* [OE-core][scarthgap 01/25] gstreamer1.0-plugins-good: fix several CVEs
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 02/25] gstreamer1.0-plugins-base: patch CVE-2024-47538 Steve Sakoman
` (23 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Cherry-pick commits from branch 1.22 per [1].
Also cherry-pick [2] so these apply cleanly.
[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
[2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...o-sized-boxes-instead-of-stopping-to.patch | 124 +++++
...ger-overflow-when-allocating-the-sam.patch | 63 +++
...Fix-debug-output-during-trun-parsing.patch | 72 +++
...erate-over-all-trun-entries-if-none-.patch | 35 ++
...zes-of-stsc-stco-stts-before-trying-.patch | 63 +++
...e-only-an-even-number-of-bytes-is-pr.patch | 44 ++
...e-enough-data-is-available-before-re.patch | 120 +++++
...th-checks-and-offsets-in-stsd-entry-.patch | 450 ++++++++++++++++++
...r-handling-when-parsing-cenc-sample-.patch | 56 +++
...e-there-are-enough-offsets-to-read-w.patch | 49 ++
...-handle-errors-returns-from-various-.patch | 97 ++++
| 36 ++
...size-check-for-parsing-SMI-SEQH-atom.patch | 37 ++
.../gstreamer1.0-plugins-good_1.22.12.bb | 16 +-
14 files changed, 1261 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
new file mode 100644
index 0000000000..d9f1474ba4
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
@@ -0,0 +1,124 @@
+From 62de06c7a443a5ac40ab2a4f2589625932bf9632 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 24 Sep 2024 09:50:34 +0300
+Subject: [PATCH 01/13] qtdemux: Skip zero-sized boxes instead of stopping to
+ look at further boxes
+
+A zero-sized box is not really a problem and can be skipped to look at any
+possibly following ones.
+
+BMD ATEM devices specifically write a zero-sized bmdc box in the sample
+description, followed by the avcC box in case of h264. Previously the avcC box
+would simply not be read at all and the file would be unplayable.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7620>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 54 +++++++++++++++++++++++++++++---------------
+ 1 file changed, 36 insertions(+), 18 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index a53d61e649..2f2ca4459b 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11666,9 +11666,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 0x8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ avc_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (avc_data + 0x4)) {
+ case FOURCC_avcC:
+@@ -11783,9 +11786,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 0x8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ hevc_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (hevc_data + 0x4)) {
+ case FOURCC_hvcC:
+@@ -12207,9 +12213,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ vc1_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (vc1_data + 0x4)) {
+ case GST_MAKE_FOURCC ('d', 'v', 'c', '1'):
+@@ -12249,9 +12258,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 0x8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ av1_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (av1_data + 0x4)) {
+ case FOURCC_av1C:
+@@ -12359,9 +12371,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 0x8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ vpcc_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (vpcc_data + 0x4)) {
+ case FOURCC_vpcC:
+@@ -12861,9 +12876,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ else
+ size = len - 8;
+
+- if (size < 1)
+- /* No real data, so break out */
+- break;
++ /* No real data, so skip */
++ if (size < 1) {
++ len -= 8;
++ wfex_data += 8;
++ continue;
++ }
+
+ switch (QT_FOURCC (wfex_data + 4)) {
+ case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'):
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
new file mode 100644
index 0000000000..4eacb4e198
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
@@ -0,0 +1,63 @@
+From 0e58b2f7ad7b310201eada442a6782aaebe8e2bd Mon Sep 17 00:00:00 2001
+From: Antonio Morales <antonio-morales@github.com>
+Date: Thu, 26 Sep 2024 18:39:37 +0300
+Subject: [PATCH 02/13] qtdemux: Fix integer overflow when allocating the
+ samples table for fragmented MP4
+
+This can lead to out of bounds writes and NULL pointer dereferences.
+
+Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47537
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0e58b2f7ad7b310201eada442a6782aaebe8e2bd]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 2ccc9f3595..54f2dfead3 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -3342,6 +3342,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ gint i;
+ guint8 *data;
+ guint entry_size, dur_offset, size_offset, flags_offset = 0, ct_offset = 0;
++ guint new_n_samples;
+ QtDemuxSample *sample;
+ gboolean ismv = FALSE;
+ gint64 initial_offset;
+@@ -3442,14 +3443,13 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ goto fail;
+ data = (guint8 *) gst_byte_reader_peek_data_unchecked (trun);
+
+- if (stream->n_samples + samples_count >=
+- QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
++ if (!g_uint_checked_add (&new_n_samples, stream->n_samples, samples_count) ||
++ new_n_samples >= QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample))
+ goto index_too_big;
+
+ GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u * %u (%.2f MB)",
+- stream->n_samples + samples_count, (guint) sizeof (QtDemuxSample),
+- (stream->n_samples + samples_count) *
+- sizeof (QtDemuxSample) / (1024.0 * 1024.0));
++ new_n_samples, (guint) sizeof (QtDemuxSample),
++ (new_n_samples) * sizeof (QtDemuxSample) / (1024.0 * 1024.0));
+
+ /* create a new array of samples if it's the first sample parsed */
+ if (stream->n_samples == 0) {
+@@ -3458,7 +3458,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ /* or try to reallocate it with space enough to insert the new samples */
+ } else
+ stream->samples = g_try_renew (QtDemuxSample, stream->samples,
+- stream->n_samples + samples_count);
++ new_n_samples);
+ if (stream->samples == NULL)
+ goto out_of_memory;
+
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
new file mode 100644
index 0000000000..298ecb0fe6
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
@@ -0,0 +1,72 @@
+From c077ff2585927540f038635f26ca4ba99dc92f10 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 18:40:56 +0300
+Subject: [PATCH 03/13] qtdemux: Fix debug output during trun parsing
+
+Various integers are unsigned so print them as such. Also print the actual
+allocation size if allocation fails, not only parts of it.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c077ff2585927540f038635f26ca4ba99dc92f10]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 54f2dfead3..4bb24b1b80 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -3348,8 +3348,8 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ gint64 initial_offset;
+ gint32 min_ct = 0;
+
+- GST_LOG_OBJECT (qtdemux, "parsing trun track-id %d; "
+- "default dur %d, size %d, flags 0x%x, base offset %" G_GINT64_FORMAT ", "
++ GST_LOG_OBJECT (qtdemux, "parsing trun track-id %u; "
++ "default dur %u, size %u, flags 0x%x, base offset %" G_GINT64_FORMAT ", "
+ "decode ts %" G_GINT64_FORMAT, stream->track_id, d_sample_duration,
+ d_sample_size, d_sample_flags, *base_offset, decode_ts);
+
+@@ -3377,7 +3377,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+ /* note this is really signed */
+ if (!gst_byte_reader_get_int32_be (trun, &data_offset))
+ goto fail;
+- GST_LOG_OBJECT (qtdemux, "trun data offset %d", data_offset);
++ GST_LOG_OBJECT (qtdemux, "trun data offset %u", data_offset);
+ /* default base offset = first byte of moof */
+ if (*base_offset == -1) {
+ GST_LOG_OBJECT (qtdemux, "base_offset at moof");
+@@ -3399,7 +3399,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
+
+ GST_LOG_OBJECT (qtdemux, "running offset now %" G_GINT64_FORMAT,
+ *running_offset);
+- GST_LOG_OBJECT (qtdemux, "trun offset %d, flags 0x%x, entries %d",
++ GST_LOG_OBJECT (qtdemux, "trun offset %u, flags 0x%x, entries %u",
+ data_offset, flags, samples_count);
+
+ if (flags & TR_FIRST_SAMPLE_FLAGS) {
+@@ -3608,14 +3608,15 @@ fail:
+ }
+ out_of_memory:
+ {
+- GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples",
+- stream->n_samples);
++ GST_WARNING_OBJECT (qtdemux, "failed to allocate %u + %u samples",
++ stream->n_samples, samples_count);
+ return FALSE;
+ }
+ index_too_big:
+ {
+- GST_WARNING_OBJECT (qtdemux, "not allocating index of %d samples, would "
+- "be larger than %uMB (broken file?)", stream->n_samples,
++ GST_WARNING_OBJECT (qtdemux,
++ "not allocating index of %u + %u samples, would "
++ "be larger than %uMB (broken file?)", stream->n_samples, samples_count,
+ QTDEMUX_MAX_SAMPLE_INDEX_SIZE >> 20);
+ return FALSE;
+ }
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
new file mode 100644
index 0000000000..bc924391fe
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
@@ -0,0 +1,35 @@
+From 53464dd2cf1a03f838899f7355133766ff211fce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 18:41:39 +0300
+Subject: [PATCH 04/13] qtdemux: Don't iterate over all trun entries if none of
+ the flags are set
+
+Nothing would be printed anyway.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/53464dd2cf1a03f838899f7355133766ff211fce]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux_dump.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux_dump.c b/gst/isomp4/qtdemux_dump.c
+index 22da35e9e7..297b580ef0 100644
+--- a/gst/isomp4/qtdemux_dump.c
++++ b/gst/isomp4/qtdemux_dump.c
+@@ -836,6 +836,11 @@ qtdemux_dump_trun (GstQTDemux * qtdemux, GstByteReader * data, int depth)
+ GST_LOG ("%*s first-sample-flags: %u", depth, "", first_sample_flags);
+ }
+
++ /* Nothing to print below */
++ if ((flags & (TR_SAMPLE_DURATION | TR_SAMPLE_SIZE | TR_SAMPLE_FLAGS |
++ TR_COMPOSITION_TIME_OFFSETS)) == 0)
++ return TRUE;
++
+ for (i = 0; i < samples_count; i++) {
+ if (flags & TR_SAMPLE_DURATION) {
+ if (!gst_byte_reader_get_uint32_be (data, &sample_duration))
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
new file mode 100644
index 0000000000..25796bd983
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
@@ -0,0 +1,63 @@
+From 1fac18a8fa269343dd43c9a4bca8d89f307fb7a0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 15:50:54 +0300
+Subject: [PATCH 05/13] qtdemux: Check sizes of stsc/stco/stts before trying to
+ merge entries
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-246
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47598
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1fac18a8fa269343dd43c9a4bca8d89f307fb7a0]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 4bb24b1b80..d1aa9ee5a0 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -9476,6 +9476,21 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream)
+ return;
+ }
+
++ if (gst_byte_reader_get_remaining (&stream->stts) < 8) {
++ GST_DEBUG_OBJECT (qtdemux, "Too small stts");
++ return;
++ }
++
++ if (stream->stco.size < 8) {
++ GST_DEBUG_OBJECT (qtdemux, "Too small stco");
++ return;
++ }
++
++ if (stream->n_samples_per_chunk == 0) {
++ GST_DEBUG_OBJECT (qtdemux, "No samples per chunk");
++ return;
++ }
++
+ /* Parse the stts to get the sample duration and number of samples */
+ gst_byte_reader_skip_unchecked (&stream->stts, 4);
+ stts_duration = gst_byte_reader_get_uint32_be_unchecked (&stream->stts);
+@@ -9487,6 +9502,13 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream)
+ GST_DEBUG_OBJECT (qtdemux, "sample_duration %d, num_chunks %u", stts_duration,
+ num_chunks);
+
++ if (gst_byte_reader_get_remaining (&stream->stsc) <
++ stream->n_samples_per_chunk * 3 * 4 +
++ (stream->n_samples_per_chunk - 1) * 4) {
++ GST_DEBUG_OBJECT (qtdemux, "Too small stsc");
++ return;
++ }
++
+ /* Now parse stsc, convert chunks into single samples and generate a
+ * new stsc, stts and stsz from this information */
+ gst_byte_writer_init (&stsc);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
new file mode 100644
index 0000000000..f2ee62fd01
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
@@ -0,0 +1,44 @@
+From 6cca274bf25a5679330debdd61a59840e50c68ab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 09:20:28 +0300
+Subject: [PATCH 06/13] qtdemux: Make sure only an even number of bytes is
+ processed when handling CEA608 data
+
+An odd number of bytes would lead to out of bound reads and writes, and doesn't
+make any sense as CEA608 comes in byte pairs.
+
+Strip off any leftover bytes and assume everything before that is valid.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-195
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47539
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6cca274bf25a5679330debdd61a59840e50c68ab]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index d1aa9ee5a0..ce1a1b8d59 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -5784,6 +5784,11 @@ convert_to_s334_1a (const guint8 * ccpair, guint8 ccpair_size, guint field,
+ guint8 *storage;
+ gsize i;
+
++ /* Strip off any leftover odd bytes and assume everything before is valid */
++ if (ccpair_size % 2 != 0) {
++ ccpair_size -= 1;
++ }
++
+ /* We are converting from pairs to triplets */
+ *res = ccpair_size / 2 * 3;
+ storage = g_malloc (*res);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
new file mode 100644
index 0000000000..9b885669a0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
@@ -0,0 +1,120 @@
+From 64fa1ec0de71db28387a45819681ba760a71e6bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 14:17:02 +0300
+Subject: [PATCH 07/13] qtdemux: Make sure enough data is available before
+ reading wave header node
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-236
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47543
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/64fa1ec0de71db28387a45819681ba760a71e6bc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 84 ++++++++++++++++++++++++--------------------
+ 1 file changed, 45 insertions(+), 39 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index ce1a1b8d59..ed83227d70 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -13139,47 +13139,53 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ } else {
+ guint32 datalen = QT_UINT32 (stsd_entry_data + offset + 16);
+ const guint8 *data = stsd_entry_data + offset + 16;
+- GNode *wavenode;
+- GNode *waveheadernode;
+-
+- wavenode = g_node_new ((guint8 *) data);
+- if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) {
+- const guint8 *waveheader;
+- guint32 headerlen;
+-
+- waveheadernode = qtdemux_tree_get_child_by_type (wavenode, fourcc);
+- if (waveheadernode) {
+- waveheader = (const guint8 *) waveheadernode->data;
+- headerlen = QT_UINT32 (waveheader);
+-
+- if (headerlen > 8) {
+- gst_riff_strf_auds *header = NULL;
+- GstBuffer *headerbuf;
+- GstBuffer *extra;
+-
+- waveheader += 8;
+- headerlen -= 8;
+-
+- headerbuf = gst_buffer_new_and_alloc (headerlen);
+- gst_buffer_fill (headerbuf, 0, waveheader, headerlen);
+-
+- if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux),
+- headerbuf, &header, &extra)) {
+- gst_caps_unref (entry->caps);
+- /* FIXME: Need to do something with the channel reorder map */
+- entry->caps =
+- gst_riff_create_audio_caps (header->format, NULL, header,
+- extra, NULL, NULL, NULL);
+-
+- if (extra)
+- gst_buffer_unref (extra);
+- g_free (header);
++
++ if (len < datalen || len - datalen < offset + 16) {
++ GST_WARNING_OBJECT (qtdemux, "Not enough data for waveheadernode");
++ } else {
++ GNode *wavenode;
++ GNode *waveheadernode;
++
++ wavenode = g_node_new ((guint8 *) data);
++ if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) {
++ const guint8 *waveheader;
++ guint32 headerlen;
++
++ waveheadernode =
++ qtdemux_tree_get_child_by_type (wavenode, fourcc);
++ if (waveheadernode) {
++ waveheader = (const guint8 *) waveheadernode->data;
++ headerlen = QT_UINT32 (waveheader);
++
++ if (headerlen > 8) {
++ gst_riff_strf_auds *header = NULL;
++ GstBuffer *headerbuf;
++ GstBuffer *extra;
++
++ waveheader += 8;
++ headerlen -= 8;
++
++ headerbuf = gst_buffer_new_and_alloc (headerlen);
++ gst_buffer_fill (headerbuf, 0, waveheader, headerlen);
++
++ if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux),
++ headerbuf, &header, &extra)) {
++ gst_caps_unref (entry->caps);
++ /* FIXME: Need to do something with the channel reorder map */
++ entry->caps =
++ gst_riff_create_audio_caps (header->format, NULL,
++ header, extra, NULL, NULL, NULL);
++
++ if (extra)
++ gst_buffer_unref (extra);
++ g_free (header);
++ }
+ }
+- }
+- } else
+- GST_DEBUG ("Didn't find waveheadernode for this codec");
++ } else
++ GST_DEBUG ("Didn't find waveheadernode for this codec");
++ }
++ g_node_destroy (wavenode);
+ }
+- g_node_destroy (wavenode);
+ }
+ } else if (esds) {
+ gst_qtdemux_handle_esds (qtdemux, stream, entry, esds,
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
new file mode 100644
index 0000000000..75ca64f432
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
@@ -0,0 +1,450 @@
+From 2fbd654d4702e396b61b3963caddcefd024be4bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 00:12:57 +0300
+Subject: [PATCH 08/13] qtdemux: Fix length checks and offsets in stsd entry
+ parsing
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-242
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47545
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2fbd654d4702e396b61b3963caddcefd024be4bc]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 218 ++++++++++++++++---------------------------
+ 1 file changed, 79 insertions(+), 139 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index ed83227d70..94ce75b2d4 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11679,43 +11679,35 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ case FOURCC_avc1:
+ case FOURCC_avc3:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= 0x56 ? 0 : len - 0x56;
+ const guint8 *avc_data = stsd_entry_data + 0x56;
+
+ /* find avcC */
+- while (len >= 0x8) {
+- guint size;
++ while (len >= 8) {
++ guint32 size = QT_UINT32 (avc_data);
+
+- if (QT_UINT32 (avc_data) <= 0x8)
+- size = 0;
+- else if (QT_UINT32 (avc_data) <= len)
+- size = QT_UINT32 (avc_data) - 0x8;
+- else
+- size = len - 0x8;
++ if (size < 8 || size > len)
++ break;
+
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- avc_data += 8;
+- continue;
+- }
+-
+- switch (QT_FOURCC (avc_data + 0x4)) {
++ switch (QT_FOURCC (avc_data + 4)) {
+ case FOURCC_avcC:
+ {
+ /* parse, if found */
+ GstBuffer *buf;
+
++ if (size < 8 + 1)
++ break;
++
+ GST_DEBUG_OBJECT (qtdemux, "found avcC codec_data in stsd");
+
+ /* First 4 bytes are the length of the atom, the next 4 bytes
+ * are the fourcc, the next 1 byte is the version, and the
+ * subsequent bytes are profile_tier_level structure like data. */
+ gst_codec_utils_h264_caps_set_level_and_profile (entry->caps,
+- avc_data + 8 + 1, size - 1);
+- buf = gst_buffer_new_and_alloc (size);
+- gst_buffer_fill (buf, 0, avc_data + 0x8, size);
++ avc_data + 8 + 1, size - 8 - 1);
++ buf = gst_buffer_new_and_alloc (size - 8);
++ gst_buffer_fill (buf, 0, avc_data + 8, size - 8);
+ gst_caps_set_simple (entry->caps,
+ "codec_data", GST_TYPE_BUFFER, buf, NULL);
+ gst_buffer_unref (buf);
+@@ -11726,6 +11718,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ {
+ GstBuffer *buf;
+
++ if (size < 8 + 40 + 1)
++ break;
++
+ GST_DEBUG_OBJECT (qtdemux, "found strf codec_data in stsd");
+
+ /* First 4 bytes are the length of the atom, the next 4 bytes
+@@ -11733,17 +11728,14 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ * next 1 byte is the version, and the
+ * subsequent bytes are sequence parameter set like data. */
+
+- size -= 40; /* we'll be skipping BITMAPINFOHEADER */
+- if (size > 1) {
+- gst_codec_utils_h264_caps_set_level_and_profile
+- (entry->caps, avc_data + 8 + 40 + 1, size - 1);
++ gst_codec_utils_h264_caps_set_level_and_profile
++ (entry->caps, avc_data + 8 + 40 + 1, size - 8 - 40 - 1);
+
+- buf = gst_buffer_new_and_alloc (size);
+- gst_buffer_fill (buf, 0, avc_data + 8 + 40, size);
+- gst_caps_set_simple (entry->caps,
+- "codec_data", GST_TYPE_BUFFER, buf, NULL);
+- gst_buffer_unref (buf);
+- }
++ buf = gst_buffer_new_and_alloc (size - 8 - 40);
++ gst_buffer_fill (buf, 0, avc_data + 8 + 40, size - 8 - 40);
++ gst_caps_set_simple (entry->caps,
++ "codec_data", GST_TYPE_BUFFER, buf, NULL);
++ gst_buffer_unref (buf);
+ break;
+ }
+ case FOURCC_btrt:
+@@ -11751,11 +11743,11 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ guint avg_bitrate, max_bitrate;
+
+ /* bufferSizeDB, maxBitrate and avgBitrate - 4 bytes each */
+- if (size < 12)
++ if (size < 8 + 12)
+ break;
+
+- max_bitrate = QT_UINT32 (avc_data + 0xc);
+- avg_bitrate = QT_UINT32 (avc_data + 0x10);
++ max_bitrate = QT_UINT32 (avc_data + 8 + 4);
++ avg_bitrate = QT_UINT32 (avc_data + 8 + 8);
+
+ if (!max_bitrate && !avg_bitrate)
+ break;
+@@ -11787,8 +11779,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ break;
+ }
+
+- len -= size + 8;
+- avc_data += size + 8;
++ len -= size;
++ avc_data += size;
+ }
+
+ break;
+@@ -11799,44 +11791,36 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ case FOURCC_dvh1:
+ case FOURCC_dvhe:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= 0x56 ? 0 : len - 0x56;
+ const guint8 *hevc_data = stsd_entry_data + 0x56;
+
+ /* find hevc */
+- while (len >= 0x8) {
+- guint size;
++ while (len >= 8) {
++ guint32 size = QT_UINT32 (hevc_data);
+
+- if (QT_UINT32 (hevc_data) <= 0x8)
+- size = 0;
+- else if (QT_UINT32 (hevc_data) <= len)
+- size = QT_UINT32 (hevc_data) - 0x8;
+- else
+- size = len - 0x8;
++ if (size < 8 || size > len)
++ break;
+
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- hevc_data += 8;
+- continue;
+- }
+-
+- switch (QT_FOURCC (hevc_data + 0x4)) {
++ switch (QT_FOURCC (hevc_data + 4)) {
+ case FOURCC_hvcC:
+ {
+ /* parse, if found */
+ GstBuffer *buf;
+
++ if (size < 8 + 1)
++ break;
++
+ GST_DEBUG_OBJECT (qtdemux, "found hvcC codec_data in stsd");
+
+ /* First 4 bytes are the length of the atom, the next 4 bytes
+ * are the fourcc, the next 1 byte is the version, and the
+ * subsequent bytes are sequence parameter set like data. */
+ gst_codec_utils_h265_caps_set_level_tier_and_profile
+- (entry->caps, hevc_data + 8 + 1, size - 1);
++ (entry->caps, hevc_data + 8 + 1, size - 8 - 1);
+
+- buf = gst_buffer_new_and_alloc (size);
+- gst_buffer_fill (buf, 0, hevc_data + 0x8, size);
++ buf = gst_buffer_new_and_alloc (size - 8);
++ gst_buffer_fill (buf, 0, hevc_data + 8, size - 8);
+ gst_caps_set_simple (entry->caps,
+ "codec_data", GST_TYPE_BUFFER, buf, NULL);
+ gst_buffer_unref (buf);
+@@ -11845,8 +11829,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ default:
+ break;
+ }
+- len -= size + 8;
+- hevc_data += size + 8;
++ len -= size;
++ hevc_data += size;
+ }
+ break;
+ }
+@@ -12226,36 +12210,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ }
+ case FOURCC_vc_1:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= 0x56 ? 0 : len - 0x56;
+ const guint8 *vc1_data = stsd_entry_data + 0x56;
+
+ /* find dvc1 */
+ while (len >= 8) {
+- guint size;
++ guint32 size = QT_UINT32 (vc1_data);
+
+- if (QT_UINT32 (vc1_data) <= 8)
+- size = 0;
+- else if (QT_UINT32 (vc1_data) <= len)
+- size = QT_UINT32 (vc1_data) - 8;
+- else
+- size = len - 8;
++ if (size < 8 || size > len)
++ break;
+
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- vc1_data += 8;
+- continue;
+- }
+-
+- switch (QT_FOURCC (vc1_data + 0x4)) {
++ switch (QT_FOURCC (vc1_data + 4)) {
+ case GST_MAKE_FOURCC ('d', 'v', 'c', '1'):
+ {
+ GstBuffer *buf;
+
+ GST_DEBUG_OBJECT (qtdemux, "found dvc1 codec_data in stsd");
+- buf = gst_buffer_new_and_alloc (size);
+- gst_buffer_fill (buf, 0, vc1_data + 8, size);
++ buf = gst_buffer_new_and_alloc (size - 8);
++ gst_buffer_fill (buf, 0, vc1_data + 8, size - 8);
+ gst_caps_set_simple (entry->caps,
+ "codec_data", GST_TYPE_BUFFER, buf, NULL);
+ gst_buffer_unref (buf);
+@@ -12264,36 +12237,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ default:
+ break;
+ }
+- len -= size + 8;
+- vc1_data += size + 8;
++ len -= size;
++ vc1_data += size;
+ }
+ break;
+ }
+ case FOURCC_av01:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= 0x56 ? 0 : len - 0x56;
+ const guint8 *av1_data = stsd_entry_data + 0x56;
+
+ /* find av1C */
+- while (len >= 0x8) {
+- guint size;
++ while (len >= 8) {
++ guint32 size = QT_UINT32 (av1_data);
+
+- if (QT_UINT32 (av1_data) <= 0x8)
+- size = 0;
+- else if (QT_UINT32 (av1_data) <= len)
+- size = QT_UINT32 (av1_data) - 0x8;
+- else
+- size = len - 0x8;
++ if (size < 8 || size > len)
++ break;
+
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- av1_data += 8;
+- continue;
+- }
+-
+- switch (QT_FOURCC (av1_data + 0x4)) {
++ switch (QT_FOURCC (av1_data + 4)) {
+ case FOURCC_av1C:
+ {
+ /* parse, if found */
+@@ -12303,7 +12265,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ "found av1C codec_data in stsd of size %d", size);
+
+ /* not enough data, just ignore and hope for the best */
+- if (size < 4)
++ if (size < 8 + 4)
+ break;
+
+ /* Content is:
+@@ -12352,9 +12314,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ (gint) (pres_delay_field & 0x0F) + 1, NULL);
+ }
+
+- buf = gst_buffer_new_and_alloc (size);
++ buf = gst_buffer_new_and_alloc (size - 8);
+ GST_BUFFER_FLAG_SET (buf, GST_BUFFER_FLAG_HEADER);
+- gst_buffer_fill (buf, 0, av1_data + 8, size);
++ gst_buffer_fill (buf, 0, av1_data + 8, size - 8);
+ gst_caps_set_simple (entry->caps,
+ "codec_data", GST_TYPE_BUFFER, buf, NULL);
+ gst_buffer_unref (buf);
+@@ -12372,8 +12334,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ break;
+ }
+
+- len -= size + 8;
+- av1_data += size + 8;
++ len -= size;
++ av1_data += size;
+ }
+
+ break;
+@@ -12384,29 +12346,18 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ * vp08, vp09, and vp10 fourcc. */
+ case FOURCC_vp09:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= 0x56 ? 0 : len - 0x56;
+ const guint8 *vpcc_data = stsd_entry_data + 0x56;
+
+ /* find vpcC */
+- while (len >= 0x8) {
+- guint size;
++ while (len >= 8) {
++ guint32 size = QT_UINT32 (vpcc_data);
+
+- if (QT_UINT32 (vpcc_data) <= 0x8)
+- size = 0;
+- else if (QT_UINT32 (vpcc_data) <= len)
+- size = QT_UINT32 (vpcc_data) - 0x8;
+- else
+- size = len - 0x8;
++ if (size < 8 || size > len)
++ break;
+
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- vpcc_data += 8;
+- continue;
+- }
+-
+- switch (QT_FOURCC (vpcc_data + 0x4)) {
++ switch (QT_FOURCC (vpcc_data + 4)) {
+ case FOURCC_vpcC:
+ {
+ const gchar *profile_str = NULL;
+@@ -12422,7 +12373,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+
+ /* the meaning of "size" is length of the atom body, excluding
+ * atom length and fourcc fields */
+- if (size < 12)
++ if (size < 8 + 12)
+ break;
+
+ /* Content is:
+@@ -12528,8 +12479,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ break;
+ }
+
+- len -= size + 8;
+- vpcc_data += size + 8;
++ len -= size;
++ vpcc_data += size;
+ }
+
+ break;
+@@ -12870,7 +12821,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ }
+ case FOURCC_wma_:
+ {
+- guint len = QT_UINT32 (stsd_entry_data);
++ guint32 len = QT_UINT32 (stsd_entry_data);
+ len = len <= offset ? 0 : len - offset;
+ const guint8 *wfex_data = stsd_entry_data + offset;
+ const gchar *codec_name = NULL;
+@@ -12895,21 +12846,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+
+ /* find wfex */
+ while (len >= 8) {
+- guint size;
++ guint32 size = QT_UINT32 (wfex_data);
+
+- if (QT_UINT32 (wfex_data) <= 0x8)
+- size = 0;
+- else if (QT_UINT32 (wfex_data) <= len)
+- size = QT_UINT32 (wfex_data) - 8;
+- else
+- size = len - 8;
+-
+- /* No real data, so skip */
+- if (size < 1) {
+- len -= 8;
+- wfex_data += 8;
+- continue;
+- }
++ if (size < 8 || size > len)
++ break;
+
+ switch (QT_FOURCC (wfex_data + 4)) {
+ case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'):
+@@ -12954,12 +12894,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ "width", G_TYPE_INT, wfex.wBitsPerSample,
+ "depth", G_TYPE_INT, wfex.wBitsPerSample, NULL);
+
+- if (size > wfex.cbSize) {
++ if (size > 8 + wfex.cbSize) {
+ GstBuffer *buf;
+
+- buf = gst_buffer_new_and_alloc (size - wfex.cbSize);
++ buf = gst_buffer_new_and_alloc (size - 8 - wfex.cbSize);
+ gst_buffer_fill (buf, 0, wfex_data + 8 + wfex.cbSize,
+- size - wfex.cbSize);
++ size - 8 - wfex.cbSize);
+ gst_caps_set_simple (entry->caps,
+ "codec_data", GST_TYPE_BUFFER, buf, NULL);
+ gst_buffer_unref (buf);
+@@ -12976,8 +12916,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ default:
+ break;
+ }
+- len -= size + 8;
+- wfex_data += size + 8;
++ len -= size;
++ wfex_data += size;
+ }
+ break;
+ }
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
new file mode 100644
index 0000000000..53867a8970
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
@@ -0,0 +1,56 @@
+From da3b4e903ae990193988a873368bdd1865350521 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 09:47:50 +0300
+Subject: [PATCH 09/13] qtdemux: Fix error handling when parsing cenc sample
+ groups fails
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47544
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da3b4e903ae990193988a873368bdd1865350521]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 94ce75b2d4..e7a79be45b 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -11400,12 +11400,15 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ if (stream->subtype != FOURCC_soun) {
+ GST_ERROR_OBJECT (qtdemux,
+ "Unexpeced stsd type 'aavd' outside 'soun' track");
++ goto corrupt_file;
+ } else {
+ /* encrypted audio with sound sample description v0 */
+ GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc);
+ stream->protected = TRUE;
+- if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc))
++ if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc)) {
+ GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info");
++ goto corrupt_file;
++ }
+ }
+ }
+
+@@ -11414,8 +11417,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
+ * with the same type */
+ GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc);
+ stream->protected = TRUE;
+- if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc))
++ if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc)) {
+ GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info");
++ goto corrupt_file;
++ }
+ }
+
+ if (stream->subtype == FOURCC_vide) {
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
new file mode 100644
index 0000000000..52416b412f
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
@@ -0,0 +1,49 @@
+From 20503e5dd90e21ef170488b2a8b8529ae8a4cab9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 10:38:50 +0300
+Subject: [PATCH 10/13] qtdemux: Make sure there are enough offsets to read
+ when parsing samples
+
+While this specific case is also caught when initializing co_chunk, the error
+is ignored in various places and calling into the function would lead to out of
+bounds reads if the error message doesn't cause the pipeline to be shut down
+fast enough.
+
+To avoid this, no matter what, make sure enough offsets are available when
+parsing them. While this is potentially slower, the same is already done in the
+non-chunks_are_samples case.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-245
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47597
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/20503e5dd90e21ef170488b2a8b8529ae8a4cab9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index e7a79be45b..5277952c5e 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -10066,9 +10066,9 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, guint32 n)
+ goto done;
+ }
+
+- cur->offset =
+- qt_atom_parser_get_offset_unchecked (&stream->co_chunk,
+- stream->co_size);
++ if (!qt_atom_parser_get_offset (&stream->co_chunk,
++ stream->co_size, &cur->offset))
++ goto corrupt_file;
+
+ GST_LOG_OBJECT (qtdemux, "Created entry %d with offset "
+ "%" G_GUINT64_FORMAT, j, cur->offset);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
new file mode 100644
index 0000000000..c57a3d6dac
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
@@ -0,0 +1,97 @@
+From ed254790331a3fba2f68255a8f072552d622aac1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 10:39:30 +0300
+Subject: [PATCH 11/13] qtdemux: Actually handle errors returns from various
+ functions instead of ignoring them
+
+Ignoring them might cause the element to continue as if all is fine despite the
+internal state being inconsistent. This can lead to all kinds of follow-up
+issues, including memory safety issues.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-245
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47597
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed254790331a3fba2f68255a8f072552d622aac1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 29 +++++++++++++++++++++++------
+ 1 file changed, 23 insertions(+), 6 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 5277952c5e..1de70f184f 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -4853,10 +4853,15 @@ gst_qtdemux_loop_state_header (GstQTDemux * qtdemux)
+ beach:
+ if (ret == GST_FLOW_EOS && (qtdemux->got_moov || qtdemux->media_caps)) {
+ /* digested all data, show what we have */
+- qtdemux_prepare_streams (qtdemux);
++ ret = qtdemux_prepare_streams (qtdemux);
++ if (ret != GST_FLOW_OK)
++ return ret;
++
+ QTDEMUX_EXPOSE_LOCK (qtdemux);
+ ret = qtdemux_expose_streams (qtdemux);
+ QTDEMUX_EXPOSE_UNLOCK (qtdemux);
++ if (ret != GST_FLOW_OK)
++ return ret;
+
+ qtdemux->state = QTDEMUX_STATE_MOVIE;
+ GST_DEBUG_OBJECT (qtdemux, "switching state to STATE_MOVIE (%d)",
+@@ -7548,13 +7553,21 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force)
+ gst_qtdemux_stream_concat (demux,
+ demux->old_streams, demux->active_streams);
+
+- qtdemux_parse_moov (demux, data, demux->neededbytes);
++ if (!qtdemux_parse_moov (demux, data, demux->neededbytes)) {
++ ret = GST_FLOW_ERROR;
++ break;
++ }
+ qtdemux_node_dump (demux, demux->moov_node);
+ qtdemux_parse_tree (demux);
+- qtdemux_prepare_streams (demux);
++ ret = qtdemux_prepare_streams (demux);
++ if (ret != GST_FLOW_OK)
++ break;
++
+ QTDEMUX_EXPOSE_LOCK (demux);
+- qtdemux_expose_streams (demux);
++ ret = qtdemux_expose_streams (demux);
+ QTDEMUX_EXPOSE_UNLOCK (demux);
++ if (ret != GST_FLOW_OK)
++ break;
+
+ demux->got_moov = TRUE;
+
+@@ -7645,8 +7658,10 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force)
+ /* in MSS we need to expose the pads after the first moof as we won't get a moov */
+ if (demux->variant == VARIANT_MSS_FRAGMENTED && !demux->exposed) {
+ QTDEMUX_EXPOSE_LOCK (demux);
+- qtdemux_expose_streams (demux);
++ ret = qtdemux_expose_streams (demux);
+ QTDEMUX_EXPOSE_UNLOCK (demux);
++ if (ret != GST_FLOW_OK)
++ goto done;
+ }
+
+ gst_qtdemux_check_send_pending_segment (demux);
+@@ -13760,8 +13775,10 @@ qtdemux_prepare_streams (GstQTDemux * qtdemux)
+
+ /* parse the initial sample for use in setting the frame rate cap */
+ while (sample_num == 0 && sample_num < stream->n_samples) {
+- if (!qtdemux_parse_samples (qtdemux, stream, sample_num))
++ if (!qtdemux_parse_samples (qtdemux, stream, sample_num)) {
++ ret = GST_FLOW_ERROR;
+ break;
++ }
+ ++sample_num;
+ }
+ }
+--
+2.30.2
+
--git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
new file mode 100644
index 0000000000..61f5ce3787
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
@@ -0,0 +1,36 @@
+From 3153fda823cb91b1031dae69738c6c5d526fb6e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 19:16:19 +0300
+Subject: [PATCH 12/13] qtdemux: Check for invalid atom length when extracting
+ Closed Caption data
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-243
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47546
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3153fda823cb91b1031dae69738c6c5d526fb6e1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 1de70f184f..8850d09321 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -5827,7 +5827,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size,
+ goto invalid_cdat;
+ atom_length = QT_UINT32 (data);
+ fourcc = QT_FOURCC (data + 4);
+- if (G_UNLIKELY (atom_length > size || atom_length == 8))
++ if (G_UNLIKELY (atom_length > size || atom_length <= 8))
+ goto invalid_cdat;
+
+ GST_DEBUG_OBJECT (stream->pad, "here");
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
new file mode 100644
index 0000000000..b46f295c46
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
@@ -0,0 +1,37 @@
+From 3ce1b812a9531611288af286b5dc6631a11e3f4a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 27 Sep 2024 00:31:36 +0300
+Subject: [PATCH 13/13] qtdemux: Add size check for parsing SMI / SEQH atom
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-244
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3853
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
+
+CVE: CVE-2024-47596
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3ce1b812a9531611288af286b5dc6631a11e3f4a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 8850d09321..dc70287a8a 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -10629,8 +10629,9 @@ qtdemux_parse_svq3_stsd_data (GstQTDemux * qtdemux,
+ GST_WARNING_OBJECT (qtdemux, "Unexpected second SEQH SMI atom "
+ " found, ignoring");
+ } else {
++ /* Note: The size does *not* include the fourcc and the size field itself */
+ seqh_size = QT_UINT32 (data + 4);
+- if (seqh_size > 0) {
++ if (seqh_size > 0 && seqh_size <= size - 8) {
+ _seqh = gst_buffer_new_and_alloc (seqh_size);
+ gst_buffer_fill (_seqh, 0, data + 8, seqh_size);
+ }
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 8099d70791..94c34cf908 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -6,7 +6,21 @@ BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
- file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch"
+ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch \
+ file://0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch \
+ file://0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch \
+ file://0003-qtdemux-Fix-debug-output-during-trun-parsing.patch \
+ file://0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch \
+ file://0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch \
+ file://0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch \
+ file://0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch \
+ file://0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch \
+ file://0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch \
+ file://0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch \
+ file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \
+ file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
+ file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
+ "
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 02/25] gstreamer1.0-plugins-base: patch CVE-2024-47538
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 01/25] gstreamer1.0-plugins-good: fix several CVEs Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 03/25] gstreamer1.0-plugins-base: patch CVE-2024-47607 Steve Sakoman
` (22 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...at-most-64-channels-to-NONE-position.patch | 35 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
new file mode 100644
index 0000000000..2c44348a5d
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,35 @@
+From 3eee4954d70accf94262299994eb21107a65dea8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:35:07 +0300
+Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-115
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
+
+CVE: CVE-2024-47538
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3eee4954d70accf94262299994eb21107a65dea8]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/vorbis/gstvorbisdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/vorbis/gstvorbisdec.c b/ext/vorbis/gstvorbisdec.c
+index 6a410ed858..1fc4fa883e 100644
+--- a/ext/vorbis/gstvorbisdec.c
++++ b/ext/vorbis/gstvorbisdec.c
+@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd)
+ }
+ default:{
+ GstAudioChannelPosition position[64];
+- gint i, max_pos = MAX (vd->vi.channels, 64);
++ gint i, max_pos = MIN (vd->vi.channels, 64);
+
+ GST_ELEMENT_WARNING (vd, STREAM, DECODE,
+ (NULL), ("Using NONE channel layout for more than 8 channels"));
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 5905c2d5b1..fbdd599eb9 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -10,6 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
+ file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 03/25] gstreamer1.0-plugins-base: patch CVE-2024-47607
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 01/25] gstreamer1.0-plugins-good: fix several CVEs Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 02/25] gstreamer1.0-plugins-base: patch CVE-2024-47538 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 04/25] gstreamer1.0-plugins-base: patch CVE-2024-47615 Steve Sakoman
` (21 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...at-most-64-channels-to-NONE-position.patch | 41 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
new file mode 100644
index 0000000000..7a27af1291
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,41 @@
+From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 1 Oct 2024 13:22:50 +0300
+Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-116
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
+
+CVE: CVE-2024-47607
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/opus/gstopusdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
+index 99289fa7d2..d3f461d9a8 100644
+--- a/ext/opus/gstopusdec.c
++++ b/ext/opus/gstopusdec.c
+@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
+ posn = gst_opus_channel_positions[dec->n_channels - 1];
+ break;
+ default:{
+- gint i;
++ guint i, max_pos = MIN (dec->n_channels, 64);
+
+ GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
+ (NULL), ("Using NONE channel layout for more than 8 channels"));
+
+- for (i = 0; i < dec->n_channels; i++)
++ for (i = 0; i < max_pos; i++)
+ pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+
+ posn = pos;
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index fbdd599eb9..ffae227154 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
+ file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 04/25] gstreamer1.0-plugins-base: patch CVE-2024-47615
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 03/25] gstreamer1.0-plugins-base: patch CVE-2024-47607 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 05/25] gstreamer1.0-plugins-good: patch CVE-2024-47613 Steve Sakoman
` (20 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ck-writes-to-GstOggStream.vorbis_mod.patch | 80 +++++++++
...w-and-fix-per-format-min_packet_size.patch | 168 ++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 2 +
3 files changed, 250 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
new file mode 100644
index 0000000000..37d0b463cb
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
@@ -0,0 +1,80 @@
+From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 15:16:30 +0200
+Subject: [PATCH 1/2] vorbis_parse: check writes to
+ GstOggStream.vorbis_mode_sizes
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-117 Fixes gstreamer#3875
+
+Also perform out-of-bounds check for accesses to op->packet
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
+
+CVE: CVE-2024-47615
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/006047a23a4e4c146e40e5dab765bc6318a94744]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/ogg/vorbis_parse.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/ogg/vorbis_parse.c b/ext/ogg/vorbis_parse.c
+index 65ef463808..757c7cd82b 100644
+--- a/ext/ogg/vorbis_parse.c
++++ b/ext/ogg/vorbis_parse.c
+@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+ if (offset == 0) {
+ offset = 8;
+ current_pos -= 1;
++
++ /* have we underrun? */
++ if (current_pos < op->packet)
++ return -1;
+ }
+ }
+
+@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+ if (offset == 7)
+ current_pos -= 1;
+
++ /* have we underrun? */
++ if (current_pos < op->packet + 5)
++ return -1;
++
+ if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
+ ||
+ current_pos[-4] != 0
+@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+ /* Give ourselves a chance to recover if we went back too far by using
+ * the size check. */
+ for (ii = 0; ii < 2; ii++) {
++
+ if (offset > 4) {
++ /* have we underrun? */
++ if (current_pos < op->packet)
++ return -1;
++
+ size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
+ } else {
++ /* have we underrun? */
++ if (current_pos < op->packet + 1)
++ return -1;
++
+ /* mask part of byte from current_pos */
+ size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
+ /* shift to appropriate position */
+@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+
+ mode_size_ptr = pad->vorbis_mode_sizes;
+
++ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
++ return -1;
++ }
++
+ for (i = 0; i < size; i++) {
+ offset = (offset + 1) % 8;
+ if (offset == 0)
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
new file mode 100644
index 0000000000..b469049a94
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
@@ -0,0 +1,168 @@
+From e633ec642825466b91fc12da6629c307906fa206 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 16:52:51 +0200
+Subject: [PATCH 2/2] oggstream: review and fix per-format min_packet_size
+
+This addresses all manually detected invalid reads in setup functions.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
+
+CVE: CVE-2024-47615
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e633ec642825466b91fc12da6629c307906fa206]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/ogg/gstoggstream.c | 40 ++++++++++++----------------------------
+ 1 file changed, 12 insertions(+), 28 deletions(-)
+
+diff --git a/ext/ogg/gstoggstream.c b/ext/ogg/gstoggstream.c
+index a8883304a5..ab6be238dc 100644
+--- a/ext/ogg/gstoggstream.c
++++ b/ext/ogg/gstoggstream.c
+@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+ gint width, height, par_n, par_d, fps_n, fps_d;
+
+- if (packet->bytes < 26) {
+- GST_DEBUG ("Failed to parse VP8 BOS page");
+- return FALSE;
+- }
+-
+ width = GST_READ_UINT16_BE (packet->packet + 8);
+ height = GST_READ_UINT16_BE (packet->packet + 10);
+ par_n = GST_READ_UINT24_BE (packet->packet + 12);
+@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+ gint64 prestime_n, prestime_d;
+ gint64 basetime_n, basetime_d;
+
+- if (packet->bytes < 44) {
+- GST_DEBUG ("Not enough data for fishead header");
+- return FALSE;
+- }
+-
+ data = packet->packet;
+
+ data += 8; /* header */
+@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+ pad->prestime = -1;
+
+ /* Ogg Skeleton 3.3+ streams provide additional information in the header */
+- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
+- && pad->skeleton_minor > 0) {
++ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
++ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
+ gint64 firstsampletime_n, firstsampletime_d;
+ gint64 lastsampletime_n, lastsampletime_d;
+ gint64 firstsampletime, lastsampletime;
+@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+
+ GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
+ GST_TIME_ARGS (pad->total_time));
+- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
++ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
+ && pad->skeleton_major == 4) {
+ guint64 segment_length, content_offset;
+
+@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, ogg_packet * packet)
+ guint8 *data = packet->packet;
+ const char *category;
+
+- if (packet->bytes < 64)
+- return FALSE;
+-
+ pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
+ pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
+ pad->granuleshift = GST_READ_UINT8 (data + 15);
+@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+ GstBuffer *buffer;
+
+- if (packet->bytes < 19)
+- return FALSE;
+-
+ pad->granulerate_n = 48000;
+ pad->granulerate_d = 1;
+ pad->granuleshift = 0;
+@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "\001vorbis", 7, 22,
++ "\001vorbis", 7, 29,
+ "audio/x-vorbis",
+ setup_vorbis_mapper,
+ NULL,
+@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "PCM ", 8, 0,
++ "PCM ", 8, 28,
+ "audio/x-raw",
+ setup_pcm_mapper,
+ NULL,
+@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "CMML\0\0\0\0", 8, 0,
++ "CMML\0\0\0\0", 8, 29,
+ "text/x-cmml",
+ setup_cmml_mapper,
+ NULL,
+@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "Annodex", 7, 0,
++ "Annodex", 7, 44,
+ "application/x-annodex",
+ setup_fishead_mapper,
+ NULL,
+@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "CELT ", 8, 0,
++ "CELT ", 8, 60,
+ "audio/x-celt",
+ setup_celt_mapper,
+ NULL,
+@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "\200kate\0\0\0", 8, 0,
++ "\200kate\0\0\0", 8, 64,
+ "text/x-kate",
+ setup_kate_mapper,
+ NULL,
+@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "OVP80\1\1", 7, 4,
++ "OVP80\1\1", 7, 26,
+ "video/x-vp8",
+ setup_vp8_mapper,
+ setup_vp8_mapper_from_caps,
+@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
+ update_stats_vp8
+ },
+ {
+- "OpusHead", 8, 0,
++ "OpusHead", 8, 19,
+ "audio/x-opus",
+ setup_opus_mapper,
+ NULL,
+@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
+ NULL
+ },
+ {
+- "\001text\0\0\0", 9, 9,
++ "\001text\0\0\0", 9, 25,
+ "application/x-ogm-text",
+ setup_ogmtext_mapper,
+ NULL,
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index ffae227154..18837e676d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -12,6 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
+ file://0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch \
+ file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 05/25] gstreamer1.0-plugins-good: patch CVE-2024-47613
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 04/25] gstreamer1.0-plugins-base: patch CVE-2024-47615 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 06/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
` (19 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ck-if-initializing-the-video-info-ac.patch | 53 +++++++++++++++++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 1 +
2 files changed, 54 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
new file mode 100644
index 0000000000..502b26f9d5
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
@@ -0,0 +1,53 @@
+From 1d1c9d63be51d85f9b80f0c227d4b3469fee2534 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 2 Oct 2024 14:44:21 +0300
+Subject: [PATCH] gdkpixbufdec: Check if initializing the video info actually
+ succeeded
+
+Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
+mapped.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-118
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041>
+
+CVE: CVE-2024-47613
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/gdk_pixbuf/gstgdkpixbufdec.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ext/gdk_pixbuf/gstgdkpixbufdec.c b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+index 5482998c0d..de5f054964 100644
+--- a/ext/gdk_pixbuf/gstgdkpixbufdec.c
++++ b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+@@ -322,7 +322,8 @@ gst_gdk_pixbuf_dec_flush (GstGdkPixbufDec * filter)
+
+
+ gst_video_info_init (&info);
+- gst_video_info_set_format (&info, fmt, width, height);
++ if (!gst_video_info_set_format (&info, fmt, width, height))
++ goto format_not_supported;
+ info.fps_n = filter->in_fps_n;
+ info.fps_d = filter->in_fps_d;
+ caps = gst_video_info_to_caps (&info);
+@@ -384,6 +385,12 @@ channels_not_supported:
+ ("%d channels not supported", n_channels));
+ return GST_FLOW_ERROR;
+ }
++format_not_supported:
++ {
++ GST_ELEMENT_ERROR (filter, STREAM, DECODE, (NULL),
++ ("%d channels with %dx%d not supported", n_channels, width, height));
++ return GST_FLOW_ERROR;
++ }
+ no_buffer:
+ {
+ GST_DEBUG ("Failed to create outbuffer - %s", gst_flow_get_name (ret));
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 94c34cf908..ca26290340 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -20,6 +20,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \
file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
+ file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 06/25] gstreamer1.0-plugins-good: patch several CVEs
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 05/25] gstreamer1.0-plugins-good: patch CVE-2024-47613 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 07/25] gstreamer1.0-plugins-base: patch CVE-2024-47541 Steve Sakoman
` (18 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
Signed-off-by: Peter Marko <peter.marko@siemens.com>
fixup! gstreamer1.0-plugins-good: patch CVE-2024-47540 and CVE-2024-47601
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ly-unmap-GstMapInfo-in-WavPack-heade.patch | 60 +++++++++++++++++++
...x-off-by-one-when-parsing-multi-chan.patch | 35 +++++++++++
...eck-for-big-enough-WavPack-codec-pri.patch | 43 +++++++++++++
...n-t-take-data-out-of-an-empty-adapte.patch | 51 ++++++++++++++++
...ip-over-laces-directly-when-postproc.patch | 52 ++++++++++++++++
...ip-over-zero-sized-Xiph-stream-heade.patch | 43 +++++++++++++
...t-a-copy-of-the-codec-data-into-the-.patch | 44 ++++++++++++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 7 +++
8 files changed, 335 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
new file mode 100644
index 0000000000..354a2e5194
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
@@ -0,0 +1,60 @@
+From 008f0d52408f57f0704d5639b72db2f330b8f003 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:32:48 +0300
+Subject: [PATCH 1/7] matroskademux: Only unmap GstMapInfo in WavPack header
+ extraction error paths if previously mapped
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-197
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/008f0d52408f57f0704d5639b72db2f330b8f003]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 9b3cf83adb..35e60b7147 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3885,7 +3885,6 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ GstMatroskaTrackAudioContext *audiocontext =
+ (GstMatroskaTrackAudioContext *) stream;
+ GstBuffer *newbuf = NULL;
+- GstMapInfo map, outmap;
+ guint8 *buf_data, *data;
+ Wavpack4Header wvh;
+
+@@ -3902,11 +3901,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+
+ if (audiocontext->channels <= 2) {
+ guint32 block_samples, tmp;
++ GstMapInfo outmap;
+ gsize size = gst_buffer_get_size (*buf);
+
+ if (size < 4) {
+ GST_ERROR_OBJECT (element, "Too small wavpack buffer");
+- gst_buffer_unmap (*buf, &map);
+ return GST_FLOW_ERROR;
+ }
+
+@@ -3944,6 +3943,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ *buf = newbuf;
+ audiocontext->wvpk_block_index += block_samples;
+ } else {
++ GstMapInfo map, outmap;
+ guint8 *outdata = NULL;
+ gsize buf_size, size;
+ guint32 block_samples, flags, crc;
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
new file mode 100644
index 0000000000..39346ca829
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
@@ -0,0 +1,35 @@
+From b7e1b13af70b7c042f29674f5482b502af82d829 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:33:39 +0300
+Subject: [PATCH 2/7] matroskademux: Fix off-by-one when parsing multi-channel
+ WavPack
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b7e1b13af70b7c042f29674f5482b502af82d829]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 35e60b7147..583fbbe6e6 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3970,7 +3970,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ data += 4;
+ size -= 4;
+
+- while (size > 12) {
++ while (size >= 12) {
+ flags = GST_READ_UINT32_LE (data);
+ data += 4;
+ size -= 4;
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
new file mode 100644
index 0000000000..af1e9bf6d7
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
@@ -0,0 +1,43 @@
+From 455393ef0f2bb0a49c5bf32ef208af914c44e806 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:25:53 +0300
+Subject: [PATCH 3/7] matroskademux: Check for big enough WavPack codec private
+ data before accessing it
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-250
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/455393ef0f2bb0a49c5bf32ef208af914c44e806]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 583fbbe6e6..91e66fefc3 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3888,6 +3888,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ guint8 *buf_data, *data;
+ Wavpack4Header wvh;
+
++ if (!stream->codec_priv || stream->codec_priv_size < 2) {
++ GST_ERROR_OBJECT (element, "No or too small wavpack codec private data");
++ return GST_FLOW_ERROR;
++ }
++
+ wvh.ck_id[0] = 'w';
+ wvh.ck_id[1] = 'v';
+ wvh.ck_id[2] = 'p';
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
new file mode 100644
index 0000000000..aaae3d7abe
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
@@ -0,0 +1,51 @@
+From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:04:51 +0300
+Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter
+ when processing WavPack frames
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-249
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47597
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/gst/matroska/matroska-demux.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 91e66fefc3..98ed51e86a 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ }
+ gst_buffer_unmap (*buf, &map);
+
+- newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));
++ size = gst_adapter_available (adapter);
++ if (size > 0) {
++ newbuf = gst_adapter_take_buffer (adapter, size);
++ gst_buffer_copy_into (newbuf, *buf,
++ GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
++ } else {
++ newbuf = NULL;
++ }
+ g_object_unref (adapter);
+
+- gst_buffer_copy_into (newbuf, *buf,
+- GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
+ gst_buffer_unref (*buf);
+ *buf = newbuf;
+
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
new file mode 100644
index 0000000000..7216d7c9d3
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
@@ -0,0 +1,52 @@
+From effbbfd771487cc06c79d5a7e447a849884cc6cf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:06:03 +0300
+Subject: [PATCH 5/7] matroskademux: Skip over laces directly when
+ postprocessing the frame fails
+
+Otherwise NULL buffers might be handled afterwards.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-249
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/effbbfd771487cc06c79d5a7e447a849884cc6cf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/gst/matroska/matroska-demux.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 98ed51e86a..e0a4405dce 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -4982,6 +4982,18 @@ gst_matroska_demux_parse_blockgroup_or_simpleblock (GstMatroskaDemux * demux,
+ if (stream->postprocess_frame) {
+ GST_LOG_OBJECT (demux, "running post process");
+ ret = stream->postprocess_frame (GST_ELEMENT (demux), stream, &sub);
++ if (ret != GST_FLOW_OK) {
++ gst_clear_buffer (&sub);
++ goto next_lace;
++ }
++
++ if (sub == NULL) {
++ GST_WARNING_OBJECT (demux,
++ "Postprocessing buffer with timestamp %" GST_TIME_FORMAT
++ " for stream %d failed", GST_TIME_ARGS (buffer_timestamp),
++ stream_num);
++ goto next_lace;
++ }
+ }
+
+ /* At this point, we have a sub-buffer pointing at data within a larger
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
new file mode 100644
index 0000000000..cb5ba69af0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
@@ -0,0 +1,43 @@
+From ed7b46bac3fa14f95422cc4bb4655d041df51454 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 19:19:42 +0300
+Subject: [PATCH 6/7] matroskademux: Skip over zero-sized Xiph stream headers
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-251
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed7b46bac3fa14f95422cc4bb4655d041df51454]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-ids.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-ids.c b/gst/matroska/matroska-ids.c
+index f11b7c2ce3..ba645f7306 100644
+--- a/gst/matroska/matroska-ids.c
++++ b/gst/matroska/matroska-ids.c
+@@ -189,8 +189,10 @@ gst_matroska_parse_xiph_stream_headers (gpointer codec_data,
+ if (offset + length[i] > codec_data_size)
+ goto error;
+
+- hdr = gst_buffer_new_memdup (p + offset, length[i]);
+- gst_buffer_list_add (list, hdr);
++ if (length[i] > 0) {
++ hdr = gst_buffer_new_memdup (p + offset, length[i]);
++ gst_buffer_list_add (list, hdr);
++ }
+
+ offset += length[i];
+ }
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
new file mode 100644
index 0000000000..371eb9da9b
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
@@ -0,0 +1,44 @@
+From 98e4356be7afa869373f96b4e8ca792c5f9707ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 9 Oct 2024 11:52:52 -0400
+Subject: [PATCH 7/7] matroskademux: Put a copy of the codec data into the
+ A_MS/ACM caps
+
+The original codec data buffer is owned by matroskademux and does not
+necessarily live as long as the caps.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-280
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>
+
+CVE: CVE-2024-47540
+CVE: CVE-2024-47601
+CVE: CVE-2024-47602
+CVE: CVE-2024-47603
+CVE: CVE-2024-47834
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/98e4356be7afa869373f96b4e8ca792c5f9707ee]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/matroska/matroska-demux.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index e0a4405dce..80da306731 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -7165,8 +7165,7 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext *
+
+ /* 18 is the waveformatex size */
+ if (size > 18) {
+- codec_data = gst_buffer_new_wrapped_full (GST_MEMORY_FLAG_READONLY,
+- data + 18, size - 18, 0, size - 18, NULL, NULL);
++ codec_data = gst_buffer_new_memdup (data + 18, size - 18);
+ }
+
+ if (riff_audio_fmt)
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index ca26290340..96dd6f7228 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -21,6 +21,13 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \
+ file://0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch \
+ file://0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch \
+ file://0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch \
+ file://0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch \
+ file://0019-matroskademux-Skip-over-laces-directly-when-postproc.patch \
+ file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \
+ file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 07/25] gstreamer1.0-plugins-base: patch CVE-2024-47541
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 06/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 08/25] gstreamer1.0-plugins-base: patch CVE-2024-47542 Steve Sakoman
` (17 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...for-closing-brace-after-opening-brac.patch | 38 +++++++
...se-strstr-on-strings-that-are-potent.patch | 99 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 2 +
3 files changed, 139 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
new file mode 100644
index 0000000000..a20d2b4cca
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
@@ -0,0 +1,38 @@
+From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:40:44 +0300
+Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace
+
+Otherwise removing anything between the braces leads to out of bound writes if
+there is a closing brace before the first opening brace.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-228
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
+
+CVE: CVE-2024-47541
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/15bb318416e1bf6b6b557006a37d1da86c3a76a8]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstssaparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
+index 42fbb42b99..37b892e928 100644
+--- a/gst/subparse/gstssaparse.c
++++ b/gst/subparse/gstssaparse.c
+@@ -238,7 +238,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+ gboolean removed_any = FALSE;
+
+ while ((t = strchr (txt, '{'))) {
+- end = strchr (txt, '}');
++ end = strchr (t, '}');
+ if (end == NULL) {
+ GST_WARNING_OBJECT (parse, "Missing { for style override code");
+ return removed_any;
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
new file mode 100644
index 0000000000..e6674c7bfd
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
@@ -0,0 +1,99 @@
+From 403b10eba06679319aa2e35d310236234782102f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:36:19 +0300
+Subject: [PATCH 2/2] ssaparse: Don't use strstr() on strings that are
+ potentially not NULL-terminated
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
+
+CVE: CVE-2024-47541
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/403b10eba06679319aa2e35d310236234782102f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstssaparse.c | 36 +++++++++++++++++++++++++++++++++++-
+ meson.build | 1 +
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
+index 37b892e928..c162a542f5 100644
+--- a/gst/subparse/gstssaparse.c
++++ b/gst/subparse/gstssaparse.c
+@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+ return res;
+ }
+
++#ifndef HAVE_MEMMEM
++// memmem() is a GNU extension so if it's not available we'll need
++// our own implementation here. Thanks C.
