[hardknott][PATCH 0/7] Review request

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* [hardknott][PATCH 0/7] Review request
@ 2021-08-15 15:56 Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
                   ` (6 more replies)
  0 siblings, 7 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

Please review this next set of patches for hardknott. Two intermittent
and unrelated failures seen while testing - a valgrind ptest failure and
a bitbake timeout while running a oe-selftest.

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2434

Thanks,

Anuj

The following changes since commit 49868162a1a1d088fbaabeffcc2debcbfc17b026:

  nettle: update 3.7.2 -> 3.7.3 (2021-08-09 10:19:38 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/hardknott

Armin Kuster (1):
  gnutls: Enable seccomp if FEATURE is set

Khem Raj (1):
  gnutls: Point to staging area for finding seccomp libs and includes

Sakib Sajal (3):
  qemu: fix CVE-2021-3582
  qemu: fix CVE-2021-3607
  qemu: fix CVE-2021-3608

Vinay Kumar (1):
  glibc: Fix CVE-2021-35942

wangmy (1):
  gnutls: upgrade 3.7.1 -> 3.7.2

 .../glibc/glibc/CVE-2021-35942.patch          | 44 +++++++++++++++++
 meta/recipes-core/glibc/glibc_2.33.bb         |  1 +
 meta/recipes-devtools/qemu/qemu.inc           |  3 ++
 .../qemu/qemu/CVE-2021-3582.patch             | 47 +++++++++++++++++++
 .../qemu/qemu/CVE-2021-3607.patch             | 43 +++++++++++++++++
 .../qemu/qemu/CVE-2021-3608.patch             | 43 +++++++++++++++++
 .../{gnutls_3.7.1.bb => gnutls_3.7.2.bb}      |  6 +--
 7 files changed, 184 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
 rename meta/recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} (89%)

-- 
2.31.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
                   ` (5 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Vinay Kumar <vinay.m.engg@gmail.com>

Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011

Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
glibc-2.33 source.

Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../glibc/glibc/CVE-2021-35942.patch          | 44 +++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.33.bb         |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 0000000000..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
+CVE: CVE-2021-35942
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c      | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+     { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+     { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+     { 0, NULL, "", 0, 0, { NULL, }, IFS },
++    { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+ 
+     /* Flags not already covered (testit() has special handling for these) */
+     { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+   /* Is it a numeric parameter? */
+   else if (isdigit (env[0]))
+     {
+-      int n = atoi (env);
++      unsigned long n = strtoul (env, NULL, 10);
+ 
+       if (n >= __libc_argc)
+ 	/* Substitute NULL. */
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index bb35c50c98..7f516d2bbe 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -63,6 +63,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
            file://CVE-2021-33574_1.patch \
            file://CVE-2021-33574_2.patch \
+           file://CVE-2021-35942.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
                   ` (4 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Sakib Sajal <sakib.sajal@windriver.com>

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-3582.patch             | 47 +++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index a22721004e..3cef5a2d7e 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -66,6 +66,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \
            file://CVE-2021-3527-1.patch \
            file://CVE-2021-3527-2.patch \
+           file://CVE-2021-3582.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
new file mode 100644
index 0000000000..7a88e29384
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
@@ -0,0 +1,47 @@
+From 284f191b4abad213aed04cb0458e1600fd18d7c4 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel@redhat.com>
+Date: Wed, 16 Jun 2021 14:06:00 +0300
+Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device
+ (CVE-2021-3582)
+
+Ensure mremap boundaries not trusting the guest kernel to
+pass the correct buffer length.
+
+Fixes: CVE-2021-3582
+Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3582
+Upstream-Status: Backport [284f191b4abad213aed04cb0458e1600fd18d7c4]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
+index f59879e257..da7ddfa548 100644
+--- a/hw/rdma/vmw/pvrdma_cmd.c
++++ b/hw/rdma/vmw/pvrdma_cmd.c
+@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma,
+         return NULL;
+     }
+ 
++    length = ROUND_UP(length, TARGET_PAGE_SIZE);
++    if (nchunks * TARGET_PAGE_SIZE != length) {
++        rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
++                          (unsigned long)length);
++        return NULL;
++    }
++
+     dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
+     if (!dir) {
+         rdma_error_report("Failed to map to page directory");
+-- 
+2.25.1
+
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
                   ` (3 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Sakib Sajal <sakib.sajal@windriver.com>

