* [OE-core][dunfell 00/20] Patch review
@ 2022-02-03 19:50 Steve Sakoman
2022-02-03 19:50 ` [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Steve Sakoman
` (19 more replies)
0 siblings, 20 replies; 25+ messages in thread
From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3182
The following changes since commit f3be01483b01c88f8c4ba24ca73ccf1bcc33665c:
build-appliance-image: Update to dunfell head revision (2022-01-27 16:16:08 +0000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
libusb1: correct SRC_URI
Joshua Watt (5):
tzdata: Remove BSD License specifier
e2fsprogs: Use specific BSD license variant
glib-2.0: Use specific BSD license variant
shadow: Use specific BSD license variant
libcap: Use specific BSD license variant
Marek Vasut (1):
binutils: Backport Include members in the variable table used when
resolving DW_AT_specification tags.
Marta Rybczynska (2):
grub: add a fix for CVE-2020-25632
grub: add a fix for CVE-2020-25647
Minjae Kim (1):
ghostscript: fix CVE-2021-45949
Peter Kjellerstedt (1):
sstate: A third fix for for touching files inside pseudo
Purushottam Choudhary (1):
systemd: Fix CVE-2021-3997
Ranjitsinh Rathod (1):
util-linux: Fix for CVE-2021-3995 and CVE-2021-3996
Ross Burton (2):
lsof: correct LICENSE
shadow-sysroot: sync license with shadow
Rudolf J Streif (1):
linux-firmware: Add CLM blob to linux-firmware-bcm4373 package
Steve Sakoman (4):
glibc: update to lastest 2.31 release HEAD
expat: fix CVE-2022-23852
expat: add missing Upstream-status, CVE tag and sign-off to
CVE-2021-46143.patch
common-licenses: add Spencer-94
meta/classes/sstate.bbclass | 14 +-
meta/files/common-licenses/Spencer-94 | 12 +
.../grub/files/CVE-2020-25632.patch | 90 +++++
.../grub/files/CVE-2020-25647.patch | 119 +++++++
meta/recipes-bsp/grub/grub2.inc | 2 +
.../expat/expat/CVE-2021-46143.patch | 6 +
.../expat/expat/CVE-2022-23852.patch | 33 ++
meta/recipes-core/expat/expat_2.2.9.bb | 1 +
meta/recipes-core/glib-2.0/glib.inc | 2 +-
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.31.bb | 1 +
.../systemd/systemd/CVE-2021-3997-1.patch | 65 ++++
.../systemd/systemd/CVE-2021-3997-2.patch | 101 ++++++
.../systemd/systemd/CVE-2021-3997-3.patch | 266 +++++++++++++++
...-fsync-after-removing-directory-tree.patch | 35 ++
...children-split-out-body-of-directory.patch | 318 ++++++++++++++++++
meta/recipes-core/systemd/systemd_244.5.bb | 5 +
.../util-linux/util-linux/CVE-2021-3995.patch | 139 ++++++++
.../util-linux/util-linux/CVE-2021-3996.patch | 226 +++++++++++++
...ude-strutils-cleanup-strto-functions.patch | 270 +++++++++++++++
.../util-linux/util-linux_2.35.1.bb | 3 +
.../binutils/binutils-2.34.inc | 1 +
...in-the-variable-table-used-when-reso.patch | 32 ++
meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +-
.../ghostscript/CVE-2021-45949.patch | 65 ++++
...tack-limits-after-function-evalution.patch | 51 +++
.../ghostscript/ghostscript_9.52.bb | 2 +
meta/recipes-extended/lsof/lsof_4.91.bb | 2 +-
.../shadow/shadow-sysroot_4.6.bb | 2 +-
meta/recipes-extended/shadow/shadow.inc | 2 +-
meta/recipes-extended/timezone/timezone.inc | 2 +-
.../linux-firmware/linux-firmware_20211216.bb | 1 +
meta/recipes-support/libcap/libcap_2.32.bb | 2 +-
meta/recipes-support/libusb/libusb1_1.0.22.bb | 4 +-
34 files changed, 1863 insertions(+), 15 deletions(-)
create mode 100644 meta/files/common-licenses/Spencer-94
create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25632.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25647.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23852.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch
create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch
create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch
--
2.25.1
^ permalink raw reply [flat|nested] 25+ messages in thread* [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-05 0:06 ` Ranjitsinh Rathod 2022-02-03 19:50 ` [OE-core][dunfell 02/20] systemd: Fix CVE-2021-3997 Steve Sakoman ` (18 subsequent siblings) 19 siblings, 1 reply; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core Includes the following fixes: 3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC 412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) 547b63bf6d socket: Add the __sockaddr_un_set function b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to stack-protector" 95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524) 094618d401 x86_64: Remove unneeded static PIE check for undefined weak diagnostic Also add CVE-2022-23218 and CVE-2022-23218 to ignore list since they are fixed by the above changes. Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.31.bb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index aac0d9b3bf..68efd09ece 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.31/master" PV = "2.31+git${SRCPV}" -SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8" +SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f" SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 4a545cb97d..0c37467fe4 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -3,6 +3,7 @@ require glibc-version.inc CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \ CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \ + CVE-2022-23218 CVE-2022-23219 \ " # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD 2022-02-03 19:50 ` [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Steve Sakoman @ 2022-02-05 0:06 ` Ranjitsinh Rathod 0 siblings, 0 replies; 25+ messages in thread From: Ranjitsinh Rathod @ 2022-02-05 0:06 UTC (permalink / raw) To: Steve Sakoman; +Cc: Patches and discussions about the oe-core layer [-- Attachment #1: Type: text/plain, Size: 2936 bytes --] It seems in commit message you have mentioned 2 times CVE-2022-23218 instead of CVE-2022-23218 and CVE-2022-23219. On Fri, 4 Feb, 2022, 1:21 am Steve Sakoman, <steve@sakoman.com> wrote: > Includes the following fixes: > > 3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug > 28768) > e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC > 412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug > 22542) > c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for > "unix" (bug 22542) > 547b63bf6d socket: Add the __sockaddr_un_set function > b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to > stack-protector" > 95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector > e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug > 28524) > 094618d401 x86_64: Remove unneeded static PIE check for undefined weak > diagnostic > > Also add CVE-2022-23218 and CVE-2022-23218 to ignore list since they are > fixed > by the above changes. > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > meta/recipes-core/glibc/glibc_2.31.bb | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/meta/recipes-core/glibc/glibc-version.inc > b/meta/recipes-core/glibc/glibc-version.inc > index aac0d9b3bf..68efd09ece 100644 > --- a/meta/recipes-core/glibc/glibc-version.inc > +++ b/meta/recipes-core/glibc/glibc-version.inc > @@ -1,6 +1,6 @@ > SRCBRANCH ?= "release/2.31/master" > PV = "2.31+git${SRCPV}" > -SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8" > +SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f" > SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" > > GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" > diff --git a/meta/recipes-core/glibc/glibc_2.31.bb > b/meta/recipes-core/glibc/glibc_2.31.bb > index 4a545cb97d..0c37467fe4 100644 > --- a/meta/recipes-core/glibc/glibc_2.31.bb > +++ b/meta/recipes-core/glibc/glibc_2.31.bb > @@ -3,6 +3,7 @@ require glibc-version.inc > > CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 > CVE-2020-1751 CVE-2020-1752 \ > CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 > CVE-2020-29562 CVE-2019-25013 \ > + CVE-2022-23218 CVE-2022-23219 \ > " > > # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#161296): > https://lists.openembedded.org/g/openembedded-core/message/161296 > Mute This Topic: https://lists.openembedded.org/mt/88891348/6360406 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ranjitsinhrathod1991@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > > [-- Attachment #2: Type: text/html, Size: 4734 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][dunfell 02/20] systemd: Fix CVE-2021-3997 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 03/20] grub: add a fix for CVE-2020-25632 Steve Sakoman ` (17 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Add patches to fix CVE-2021-3997. Add additional below mentioned patches which are required to fix CVE: 1. rm-rf-optionally-fsync-after-removing-directory-tree.patch 2. rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch Link: http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../systemd/systemd/CVE-2021-3997-1.patch | 65 ++++ .../systemd/systemd/CVE-2021-3997-2.patch | 101 ++++++ .../systemd/systemd/CVE-2021-3997-3.patch | 266 +++++++++++++++ ...-fsync-after-removing-directory-tree.patch | 35 ++ ...children-split-out-body-of-directory.patch | 318 ++++++++++++++++++ meta/recipes-core/systemd/systemd_244.5.bb | 5 + 6 files changed, 790 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch new file mode 100644 index 0000000000..341976822b --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch @@ -0,0 +1,65 @@ +Backport of the following upstream commit: +From fbb77e1e55866633c9f064e2b3bcf2b6402d962d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 23 Nov 2021 15:55:45 +0100 +Subject: [PATCH 1/3] shared/rm_rf: refactor rm_rf_children_inner() to shorten + code a bit + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/basic/rm-rf.c | 27 +++++++++------------------ + 1 file changed, 9 insertions(+), 18 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -34,7 +34,7 @@ + const struct stat *root_dev) { + + struct stat st; +- int r; ++ int r, q = 0; + + assert(fd >= 0); + assert(fname); +@@ -50,7 +50,6 @@ + + if (is_dir) { + _cleanup_close_ int subdir_fd = -1; +- int q; + + /* if root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) +@@ -86,23 +85,15 @@ + * again for each directory */ + q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); + +- r = unlinkat(fd, fname, AT_REMOVEDIR); +- if (r < 0) +- return r; +- if (q < 0) +- return q; +- +- return 1; +- +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { +- r = unlinkat(fd, fname, 0); +- if (r < 0) +- return r; +- +- return 1; +- } ++ } else if (flags & REMOVE_ONLY_DIRECTORIES) ++ return 0; + +- return 0; ++ r = unlinkat(fd, fname, is_dir ? AT_REMOVEDIR : 0); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; ++ return 1; + } + + int rm_rf_children( diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch new file mode 100644 index 0000000000..066e10fbbc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch @@ -0,0 +1,101 @@ +Backport of the following upstream commit: +From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 23 Nov 2021 16:56:42 +0100 +Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/basic/rm-rf.c | 53 ++++++++++++++++++++-------------------------- + 1 file changed, 23 insertions(+), 30 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -159,7 +159,7 @@ + } + + int rm_rf(const char *path, RemoveFlags flags) { +- int fd, r; ++ int fd, r, q = 0; + + assert(path); + +@@ -191,49 +191,47 @@ + } + + fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (fd < 0) { ++ if (fd >= 0) { ++ /* We have a dir */ ++ r = rm_rf_children(fd, flags, NULL); ++ ++ if (FLAGS_SET(flags, REMOVE_ROOT)) { ++ q = rmdir(path); ++ if (q < 0) ++ q = -errno; ++ } ++ } else { + if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) + return 0; + + if (!IN_SET(errno, ENOTDIR, ELOOP)) + return -errno; + +- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) + return 0; + +- if (FLAGS_SET(flags, REMOVE_ROOT)) { +- +- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { +- struct statfs s; +- +- if (statfs(path, &s) < 0) +- return -errno; +- if (is_physical_fs(&s)) +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove files from a disk file system under \"%s\", refusing.", +- path); +- } +- +- if (unlink(path) < 0) { +- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) +- return 0; ++ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; + ++ if (statfs(path, &s) < 0) + return -errno; +- } ++ if (is_physical_fs(&s)) ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove files from a disk file system under \"%s\", refusing.", ++ path); + } + +- return 0; ++ r = 0; ++ q = unlink(path); ++ if (q < 0) ++ q = -errno; + } + +- r = rm_rf_children(fd, flags, NULL); +- +- if (FLAGS_SET(flags, REMOVE_ROOT) && +- rmdir(path) < 0 && +- r >= 0 && +- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) +- r = -errno; +- +- return r; ++ if (r < 0) ++ return r; ++ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) ++ return q; ++ return 0; + } + + int rm_rf_child(int fd, const char *name, RemoveFlags flags) { diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch new file mode 100644 index 0000000000..c96b8d9a6e --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch @@ -0,0 +1,266 @@ +Backport of the following upstream commit: +From bef8e8e577368697b2e6f85183b1dbc99e0e520f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 30 Nov 2021 22:29:05 +0100 +Subject: [PATCH 3/3] shared/rm-rf: loop over nested directories instead of + instead of recursing + +To remove directory structures, we need to remove the innermost items first, +and then recursively remove higher-level directories. We would recursively +descend into directories and invoke rm_rf_children and rm_rm_children_inner. +This is problematic when too many directories are nested. + +Instead, let's create a "TODO" queue. In the the queue, for each level we +hold the DIR* object we were working on, and the name of the directory. This +allows us to leave a partially-processed directory, and restart the removal +loop one level down. When done with the inner directory, we use the name to +unlinkat() it from the parent, and proceed with the removal of other items. + +Because the nesting is increased by one level, it is best to view this patch +with -b/--ignore-space-change. + +This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. +The issue was reported and patches reviewed by Qualys Team. +Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/basic/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- + 1 file changed, 113 insertions(+), 48 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -26,12 +26,13 @@ + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } + +-static int rm_rf_children_inner( ++static int rm_rf_inner_child( + int fd, + const char *fname, + int is_dir, + RemoveFlags