* [warrior 00/19] Pull request
@ 2019-10-29 9:47 Armin Kuster
2019-10-29 9:47 ` [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates Armin Kuster
` (18 more replies)
0 siblings, 19 replies; 24+ messages in thread
From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw)
To: openembedded-core
This set passed A-full AB.
Most fo these have already been on the mailing list.
This is last set needed for the next dot release.
The following changes since commit b6e17afc06d7a44dc9774ee98de7f186580ddf0d:
uninative: Update to 2.7 release (2019-10-08 07:54:37 -0700)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/warrior-next
http://cgit.openembedded.org//log/?h=stable/warrior-next
Alexander Kanavin (1):
linux-yocto: add drm-bochs support
Anuj Mittal (1):
python: include CVE patches for python-native as well
Armin Kuster (1):
qemu: update to 3.1.1.1
Bruce Ashfield (6):
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
linux-yocto/5.0: make scsi-debug include scsi core configs
linux-yocto: bsp/beaglebone: support qemu -machine virt
linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
kernel-yocto: import security fragments from meta-security
linux-yocto/4.19: make drm-bochs feature available
Changqing Li (2):
python: Fix CVE-2019-10160
sudo: fix CVE-2019-14287
Chen Qi (2):
python: CVE-2019-16056
go: fix CVE-2019-16276
Dmitry Eremin-Solenikov (1):
kernel.bbclass: fix installation of modules signing certificates
George McCollister (1):
openssl: make OPENSSL_ENGINES match install path
Muminul Islam (1):
libcroco: Fix two CVEs
Yi Zhao (2):
python: add tk-lib as runtime dependency for python-tkinter
libgcrypt: fix CVE-2019-12904
Zang Ruochen (1):
gnutls:upgrade 3.6.7 -> 3.6.8
meta/classes/kernel.bbclass | 2 +-
.../recipes-connectivity/openssl/openssl_1.1.1b.bb | 2 +-
meta/recipes-devtools/go/go-1.12.inc | 1 +
...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++++++++++
meta/recipes-devtools/python/python.inc | 5 +
...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++++++
.../python/python/bpo-36742-cve-2019-10160.patch | 81 +++++
meta/recipes-devtools/python/python3_3.7.4.bb | 2 +-
meta/recipes-devtools/python/python_2.7.16.bb | 9 +-
...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} | 0
...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 14 +-
.../0001-egl-headless-add-egl_create_context.patch | 50 ----
.../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 ------
.../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ----
.../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ----
.../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 -------
.../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 ---
.../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 ------
.../qemu/qemu/CVE-2018-20815.patch | 38 ---
.../recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 ---
.../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -------------
.../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} | 0
.../sudo/sudo/CVE-2019-14287-1.patch | 178 +++++++++++
.../sudo/sudo/CVE-2019-14287-2.patch | 112 +++++++
meta/recipes-extended/sudo/sudo_1.8.27.bb | 2 +
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_4.19.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto_5.0.bb | 21 +-
.../gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} | 4 +-
.../libcroco/libcroco/CVE-2017-8834_71.patch | 38 +++
meta/recipes-support/libcroco/libcroco_0.6.12.bb | 1 +
.../files/0001-Prefetch-GCM-look-up-tables.patch | 90 ++++++
...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++
...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++
meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb | 3 +
40 files changed, 1307 insertions(+), 831 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%)
create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
--
2.7.4
^ permalink raw reply [flat|nested] 24+ messages in thread* [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8 Armin Kuster ` (17 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> If one has provided external key/certificate for modules signing, Kbuild will skip creating signing_key.pem and will write only signing_key.x509 certificate. Thus we have to check for .x509 file existence rather than .pem one. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/classes/kernel.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass index 111a0b2..fb1f493 100644 --- a/meta/classes/kernel.bbclass +++ b/meta/classes/kernel.bbclass @@ -453,7 +453,7 @@ do_shared_workdir () { cp .config $kerneldir/ mkdir -p $kerneldir/include/config cp include/config/kernel.release $kerneldir/include/config/kernel.release - if [ -e certs/signing_key.pem ]; then + if [ -e certs/signing_key.x509 ]; then # The signing_key.* files are stored in the certs/ dir in # newer Linux kernels mkdir -p $kerneldir/certs -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster 2019-10-29 9:47 ` [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support Armin Kuster ` (16 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> -Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b34486a616ab4d4b30247a5dff58a18ef26ed709) [Bug fix only update. Including: CVE-2019-3836 CVE-2019-3829 https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html] Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%) diff --git a/meta/recipes-support/gnutls/gnutls_3.6.7.bb b/meta/recipes-support/gnutls/gnutls_3.6.8.bb similarity index 93% rename from meta/recipes-support/gnutls/gnutls_3.6.7.bb rename to meta/recipes-support/gnutls/gnutls_3.6.8.bb index 01dd23c..bd752d3 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.7.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.8.bb @@ -21,8 +21,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://arm_eabi.patch \ " -SRC_URI[md5sum] = "c4ac669c500df939d4fbfea722367929" -SRC_URI[sha256sum] = "5b3409ad5aaf239808730d1ee12fdcd148c0be00262c7edf157af655a8a188e2" +SRC_URI[md5sum] = "9dcf0aa45d1a42e1b3ca5d39ec7c61a8" +SRC_URI[sha256sum] = "aa81944e5635de981171772857e72be231a7e0f559ae0292d2737de475383e83" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster 2019-10-29 9:47 ` [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates Armin Kuster 2019-10-29 9:47 ` [warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs Armin Kuster ` (15 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> Zumeng Chen has added core/basic support for the zynqmp that is bootable using the 5.0 and 5.2-rcX kernels. This makes the fragments available for future refinement and factoring. A bootlog follows: ZynqMP> setenv bootargs console=ttyPS0,115200 root=/dev/mmcblk0p3 rw rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp ZynqMP> tftpboot 0x10000000 Image; tftpboot 0x11800000 dtb; booti 0x10000000 - 0x11800000 Using ethernet@ff0e0000 device Filename 'Image'. Load address: 0x10000000 Loading: ########### 11.3 MiB/s done Bytes transferred = 16378368 (f9ea00 hex) Using ethernet@ff0e0000 device TFTP from server 128.224.162.211; our IP address is 128.224.162.99 Filename 'dtb'. Load address: 0x11800000 Loading: ## 4.7 MiB/s done Bytes transferred = 19746 (4d22 hex) Booting using the fdt blob at 0x11800000 Loading Device Tree to 0000000007ff8000, end 0000000007fffd21 ... OK Starting kernel ... Booting Linux on physical CPU 0x0000000000 [0x410fd034] Linux version 5.2.0-rc3-yoctodev-standard (oe-user@oe-host) (gcc version 9.1.0 (GCC)) #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019 Machine model: ZynqMP ZCU102 Rev1.0 earlycon: cdns0 at MMIO 0x00000000ff000000 (options '') printk: bootconsole [cdns0] enabled efi: Getting EFI parameters from FDT: efi: UEFI not found. cma: Reserved 16 MiB at 0x000000007ec00000 psci: probing for conduit method from DT. psci: PSCIv1.1 detected in firmware. psci: Using standard PSCI v0.2 function IDs psci: MIGRATE_INFO_TYPE not supported. psci: SMC Calling Convention v1.1 percpu: Embedded 30 pages/cpu s83416 r8192 d31272 u122880 Detected VIPT I-cache on CPU0 CPU features: detected: ARM erratum 845719 Speculative Store Bypass Disable mitigation not required Built 1 zonelists, mobility grouping on. Total pages: 1031940 Kernel command line: console=ttyPS0,115200 root=/dev/mmcblk0p3 rw rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes) Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes) software IO TLB: mapped [mem 0x7ac00000-0x7ec00000] (64MB) Memory: 4013572K/4193280K available (10748K kernel code, 1210K rwdata, 2764K rodata, 1216K init, 757K bss, 163324K reserved, 16384K cma-reserved) SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 ftrace: allocating 36121 entries in 142 pages rcu: Preemptible hierarchical RCU implementation. rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4. Tasks RCU enabled. rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4 NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 GIC: Adjusting CPU interface base to 0x00000000f902f000 GIC: Using split EOI/Deactivate mode random: get_random_bytes called from start_kernel+0x328/0x4c4 with crng_init=0 arch_timer: cp15 timer(s) running at 99.99MHz (phys). clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x170f8de2d3, max_idle_ns: 440795206112 ns sched_clock: 56 bits at 99MHz, resolution 10ns, wraps every 4398046511101ns Console: colour dummy device 80x25 Calibrating delay loop (skipped), value calculated using timer frequency.. 199.98 BogoMIPS (lpj=399960) pid_max: default: 32768 minimum: 301 LSM: Security Framework initializing Mount-cache hash table entries: 8192 (order: 4, 65536 bytes) Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes) *** VALIDATE proc *** *** VALIDATE cgroup1 *** *** VALIDATE cgroup2 *** ASID allocator initialised with 32768 entries rcu: Hierarchical SRCU implementation. EFI services will not be available. smp: Bringing up secondary CPUs ... Detected VIPT I-cache on CPU1 CPU1: Booted secondary processor 0x0000000001 [0x410fd034] Detected VIPT I-cache on CPU2 CPU2: Booted secondary processor 0x0000000002 [0x410fd034] Detected VIPT I-cache on CPU3 CPU3: Booted secondary processor 0x0000000003 [0x410fd034] smp: Brought up 1 node, 4 CPUs SMP: Total of 4 processors activated. CPU features: detected: 32-bit EL0 Support CPU features: detected: CRC32 instructions CPU: All CPU(s) started at EL2 alternatives: patching kernel code devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns futex hash table entries: 1024 (order: 4, 65536 bytes) xor: measuring software checksum speed 8regs : 2360.000 MB/sec 32regs : 2706.000 MB/sec arm64_neon: 2018.000 MB/sec xor: using function: 32regs (2706.000 MB/sec) DMI not present or invalid. NET: Registered protocol family 16 cpuidle: using governor ladder hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. DMA: preallocated 256 KiB pool for atomic allocations ��ɥ��ѭ console [ttyPS0] enabled 0xff000000 (irq = 33, base_baud = 6250000) is a xuartps printk: console [ttyPS0] enabled printk: bootconsole [cdns0] disabled printk: bootconsole [cdns0] disabled ff010000.serial: ttyPS1 at MMIO 0xff010000 (irq = 34, base_baud = 6250000) is a xuartps HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages raid6: neonx8 gen() 1518 MB/s raid6: neonx8 xor() 1442 MB/s raid6: neonx4 gen() 1471 MB/s raid6: neonx4 xor() 1409 MB/s raid6: neonx2 gen() 1128 MB/s raid6: neonx2 xor() 1175 MB/s raid6: neonx1 gen() 737 MB/s raid6: neonx1 xor() 887 MB/s raid6: int64x8 gen() 1166 MB/s raid6: int64x8 xor() 763 MB/s raid6: int64x4 gen() 983 MB/s raid6: int64x4 xor() 739 MB/s raid6: int64x2 gen() 683 MB/s raid6: int64x2 xor() 601 MB/s raid6: int64x1 gen() 452 MB/s raid6: int64x1 xor() 462 MB/s raid6: using algorithm neonx8 gen() 1518 MB/s raid6: .... xor() 1442 MB/s, rmw enabled raid6: using neon recovery algorithm vgaarb: loaded SCSI subsystem initialized usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb media: Linux media interface: v0.10 videodev: Linux video capture interface: v2.00 pps_core: LinuxPPS API ver. 1 registered pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> PTP clock support registered EDAC MC: Ver: 3.0.0 FPGA manager framework clocksource: Switched to clocksource arch_sys_counter *** VALIDATE hugetlbfs *** NET: Registered protocol family 2 tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes) TCP established hash table entries: 32768 (order: 6, 262144 bytes) TCP bind hash table entries: 32768 (order: 7, 524288 bytes) TCP: Hash tables configured (established 32768 bind 32768) UDP hash table entries: 2048 (order: 4, 65536 bytes) UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes) NET: Registered protocol family 1 RPC: Registered named UNIX socket transport module. RPC: Registered udp transport module. RPC: Registered tcp transport module. RPC: Registered tcp NFSv4.1 backchannel transport module. PCI: CLS 0 bytes, default 64 hw perfevents: no interrupt-affinity property for /pmu, guessing. hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available kprobes: failed to populate blacklist: -22 Please take care of using kprobes. workingset: timestamp_bits=46 max_order=20 bucket_order=0 NFS: Registering the id_resolver key type Key type id_resolver registered Key type id_legacy registered jffs2: version 2.2. �© 2001-2006 Red Hat, Inc. Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246) io scheduler mq-deadline registered io scheduler kyber registered nwl-pcie fd0e0000.pcie: Link is DOWN nwl-pcie fd0e0000.pcie: host bridge /amba/pcie@fd0e0000 ranges: nwl-pcie fd0e0000.pcie: MEM 0xe0000000..0xefffffff -> 0xe0000000 nwl-pcie fd0e0000.pcie: MEM 0x600000000..0x7ffffffff -> 0x600000000 nwl-pcie fd0e0000.pcie: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [bus 00-ff] pci_bus 0000:00: root bus resource [mem 0xe0000000-0xefffffff] pci_bus 0000:00: root bus resource [mem 0x600000000-0x7ffffffff pref] pci 0000:00:00.0: [10ee:d021] type 01 class 0x060400 pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot pci 0000:00:00.0: PCI bridge to [bus 01-0c] pcieport 0000:00:00.0: PME: Signaling with IRQ 37 xilinx-zynqmp-dma fd500000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd510000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd520000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd530000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd540000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd550000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd560000.dma: ZynqMP DMA driver Probe success xilinx-zynqmp-dma fd570000.dma: ZynqMP DMA driver Probe success cacheinfo: Unable to detect cache hierarchy for CPU 0 brd: module loaded loop: module loaded ahci-ceva fd0c0000.ahci: AHCI 0001.0301 32 slots 2 ports 6 Gbps 0x3 impl platform mode ahci-ceva fd0c0000.ahci: flags: 64bit ncq sntf pm clo only pmp fbs pio slum part ccc sds apst scsi host0: ahci-ceva scsi host1: ahci-ceva ata1: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x100 irq 31 ata2: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x180 irq 31 libphy: Fixed MDIO Bus: probed CAN device driver interface libphy: MACB_mii_bus: probed Generic PHY ff0e0000.ethernet-ffffffff:0c: attached PHY driver [Generic PHY] (mii_bus:phy_addr=ff0e0000.ethernet-ffffffff:0c, irq=POLL) macb ff0e0000.ethernet eth0: Cadence GEM rev 0x50070106 at 0xff0e0000 irq 20 (00:0a:35:04:9a:86) dwc3 fe200000.usb: Failed to get clk 'ref': -2 dwc3 fe200000.usb: Configuration mismatch. dr_mode forced to host xhci-hcd xhci-hcd.0.auto: xHCI Host Controller xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1 xhci-hcd xhci-hcd.0.auto: hcc params 0x0238f625 hci version 0x100 quirks 0x0000000002010010 xhci-hcd xhci-hcd.0.auto: irq 35, io mem 0xfe200000 hub 1-0:1.0: USB hub found hub 1-0:1.0: 1 port detected xhci-hcd xhci-hcd.0.auto: xHCI Host Controller xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2 xhci-hcd xhci-hcd.0.auto: Host supports USB 3.0 SuperSpeed usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. hub 2-0:1.0: USB hub found hub 2-0:1.0: 1 port detected usbcore: registered new interface driver usb-storage rtc_zynqmp ffa60000.rtc: registered as rtc0 pca953x 0-0020: 0-0020 supply vcc not found, using dummy regulator GPIO line 322 (sel0) hogged as output/low GPIO line 323 (sel1) hogged as output/high GPIO line 324 (sel2) hogged as output/high GPIO line 325 (sel3) hogged as output/high