++static void *
++my_memmem (const void *haystack, size_t haystacklen, const void *needle,
++ size_t needlelen)
++{
++ const guint8 *cur, *end;
++
++ if (needlelen > haystacklen)
++ return NULL;
++ if (needlelen == 0)
++ return (void *) haystack;
++
++
++ cur = haystack;
++ end = cur + haystacklen - needlelen;
++
++ for (; cur <= end; cur++) {
++ if (memcmp (cur, needle, needlelen) == 0)
++ return (void *) cur;
++ }
++
++ return NULL;
++}
++#else
++#define my_memmem memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+ {
+@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+ const GValue *val;
+ GstStructure *s;
+ const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
++ const guint8 header[] = "[Script Info]";
+ const gchar *end;
+ GstBuffer *priv;
+ GstMapInfo map;
+@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+ left -= 3;
+ }
+
+- if (!strstr (ptr, "[Script Info]"))
++ if (!my_memmem (ptr, left, header, sizeof (header) - 1))
+ goto invalid_init;
+
+ if (!g_utf8_validate (ptr, left, &end)) {
+@@ -231,6 +261,10 @@ invalid_init:
+ }
+ }
+
++#ifdef my_memmem
++#undef my_memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+ {
+diff --git a/meson.build b/meson.build
+index d1033bef4a..65d0944114 100644
+--- a/meson.build
++++ b/meson.build
+@@ -199,6 +199,7 @@ check_functions = [
+ ['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
+ ['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
+ ['HAVE_LOG2', 'log2', '#include<math.h>'],
++ ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
+ ]
+
+ libm = cc.find_library('m', required : false)
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 18837e676d..e65de0036d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -14,6 +14,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
file://0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch \
file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \
+ file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \
+ file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 08/25] gstreamer1.0-plugins-base: patch CVE-2024-47542
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 07/25] gstreamer1.0-plugins-base: patch CVE-2024-47541 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 09/25] gstreamer1.0-plugins-good: patch CVE-2024-47599 Steve Sakoman
` (16 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 64 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 1 +
2 files changed, 65 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
--git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
new file mode 100644
index 0000000000..4b514ff875
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
@@ -0,0 +1,64 @@
+From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 13:43:06 +0300
+Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data
+ is available
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-235
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
+
+CVE: CVE-2024-47542
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst-libs/gst/tag/id3v2.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/gst-libs/gst/tag/id3v2.c b/gst-libs/gst/tag/id3v2.c
+index 7db2cb7e12..70f975d133 100644
+--- a/gst-libs/gst/tag/id3v2.c
++++ b/gst-libs/gst/tag/id3v2.c
+@@ -29,7 +29,7 @@
+
+ #define HANDLE_INVALID_SYNCSAFE
+
+-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
++static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
+
+ #ifndef GST_DISABLE_GST_DEBUG
+
+@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer)
+ GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
+ }
+
+- id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
++ id3v2_frames_to_tag_list (&work);
+
+ g_free (uu_data);
+
+@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (ID3TagsWorking * work,
+ }
+
+ static gboolean
+-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
++id3v2_frames_to_tag_list (ID3TagsWorking * work)
+ {
+ guint frame_hdr_size;
+
+ /* Extended header if present */
+ if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
++ if (work->hdr.frame_data_size < 4) {
++ GST_DEBUG ("Tag has no extended header data. Broken tag");
++ return FALSE;
++ }
++
+ work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
+
+ /* In id3v2.4.x the header size is the size of the *whole*
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index e65de0036d..793b8afc3d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \
file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \
file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \
+ file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 09/25] gstreamer1.0-plugins-good: patch CVE-2024-47599
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 08/25] gstreamer1.0-plugins-base: patch CVE-2024-47542 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 10/25] gstreamer1.0-plugins-base: patch CVE-2024-47600 Steve Sakoman
` (15 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ly-error-out-on-negotiation-failures.patch | 99 +++++++++++++++++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 1 +
2 files changed, 100 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
new file mode 100644
index 0000000000..037afdc4ee
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
@@ -0,0 +1,99 @@
+From 3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 16:22:19 +0300
+Subject: [PATCH] jpegdec: Directly error out on negotiation failures
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-247
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040>
+
+CVE: CVE-2024-47599
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../gst-plugins-good/ext/jpeg/gstjpegdec.c | 22 ++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
+index 51bc2d14bf..7523419835 100644
+--- a/ext/jpeg/gstjpegdec.c
++++ b/ext/jpeg/gstjpegdec.c
+@@ -1068,13 +1068,14 @@ gst_jpeg_turbo_parse_ext_fmt_convert (GstJpegDec * dec, gint * clrspc)
+ }
+ #endif
+
+-static void
++static gboolean
+ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+ gboolean interlaced)
+ {
+ GstVideoCodecState *outstate;
+ GstVideoInfo *info;
+ GstVideoFormat format;
++ gboolean res;
+
+ #ifdef JCS_EXTENSIONS
+ if (dec->format_convert) {
+@@ -1104,7 +1105,7 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+ height == GST_VIDEO_INFO_HEIGHT (info) &&
+ format == GST_VIDEO_INFO_FORMAT (info)) {
+ gst_video_codec_state_unref (outstate);
+- return;
++ return TRUE;
+ }
+ gst_video_codec_state_unref (outstate);
+ }
+@@ -1118,6 +1119,8 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+ outstate =
+ gst_video_decoder_set_output_state (GST_VIDEO_DECODER (dec), format,
+ width, height, dec->input_state);
++ if (!outstate)
++ return FALSE;
+
+ switch (clrspc) {
+ case JCS_RGB:
+@@ -1142,10 +1145,12 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc,
+
+ gst_video_codec_state_unref (outstate);
+
+- gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec));
++ res = gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec));
+
+ GST_DEBUG_OBJECT (dec, "max_v_samp_factor=%d", dec->cinfo.max_v_samp_factor);
+ GST_DEBUG_OBJECT (dec, "max_h_samp_factor=%d", dec->cinfo.max_h_samp_factor);
++
++ return res;
+ }
+
+ static GstFlowReturn
+@@ -1425,8 +1430,9 @@ gst_jpeg_dec_handle_frame (GstVideoDecoder * bdec, GstVideoCodecFrame * frame)
+ num_fields = 1;
+ }
+
+- gst_jpeg_dec_negotiate (dec, width, output_height,
+- dec->cinfo.jpeg_color_space, num_fields == 2);
++ if (!gst_jpeg_dec_negotiate (dec, width, output_height,
++ dec->cinfo.jpeg_color_space, num_fields == 2))
++ goto negotiation_failed;
+
+ state = gst_video_decoder_get_output_state (bdec);
+ ret = gst_video_decoder_allocate_output_frame (bdec, frame);
+@@ -1558,6 +1564,12 @@ map_failed:
+ ret = GST_FLOW_ERROR;
+ goto exit;
+ }
++negotiation_failed:
++ {
++ GST_ELEMENT_ERROR (dec, CORE, NEGOTIATION, (NULL), ("failed to negotiate"));
++ ret = GST_FLOW_NOT_NEGOTIATED;
++ goto exit;
++ }
+ decode_error:
+ {
+ gchar err_msg[JMSG_LENGTH_MAX];
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 96dd6f7228..85c9a20a2d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -28,6 +28,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0019-matroskademux-Skip-over-laces-directly-when-postproc.patch \
file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \
file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \
+ file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 10/25] gstreamer1.0-plugins-base: patch CVE-2024-47600
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 09/25] gstreamer1.0-plugins-good: patch CVE-2024-47599 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 11/25] gstreamer1.0-plugins-good: patch CVE-2024-47606 Steve Sakoman
` (14 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-print-channel-layout-for-more-than-.patch | 38 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
new file mode 100644
index 0000000000..6762f256e0
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
@@ -0,0 +1,38 @@
+From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:19:30 +0300
+Subject: [PATCH] discoverer: Don't print channel layout for more than 64
+ channels
+
+64+ channels are always unpositioned / unknown layout.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-248
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
+
+CVE: CVE-2024-47600
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa07d94c10d71fac389dbbb264a59c1f6117eead]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tools/gst-discoverer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/gst-discoverer.c b/tools/gst-discoverer.c
+index e3f048bed5..4a2a1b4bc4 100644
+--- a/tools/gst-discoverer.c
++++ b/tools/gst-discoverer.c
+@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioInfo * ainfo)
+
+ channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
+
+- if (channel_mask != 0) {
++ if (channel_mask != 0 && channels <= 64) {
+ gst_audio_channel_positions_from_mask (channels, channel_mask, position);
+
+ for (i = 0; i < channels; i++) {
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 793b8afc3d..982389d657 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \
file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \
file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \
+ file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 11/25] gstreamer1.0-plugins-good: patch CVE-2024-47606
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 10/25] gstreamer1.0-plugins-base: patch CVE-2024-47600 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 12/25] " Steve Sakoman
` (13 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit related to plugins-good from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...teger-overflow-when-parsing-Theora-e.patch | 44 +++++++++++++++++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
new file mode 100644
index 0000000000..37f133a493
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
@@ -0,0 +1,44 @@
+From f8e398c46fc074f266edb3f20479c0ca31b52448 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 22:16:06 +0300
+Subject: [PATCH] qtdemux: Avoid integer overflow when parsing Theora extension
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-166
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
+
+CVE: CVE-2024-47606
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f8e398c46fc074f266edb3f20479c0ca31b52448]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/isomp4/qtdemux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
+index 5e3cb1b9e6..c2d8b5e0f1 100644
+--- a/gst/isomp4/qtdemux.c
++++ b/gst/isomp4/qtdemux.c
+@@ -8279,7 +8279,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ end -= 8;
+
+ while (buf < end) {
+- gint size;
++ guint32 size;
+ guint32 type;
+
+ size = QT_UINT32 (buf);
+@@ -8287,7 +8287,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
+
+ GST_LOG_OBJECT (qtdemux, "%p %p", buf, end);
+
+- if (buf + size > end || size <= 0)
++ if (end - buf < size || size < 8)
+ break;
+
+ buf += 8;
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 85c9a20a2d..7f8cd7c96c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -29,6 +29,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \
file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \
file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \
+ file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 12/25] gstreamer1.0-plugins-good: patch CVE-2024-47606
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 11/25] gstreamer1.0-plugins-good: patch CVE-2024-47606 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 13/25] gstreamer1.0-plugins-good: patch CVE-2024-47774 Steve Sakoman
` (12 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit related to gstreamer from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...integer-overflow-when-allocating-sys.patch | 56 +++++++++++++++++++
.../gstreamer/gstreamer1.0_1.22.12.bb | 1 +
2 files changed, 57 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
new file mode 100644
index 0000000000..5d8575711a
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
@@ -0,0 +1,56 @@
+From f1cdc6f24340f6cce4cc7020628002f5c70dd6c7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 22:07:22 +0300
+Subject: [PATCH] allocator: Avoid integer overflow when allocating sysmem
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-166
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
+
+CVE: CVE-2024-47606
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f1cdc6f24340f6cce4cc7020628002f5c70dd6c7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/gstallocator.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/gst/gstallocator.c b/gst/gstallocator.c
+index 996f5dc946..198cfe9523 100644
+--- a/gst/gstallocator.c
++++ b/gst/gstallocator.c
+@@ -430,8 +430,20 @@ _sysmem_new_block (GstMemoryFlags flags,
+ /* ensure configured alignment */
+ align |= gst_memory_alignment;
+ /* allocate more to compensate for alignment */
++ if (align > G_MAXSIZE || maxsize > G_MAXSIZE - align) {
++ GST_CAT_WARNING (GST_CAT_MEMORY,
++ "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT
++ "x overflows", maxsize, align);
++ return NULL;
++ }
+ maxsize += align;
+ /* alloc header and data in one block */
++ if (maxsize > G_MAXSIZE - sizeof (GstMemorySystem)) {
++ GST_CAT_WARNING (GST_CAT_MEMORY,
++ "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT
++ "x overflows", maxsize, align);
++ return NULL;
++ }
+ slice_size = sizeof (GstMemorySystem) + maxsize;
+
+ mem = g_slice_alloc (slice_size);
+@@ -481,6 +493,8 @@ _sysmem_copy (GstMemorySystem * mem, gssize offset, gsize size)
+ size = mem->mem.size > offset ? mem->mem.size - offset : 0;
+
+ copy = _sysmem_new_block (0, size, mem->mem.align, 0, size);
++ if (!copy)
++ return NULL;
+ GST_CAT_DEBUG (GST_CAT_PERFORMANCE,
+ "memcpy %" G_GSIZE_FORMAT " memory %p -> %p", size, mem, copy);
+ memcpy (copy->data, mem->data + mem->mem.offset + offset, size);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index 8486e258d5..e5a820e1ad 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0002-tests-add-support-for-install-the-tests.patch \
file://0003-tests-use-a-dictionaries-for-environment.patch \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \
+ file://0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch \
"
SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 13/25] gstreamer1.0-plugins-good: patch CVE-2024-47774
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 12/25] " Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 14/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
` (11 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...size-checks-and-avoid-overflows-when.patch | 46 +++++++++++++++++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
new file mode 100644
index 0000000000..33af003535
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
@@ -0,0 +1,46 @@
+From 0870e87c7c02e28e22a09a7de0c5b1e5bed68c14 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 14:04:03 +0300
+Subject: [PATCH] avisubtitle: Fix size checks and avoid overflows when
+ checking sizes
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-262
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043>
+
+CVE: CVE-2024-47774
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0870e87c7c02e28e22a09a7de0c5b1e5bed68c14]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/avi/gstavisubtitle.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gst/avi/gstavisubtitle.c b/gst/avi/gstavisubtitle.c
+index efc5f04051..c816934da6 100644
+--- a/gst/avi/gstavisubtitle.c
++++ b/gst/avi/gstavisubtitle.c
+@@ -196,7 +196,7 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
+ /* read 'name' of subtitle */
+ name_length = GST_READ_UINT32_LE (map.data + 5 + 2);
+ GST_LOG_OBJECT (sub, "length of name: %u", name_length);
+- if (map.size <= 17 + name_length)
++ if (G_MAXUINT32 - 17 < name_length || map.size < 17 + name_length)
+ goto wrong_name_length;
+
+ name_utf8 =
+@@ -216,7 +216,8 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
+ file_length = GST_READ_UINT32_LE (map.data + 13 + name_length);
+ GST_LOG_OBJECT (sub, "length srt/ssa file: %u", file_length);
+
+- if (map.size < (17 + name_length + file_length))
++ if (G_MAXUINT32 - 17 - name_length < file_length
++ || map.size < 17 + name_length + file_length)
+ goto wrong_total_length;
+
+ /* store this, so we can send it again after a seek; note that we shouldn't
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 7f8cd7c96c..247fda7f9c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \
file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \
file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \
+ file://0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 14/25] gstreamer1.0-plugins-good: patch several CVEs
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 13/25] gstreamer1.0-plugins-good: patch CVE-2024-47774 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 15/25] gstreamer1.0-plugins-base: patch CVE-2024-47835 Steve Sakoman
` (10 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 174 ++++++++++++++++++
...re-enough-data-for-the-tag-list-tag-.patch | 41 +++++
...7-wavparse-Fix-parsing-of-acid-chunk.patch | 65 +++++++
...hat-at-least-4-bytes-are-available-b.patch | 37 ++++
...hat-at-least-32-bytes-are-available-.patch | 40 ++++
...ix-clipping-of-size-to-the-file-size.patch | 47 +++++
...Check-size-before-reading-ds64-chunk.patch | 41 +++++
.../gstreamer1.0-plugins-good_1.22.12.bb | 7 +
8 files changed, 452 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
--git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
new file mode 100644
index 0000000000..4b53830e12
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
@@ -0,0 +1,174 @@
+From 13b48016b3ef1e822c393c2871b0a561ce19ecb3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:00:57 +0300
+Subject: [PATCH 1/7] wavparse: Check for short reads when parsing headers in
+ pull mode
+
+And also return the actual flow return to the caller instead of always returning
+GST_FLOW_ERROR.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-258, GHSL-2024-260
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/13b48016b3ef1e822c393c2871b0a561ce19ecb3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 63 ++++++++++++++++++++++++++++----------
+ 1 file changed, 46 insertions(+), 17 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index d074f273c5..97d5591fae 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1096,6 +1096,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
+ return TRUE;
+ }
+
++static GstFlowReturn
++gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size,
++ GstBuffer ** buffer)
++{
++ GstFlowReturn res;
++
++ res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer);
++ if (res != GST_FLOW_OK)
++ return res;
++
++ if (gst_buffer_get_size (*buffer) < size) {
++ gst_clear_buffer (buffer);
++ return GST_FLOW_EOS;
++ }
++
++ return res;
++}
++
+ static GstFlowReturn
+ gst_wavparse_stream_headers (GstWavParse * wav)
+ {
+@@ -1291,9 +1309,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset, 8,
++ gst_wavparse_pull_range_exact (wav, wav->offset, 8,
+ &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+ tag = GST_READ_UINT32_LE (map.data);
+ size = GST_READ_UINT32_LE (map.data + 4);
+@@ -1396,9 +1414,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ gst_buffer_unref (buf);
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
++ gst_wavparse_pull_range_exact (wav, wav->offset + 8,
+ data_size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_extract (buf, 0, &wav->fact, 4);
+ wav->fact = GUINT32_FROM_LE (wav->fact);
+ gst_buffer_unref (buf);
+@@ -1443,9 +1461,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ gst_buffer_unref (buf);
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset + 8,
+- size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ gst_wavparse_pull_range_exact (wav, wav->offset + 8, size,
++ &buf)) != GST_FLOW_OK)
++ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+ acid = (const gst_riff_acid *) map.data;
+ tempo = acid->tempo;
+@@ -1483,9 +1501,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ gst_buffer_unref (buf);
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset, 12,
++ gst_wavparse_pull_range_exact (wav, wav->offset, 12,
+ &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_extract (buf, 8, <ag, 4);
+ ltag = GUINT32_FROM_LE (ltag);
+ }
+@@ -1512,9 +1530,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ buf = NULL;
+ if (data_size > 0) {
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset,
++ gst_wavparse_pull_range_exact (wav, wav->offset,
+ data_size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ }
+ }
+ if (data_size > 0) {
+@@ -1552,9 +1570,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ buf = NULL;
+ wav->offset += 12;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset,
++ gst_wavparse_pull_range_exact (wav, wav->offset,
+ data_size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+ gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data,
+ data_size);
+@@ -1598,9 +1616,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ gst_buffer_unref (buf);
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset,
++ gst_wavparse_pull_range_exact (wav, wav->offset,
+ data_size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+ if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data,
+ data_size)) {
+@@ -1642,9 +1660,9 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ gst_buffer_unref (buf);
+ buf = NULL;
+ if ((res =
+- gst_pad_pull_range (wav->sinkpad, wav->offset,
++ gst_wavparse_pull_range_exact (wav, wav->offset,
+ data_size, &buf)) != GST_FLOW_OK)
+- goto header_read_error;
++ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+ if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data,
+ data_size)) {
+@@ -1796,6 +1814,17 @@ header_read_error:
+ ("Couldn't read in header %d (%s)", res, gst_flow_get_name (res)));
+ goto fail;
+ }
++header_pull_error:
++ {
++ if (res == GST_FLOW_EOS) {
++ GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res,
++ gst_flow_get_name (res));
++ } else {
++ GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL),
++ ("Couldn't pull header %d (%s)", res, gst_flow_get_name (res)));
++ }
++ goto exit;
++ }
+ }
+
+ /*
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
new file mode 100644
index 0000000000..111c86e894
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
@@ -0,0 +1,41 @@
+From 4c198f4891cfabde868944d55ff98925e7beb757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:09:43 +0300
+Subject: [PATCH 2/7] wavparse: Make sure enough data for the tag list tag is
+ available before parsing
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-258
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c198f4891cfabde868944d55ff98925e7beb757]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 97d5591fae..21cb48c07e 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1488,6 +1488,10 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ case GST_RIFF_TAG_LIST:{
+ guint32 ltag;
+
++ /* Need at least the ltag */
++ if (size < 4)
++ goto exit;
++
+ if (wav->streaming) {
+ const guint8 *data = NULL;
+
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
new file mode 100644
index 0000000000..39d0cccc9a
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
@@ -0,0 +1,65 @@
+From 296e17b4ea81e5c228bb853f6037b654fdca7d47 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:15:27 +0300
+Subject: [PATCH 3/7] wavparse: Fix parsing of acid chunk
+
+Simply casting the bytes to a struct can lead to crashes because of unaligned
+reads, and is also missing the endianness swapping that is necessary on big
+endian architectures.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/296e17b4ea81e5c228bb853f6037b654fdca7d47]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 21cb48c07e..6a0c44638e 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1433,8 +1433,7 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ break;
+ }
+ case GST_RIFF_TAG_acid:{
+- const gst_riff_acid *acid = NULL;
+- const guint data_size = sizeof (gst_riff_acid);
++ const guint data_size = 24;
+ gfloat tempo;
+
+ GST_INFO_OBJECT (wav, "Have acid chunk");
+@@ -1448,13 +1447,13 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ break;
+ }
+ if (wav->streaming) {
++ const guint8 *data;
+ if (!gst_wavparse_peek_chunk (wav, &tag, &size)) {
+ goto exit;
+ }
+ gst_adapter_flush (wav->adapter, 8);
+- acid = (const gst_riff_acid *) gst_adapter_map (wav->adapter,
+- data_size);
+- tempo = acid->tempo;
++ data = gst_adapter_map (wav->adapter, data_size);
++ tempo = GST_READ_FLOAT_LE (data + 20);
+ gst_adapter_unmap (wav->adapter);
+ } else {
+ GstMapInfo map;
+@@ -1465,8 +1464,7 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ &buf)) != GST_FLOW_OK)
+ goto header_pull_error;
+ gst_buffer_map (buf, &map, GST_MAP_READ);
+- acid = (const gst_riff_acid *) map.data;
+- tempo = acid->tempo;
++ tempo = GST_READ_FLOAT_LE (map.data + 20);
+ gst_buffer_unmap (buf, &map);
+ }
+ /* send data as tags */
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
new file mode 100644
index 0000000000..7dbda5abdd
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
@@ -0,0 +1,37 @@
+From c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:21:44 +0300
+Subject: [PATCH 4/7] wavparse: Check that at least 4 bytes are available
+ before parsing cue chunks
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 6a0c44638e..5655ee3825 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -789,6 +789,11 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
+ return TRUE;
+ }
+
++ if (size < 4) {
++ GST_WARNING_OBJECT (wav, "broken file %d", size);
++ return FALSE;
++ }
++
+ ncues = GST_READ_UINT32_LE (data);
+
+ if (size < 4 + ncues * 24) {
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
new file mode 100644
index 0000000000..bb5b6ff034
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
@@ -0,0 +1,40 @@
+From 93d79c22a82604adc5512557c1238f72f41188c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:22:02 +0300
+Subject: [PATCH 5/7] wavparse: Check that at least 32 bytes are available
+ before parsing smpl chunks
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-259
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/93d79c22a82604adc5512557c1238f72f41188c4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 5655ee3825..8a04805ed4 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -893,6 +893,9 @@ gst_wavparse_smpl_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
+ {
+ guint32 note_number;
+
++ if (size < 32)
++ return FALSE;
++
+ /*
+ manufacturer_id = GST_READ_UINT32_LE (data);
+ product_id = GST_READ_UINT32_LE (data + 4);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
new file mode 100644
index 0000000000..d12ab9b4e1
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
@@ -0,0 +1,47 @@
+From 526d0eef0d850c8f2fa1bf0aef15a836797f1a67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:27:27 +0300
+Subject: [PATCH 6/7] wavparse: Fix clipping of size to the file size
+
+The size does not include the 8 bytes tag and length, so an additional 8 bytes
+must be removed here. 8 bytes are always available at this point because
+otherwise the parsing of the tag and length right above would've failed.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-260
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/526d0eef0d850c8f2fa1bf0aef15a836797f1a67]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 8a04805ed4..998cbb276d 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1337,10 +1337,11 @@ gst_wavparse_stream_headers (GstWavParse * wav)
+ }
+
+ /* Clip to upstream size if known */
+- if (upstream_size > 0 && size + wav->offset > upstream_size) {
++ if (upstream_size > 0 && size + 8 + wav->offset > upstream_size) {
+ GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
+ g_assert (upstream_size >= wav->offset);
+- size = upstream_size - wav->offset;
++ g_assert (upstream_size - wav->offset >= 8);
++ size = upstream_size - wav->offset - 8;
+ }
+
+ /* wav is a st00pid format, we don't know for sure where data starts.
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
new file mode 100644
index 0000000000..b27132b16d
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
@@ -0,0 +1,41 @@
+From 4f381d15014471b026020d0990a5f5a9f420a22b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 4 Oct 2024 13:51:00 +0300
+Subject: [PATCH 7/7] wavparse: Check size before reading ds64 chunk
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-261
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
+
+CVE: CVE-2024-47775
+CVE: CVE-2024-47776
+CVE: CVE-2024-47777
+CVE: CVE-2024-47778
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4f381d15014471b026020d0990a5f5a9f420a22b]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/wavparse/gstwavparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
+index 998cbb276d..958868de6d 100644
+--- a/gst/wavparse/gstwavparse.c
++++ b/gst/wavparse/gstwavparse.c
+@@ -1087,6 +1087,11 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf)
+ guint32 sampleCountLow, sampleCountHigh;
+
+ gst_buffer_map (buf, &map, GST_MAP_READ);
++ if (map.size < 6 * 4) {
++ GST_WARNING_OBJECT (wav, "Too small ds64 chunk (%" G_GSIZE_FORMAT ")",
++ map.size);
++ return FALSE;
++ }
+ dataSizeLow = GST_READ_UINT32_LE (map.data + 2 * 4);
+ dataSizeHigh = GST_READ_UINT32_LE (map.data + 3 * 4);
+ sampleCountLow = GST_READ_UINT32_LE (map.data + 4 * 4);
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 247fda7f9c..608c3030ba 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -31,6 +31,13 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \
file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \
file://0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch \
+ file://0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch \
+ file://0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch \
+ file://0027-wavparse-Fix-parsing-of-acid-chunk.patch \
+ file://0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch \
+ file://0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch \
+ file://0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch \
+ file://0031-wavparse-Check-size-before-reading-ds64-chunk.patch \
"
SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 15/25] gstreamer1.0-plugins-base: patch CVE-2024-47835
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 14/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 16/25] gstreamer1.0: ignore CVEs fixed in plugins recipes Steve Sakoman
` (9 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit from:
* https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...or-NULL-return-of-strchr-when-parsin.patch | 39 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.22.12.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
new file mode 100644
index 0000000000..b778e7053b
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
@@ -0,0 +1,39 @@
+From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 9 Oct 2024 11:23:47 -0400
+Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC
+ subtitles
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-263
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
+
+CVE: CVE-2024-47835
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c40f73b7002967e824ef34a5435282f4a0ea363]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gst/subparse/gstsubparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 8d925524a6..7d286ed318 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line)
+ return NULL;
+
+ start = strchr (line, ']');
++ // sscanf() does not check for the trailing ] but only up to the last
++ // placeholder, so there might be no ] at the end.
++ if (!start)
++ return NULL;
++
+ if (start - line == 9)
+ milli = 10;
+ else
+--
+2.30.2
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 982389d657..05cb956815 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -18,6 +18,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \
file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \
file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \
+ file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 16/25] gstreamer1.0: ignore CVEs fixed in plugins recipes
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 15/25] gstreamer1.0-plugins-base: patch CVE-2024-47835 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 17/25] libarchive: Fix CVE-2024-20696 Steve Sakoman
` (8 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
These were fixed in previous commits.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gstreamer/gstreamer1.0_1.22.12.bb | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index e5a820e1ad..3f28459e2d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -74,4 +74,17 @@ CVE_PRODUCT = "gstreamer"
CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9"
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BASE"
+CVE_STATUS_PLUGINS_BASE = "CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835"
+CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-base"
+
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_GOOD"
+CVE_STATUS_PLUGINS_GOOD = " \
+ CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 \
+ CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 \
+ CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 \
+ CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 \
+"
+CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-good"
+
PTEST_BUILD_HOST_FILES = ""
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 17/25] libarchive: Fix CVE-2024-20696
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (15 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 16/25] gstreamer1.0: ignore CVEs fixed in plugins recipes Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 18/25] python3: upgrade 3.12.6 -> 3.12.7 Steve Sakoman
` (7 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: aszh07 <mail2szahir@gmail.com>
Add Patch file to fix CVE-2024-20696
CVE: CVE-2024-20696
Signed-off-by: Nitin Wankhade <nitin.wankhade@kpit.com>
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libarchive/CVE-2024-20696.patch | 115 ++++++++++++++++++
.../libarchive/libarchive_3.7.4.bb | 3 +-
2 files changed, 117 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch
new file mode 100644
index 0000000000..e55d58d37b
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch
@@ -0,0 +1,115 @@
+From eac15e252010c1189a5c0f461364dbe2cd2a68b1 Mon Sep 17 00:00:00 2001
+From: "Dustin L. Howett" <dustin@howett.net>
+Date: Thu, 9 May 2024 18:59:17 -0500
+Subject: [PATCH] rar4 reader: protect copy_from_lzss_window_to_unp() (#2172)
+
+copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where
+both of its callers were holding a `size_t`.
+
+A lzss opcode chain could be constructed that resulted in a negative
+copy length, which when passed into memcpy would result in a very, very
+large positive number.
+
+Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to
+properly bounds-check length.
+
+In addition, this patch also ensures that `length` is not itself larger
+than the destination buffer.