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-3607.patch             | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 3cef5a2d7e..0849196650 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -67,6 +67,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2021-3527-1.patch \
            file://CVE-2021-3527-2.patch \
            file://CVE-2021-3582.patch \
+           file://CVE-2021-3607.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
new file mode 100644
index 0000000000..0547c74484
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
@@ -0,0 +1,43 @@
+From 32e5703cfea07c91e6e84bcb0313f633bb146534 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Date: Wed, 30 Jun 2021 14:46:34 +0300
+Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+
+Check the guest passed a non zero page count
+for pvrdma device ring buffers.
+
+Fixes: CVE-2021-3607
+Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3607
+Upstream-Status: Backport [32e5703cfea07c91e6e84bcb0313f633bb146534]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_main.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
+index 84ae8024fc..7c0c3551a8 100644
+--- a/hw/rdma/vmw/pvrdma_main.c
++++ b/hw/rdma/vmw/pvrdma_main.c
+@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
+     uint64_t *dir, *tbl;
+     int rc = 0;
+ 
++    if (!num_pages) {
++        rdma_error_report("Ring pages count must be strictly positive");
++        return -EINVAL;
++    }
++
+     dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
+     if (!dir) {
+         rdma_error_report("Failed to map to page directory (ring %s)", name);
+-- 
+2.25.1
+
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
                   ` (2 preceding siblings ...)
  2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
                   ` (2 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Sakib Sajal <sakib.sajal@windriver.com>

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-3608.patch             | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 0849196650..c3eecea9d4 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -68,6 +68,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2021-3527-2.patch \
            file://CVE-2021-3582.patch \
            file://CVE-2021-3607.patch \
+           file://CVE-2021-3608.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
new file mode 100644
index 0000000000..22d68b025d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
@@ -0,0 +1,43 @@
+From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Date: Wed, 30 Jun 2021 14:52:46 +0300
+Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do not unmap uninitialized dma addresses.
+
+Fixes: CVE-2021-3608
+Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3608
+Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
+index 074ac59b84..42130667a7 100644
+--- a/hw/rdma/vmw/pvrdma_dev_ring.c
++++ b/hw/rdma/vmw/pvrdma_dev_ring.c
+@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev,
+     qatomic_set(&ring->ring_state->cons_head, 0);
+     */
+     ring->npages = npages;
+-    ring->pages = g_malloc(npages * sizeof(void *));
++    ring->pages = g_malloc0(npages * sizeof(void *));
+ 
+     for (i = 0; i < npages; i++) {
+         if (!tbl[i]) {
+-- 
+2.25.1
+
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
                   ` (3 preceding siblings ...)
  2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f2527b5567252c7da4fbd863e119c8114e6debcd)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
index 51d472c828..3e1958c969 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
@@ -27,7 +27,7 @@ SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
 
-PACKAGECONFIG ??= "libidn"
+PACKAGECONFIG ??= "libidn  ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
 
 # You must also have CONFIG_SECCOMP enabled in the kernel for
 # seccomp to work.
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
                   ` (4 preceding siblings ...)
  2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: Khem Raj <raj.khem@gmail.com>

This ensures that if libseccomp is installed on build host then it does
not resort to use it.

Fixes
checking for libseccomp... (cached) yes
checking how to link with libseccomp... /usr/lib/libseccomp.so

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3751ac58720a500e3b749b2296922d7c82db49a1)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
index 3e1958c969..350d0a018b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
@@ -31,7 +31,7 @@ PACKAGECONFIG ??= "libidn  ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
 
 # You must also have CONFIG_SECCOMP enabled in the kernel for
 # seccomp to work.
-PACKAGECONFIG[seccomp] = "ac_cv_libseccomp=yes,ac_cv_libseccomp=no,libseccomp"
+PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp"
 PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2"
 PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
 PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2
  2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
                   ` (5 preceding siblings ...)
  2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
  6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
  To: openembedded-core

From: wangmy <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3593a4c47d5e8faccb27c7cd975f18f90b9cd86f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} (96%)

diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.2.bb
similarity index 96%
rename from meta/recipes-support/gnutls/gnutls_3.7.1.bb
rename to meta/recipes-support/gnutls/gnutls_3.7.2.bb
index 350d0a018b..430d1f2d7d 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.2.bb
@@ -23,7 +23,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://arm_eabi.patch \
            "
 
-SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f"
+SRC_URI[sha256sum] = "646e6c5a9a185faa4cea796d378a1ba8e1148dbb197ca6605f95986a25af2752"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
 
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-08-15 15:57 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox