state +- fill.resize(size, SCC_UND); +- calc_fill(dfa, trivial, fill, 0); ++ static void calc_fill(const dfa_t &dfa, const std::vector &trivial, ++ std::vector &stack_dfs, std::vector &fill) ++ { ++ const size_t nstates = dfa.states.size(); ++ fill.resize(nstates, SCC_UND); ++ ++ StackItem x0 = {0, 0, SCC_INF}; ++ stack_dfs.push_back(x0); ++ ++ while (!stack_dfs.empty()) { ++ const size_t i = stack_dfs.back().state; ++ size_t c = stack_dfs.back().symbol; ++ stack_dfs.pop_back(); ++ ++ const size_t *arcs = dfa.states[i]->arcs; ++ ++ if (c == 0) { ++ // DFS recursive enter ++ if (fill[i] != SCC_UND) continue; ++ fill[i] = 0; ++ } ++ else { ++ // DFS recursive return (from one of successor states) ++ const size_t j = arcs[c - 1]; ++ //DASSERT(fill[i] != SCC_UND && fill[j] != SCC_UND); ++ fill[i] = std::max(fill[i], 1 + (trivial[j] ? fill[j] : 0)); ++ } ++ ++ // find the next successor state that hasn't been visited yet ++ for (; c < dfa.nchars; ++c) { ++ const size_t j = arcs[c]; ++ if (j != dfa_t::NIL) break; ++ } ++ ++ if (c < dfa.nchars) { ++ // recurse into the next successor state ++ StackItem x1 = {i, c + 1, SCC_INF}; ++ stack_dfs.push_back(x1); ++ StackItem x2 = {arcs[c], 0, SCC_INF}; ++ stack_dfs.push_back(x2); ++ } ++ } + +- // The following states must trigger YYFILL: +- // - inital state +- // - all states in non-trivial SCCs +- // for other states, reset YYFILL argument to zero +- for (size_t i = 1; i < size; ++i) +- { +- if (trivial[i]) +- { +- fill[i] = 0; +- } +- } +-} ++ // The following states must trigger YYFILL: ++ // - inital state ++ // - all states in non-trivial SCCs ++ // for other states, reset YYFILL argument to zero ++ for (size_t i = 1; i < nstates; ++i) { ++ if (trivial[i]) { ++ fill[i] = 0; ++ } ++ } ++ } + ++ } // anonymous namespace ++ ++ void fillpoints(const dfa_t &dfa, std::vector &fill) ++ { ++ const size_t nstates = dfa.states.size(); ++ std::vector trivial(nstates, false); ++ std::vector stack_dfs; ++ stack_dfs.reserve(nstates); ++ ++ // find DFA states that belong to non-trivial SCC ++ scc(dfa, trivial, stack_dfs); ++ ++ // for each DFA state, calculate YYFILL argument: ++ // maximal path length to the next YYFILL state ++ calc_fill(dfa, trivial, stack_dfs, fill); ++ } ++ + } // namespace re2c diff --git a/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch new file mode 100644 index 0000000000..820a6decbc --- /dev/null +++ b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-2.patch @@ -0,0 +1,243 @@ +From 7b5643476bd99c994c4f51b8143f942982d85521 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Wed, 22 Apr 2020 22:37:24 +0100 +Subject: [PATCH] Rewrite recursion into iteration (fixed tags computation). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstream-Stauts: Backport: +https://github.com/skvadrik/re2c/commit/7b5643476bd99c994c4f51b8143f942982d85521 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/re/tag.cc b/src/re/tag.cc +--- a/src/re/tag.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/tag.cc (date 1646986908580) +@@ -6,7 +6,7 @@ + { + + const size_t Tag::RIGHTMOST = std::numeric_limits::max(); +-const size_t Tag::VARDIST = std::numeric_limits::max(); ++const uint32_t Tag::VARDIST = std::numeric_limits::max(); + const size_t Tag::FICTIVE = Tag::RIGHTMOST - 1; + + } // namespace re2c + + +diff --git a/src/re/tag.h b/src/re/tag.h +--- a/src/re/tag.h (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/tag.h (date 1646986922376) +@@ -19,7 +19,7 @@ + struct Tag + { + static const size_t RIGHTMOST; +- static const size_t VARDIST; ++ static const uint32_t VARDIST; + static const size_t FICTIVE; + + const std::string *name; + + +diff --git a/src/re/fixed_tags.cc b/src/re/fixed_tags.cc +--- a/src/re/fixed_tags.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/fixed_tags.cc (date 1646991137317) +@@ -7,78 +7,131 @@ + #include "src/re/tag.h" + + namespace re2c { ++namespace { + + /* note [fixed and variable tags] + * +- * If distance between two tags is constant (equal for all strings that +- * match the given regexp), then lexer only needs to track one of them: +- * the second tag equals the first tag plus static offset. ++ * If distance between two tags is constant (equal for all strings that match ++ * the given regexp), then lexer only needs to track one of them: the second ++ * tag equals the first tag plus static offset. + * +- * However, this optimization is applied only to tags in top-level +- * concatenation, because other tags may be uninitialized and we don't +- * want to mess with conditional calculation of fixed tags. +- * ++ * This optimization is applied only to tags in top-level concatenation, ++ * because in other cases the base tag may be NULL, and the calculation of ++ * the fixed tag value is not as simple as substracting a fixed offset. + * Furthermore, fixed tags are fobidden with generic API because it cannot +- * express fixed offsets. +- * +- * Tags with history also cannot be fixed. ++ * express fixed offsets. M-tags (with history) also cannot be fixed. + * + * Another special case is fictive tags (those that exist only to impose +- * hierarchical laws of POSIX disambiguation). We treat them as fixed +- * in order to suppress code generation. ++ * hierarchical laws of POSIX disambiguation). We treat them as fixed in order ++ * to suppress code generation. + */ + +-static void find_fixed_tags(RE *re, std::vector &tags, +- size_t &dist, size_t &base, bool toplevel) ++struct StackItem { ++ RE *re; // current sub-RE ++ uint32_t dist; // distance backup for alternative, unused for other RE ++ uint8_t succ; // index of the next successor to be visited ++ bool toplevel; // if this sub-RE is in top-level concatenation ++}; ++ ++static void find_fixed_tags(RESpec &spec, std::vector &stack, RE *re0) + { +- switch (re->type) { +- case RE::NIL: break; +- case RE::SYM: +- if (dist != Tag::VARDIST) ++dist; +- break; +- case RE::ALT: { +- size_t d1 = dist, d2 = dist; +- find_fixed_tags(re->alt.re1, tags, d1, base, false); +- find_fixed_tags(re->alt.re2, tags, d2, base, false); +- dist = (d1 == d2) ? d1 : Tag::VARDIST; +- break; +- } +- case RE::CAT: +- find_fixed_tags(re->cat.re2, tags, dist, base, toplevel); +- find_fixed_tags(re->cat.re1, tags, dist, base, toplevel); +- break; +- case RE::ITER: +- find_fixed_tags(re->iter.re, tags, dist, base, false); +- dist = Tag::VARDIST; +- break; +- case RE::TAG: { +- // see note [fixed and variable tags] +- Tag &tag = tags[re->tag.idx]; +- if (fictive(tag)) { +- tag.base = tag.dist = 0; +- } else if (toplevel && dist != Tag::VARDIST && !history(tag)) { +- tag.base = base; +- tag.dist = dist; +- } else if (toplevel) { +- base = re->tag.idx; +- dist = 0; +- } +- if (trailing(tag)) dist = 0; +- break; +- } +- } ++ static const uint32_t VARDIST = Tag::VARDIST; ++ bool toplevel = spec.opts->input_api != INPUT_CUSTOM; ++ ++ // base tag, intially the fake "rightmost tag" (the end of RE) ++ size_t base = Tag::RIGHTMOST; ++ ++ // the distance to the nearest top-level tag to the right (base tag) ++ uint32_t dist = 0; ++ ++ const StackItem i0 = {re0, VARDIST, 0, toplevel}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ RE *re = i.re; ++ ++ if (re->type == RE::SYM) { ++ if (dist != VARDIST) ++dist; ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // save the current distance on stack (from the alternative end ++ // to base) and recurse into the left sub-RE ++ StackItem k = {re, dist, 1, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, VARDIST, 0, false}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // save the current distance on stack (from the left sub-RE to ++ // base), reset distance to the distance popped from stack (from ++ // the alternative end to base), recurse into the right sub-RE ++ StackItem k = {re, dist, 2, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re2, VARDIST, 0, false}; ++ stack.push_back(j); ++ dist = i.dist; ++ } ++ else { ++ // both sub-RE visited, compare the distance on stack (from the ++ // left sub-RE to base) to the current distance (from the right ++ // sub-RE to base), if not equal set variable distance ++ dist = (i.dist == dist) ? i.dist : VARDIST; ++ } ++ } ++ else if (re->type == RE::ITER) { ++ if (i.succ == 0) { ++ // recurse into the sub-RE ++ StackItem k = {re, VARDIST, 1, i.toplevel}; ++ stack.push_back(k); ++ StackItem j = {re->iter.re, VARDIST, 0, false}; ++ stack.push_back(j); ++ } ++ else { ++ // sub-RE visited, assume unknown number of iterations ++ // TODO: find precise distance for fixed repetition counter ++ dist = VARDIST; ++ } ++ } ++ else if (re->type == RE::CAT) { ++ // the right sub-RE is pushed on stack after the left sub-RE and ++ // visited earlier (because distance is computed from right to left) ++ StackItem j1 = {re->cat.re1, VARDIST, 0, i.toplevel}; ++ stack.push_back(j1); ++ StackItem j2 = {re->cat.re2, VARDIST, 0, i.toplevel}; ++ stack.push_back(j2); ++ } ++ else if (re->type == RE::TAG) { ++ // see note [fixed and variable tags] ++ Tag &tag = spec.tags[re->tag.idx]; ++ if (fictive(tag)) { ++ tag.base = tag.dist = 0; ++ } ++ else if (i.toplevel && dist != VARDIST && !history(tag)) { ++ tag.base = base; ++ tag.dist = dist; ++ } ++ else if (i.toplevel) { ++ base = re->tag.idx; ++ dist = 0; ++ } ++ if (trailing(tag)) { ++ dist = 0; ++ } ++ } ++ } + } ++ ++} // anonymous namespace + +-void find_fixed_tags(RESpec &spec) +-{ +- const bool generic = spec.opts->input_api == INPUT_CUSTOM; +- std::vector::iterator +- i = spec.res.begin(), +- e = spec.res.end(); +- for (; i != e; ++i) { +- size_t base = Tag::RIGHTMOST, dist = 0; +- find_fixed_tags(*i, spec.tags, dist, base, !generic); +- } +-} ++ void find_fixed_tags(RESpec &spec) ++ { ++ std::vector stack; ++ for (std::vector::iterator i = spec.res.begin(); i != spec.res.end(); ++i) { ++ find_fixed_tags(spec, stack, *i); ++ } ++ } + +-} // namespace re2c ++} // namespace re2c +\ No newline at end of file diff --git a/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch new file mode 100644 index 0000000000..f942e21cba --- /dev/null +++ b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-3.patch @@ -0,0 +1,156 @@ +From 4d9c809355b574f2a58eac119f5e076c48e4d1e2 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Thu, 23 Apr 2020 22:16:51 +0100 +Subject: [PATCH] Rewrite recursion into iteration (nullable RE). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstream-Status: Backport: +https://github.com/skvadrik/re2c/commit/4d9c809355b574f2a58eac119f5e076c48e4d1e2 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/re/nullable.cc b/src/re/nullable.cc +--- a/src/re/nullable.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/re/nullable.cc (date 1647253886226) +@@ -9,43 +9,100 @@ + #include "src/re/tag.h" + + namespace re2c { ++ namespace { ++ ++ struct StackItem { ++ const RE *re; // current sub-RE ++ uint8_t succ; // index of the next sucessor to be visited ++ }; + +-static bool nullable(const RESpec &spec, const RE *re, bool &trail) +-{ +- if (trail) return true; ++ static bool nullable(const RESpec &spec, std::vector &stack, const RE *re0) ++ { ++ // the "nullable" status of the last sub-RE visited by DFS ++ bool null = false; + +- switch (re->type) { +- case RE::NIL: return true; +- case RE::SYM: return false; +- case RE::ITER: +- return nullable(spec, re->iter.re, trail); +- case RE::TAG: +- trail |= trailing(spec.tags[re->tag.idx]); +- return true; +- case RE::ALT: +- return nullable(spec, re->alt.re1, trail) +- || nullable(spec, re->alt.re2, trail); +- case RE::CAT: +- return nullable(spec, re->cat.re1, trail) +- && nullable(spec, re->cat.re2, trail); +- } +- return false; /* unreachable */ +-} ++ const StackItem i0 = {re0, 0}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ ++ const RE *re = i.re; ++ if (re->type == RE::NIL) { ++ null = true; ++ } ++ else if (re->type == RE::SYM) { ++ null = false; ++ } ++ else if (re->type == RE::TAG) { ++ null = true; + +-/* +- * warn about rules that match empty string +- * (including rules with nonempty trailing context) +- * false positives on partially self-shadowed rules like [^]? +- */ +-void warn_nullable(const RESpec &spec, const std::string &cond) +-{ +- const size_t nre = spec.res.size(); +- for (size_t i = 0; i < nre; ++i) { +- bool trail = false; +- if (nullable(spec, spec.res[i], trail)) { +- spec.warn.match_empty_string(spec.rules[i].code->fline, cond); +- } +- } +-} ++ // Trailing context is always in top-level concatenation, and sub-RE ++ // are visited from left to right. Since we are here, sub-RE to the ++ // left of the trailing context is nullable (otherwise we would not ++ // recurse into the right sub-RE), therefore the whole RE is nullable. ++ if (trailing(spec.tags[re->tag.idx])) { ++ //DASSERT(stack.size() == 1 && stack.back().re->type == RE::CAT); ++ stack.pop_back(); ++ break; ++ } ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 1}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, 0}; ++ stack.push_back(j); ++ } ++ else if (!null) { ++ // if the left sub-RE is nullable, so is alternative, so stop ++ // recursion; otherwise recurse into the right sub-RE ++ StackItem j = {re->alt.re2, 0}; ++ stack.push_back(j); ++ } ++ } ++ else if (re->type == RE::CAT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 1}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re1, 0}; ++ stack.push_back(j); ++ } ++ else if (null) { ++ // if the left sub-RE is not nullable, neither is concatenation, ++ // so stop recursion; otherwise recurse into the right sub-RE ++ StackItem j = {re->cat.re2, 0}; ++ stack.push_back(j); ++ } ++ } ++ else if (re->type == RE::ITER) { ++ // iteration is nullable if the sub-RE is nullable ++ // (zero repetitions is represented with alternative) ++ StackItem j = {re->iter.re, 0}; ++ stack.push_back(j); ++ } ++ } ++ ++ //DASSERT(stack.empty()); ++ return null; ++ } ++ ++ } // anonymous namespace ++ ++// Warn about rules that match empty string (including rules with nonempty ++// trailing context). False positives on partially self-shadowed rules like [^]? ++ void warn_nullable(const RESpec &spec, const std::string &cond) ++ { ++ std::vector stack; ++ const size_t nre = spec.res.size(); ++ for (size_t i = 0; i < nre; ++i) { ++ if (nullable(spec, stack, spec.res[i])) { ++ spec.warn.match_empty_string(spec.rules[i].code->fline, cond); ++ } ++ } ++ } + + } // namespace re2c diff --git a/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch new file mode 100644 index 0000000000..ee8d84b1bc --- /dev/null +++ b/poky/meta/recipes-support/re2c/re2c/CVE-2018-21232-4.patch @@ -0,0 +1,166 @@ +From 89be91f3df00657261870adbc590209fdb2bc405 Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich +Date: Thu, 23 Apr 2020 23:02:21 +0100 +Subject: [PATCH] Rewrite recursion into iteration (estimation of NFA size for + RE). + +This is to avoid stack overflow on large RE (especially on instrumented +builds that have larger stack frames, like AddressSanitizer). + +Partial fix for #219 "overflow-1.re test fails on system with small stack". + +Upstram-Status: Backport: +https://github.com/skvadrik/re2c/commit/89be91f3df00657261870adbc590209fdb2bc405 + +CVE: CVE-2018-21232 + +Signed-off-by: Davide Gardenal +--- +diff --git a/src/nfa/estimate_size.cc b/src/nfa/estimate_size.cc +--- a/src/nfa/estimate_size.cc (revision e58939b34bb4c37cd990f82dc286f21cb405743e) ++++ b/src/nfa/estimate_size.cc (date 1647005399735) +@@ -6,41 +6,113 @@ + #include "src/re/re.h" + + namespace re2c { ++namespace { ++ ++struct StackItem { ++ const RE *re; // current sub-RE ++ uint32_t size; // size of the sub-RE (only for alternative and concatenation) ++ uint8_t succ; // index of the next sucessor to be visited ++}; + +-static size_t estimate(const RE *re) ++static uint32_t estimate_re_size(const RE *re0, std::vector &stack) + { +- switch (re->type) { +- case RE::NIL: return 0; +- case RE::SYM: return 1; +- case RE::TAG: return 1; +- case RE::ALT: +- return estimate(re->alt.re1) +- + estimate(re->alt.re2) +- + 1; +- case RE::CAT: +- return estimate(re->cat.re1) +- + estimate(re->cat.re2); +- case RE::ITER: { +- const size_t +- iter = estimate(re->iter.re), +- min = re->iter.min, +- max = re->iter.max; +- return max == AST::MANY +- ? iter * min + 1 +- : iter * max + (max - min); +- } +- } +- return 0; /* unreachable */ +-} ++ // the estimated size of the last sub-RE visited by DFS ++ uint32_t size = 0; ++ ++ const StackItem i0 = {re0, 0, 0}; ++ stack.push_back(i0); ++ ++ while (!stack.empty()) { ++ const StackItem i = stack.back(); ++ stack.pop_back(); ++ ++ const RE *re = i.re; ++ if (re->type == RE::NIL) { ++ size = 0; ++ } ++ else if (re->type == RE::SYM || re->type == RE::TAG) { ++ size = 1; ++ } ++ else if (re->type == RE::ALT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re1, 0, 0}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // recurse into the right sub-RE ++ StackItem k = {re, size, 2}; ++ stack.push_back(k); ++ StackItem j = {re->alt.re2, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // both sub-RE visited, recursive return ++ size = i.size // left sub-RE (saved on stack) ++ + size // right sub-RE (just visited by DFS) ++ + 1; // additional state for alternative ++ } ++ } ++ else if (re->type == RE::CAT) { ++ if (i.succ == 0) { ++ // recurse into the left sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re1, 0, 0}; ++ stack.push_back(j); ++ } ++ else if (i.succ == 1) { ++ // recurse into the right sub-RE ++ StackItem k = {re, size, 2}; ++ stack.push_back(k); ++ StackItem j = {re->cat.re2, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // both sub-RE visited, recursive return ++ size = i.size // left sub-RE (saved on stack) ++ + size; // right sub-RE (just visited by DFS) ++ } ++ } ++ else if (re->type == RE::ITER) { ++ if (i.succ == 0) { ++ // recurse into the sub-RE ++ StackItem k = {re, 0, 1}; ++ stack.push_back(k); ++ StackItem j = {re->iter.re, 0, 0}; ++ stack.push_back(j); ++ } ++ else { ++ // sub-RE visited, recursive return ++ const uint32_t min = re->iter.min, max = re->iter.max; ++ size = max == AST::MANY ++ ? size * min + 1 ++ : size * max + (max - min); ++ } ++ } ++ } ++ ++ //DASSERT(stack.empty()); ++ return size; ++} ++ ++} // anonymous namespace + + size_t estimate_size(const std::vector &res) + { +- const size_t nre = res.size(); +- size_t size = nre - 1; +- for (size_t i = 0; i < nre; ++i) { +- size += estimate(res[i]) + 1; +- } +- return size; ++ std::vector stack; ++ ++ const size_t nre = res.size(); ++ //DASSERT(nre > 0); ++ size_t size = nre - 1; ++ ++ for (size_t i = 0; i < nre; ++i) { ++ size += estimate_re_size(res[i], stack) + 1; ++ } ++ ++ return size; + } + + } // namespace re2c + diff --git a/poky/meta/recipes-support/re2c/re2c_1.0.1.bb b/poky/meta/recipes-support/re2c/re2c_1.0.1.bb index faeb496a1a..ca5c33f151 100644 --- a/poky/meta/recipes-support/re2c/re2c_1.0.1.bb +++ b/poky/meta/recipes-support/re2c/re2c_1.0.1.bb @@ -7,7 +7,11 @@ SECTION = "devel" LICENSE = "PD" LIC_FILES_CHKSUM = "file://README;beginline=146;md5=881056c9add17f8019ccd8c382ba963a" -SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.gz" +SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.gz \ +file://CVE-2018-21232-1.patch \ +file://CVE-2018-21232-2.patch \ +file://CVE-2018-21232-3.patch \ +file://CVE-2018-21232-4.patch" SRC_URI[md5sum] = "e2c6cf52fc6a21595f21bc82db5324f8" SRC_URI[sha256sum] = "605058d18a00e01bfc32aebf83af35ed5b13180b4e9f279c90843afab2c66c7c" UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" diff --git a/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch b/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch deleted