+
+CVE: CVE-2024-20696
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/eac15e252010c1189a5c0f461364dbe2cd2a68b1]
+
+Signed-off-by: Nitin Wankhade <nitin.wankhade@kpit.com>
+---
+
+--- a/libarchive/archive_read_support_format_rar.c 2024-04-26 14:52:59.000000000 +0530
++++ b/libarchive/archive_read_support_format_rar.c 2024-12-12 07:35:33.287412704 +0530
+@@ -432,7 +432,7 @@ static int make_table_recurse(struct arc
+ struct huffman_table_entry *, int, int);
+ static int expand(struct archive_read *, int64_t *);
+ static int copy_from_lzss_window_to_unp(struct archive_read *, const void **,
+- int64_t, int);
++ int64_t, size_t);
+ static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
+ static int parse_filter(struct archive_read *, const uint8_t *, uint16_t,
+ uint8_t);
+@@ -2060,7 +2060,7 @@ read_data_compressed(struct archive_read
+ bs = rar->unp_buffer_size - rar->unp_offset;
+ else
+ bs = (size_t)rar->bytes_uncopied;
+- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
++ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs);
+ if (ret != ARCHIVE_OK)
+ return (ret);
+ rar->offset += bs;
+@@ -2213,7 +2213,7 @@ read_data_compressed(struct archive_read
+ bs = rar->unp_buffer_size - rar->unp_offset;
+ else
+ bs = (size_t)rar->bytes_uncopied;
+- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
++ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs);
+ if (ret != ARCHIVE_OK)
+ return (ret);
+ rar->offset += bs;
+@@ -3094,11 +3094,16 @@ copy_from_lzss_window(struct archive_rea
+
+ static int
+ copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer,
+- int64_t startpos, int length)
++ int64_t startpos, size_t length)
+ {
+ int windowoffs, firstpart;
+ struct rar *rar = (struct rar *)(a->format->data);
+
++ if (length > rar->unp_buffer_size)
++ {
++ goto fatal;
++ }
++
+ if (!rar->unp_buffer)
+ {
+ if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL)
+@@ -3110,17 +3115,17 @@ copy_from_lzss_window_to_unp(struct arch
+ }
+
+ windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
+- if(windowoffs + length <= lzss_size(&rar->lzss)) {
++ if(windowoffs + length <= (size_t)lzss_size(&rar->lzss)) {
+ memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
+ length);
+- } else if (length <= lzss_size(&rar->lzss)) {
++ } else if (length <= (size_t)lzss_size(&rar->lzss)) {
+ firstpart = lzss_size(&rar->lzss) - windowoffs;
+ if (firstpart < 0) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Bad RAR file data");
+ return (ARCHIVE_FATAL);
+ }
+- if (firstpart < length) {
++ if ((size_t)firstpart < length) {
+ memcpy(&rar->unp_buffer[rar->unp_offset],
+ &rar->lzss.window[windowoffs], firstpart);
+ memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
+@@ -3130,9 +3135,7 @@ copy_from_lzss_window_to_unp(struct arch
+ &rar->lzss.window[windowoffs], length);
+ }
+ } else {
+- archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+- "Bad RAR file data");
+- return (ARCHIVE_FATAL);
++ goto fatal;
+ }
+ rar->unp_offset += length;
+ if (rar->unp_offset >= rar->unp_buffer_size)
+@@ -3140,6 +3143,11 @@ copy_from_lzss_window_to_unp(struct arch
+ else
+ *buffer = NULL;
+ return (ARCHIVE_OK);
++
++fatal:
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Bad RAR file data");
++ return (ARCHIVE_FATAL);
+ }
+
+ static const void *
diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
index 6e406611f9..80b2e49eac 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
@@ -33,7 +33,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
SRC_URI += "file://configurehack.patch \
file://CVE-2024-48957.patch \
file://CVE-2024-48958.patch \
- "
+ file://CVE-2024-20696.patch \
+ "
UPSTREAM_CHECK_URI = "http://libarchive.org/"
SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 18/25] python3: upgrade 3.12.6 -> 3.12.7
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (16 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 17/25] libarchive: Fix CVE-2024-20696 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 19/25] python3: upgrade 3.12.7 -> 3.12.8 Steve Sakoman
` (6 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudni.m.g@gmail.com>
Changelog:
https://docs.python.org/release/3.12.7/whatsnew/changelog.html#python-3-12-7
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...void-shebang-overflow-on-python-config.py.patch | 6 +++---
...handle-stdin-I-O-errors-same-way-as-maste.patch | 3 +--
...ig.py-use-prefix-value-from-build-configu.patch | 3 +--
...e-use-qemu-wrapper-when-gathering-profile.patch | 6 +++---
...ng-tests-due-to-load-variability-on-YP-AB.patch | 8 ++++----
...ate-test_sysconfig-for-posix_user-purelib.patch | 7 +++----
...arfile-treat-overflow-in-UID-GID-as-failu.patch | 9 +++------
...-cc_basename-to-replace-CC-for-checking-c.patch | 14 +++++++-------
...tdout_fileno-test-due-to-load-variability.patch | 6 +++---
...config.py-use-platlibdir-also-for-purelib.patch | 3 +--
...est_active_children-skip-problematic-test.patch | 9 +++------
...t_ctypes.test_find-skip-without-tools-sdk.patch | 5 ++---
.../0001-test_deadlock-skip-problematic-test.patch | 9 +++------
..._locale.py-correct-the-test-output-format.patch | 7 +++----
...1-test_readline-skip-limited-history-test.patch | 14 +++++++-------
.../0001-test_shutdown-skip-problematic-test.patch | 11 ++++-------
...st_storlines-skip-due-to-load-variability.patch | 5 ++---
...c-setup.py-do-not-add-a-curses-include-pa.patch | 6 +++---
meta/recipes-devtools/python/python3/cgi_py.patch | 3 +--
.../python/python3/crosspythonpath.patch | 5 ++---
.../python/python3/deterministic_imports.patch | 5 ++---
.../recipes-devtools/python/python3/makerace.patch | 6 +++---
.../{python3_3.12.6.bb => python3_3.12.7.bb} | 2 +-
23 files changed, 65 insertions(+), 87 deletions(-)
rename meta/recipes-devtools/python/{python3_3.12.6.bb => python3_3.12.7.bb} (99%)
diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index 0d807db39f..4110774193 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -1,4 +1,4 @@
-From 365399f17d35719d828ddd49182dcb401fb7791c Mon Sep 17 00:00:00 2001
+From 733b46f11d311290e37fcb30f08c47660b888d22 Mon Sep 17 00:00:00 2001
From: Paulo Neves <ptsneves@gmail.com>
Date: Tue, 7 Jun 2022 16:16:41 +0200
Subject: [PATCH] Avoid shebang overflow on python-config.py
@@ -16,10 +16,10 @@ Upstream-Status: Denied [distribution]
1 file changed, 2 insertions(+)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 77bf09a..6353c57 100644
+index b1c5413..e88f301 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2339,6 +2339,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2349,6 +2349,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
@ # Substitution happens here, as the completely-expanded BINDIR
@ # is not available in configure
sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index 026150f0e2..0ae6283840 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From f8a664cf1fc73e381d57d6927207286059744837 Mon Sep 17 00:00:00 2001
+From c6ba19a4cfdb0a5b137b91ef761f654b70776a47 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Thu, 16 Sep 2021 16:35:37 +0200
Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
@@ -24,7 +24,6 @@ So let's treat both channels the same.
Upstream-Status: Submitted [https://github.com/python/cpython/pull/28388]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
---
Lib/pty.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index 680254fab9..981531139a 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From 71c194077bb907bfe423d3f3275f33a6c8ca0e74 Mon Sep 17 00:00:00 2001
+From d325a4e1fde5bd817c88f37d5e7b6e93a3bad077 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 17 Nov 2023 14:26:32 +0100
Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
@@ -9,7 +9,6 @@ native python.
Upstream-Status: Inappropriate [oe-core cross builds]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
---
Lib/sysconfig.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
index ee33128fa1..881986d322 100644
--- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
+++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
@@ -1,4 +1,4 @@
-From 38278339832a57dbf5fa3ef21accaa03e2c814d7 Mon Sep 17 00:00:00 2001
+From a727a950023b9384955c912f4975d36a8d7913b4 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 30 Jan 2019 12:41:04 +0100
Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data
@@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index dd5e69f..381feb0 100644
+index 0e64ccc..23e20e9 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -658,8 +658,7 @@ profile-run-stamp:
+@@ -660,8 +660,7 @@ profile-run-stamp:
# enabled.
$(MAKE) profile-gen-stamp
# Next, run the profile task to generate the profile information.
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index 197daa71a5..22c42e37ab 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -1,4 +1,4 @@
-From 3471e3478e0760c42e04f8046cee2367ab5706d2 Mon Sep 17 00:00:00 2001
+From 6b0088a3d222b7fe5304f6bc0d6b15d3c41e68f3 Mon Sep 17 00:00:00 2001
From: Yi Fan Yu <yifan.yu@windriver.com>
Date: Thu, 1 Apr 2021 13:08:37 -0700
Subject: [PATCH] Skip failing tests due to load variability on YP AB
@@ -23,7 +23,7 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
2 files changed, 5 insertions(+)
diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index e42c7ab..dff5227 100644
+index aac74ea..3470bc5 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
@@ -682,6 +682,7 @@ class _TestProcess(BaseTestCase):
@@ -34,7 +34,7 @@ index e42c7ab..dff5227 100644
def test_many_processes(self):
if self.TYPE == 'threads':
self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2066,6 +2067,7 @@ class _TestBarrier(BaseTestCase):
+@@ -2083,6 +2084,7 @@ class _TestBarrier(BaseTestCase):
except threading.BrokenBarrierError:
results.append(True)
@@ -42,7 +42,7 @@ index e42c7ab..dff5227 100644
def test_timeout(self):
"""
Test wait(timeout)
-@@ -5024,6 +5026,7 @@ class TestWait(unittest.TestCase):
+@@ -5080,6 +5082,7 @@ class TestWait(unittest.TestCase):
time.sleep(period)
@support.requires_resource('walltime')
diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
index b6c6ac5a28..9a2634ac9b 100644
--- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
@@ -1,4 +1,4 @@
-From 37d058e841ba3bd89b5746cc5381afb014b11581 Mon Sep 17 00:00:00 2001
+From f0b18f1b3b3d5b40d65e08a184f4e3463745b891 Mon Sep 17 00:00:00 2001
From: Wentao Zhang <wentao.zhang@windriver.com>
Date: Mon, 20 Mar 2023 13:39:52 +0800
Subject: [PATCH] Update test_sysconfig for posix_user purelib
@@ -17,16 +17,15 @@ Update test_sysconfig.test_user_similar() for the posix_user scheme:
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
-
---
Lib/test/test_sysconfig.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
-index b6dbf3d..5672590 100644
+index 1137c20..f5c8980 100644
--- a/Lib/test/test_sysconfig.py
+++ b/Lib/test/test_sysconfig.py
-@@ -372,7 +372,7 @@ class TestSysConfig(unittest.TestCase):
+@@ -381,7 +381,7 @@ class TestSysConfig(unittest.TestCase):
expected = os.path.normpath(global_path.replace(base, user, 1))
# bpo-44860: platlib of posix_user doesn't use sys.platlibdir,
# whereas posix_prefix does.
diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
index 88b84c6024..b4de257d1e 100644
--- a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
+++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
@@ -1,4 +1,4 @@
-From 999d4e74d34afa233ad8ad0c70b989d77a21957f Mon Sep 17 00:00:00 2001
+From 73960393a559d0de5edf07b022d182cac54df9dc Mon Sep 17 00:00:00 2001
From: Petr Viktorin <encukou@gmail.com>
Date: Wed, 23 Aug 2023 20:00:07 +0200
Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to
@@ -13,10 +13,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
-index 3bbbcaa..473167d 100755
+index 0a0f31e..4dfb67d 100755
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
-@@ -2557,7 +2557,8 @@ class TarFile(object):
+@@ -2590,7 +2590,8 @@ class TarFile(object):
os.lchown(targetpath, u, g)
else:
os.chown(targetpath, u, g)
@@ -35,6 +35,3 @@ index 0000000..ffca413
+:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on
+an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to
+set the ID.
---
-2.45.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
index bbeabe4389..7997811228 100644
--- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
+++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
@@ -1,4 +1,4 @@
-From ababc7b1db8c406910766e11cdd04cbef7a706c9 Mon Sep 17 00:00:00 2001
+From f834492007487e9e87b3d3f1f3c5cc440e6ec5e2 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 22 Oct 2018 15:19:51 +0800
Subject: [PATCH] python3: use cc_basename to replace CC for checking compiler
@@ -26,7 +26,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 384718d..5a1d58b 100644
+index d0d5405..093f8b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,6 +137,7 @@ AC_CONFIG_HEADERS([pyconfig.h])
@@ -73,7 +73,7 @@ index 384718d..5a1d58b 100644
*clang*)
# Any changes made here should be reflected in the GCC+Darwin case below
PGO_PROF_GEN_FLAG="-fprofile-instr-generate"
-@@ -2147,7 +2148,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
+@@ -2155,7 +2156,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
# compiler and platform. BASECFLAGS tweaks need to be made even if the
# user set OPT.
@@ -82,7 +82,7 @@ index 384718d..5a1d58b 100644
*clang*)
cc_is_clang=1
;;
-@@ -2419,7 +2420,7 @@ yes)
+@@ -2427,7 +2428,7 @@ yes)
# ICC doesn't recognize the option, but only emits a warning
## XXX does it emit an unused result warning and can it be disabled?
@@ -91,7 +91,7 @@ index 384718d..5a1d58b 100644
[*icc*], [ac_cv_disable_unused_result_warning=no]
[PY_CHECK_CC_WARNING([disable], [unused-result])])
AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes],
-@@ -2665,7 +2666,7 @@ yes)
+@@ -2673,7 +2674,7 @@ yes)
;;
esac
@@ -100,7 +100,7 @@ index 384718d..5a1d58b 100644
*mpicc*)
CFLAGS_NODIST="$CFLAGS_NODIST"
;;
-@@ -3482,7 +3483,7 @@ then
+@@ -3508,7 +3509,7 @@ then
then
LINKFORSHARED="-Wl,--export-dynamic"
fi;;
@@ -109,7 +109,7 @@ index 384718d..5a1d58b 100644
*gcc*)
if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null
then
-@@ -6803,7 +6804,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
+@@ -6831,7 +6832,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
# Some versions of gcc miscompile inline asm:
# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491
# http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
index 2d7bca6a77..94f7744c09 100644
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From 217cea231462e7703e8c9ea39c0a6833f799a420 Mon Sep 17 00:00:00 2001
+From 642205e1f728873b16debc24c2938339d31be6a9 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Fri, 15 Sep 2023 08:48:33 -0400
Subject: [PATCH] skip no_stdout_fileno test due to load variability
@@ -16,10 +16,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
1 file changed, 1 insertion(+)
diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
-index 4d03c46..b329b7a 100644
+index c71c568..e41ab5e 100644
--- a/Lib/test/test_builtin.py
+++ b/Lib/test/test_builtin.py
-@@ -2326,6 +2326,7 @@ class PtyTests(unittest.TestCase):
+@@ -2352,6 +2352,7 @@ class PtyTests(unittest.TestCase):
# Check stdin/stdout error handler is used when invoking PyOS_Readline()
self.check_input_tty("prompté", b"quux\xe9", "ascii")
diff --git a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
index fc52fdac26..3e8e9648c6 100644
--- a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
@@ -1,4 +1,4 @@
-From a5d429a0e1a4809c1ded7be7e45dcabeb82c53d8 Mon Sep 17 00:00:00 2001
+From fac0f14fd34386e47bab71c0043ea55b507ae39c Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Sun, 12 Sep 2021 21:44:36 +0200
Subject: [PATCH] sysconfig.py: use platlibdir also for purelib
@@ -8,7 +8,6 @@ is not correct.
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
---
Lib/sysconfig.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
index 6ebbaf10e0..a27024c42f 100644
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From bf3eb28bba24509a3e1cd40f1f0e26db833779a2 Mon Sep 17 00:00:00 2001
+From 7f75355e27ee7f25391523294e4c6653edf554f8 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Thu, 13 Jun 2024 10:54:31 -0400
Subject: [PATCH] test_active_children: skip problematic test
@@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
1 file changed, 1 insertion(+)
diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index 3955123455..a1861fa3a0 100644
+index 3470bc5..0e42ac1 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -579,6 +579,7 @@ def test_cpu_count(self):
+@@ -579,6 +579,7 @@ class _TestProcess(BaseTestCase):
self.assertTrue(type(cpus) is int)
self.assertTrue(cpus >= 1)
@@ -25,6 +25,3 @@ index 3955123455..a1861fa3a0 100644
def test_active_children(self):
self.assertEqual(type(self.active_children()), list)
---
-2.45.2
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index b4fe946cba..6bf514fca8 100644
--- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -1,4 +1,4 @@
-From b64c131a576a4b4f821514e711ab91b1394fb4ff Mon Sep 17 00:00:00 2001
+From 174ef9a40c9f4373fd90b00425fd94a89f96dbf9 Mon Sep 17 00:00:00 2001
From: Tim Orling <timothy.t.orling@intel.com>
Date: Fri, 18 Jun 2021 11:56:50 -0700
Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk
@@ -10,13 +10,12 @@ easiest way to dynamically check for that is looking for
Upstream-Status: Inappropriate [oe-specific]
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
-
---
Lib/test/test_ctypes/test_find.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Lib/test/test_ctypes/test_find.py b/Lib/test/test_ctypes/test_find.py
-index 1ff9d01..59def26 100644
+index a41e949..eb5fe19 100644
--- a/Lib/test/test_ctypes/test_find.py
+++ b/Lib/test/test_ctypes/test_find.py
@@ -113,10 +113,12 @@ class FindLibraryLinux(unittest.TestCase):
diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
index f0a7cfd39b..d8ca7f9b79 100644
--- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From d7e3f26e7094fbe20e2271d75f18ac3b23a67f58 Mon Sep 17 00:00:00 2001
+From 621ba76ef956708cdaf4fd5bc0e25aa59d427c5b Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Wed, 12 Jun 2024 10:29:03 -0400
Subject: [PATCH] test_deadlock: skip problematic test
@@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
1 file changed, 1 insertion(+)
diff --git a/Lib/test/test_concurrent_futures/test_deadlock.py b/Lib/test/test_concurrent_futures/test_deadlock.py
-index 1db4cd0099..fd07895a17 100644
+index e8cd8f6..021906b 100644
--- a/Lib/test/test_concurrent_futures/test_deadlock.py
+++ b/Lib/test/test_concurrent_futures/test_deadlock.py
-@@ -90,6 +90,7 @@ def __reduce__(self):
+@@ -90,6 +90,7 @@ class ErrorAtUnpickle(object):
return _raise_error_ignore_stderr, (UnpicklingError, )
@@ -25,6 +25,3 @@ index 1db4cd0099..fd07895a17 100644
class ExecutorDeadlockTest:
TIMEOUT = support.LONG_TIMEOUT
---
-2.45.2
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
index 410a9fc7f1..d0f4dc14bc 100644
--- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
@@ -1,4 +1,4 @@
-From ef5728f0af14da5c9f80b0f038fe5bf6d44cb0e9 Mon Sep 17 00:00:00 2001
+From d74e5f24b574fa4d571a64e647c916a7ebe26b3e Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Mon, 5 Aug 2019 15:57:39 +0800
Subject: [PATCH] test_locale.py: correct the test output format
@@ -26,16 +26,15 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132]
Rebased for 3.9.4, still not accepted upstream Signed-off-by: Alejandro Hernandez <alejandro@enedino.org>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
-
---
Lib/test/test_locale.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py
-index b0d7998..cb12153 100644
+index cde80a4..e8ffd71 100644
--- a/Lib/test/test_locale.py
+++ b/Lib/test/test_locale.py
-@@ -557,7 +557,7 @@ class TestMiscellaneous(unittest.TestCase):
+@@ -561,7 +561,7 @@ class TestMiscellaneous(unittest.TestCase):
self.skipTest('test needs Turkish locale')
loc = locale.getlocale(locale.LC_CTYPE)
if verbose:
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index e8d297c721..f4efd1ecff 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -1,4 +1,4 @@
-From d9d916d5ea946c945323679d1709de1b87029b96 Mon Sep 17 00:00:00 2001
+From bc5c70dc2a2fcfe51481de0ad800baa849592222 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Tue, 13 Aug 2024 11:07:05 -0400
Subject: [PATCH] test_readline: skip limited history test
@@ -16,11 +16,11 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Lib/test/test_readline.py | 2 ++
1 file changed, 2 insertions(+)
-Index: Python-3.12.6/Lib/test/test_readline.py
-===================================================================
---- Python-3.12.6.orig/Lib/test/test_readline.py
-+++ Python-3.12.6/Lib/test/test_readline.py
-@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest.
+diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
+index fab124a..291dd48 100644
+--- a/Lib/test/test_readline.py
++++ b/Lib/test/test_readline.py
+@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest.TestCase):
self.assertEqual(readline.get_history_item(1), "entrée 1")
self.assertEqual(readline.get_history_item(2), "entrée 22")
@@ -28,7 +28,7 @@ Index: Python-3.12.6/Lib/test/test_readline.py
def test_write_read_limited_history(self):
previous_length = readline.get_history_length()
self.addCleanup(readline.set_history_length, previous_length)
-@@ -371,6 +372,7 @@ readline.write_history_file(history_file
+@@ -371,6 +372,7 @@ readline.write_history_file(history_file)
self.assertIn(b"done", output)
diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
index 1d4cda18b1..e8d70cdc1b 100644
--- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From 9d4cdbde100798ba9fa1cf3f82dbaf18fd10a543 Mon Sep 17 00:00:00 2001
+From b637ac8f58d17bc8888b2027a572c87531a4539d Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Wed, 8 May 2024 11:58:09 -0400
Subject: [PATCH] test_shutdown: skip problematic test
@@ -14,7 +14,7 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
1 file changed, 3 insertions(+)
diff --git a/Lib/test/test_concurrent_futures/test_shutdown.py b/Lib/test/test_concurrent_futures/test_shutdown.py
-index 7a4065afd4..6b878a48bf 100644
+index 7a4065a..6b878a4 100644
--- a/Lib/test/test_concurrent_futures/test_shutdown.py
+++ b/Lib/test/test_concurrent_futures/test_shutdown.py
@@ -20,6 +20,7 @@ def sleep_and_print(t, msg):
@@ -25,7 +25,7 @@ index 7a4065afd4..6b878a48bf 100644
class ExecutorShutdownTest:
def test_run_after_shutdown(self):
self.executor.shutdown()
-@@ -156,6 +157,7 @@ def timeout(_signum, _frame):
+@@ -156,6 +157,7 @@ class ExecutorShutdownTest:
signal.signal(signal.SIGALRM, old_handler)
@@ -33,7 +33,7 @@ index 7a4065afd4..6b878a48bf 100644
class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase):
def test_threads_terminate(self):
def acquire_lock(lock):
-@@ -252,6 +254,7 @@ def test_cancel_futures_wait_false(self):
+@@ -252,6 +254,7 @@ class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase
self.assertIn(out.strip(), [b"apple", b""])
@@ -41,6 +41,3 @@ index 7a4065afd4..6b878a48bf 100644
class ProcessPoolShutdownTest(ExecutorShutdownTest):
def test_processes_terminate(self):
def acquire_lock(lock):
---
-2.45.0
-
diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
index 0d0eb08459..a4c9abd8b9 100644
--- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From dc69a1afdb3ba619705ff71e14f19ed3142e422f Mon Sep 17 00:00:00 2001
+From 1a1e5c30021a200b2dc853690dbf1edfba9ca262 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Fri, 6 Oct 2023 10:59:44 -0400
Subject: [PATCH] test_storlines: skip due to load variability
@@ -11,13 +11,12 @@ Upstream-Status: Inappropriate [OE-Specific]
[YOCTO #14933]
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
-
---
Lib/test/test_ftplib.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
-index 2f191ea..dc29346 100644
+index 4c4a449..b8c79a4 100644
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@@ -626,6 +626,7 @@ class TestFTPClass(TestCase):
diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
index 0661249bfd..5c5603c956 100644
--- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
+++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
@@ -1,4 +1,4 @@
-From d0205c60d08f51d84bd8ddc07a57e8c71710fdad Mon Sep 17 00:00:00 2001
+From 8543ad744a2839acf1f4eec967acd645fd89d1a7 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 17 Nov 2023 14:16:40 +0100
Subject: [PATCH] configure.ac: do not add a curses include path from the host
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac
-index c49cd4f..affdedf 100644
+index cdc54e5..d163c73 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -6508,12 +6508,6 @@ AS_VAR_IF([have_panel], [no], [
+@@ -6536,12 +6536,6 @@ AS_VAR_IF([have_panel], [no], [
AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)])
])
diff --git a/meta/recipes-devtools/python/python3/cgi_py.patch b/meta/recipes-devtools/python/python3/cgi_py.patch
index 8262c88e73..b1f2b71c2a 100644
--- a/meta/recipes-devtools/python/python3/cgi_py.patch
+++ b/meta/recipes-devtools/python/python3/cgi_py.patch
@@ -1,4 +1,4 @@
-From a56778372fe8dc7c42f5ffd911d89498c22dd064 Mon Sep 17 00:00:00 2001
+From 8e6dc9fe684b27988b5aca3f760f02343aa95951 Mon Sep 17 00:00:00 2001
From: Mark Hatle <mark.hatle@windriver.com>
Date: Wed, 21 Sep 2011 20:55:33 -0500
Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment
@@ -6,7 +6,6 @@ Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment
Upstream-Status: Inappropriate [distribution]
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-
---
Lib/cgi.py | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/meta/recipes-devtools/python/python3/crosspythonpath.patch b/meta/recipes-devtools/python/python3/crosspythonpath.patch
index 2c4aef0511..91ef3fe674 100644
--- a/meta/recipes-devtools/python/python3/crosspythonpath.patch
+++ b/meta/recipes-devtools/python/python3/crosspythonpath.patch
@@ -1,4 +1,4 @@
-From 5b66463c10fec1440e977d5a21a0167862d6d79c Mon Sep 17 00:00:00 2001
+From 1bc93167c48876d77ce424415e87573a062b8f2a Mon Sep 17 00:00:00 2001
From: Ricardo Ribalda <ricardo@ribalda.com>
Date: Tue, 18 Nov 2014 03:35:33 -0500
Subject: [PATCH] configure.ac: add CROSSPYTHONPATH into PYTHONPATH for
@@ -14,13 +14,12 @@ Upstream-Status: Inappropriate [OE-Core integration specific]
Credits-to: Mark Hatle <mark.hatle@windriver.com>
Credits-to: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
-
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index cb9e198..d81c19a 100644
+index 093f8b5..cdc54e5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,7 +165,7 @@ AC_ARG_WITH([build-python],
diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch
index 2de6ae2e98..9ae4af36ec 100644
--- a/meta/recipes-devtools/python/python3/deterministic_imports.patch
+++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch
@@ -1,4 +1,4 @@
-From 039d5e652796b55f1132afa568c7432b6ed89afd Mon Sep 17 00:00:00 2001
+From 38e732371ac234c3f0e6310d6dbc7ddc7f458535 Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Fri, 27 May 2022 17:05:44 +0100
Subject: [PATCH] python3: Ensure stale empty python module directories don't
@@ -13,13 +13,12 @@ As a result, patch this to a behaviour which works for us.
Upstream-Status: Submitted [https://github.com/python/cpython/issues/120492; need to first talk to upstream to see if they'll take one or both fixes]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
---
Lib/importlib/metadata/__init__.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py
-index 82e0ce1..969cac4 100644
+index e6ca178..ac5a75b 100644
--- a/Lib/importlib/metadata/__init__.py
+++ b/Lib/importlib/metadata/__init__.py
@@ -710,7 +710,14 @@ class Lookup:
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index c1b20703e6..e9494b555d 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 9f827c29adbe656af3c8fc963fdd8f47aec0c442 Mon Sep 17 00:00:00 2001
+From 08c7867a02d26aac41764b915dc925343305e7af Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue, 13 Jul 2021 23:19:29 +0100
Subject: [PATCH] python3: Fix make race
@@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 381feb0..77bf09a 100644
+index 23e20e9..b1c5413 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2250,7 +2250,7 @@ COMPILEALL_OPTS=-j0
+@@ -2260,7 +2260,7 @@ COMPILEALL_OPTS=-j0
TEST_MODULES=@TEST_MODULES@
.PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3_3.12.6.bb b/meta/recipes-devtools/python/python3_3.12.7.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.12.6.bb
rename to meta/recipes-devtools/python/python3_3.12.7.bb
index 63a3134b36..e2fdc18112 100644
--- a/meta/recipes-devtools/python/python3_3.12.6.bb
+++ b/meta/recipes-devtools/python/python3_3.12.7.bb
@@ -40,7 +40,7 @@ SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
"
-SRC_URI[sha256sum] = "1999658298cf2fb837dffed8ff3c033ef0c98ef20cf73c5d5f66bed5ab89697c"
+SRC_URI[sha256sum] = "24887b92e2afd4a2ac602419ad4b596372f67ac9b077190f459aba390faf5550"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 19/25] python3: upgrade 3.12.7 -> 3.12.8
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (17 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 18/25] python3: upgrade 3.12.6 -> 3.12.7 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 20/25] libxml2: Upgrade 2.12.8 -> 2.12.9 Steve Sakoman
` (5 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudni.m.g@gmail.com>
Changelog:
https://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...shebang-overflow-on-python-config.py.patch | 6 +++---
...e-stdin-I-O-errors-same-way-as-maste.patch | 2 +-
...-use-prefix-value-from-build-configu.patch | 4 ++--
...-qemu-wrapper-when-gathering-profile.patch | 4 ++--
...sts-due-to-load-variability-on-YP-AB.patch | 16 +++++++--------
...est_sysconfig-for-posix_user-purelib.patch | 6 +++---
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
...asename-to-replace-CC-for-checking-c.patch | 20 +++++++++----------
..._fileno-test-due-to-load-variability.patch | 2 +-
...g.py-use-platlibdir-also-for-purelib.patch | 4 ++--
...ctive_children-skip-problematic-test.patch | 6 +++---
...pes.test_find-skip-without-tools-sdk.patch | 2 +-
...-test_deadlock-skip-problematic-test.patch | 2 +-
...le.py-correct-the-test-output-format.patch | 2 +-
...t_readline-skip-limited-history-test.patch | 2 +-
...-test_shutdown-skip-problematic-test.patch | 2 +-
...orlines-skip-due-to-load-variability.patch | 2 +-
...up.py-do-not-add-a-curses-include-pa.patch | 6 +++---
.../python/python3/cgi_py.patch | 2 +-
.../python/python3/crosspythonpath.patch | 4 ++--
.../python3/deterministic_imports.patch | 2 +-
.../python/python3/makerace.patch | 6 +++---
.../{python3_3.12.7.bb => python3_3.12.8.bb} | 2 +-
23 files changed, 53 insertions(+), 53 deletions(-)
rename meta/recipes-devtools/python/{python3_3.12.7.bb => python3_3.12.8.bb} (99%)
diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index 4110774193..3311a90bda 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -1,4 +1,4 @@
-From 733b46f11d311290e37fcb30f08c47660b888d22 Mon Sep 17 00:00:00 2001
+From e8bd4f8ee56cbb12a61c1dcabf35a1835a863132 Mon Sep 17 00:00:00 2001
From: Paulo Neves <ptsneves@gmail.com>
Date: Tue, 7 Jun 2022 16:16:41 +0200
Subject: [PATCH] Avoid shebang overflow on python-config.py
@@ -16,10 +16,10 @@ Upstream-Status: Denied [distribution]
1 file changed, 2 insertions(+)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index b1c5413..e88f301 100644
+index 2d235d2..1ac2263 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2349,6 +2349,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2354,6 +2354,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
@ # Substitution happens here, as the completely-expanded BINDIR
@ # is not available in configure
sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index 0ae6283840..5ca09c6f3c 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From c6ba19a4cfdb0a5b137b91ef761f654b70776a47 Mon Sep 17 00:00:00 2001
+From bbfb7fdf01f0502c7bf3d418f3a912ea76c93f24 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Thu, 16 Sep 2021 16:35:37 +0200
Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index 981531139a..1b9f3565d3 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From d325a4e1fde5bd817c88f37d5e7b6e93a3bad077 Mon Sep 17 00:00:00 2001
+From c739bf214b9dd6060db216b79077806fccb582ae Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 17 Nov 2023 14:26:32 +0100
Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
@@ -14,7 +14,7 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
1 file changed, 5 insertions(+)
diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
-index 79c0510..91ebcb6 100644
+index 6258b68..d59ec6e 100644
--- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py
@@ -668,6 +668,11 @@ def _init_config_vars():
diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
index 881986d322..b78f619958 100644
--- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
+++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
@@ -1,4 +1,4 @@
-From a727a950023b9384955c912f4975d36a8d7913b4 Mon Sep 17 00:00:00 2001
+From b9081b2e21983f2a828bc40a47ab278ef69f4dfe Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 30 Jan 2019 12:41:04 +0100
Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data
@@ -10,7 +10,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 0e64ccc..23e20e9 100644
+index 083f4c7..dce36a5 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -660,8 +660,7 @@ profile-run-stamp:
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index 22c42e37ab..6779dd515a 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -1,4 +1,4 @@
-From 6b0088a3d222b7fe5304f6bc0d6b15d3c41e68f3 Mon Sep 17 00:00:00 2001
+From b4014e3d1d9e38b25f2840e65e2acd757f3e5d41 Mon Sep 17 00:00:00 2001
From: Yi Fan Yu <yifan.yu@windriver.com>
Date: Thu, 1 Apr 2021 13:08:37 -0700
Subject: [PATCH] Skip failing tests due to load variability on YP AB
@@ -23,10 +23,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
2 files changed, 5 insertions(+)
diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index aac74ea..3470bc5 100644
+index 3b4415b..1f94dec 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -682,6 +682,7 @@ class _TestProcess(BaseTestCase):
+@@ -688,6 +688,7 @@ class _TestProcess(BaseTestCase):
close_queue(q)
@support.requires_resource('walltime')
@@ -34,7 +34,7 @@ index aac74ea..3470bc5 100644
def test_many_processes(self):
if self.TYPE == 'threads':
self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2083,6 +2084,7 @@ class _TestBarrier(BaseTestCase):
+@@ -2211,6 +2212,7 @@ class _TestBarrier(BaseTestCase):
except threading.BrokenBarrierError:
results.append(True)
@@ -42,7 +42,7 @@ index aac74ea..3470bc5 100644
def test_timeout(self):
"""
Test wait(timeout)
-@@ -5080,6 +5082,7 @@ class TestWait(unittest.TestCase):
+@@ -5208,6 +5210,7 @@ class TestWait(unittest.TestCase):
time.sleep(period)
@support.requires_resource('walltime')
@@ -51,10 +51,10 @@ index aac74ea..3470bc5 100644
from multiprocessing.connection import wait
diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
-index 02cc3f4..51a4548 100644
+index 9463add..4e0f39d 100644
--- a/Lib/test/test_time.py
+++ b/Lib/test/test_time.py
-@@ -492,6 +492,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -527,6 +527,7 @@ class TimeTestCase(unittest.TestCase):
@unittest.skipIf(
support.is_wasi, "process_time not available on WASI"
)
@@ -62,7 +62,7 @@ index 02cc3f4..51a4548 100644
def test_process_time(self):
# process_time() should not include time spend during a sleep
start = time.process_time()
-@@ -505,6 +506,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -540,6 +541,7 @@ class TimeTestCase(unittest.TestCase):
self.assertTrue(info.monotonic)
self.assertFalse(info.adjustable)
diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
index 9a2634ac9b..08142617c0 100644
--- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch
@@ -1,4 +1,4 @@
-From f0b18f1b3b3d5b40d65e08a184f4e3463745b891 Mon Sep 17 00:00:00 2001
+From 5224cc0ac21f4c2574c24e0fee38b145ca15175b Mon Sep 17 00:00:00 2001
From: Wentao Zhang <wentao.zhang@windriver.com>
Date: Mon, 20 Mar 2023 13:39:52 +0800
Subject: [PATCH] Update test_sysconfig for posix_user purelib
@@ -22,10 +22,10 @@ Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
-index 1137c20..f5c8980 100644
+index 3468d0c..9ff174c 100644
--- a/Lib/test/test_sysconfig.py
+++ b/Lib/test/test_sysconfig.py
-@@ -381,7 +381,7 @@ class TestSysConfig(unittest.TestCase):
+@@ -390,7 +390,7 @@ class TestSysConfig(unittest.TestCase):
expected = os.path.normpath(global_path.replace(base, user, 1))
# bpo-44860: platlib of posix_user doesn't use sys.platlibdir,
# whereas posix_prefix does.
diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
index b4de257d1e..5c74443e62 100644
--- a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
+++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
@@ -1,4 +1,4 @@
-From 73960393a559d0de5edf07b022d182cac54df9dc Mon Sep 17 00:00:00 2001
+From 6e3868c8c330f997bc242a8d51d742baac449ecc Mon Sep 17 00:00:00 2001
From: Petr Viktorin <encukou@gmail.com>
Date: Wed, 23 Aug 2023 20:00:07 +0200
Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to
diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
index 7997811228..c9ef409018 100644
--- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
+++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
@@ -1,4 +1,4 @@
-From f834492007487e9e87b3d3f1f3c5cc440e6ec5e2 Mon Sep 17 00:00:00 2001
+From 82576cdb9d6d9736ba122592974b0e7727216a3f Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 22 Oct 2018 15:19:51 +0800
Subject: [PATCH] python3: use cc_basename to replace CC for checking compiler
@@ -26,7 +26,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
-index d0d5405..093f8b5 100644
+index 9270b5f..955daad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,6 +137,7 @@ AC_CONFIG_HEADERS([pyconfig.h])
@@ -46,7 +46,7 @@ index d0d5405..093f8b5 100644
gcc) AC_PATH_TOOL([CXX], [g++], [g++], [notfound]) ;;
cc) AC_PATH_TOOL([CXX], [c++], [c++], [notfound]) ;;
clang|*/clang) AC_PATH_TOOL([CXX], [clang++], [clang++], [notfound]) ;;
-@@ -1328,7 +1329,7 @@ rmdir CaseSensitiveTestDir
+@@ -1331,7 +1332,7 @@ rmdir CaseSensitiveTestDir
case $ac_sys_system in
hp*|HP*)
@@ -55,7 +55,7 @@ index d0d5405..093f8b5 100644
cc|*/cc) CC="$CC -Ae";;
esac;;
esac
-@@ -1854,7 +1855,7 @@ esac
+@@ -1857,7 +1858,7 @@ esac
],
[AC_MSG_RESULT([no])])
if test "$Py_LTO" = 'true' ; then
@@ -64,7 +64,7 @@ index d0d5405..093f8b5 100644
*clang*)
LDFLAGS_NOLTO="-fno-lto"
dnl Clang linker requires -flto in order to link objects with LTO information.
