From 93c203f3a38be7db9cd7bb6b4954f3eb655acc8e Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Wed, 6 Oct 2021 16:15:23 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-security: de6712a806..a85fbe980e: Anton Antonov (1): Upgrade parsec-service 0.8.1 and parsec-tool 0.4.0 Armin Kuster (1): chkrootkit: update to 0.55 Bhupesh Sharma (1): recipes-security/fscrypt: Add fscrypt .bb file Christer Fletcher (1): dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript. Kristian Klausen (1): libtpm: update to 0.8.7 Zoltán Böszörményi (1): clamav: Set clamav:clamav ownership on /var/lib/clamav in do_install poky: 06dcace68b..80f2b56ad8: Anibal Limon (1): recipes-support/ptest-runner: Bump to v2.4.2 Bruce Ashfield (5): linux-yocto-dev: update to v5.15-rcX lttng-modules/dev-upstream: update to 2.13-latest lttng-modules: fix build against 5.15+ linux-yocto/5.13: drop recipes yocto-bsp/5.13: drop recipes Chandana kalluri (1): scriptutils.py: Add check before deleting path Daniel Wagenknecht (2): common-tasks: add note about license implications of bundled initramfs ref-manual: add note about license implications of bundled initramfs Joshua Watt (2): lib/oe/spdx.py: Add comments python3: Fix sysroot reproducibility Kenfe-Mickael Laventure (1): package_ipk: Use localdata store when signing packages Kiran Surendran (1): ffmpeg: fix CVE-2021-38171 Kristian Klausen (2): ovmf: add TPM PACKAGECONFIG and enable if tpm is in MACHINE_FEATURES wic/bootimg-efi: Add Unified Kernel Image option Markus Volk (1): wic:direct.py: ignore invalid mountpoints during fstab update Matt Madison (1): autotools.bbclass: use ordinary append for file-checksums update Michael Halstead (1): releases: update to include 3.1.11 Minjae Kim (1): vim: fix CVE-2021-3778 Quentin Schulz (1): ref-manual: fix missed override syntax change Rasmus Villemoes (1): kernel.bbclass: remove unnecessary dead code Richard Purdie (29): oeqa/qemurunner: Use oe._exit(), not sys.exit() pseudo: Add in ability to flush database with shutdown request packagegroup-core-tools-profile: Exclude systemtap from riscv32 as well bitbake: bitbake-worker: Allow shutdown/database flush of pseudo server at task exit bitbake: siggen: Fix sorting in diff output bitbake: cooker/command: Add a dummy event for tinfoil testing oeqa/selftest/gotoolchain: Fix temp file cleanup oeqa/buildproject: Ensure temp directories are cleaned up libc_package/buildstats: Fix python regex quoting warnings oeqa/selftest/tinfoil: Update to use test command glew: Stop polluting /tmp during builds rpm: Ensure compression parallelism isn't coded into rpms package: Ensure pclist files are deterministic and don't use full paths gnupg: Be deterministic about sendmail mesa: Ensure megadrivers runtime mappings are deterministic util-linux: Fix reproducibility libtool: Allow libtool-cross to reproduce gobject-introspection: Don't write $HOME into scripts oeqa/selftest/bbtests: Add uuid to force build test image: Exclude IMAGE_VERSION_SUFFIX from expansion in image tasks sstatesig: Revert "Test cross/native hashserv method extension" bitbake: data: Ensure functions are defined in a deterministic order bitbake.conf: Set vardepvalue for PARALLEL_MAKEINST externalsrc: Fix a source date epoch race in reproducible builds sstatesig: Add processing for full build paths in sysroot files python3: Drop broken pyc files image-artifact-names: Use SOURCE_DATE_EPOCH when making reproducible builds for deploy abi_version/sstate: Bump HASH_VERSION and SSTATE_VERSION reproducible_build: Work around caching issues Robert P. J. Day (3): ref-manual: extend explanation of PACKAGE_DEBUG_SPLIT_STYLE ref-manual: mention INHIBIT_PACKAGE_DEBUG_SPLIT variable overview-manual: delete bad backslashes in SSTATE_MIRRORS example Saul Wold (3): spdx-licenses.json: Use 3.14 tagged version spdx.py: Add SPDXAnnotation Object create-spdx: Use SPDXAnnotation to track native recipes Thomas Perrot (2): libevent: mark util/monotonic_prc_fallback as retriable ruby: fix the reproducibility issue Tom Pollard (2): bzip2: Update soname for libbz2 1.0.8 libsamplerate0: Set correct soname for 0.1.9 Trevor Woerner (1): hello-mod/hello.c: convert printk to pr_xxx William A. Kennington III (1): rm_work.bbclass: Fix for files starting with - Yi Zhao (1): inetutils: fix CVE-2021-40491 wangmy (1): strace: upgrade 5.13 -> 5.14 meta-openembedded: cff8331f96..23dc4f060f: Armin Kuster (1): README: update to main repo Chandana kalluri (1): python3-humanfriendly: Add nativesdk to BBCLASSEXTEND Changqing Li (1): layer.conf: add openembedded-layer as LAYERDEPENDS Khem Raj (3): smcroute: Add missing pkgconfig inherit packagegroup-meta-oe: Add new packages smarty