pca953x 0-0021: 0-0021 supply vcc not found, using dummy regulator cdns-i2c ff020000.i2c: 400 kHz mmio ff020000 irq 22 cdns-i2c ff030000.i2c: 400 kHz mmio ff030000 irq 23 i2c i2c-0: Added multiplexed i2c bus 2 i2c i2c-0: Added multiplexed i2c bus 3 i2c i2c-0: Added multiplexed i2c bus 4 i2c i2c-0: Added multiplexed i2c bus 5 pca954x 0-0075: registered 4 multiplexed busses for I2C mux pca9544 at24 6-0054: 1024 byte 24c08 EEPROM, writable, 1 bytes/write i2c i2c-1: Added multiplexed i2c bus 6 i2c i2c-7: of_i2c: modalias failure on /amba/i2c@ff030000/i2c-mux@74/i2c@1/clock-generator@36 i2c i2c-7: Failed to create I2C device for /amba/i2c@ff030000/i2c-mux@74/i2c@1/clock-generator@36 i2c i2c-1: Added multiplexed i2c bus 7 si570 8-005d: registered, current frequency 300000000 Hz i2c i2c-1: Added multiplexed i2c bus 8 si570 9-005d: clock registration failed si570: probe of 9-005d failed with error -17 i2c i2c-1: Added multiplexed i2c bus 9 i2c i2c-10: of_i2c: modalias failure on /amba/i2c@ff030000/i2c-mux@74/i2c@4/clock-generator@69 i2c i2c-10: Failed to create I2C device for /amba/i2c@ff030000/i2c-mux@74/i2c@4/clock-generator@69 i2c i2c-1: Added multiplexed i2c bus 10 i2c i2c-1: Added multiplexed i2c bus 11 i2c i2c-1: Added multiplexed i2c bus 12 i2c i2c-1: Added multiplexed i2c bus 13 pca954x 1-0074: registered 8 multiplexed busses for I2C switch pca9548 i2c i2c-1: Added multiplexed i2c bus 14 i2c i2c-1: Added multiplexed i2c bus 15 i2c i2c-1: Added multiplexed i2c bus 16 i2c i2c-1: Added multiplexed i2c bus 17 i2c i2c-1: Added multiplexed i2c bus 18 i2c i2c-1: Added multiplexed i2c bus 19 i2c i2c-1: Added multiplexed i2c bus 20 i2c i2c-1: Added multiplexed i2c bus 21 pca954x 1-0075: registered 8 multiplexed busses for I2C switch pca9548 ina2xx 2-0040: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-0041: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-0042: power monitor ina226 (Rshunt = 5000 uOhm) ata1: SATA link down (SStatus 0 SControl 330) ina2xx 2-0043: power monitor ina226 (Rshunt = 5000 uOhm) ata2: SATA link down (SStatus 0 SControl 330) ina2xx 2-0044: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-0045: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-0046: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-0047: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-004a: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 2-004b: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0040: power monitor ina226 (Rshunt = 2000 uOhm) ina2xx 3-0041: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0042: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0043: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0044: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0045: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0046: power monitor ina226 (Rshunt = 5000 uOhm) ina2xx 3-0047: power monitor ina226 (Rshunt = 5000 uOhm) cdns-wdt fd4d0000.watchdog: Xilinx Watchdog Timer at (____ptrval____) with timeout 10s device-mapper: ioctl: 4.40.0-ioctl (2019-01-18) initialised: dm-devel@redhat.com EDAC MC: ECC not enabled cpu cpu0: failed to get clock: -2 cpufreq-dt: probe of cpufreq-dt failed with error -2 sdhci: Secure Digital Host Controller Interface driver sdhci: Copyright(c) Pierre Ossman sdhci-pltfm: SDHCI platform and OF driver helper mmc0: SDHCI controller on ff170000.mmc [ff170000.mmc] using ADMA 64-bit usbcore: registered new interface driver usbhid usbhid: USB HID core driver u32 classifier Actions configured NET: Registered protocol family 10 Segment Routing with IPv6 sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver NET: Registered protocol family 17 can: controller area network core (rev 20170425 abi 9) NET: Registered protocol family 29 can: raw protocol (rev 20170425) can: broadcast manager protocol (rev 20170425 t) can: netlink gateway (rev 20170425) max_hops=1 Key type dns_resolver registered registered taskstats version 1 Btrfs loaded, crc32c=crc32c-generic Key type encrypted registered printk: console [netcon0] enabled netconsole: network logging started rtc_zynqmp ffa60000.rtc: setting system clock to 2019-06-06T03:39:58 UTC (1559792398) macb ff0e0000.ethernet eth0: link up (1000/Full) pps pps0: new PPS source ptp0 macb ff0e0000.ethernet: gem-ptp-timer ptp clock registered. IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready mmc0: Problem switching card into high-speed mode! mmc0: new SDHC card at address 0001 mmcblk0: mmc0:0001 SD16G 14.5 GiB Sending DHCP requests . mmcblk0: p1 p2 p3 , OK IP-Config: Complete: device=eth0, hwaddr=00:0a:35:04:9a:86, ipaddr=xxxxx, mask=255.255.254.0 host=xxx, domain=corp.ad.wrs.com, nis-domain=swamp bootserver=0.0.0.0, rootserver=0.0.0.0, rootpath= clk: Not disabling unused clocks md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts: (null) VFS: Mounted root (ext4 filesystem) on device 179:3. devtmpfs: mounted Freeing unused kernel memory: 1216K Run /sbin/init as init process random: fast init done systemd[1]: systemd 242-19-gdb2e367+ running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN -) systemd[1]: Detected architecture arm64. Welcome to Wind River Linux development 19.23 Update 0! systemd[1]: Set hostname to <xilinx-zynqmp>. random: systemd: uninitialized urandom read (16 bytes read) systemd[1]: Initializing machine ID from random generator. systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket �→ /run/dbus/system_bus_socket; please update the unit f. systemd[1]: /lib/systemd/system/rpcbind.socket:4: ListenStream= references a path below legacy directory /var/run/, updating /var/run/rpcbind.sock �→ /run/rpcbind.sock; please update the unit file accordingly. random: systemd: uninitialized urandom read (16 bytes read) systemd[1]: Listening on Journal Socket (/dev/log). [ OK ] Listening on Journal Socket (/dev/log). random: systemd: uninitialized urandom read (16 bytes read) systemd[1]: Listening on Syslog Socket. [ OK ] Listening on Syslog Socket. systemd[1]: Listening on udev Kernel Socket. [ OK ] Listening on udev Kernel Socket. [ OK ] Listening on udev Control Socket. [ OK ] Created slice User and Session Slice. [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Reached target Swap. [ OK ] Created slice system-serial\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on Journal Socket. Starting udev Coldplug all Devices... Mounting POSIX Message Queue File System... Mounting Temporary Directory (/tmp)... Starting Journal Service... Starting Remount Root and Kernel File Systems... Mounting Kernel Debug File System... EXT4-fs (mmcblk0p3): re-mounted. Opts: (null) Starting Create list of re�…odes for the current kernel... [ OK ] Started Forward Password R�…uests to Wall Directory Watch. [ OK ] Reached target Remote File Systems. [ OK ] Listening on Network Service Netlink Socket. Starting Apply Kernel Variables... [ OK ] Started Dispatch Password �…ts to Console Directory Watch. [ OK ] Reached target Paths. [ OK ] Created slice system-getty.slice. Mounting Huge Pages File System... [ OK ] Started Journal Service. [ OK ] Mounted POSIX Message Queue File System. [ OK ] Mounted Temporary Directory (/tmp). [ OK ] Started Remount Root and Kernel File Systems. [ OK ] Mounted Kernel Debug File System. [ OK ] Started Create list of req�… nodes for the current kernel. [ OK ] Started Apply Kernel Variables. [ OK ] Mounted Huge Pages File System. Starting Create System Users... Starting Rebuild Hardware Database... Starting Flush Journal to Persistent Storage... [ OK ] Started udev Coldplug all Devices. systemd-journald[148]: Received request to flush runtime journal from PID 1 [ OK ] Started Flush Journal to Persistent Storage. [ OK ] Started Create System Users. Starting Create Static Device Nodes in /dev... [ OK ] Started Create Static Device Nodes in /dev. [ OK ] Reached target Local File Systems (Pre). Mounting /var/volatile... [ OK ] Mounted /var/volatile. [ OK ] Reached target Local File Systems. Starting Create Volatile Files and Directories... Starting Load/Save Random Seed... [ OK ] Started Load/Save Random Seed. [ OK ] Started Create Volatile Files and Directories. Starting Network Time Synchronization... Starting Rebuild Journal Catalog... Starting Update UTMP about System Boot/Shutdown... Starting Run pending postinsts... [ OK ] Started Update UTMP about System Boot/Shutdown. [ OK ] Started Network Time Synchronization. [ OK ] Reached target System Time Set. [ OK ] Reached target System Time Synchronized. [ OK ] Started Rebuild Journal Catalog. [ OK ] Started Run pending postinsts. [ OK ] Started Rebuild Hardware Database. Starting udev Kernel Device Manager... Starting Update is Completed... [ OK ] Started Update is Completed. [ OK ] Started udev Kernel Device Manager. [ OK ] Reached target System Initialization. Starting Console System Startup Logging... [ OK ] Listening on RPCbind Server Activation Socket. [ OK ] Listening on D-Bus System Message Bus Socket. [ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket. [ OK ] Listening on dropbear.socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. [ OK ] Started System Logging Service. [ OK ] Started Dynamic Host Configuration Protocol (DHCP). [ OK ] Started Kernel Logging Service. Starting Login Service... [ OK ] Started D-Bus System Message Bus. [ OK ] Started Xserver startup without a display manager. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. Starting Telephony service... Starting Network Service... [ OK ] Started Console System Startup Logging. [ OK ] Found device /dev/ttyPS0. [ OK ] Listening on Load/Save RF �…itch Status /dev/rfkill Watch. [ OK ] Started Network Service. Starting Network Name Resolution... [ OK ] Started Login Service. [ OK ] Started Network Name Resolution. [ OK ] Started Telephony service. [ OK ] Reached target Network. Starting Berkeley Internet Name Domain (DNS)... Starting /etc/rc.local Compatibility... Starting Permit User Sessions... Starting Avahi mDNS/DNS-SD Stack... [ OK ] Started /etc/rc.local Compatibility. [ OK ] Started Permit User Sessions. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyPS0. [ OK ] Started Avahi mDNS/DNS-SD Stack. [ OK ] Started Berkeley Internet Name Domain (DNS). [ OK ] Reached target Host and Network Name Lookups. Wind River Linux development 19.23 Update 0 xilinx-zynqmp ttyPS0 xilinx-zynqmp login: root root@xilinx-zynqmp:~# uname 0a uname: extra operand '0a' Try 'uname --help' for more information. root@xilinx-zynqmp:~# uname -a Linux xilinx-zynqmp 5.2.0-rc3-yoctodev-standard #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux (From OE-Core rev: b0dc58f535a27be6c649dcf336c7dc0cdb23d96b) Signed-off-by: Zumeng Chen <zchen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index 1fe28b1..aa1609c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb" -SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69" +SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb index a9c463c..603c0c5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69" +SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index da795d9..88eacc2 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "31de88e51d100f2c3eefb7acb7390b0144bcfc69" +SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" # remap qemuarm to qemuarma15 for the 5.0 kernel # KMACHINE_qemuarm ?= "qemuarma15" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (2 preceding siblings ...) 2019-10-29 9:47 ` [warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt Armin Kuster ` (14 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> Updating the scsi-debug fragment to include the core scsi config options. This allows standalone use of the fragment, since all supporting options will be enabled simply by including the top level config in a BSP. This also removes a configuration warning on qemuarm, since we will no longer have missing / unavailable options during the config audit. (From OE-Core rev: c65826e96a77928938fef69fc0cbc65ec7431cb2) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index aa1609c..cc6ffd5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb" -SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" +SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb index 603c0c5..a3a9315 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" +SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index 88eacc2..b106a37 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590" +SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" # remap qemuarm to qemuarma15 for the 5.0 kernel # KMACHINE_qemuarm ?= "qemuarma15" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (3 preceding siblings ...) 2019-10-29 9:47 ` [warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths Armin Kuster ` (13 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> While we don't normally do a dual h/w and virt BSP (since they tend to have conflicting requirements over time). A minimal overhead option to do this was submitted to linux-yocto. Since it has no impact on the h/w reference, has SDK testing value and can serve as a template on how to do this for other arm boards, it is worth making the configuration available. The original commit log follows: [ If the kernel supports Qemu's virt machine, runqemu works almost for free. The device tree for machine virt is included in Qemu, which simplifies everything quite a bit. This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel configuration which allows to: export MACHINE="beaglebone-yocto" bitbake core-image-minimale runqemu This also works out of an eSDK. Whithout this feature usually two different SDKs need to be compiled and maintained. One SDK is used for development in Qemu, another one is used to develop for the real target hardware. Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> ] (From OE-Core rev: cc1fca6d464775daa15032f11c02d16b99759407) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index cc6ffd5..d7b3b38 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb" -SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" +SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb index a3a9315..c0caed3 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" +SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index b106a37..895cb15 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e" SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012" +SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" # remap qemuarm to qemuarma15 for the 5.0 kernel # KMACHINE_qemuarm ?= "qemuarma15" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (4 preceding siblings ...) 2019-10-29 9:47 ` [warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 07/19] kernel-yocto: import security fragments from meta-security Armin Kuster ` (12 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> From the kernel patch: [ It was observed that the kernel embeds the path in the x86 boot artifacts. From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458: [ If you turn on the buildpaths QA test, or try a reproducible build, you discover that the kernel image contains build paths. $ strings bzImage-5.0.19-yocto-standard |grep tmp/ out of pgt_buf in /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!? But what's this in the top-level Makefile: $ git grep prefix-map Makefile:KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) So the __FILE__ shouldn't be using the full path. However arch/x86/boot/compressed/Makefile has this: KBUILD_CFLAGS := -m$(BITS) -O2 So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option. ] Other architectures do not clear the flags, but instead prune before adding boot or specific options. There's no obvious reason why x86 isn't doing the same thing (pruning vs clearing) and no build or boot issues have been observed. So we make x86 can do the same thing, and we no longer have embedded paths. ] This issue has been reported upstream, and a patch submission is pending, but for now, we'll soak the proposed patch in linux-yocto to see if any issues are found [YOCTO: #13458] (From OE-Core rev: 78b0ff5960814af935a8089ec49c51d76f148149) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 6 +++--- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 19 ++++++++++--------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index d7b3b38..d1adf0c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb" -SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" +SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180" +SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb index c0caed3..7d49de6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef" -SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" +SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7" +SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index 895cb15..35088da 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -11,15 +11,16 @@ KBRANCH_qemux86 ?= "v5.0/standard/base" KBRANCH_qemux86-64 ?= "v5.0/standard/base" KBRANCH_qemumips64 ?= "v5.0/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "9161b2fa2f1cec0ba02976c389c788445858e0de" -SRCREV_machine_qemuarm64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_machine_qemumips ?= "7de9b8f0db98e51a666477c8e2b64f1964b45410" -SRCREV_machine_qemuppc ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e" -SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" -SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447" +SRCREV_machine_qemuarm ?= "d1ed980ad989252d42386c8bc63b2f5f11985ea4" +SRCREV_machine_qemuarm64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_machine_qemumips ?= "1520e78195e64f27be46a46a8d6711c8470fb083" +SRCREV_machine_qemuppc ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_machine_qemuriscv64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458" +SRCREV_machine_qemux86 ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_machine_qemux86-64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_machine_qemumips64 ?= "9d4105b32cf123a861bc754377d2f2e156278a7e" +SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03" +SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" # remap qemuarm to qemuarma15 for the 5.0 kernel # KMACHINE_qemuarm ?= "qemuarma15" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 07/19] kernel-yocto: import security fragments from meta-security 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (5 preceding siblings ...) 2019-10-29 9:47 ` [warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 08/19] linux-yocto/4.19: make drm-bochs feature available Armin Kuster ` (11 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> Adding the following fragments from meta-security to make them centrally available and easier to maintain: 283939d5c9e kernel-cache: add yama security fragments 0b86f3fa241 kernel-cache: add ima fragments 731b466654d kernel-cache: add smack 813afe8ff47 kernel-cache: add apparmor fragments (From OE-Core rev: 3063d64984e993d3e7dc2f4c80fb74005f5d6d7e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb index 213a21e..958f0ee 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d" -SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac" +SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index d1adf0c..abc8b0c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180" -SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" +SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb index a4be4b5..0178947 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938" SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" -SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac" +SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb index 7d49de6..9b5e69d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7" SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03" -SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" +SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb index 9c794ba..f5e03da 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb @@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa" SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" -SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac" +SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \ diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index 35088da..6008e3d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -20,7 +20,7 @@ SRCREV_machine_qemux86 ?= "55dd15336b7301b686a0c183f5372b49c1003d03" SRCREV_machine_qemux86-64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03" SRCREV_machine_qemumips64 ?= "9d4105b32cf123a861bc754377d2f2e156278a7e" SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03" -SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729" +SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b" # remap qemuarm to qemuarma15 for the 5.0 kernel # KMACHINE_qemuarm ?= "qemuarma15" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 08/19] linux-yocto/4.19: make drm-bochs feature available 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (6 preceding siblings ...) 2019-10-29 9:47 ` [warrior 07/19] kernel-yocto: import security fragments from meta-security Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 09/19] linux-yocto: add drm-bochs support Armin Kuster ` (10 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> The other active kernel versions have this feature available. To consistently enable the same video output for qemu, we can cherry pick the feature to 4.19. (From OE-Core rev: a777e0f34e106455f963bd58fd8728a16c588c4d) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_4.19.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb index 958f0ee..db7ade9 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d" -SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" +SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb index 0178947..cadf1a7 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938" SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" -SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" +SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb index f5e03da..d200e4d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb @@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa" SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63" -SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f" +SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \ -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 09/19] linux-yocto: add drm-bochs support 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (7 preceding siblings ...) 2019-10-29 9:47 ` [warrior 08/19] linux-yocto/4.19: make drm-bochs feature available Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 10/19] libcroco: Fix two CVEs Armin Kuster ` (9 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Alexander Kanavin <alex.kanavin@gmail.com> This allows better modesetting support for the '-vga std' emulated hardware provided by Qemu, which we want to standardize on. See here for background: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13466 (From OE-Core rev: 569d3f5d0454ed31f2f6df29f1703246a3dcd715) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_4.19.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb index ae8c343..f6ffb1f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -46,7 +46,7 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc" KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" +KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc" KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb index db7ade9..da87d47 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb @@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc" KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" +KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb index abc8b0c..928d140 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb @@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc" KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" +KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb index d200e4d..5edb97f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb @@ -43,7 +43,7 @@ COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" +KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb b/meta/recipes-kernel/linux/linux-yocto_5.0.bb index 6008e3d..d415a4a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb @@ -47,7 +47,7 @@ COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}" -KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc" +KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "" ,d)}" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 10/19] libcroco: Fix two CVEs 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (8 preceding siblings ...) 2019-10-29 9:47 ` [warrior 09/19] linux-yocto: add drm-bochs support Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 11/19] python: include CVE patches for python-native as well Armin Kuster ` (8 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Muminul Islam <misla011@fiu.edu> CVE: CVE-2017-8834 CVE-2017-8871 Signed-off-by: Muminul Islam <muislam@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../libcroco/libcroco/CVE-2017-8834_71.patch | 38 ++++++++++++++++++++++ meta/recipes-support/libcroco/libcroco_0.6.12.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch new file mode 100644 index 0000000..cdfc9cf --- /dev/null +++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch @@ -0,0 +1,38 @@ +From 38bdf8e956218dd6a72942229cf39ef8e45dd28f Mon Sep 17 00:00:00 2001 +From: Mike Gorse <mgorse@alum.wpi.edu> +Date: Thu, 2 May 2019 10:54:43 -0500 +Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8 +Reply-To: muislam@microsoft.com; Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Otherwise, the offending character is never consumed, possibly leading +to an infinite loop. + +https://bugzilla.gnome.org/show_bug.cgi?id=782647 + +CVE: CVE-2017-8834 CVE-2017-8871 + +Upstream-Status: Backport + +Signed-off-by: Muminul Islam <muislam@microsoft.com> + +Upstream commit: https://bug782647.bugzilla-attachments.gnome.org/attachment.cgi?id=374219 +--- + src/cr-utils.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cr-utils.c b/src/cr-utils.c +index 2420cec..6cf4849 100644 +--- a/src/cr-utils.c ++++ b/src/cr-utils.c +@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in, + + } else { + /*BAD ENCODING */ ++ nb_bytes_2_decode = 1; + goto end; + } + +-- +2.23.0 + diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb index f95a583..85a120d 100644 --- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb +++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb @@ -18,6 +18,7 @@ inherit gnomebase gtk-doc binconfig-disabled SRC_URI += "file://CVE-2017-7960.patch \ file://CVE-2017-7961.patch \ + file://CVE-2017-8834_71.patch \ " SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 11/19] python: include CVE patches for python-native as well 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (9 preceding siblings ...) 2019-10-29 9:47 ` [warrior 10/19] libcroco: Fix two CVEs Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter Armin Kuster ` (7 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Also avoids maintaining a different set of patches for both. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b3b1c00cc46b33ddbf7e008267032220e1e298af) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-devtools/python/python.inc | 5 +++++ meta/recipes-devtools/python/python_2.7.16.bb | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index 779df53..8d0e908 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -8,6 +8,11 @@ INC_PR = "r1" LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ + file://bpo-35907-cve-2019-9948.patch \ + file://bpo-35907-cve-2019-9948-fix.patch \ + file://bpo-36216-cve-2019-9636.patch \ + file://bpo-36216-cve-2019-9636-fix.patch \ + file://CVE-2019-9740.patch \ " SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5" diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb index c6160ae..a02a628 100644 --- a/meta/recipes-devtools/python/python_2.7.16.bb +++ b/meta/recipes-devtools/python/python_2.7.16.bb @@ -30,11 +30,6 @@ SRC_URI += " \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ file://float-endian.patch \ file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \ - file://bpo-35907-cve-2019-9948.patch \ - file://bpo-35907-cve-2019-9948-fix.patch \ - file://bpo-36216-cve-2019-9636.patch \ - file://bpo-36216-cve-2019-9636-fix.patch \ - file://CVE-2019-9740.patch \ " S = "${WORKDIR}/Python-${PV}" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (10 preceding siblings ...) 2019-10-29 9:47 ` [warrior 11/19] python: include CVE patches for python-native as well Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 13/19] python: CVE-2019-16056 Armin Kuster ` (6 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Yi Zhao <yi.zhao@windriver.com> Fixes: ERROR: python-2.7.16-r0 do_package_qa: QA Issue: /usr/lib/python2.7/lib-dynload/_tkinter.so contained in package python-tkinter requires libtk8.6.so, but no providers found in RDEPENDS_python-tkinter? [file-rdeps] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit f78248a2380bbbbf271b5bb02c762f5bc7a3a92e) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-devtools/python/python3_3.7.4.bb | 2 +- meta/recipes-devtools/python/python_2.7.16.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/python/python3_3.7.4.bb b/meta/recipes-devtools/python/python3_3.7.4.bb index dd16351..af3c325 100644 --- a/meta/recipes-devtools/python/python3_3.7.4.bb +++ b/meta/recipes-devtools/python/python3_3.7.4.bb @@ -294,6 +294,6 @@ FILES_${PN}-man = "${datadir}/man" RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed" RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" -RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', '', d)}" +RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" RDEPENDS_${PN}-dev = "" diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb index a02a628..ec724c3 100644 --- a/meta/recipes-devtools/python/python_2.7.16.bb +++ b/meta/recipes-devtools/python/python_2.7.16.bb @@ -173,7 +173,7 @@ RDEPENDS_${PN}-modules += "${PN}-misc" # ptest RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip tzdata-europe coreutils sed" -RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', '', d)}" +RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" # catch manpage PACKAGES += "${PN}-man" FILES_${PN}-man = "${datadir}/man" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 13/19] python: CVE-2019-16056 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (11 preceding siblings ...) 2019-10-29 9:47 ` [warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 14/19] python: Fix CVE-2019-10160 Armin Kuster ` (5 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 27be9cf71a6fe906a23e81b56f1cc18a6fc9ef97) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- ...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++++++++++++++++++++++ meta/recipes-devtools/python/python_2.7.16.bb | 1 + 2 files changed, 91 insertions(+) create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch new file mode 100644 index 0000000..5415472 --- /dev/null +++ b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch @@ -0,0 +1,90 @@ +From 532ed09c5454bb789a301bb6f1339a0818255610 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com> +Date: Sat, 14 Sep 2019 13:26:38 -0400 +Subject: [PATCH] [2.7] bpo-34155: Dont parse domains containing @ (GH-13079) + (GH-16006) + +This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address. + +(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9) + +Excludes changes to Lib/email/_header_value_parser.py, which did not +exist in 2.7. + +Co-authored-by: jpic <jpic@users.noreply.github.com> + +https://bugs.python.org/issue34155 + +Upstream-Status: Backport [https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9] + +CVE: CVE-2019-16056 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + Lib/email/_parseaddr.py | 11 ++++++++++- + Lib/email/test/test_email.py | 14 ++++++++++++++ + .../2019-05-04-13-33-37.bpo-34155.MJll68.rst | 1 + + 3 files changed, 25 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst + +diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py +index 690db2c22d..dc49d2e45a 100644 +--- a/Lib/email/_parseaddr.py ++++ b/Lib/email/_parseaddr.py +@@ -336,7 +336,12 @@ class AddrlistClass: + aslist.append('@') + self.pos += 1 + self.gotonext() +- return EMPTYSTRING.join(aslist) + self.getdomain() ++ domain = self.getdomain() ++ if not domain: ++ # Invalid domain, return an empty address instead of returning a ++ # local part to denote failed parsing. ++ return EMPTYSTRING ++ return EMPTYSTRING.join(aslist) + domain + + def getdomain(self): + """Get the complete domain name from an address.""" +@@ -351,6 +356,10 @@ class AddrlistClass: + elif self.field[self.pos] == '.': + self.pos += 1 + sdlist.append('.') ++ elif self.field[self.pos] == '@': ++ # bpo-34155: Don't parse domains with two `@` like ++ # `a@malicious.org@important.com`. ++ return EMPTYSTRING + elif self.field[self.pos] in self.atomends: + break + else: +diff --git a/Lib/email/test/test_email.py b/Lib/email/test/test_email.py +index 4b4dee3d34..2efe44ac5a 100644 +--- a/Lib/email/test/test_email.py ++++ b/Lib/email/test/test_email.py +@@ -2306,6 +2306,20 @@ class TestMiscellaneous(TestEmailBase): + self.assertEqual(Utils.parseaddr('<>'), ('', '')) + self.assertEqual(Utils.formataddr(Utils.parseaddr('<>')), '') + ++ def test_parseaddr_multiple_domains(self): ++ self.assertEqual( ++ Utils.parseaddr('a@b@c'), ++ ('', '') ++ ) ++ self.assertEqual( ++ Utils.parseaddr('a@b.c@c'), ++ ('', '') ++ ) ++ self.assertEqual( ++ Utils.parseaddr('a@172.17.0.1@c'), ++ ('', '') ++ ) ++ + def test_noquote_dump(self): + self.assertEqual( + Utils.formataddr(('A Silly Person', 'person@dom.ain')), +diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst +new file mode 100644 +index 0000000000..50292e29ed +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst +@@ -0,0 +1 @@ ++Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic. diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb index ec724c3..b263e72 100644 --- a/meta/recipes-devtools/python/python_2.7.16.bb +++ b/meta/recipes-devtools/python/python_2.7.16.bb @@ -30,6 +30,7 @@ SRC_URI += " \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ file://float-endian.patch \ file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \ + file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \ " S = "${WORKDIR}/Python-${PV}" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 14/19] python: Fix CVE-2019-10160 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (12 preceding siblings ...) 2019-10-29 9:47 ` [warrior 13/19] python: CVE-2019-16056 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 15/19] openssl: make OPENSSL_ENGINES match install path Armin Kuster ` (4 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Changqing Li <changqing.li@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 10d87a3085665a959a5fda64ae3895cb27ddf343) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../python/python/bpo-36742-cve-2019-10160.patch | 81 ++++++++++++++++++++++ meta/recipes-devtools/python/python_2.7.16.bb | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch diff --git a/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch new file mode 100644 index 0000000..1b6cb8c --- /dev/null +++ b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch @@ -0,0 +1,81 @@ +From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 10 Oct 2019 16:32:19 +0800 +Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in + urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames + +Upstream-Status: Backport + +https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259 +https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7 + +CVE: CVE-2019-10160 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + Lib/test/test_urlparse.py | 19 +++++++++++++------ + Lib/urlparse.py | 14 +++++++++----- + 2 files changed, 22 insertions(+), 11 deletions(-) + +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 1830d0b..857ed96 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase): + self.assertIn(u'\u2100', denorm_chars) + self.assertIn(u'\uFF03', denorm_chars) + ++ # bpo-36742: Verify port separators are ignored when they ++ # existed prior to decomposition ++ urlparse.urlsplit(u'http://\u30d5\u309a:80') ++ with self.assertRaises(ValueError): ++ urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380') ++ + for scheme in [u"http", u"https", u"ftp"]: +- for c in denorm_chars: +- url = u"{}://netloc{}false.netloc/path".format(scheme, c) +- if test_support.verbose: +- print "Checking %r" % url +- with self.assertRaises(ValueError): +- urlparse.urlsplit(url) ++ for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]: ++ for c in denorm_chars: ++ url = u"{}://{}/path".format(scheme, netloc.format(c)) ++ if test_support.verbose: ++ print "Checking %r" % url ++ with self.assertRaises(ValueError): ++ urlparse.urlsplit(url) + + def test_main(): + test_support.run_unittest(UrlParseTestCase) +diff --git a/Lib/urlparse.py b/Lib/urlparse.py +index 54eda08..e34b368 100644 +--- a/Lib/urlparse.py ++++ b/Lib/urlparse.py +@@ -171,14 +171,18 @@ def _checknetloc(netloc): + # looking for characters like \u2100 that expand to 'a/c' + # IDNA uses NFKC equivalence, so normalize for this check + import unicodedata +- netloc2 = unicodedata.normalize('NFKC', netloc) +- if netloc == netloc2: ++ n = netloc.replace(u'@', u'') # ignore characters already included ++ n = n.replace(u':', u'') # but not the surrounding text ++ n = n.replace(u'#', u'') ++ n = n.replace(u'?', u'') ++ ++ netloc2 = unicodedata.normalize('NFKC', n) ++ if n == netloc2: + return +- _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay + for c in '/?#@:': + if c in netloc2: +- raise ValueError("netloc '" + netloc2 + "' contains invalid " + +- "characters under NFKC normalization") ++ raise ValueError(u"netloc '" + netloc + u"' contains invalid " + ++ u"characters under NFKC normalization") + + def urlsplit(url, scheme='', allow_fragments=True): + """Parse a URL into 5 components: +-- +2.7.4 + diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb index b263e72..1c7c581 100644 --- a/meta/recipes-devtools/python/python_2.7.16.bb +++ b/meta/recipes-devtools/python/python_2.7.16.bb @@ -31,6 +31,7 @@ SRC_URI += " \ file://float-endian.patch \ file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \ file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \ + file://bpo-36742-cve-2019-10160.patch \ " S = "${WORKDIR}/Python-${PV}" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 15/19] openssl: make OPENSSL_ENGINES match install path 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (13 preceding siblings ...) 2019-10-29 9:47 ` [warrior 14/19] python: Fix CVE-2019-10160 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 16/19] libgcrypt: fix CVE-2019-12904 Armin Kuster ` (3 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: George McCollister <george.mccollister@gmail.com> Set OPENSSL_ENGINES to the path where engines are actually installed. Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 578f41124565a7cda738c7fe3d25702ee41b08ed) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-connectivity/openssl/openssl_1.1.1b.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb index df2698f..9e36df8 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb @@ -148,7 +148,7 @@ do_install_append_class-native () { OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines + OPENSSL_ENGINES=${libdir}/engines-1.1 } do_install_append_class-nativesdk () { -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 16/19] libgcrypt: fix CVE-2019-12904 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (14 preceding siblings ...) 2019-10-29 9:47 ` [warrior 15/19] openssl: make OPENSSL_ENGINES match install path Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 17/19] sudo: fix CVE-2019-14287 Armin Kuster ` (2 subsequent siblings) 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Yi Zhao <yi.zhao@windriver.com> In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12904 Patches from: https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705 https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762 https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 4c207cb1ad46c0d2005ab3eae70d78c937e084b5) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../files/0001-Prefetch-GCM-look-up-tables.patch | 90 ++++++ ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++ ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++ meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb | 3 + 4 files changed, 603 insertions(+) create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch diff --git a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch new file mode 100644 index 0000000..4df96f0 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch @@ -0,0 +1,90 @@ +From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Sat, 27 Apr 2019 19:33:28 +0300 +Subject: [PATCH 1/3] Prefetch GCM look-up tables + +* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) +(prefetch_tables): New. +(ghash_internal): Call prefetch_tables. +-- + +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index c19f09f..11f119a 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -118,6 +118,34 @@ static const u16 gcmR[256] = { + 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, + }; + ++static inline ++void prefetch_table(const void *tab, size_t len) ++{ ++ const volatile byte *vtab = tab; ++ size_t i; ++ ++ for (i = 0; i < len; i += 8 * 32) ++ { ++ (void)vtab[i + 0 * 32]; ++ (void)vtab[i + 1 * 32]; ++ (void)vtab[i + 2 * 32]; ++ (void)vtab[i + 3 * 32]; ++ (void)vtab[i + 4 * 32]; ++ (void)vtab[i + 5 * 32]; ++ (void)vtab[i + 6 * 32]; ++ (void)vtab[i + 7 * 32]; ++ } ++ ++ (void)vtab[len - 1]; ++} ++ ++static inline void ++do_prefetch_tables (const void *gcmM, size_t gcmM_size) ++{ ++ prefetch_table(gcmM, gcmM_size); ++ prefetch_table(gcmR, sizeof(gcmR)); ++} ++ + #ifdef GCM_TABLES_USE_U64 + static void + bshift (u64 * b0, u64 * b1) +@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) + #define fillM(c) \ + do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) + #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table) ++#define prefetch_tables(c) \ ++ do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table)) + + #else + +@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf) + + #define fillM(c) do { } while (0) + #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf) ++#define prefetch_tables(c) do {} while (0) + + #endif /* !GCM_USE_TABLES */ + +@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf, + const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; + unsigned int burn = 0; + ++ prefetch_tables (c); ++ + while (nblocks) + { + burn = GHASH (c, result, buf); +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch new file mode 100644 index 0000000..c82c5b5 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch @@ -0,0 +1,332 @@ +From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:18:09 +0300 +Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between + processes + +* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. +* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. +(enc_tables): New structure for encryption table with counters before +and after. +(encT): New macro. +(dec_tables): Add counters before and after encryption table; Move +from .rodata to .data section. +(do_encrypt): Change 'encT' to 'enc_tables.T'. +(do_decrypt): Change '&dec_tables' to 'dec_tables.T'. +* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input +with length not multiple of 256. +(prefetch_enc, prefetch_dec): Modify pre- and post-table counters +to unshare look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/rijndael-internal.h | 4 +- + cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++-------------------- + cipher/rijndael.c | 35 ++++++++-- + 3 files changed, 118 insertions(+), 76 deletions(-) + +diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h +index 160fb8c..a62d4b7 100644 +--- a/cipher/rijndael-internal.h ++++ b/cipher/rijndael-internal.h +@@ -29,11 +29,13 @@ + #define BLOCKSIZE (128/8) + + +-/* Helper macro to force alignment to 16 bytes. */ ++/* Helper macro to force alignment to 16 or 64 bytes. */ + #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED + # define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) + #else + # define ATTR_ALIGNED_16 ++# define ATTR_ALIGNED_64 + #endif + + +diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h +index 8359470..b54d959 100644 +--- a/cipher/rijndael-tables.h ++++ b/cipher/rijndael-tables.h +@@ -21,80 +21,98 @@ + /* To keep the actual implementation at a readable size we use this + include file to define the tables. */ + +-static const u32 encT[256] = ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u32 T[256]; ++ volatile u32 counter_tail; ++} enc_tables ATTR_ALIGNED_64 = + { +- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, +- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, +- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, +- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, +- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, +- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, +- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, +- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, +- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, +- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, +- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, +- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, +- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, +- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, +- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, +- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, +- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, +- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, +- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, +- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, +- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, +- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, +- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, +- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, +- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, +- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, +- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, +- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, +- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, +- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, +- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, +- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, +- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, +- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, +- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, +- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, +- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, +- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, +- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, +- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, +- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, +- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, +- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, +- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, +- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, +- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, +- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, +- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, +- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, +- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, +- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, +- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, +- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, +- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, +- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, +- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, +- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, +- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, +- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, +- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, +- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, +- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, +- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, +- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ 0, ++ { 0, }, ++ { ++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, ++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, ++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, ++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, ++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, ++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, ++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, ++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, ++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, ++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, ++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, ++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, ++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, ++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, ++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, ++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, ++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, ++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, ++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, ++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, ++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, ++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, ++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, ++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, ++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, ++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, ++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, ++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, ++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, ++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, ++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, ++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, ++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, ++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, ++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, ++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, ++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, ++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, ++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, ++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, ++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, ++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, ++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, ++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, ++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, ++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, ++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, ++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, ++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, ++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, ++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, ++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, ++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, ++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, ++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, ++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, ++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, ++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, ++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, ++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, ++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, ++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, ++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, ++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ }, ++ 0 + }; + +-static const struct ++#define encT enc_tables.T ++ ++static struct + { ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; + u32 T[256]; + byte inv_sbox[256]; +-} dec_tables = ++ volatile u32 counter_tail; ++} dec_tables ATTR_ALIGNED_64 = + { ++ 0, ++ { 0, }, + { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, +@@ -194,7 +212,8 @@ static const struct + 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, + 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, + 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +- } ++ }, ++ 0 + }; + + #define decT dec_tables.T +diff --git a/cipher/rijndael.c b/cipher/rijndael.c +index 8637195..d0edab2 100644 +--- a/cipher/rijndael.c ++++ b/cipher/rijndael.c +@@ -227,11 +227,11 @@ static const char *selftest(void); + + \f + /* Prefetching for encryption/decryption tables. */ +-static void prefetch_table(const volatile byte *tab, size_t len) ++static inline void prefetch_table(const volatile byte *tab, size_t len) + { + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)tab[i + 0 * 32]; + (void)tab[i + 1 * 32]; +@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len) + (void)tab[i + 6 * 32]; + (void)tab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)tab[i]; ++ } + + (void)tab[len - 1]; + } + + static void prefetch_enc(void) + { +- prefetch_table((const void *)encT, sizeof(encT)); ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ enc_tables.counter_head++; ++ enc_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ ++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables)); + } + + static void prefetch_dec(void) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ dec_tables.counter_head++; ++ dec_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table((const void *)&dec_tables, sizeof(dec_tables)); + } + +@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, +- encT); ++ enc_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx, + return ret; + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) +- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); ++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, ++ enc_tables.T); + #else + return do_encrypt_fn (ctx, bx, ax); + #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/ +@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) + return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + #else + return do_decrypt_fn (ctx, bx, ax); + #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/ +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch new file mode 100644 index 0000000..b580b7b --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch @@ -0,0 +1,178 @@ +From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:27:25 +0300 +Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare + between processes + +* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. +(gcmR): Move to 'gcm_table' structure. +(gcm_table): New structure for look-up table with counters before and +after. +(gcmR): New macro. +(prefetch_table): Handle input with length not multiple of 256. +(do_prefetch_tables): Modify pre- and post-table counters to unshare +look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 70 insertions(+), 36 deletions(-) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index 11f119a..194e2ec 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -30,6 +30,14 @@ + #include "./cipher-internal.h" + + ++/* Helper macro to force alignment to 16 or 64 bytes. */ ++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) ++#else ++# define ATTR_ALIGNED_64 ++#endif ++ ++ + #ifdef GCM_USE_INTEL_PCLMUL + extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c); + +@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf, + + + #ifdef GCM_USE_TABLES +-static const u16 gcmR[256] = { +- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, +- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, +- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, +- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, +- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, +- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, +- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, +- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, +- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, +- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, +- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, +- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, +- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, +- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, +- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, +- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, +- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, +- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, +- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, +- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, +- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, +- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, +- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, +- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, +- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, +- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, +- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, +- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, +- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, +- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, +- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, +- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, +-}; ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u16 R[256]; ++ volatile u32 counter_tail; ++} gcm_table ATTR_ALIGNED_64 = ++ { ++ 0, ++ { 0, }, ++ { ++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, ++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, ++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, ++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, ++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, ++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, ++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, ++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, ++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, ++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, ++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, ++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, ++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, ++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, ++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, ++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, ++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, ++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, ++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, ++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, ++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, ++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, ++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, ++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, ++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, ++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, ++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, ++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, ++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, ++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, ++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, ++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, ++ }, ++ 0 ++ }; ++ ++#define gcmR gcm_table.R + + static inline + void prefetch_table(const void *tab, size_t len) +@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len) + const volatile byte *vtab = tab; + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)vtab[i + 0 * 32]; + (void)vtab[i + 1 * 32]; +@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len) + (void)vtab[i + 6 * 32]; + (void)vtab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)vtab[i]; ++ } + + (void)vtab[len - 1]; + } +@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len) + static inline void + do_prefetch_tables (const void *gcmM, size_t gcmM_size) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ gcm_table.counter_head++; ++ gcm_table.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table(gcmM, gcmM_size); +- prefetch_table(gcmR, sizeof(gcmR)); ++ prefetch_table(&gcm_table, sizeof(gcm_table)); + } + + #ifdef GCM_TABLES_USE_U64 +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb index fda68a2..11d078d 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb @@ -21,6 +21,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ + file://0001-Prefetch-GCM-look-up-tables.patch \ + file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ + file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ " SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573" SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 17/19] sudo: fix CVE-2019-14287 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (15 preceding siblings ...) 2019-10-29 9:47 ` [warrior 16/19] libgcrypt: fix CVE-2019-12904 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-10-29 9:47 ` [warrior 18/19] go: fix CVE-2019-16276 Armin Kuster 2019-10-29 9:47 ` [warrior 19/19] qemu: update to 3.1.1.1 Armin Kuster 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Changqing Li <changqing.li@windriver.com> In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../sudo/sudo/CVE-2019-14287-1.patch | 178 +++++++++++++++++++++ .../sudo/sudo/CVE-2019-14287-2.patch | 112 +++++++++++++ meta/recipes-extended/sudo/sudo_1.8.27.bb | 2 + 3 files changed, 292 insertions(+) create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch new file mode 100644 index 0000000..2a11e3f --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch @@ -0,0 +1,178 @@ +From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Thu, 10 Oct 2019 10:04:13 -0600 +Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change". + Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security. + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520] +CVE: CVE-2019-14287 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++------------------------- + 1 files changed, 53 insertions(+), 46 deletions(-) + +diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c +index 2dfce75..6b3916b 100644 +--- a/lib/util/strtoid.c ++++ b/lib/util/strtoid.c +@@ -49,6 +49,27 @@ + #include "sudo_util.h" + + /* ++ * Make sure that the ID ends with a valid separator char. ++ */ ++static bool ++valid_separator(const char *p, const char *ep, const char *sep) ++{ ++ bool valid = false; ++ debug_decl(valid_separator, SUDO_DEBUG_UTIL) ++ ++ if (ep != p) { ++ /* check for valid separator (including '\0') */ ++ if (sep == NULL) ++ sep = ""; ++ do { ++ if (*ep == *sep) ++ valid = true; ++ } while (*sep++ != '\0'); ++ } ++ debug_return_bool(valid); ++} ++ ++/* + * Parse a uid/gid in string form. + * If sep is non-NULL, it contains valid separator characters (e.g. comma, space) + * If endp is non-NULL it is set to the next char after the ID. +@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + char *ep; + id_t ret = 0; + long long llval; +- bool valid = false; + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + + /* skip leading space so we can pick up the sign, if any */ + while (isspace((unsigned char)*p)) + p++; +- if (sep == NULL) +- sep = ""; ++ ++ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */ + errno = 0; + llval = strtoll(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); ++ if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) { ++ errno = ERANGE; ++ if (errstr != NULL) ++ *errstr = N_("value too large"); ++ goto done; + } +- if (!valid) { ++ if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) { ++ errno = ERANGE; + if (errstr != NULL) +- *errstr = N_("invalid value"); +- errno = EINVAL; ++ *errstr = N_("value too small"); + goto done; + } +- if (errno == ERANGE) { +- if (errstr != NULL) { +- if (llval == LLONG_MAX) +- *errstr = N_("value too large"); +- else +- *errstr = N_("value too small"); +- } ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) { ++ if (errstr != NULL) ++ *errstr = N_("invalid value"); ++ errno = EINVAL; + goto done; + } + ret = (id_t)llval; +@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + { + char *ep; + id_t ret = 0; +- bool valid = false; + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + + /* skip leading space so we can pick up the sign, if any */ + while (isspace((unsigned char)*p)) + p++; +- if (sep == NULL) +- sep = ""; ++ + errno = 0; + if (*p == '-') { + long lval = strtol(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); +- } +- if (!valid) { +- if (errstr != NULL) +- *errstr = N_("invalid value"); +- errno = EINVAL; +- goto done; +- } + if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) { + errno = ERANGE; + if (errstr != NULL) +@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr + *errstr = N_("value too small"); + goto done; + } +- ret = (id_t)lval; +- } else { +- unsigned long ulval = strtoul(p, &ep, 10); +- if (ep != p) { +- /* check for valid separator (including '\0') */ +- do { +- if (*ep == *sep) +- valid = true; +- } while (*sep++ != '\0'); +- } +- if (!valid) { ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || lval == -1) { + if (errstr != NULL) + *errstr = N_("invalid value"); + errno = EINVAL; + goto done; + } ++ ret = (id_t)lval; ++ } else { ++ unsigned long ulval = strtoul(p, &ep, 10); + if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) { + errno = ERANGE; + if (errstr != NULL) + *errstr = N_("value too large"); + goto done; + } ++ ++ /* Disallow id -1, which means "no change". */ ++ if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) { ++ if (errstr != NULL) ++ *errstr = N_("invalid value"); ++ errno = EINVAL; ++ goto done; ++ } + ret = (id_t)ulval; + } + if (errstr != NULL) +-- +2.7.4 + diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch new file mode 100644 index 0000000..453a8b0 --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch @@ -0,0 +1,112 @@ +From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Thu, 10 Oct 2019 10:04:13 -0600 +Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust + testsudoers/test5 which relied upon gid -1 parsing. + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57] +CVE: CVE-2019-14287 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + lib/util/regress/atofoo/atofoo_test.c | 36 ++++++++++++++++------ + plugins/sudoers/regress/testsudoers/test5.out.ok | 2 +- + plugins/sudoers/regress/testsudoers/test5.sh | 2 +- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c +index 031a7ed..fb41c1a 100644 +--- a/lib/util/regress/atofoo/atofoo_test.c ++++ b/lib/util/regress/atofoo/atofoo_test.c +@@ -26,6 +26,7 @@ + #else + # include "compat/stdbool.h" + #endif ++#include <errno.h> + + #include "sudo_compat.h" + #include "sudo_util.h" +@@ -80,15 +81,20 @@ static struct strtoid_data { + id_t id; + const char *sep; + const char *ep; ++ int errnum; + } strtoid_data[] = { +- { "0,1", 0, ",", "," }, +- { "10", 10, NULL, NULL }, +- { "-2", -2, NULL, NULL }, ++ { "0,1", 0, ",", ",", 0 }, ++ { "10", 10, NULL, NULL, 0 }, ++ { "-1", 0, NULL, NULL, EINVAL }, ++ { "4294967295", 0, NULL, NULL, EINVAL }, ++ { "4294967296", 0, NULL, NULL, ERANGE }, ++ { "-2147483649", 0, NULL, NULL, ERANGE }, ++ { "-2", -2, NULL, NULL, 0 }, + #if SIZEOF_ID_T != SIZEOF_LONG_LONG +- { "-2", (id_t)4294967294U, NULL, NULL }, ++ { "-2", (id_t)4294967294U, NULL, NULL, 0 }, + #endif +- { "4294967294", (id_t)4294967294U, NULL, NULL }, +- { NULL, 0, NULL, NULL } ++ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 }, ++ { NULL, 0, NULL, NULL, 0 } + }; + + static int +@@ -104,11 +110,23 @@ test_strtoid(int *ntests) + (*ntests)++; + errstr = "some error"; + value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr); +- if (errstr != NULL) { +- if (d->id != (id_t)-1) { +- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr); ++ if (d->errnum != 0) { ++ if (errstr == NULL) { ++ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d", ++ d->idstr, d->errnum); ++ errors++; ++ } else if (value != 0) { ++ sudo_warnx_nodebug("FAIL: %s should return 0 on error", ++ d->idstr); ++ errors++; ++ } else if (errno != d->errnum) { ++ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d", ++ d->idstr, errno, d->errnum); + errors++; + } ++ } else if (errstr != NULL) { ++ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr); ++ errors++; + } else if (value != d->id) { + sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id); + errors++; +diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok +index 5e319c9..cecf700 100644 +--- a/plugins/sudoers/regress/testsudoers/test5.out.ok ++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok +@@ -4,7 +4,7 @@ Parse error in sudoers near line 1. + Entries for user root: + + Command unmatched +-testsudoers: test5.inc should be owned by gid 4294967295 ++testsudoers: test5.inc should be owned by gid 4294967294 + Parse error in sudoers near line 1. + + Entries for user root: +diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh +index 9e690a6..94d585c 100755 +--- a/plugins/sudoers/regress/testsudoers/test5.sh ++++ b/plugins/sudoers/regress/testsudoers/test5.sh +@@ -24,7 +24,7 @@ EOF + + # Test group writable + chmod 664 $TESTFILE +-./testsudoers -U $MYUID -G -1 root id <<EOF ++./testsudoers -U $MYUID -G -2 root id <<EOF + #include $TESTFILE + EOF + +-- +2.7.4 + diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb index 4a34393..7460a5b 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.27.bb @@ -3,6 +3,8 @@ require sudo.inc SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-Include-sys-types.h-for-id_t-definition.patch \ + file://CVE-2019-14287-1.patch \ + file://CVE-2019-14287-2.patch \ " PAM_SRC_URI = "file://sudo.pam" -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* [warrior 18/19] go: fix CVE-2019-16276 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (16 preceding siblings ...) 2019-10-29 9:47 ` [warrior 17/19] sudo: fix CVE-2019-14287 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 2019-11-01 17:33 ` Andrey Zhizhikin 2019-10-29 9:47 ` [warrior 19/19] qemu: update to 3.1.1.1 Armin Kuster 18 siblings, 1 reply; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core From: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a) Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-devtools/go/go-1.12.inc | 1 + ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 +++++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch diff --git a/meta/recipes-devtools/go/go-1.12.inc b/meta/recipes-devtools/go/go-1.12.inc index 0cf0a63..66df500 100644 --- a/meta/recipes-devtools/go/go-1.12.inc +++ b/meta/recipes-devtools/go/go-1.12.inc @@ -16,6 +16,7 @@ SRC_URI += "\ file://0006-cmd-dist-separate-host-and-target-builds.patch \ file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ + file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch new file mode 100644 index 0000000..7b39dbd --- /dev/null +++ b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch @@ -0,0 +1,163 @@ +From 265b691ac440bfb711d8de323346f7d72e620efe Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda <filippo@golang.org> +Date: Thu, 12 Sep 2019 12:37:36 -0400 +Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't + normalize headers with spaces before the colon + +RFC 7230 is clear about headers with a space before the colon, like + +X-Answer : 42 + +being invalid, but we've been accepting and normalizing them for compatibility +purposes since CL 5690059 in 2012. + +On the client side, this is harmless and indeed most browsers behave the same +to this day. On the server side, this becomes a security issue when the +behavior doesn't match that of a reverse proxy sitting in front of the server. + +For example, if a WAF accepts them without normalizing them, it might be +possible to bypass its filters, because the Go server would interpret the +header differently. Worse, if the reverse proxy coalesces requests onto a +single HTTP/1.1 connection to a Go server, the understanding of the request +boundaries can get out of sync between them, allowing an attacker to tack an +arbitrary method and path onto a request by other clients, including +authentication headers unknown to the attacker. + +This was recently presented at multiple security conferences: +https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn + +net/http servers already reject header keys with invalid characters. +Simply stop normalizing extra spaces in net/textproto, let it return them +unchanged like it does for other invalid headers, and let net/http enforce +RFC 7230, which is HTTP specific. This loses us normalization on the client +side, but there's no right answer on the client side anyway, and hiding the +issue sounds worse than letting the application decide. + +Fixes CVE-2019-16276 + +Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/549719 +Reviewed-by: Brad Fitzpatrick <bradfitz@google.com> +(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082) +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558776 +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> + +CVE: CVE-2019-16276 + +Upstream-Status: Backport [https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/net/http/serve_test.go | 4 ++++ + src/net/http/transport_test.go | 27 +++++++++++++++++++++++++++ + src/net/textproto/reader.go | 10 ++-------- + src/net/textproto/reader_test.go | 13 ++++++------- + 4 files changed, 39 insertions(+), 15 deletions(-) + +diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go +index 6eb0088a96..89bfdfbb82 100644 +--- a/src/net/http/serve_test.go ++++ b/src/net/http/serve_test.go +@@ -4748,6 +4748,10 @@ func TestServerValidatesHeaders(t *testing.T) { + {"foo\xffbar: foo\r\n", 400}, // binary in header + {"foo\x00bar: foo\r\n", 400}, // binary in header + {"Foo: " + strings.Repeat("x", 1<<21) + "\r\n", 431}, // header too large ++ // Spaces between the header key and colon are not allowed. ++ // See RFC 7230, Section 3.2.4. ++ {"Foo : bar\r\n", 400}, ++ {"Foo\t: bar\r\n", 400}, + + {"foo: foo foo\r\n", 200}, // LWS space is okay + {"foo: foo\tfoo\r\n", 200}, // LWS tab is okay +diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go +index 5c329543e2..5e5438a708 100644 +--- a/src/net/http/transport_test.go ++++ b/src/net/http/transport_test.go +@@ -5133,3 +5133,30 @@ func TestTransportIgnores408(t *testing.T) { + } + t.Fatalf("timeout after %v waiting for Transport connections to die off", time.Since(t0)) + } ++ ++func TestInvalidHeaderResponse(t *testing.T) { ++ setParallel(t) ++ defer afterTest(t) ++ cst := newClientServerTest(t, h1Mode, HandlerFunc(func(w ResponseWriter, r *Request) { ++ conn, buf, _ := w.(Hijacker).Hijack() ++ buf.Write([]byte("HTTP/1.1 200 OK\r\n" + ++ "Date: Wed, 30 Aug 2017 19:09:27 GMT\r\n" + ++ "Content-Type: text/html; charset=utf-8\r\n" + ++ "Content-Length: 0\r\n" + ++ "Foo : bar\r\n\r\n")) ++ buf.Flush() ++ conn.Close() ++ })) ++ defer cst.close() ++ res, err := cst.c.Get(cst.ts.URL) ++ if err != nil { ++ t.Fatal(err) ++ } ++ defer res.Body.Close() ++ if v := res.Header.Get("Foo"); v != "" { ++ t.Errorf(`unexpected "Foo" header: %q`, v) ++ } ++ if v := res.Header.Get("Foo "); v != "bar" { ++ t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar") ++ } ++} +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index 2c4f25d5ae..1a5e364cf7 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -493,18 +493,12 @@ func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) { + return m, err + } + +- // Key ends at first colon; should not have trailing spaces +- // but they appear in the wild, violating specs, so we remove +- // them if present. ++ // Key ends at first colon. + i := bytes.IndexByte(kv, ':') + if i < 0 { + return m, ProtocolError("malformed MIME header line: " + string(kv)) + } +- endKey := i +- for endKey > 0 && kv[endKey-1] == ' ' { +- endKey-- +- } +- key := canonicalMIMEHeaderKey(kv[:endKey]) ++ key := canonicalMIMEHeaderKey(kv[:i]) + + // As per RFC 7230 field-name is a token, tokens consist of one or more chars. + // We could return a ProtocolError here, but better to be liberal in what we +diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go +index f85fbdc36d..b92fdcd3c7 100644 +--- a/src/net/textproto/reader_test.go ++++ b/src/net/textproto/reader_test.go +@@ -188,11 +188,10 @@ func TestLargeReadMIMEHeader(t *testing.T) { + } + } + +-// Test that we read slightly-bogus MIME headers seen in the wild, +-// with spaces before colons, and spaces in keys. ++// TestReadMIMEHeaderNonCompliant checks that we don't normalize headers ++// with spaces before colons, and accept spaces in keys. + func TestReadMIMEHeaderNonCompliant(t *testing.T) { +- // Invalid HTTP response header as sent by an Axis security +- // camera: (this is handled by IE, Firefox, Chrome, curl, etc.) ++ // These invalid headers will be rejected by net/http according to RFC 7230. + r := reader("Foo: bar\r\n" + + "Content-Language: en\r\n" + + "SID : 0\r\n" + +@@ -202,9 +201,9 @@ func TestReadMIMEHeaderNonCompliant(t *testing.T) { + want := MIMEHeader{ + "Foo": {"bar"}, + "Content-Language": {"en"}, +- "Sid": {"0"}, +- "Audio Mode": {"None"}, +- "Privilege": {"127"}, ++ "SID ": {"0"}, ++ "Audio Mode ": {"None"}, ++ "Privilege ": {"127"}, + } + if !reflect.DeepEqual(m, want) || err != nil { + t.Fatalf("ReadMIMEHeader =\n%v, %v; want:\n%v", m, err, want) -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [warrior 18/19] go: fix CVE-2019-16276 2019-10-29 9:47 ` [warrior 18/19] go: fix CVE-2019-16276 Armin Kuster @ 2019-11-01 17:33 ` Andrey Zhizhikin 2019-11-01 17:39 ` Khem Raj 0 siblings, 1 reply; 24+ messages in thread From: Andrey Zhizhikin @ 2019-11-01 17:33 UTC (permalink / raw) To: Armin Kuster; +Cc: OE Core mailing list Hello Armin, On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote: > > From: Chen Qi <Qi.Chen@windriver.com> > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f) > Signed-off-by: Armin Kuster <akuster808@gmail.com> > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a) > Signed-off-by: Armin Kuster <akuster808@gmail.com> > --- This patch didn't apply clean on warrior, but same patch on master seems to be OK. I got a hunk in transport_test.go which has been resolved by build, but since this is security-related patch I wanted to bring some attention here. > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Regards, Andrey. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [warrior 18/19] go: fix CVE-2019-16276 2019-11-01 17:33 ` Andrey Zhizhikin @ 2019-11-01 17:39 ` Khem Raj 2019-11-01 17:12 ` Martin Jansa 0 siblings, 1 reply; 24+ messages in thread From: Khem Raj @ 2019-11-01 17:39 UTC (permalink / raw) To: Andrey Zhizhikin; +Cc: OE Core mailing list On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com> wrote: > > Hello Armin, > > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote: > > > > From: Chen Qi <Qi.Chen@windriver.com> > > > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f) > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a) > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > > --- > > This patch didn't apply clean on warrior, but same patch on master > seems to be OK. I got a hunk in transport_test.go which has been > resolved by build, but since this is security-related patch I wanted > to bring some attention here. > if its failing in testcase as a last report we can drop that if that hunk is not backportable. > > > > -- > > _______________________________________________ > > Openembedded-core mailing list > > Openembedded-core@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > -- > Regards, > Andrey. > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [warrior 18/19] go: fix CVE-2019-16276 2019-11-01 17:39 ` Khem Raj @ 2019-11-01 17:12 ` Martin Jansa 2019-11-01 18:31 ` Andrey Zhizhikin 0 siblings, 1 reply; 24+ messages in thread From: Martin Jansa @ 2019-11-01 17:12 UTC (permalink / raw) To: Khem Raj; +Cc: OE Core mailing list [-- Attachment #1: Type: text/plain, Size: 2381 bytes --] I've reported the same yesterday: http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288638.html and sent upgrade to match the minor version used in warrior to the one in zeus (which resolves the patch to apply cleanly): http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288656.html I don't use go for anything, but go 1.11 was also updated in thud: http://lists.openembedded.org/pipermail/openembedded-core/2019-October/287724.html so I was assuming that this minor upgrade in 1.12 should be safe enough for warrior as well. Regards, On Fri, Nov 1, 2019 at 6:40 PM Khem Raj <raj.khem@gmail.com> wrote: > On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com> > wrote: > > > > Hello Armin, > > > > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> > wrote: > > > > > > From: Chen Qi <Qi.Chen@windriver.com> > > > > > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f) > > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a) > > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > > > --- > > > > This patch didn't apply clean on warrior, but same patch on master > > seems to be OK. I got a hunk in transport_test.go which has been > > resolved by build, but since this is security-related patch I wanted > > to bring some attention here. > > > > if its failing in testcase as a last report we can drop that if that > hunk is not backportable. > > > > > > -- > > > _______________________________________________ > > > Openembedded-core mailing list > > > Openembedded-core@lists.openembedded.org > > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > > > -- > > Regards, > > Andrey. > > -- > > _______________________________________________ > > Openembedded-core mailing list > > Openembedded-core@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core > [-- Attachment #2: Type: text/html, Size: 4337 bytes --] ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [warrior 18/19] go: fix CVE-2019-16276 2019-11-01 17:12 ` Martin Jansa @ 2019-11-01 18:31 ` Andrey Zhizhikin 0 siblings, 0 replies; 24+ messages in thread From: Andrey Zhizhikin @ 2019-11-01 18:31 UTC (permalink / raw) To: Martin Jansa; +Cc: OE Core mailing list On Fri, Nov 1, 2019 at 7:12 PM Martin Jansa <martin.jansa@gmail.com> wrote: > > I've reported the same yesterday: > http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288638.html > > and sent upgrade to match the minor version used in warrior to the one in zeus (which resolves the patch to apply cleanly): > http://lists.openembedded.org/pipermail/openembedded-core/2019-October/288656.html I've actually just found your upgrade patches from yesterday, and they should solve the issue. I guess it was just the fact that upgrade to 1.12.9 didn't make it to warrior yet - I've ended up with the state where I had 1.12.1 in warrior for recipe, and patch from 1.12.9. Once your patches would land in warrior repo - this hunk would be resolved, since the patch is actually made for 1.12.9 and that is why there are no complaints from master now. > > I don't use go for anything, but go 1.11 was also updated in thud: > http://lists.openembedded.org/pipermail/openembedded-core/2019-October/287724.html > so I was assuming that this minor upgrade in 1.12 should be safe enough for warrior as well. > > Regards, > > On Fri, Nov 1, 2019 at 6:40 PM Khem Raj <raj.khem@gmail.com> wrote: >> >> On Fri, Nov 1, 2019 at 10:33 AM Andrey Zhizhikin <andrey.z@gmail.com> wrote: >> > >> > Hello Armin, >> > >> > On Tue, Oct 29, 2019 at 10:50 AM Armin Kuster <akuster808@gmail.com> wrote: >> > > >> > > From: Chen Qi <Qi.Chen@windriver.com> >> > > >> > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >> > > (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f) >> > > Signed-off-by: Armin Kuster <akuster808@gmail.com> >> > > (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a) >> > > Signed-off-by: Armin Kuster <akuster808@gmail.com> >> > > --- >> > >> > This patch didn't apply clean on warrior, but same patch on master >> > seems to be OK. I got a hunk in transport_test.go which has been >> > resolved by build, but since this is security-related patch I wanted >> > to bring some attention here. >> > >> >> if its failing in testcase as a last report we can drop that if that >> hunk is not backportable. >> > > >> > > -- >> > > _______________________________________________ >> > > Openembedded-core mailing list >> > > Openembedded-core@lists.openembedded.org >> > > http://lists.openembedded.org/mailman/listinfo/openembedded-core >> > >> > -- >> > Regards, >> > Andrey. >> > -- >> > _______________________________________________ >> > Openembedded-core mailing list >> > Openembedded-core@lists.openembedded.org >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core >> -- >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Regards, Andrey. ^ permalink raw reply [flat|nested] 24+ messages in thread
* [warrior 19/19] qemu: update to 3.1.1.1 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster ` (17 preceding siblings ...) 2019-10-29 9:47 ` [warrior 18/19] go: fix CVE-2019-16276 Armin Kuster @ 2019-10-29 9:47 ` Armin Kuster 18 siblings, 0 replies; 24+ messages in thread From: Armin Kuster @ 2019-10-29 9:47 UTC (permalink / raw) To: openembedded-core bug fix only update. Drop patches included in update. For full set of changes, see: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/tags/v3.1.1.1 Signed-off-by: Armin Kuster <akuster808@gmail.com> --- ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} | 0 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} | 0 meta/recipes-devtools/qemu/qemu.inc | 14 +- .../0001-egl-headless-add-egl_create_context.patch | 50 ----- .../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 -------- .../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ------ .../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ------ .../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 ----------- .../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 ----- .../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 -------- .../qemu/qemu/CVE-2018-20815.patch | 38 ---- .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 ---- .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 --------------------- .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} | 0 14 files changed, 2 insertions(+), 798 deletions(-) rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%) rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%) delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%) diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb rename to meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb rename to meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 40c3174..202134b 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -22,24 +22,14 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ file://0001-Add-a-missing-X11-include.patch \ - file://0001-egl-headless-add-egl_create_context.patch \ - file://0014-fix-CVE-2018-16872.patch \ - file://0015-fix-CVE-2018-20124.patch \ - file://0016-fix-CVE-2018-20125.patch \ - file://0017-fix-CVE-2018-20126.patch \ - file://0018-fix-CVE-2018-20191.patch \ - file://0019-fix-CVE-2018-20216.patch \ - file://CVE-2019-3812.patch \ file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \ - file://CVE-2018-20815.patch \ - file://CVE-2019-8934.patch \ file://0001-linux-user-assume-__NR_gettid-always-exists.patch \ file://0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8" -SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc" +SRC_URI[md5sum] = "aafb005c252eb3a667c2468868348c0a" +SRC_URI[sha256sum] = "b148fc3c7382c5addd915db433383160ca7b840bc6ea90bb0d35c6b253526d56" COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch deleted file mode 100644 index d9326c0..0000000 --- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Thu, 29 Nov 2018 13:35:02 +0100 -Subject: [PATCH] egl-headless: add egl_create_context - -We must set the correct context (via eglMakeCurrent) before -calling qemu_egl_create_context, so we need a thin wrapper and can't -hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback. - -Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Message-id: 20181129123502.30129-1-kraxel@redhat.com - -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - ui/egl-headless.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/ui/egl-headless.c b/ui/egl-headless.c -index 4cf3bbc0e4..519e7bad32 100644 ---- a/ui/egl-headless.c -+++ b/ui/egl-headless.c -@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl, - edpy->ds = new_surface; - } - -+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl, -+ QEMUGLParams *params) -+{ -+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE, -+ qemu_egl_rn_ctx); -+ return qemu_egl_create_context(dcl, params); -+} -+ - static void egl_scanout_disable(DisplayChangeListener *dcl) - { - egl_dpy *edpy = container_of(dcl, egl_dpy, dcl); -@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = { - .dpy_gfx_update = egl_gfx_update, - .dpy_gfx_switch = egl_gfx_switch, - -- .dpy_gl_ctx_create = qemu_egl_create_context, -+ .dpy_gl_ctx_create = egl_create_context, - .dpy_gl_ctx_destroy = qemu_egl_destroy_context, - .dpy_gl_ctx_make_current = qemu_egl_make_context_current, - .dpy_gl_ctx_get_current = qemu_egl_get_current_context, --- -2.17.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch deleted file mode 100644 index 412aa16..0000000 --- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch +++ /dev/null @@ -1,85 +0,0 @@ -CVE: CVE-2018-16872 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Thu, 13 Dec 2018 13:25:11 +0100 -Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC. - -Open files and directories with O_NOFOLLOW to avoid symlinks attacks. -While being at it also add O_CLOEXEC. - -usb-mtp only handles regular files and directories and ignores -everything else, so users should not see a difference. - -Because qemu ignores symlinks, carrying out a successful symlink attack -requires swapping an existing file or directory below rootdir for a -symlink and winning the race against the inotify notification to qemu. - -Fixes: CVE-2018-16872 -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: Bandan Das <bsd@redhat.com> -Reported-by: Michael Hanselmann <public@hansmi.ch> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Reviewed-by: Michael Hanselmann <public@hansmi.ch> -Message-id: 20181213122511.13853-1-kraxel@redhat.com ---- - hw/usb/dev-mtp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c -index 100b7171f4..36c43b8c20 100644 ---- a/hw/usb/dev-mtp.c -+++ b/hw/usb/dev-mtp.c -@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o) - { - struct dirent *entry; - DIR *dir; -+ int fd; - - if (o->have_children) { - return; - } - o->have_children = true; - -- dir = opendir(o->path); -+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); -+ if (fd < 0) { -+ return; -+ } -+ dir = fdopendir(fd); - if (!dir) { - return; - } -@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, - - trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path); - -- d->fd = open(o->path, O_RDONLY); -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); - if (d->fd == -1) { - usb_mtp_data_free(d); - return NULL; -@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, - c->argv[1], c->argv[2]); - - d = usb_mtp_data_alloc(c); -- d->fd = open(o->path, O_RDONLY); -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); - if (d->fd == -1) { - usb_mtp_data_free(d); - return NULL; -@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s) - 0, 0, 0, 0); - goto done; - } -- d->fd = open(path, O_CREAT | O_WRONLY, mask); -+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask); - if (d->fd == -1) { - usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, - 0, 0, 0, 0); --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch deleted file mode 100644 index 985b819..0000000 --- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch +++ /dev/null @@ -1,60 +0,0 @@ -CVE: CVE-2018-20124 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373] - -Backport patch to fix CVE-2018-20124. Update context and stay with current -function comp_handler() which has been replaced with complete_work() in latest -git repo. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 13 Dec 2018 01:00:34 +0530 -Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE - -rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set -to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element -with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue. -Add check to avoid it. - -Reported-by: Saar Amar <saaramar5@gmail.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> ---- - hw/rdma/rdma_backend.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c -index d7a4bbd9..7f8028f8 100644 ---- a/hw/rdma/rdma_backend.c -+++ b/hw/rdma/rdma_backend.c -@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev, - } - - pr_dbg("num_sge=%d\n", num_sge); -- if (!num_sge) { -- pr_dbg("num_sge=0\n"); -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); -+ if (!num_sge || num_sge > MAX_SGE) { -+ pr_dbg("invalid num_sge=%d\n", num_sge); -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); - return; - } - -@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev, - } - - pr_dbg("num_sge=%d\n", num_sge); -- if (!num_sge) { -- pr_dbg("num_sge=0\n"); -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); -+ if (!num_sge || num_sge > MAX_SGE) { -+ pr_dbg("invalid num_sge=%d\n", num_sge); -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); - return; - } - --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch deleted file mode 100644 index 56559c8..0000000 --- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch +++ /dev/null @@ -1,54 +0,0 @@ -CVE: CVE-2018-20125 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 13 Dec 2018 01:00:36 +0530 -Subject: [PATCH] pvrdma: check number of pages when creating rings - -When creating CQ/QP rings, an object can have up to -PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter -to avoid excessive memory allocation or a null dereference. - -Reported-by: Li Qiang <liq3ea@163.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> ---- - hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c -index 3b94545761..f236ac4795 100644 ---- a/hw/rdma/vmw/pvrdma_cmd.c -+++ b/hw/rdma/vmw/pvrdma_cmd.c -@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring, - int rc = -EINVAL; - char ring_name[MAX_RING_NAME_SZ]; - -+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) { -+ pr_dbg("invalid nchunks: %d\n", nchunks); -+ return rc; -+ } -+ - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); - if (!dir) { -@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma, - char ring_name[MAX_RING_NAME_SZ]; - uint32_t wqe_sz; - -+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES -+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) { -+ pr_dbg("invalid pages: %d, %d\n", spages, rpages); -+ return rc; -+ } -+ - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); - if (!dir) { --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch deleted file mode 100644 index 8329f2c..0000000 --- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch +++ /dev/null @@ -1,113 +0,0 @@ -CVE: CVE-2018-20126 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c] - -Backport and rebase patch to fix CVE-2018-20126. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 13 Dec 2018 01:00:37 +0530 -Subject: [PATCH] pvrdma: release ring object in case of an error - -create_cq and create_qp routines allocate ring object, but it's -not released in case of an error, leading to memory leakage. - -Reported-by: Li Qiang <liq3ea@163.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> ---- - hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++----------- - 1 file changed, 30 insertions(+), 11 deletions(-) - -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c -index 4faeb21..9b6796f 100644 ---- a/hw/rdma/vmw/pvrdma_cmd.c -+++ b/hw/rdma/vmw/pvrdma_cmd.c -@@ -310,6 +310,14 @@ out: - return rc; - } - -+static void destroy_cq_ring(PvrdmaRing *ring) -+{ -+ pvrdma_ring_free(ring); -+ /* ring_state was in slot 1, not 0 so need to jump back */ -+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE); -+ g_free(ring); -+} -+ - static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - union pvrdma_cmd_resp *rsp) - { -@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - - resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev, - cmd->cqe, &resp->cq_handle, ring); -+ if (resp->hdr.err) { -+ destroy_cq_ring(ring); -+ } -+ - resp->cqe = cmd->cqe; - - out: -@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - } - - ring = (PvrdmaRing *)cq->opaque; -- pvrdma_ring_free(ring); -- /* ring_state was in slot 1, not 0 so need to jump back */ -- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE); -- g_free(ring); -+ destroy_cq_ring(ring); - - rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle); - -@@ -451,6 +460,17 @@ out: - return rc; - } - -+static void destroy_qp_rings(PvrdmaRing *ring) -+{ -+ pr_dbg("sring=%p\n", &ring[0]); -+ pvrdma_ring_free(&ring[0]); -+ pr_dbg("rring=%p\n", &ring[1]); -+ pvrdma_ring_free(&ring[1]); -+ -+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE); -+ g_free(ring); -+} -+ - static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - union pvrdma_cmd_resp *rsp) - { -@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - cmd->max_recv_wr, cmd->max_recv_sge, - cmd->recv_cq_handle, rings, &resp->qpn); - -+ if (resp->hdr.err) { -+ destroy_qp_rings(rings); -+ return resp->hdr.err; -+ } -+ - resp->max_send_wr = cmd->max_send_wr; - resp->max_recv_wr = cmd->max_recv_wr; - resp->max_send_sge = cmd->max_send_sge; -@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle); - - ring = (PvrdmaRing *)qp->opaque; -- pr_dbg("sring=%p\n", &ring[0]); -- pvrdma_ring_free(&ring[0]); -- pr_dbg("rring=%p\n", &ring[1]); -- pvrdma_ring_free(&ring[1]); -- -- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE); -- g_free(ring); -+ destroy_qp_rings(ring); - - return 0; - } --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch deleted file mode 100644 index 8f8ff05..0000000 --- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch +++ /dev/null @@ -1,47 +0,0 @@ -CVE: CVE-2018-20191 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 13 Dec 2018 01:00:35 +0530 -Subject: [PATCH] pvrdma: add uar_read routine - -Define skeleton 'uar_read' routine. Avoid NULL dereference. - -Reported-by: Li Qiang <liq3ea@163.