-@@ -1983,7 +1984,7 @@ then
+@@ -1986,7 +1987,7 @@ then
fi
fi
LLVM_PROF_ERR=no
@@ -73,7 +73,7 @@ index d0d5405..093f8b5 100644
*clang*)
# Any changes made here should be reflected in the GCC+Darwin case below
PGO_PROF_GEN_FLAG="-fprofile-instr-generate"
-@@ -2155,7 +2156,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
+@@ -2158,7 +2159,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
# compiler and platform. BASECFLAGS tweaks need to be made even if the
# user set OPT.
@@ -82,7 +82,7 @@ index d0d5405..093f8b5 100644
*clang*)
cc_is_clang=1
;;
-@@ -2427,7 +2428,7 @@ yes)
+@@ -2430,7 +2431,7 @@ yes)
# ICC doesn't recognize the option, but only emits a warning
## XXX does it emit an unused result warning and can it be disabled?
@@ -91,7 +91,7 @@ index d0d5405..093f8b5 100644
[*icc*], [ac_cv_disable_unused_result_warning=no]
[PY_CHECK_CC_WARNING([disable], [unused-result])])
AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes],
-@@ -2673,7 +2674,7 @@ yes)
+@@ -2676,7 +2677,7 @@ yes)
;;
esac
@@ -100,7 +100,7 @@ index d0d5405..093f8b5 100644
*mpicc*)
CFLAGS_NODIST="$CFLAGS_NODIST"
;;
-@@ -3508,7 +3509,7 @@ then
+@@ -3511,7 +3512,7 @@ then
then
LINKFORSHARED="-Wl,--export-dynamic"
fi;;
@@ -109,7 +109,7 @@ index d0d5405..093f8b5 100644
*gcc*)
if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null
then
-@@ -6831,7 +6832,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
+@@ -6832,7 +6833,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
# Some versions of gcc miscompile inline asm:
# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491
# http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
index 94f7744c09..e105f36eca 100644
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From 642205e1f728873b16debc24c2938339d31be6a9 Mon Sep 17 00:00:00 2001
+From 5944f707fc04fb65caec3f0e1ce3a42169426c47 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Fri, 15 Sep 2023 08:48:33 -0400
Subject: [PATCH] skip no_stdout_fileno test due to load variability
diff --git a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
index 3e8e9648c6..c7ac43cc85 100644
--- a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
+++ b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
@@ -1,4 +1,4 @@
-From fac0f14fd34386e47bab71c0043ea55b507ae39c Mon Sep 17 00:00:00 2001
+From 3aeeddb1325679d5c0471ad86806e92e72187138 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Sun, 12 Sep 2021 21:44:36 +0200
Subject: [PATCH] sysconfig.py: use platlibdir also for purelib
@@ -13,7 +13,7 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
-index 122d441..79c0510 100644
+index 517b13a..6258b68 100644
--- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py
@@ -28,7 +28,7 @@ _INSTALL_SCHEMES = {
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
index a27024c42f..164c8b5180 100644
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From 7f75355e27ee7f25391523294e4c6653edf554f8 Mon Sep 17 00:00:00 2001
+From a83311a1030b816f422dbb4457fc38c1289c224d Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Thu, 13 Jun 2024 10:54:31 -0400
Subject: [PATCH] test_active_children: skip problematic test
@@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
1 file changed, 1 insertion(+)
diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py
-index 3470bc5..0e42ac1 100644
+index 1f94dec..3632219 100644
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -579,6 +579,7 @@ class _TestProcess(BaseTestCase):
+@@ -585,6 +585,7 @@ class _TestProcess(BaseTestCase):
self.assertTrue(type(cpus) is int)
self.assertTrue(cpus >= 1)
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index 6bf514fca8..307e4bf306 100644
--- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -1,4 +1,4 @@
-From 174ef9a40c9f4373fd90b00425fd94a89f96dbf9 Mon Sep 17 00:00:00 2001
+From fbbf04dbeae217b985073263499174960e5fd142 Mon Sep 17 00:00:00 2001
From: Tim Orling <timothy.t.orling@intel.com>
Date: Fri, 18 Jun 2021 11:56:50 -0700
Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk
diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
index d8ca7f9b79..e07f7392f6 100644
--- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From 621ba76ef956708cdaf4fd5bc0e25aa59d427c5b Mon Sep 17 00:00:00 2001
+From 9d658dd20f02edcf878b245d638c474c808ab8d1 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Wed, 12 Jun 2024 10:29:03 -0400
Subject: [PATCH] test_deadlock: skip problematic test
diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
index d0f4dc14bc..535c48c769 100644
--- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
@@ -1,4 +1,4 @@
-From d74e5f24b574fa4d571a64e647c916a7ebe26b3e Mon Sep 17 00:00:00 2001
+From fcd5b7d30d3245ce92ea45dfbab3c7b7da690c20 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Mon, 5 Aug 2019 15:57:39 +0800
Subject: [PATCH] test_locale.py: correct the test output format
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index f4efd1ecff..3568d92bda 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -1,4 +1,4 @@
-From bc5c70dc2a2fcfe51481de0ad800baa849592222 Mon Sep 17 00:00:00 2001
+From 34fd0bc8afc67a11eea5d73f9e0edf045c5ce541 Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Tue, 13 Aug 2024 11:07:05 -0400
Subject: [PATCH] test_readline: skip limited history test
diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
index e8d70cdc1b..61fe5e9ba1 100644
--- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch
@@ -1,4 +1,4 @@
-From b637ac8f58d17bc8888b2027a572c87531a4539d Mon Sep 17 00:00:00 2001
+From d09a034acba8922158d38fd16be970b5a454428a Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Wed, 8 May 2024 11:58:09 -0400
Subject: [PATCH] test_shutdown: skip problematic test
diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
index a4c9abd8b9..22aabbb2ed 100644
--- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
@@ -1,4 +1,4 @@
-From 1a1e5c30021a200b2dc853690dbf1edfba9ca262 Mon Sep 17 00:00:00 2001
+From 6715560de4d622c2d72ee7b587c916ac647c54bb Mon Sep 17 00:00:00 2001
From: Trevor Gamblin <tgamblin@baylibre.com>
Date: Fri, 6 Oct 2023 10:59:44 -0400
Subject: [PATCH] test_storlines: skip due to load variability
diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
index 5c5603c956..f5e500b146 100644
--- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
+++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
@@ -1,4 +1,4 @@
-From 8543ad744a2839acf1f4eec967acd645fd89d1a7 Mon Sep 17 00:00:00 2001
+From 011b21dc9b090c0b97eaecbd80a9e0c1cd39b12d Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 17 Nov 2023 14:16:40 +0100
Subject: [PATCH] configure.ac: do not add a curses include path from the host
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac
-index cdc54e5..d163c73 100644
+index 6e465a4..13c4835 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -6536,12 +6536,6 @@ AS_VAR_IF([have_panel], [no], [
+@@ -6537,12 +6537,6 @@ AS_VAR_IF([have_panel], [no], [
AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)])
])
diff --git a/meta/recipes-devtools/python/python3/cgi_py.patch b/meta/recipes-devtools/python/python3/cgi_py.patch
index b1f2b71c2a..880a463760 100644
--- a/meta/recipes-devtools/python/python3/cgi_py.patch
+++ b/meta/recipes-devtools/python/python3/cgi_py.patch
@@ -1,4 +1,4 @@
-From 8e6dc9fe684b27988b5aca3f760f02343aa95951 Mon Sep 17 00:00:00 2001
+From 6ebd9de3505be0965cfc37e2e4d0d882d75f0ec2 Mon Sep 17 00:00:00 2001
From: Mark Hatle <mark.hatle@windriver.com>
Date: Wed, 21 Sep 2011 20:55:33 -0500
Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment
diff --git a/meta/recipes-devtools/python/python3/crosspythonpath.patch b/meta/recipes-devtools/python/python3/crosspythonpath.patch
index 91ef3fe674..24268fb91a 100644
--- a/meta/recipes-devtools/python/python3/crosspythonpath.patch
+++ b/meta/recipes-devtools/python/python3/crosspythonpath.patch
@@ -1,4 +1,4 @@
-From 1bc93167c48876d77ce424415e87573a062b8f2a Mon Sep 17 00:00:00 2001
+From 0bcdb84db7801507b155a40db2228ba516edeb73 Mon Sep 17 00:00:00 2001
From: Ricardo Ribalda <ricardo@ribalda.com>
Date: Tue, 18 Nov 2014 03:35:33 -0500
Subject: [PATCH] configure.ac: add CROSSPYTHONPATH into PYTHONPATH for
@@ -19,7 +19,7 @@ Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 093f8b5..cdc54e5 100644
+index 955daad..6e465a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,7 +165,7 @@ AC_ARG_WITH([build-python],
diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch
index 9ae4af36ec..9bfdf5cd47 100644
--- a/meta/recipes-devtools/python/python3/deterministic_imports.patch
+++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch
@@ -1,4 +1,4 @@
-From 38e732371ac234c3f0e6310d6dbc7ddc7f458535 Mon Sep 17 00:00:00 2001
+From 1d6f0f5f8a1279fc9bc06266caa3f3b6f234c4cb Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Fri, 27 May 2022 17:05:44 +0100
Subject: [PATCH] python3: Ensure stale empty python module directories don't
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index e9494b555d..f420404f34 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 08c7867a02d26aac41764b915dc925343305e7af Mon Sep 17 00:00:00 2001
+From be22dd9b091af8f971f924fdbce5b439d9b2e850 Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue, 13 Jul 2021 23:19:29 +0100
Subject: [PATCH] python3: Fix make race
@@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 23e20e9..b1c5413 100644
+index dce36a5..2d235d2 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -2260,7 +2260,7 @@ COMPILEALL_OPTS=-j0
+@@ -2265,7 +2265,7 @@ COMPILEALL_OPTS=-j0
TEST_MODULES=@TEST_MODULES@
.PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3_3.12.7.bb b/meta/recipes-devtools/python/python3_3.12.8.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.12.7.bb
rename to meta/recipes-devtools/python/python3_3.12.8.bb
index e2fdc18112..94e0f24f89 100644
--- a/meta/recipes-devtools/python/python3_3.12.7.bb
+++ b/meta/recipes-devtools/python/python3_3.12.8.bb
@@ -40,7 +40,7 @@ SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
"
-SRC_URI[sha256sum] = "24887b92e2afd4a2ac602419ad4b596372f67ac9b077190f459aba390faf5550"
+SRC_URI[sha256sum] = "c909157bb25ec114e5869124cc2a9c4a4d4c1e957ca4ff553f1edc692101154e"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 20/25] libxml2: Upgrade 2.12.8 -> 2.12.9
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (18 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 19/25] python3: upgrade 3.12.7 -> 3.12.8 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 21/25] python3-requests: upgrade 2.32.0 -> 2.32.3 Steve Sakoman
` (4 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
Changes between 2.12.8 -> 2.12.9
================================
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9
Security
* [CVE-2024-40896] Fix XXE protection in downstream code
Improvements
* Undeprecate xmlKeepBlanksDefault.
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} (97%)
diff --git a/meta/recipes-core/libxml/libxml2_2.12.8.bb b/meta/recipes-core/libxml/libxml2_2.12.9.bb
similarity index 97%
rename from meta/recipes-core/libxml/libxml2_2.12.8.bb
rename to meta/recipes-core/libxml/libxml2_2.12.9.bb
index fb103f0273..7777c9f181 100644
--- a/meta/recipes-core/libxml/libxml2_2.12.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.12.9.bb
@@ -20,7 +20,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
file://install-tests.patch \
"
-SRC_URI[archive.sha256sum] = "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93"
+SRC_URI[archive.sha256sum] = "59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590"
SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
# Disputed as a security issue, but fixed in d39f780
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 21/25] python3-requests: upgrade 2.32.0 -> 2.32.3
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (19 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 20/25] libxml2: Upgrade 2.12.8 -> 2.12.9 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 22/25] populate_sdk_ext: write_local_conf add shutil import Steve Sakoman
` (3 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Soumya Sambu <soumya.sambu@windriver.com>
Changelog:
https://requests.readthedocs.io/en/latest/community/updates/#release-history
2.32.3 (2024-05-29)
* Bugfixes - Fixed bug breaking the ability to specify custom SSLContexts
in sub-classes of HTTPAdapter. (#6716)
* Fixed issue where Requests started failing to run on Python versions
compiled without the ssl module. (#6724)
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
* Bugfixes - Add missing test certs to the sdist distributed on PyPI.
https://github.com/psf/requests/compare/v2.32.0...v2.32.3
Also transition to using python_setuptools_build_meta.
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/python/{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} (78%)
diff --git a/meta/recipes-devtools/python/python3-requests_2.32.0.bb b/meta/recipes-devtools/python/python3-requests_2.32.3.bb
similarity index 78%
rename from meta/recipes-devtools/python/python3-requests_2.32.0.bb
rename to meta/recipes-devtools/python/python3-requests_2.32.3.bb
index b4df4c5dc7..4f0638b50c 100644
--- a/meta/recipes-devtools/python/python3-requests_2.32.0.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.3.bb
@@ -3,9 +3,9 @@ HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
-SRC_URI[sha256sum] = "fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8"
+SRC_URI[sha256sum] = "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
RDEPENDS:${PN} += " \
python3-certifi \
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 22/25] populate_sdk_ext: write_local_conf add shutil import
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (20 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 21/25] python3-requests: upgrade 2.32.0 -> 2.32.3 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 23/25] lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66 Steve Sakoman
` (2 subsequent siblings)
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Mark Hatle <mark.hatle@kernel.crashing.org>
Add shutil import to resolve error:
Exception: NameError: name 'shutil' is not defined, Did you forget to import 'shutil'
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b64263a43b4d82f1ebba13815bccb8a8cd3127f9)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/populate_sdk_ext.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
index e76ef60720..662cc493ce 100644
--- a/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -290,6 +290,8 @@ def copy_uninative(d, baseoutpath):
return uninative_checksum
def write_local_conf(d, baseoutpath, derivative, core_meta_subdir, uninative_checksum):
+ import shutil
+
#check if custome templateconf path is set
use_custom_templateconf = d.getVar('SDK_CUSTOM_TEMPLATECONF')
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 23/25] lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (21 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 22/25] populate_sdk_ext: write_local_conf add shutil import Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 24/25] ovmf-native: remove .pyc files from install Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 25/25] sanity.bbclass: skip check_userns for non-local uid Steve Sakoman
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Xiangyu Chen <xiangyu.chen@windriver.com>
The following commit has been backported into the 6.6.y branch.
See upstream commit:
commit 5fe6ec8f6ab549b6422e41551abb51802bd48bc7
Author: Peter Zijlstra <peterz@infradead.org>
Date: Mon Nov 6 13:41:43 2023 +0100
sched: Remove vruntime from trace_sched_stat_runtime()
That caused building the lttng-modules report compile error:
tracepoint-event-impl.h:133:6: error: conflicting types for
'trace_sched_stat_runtime';
The fix is still pending on lttng review board, backport it to oe-core to
de-block the build issue.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...stat_runtime-changed-in-Linux-6.6.66.patch | 51 +++++++++++++++++++
.../lttng/lttng-modules_2.13.12.bb | 1 +
2 files changed, 52 insertions(+)
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
new file mode 100644
index 0000000000..3c7731ae8f
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
@@ -0,0 +1,51 @@
+From a04234d63999f91405574928c80ded870dca157a Mon Sep 17 00:00:00 2001
+From: Kienan Stewart <kstewart@efficios.com>
+Date: Sun, 22 Dec 2024 17:39:35 +0800
+Subject: [PATCH] Fix: sched_stat_runtime changed in Linux 6.6.66
+
+The following commit has been backported into the 6.6.y branch.
+
+See upstream commit:
+
+ commit 5fe6ec8f6ab549b6422e41551abb51802bd48bc7
+ Author: Peter Zijlstra <peterz@infradead.org>
+ Date: Mon Nov 6 13:41:43 2023 +0100
+
+ sched: Remove vruntime from trace_sched_stat_runtime()
+
+ Tracing the runtime delta makes sense, observer can sum over time.
+ Tracing the absolute vruntime makes less sense, inconsistent:
+ absolute-vs-delta, but also vruntime delta can be computed from
+ runtime delta.
+
+ Removing the vruntime thing also makes the two tracepoint sites
+ identical, allowing to unify the code in a later patch.
+
+Change-Id: I74acf0b8340c371e8411116e07e5c97b10f9c756
+Signed-off-by: Kienan Stewart <kstewart@efficios.com>
+
+Upstream-Status: Pending [https://review.lttng.org/c/lttng-modules/+/13813]
+
+[Xiangyu: BP to fix compile error on linux 6.6.66, Minor conflict resolution]
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ include/instrumentation/events/sched.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/instrumentation/events/sched.h b/include/instrumentation/events/sched.h
+index 24cf37c8..637a1e3a 100644
+--- a/include/instrumentation/events/sched.h
++++ b/include/instrumentation/events/sched.h
+@@ -646,7 +646,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(sched_stat_template, sched_stat_blocked,
+ TP_ARGS(tsk, delay))
+ #endif
+
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0))
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0) || \
++ LTTNG_KERNEL_RANGE(6,6,66, 6,7,0))
+ /*
+ * Tracepoint for accounting runtime (time the task is executing
+ * on a CPU).
+--
+2.43.0
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
index 95d5e2d615..34aff1ba8d 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-Fix-ASoC-add-component-to-set_bias_level-events-in-l.patch \
file://0003-Fix-mm_compaction_migratepages-changed-in-linux-6.9-.patch \
file://0004-Fix-dev_base_lock-removed-in-linux-6.9-rc1.patch \
+ file://0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch \
"
# Use :append here so that the patch is applied also when using devupstream
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 24/25] ovmf-native: remove .pyc files from install
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (22 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 23/25] lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66 Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 25/25] sanity.bbclass: skip check_userns for non-local uid Steve Sakoman
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
They break builds which share sstate files on different
machines and paths:
ERROR: ovmf-edk2-stable202408-r0 do_prepare_recipe_sysroot: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 624, function: extend_recipe_sysroot
0620:
0621: # Handle deferred binfiles
0622: for l in binfiles:
0623: (targetdir, dest) = binfiles[l]
*** 0624: staging_copyfile(l, targetdir, dest, postinsts, seendirs)
0625:
0626: bb.note("Installed into sysroot: %s" % str(msg_adding))
0627: bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
0628:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 165, function: staging_copyfile
0161: os.symlink(linkto, dest)
0162: #bb.warn(c)
0163: else:
0164: try:
*** 0165: os.link(c, dest)
0166: except OSError as err:
0167: if err.errno == errno.EXDEV:
0168: bb.utils.copyfile(c, dest)
0169: else:
Exception: FileExistsError: [Errno 17] File exists: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/sysroots-components/x86_64/ovmf-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' -> '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/work/core2-64-poky-linux/ovmf/edk2-stable202408/recipe-sysroot-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc'
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit facd9e17fa53e2fb3a828b3f179cfb659be75d37)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/ovmf/ovmf_git.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index ada6ee72db..319f03a8d2 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -225,6 +225,7 @@ do_compile:class-target() {
do_install:class-native() {
install -d ${D}/${bindir}/edk2_basetools
+ find ${S}/BaseTools -name \*.pyc -exec rm -rf \{\} \;
cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][scarthgap 25/25] sanity.bbclass: skip check_userns for non-local uid
2025-01-04 13:41 [OE-core][scarthgap 00/25] Patch review Steve Sakoman
` (23 preceding siblings ...)
2025-01-04 13:41 ` [OE-core][scarthgap 24/25] ovmf-native: remove .pyc files from install Steve Sakoman
@ 2025-01-04 13:41 ` Steve Sakoman
24 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
Bitbake preserve network for non-local uid, refer [1],
so check_userns is not needed for non-local uid
[1] https://git.openembedded.org/bitbake/commit/?id=4eafae7904bae6e5c6bc50356e8a9077f2e207fa
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 808d0cece22bcbee15236717e158da247cbedaf1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-global/sanity.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass
index 72dab0fea2..a0b2508e11 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bbclass
@@ -484,6 +484,8 @@ def check_userns():
# succeeds (at which point the uid is nobody) but writing to the uid_map
# fails (so the uid isn't reset back to the user's uid). We can detect this.
parentuid = os.getuid()
+ if not bb.utils.is_local_uid(parentuid):
+ return None
pid = os.fork()
if not pid:
try:
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread