From d159c7fb39550d7348052766f46e51b26d3fd4cc Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Thu, 2 Sep 2021 21:05:58 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 94dfcaff64..359e1cb62f: Alexander Kanavin (76): tcf-agent: fetching over git:// no longer works lighttpd: convert from autotools to meson libxcrypt: upgrade 4.4.23 -> 4.4.25 python3-cython: upgrade 0.29.23 -> 0.29.24 python3-numpy: upgrade 1.21.0 -> 1.21.2 systemd: upgrade 249.1 -> 249.3 xeyes: upgrade 1.1.2 -> 1.2.0 btrfs-tools: update 5.13 -> 5.13.1 diffutils: update 3.7 -> 3.8 mc: update 4.8.26 - > 4.8.27 libsdl2: update 2.0.14 -> 2.0.16 vulkan-samples: update to latest revision pulseaudio: update 14.2 -> 15.0 libjitterentropy: update 3.0.2 -> 3.1.0 usbutils: upgrade 013 -> 014 inetutils: upgrade 2.0 -> 2.1 mobile-broadband-provider-info: upgrade 20201225 -> 20210805 glib-networking: upgrade 2.68.1 -> 2.68.2 e2fsprogs: upgrade 1.46.2 -> 1.46.4 help2man: upgrade 1.48.3 -> 1.48.4 libedit: upgrade 20210522-3.1 -> 20210714-3.1 log4cplus: upgrade 2.0.6 -> 2.0.7 mtools: upgrade 4.0.34 -> 4.0.35 patchelf: upgrade 0.12 -> 0.13 pkgconf: upgrade 1.7.4 -> 1.8.0 python3-git: upgrade 3.1.18 -> 3.1.20 python3-pip: upgrade 21.2.1 -> 21.2.4 python3-pygments: upgrade 2.9.0 -> 2.10.0 python3-setuptools: upgrade 57.1.0 -> 57.4.0 squashfs-tools: upgrade 4.4 -> 4.5 acpica: upgrade 20210331 -> 20210730 libidn2: upgrade 2.3.1 -> 2.3.2 stress-ng: upgrade 0.12.12 -> 0.13.00 sudo: upgrade 1.9.7p1 -> 1.9.7p2 epiphany: upgrade 40.2 -> 40.3 libgudev: upgrade 236 -> 237 libjpeg-turbo: upgrade 2.1.0 -> 2.1.1 libepoxy: upgrade 1.5.8 -> 1.5.9 pango: upgrade 1.48.7 -> 1.48.9 mesa: upgrade 21.1.5 -> 21.2.1 libinput: upgrade 1.18.0 -> 1.18.1 libxfont2: upgrade 2.0.4 -> 2.0.5 libxft: upgrade 2.3.3 -> 2.3.4 xserver-xorg: upgrade 1.20.12 -> 1.20.13 linux-firmware: upgrade 20210511 -> 20210818 wireless-regdb: upgrade 2021.04.21 -> 2021.07.14 libwebp: upgrade 1.2.0 -> 1.2.1 webkitgtk: upgrade 2.32.2 -> 2.32.3 boost: upgrade 1.76.0 -> 1.77.0 diffoscope: upgrade 179 -> 181 enchant2: upgrade 2.3.0 -> 2.3.1 re2c: upgrade 2.1.1 -> 2.2 rng-tools: upgrade 6.13 -> 6.14 kea: backport a patch to fix build errors exposed by latest update batch qemu: add a hint on how to enable CPU render nodes when a suitable GPU is absent mc: fix reproducibility libjitterentropy: remove contaminated hashequiv entry binutils: drop target flex/bison from build dependencies gnu-efi: update 3.0.13 -> 3.0.14 glib-2.0: upgrade 2.68.3 -> 2.68.4 util-linux: upgrade 2.37.1 -> 2.37.2 ccache: upgrade 4.3 -> 4.4 git: upgrade 2.32.0 -> 2.33.0 openssh: upgrade 8.6p1 -> 8.7p1 ell: upgrade 0.42 -> 0.43 python3-mako: upgrade 1.1.4 -> 1.1.5 vala: upgrade 0.52.4 -> 0.52.5 libnsl2: upgrade 1.3.0 -> 2.0.0 gi-docgen: upgrade 2021.6 -> 2021.7 json-glib: upgrade 1.6.2 -> 1.6.4 bind: upgrade 9.16.19 -> 9.16.20 harfbuzz: upgrade 2.8.2 -> 2.9.0 qemurunner.py: print output from runqemu/qemu-system in stop() qemurunner.py: handle getOutput() having nothing to read rust: fix upstream version checks mesa: enable crocus driver for older intel graphics Andreas Müller (2): mesa: upgrade 21.1.5 -> 21.1.7 binutils: Apply upstream patch to fix 'too many open files' on qtwebengine Andrej Valek (2): busybox: 1.33.1 -> 1.34.0 vim: add option to disable NLS support Andres Beltran (2): buildhistory: Add output file listing package information buildhistory: Label packages providing per-file dependencies in depends.dot Andrey Zhizhikin (2): lttng-modules: do not search in non-existing folder during install nativesdk-packagegroup-sdk-host: add perl integer module Armin Kuster (2): lz4: Security Fix for CVE-2021-3520 lz4: remove rest of ptest artifacts Bruce Ashfield (21): linux-yocto/5.13: update to v5.13.7 linux-yocto/5.4: update to v5.4.137 linux-yocto/5.10: update to v5.10.55 linux-yocto/5.4: update to v5.4.139 linux-yocto/5.10: update to v5.10.57 linux-yocto/5.13: update to v5.13.9 linux-yocto/5.4: remove recipes conf/machine: bump qemu preferred versions to 5.13 linux-yocto-dev: bump to v5.14+ lttng-modules: update to 2.13.0 kernel-devsrc: 5.14+ updates kernel-devsrc: fix 5.14+ objtool compilation poky/poky-tiny: set default kernel to 5.13 poky: set default kernel to 5.13 yocto-bsp: drop 5.4 bbappend poky-alt: switch default kernel to 5.10 linux-yocto/5.13: update to v5.13.11 linux-yocto/5.10: update to v5.10.59 linux-yocto/5.13: update to v5.13.12 linux-yocto/5.10: update to v5.10.60 parselogs.py: ignore intermittent CD/DVDROM identification failure Chen Qi (1): package_rpm/update-alternatives: fix package's provides Daniel Gomez (2): wic: Add --no-fstab-update part option oeqa: wic: Add tests for --no-fstab-update Denys Dmytriyenko (1): grep: upgrade 3.6 -> 3.7 Enrico Scholz (1): bitbake: fetch2/wget: fix 'no_proxy' handling Hongxu Jia (2): nativesdk-pseudo: Fix to work with glibc 2.34 systems glibc: fix create thread failed in unprivileged process Hsia-Jun Li (1): lib/oe/elf: Add Android OS to machine_dict Jon Mason (8): arch-armv8m-main: missing space conf/machine: move tune files to architecture directories yocto-bsp: update machine confs with new tune locations docs: update docs with new tune locations arch-arm*: add better support for gcc march extensions tune-cortexr*: add support for all Arm Cortex-R processors arch-arm*: Fix bugs with dsp and simd feature include files tune-*: Use more specific DEFAULTTUNE Jose Quaresma (1): sstate.bbclass: get the number of threads from BB_NUMBER_THREADS Joshua Watt (17): bitbake: contrib: vim: Add "remove" override highlighting bitbake.conf: Add lz4c, pzstd and zstd bitbake: bitbake: asyncrpc: Defer all asyncio to child process conf/licenses: Add FreeType SPDX mapping tzdata: Remove BSD License specifier glib-2.0: Use specific BSD license variant e2fsprogs: Use specific BSD license variant shadow: Use specific BSD license variant libcap: Use specific BSD license variant sudo: Use specific BSD license variant libpam: Use specific BSD license variant libxfont2: Use specific BSD license variant libjitterentropy: Use specific BSD license variant libx11: Use specific BSD license variant font-util: Use specific BSD license variant flac: Use specific BSD license variant swig: Use specific BSD license variant Kai Kang (2): libcgroup: fix installed-vs-shipped qa issue rustfmt: fix SRC_URI Kevin Hao (2): meta-yocto-bsp: Set the default kernel to v5.13 meta-yocto-bsp: Bump the kernel to v5.13.11 Khem Raj (2): weston: Re-order gbm destruction at DRM-backend tear down musl: Update to latest tip of trunk Kristian Klausen (1): systemd: Add repart PACKAGECONFIG Marco Felsch (1): bitbake: bitbake: bitbake-layers: add skip reason to output Marek Vasut (1): weston: Add rdp PACKAGECONFIG Marta Rybczynska (1): lzo: add CVE_PRODUCT Martin Jansa (3): bitbake: prserv: handle PRSERV_HOST = "127.0.0.1:0" the same as "localhost:0" bitbake: cooker/process: Fix typos in exiting message rust: remove unused patches Michael Halstead (2): uninative: Upgrade to 3.3, support glibc 2.34 uninative: Upgrade to 3.4 Michael Opdenacker (2): maintainers.inc: maintainer for alsa-*, flac, lame and speex meta: stop using "virtual/" in RPROVIDES and RDEPENDS Mingli Yu (2): shadow: fix default value in SHA_get_salt_rounds() bitbake: prserv: make localhost work Oleksandr Popovych (1): utils: Reduce the number of calls to the "dirname" command Oliver Kranz (1): Allow global override of golang GO_DYNLINK Paul Barker (2): bitbake: prserv: Replace XML RPC with modern asyncrpc implementation bitbake: prserv: Add read-only mode Paul Gortmaker (1): ltp: backport ioctl_ns05 fix from upstream Peter Kjellerstedt (7): lttng-modules: Make it build when CONFIG_TRACEPOINTS is not enabled again poky-floating-revisions.inc: Use new override syntax for commented vars local.conf.sample: Use the new override syntax for a commented variable bitbake.conf: Use the new variable override syntax in a comment buildhistory-collect-srcrevs: Adapt to the new variable override syntax meson.bbclass: Make the default buildtype "debug" if DEBUG_BUILD is 1 bitbake: providers: Use new override syntax when handling pn- "override" Purushottam Choudhary (1): assimp: added patch to fix hardcoded non-existing paths in CMake modules Randy MacLeod (8): openssl: upgrade from 1.1.1k to 1.1.1l rust: initial merge of most of meta-rust rust: mv README.md to recipes-devtools/rust/README-rust.md rust: update the README to conform to being in oe-core cargo/rust/rustfmt: exclude from world maintainers: Add myself as maintainer for rust pkgs cargo_common: remove http_proxy rust: remove Rust version 1.51.0 toolchain Richard Purdie (27): elfutils: Add zstd PACKAGECONFIG for determinism man-db: Add compression PACKAGECONFIG entries oeqa/selftest/glibc: Handle incorrect encoding issuesin glibc test results package/scripts: Fix FILES_INFO handling package: Fix overrides converion issue with PKGSIZE bitbake: bitbake: Make 3.6.0 the minimum python version elfutils: Fix ptest dependencies bsp-guide: Fix reference to bbappend section of dev-manual ref-manual: Fix reference to bbappend section of dev-manual gcc: Fix nativesdk builds and multilib fixes with gcc 11 bitbake: README: Add note about test suite and new tests pseudo: Fix to work with glibc 2.34 systems bitbake: README: Fix typo rust-cross*: Fix OVERRRIDE references in task signature computation rust-cross-canadian-common: Use rust.inc directly, not rust-target cargo: Ensure cargo-cross-canadian doesn't have native/nativesdk versions rust-native: Avoid stripped warning rust-llvm: Add missing HOMEPAGE rust: Skip target recipe since it doesn't work oeqa/selftest/distrodata: Fix up rust maintainer testing rust: Avoid buildtools+uninative issues with glibc symbols mismatches rust-common: Add LDFLAGS to cc wrapper oeqa/selftest/reproducibile: Exclude rust packages kernel: Use unexpanded EXTENDPKGV oeqa/buildtools-cases: Allow bitbake time to shutdown cargo: Apply uninative fix to snapshot as with rust rust-common: Hack around LD_LIBRARY_PATH issues on centos7 Robert P. J. Day (1): scripts/lib/wic/help/py: "Redhat" -> "Red Hat" Ross Burton (11): oeqa/selftest/buildoptions: test buildhistory PKGSIZE and FILELIST fields uninative: Improve glob to handle glibc 2.34 oeqa/sdk: add relocation test for buildtools glibc: package the stub .a libaries into glibc-dev oeqa/sdk: add HTTPS test for buildtools libcgroup: upgrade to 2.0 gcc: also relocate the musl loader local.conf.sample.extended: fix commented-out override syntax cpio: backport fix for CVE-2021-38185 mesa: fix build on Arm V5 with soft float ptest: allow the ptest-packagelists.inc warning to be disabled Sakib Sajal (1): qemu: fix CVE-2021-3682 Scott Murray (2): bitbake: bitbake: asyncrpc: always create new asyncio loops prservice: remove connection caching Stefan Herbrechtsmeier (4): u-boot: Remove redundancy from installed and deployed SPL artifact names u-boot: Remove misplaced configuration type variable u-boot: Make SPL suffix configurable u-boot: Make UBOOT_BINARYNAME configurable Tim Orling (7): python3-importlib-metadata: upgrade 4.6.3 -> 4.6.4 python3-hypothesis: upgrade 6.14.5 -> 6.14.8 python3-hypothesis: upgrade 6.14.8 -> 6.15.0 python3-hypothesis: enable ptest python3-pluggy: upgrade 0.13.1 -> 1.0.0 python3-pytest: allow python3-pluggy >=1.0.0 rust-common.bbclass: export RUST_TARGET_PATH Trevor Gamblin (1): bluez: upgrade 5.60 -> 5.61 Trevor Woerner (1): distro_features_check: expand with IMAGE_FEATURES Vinay Kumar (2): glibc: Fix CVE-2021-38604 rust-common.inc: Fix build failure with qemuppc64. Yi Zhao (2): prelink: add PACKAGECONFIG for selinux shadow: add /etc/default/useradd Zoltán Böszörményi (4): kernel-module-split.bbclass: Support zstd-compressed modules Allow opt-out of split kernel modules kernel.bbclass: Use full versions for inter-package dependencies base/kernel: Support zstd-compressed squashfs and cpio initramfs leimaohui (2): Fix conflict error when enable multilib. wordsize.h: Fix a miss, this file in arm and aarch64 should be the same. meta-raspberrypi: 32921fc9bd..a6fa6b3aec: Khem Raj (4): machines: Use tune files from new location in oe-core linux-raspberrypi: Update to 5.10.59 raspberrypi-firmware: Update to latest raspberrypi4: Use full kms (vc4-kms-v3d) DT overlay Marcus Comstedt (1): pi-bluetooth: Add compatibility with non-systemd builds Tom Rini (1): xserver-xf86-config: Correctly append to FILES:${PN} meta-security: c885d399cd..1f18c623e9: Armin Kuster (10): cryfs: add new package kas-security-bas: bump conf value kas: fix DISTRO appends dm-verity-img.bbclass: more overided fixups krill: Rust is in core now suricata: rust is in core layer.conf: drop dynamic-layer layer.conf: drop meta-rust harden-image-minimal: fix useradd inherit kas: remove rust layers Daiane Angolini (1): meta-integrity: kernel-modsign: Change weak default value George Liu (1): meta: Fix typos Marta Rybczynska (2): README: fix mailing lists README: fix mailing lists and a typo meta-openembedded: a13db91f19..9fdc7960ba: Andreas Müller (6): catch2: upgrade 2.13.6 -> 2.13.7 fltk/CMake: Do not export executable 'fluid' fltk: upgrade 1.3.6 -> 1.3.7 network-manager-applet: upgrade 1.22.0 -> 1.24.0 networkmanager: upgrade 1.32.4 -> 1.32.8 udisks2: upgrade 2.9.2 -> 2.9.3 Anton Blanchard (2): boost-url: Use GNUInstallDirs instead of hard wiring install directories cereal: Use GNUInstallDirs instead of hard wiring install directories Changqing Li (1): linuxptp: upgrade 3.1 -> 3.1.1 Devendra Tewari (1): android-tools: Add flag to enable adbd service (#147) Dmitry Baryshkov (1): image_types_sparse: stop using ext2simg Easwar Hariharan (1): chrony: Fix privdrop packageconfig Joe Slater (1): nginx: fix CVE-2021-3618 Justin Bronder (1): hidapi: add rdep on glibc-gconv-utf-16 Khem Raj (7): layer.conf: Add ttf-ipa to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig mpich: link explictly with libgcc packagegroup-meta-networking: Add bmon libnss-nisplus: Remove pipewire: Upgrade to 0.3.34 bluealsa: Add recipe apitrace: Enable on glibc >= 2.34 Leon Anavi (21): python3-astroid: Upgrade 2.6.6 -> 2.7.0 python3-ujson: Upgrade 4.0.2 -> 4.1.0 python3-pycurl: Upgrade 7.44.0 -> 7.44.1 python3-websocket-client: Upgrade 1.1.0 -> 1.2.1 python3-bitarray: Upgrade 2.2.5 -> 2.3.0 python3-langtable: Upgrade 0.0.54 -> 0.0.56 python3-pandas: Upgrade 1.3.1 -> 1.3.2 python3-tzlocal: Upgrade 2.1 -> 3.0 python3-zeroconf: Upgrade 0.34.3 -> 0.36.0 python3-dbus-next: Upgrade 0.2.2 -> 0.2.3 python3-astroid: Upgrade 2.7.0 -> 2.7.1 python3-ruamel-yaml: Upgrade 0.17.10 -> 0.17.11 python3-unidiff: Upgrade 0.6.0 -> 0.7.0 python3-qrcode: Upgrade 7.2 -> 7.3 python3-simplejson: Upgrade 3.17.3 -> 3.17.4 python3-regex: Upgrade 2021.7.6 -> 2021.8.3 python3-colorlog: Upgrade 5.0.1 -> 6.4.1 python3-ruamel-yaml: Upgrade 0.17.11 -> 0.17.13 python3-simplejson: Upgrade 3.17.4 -> 3.17.5 python3-bitarray: Upgrade 2.3.0 -> 2.3.2 python3-watchdog: Upgrade 2.1.3 -> 2.1.5 Martin Jansa (1): layer.conf: Add ttf-takao to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS on fontconfig Matija Tudan (1): gpsd: upgrade 3.20 -> 3.23 Matteo Croce (1): libbpf: bump to 0.4.0 Michael Opdenacker (2): meta-multimedia: stop using "virtual/" in RPROVIDES and RDEPENDS meta-oe: stop using "virtual/" in RPROVIDES and RDEPENDS Mingli Yu (4): polkit: fix CVE-2021-3560 vsftpd: Upgrade to 3.0.5 mariadb: Upgrade to 10.6.4 jemalloc: improve reproducibility Nathan Rossi (1): nginx: Fix off_t size passed in configure Oleksandr Kravchuk (6): font-adobe-100dpi: fix UPSTREAM_CHECK_REGEX font-adobe-utopia-100dpi: fix UPSTREAM_CHECK_REGEX font-bh-100dpi: fix UPSTREAM_CHECK_REGEX font-bh-lucidatypewriter-100dpi: fix UPSTREAM_CHECK_REGEX font-bitstream-100dpi: fix UPSTREAM_CHECK_REGEX xf86-input-tslib: update to 1.1.1 Patrick Areny (2): libConfuse: Add recipe bmon: Add recipe Peter Kjellerstedt (6): gpsd: Let scons install the udev and systemd files gpsd: Move /usr/share/gpsd/doc to the gpsd-doc package poppler: Explicitly enable/disable boost together with splash chrony: Use new override syntax for USERADD_PARAM gpsd: Correct the installation of gpsd.hotplug if systemd is not enabled gpsd: Do not install gpsd.hotplug unconditionally Peter Morrow (1): libbpf: remove stale comment Sakib Sajal (2): lmdb: use libprefix in Makefile to install libraries gd: fix CVE-2021-38115 Sinan Kaya (4): c-ares: remove custom patches grpc: make SHARED library build optional libkcapi: add a hash only packageconfig libkcapi: allow an option to build natively Tim Orling (2): bootchart: drop; unfetchable python3-django_2.2.x: only check upstream 2.2.x Trevor Gamblin (5): python3-click: Add missing ptest artifacts python3-eventlet: add 0.30.2 to meta-python python3-gunicorn: tweak run-ptest, add RDEPENDS python3-license-expression: add ptest artifacts nftables: upgrade 0.9.9 -> 1.0.0 Vesa Jääskeläinen (2): python3-cached-property: Add recipe for version 1.5.2 python3-pkcs11: Add recipe for version 0.7.0 Yi Zhao (2): audit: upgrade 3.0.4 -> 3.0.5 krb5: filtering out -f*-prefix-map from krb5-config Zoltán Böszörményi (1): metacity: Add a patch to create build/src/core before moving generated sources to it leimaohui (3): packagegroup-meta-oe: Update ttf-ipa package name. uim: Dleted takao fonts from DEPENDS. takao-fonts: It should be in ttf-fonts directory as the other ttf fonts. wangmy (14): fetchmail: upgrade 6.4.20 -> 6.4.21 c-ares: upgrade 1.17.1 -> 1.17.2 icewm: upgrade 2.6.0 -> 2.7.0 netplan: upgrade 0.102 -> 0.103 ctags: upgrade 5.9.20210801.0 -> 5.9.20210815.0 live555: upgrade 20210720 -> 20210809 opensc: upgrade 0.21.0 -> 0.22.0 xfsprogs: upgrade 5.12.0 -> 5.13.0 networkmanager: upgrade 1.32.8 -> 1.32.10 can-utils: upgrade 2021.06.0 -> 2021.08.0 doxygen: upgrade 1.9.1 -> 1.9.2 gensio: upgrade 2.2.8 -> 2.2.9 live555: upgrade 20210809 -> 20210824 sedutil: upgrade 1.15.1.01 -> 1.20.0 zangrc (14): python3-flask-migrate: upgrade 3.0.1 -> 3.1.0 python3-flask-socketio: upgrade 5.1.0 -> 5.1.1 python3-google-api-python-client: upgrade 2.15.0 -> 2.17.0 python3-grpcio-tools: upgrade 1.38.1 -> 1.39.0 python3-grpcio: upgrade 1.38.1 -> 1.39.0 python3-wheel: upgrade 0.36.2 -> 0.37.0 libio-socket-ssl-perl: upgrade 2.071 -> 2.072 python3-aiohttp-jinja2: upgrade 1.4.2 -> 1.5 python3-gevent: upgrade 21.1.2 -> 21.8.0 python3-google-api-python-client: upgrade 2.17.0 -> 2.18.0 python3-h5py: upgrade 3.3.0 -> 3.4.0 python3-haversine: upgrade 2.3.1 -> 2.4.0 python3-pyephem: upgrade 3.7.7.1 -> 4.0.0.2 rdma-core: upgrade 35.0 -> 36.0 zhengruoqin (12): libqmi: upgrade 1.28.8 -> 1.30.0 sedutil: upgrade 1.15.1 -> 1.15.1.01 libencode-perl: upgrade 3.11 -> 3.12 python3-pymisp: upgrade 2.4.144 -> 2.4.148 python3-pyzmq: upgrade 22.1.0 -> 22.2.1 python3-tqdm: upgrade 4.62.0 -> 4.62.2 iwd: upgrade 1.16 -> 1.17 xmlsec1: upgrade 1.2.31 -> 1.2.32 xrdb: upgrade 1.2.0 -> 1.2.1 python3-regex: upgrade 2021.8.3 -> 2021.8.27 python3-sqlalchemy: upgrade 1.4.22 -> 1.4.23 python3-stevedore: upgrade 3.3.0 -> 3.4.0 Signed-off-by: Andrew Geissler Change-Id: I2960f1ce53a1e2cde8b03b929829db9a2f105541 --- .../cpio/cpio-2.13/CVE-2021-38185.patch | 581 +++++++++++++++++++++ poky/meta/recipes-extended/cpio/cpio_2.13.bb | 1 + 2 files changed, 582 insertions(+) create mode 100644 poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch (limited to 'poky/meta/recipes-extended/cpio') diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch new file mode 100644 index 0000000000..6ceafeee49 --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch @@ -0,0 +1,581 @@ +GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted +pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers +an out-of-bounds heap write. + +CVE: CVE-2021-38185 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Sat, 7 Aug 2021 12:52:21 +0300 +Subject: [PATCH 1/3] Rewrite dynamic string support. + +* src/dstring.c (ds_init): Take a single argument. +(ds_free): New function. +(ds_resize): Take a single argument. Use x2nrealloc to expand +the storage. +(ds_reset,ds_append,ds_concat,ds_endswith): New function. +(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. +* src/dstring.h (dynamic_string): Keep both the allocated length +(ds_size) and index of the next free byte in the string (ds_idx). +(ds_init,ds_resize): Change signature. +(ds_len): New macro. +(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. +* src/copyin.c: Use new ds_ functions. +* src/copyout.c: Likewise. +* src/copypass.c: Likewise. +* src/util.c: Likewise. +--- + src/copyin.c | 40 +++++++++++------------ + src/copyout.c | 16 ++++----- + src/copypass.c | 34 +++++++++---------- + src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++-------------- + src/dstring.h | 31 +++++++++--------- + src/util.c | 6 ++-- + 6 files changed, 123 insertions(+), 92 deletions(-) + +diff --git a/src/copyin.c b/src/copyin.c +index b29f348..37e503a 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, + char *str_res; /* Result for string function. */ + static dynamic_string new_name; /* New file name for rename option. */ + static int initialized_new_name = false; ++ + if (!initialized_new_name) +- { +- ds_init (&new_name, 128); +- initialized_new_name = true; +- } ++ { ++ ds_init (&new_name); ++ initialized_new_name = true; ++ } + + if (rename_flag) + { +@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) + already in `save_patterns' (from the command line) are preserved. */ + + static void +-read_pattern_file () ++read_pattern_file (void) + { +- int max_new_patterns; +- char **new_save_patterns; +- int new_num_patterns; ++ char **new_save_patterns = NULL; ++ size_t max_new_patterns; ++ size_t new_num_patterns; + int i; +- dynamic_string pattern_name; ++ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; + FILE *pattern_fp; + + if (num_patterns < 0) + num_patterns = 0; +- max_new_patterns = 1 + num_patterns; +- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); + new_num_patterns = num_patterns; +- ds_init (&pattern_name, 128); ++ max_new_patterns = num_patterns; ++ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); + + pattern_fp = fopen (pattern_file_name, "r"); + if (pattern_fp == NULL) + open_fatal (pattern_file_name); + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + { +- if (new_num_patterns >= max_new_patterns) +- { +- max_new_patterns += 1; +- new_save_patterns = (char **) +- xrealloc ((char *) new_save_patterns, +- max_new_patterns * sizeof (char *)); +- } ++ if (new_num_patterns == max_new_patterns) ++ new_save_patterns = x2nrealloc (new_save_patterns, ++ &max_new_patterns, ++ sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } ++ ++ ds_free (&pattern_name); ++ + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + +@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) + in the file system. */ + + void +-process_copy_in () ++process_copy_in (void) + { + char done = false; /* True if trailer reached. */ + FILE *tty_in = NULL; /* Interactive file for rename option. */ +diff --git a/src/copyout.c b/src/copyout.c +index 8b0beb6..26e3dda 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) + The format of the header depends on the compatibility (-c) flag. */ + + void +-process_copy_out () ++process_copy_out (void) + { +- dynamic_string input_name; /* Name of file read from stdin. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file read from stdin. */ + struct stat file_stat; /* Stat record for file. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ +@@ -605,7 +606,6 @@ process_copy_out () + char *orig_file_name = NULL; + + /* Initialize the copy out. */ +- ds_init (&input_name, 128); + file_hdr.c_magic = 070707; + + /* Check whether the output file might be a tape. */ +@@ -657,14 +657,9 @@ process_copy_out () + { + if (file_hdr.c_mode & CP_IFDIR) + { +- int len = strlen (input_name.ds_string); + /* Make sure the name ends with a slash */ +- if (input_name.ds_string[len-1] != '/') +- { +- ds_resize (&input_name, len + 2); +- input_name.ds_string[len] = '/'; +- input_name.ds_string[len+1] = 0; +- } ++ if (!ds_endswith (&input_name, '/')) ++ ds_append (&input_name, '/'); + } + } + +@@ -875,6 +870,7 @@ process_copy_out () + (unsigned long) blocks), (unsigned long) blocks); + } + cpio_file_stat_free (&file_hdr); ++ ds_free (&input_name); + } + + +diff --git a/src/copypass.c b/src/copypass.c +index dc13b5b..62f31c6 100644 +--- a/src/copypass.c ++++ b/src/copypass.c +@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) + If `link_flag', link instead of copying. */ + + void +-process_copy_pass () ++process_copy_pass (void) + { +- dynamic_string input_name; /* Name of file from stdin. */ +- dynamic_string output_name; /* Name of new file. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file from stdin. */ ++ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of new file. */ + size_t dirname_len; /* Length of `directory_name'. */ + int res; /* Result of functions. */ + char *slash; /* For moving past slashes in input name. */ +@@ -65,25 +67,18 @@ process_copy_pass () + created files */ + + /* Initialize the copy pass. */ +- ds_init (&input_name, 128); + + dirname_len = strlen (directory_name); + if (change_directory_option && !ISSLASH (directory_name[0])) + { + char *pwd = xgetcwd (); +- +- dirname_len += strlen (pwd) + 1; +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, pwd); +- strcat (output_name.ds_string, "/"); +- strcat (output_name.ds_string, directory_name); ++ ++ ds_concat (&output_name, pwd); ++ ds_append (&output_name, '/'); + } +- else +- { +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, directory_name); +- } +- output_name.ds_string[dirname_len] = '/'; ++ ds_concat (&output_name, directory_name); ++ ds_append (&output_name, '/'); ++ dirname_len = ds_len (&output_name); + output_is_seekable = true; + + change_dir (); +@@ -116,8 +111,8 @@ process_copy_pass () + /* Make the name of the new file. */ + for (slash = input_name.ds_string; *slash == '/'; ++slash) + ; +- ds_resize (&output_name, dirname_len + strlen (slash) + 2); +- strcpy (output_name.ds_string + dirname_len + 1, slash); ++ ds_reset (&output_name, dirname_len); ++ ds_concat (&output_name, slash); + + existing_dir = false; + if (lstat (output_name.ds_string, &out_file_stat) == 0) +@@ -333,6 +328,9 @@ process_copy_pass () + (unsigned long) blocks), + (unsigned long) blocks); + } ++ ++ ds_free (&input_name); ++ ds_free (&output_name); + } + + /* Try and create a hard link from FILE_NAME to another file +diff --git a/src/dstring.c b/src/dstring.c +index e9c063f..358f356 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -20,8 +20,8 @@ + #if defined(HAVE_CONFIG_H) + # include + #endif +- + #include ++#include + #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) + #include + #else +@@ -33,24 +33,41 @@ + /* Initialiaze dynamic string STRING with space for SIZE characters. */ + + void +-ds_init (dynamic_string *string, int size) ++ds_init (dynamic_string *string) ++{ ++ memset (string, 0, sizeof *string); ++} ++ ++/* Free the dynamic string storage. */ ++ ++void ++ds_free (dynamic_string *string) + { +- string->ds_length = size; +- string->ds_string = (char *) xmalloc (size); ++ free (string->ds_string); + } + +-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ ++/* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string, int size) ++ds_resize (dynamic_string *string) + { +- if (size > string->ds_length) ++ if (string->ds_idx == string->ds_size) + { +- string->ds_length = size; +- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); ++ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, ++ 1); + } + } + ++/* Reset the index of the dynamic string S to LEN. */ ++ ++void ++ds_reset (dynamic_string *s, size_t len) ++{ ++ while (len > s->ds_size) ++ ds_resize (s); ++ s->ds_idx = len; ++} ++ + /* Dynamic string S gets a string terminated by the EOS character + (which is removed) from file F. S will increase + in size during the function if the string from F is longer than +@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) + char * + ds_fgetstr (FILE *f, dynamic_string *s, char eos) + { +- int insize; /* Amount needed for line. */ +- int strsize; /* Amount allocated for S. */ + int next_ch; + + /* Initialize. */ +- insize = 0; +- strsize = s->ds_length; ++ s->ds_idx = 0; + + /* Read the input string. */ +- next_ch = getc (f); +- while (next_ch != eos && next_ch != EOF) ++ while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- if (insize >= strsize - 1) +- { +- ds_resize (s, strsize * 2 + 2); +- strsize = s->ds_length; +- } +- s->ds_string[insize++] = next_ch; +- next_ch = getc (f); ++ ds_resize (s); ++ s->ds_string[s->ds_idx++] = next_ch; + } +- s->ds_string[insize++] = '\0'; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = '\0'; + +- if (insize == 1 && next_ch == EOF) ++ if (s->ds_idx == 0 && next_ch == EOF) + return NULL; + else + return s->ds_string; + } + ++void ++ds_append (dynamic_string *s, int c) ++{ ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = c; ++ if (c) ++ { ++ s->ds_idx++; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = 0; ++ } ++} ++ ++void ++ds_concat (dynamic_string *s, char const *str) ++{ ++ size_t len = strlen (str); ++ while (len + 1 > s->ds_size) ++ ds_resize (s); ++ memcpy (s->ds_string + s->ds_idx, str, len); ++ s->ds_idx += len; ++ s->ds_string[s->ds_idx] = 0; ++} ++ + char * + ds_fgets (FILE *f, dynamic_string *s) + { +@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) + { + return ds_fgetstr (f, s, '\0'); + } ++ ++/* Return true if the dynamic string S ends with character C. */ ++int ++ds_endswith (dynamic_string *s, int c) ++{ ++ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); ++} +diff --git a/src/dstring.h b/src/dstring.h +index b5135fe..f5b04ef 100644 +--- a/src/dstring.h ++++ b/src/dstring.h +@@ -17,10 +17,6 @@ + Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA. */ + +-#ifndef NULL +-#define NULL 0 +-#endif +- + /* A dynamic string consists of record that records the size of an + allocated string and the pointer to that string. The actual string + is a normal zero byte terminated string that can be used with the +@@ -30,22 +26,25 @@ + + typedef struct + { +- int ds_length; /* Actual amount of storage allocated. */ +- char *ds_string; /* String. */ ++ size_t ds_size; /* Actual amount of storage allocated. */ ++ size_t ds_idx; /* Index of the next free byte in the string. */ ++ char *ds_string; /* String storage. */ + } dynamic_string; + ++#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } + +-/* Macros that look similar to the original string functions. +- WARNING: These macros work only on pointers to dynamic string records. +- If used with a real record, an "&" must be used to get the pointer. */ +-#define ds_strlen(s) strlen ((s)->ds_string) +-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) +-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) +-#define ds_index(s, c) index ((s)->ds_string, c) +-#define ds_rindex(s, c) rindex ((s)->ds_string, c) ++void ds_init (dynamic_string *string); ++void ds_free (dynamic_string *string); ++void ds_reset (dynamic_string *s, size_t len); + +-void ds_init (dynamic_string *string, int size); +-void ds_resize (dynamic_string *string, int size); ++/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ + char *ds_fgetname (FILE *f, dynamic_string *s); + char *ds_fgets (FILE *f, dynamic_string *s); + char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); ++void ds_append (dynamic_string *s, int c); ++void ds_concat (dynamic_string *s, char const *str); ++ ++#define ds_len(s) ((s)->ds_idx) ++ ++int ds_endswith (dynamic_string *s, int c); ++ +diff --git a/src/util.c b/src/util.c +index 4421b20..6d6bbaa 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -846,11 +846,9 @@ get_next_reel (int tape_des) + FILE *tty_out; /* File for interacting with user. */ + int old_tape_des; + char *next_archive_name; +- dynamic_string new_name; ++ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; + char *str_res; + +- ds_init (&new_name, 128); +- + /* Open files for interactive communication. */ + tty_in = fopen (TTY_NAME, "r"); + if (tty_in == NULL) +@@ -925,7 +923,7 @@ get_next_reel (int tape_des) + error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), + old_tape_des, tape_des); + +- free (new_name.ds_string); ++ ds_free (&new_name); + fclose (tty_in); + fclose (tty_out); + } +-- +2.25.1 + + +From fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Wed, 11 Aug 2021 18:10:38 +0300 +Subject: [PATCH 2/3] Fix previous commit + +* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a +loop. +--- + src/dstring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 358f356..90c691c 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -64,7 +64,7 @@ void + ds_reset (dynamic_string *s, size_t len) + { + while (len > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + s->ds_idx = len; + } + +@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); + while (len + 1 > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + + +From 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Wed, 18 Aug 2021 09:41:39 +0300 +Subject: [PATCH 3/3] Fix dynamic string reallocations + +* src/dstring.c (ds_resize): Take additional argument: number of +bytes to leave available after ds_idx. All uses changed. +--- + src/dstring.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 90c691c..0f597cc 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) + /* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string) ++ds_resize (dynamic_string *string, size_t len) + { +- if (string->ds_idx == string->ds_size) ++ while (len + string->ds_idx >= string->ds_size) + { + string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, + 1); +@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) + void + ds_reset (dynamic_string *s, size_t len) + { +- while (len > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + s->ds_idx = len; + } + +@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + /* Read the input string. */ + while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx++] = next_ch; + } +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = '\0'; + + if (s->ds_idx == 0 && next_ch == EOF) +@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + void + ds_append (dynamic_string *s, int c) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = c; + if (c) + { + s->ds_idx++; +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = 0; + } + } +@@ -115,8 +114,7 @@ void + ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); +- while (len + 1 > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb index 20ea3c25e3..38c17f7cf5 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ + file://CVE-2021-38185.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" -- cgit v1.2.3