file mode 100644 index 28c61cd782..0000000000 --- a/poky/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch +++ /dev/null @@ -1,62 +0,0 @@ -CVE: CVE-2021-3927 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 93b427c6e729260d0700c3b2804ec153bc8284fa Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Thu, 4 Nov 2021 15:10:11 +0000 -Subject: [PATCH] patch 8.2.3581: reading character past end of line - -Problem: Reading character past end of line. -Solution: Correct the cursor column. ---- - src/ex_docmd.c | 1 + - src/testdir/test_put.vim | 12 ++++++++++++ - src/version.c | 2 ++ - 3 files changed, 15 insertions(+) - -diff --git a/src/ex_docmd.c b/src/ex_docmd.c -index fde726477..59e245bee 100644 ---- a/src/ex_docmd.c -+++ b/src/ex_docmd.c -@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap) - eap->forceit = TRUE; - } - curwin->w_cursor.lnum = eap->line2; -+ check_cursor_col(); - do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L, - PUT_LINE|PUT_CURSLINE); - } -diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim -index 225ebd1f3..922e5b269 100644 ---- a/src/testdir/test_put.vim -+++ b/src/testdir/test_put.vim -@@ -113,3 +113,15 @@ func Test_put_p_indent_visual() - call assert_equal('select that text', getline(2)) - bwipe! - endfunc -+ -+func Test_put_above_first_line() -+ new -+ let @" = 'text' -+ silent! normal 0o00 -+ 0put -+ call assert_equal('text', getline(1)) -+ bwipe! -+endfunc -+ -+ -+" vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/version.c b/src/version.c -index a9e8be0e7..df4ec9a47 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3581, - /**/ - 3564, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/poky/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch index 63a7b78f12..2fc11dbdc2 100644 --- a/poky/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch +++ b/poky/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch @@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu src/Makefile | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) -diff --git a/src/Makefile b/src/Makefile -index f2fafa4dc..7148d4bd9 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk -@echo '#include "vim.h"' >> $@ -@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@ -@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@ @@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644 -@sh $(srcdir)/pathdef.sh GUI_GTK_RES_INPUTS = \ --- -2.17.1 - diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch deleted file mode 100644 index ecfae0301e..0000000000 --- a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch +++ /dev/null @@ -1,83 +0,0 @@ -CVE: CVE-2021-3796 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 1160e5f74b229336502fc376416f21108d36cfc2 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Sat, 11 Sep 2021 21:14:20 +0200 -Subject: [PATCH] patch 8.2.3428: using freed memory when replacing - -Problem: Using freed memory when replacing. (Dhiraj Mishra) -Solution: Get the line pointer after calling ins_copychar(). ---- - src/normal.c | 10 +++++++--- - src/testdir/test_edit.vim | 14 ++++++++++++++ - src/version.c | 2 ++ - 3 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/src/normal.c b/src/normal.c -index c4963e621..d6333b948 100644 ---- a/src/normal.c -+++ b/src/normal.c -@@ -5009,19 +5009,23 @@ nv_replace(cmdarg_T *cap) - { - /* - * Get ptr again, because u_save and/or showmatch() will have -- * released the line. At the same time we let know that the -- * line will be changed. -+ * released the line. This may also happen in ins_copychar(). -+ * At the same time we let know that the line will be changed. - */ -- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); - if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y) - { - int c = ins_copychar(curwin->w_cursor.lnum - + (cap->nchar == Ctrl_Y ? -1 : 1)); -+ -+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); - if (c != NUL) - ptr[curwin->w_cursor.col] = c; - } - else -+ { -+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); - ptr[curwin->w_cursor.col] = cap->nchar; -+ } - if (p_sm && msg_silent == 0) - showmatch(cap->nchar); - ++curwin->w_cursor.col; -diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim -index 4e29e7fe1..f94e6c181 100644 ---- a/src/testdir/test_edit.vim -+++ b/src/testdir/test_edit.vim -@@ -1519,3 +1519,17 @@ func Test_edit_noesckeys() - bwipe! - set esckeys - endfunc -+ -+" Test for getting the character of the line below after "p" -+func Test_edit_put_CTRL_E() -+ set encoding=latin1 -+ new -+ let @" = '' -+ sil! norm orggRx -+ sil! norm pr -+ call assert_equal(['r', 'r'], getline(1, 2)) -+ bwipe! -+ set encoding=utf-8 -+endfunc -+ -+" vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/version.c b/src/version.c -index 85bdfc601..1046993d6 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3428, - /**/ - 3409, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch deleted file mode 100644 index d117a98893..0000000000 --- a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch +++ /dev/null @@ -1,63 +0,0 @@ -CVE: CVE-2021-3928 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From ade0f0481969f1453c60e7c8354b00dfe4238739 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Thu, 4 Nov 2021 15:46:05 +0000 -Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving - spell suggestions - -Problem: Reading uninitialized memory when giving spell suggestions. -Solution: Check that preword is not empty. ---- - src/spellsuggest.c | 2 +- - src/testdir/test_spell.vim | 8 ++++++++ - src/version.c | 2 ++ - 3 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/spellsuggest.c b/src/spellsuggest.c -index 9d6df7930..8615d5280 100644 ---- a/src/spellsuggest.c -+++ b/src/spellsuggest.c -@@ -1600,7 +1600,7 @@ suggest_trie_walk( - // char, e.g., "thes," -> "these". - p = fword + sp->ts_fidx; - MB_PTR_BACK(fword, p); -- if (!spell_iswordp(p, curwin)) -+ if (!spell_iswordp(p, curwin) && *preword != NUL) - { - p = preword + STRLEN(preword); - MB_PTR_BACK(preword, p); -diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim -index 79fb8927c..e435e9172 100644 ---- a/src/testdir/test_spell.vim -+++ b/src/testdir/test_spell.vim -@@ -498,6 +498,14 @@ func Test_spell_screendump() - call delete('XtestSpell') - endfunc - -+func Test_spell_single_word() -+ new -+ silent! norm 0R00 -+ spell! ß -+ silent 0norm 0r$ Dvz= -+ bwipe! -+endfunc -+ - let g:test_data_aff1 = [ - \"SET ISO8859-1", - \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ", -diff --git a/src/version.c b/src/version.c -index