and libjs-jquery-icheck gattlib: Upgrade to latest LiweiSong (1): chipsec: platform security assessment framework Martin Jansa (5): opencv: fix build with protobuf-3.18 when dnn PACKAGECONFIG is enabled libeigen: backport fix for -Werror=class-memaccess issues when NEON is enabled README: mention linux-libc-dev:i386 for luajit on ubuntu-21.10 gpsd: inherit pkgconfig pahole: use MACHINE_ARCH Matteo Croce (1): pahole: don't download vendored libbpf Mingli Yu (1): libqb: Upgrade to 2.0.3 Nandor Han (1): libiio: depend on avahi only when network backed is used Peter Kjellerstedt (1): netdata: Move the version to the file name and correct the SRC_URI Richard Purdie (1): gattlib: Place pkgconfig file in correct package Yi Zhao (1): phpmyadmin: upgrade 5.1.0 -> 5.1.1 wangmy (7): unionfs-fuse: upgrade 2.1 -> 2.2 smcroute: upgrade 2.4.4 -> 2.5.3 snort: upgrade 2.9.18 -> 2.9.18.1 libsass: upgrade 3.6.4 -> 3.6.5 sanlock: upgrade 3.8.3 -> 3.8.4 sassc: upgrade 3.6.1 -> 3.6.2 valijson: upgrade 0.5 -> 0.6 zangrc (8): python3-pychromecast: upgrade 9.2.0 -> 9.2.1 python3-pyro4: upgrade 4.80 -> 4.81 python3-pyzmq: upgrade 22.2.1 -> 22.3.0 python3-robotframework: upgrade 4.1 -> 4.1.1 python3-sqlparse: upgrade 0.4.1 -> 0.4.2 python3-tqdm: upgrade 4.62.2 -> 4.62.3 libjs-jquery-icheck: Add recipe smarty: Add recipe zhengruoqin (6): python3-cmd2: upgrade 2.1.2 -> 2.2.0 python3-huey: upgrade 2.4.0 -> 2.4.1 python3-humanfriendly: upgrade 9.2 -> 10.0 cifs-utils: upgrade 6.13 -> 6.14 cmark: upgrade 0.30.1 -> 0.30.2 gpsd: upgrade 3.23 -> 3.23.1 Signed-off-by: Patrick Williams Change-Id: Ie782ff5d7f3004fb1f1ac9a4c8644a178bae46ad --- .../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch | 42 ++++++++++++++++++++++ poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +- .../libsamplerate0/shared_version_info.patch | 13 +++++++ .../libsamplerate/libsamplerate0_0.1.9.bb | 1 + 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 poky/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch create mode 100644 poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch (limited to 'poky/meta/recipes-multimedia') diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 0000000000..d82f3a4b63 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch @@ -0,0 +1,42 @@ +CVE: CVE-2021-38171 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran + +From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh +Date: Wed, 4 Aug 2021 16:15:18 -0400 +Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in + adts_decode_extradata + +As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. +'buf' is part of 'AVPacket pkt'. +replace init_get_bits with init_get_bits8. + +Signed-off-by: Michael Niedermayer +(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) +Signed-off-by: Michael Niedermayer +--- + libavformat/adtsenc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index 3595cb3bb2..c35a12a628 100644 +--- a/libavformat/adtsenc.c ++++ b/libavformat/adtsenc.c +@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +- int off; ++ int off, ret; + +- init_get_bits(&gb, buf, size * 8); ++ ret = init_get_bits8(&gb, buf, size); ++ if (ret < 0) ++ return ret; + off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); + if (off < 0) + return off; +-- +2.31.1 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb index fc1834c00b..0c6af6549d 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb @@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ file://fix-CVE-2021-33815.patch \ - " + file://fix-CVE-2021-38171.patch \ + " SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 diff --git a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch new file mode 100644 index 0000000000..b42d564b4b --- /dev/null +++ b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch @@ -0,0 +1,13 @@ +Index: libsamplerate-0.1.8/configure.ac +=================================================================== +--- libsamplerate-0.1.8.orig/configure.ac ++++ libsamplerate-0.1.8/configure.ac +@@ -53,7 +53,7 @@ AC_PROG_LN_S + # 6. If any interfaces have been removed since the last public release, then set age + # to 0. + +-SHARED_VERSION_INFO="1:8:1" ++SHARED_VERSION_INFO="1:9:1" + + + diff --git a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb index 6dfc42b436..8345d6880f 100644 --- a/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb +++ b/poky/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb @@ -10,6 +10,7 @@ PR = "r1" SRC_URI = "http://www.mega-nerd.com/SRC/libsamplerate-${PV}.tar.gz \ file://0001-configure.ac-improve-alsa-handling.patch \ + file://shared_version_info.patch \ " SRC_URI[md5sum] = "2b78ae9fe63b36b9fbb6267fad93f259" -- cgit v1.2.3