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> ---- - hw/rdma/vmw/pvrdma_main.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c -index 64de16fb52..838ad8a949 100644 ---- a/hw/rdma/vmw/pvrdma_main.c -+++ b/hw/rdma/vmw/pvrdma_main.c -@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = { - }, - }; - -+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size) -+{ -+ return 0xffffffff; -+} -+ - static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) - { - PVRDMADev *dev = opaque; -@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) - } - - static const MemoryRegionOps uar_ops = { -+ .read = uar_read, - .write = uar_write, - .endianness = DEVICE_LITTLE_ENDIAN, - .impl = { --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch deleted file mode 100644 index c02bad3..0000000 --- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch +++ /dev/null @@ -1,85 +0,0 @@ -CVE: CVE-2018-20216 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 13 Dec 2018 01:00:39 +0530 -Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines - -pvrdma_idx_ring_has_[data/space] routines also return invalid -index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check -return value from these routines to avoid plausible infinite loops. - -Reported-by: Li Qiang <liq3ea@163.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> ---- - hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------ - 1 file changed, 11 insertions(+), 18 deletions(-) - -diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c -index 01247fc041..e8e5b502f6 100644 ---- a/hw/rdma/vmw/pvrdma_dev_ring.c -+++ b/hw/rdma/vmw/pvrdma_dev_ring.c -@@ -73,23 +73,16 @@ out: - - void *pvrdma_ring_next_elem_read(PvrdmaRing *ring) - { -+ int e; - unsigned int idx = 0, offset; - -- /* -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, -- ring->ring_state->cons_head); -- */ -- -- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) { -+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx); -+ if (e <= 0) { - pr_dbg("No more data in ring\n"); - return NULL; - } - - offset = idx * ring->elem_sz; -- /* -- pr_dbg("idx=%d\n", idx); -- pr_dbg("offset=%d\n", offset); -- */ - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); - } - -@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring) - - void *pvrdma_ring_next_elem_write(PvrdmaRing *ring) - { -- unsigned int idx, offset, tail; -+ int idx; -+ unsigned int offset, tail; - -- /* -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, -- ring->ring_state->cons_head); -- */ -- -- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) { -+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail); -+ if (idx <= 0) { - pr_dbg("CQ is full\n"); - return NULL; - } - - idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems); -- /* TODO: tail == idx */ -+ if (idx < 0 || tail != idx) { -+ pr_dbg("invalid idx\n"); -+ return NULL; -+ } - - offset = idx * ring->elem_sz; - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch deleted file mode 100644 index c9508d9..0000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001 -From: Peter Maydell <peter.maydell@linaro.org> -Date: Fri, 14 Dec 2018 13:30:52 +0000 -Subject: [PATCH] device_tree.c: Don't use load_image() - -The load_image() function is deprecated, as it does not let the -caller specify how large the buffer to read the file into is. -Instead use load_image_size(). - -Signed-off-by: Peter Maydell <peter.maydell@linaro.org> -Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> -Reviewed-by: Michael S. Tsirkin <mst@redhat.com> -Reviewed-by: Eric Blake <eblake@redhat.com> -Message-id: 20181130151712.2312-9-peter.maydell@linaro.org - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17] -CVE: CVE-2018-20815 -Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> ---- - device_tree.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/device_tree.c b/device_tree.c -index 6d9c9726f6..296278e12a 100644 ---- a/device_tree.c -+++ b/device_tree.c -@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep) - /* First allocate space in qemu for device tree */ - fdt = g_malloc0(dt_size); - -- dt_file_load_size = load_image(filename_path, fdt); -+ dt_file_load_size = load_image_size(filename_path, fdt, dt_size); - if (dt_file_load_size < 0) { - error_report("Unable to open device tree file '%s'", - filename_path); --- -2.17.1 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch deleted file mode 100644 index 7de5882..0000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch +++ /dev/null @@ -1,39 +0,0 @@ -QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an -out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() -function. A local attacker with permission to execute i2c commands could exploit -this to read stack memory of the qemu process on the host. - -CVE: CVE-2019-3812 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Tue, 8 Jan 2019 11:23:01 +0100 -Subject: [PATCH] i2c-ddc: fix oob read -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Suggested-by: Michael Hanselmann <public@hansmi.ch> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Reviewed-by: Michael Hanselmann <public@hansmi.ch> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Message-id: 20190108102301.1957-1-kraxel@redhat.com ---- - hw/i2c/i2c-ddc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c -index be34fe072cf..0a0367ff38f 100644 ---- a/hw/i2c/i2c-ddc.c -+++ b/hw/i2c/i2c-ddc.c -@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c) - I2CDDCState *s = I2CDDC(i2c); - - int value; -- value = s->edid_blob[s->reg]; -+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)]; - s->reg++; - return value; - } diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch deleted file mode 100644 index d1d7d23..0000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 8c2e30a92d95d89e2cf45d229bce274881026cf7 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Mon, 18 Feb 2019 23:43:49 +0530 -Subject: [PATCH] ppc: add host-serial and host-model machine attributes - (CVE-2019-8934) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On ppc hosts, hypervisor shares following system attributes - - - /proc/device-tree/system-id - - /proc/device-tree/model - -with a guest. This could lead to information leakage and misuse.[*] -Add machine attributes to control such system information exposure -to a guest. - -[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028 - -Reported-by: Daniel P. Berrangé <berrange@redhat.com> -Fix-suggested-by: Daniel P. Berrangé <berrange@redhat.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-Id: <20190218181349.23885-1-ppandit@redhat.com> -Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> -Reviewed-by: Greg Kurz <groug@kaod.org> -Signed-off-by: David Gibson <david@gibson.dropbear.id.au> - -CVE: CVE-2019-8934 -Upstream-Status: Backport -[https://github.com/qemu/qemu/commit/27461d69a0f108dea756419251acc3ea65198f1b] - -Signed-off-by: Dan Tran <dantran@microsoft.com> ---- - hw/ppc/spapr.c | 128 ++++++++++++++++++++++++++++++++++++++--- - include/hw/ppc/spapr.h | 2 + - 2 files changed, 123 insertions(+), 7 deletions(-) - -diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c -index 7afd1a175b..bcee7c162d 100644 ---- a/hw/ppc/spapr.c -+++ b/hw/ppc/spapr.c -@@ -1244,13 +1244,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr, - * Add info to guest to indentify which host is it being run on - * and what is the uuid of the guest - */ -- if (kvmppc_get_host_model(&buf)) { -- _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); -- g_free(buf); -+ if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) { -+ if (g_str_equal(spapr->host_model, "passthrough")) { -+ /* -M host-model=passthrough */ -+ if (kvmppc_get_host_model(&buf)) { -+ _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); -+ g_free(buf); -+ } -+ } else { -+ /* -M host-model=<user-string> */ -+ _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model)); -+ } - } -- if (kvmppc_get_host_serial(&buf)) { -- _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); -- g_free(buf); -+ -+ if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) { -+ if (g_str_equal(spapr->host_serial, "passthrough")) { -+ /* -M host-serial=passthrough */ -+ if (kvmppc_get_host_serial(&buf)) { -+ _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); -+ g_free(buf); -+ } -+ } else { -+ /* -M host-serial=<user-string> */ -+ _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial)); -+ } - } - - buf = qemu_uuid_unparse_strdup(&qemu_uuid); -@@ -3031,6 +3048,73 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, const char *name, - visit_type_uint32(v, name, (uint32_t *)opaque, errp); - } - -+static char *spapr_get_ic_mode(Object *obj, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ if (spapr->irq == &spapr_irq_xics_legacy) { -+ return g_strdup("legacy"); -+ } else if (spapr->irq == &spapr_irq_xics) { -+ return g_strdup("xics"); -+ } else if (spapr->irq == &spapr_irq_xive) { -+ return g_strdup("xive"); -+ } else if (spapr->irq == &spapr_irq_dual) { -+ return g_strdup("dual"); -+ } -+ g_assert_not_reached(); -+} -+ -+static void spapr_set_ic_mode(Object *obj, const char *value, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) { -+ error_setg(errp, "This machine only uses the legacy XICS backend, don't pass ic-mode"); -+ return; -+ } -+ -+ /* The legacy IRQ backend can not be set */ -+ if (strcmp(value, "xics") == 0) { -+ spapr->irq = &spapr_irq_xics; -+ } else if (strcmp(value, "xive") == 0) { -+ spapr->irq = &spapr_irq_xive; -+ } else if (strcmp(value, "dual") == 0) { -+ spapr->irq = &spapr_irq_dual; -+ } else { -+ error_setg(errp, "Bad value for \"ic-mode\" property"); -+ } -+} -+ -+static char *spapr_get_host_model(Object *obj, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ return g_strdup(spapr->host_model); -+} -+ -+static void spapr_set_host_model(Object *obj, const char *value, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ g_free(spapr->host_model); -+ spapr->host_model = g_strdup(value); -+} -+ -+static char *spapr_get_host_serial(Object *obj, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ return g_strdup(spapr->host_serial); -+} -+ -+static void spapr_set_host_serial(Object *obj, const char *value, Error **errp) -+{ -+ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -+ -+ g_free(spapr->host_serial); -+ spapr->host_serial = g_strdup(value); -+} -+ - static void spapr_instance_init(Object *obj) - { - sPAPRMachineState *spapr = SPAPR_MACHINE(obj); -@@ -3067,6 +3151,25 @@ static void spapr_instance_init(Object *obj) - " the host's SMT mode", &error_abort); - object_property_add_bool(obj, "vfio-no-msix-emulation", - spapr_get_msix_emulation, NULL, NULL); -+ -+ /* The machine class defines the default interrupt controller mode */ -+ spapr->irq = smc->irq; -+ object_property_add_str(obj, "ic-mode", spapr_get_ic_mode, -+ spapr_set_ic_mode, NULL); -+ object_property_set_description(obj, "ic-mode", -+ "Specifies the interrupt controller mode (xics, xive, dual)", -+ NULL); -+ -+ object_property_add_str(obj, "host-model", -+ spapr_get_host_model, spapr_set_host_model, -+ &error_abort); -+ object_property_set_description(obj, "host-model", -+ "Set host's model-id to use - none|passthrough|string", &error_abort); -+ object_property_add_str(obj, "host-serial", -+ spapr_get_host_serial, spapr_set_host_serial, -+ &error_abort); -+ object_property_set_description(obj, "host-serial", -+ "Set host's system-id to use - none|passthrough|string", &error_abort); - } - - static void spapr_machine_finalizefn(Object *obj) -@@ -3965,7 +4068,18 @@ static void spapr_machine_3_1_instance_options(MachineState *machine) - - static void spapr_machine_3_1_class_options(MachineClass *mc) - { -- /* Defaults for the latest behaviour inherited from the base class */ -+ sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc); -+ static GlobalProperty compat[] = { -+ { TYPE_SPAPR_MACHINE, "host-model", "passthrough" }, -+ { TYPE_SPAPR_MACHINE, "host-serial", "passthrough" }, -+ }; -+ -+ spapr_machine_4_0_class_options(mc); -+ compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len); -+ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat)); -+ -+ mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0"); -+ smc->update_dt_enabled = false; - } - - DEFINE_SPAPR_MACHINE(3_1, "3.1", true); -diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h -index 6279711fe8..63692a13bd 100644 ---- a/include/hw/ppc/spapr.h -+++ b/include/hw/ppc/spapr.h -@@ -171,6 +171,8 @@ struct sPAPRMachineState { - - /*< public >*/ - char *kvm_type; -+ char *host_model; -+ char *host_serial; - - const char *icp_type; - int32_t irq_map_nr; --- -2.22.0.vfs.1.1.57.gbaf16c8 - diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_3.1.1.1.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb rename to meta/recipes-devtools/qemu/qemu_3.1.1.1.bb -- 2.7.4 ^ permalink raw reply related [flat|nested] 24+ messages in thread
end of thread, other threads:[~2019-11-01 18:31 UTC | newest] Thread overview: 24+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-10-29 9:47 [warrior 00/19] Pull request Armin Kuster 2019-10-29 9:47 ` [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates Armin Kuster 2019-10-29 9:47 ` [warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8 Armin Kuster 2019-10-29 9:47 ` [warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support Armin Kuster 2019-10-29 9:47 ` [warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs Armin Kuster 2019-10-29 9:47 ` [warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt Armin Kuster 2019-10-29 9:47 ` [warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths Armin Kuster 2019-10-29 9:47 ` [warrior 07/19] kernel-yocto: import security fragments from meta-security Armin Kuster 2019-10-29 9:47 ` [warrior 08/19] linux-yocto/4.19: make drm-bochs feature available Armin Kuster 2019-10-29 9:47 ` [warrior 09/19] linux-yocto: add drm-bochs support Armin Kuster 2019-10-29 9:47 ` [warrior 10/19] libcroco: Fix two CVEs Armin Kuster 2019-10-29 9:47 ` [warrior 11/19] python: include CVE patches for python-native as well Armin Kuster 2019-10-29 9:47 ` [warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter Armin Kuster 2019-10-29 9:47 ` [warrior 13/19] python: CVE-2019-16056 Armin Kuster 2019-10-29 9:47 ` [warrior 14/19] python: Fix CVE-2019-10160 Armin Kuster 2019-10-29 9:47 ` [warrior 15/19] openssl: make OPENSSL_ENGINES match install path Armin Kuster 2019-10-29 9:47 ` [warrior 16/19] libgcrypt: fix CVE-2019-12904 Armin Kuster 2019-10-29 9:47 ` [warrior 17/19] sudo: fix CVE-2019-14287 Armin Kuster 2019-10-29 9:47 ` [warrior 18/19] go: fix CVE-2019-16276 Armin Kuster 2019-11-01 17:33 ` Andrey Zhizhikin 2019-11-01 17:39 ` Khem Raj 2019-11-01 17:12 ` Martin Jansa 2019-11-01 18:31 ` Andrey Zhizhikin 2019-10-29 9:47 ` [warrior 19/19] qemu: update to 3.1.1.1 Armin Kuster
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.