df4ec9a47..e1bc0d09b 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3582, - /**/ - 3581, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch b/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch deleted file mode 100644 index 58d3442677..0000000000 --- a/poky/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch +++ /dev/null @@ -1,92 +0,0 @@ -CVE: CVE-2021-3973 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From b6154e9f530544ddc3130d981caae0dabc053757 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Wed, 17 Nov 2021 18:00:31 +0000 -Subject: [PATCH] patch 8.2.3611: crash when using CTRL-W f without finding a - file name Problem: Crash when using CTRL-W f without finding - a file name. Solution: Bail out when the file name length is zero. - ---- - src/findfile.c | 8 ++++++++ - src/normal.c | 6 ++++-- - src/testdir/test_visual.vim | 8 ++++++++ - src/version.c | 2 ++ - 4 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/src/findfile.c b/src/findfile.c -index dba547da1..5764fd7b8 100644 ---- a/src/findfile.c -+++ b/src/findfile.c -@@ -1727,6 +1727,9 @@ find_file_in_path_option( - proc->pr_WindowPtr = (APTR)-1L; - # endif - -+ if (len == 0) -+ return NULL; -+ - if (first == TRUE) - { - // copy file name into NameBuff, expanding environment variables -@@ -2094,7 +2097,12 @@ find_file_name_in_path( - int c; - # if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) - char_u *tofree = NULL; -+# endif - -+ if (len == 0) -+ return NULL; -+ -+# if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) - if ((options & FNAME_INCL) && *curbuf->b_p_inex != NUL) - { - tofree = eval_includeexpr(ptr, len); -diff --git a/src/normal.c b/src/normal.c -index 7cb959257..f0084f2ac 100644 ---- a/src/normal.c -+++ b/src/normal.c -@@ -3778,8 +3778,10 @@ get_visual_text( - *pp = ml_get_pos(&VIsual); - *lenp = curwin->w_cursor.col - VIsual.col + 1; - } -- if (has_mbyte) -- // Correct the length to include the whole last character. -+ if (**pp == NUL) -+ *lenp = 0; -+ if (has_mbyte && *lenp > 0) -+ // Correct the length to include all bytes of the last character. - *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1; - } - reset_VIsual_and_resel(); -diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim -index ae281238e..0705fdb57 100644 ---- a/src/testdir/test_visual.vim -+++ b/src/testdir/test_visual.vim -@@ -894,4 +894,12 @@ func Test_block_insert_replace_tabs() - bwipe! - endfunc - -+func Test_visual_block_ctrl_w_f() -+ " Emtpy block selected in new buffer should not result in an error. -+ au! BufNew foo sil norm f -+ edit foo -+ -+ au! BufNew -+endfunc -+ - " vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/version.c b/src/version.c -index 52be3c39d..59a314b3a 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3611, - /**/ - 3582, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch b/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch deleted file mode 100644 index 576664f436..0000000000 --- a/poky/meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch +++ /dev/null @@ -1,86 +0,0 @@ -CVE: CVE-2021-3872 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 61629ea24a2fff1f89c37479d3fb52f17c3480fc Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Fri, 8 Oct 2021 18:39:28 +0100 -Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very - long - -Problem: Illegal memory access if buffer name is very long. -Solution: Make sure not to go over the end of the buffer. ---- - src/drawscreen.c | 10 +++++----- - src/testdir/test_statusline.vim | 11 +++++++++++ - src/version.c | 2 ++ - 3 files changed, 18 insertions(+), 5 deletions(-) - -diff --git a/src/drawscreen.c b/src/drawscreen.c -index 3a88ee979..9acb70552 100644 ---- a/src/drawscreen.c -+++ b/src/drawscreen.c -@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) - *(p + len++) = ' '; - if (bt_help(wp->w_buffer)) - { -- STRCPY(p + len, _("[Help]")); -+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); - len += (int)STRLEN(p + len); - } - #ifdef FEAT_QUICKFIX - if (wp->w_p_pvw) - { -- STRCPY(p + len, _("[Preview]")); -+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); - len += (int)STRLEN(p + len); - } - #endif -@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) - #endif - ) - { -- STRCPY(p + len, "[+]"); -- len += 3; -+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); -+ len += (int)STRLEN(p + len); - } - if (wp->w_buffer->b_p_ro) - { -- STRCPY(p + len, _("[RO]")); -+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); - len += (int)STRLEN(p + len); - } - -diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim -index 1f705b847..91bce1407 100644 ---- a/src/testdir/test_statusline.vim -+++ b/src/testdir/test_statusline.vim -@@ -393,3 +393,14 @@ func Test_statusline_visual() - bwipe! x1 - bwipe! x2 - endfunc -+" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. -+func Test_statusline_verylong_filename() -+ let fname = repeat('x', 4090) -+ exe "new " .. fname -+ set buftype=help -+ set previewwindow -+ redraw -+ bwipe! -+endfunc -+ -+" vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/version.c b/src/version.c -index 1046993d6..2b5de5ccf 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3487, - /**/ - 3428, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch b/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch deleted file mode 100644 index 045081579c..0000000000 --- a/poky/meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch +++ /dev/null @@ -1,72 +0,0 @@ -CVE: CVE-2021-3875 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From b8968e26d7508e7d64bfc86808142818b0a9288c Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Sat, 9 Oct 2021 13:58:55 +0100 -Subject: [PATCH] patch 8.2.3489: ml_get error after search with range - -Problem: ml_get error after search with range. -Solution: Limit the line number to the buffer line count. ---- - src/ex_docmd.c | 6 ++++-- - src/testdir/test_search.vim | 17 +++++++++++++++++ - src/version.c | 2 ++ - 3 files changed, 23 insertions(+), 2 deletions(-) - -diff --git a/src/ex_docmd.c b/src/ex_docmd.c -index fb07450f8..fde726477 100644 ---- a/src/ex_docmd.c -+++ b/src/ex_docmd.c -@@ -3586,8 +3586,10 @@ get_address( - - // When '/' or '?' follows another address, start from - // there. -- if (lnum != MAXLNUM) -- curwin->w_cursor.lnum = lnum; -+ if (lnum > 0 && lnum != MAXLNUM) -+ curwin->w_cursor.lnum = -+ lnum > curbuf->b_ml.ml_line_count -+ ? curbuf->b_ml.ml_line_count : lnum; - - // Start a forward search at the end of the line (unless - // before the first line). -diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim -index 187671305..e142c3547 100644 ---- a/src/testdir/test_search.vim -+++ b/src/testdir/test_search.vim -@@ -1366,3 +1366,20 @@ func Test_searchdecl() - - bwipe! - endfunc -+ -+func Test_search_with_invalid_range() -+ new -+ let lines =<< trim END -+ /\%.v -+ 5/ -+ c -+ END -+ call writefile(lines, 'Xrangesearch') -+ source Xrangesearch -+ -+ bwipe! -+ call delete('Xrangesearch') -+endfunc -+ -+ -+" vim: shiftwidth=2 sts=2 expandtab -diff --git a/src/version.c b/src/version.c -index 2b5de5ccf..092864bbb 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3489, - /**/ - 3487, - /**/ diff --git a/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch b/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch deleted file mode 100644 index 7184b37cad..0000000000 --- a/poky/meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch +++ /dev/null @@ -1,97 +0,0 @@ -CVE: CVE-2021-3903 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From b15919c1fe0f7fc3d98ff5207ed2feb43c59009d Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Mon, 25 Oct 2021 17:07:04 +0100 -Subject: [PATCH] patch 8.2.3564: invalid memory access when scrolling without - valid screen - -Problem: Invalid memory access when scrolling without a valid screen. -Solution: Do not set VALID_BOTLINE in w_valid. ---- - src/move.c | 1 - - src/testdir/test_normal.vim | 23 ++++++++++++++++++++--- - src/version.c | 2 ++ - 3 files changed, 22 insertions(+), 4 deletions(-) - -diff --git a/src/move.c b/src/move.c -index 8e53d8bcb..10165ef4d 100644 ---- a/src/move.c -+++ b/src/move.c -@@ -198,7 +198,6 @@ update_topline(void) - { - curwin->w_topline = curwin->w_cursor.lnum; - curwin->w_botline = curwin->w_topline; -- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; - curwin->w_scbind_pos = 1; - return; - } -diff --git a/src/testdir/test_normal.vim b/src/testdir/test_normal.vim -index d45cf4159..ca87928f5 100644 ---- a/src/testdir/test_normal.vim -+++ b/src/testdir/test_normal.vim -@@ -33,14 +33,14 @@ func CountSpaces(type, ...) - else - silent exe "normal! `[v`]y" - endif -- let g:a=strlen(substitute(@@, '[^ ]', '', 'g')) -+ let g:a = strlen(substitute(@@, '[^ ]', '', 'g')) - let &selection = sel_save - let @@ = reg_save - endfunc - - func OpfuncDummy(type, ...) - " for testing operatorfunc -- let g:opt=&linebreak -+ let g:opt = &linebreak - - if a:0 " Invoked from Visual mode, use gv command. - silent exe "normal! gvy" -@@ -51,7 +51,7 @@ func OpfuncDummy(type, ...) - endif - " Create a new dummy window - new -- let g:bufnr=bufnr('%') -+ let g:bufnr = bufnr('%') - endfunc - - fun! Test_normal00_optrans() -@@ -718,6 +718,23 @@ func Test_normal17_z_scroll_hor2() - bw! - endfunc - -+ -+func Test_scroll_in_ex_mode() -+ " This was using invalid memory because w_botline was invalid. -+ let lines =<< trim END -+ diffsplit -+ norm os00( -+ call writefile(['done'], 'Xdone') -+ qa! -+ END -+ call writefile(lines, 'Xscript') -+ call assert_equal(1, RunVim([], [], '--clean -X -Z -e -s -S Xscript')) -+ call assert_equal(['done'], readfile('Xdone')) -+ -+ call delete('Xscript') -+ call delete('Xdone') -+endfunc -+ - func Test_normal18_z_fold() - " basic tests for foldopen/folddelete - if !has("folding") -diff --git a/src/version.c b/src/version.c -index 092864bbb..a9e8be0e7 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3564, - /**/ - 3489, - /**/ diff --git a/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch b/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch deleted file mode 100644 index 5fa60f5340..0000000000 --- a/poky/meta/recipes-support/vim/files/CVE-2021-3778.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 6d351cec5b97cb72b226d03bd727e453a235ed8d Mon Sep 17 00:00:00 2001 -From: Minjae Kim -Date: Sun, 26 Sep 2021 23:48:00 +0000 -Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 - character - -Problem: Reading beyond end of line with invalid utf-8 character. -Solution: Check for NUL when advancing. - -Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] -CVE: CVE-2021-3778 -Signed-off-by: Minjae Kim - ---- - src/regexp_nfa.c | 3 ++- - src/testdir/test_regexp_utf8.vim | 7 +++++++ - src/version.c | 2 ++ - 3 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c -index fb512f961..ace83a1a3 100644 ---- a/src/regexp_nfa.c -+++ b/src/regexp_nfa.c -@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) - match = FALSE; - break; - } -- len2 += MB_CHAR2LEN(c2); -+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) -+ : MB_CHAR2LEN(c2); - } - if (match - // check that no composing char follows -diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim -index 19ff882be..e0665818b 100644 ---- a/src/testdir/test_regexp_utf8.vim -+++ b/src/testdir/test_regexp_utf8.vim -@@ -215,3 +215,10 @@ func Test_optmatch_toolong() - set re=0 - endfunc - -+func Test_match_invalid_byte() -+ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid') -+ new -+ source Xinvalid -+ bwipe! -+ call delete('Xinvalid') -+endfunc -diff --git a/src/version.c b/src/version.c -index 8912f6215..85bdfc601 100644 ---- a/src/version.c -+++ b/src/version.c -@@ -742,6 +742,8 @@ static char *(features[]) = - - static int included_patches[] = - { /* Add new patch number below this line */ -+/**/ -+ 3409, - /**/ - 3402, - /**/ diff --git a/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch b/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch deleted file mode 100644 index 6a67281907..0000000000 --- a/poky/meta/recipes-support/vim/files/CVE-2021-4069.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cd2422ee2dab3f33b2dbd1271e17cdaf8762b6d1 Mon Sep 17 00:00:00 2001 -From: Minjae Kim -Date: Fri, 17 Dec 2021 20:32:02 -0800 -Subject: [PATCH] using freed memory in open command - -Problem: Using freed memory in open command. -Solution: Make a copy of the current line. - -Upstream-Status: Backported [https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9] -CVE: CVE-2021-4069 -Signed-off-by: Minjae Kim ---- - src/ex_docmd.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/ex_docmd.c b/src/ex_docmd.c -index 59e245bee..ccd9e8bed 100644 ---- a/src/ex_docmd.c -+++ b/src/ex_docmd.c -@@ -6029,13 +6029,17 @@ ex_open(exarg_T *eap) - regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0); - if (regmatch.regprog != NULL) - { -+ // make a copy of the line, when searching for a mark it might be -+ // flushed -+ char_u *line = vim_strsave(ml_get_curline()); -+ - regmatch.rm_ic = p_ic; -- p = ml_get_curline(); -- if (vim_regexec(®match, p, (colnr_T)0)) -- curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p); -+ if (vim_regexec(®match, line, (colnr_T)0)) -+ curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line); - else - emsg(_(e_nomatch)); - vim_regfree(regmatch.regprog); -+ vim_free(line); - } - // Move to the NUL, ignore any other arguments. - eap->arg += STRLEN(eap->arg); --- -2.25.1 - diff --git a/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch deleted file mode 100644 index 1cee759502..0000000000 --- a/poky/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch +++ /dev/null @@ -1,207 +0,0 @@ -From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Sat, 4 Sep 2021 18:47:28 +0200 -Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with - large value - -Problem: Invalid memory access when using :retab with large value. -Solution: Check the number is positive. - -CVE: CVE-2021-3770 -Signed-off-by: Richard Purdie -Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9] ---- - src/indent.c | 34 +++++++++++++++++++++------------- - src/option.c | 12 ++++++------ - src/optionstr.c | 4 ++-- - src/testdir/test_retab.vim | 3 +++ - src/version.c | 2 ++ - 5 files changed, 34 insertions(+), 21 deletions(-) - -Index: git/src/indent.c -=================================================================== ---- git.orig/src/indent.c -+++ git/src/indent.c -@@ -18,18 +18,19 @@ - /* - * Set the integer values corresponding to the string setting of 'vartabstop'. - * "array" will be set, caller must free it if needed. -+ * Return FAIL for an error. - */ - int - tabstop_set(char_u *var, int **array) - { -- int valcount = 1; -- int t; -- char_u *cp; -+ int valcount = 1; -+ int t; -+ char_u *cp; - - if (var[0] == NUL || (var[0] == '0' && var[1] == NUL)) - { - *array = NULL; -- return TRUE; -+ return OK; - } - - for (cp = var; *cp != NUL; ++cp) -@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array) - if (cp != end) - emsg(_(e_positive)); - else -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), cp); -+ return FAIL; - } - } - -@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array) - ++valcount; - continue; - } -- emsg(_(e_invarg)); -- return FALSE; -+ semsg(_(e_invarg2), var); -+ return FAIL; - } - - *array = ALLOC_MULT(int, valcount + 1); - if (*array == NULL) -- return FALSE; -+ return FAIL; - (*array)[0] = valcount; - - t = 1; - for (cp = var; *cp != NUL;) - { -- (*array)[t++] = atoi((char *)cp); -- while (*cp != NUL && *cp != ',') -+ int n = atoi((char *)cp); -+ -+ if (n < 0 || n > 9999) -+ { -+ semsg(_(e_invarg2), cp); -+ return FAIL; -+ } -+ (*array)[t++] = n; -+ while (*cp != NUL && *cp != ',') - ++cp; - if (*cp != NUL) - ++cp; - } - -- return TRUE; -+ return OK; - } - - /* -@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap) - - #ifdef FEAT_VARTABS - new_ts_str = eap->arg; -- if (!tabstop_set(eap->arg, &new_vts_array)) -+ if (tabstop_set(eap->arg, &new_vts_array) == FAIL) - return; - while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') - ++(eap->arg); -Index: git/src/option.c -=================================================================== ---- git.orig/src/option.c -+++ git/src/option.c -@@ -2292,9 +2292,9 @@ didset_options2(void) - #endif - #ifdef FEAT_VARTABS - vim_free(curbuf->b_p_vsts_array); -- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); -+ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); - vim_free(curbuf->b_p_vts_array); -- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); -+ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); - #endif - } - -@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vsts = vim_strsave(p_vsts); - COPY_OPT_SCTX(buf, BV_VSTS); - if (p_vsts && p_vsts != empty_option) -- tabstop_set(p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - buf->b_p_vsts_nopaste = p_vsts_nopaste -@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_isk = save_p_isk; - #ifdef FEAT_VARTABS - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags) - buf->b_p_vts = vim_strsave(p_vts); - COPY_OPT_SCTX(buf, BV_VTS); - if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) -- tabstop_set(p_vts, &buf->b_p_vts_array); -+ (void)tabstop_set(p_vts, &buf->b_p_vts_array); - else - buf->b_p_vts_array = NULL; - #endif -@@ -6634,7 +6634,7 @@ paste_option_changed(void) - if (buf->b_p_vsts_array) - vim_free(buf->b_p_vsts_array); - if (buf->b_p_vsts && buf->b_p_vsts != empty_option) -- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); -+ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); - else - buf->b_p_vsts_array = 0; - #endif -Index: git/src/optionstr.c -=================================================================== ---- git.orig/src/optionstr.c -+++ git/src/optionstr.c -@@ -2166,7 +2166,7 @@ did_set_string_option( - if (errmsg == NULL) - { - int *oldarray = curbuf->b_p_vsts_array; -- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK) - { - if (oldarray) - vim_free(oldarray); -@@ -2205,7 +2205,7 @@ did_set_string_option( - { - int *oldarray = curbuf->b_p_vts_array; - -- if (tabstop_set(*varp, &(curbuf->b_p_vts_array))) -+ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK) - { - vim_free(oldarray); - #ifdef FEAT_FOLDING -Index: git/src/testdir/test_retab.vim -=================================================================== ---- git.orig/src/testdir/test_retab.vim -+++ git/src/testdir/test_retab.vim -@@ -74,4 +74,7 @@ endfunc - func Test_retab_error() - call assert_fails('retab -1', 'E487:') - call assert_fails('retab! -1', 'E487:') -+ call assert_fails('ret -1000', 'E487:') -+ call assert_fails('ret 10000', 'E475:') -+ call assert_fails('ret 80000000000000000000', 'E475:') - endfunc -Index: git/src/version.c -=================================================================== ---- git.orig/src/version.c -+++ git/src/version.c -@@ -743,6 +743,8 @@ static char *(features[]) = - static int included_patches[] = - { /* Add new patch number below this line */ - /**/ -+ 3402, -+/**/ - 0 - }; - diff --git a/poky/meta/recipes-support/vim/files/disable_acl_header_check.patch b/poky/meta/recipes-support/vim/files/disable_acl_header_check.patch index 33089162b4..533138245d 100644 --- a/poky/meta/recipes-support/vim/files/disable_acl_header_check.patch +++ b/poky/meta/recipes-support/vim/files/disable_acl_header_check.patch @@ -13,11 +13,11 @@ Signed-off-by: Changqing Li src/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/src/configure.ac b/src/configure.ac -index 2d409b3ca06a..dbcaf6140263 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3257,7 +3257,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h string.h \ +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3292,7 +3292,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h strin sys/systeminfo.h locale.h sys/stream.h termios.h \ libc.h sys/statfs.h poll.h sys/poll.h pwd.h \ utime.h sys/param.h sys/ptms.h libintl.h libgen.h \ @@ -26,7 +26,7 @@ index 2d409b3ca06a..dbcaf6140263 100644 sys/access.h sys/sysinfo.h wchar.h wctype.h) dnl sys/ptem.h depends on sys/stream.h on Solaris -@@ -3886,6 +3886,7 @@ AC_ARG_ENABLE(acl, +@@ -3974,6 +3974,7 @@ AC_ARG_ENABLE(acl, , [enable_acl="yes"]) if test "$enable_acl" = "yes"; then AC_MSG_RESULT(no) @@ -34,6 +34,3 @@ index 2d409b3ca06a..dbcaf6140263 100644 AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"], AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl" AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),) --- -2.7.4 - diff --git a/poky/meta/recipes-support/vim/files/no-path-adjust.patch b/poky/meta/recipes-support/vim/files/no-path-adjust.patch index 05c2d803f6..9d6da80913 100644 --- a/poky/meta/recipes-support/vim/files/no-path-adjust.patch +++ b/poky/meta/recipes-support/vim/files/no-path-adjust.patch @@ -7,9 +7,11 @@ Upstream-Status: Pending Signed-off-by: Joe Slater ---- a/src/Makefile -+++ b/src/Makefile -@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ +Index: git/src/Makefile +=================================================================== +--- git.orig/src/Makefile ++++ git/src/Makefile +@@ -2565,11 +2565,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_ rm -rf $$cvs; \ fi -chmod $(FILEMOD) $(DEST_TOOLS)/* diff --git a/poky/meta/recipes-support/vim/files/racefix.patch b/poky/meta/recipes-support/vim/files/racefix.patch index 48dca44cad..1cb8fb442f 100644 --- a/poky/meta/recipes-support/vim/files/racefix.patch +++ b/poky/meta/recipes-support/vim/files/racefix.patch @@ -9,9 +9,9 @@ Index: git/src/po/Makefile =================================================================== --- git.orig/src/po/Makefile +++ git/src/po/Makefile -@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../ - po/gvim.desktop.in po/vim.desktop.in - mv -f ../$(PACKAGE).po $(PACKAGE).pot +@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM + # Delete the temporary files + rm *.js -vim.desktop: vim.desktop.in $(POFILES) +LINGUAS: diff --git a/poky/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/poky/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch index 37914d4cd9..5284ba45b6 100644 --- a/poky/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch +++ b/poky/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch @@ -14,11 +14,11 @@ Signed-off-by: Changqing Li src/configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -diff --git a/src/configure.ac b/src/configure.ac -index 0ee86ad..64736f0 100644 ---- a/src/configure.ac -+++ b/src/configure.ac -@@ -3192,11 +3192,18 @@ AC_TRY_COMPILE([#include ], [int x __attribute__((unused));], +Index: git/src/configure.ac +=================================================================== +--- git.orig/src/configure.ac ++++ git/src/configure.ac +@@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include ], [in AC_MSG_RESULT(no)) dnl Checks for header files. @@ -37,6 +37,3 @@ index 0ee86ad..64736f0 100644 AC_HEADER_DIRENT --- -2.7.4 - diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index 51a6861325..b3c471225e 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -8,8 +8,10 @@ BUGTRACKER = "https://github.com/vim/vim/issues" DEPENDS = "ncurses gettext-native" # vimdiff doesn't like busybox diff RSUGGESTS_${PN} = "diffutils" + LICENSE = "vim" -LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \ + file://runtime/doc/uganda.txt;md5=a3f193c20c6faff93c69185d5d070535" SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ @@ -17,26 +19,17 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://racefix.patch \ - file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ - file://CVE-2021-3778.patch \ - file://0002-patch-8.2.3428-using-freed-memory-when-replacing.patch \ - file://0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch \ - file://0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch \ - file://0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch \ - file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \ - file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \ - file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \ - file://CVE-2021-4069.patch \ " -SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" +PV .= ".4524" +SRCREV = "d8f8629b1bf566e1dada7515e9b146c69e5d9757" + +# Remove when 8.3 is out +UPSTREAM_VERSION_UNKNOWN = "1" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" -# CVE-2021-3968 is related to an issue which was introduced after 8.2, this can be removed after 8.3. -CVE_CHECK_WHITELIST += "CVE-2021-3968" - S = "${WORKDIR}/git" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" @@ -68,9 +61,7 @@ do_compile() { autotools_do_compile } -#Available PACKAGECONFIG options are gtkgui, acl, x11, tiny selinux, elfutils, nls -PACKAGECONFIG ??= "" -PACKAGECONFIG += " \ +PACKAGECONFIG ??= "\ ${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtkgui', '', d)} \ nls \ diff --git a/poky/scripts/lib/devtool/deploy.py b/poky/scripts/lib/devtool/deploy.py index d802b22e8f..e0f8e64b9c 100644 --- a/poky/scripts/lib/devtool/deploy.py +++ b/poky/scripts/lib/devtool/deploy.py @@ -170,7 +170,7 @@ def deploy(args, config, basepath, workspace): srcdir = recipe_outdir recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'devtool-deploy-target-stripped') if os.path.isdir(recipe_outdir): - bb.utils.remove(recipe_outdir, True) + exec_fakeroot(rd, "rm -rf %s" % recipe_outdir, shell=True) exec_fakeroot(rd, "cp -af %s %s" % (os.path.join(srcdir, '.'), recipe_outdir), shell=True) os.environ['PATH'] = ':'.join([os.environ['PATH'], rd.getVar('PATH') or '']) oe.package.strip_execs(args.recipename, recipe_outdir, rd.getVar('STRIP'), rd.getVar('libdir'), diff --git a/poky/scripts/lib/recipetool/create.py b/poky/scripts/lib/recipetool/create.py index 5b6ac12a92..798cb0cefe 100644 --- a/poky/scripts/lib/recipetool/create.py +++ b/poky/scripts/lib/recipetool/create.py @@ -435,7 +435,7 @@ def create_recipe(args): if args.binary: # Assume the archive contains the directory structure verbatim # so we need to extract to a subdirectory - fetchuri += ';subdir=${BP}' + fetchuri += ';subdir=${BPN}' srcuri = fetchuri rev_re = re.compile(';rev=([^;]+)') res = rev_re.search(srcuri) -- cgit v1.2.3