flags, +- const struct stat *root_dev) { ++ const struct stat *root_dev, ++ bool allow_recursion) { + + struct stat st; + int r, q = 0; +@@ -49,9 +50,7 @@ + } + + if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; +- +- /* if root_dev is set, remove subdirectories only if device is same */ ++ /* If root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) + return 0; + +@@ -63,7 +62,6 @@ + return 0; + + if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { +- + /* This could be a subvolume, try to remove it */ + + r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +@@ -77,13 +75,16 @@ + return 1; + } + +- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (!allow_recursion) ++ return -EISDIR; ++ ++ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (subdir_fd < 0) + return -errno; + + /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type + * again for each directory */ +- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); ++ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); + + } else if (flags & REMOVE_ONLY_DIRECTORIES) + return 0; +@@ -96,64 +97,128 @@ + return 1; + } + ++typedef struct TodoEntry { ++ DIR *dir; /* A directory that we were operating on. */ ++ char *dirname; /* The filename of that directory itself. */ ++} TodoEntry; ++ ++static void free_todo_entries(TodoEntry **todos) { ++ for (TodoEntry *x = *todos; x && x->dir; x++) { ++ closedir(x->dir); ++ free(x->dirname); ++ } ++ ++ freep(todos); ++} ++ + int rm_rf_children( + int fd, + RemoveFlags flags, + const struct stat *root_dev) { + +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; ++ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; ++ size_t n_todo = 0, allocated = 0; ++ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ + int ret = 0, r; + +- assert(fd >= 0); ++ /* Return the first error we run into, but nevertheless try to go on. ++ * The passed fd is closed in all cases, including on failure. */ + +- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure. */ ++ for (;;) { /* This loop corresponds to the directory nesting level. */ ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ ++ if (n_todo > 0) { ++ /* We know that we are in recursion here, because n_todo is set. ++ * We need to remove the inner directory we were operating on. */ ++ assert(dirname); ++ r = unlinkat(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ dirname = mfree(dirname); ++ ++ /* And now let's back out one level up */ ++ n_todo --; ++ d = TAKE_PTR(todos[n_todo].dir); ++ dirname = TAKE_PTR(todos[n_todo].dirname); ++ ++ assert(d); ++ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ ++ assert(fd >= 0); ++ } else { ++ next_fd: ++ assert(fd >= 0); ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } ++ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have ++ * the right descriptor even if it were to internally invalidate the ++ * one we passed. */ ++ ++ if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; ++ ++ if (fstatfs(fd, &sfs) < 0) ++ return -errno; ++ ++ if (is_physical_fs(&sfs)) { ++ /* We refuse to clean physical file systems with this call, unless ++ * explicitly requested. This is extra paranoia just to be sure we ++ * never ever remove non-state data. */ ++ ++ _cleanup_free_ char *path = NULL; ++ ++ (void) fd_get_path(fd, &path); ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); ++ } ++ } ++ } + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return -errno; +- } ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ int is_dir; + +- if (!(flags & REMOVE_PHYSICAL)) { +- struct statfs sfs; ++ if (dot_or_dot_dot(de->d_name)) ++ continue; + +- if (fstatfs(dirfd(d), &sfs) < 0) +- return -errno; +- } ++ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; + +- if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, unless explicitly +- * requested. This is extra paranoia just to be sure we never ever remove non-state +- * data. */ +- +- _cleanup_free_ char *path = NULL; +- +- (void) fd_get_path(fd, &path); +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); +- } +- } ++ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); ++ if (r == -EISDIR) { ++ /* Push the current working state onto the todo list */ + +- FOREACH_DIRENT_ALL(de, d, return -errno) { +- int is_dir; ++ if (!GREEDY_REALLOC0(todos, allocated, n_todo + 2)) ++ return log_oom(); + +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ _cleanup_free_ char *newdirname = strdup(de->d_name); ++ if (!newdirname) ++ return log_oom(); + +- is_dir = +- de->d_type == DT_UNKNOWN ? -1 : +- de->d_type == DT_DIR; +- +- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); +- if (r < 0 && r != -ENOENT && ret == 0) +- ret = r; +- } ++ int newfd = openat(fd, de->d_name, ++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (newfd >= 0) { ++ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; ++ fd = newfd; ++ dirname = TAKE_PTR(newdirname); ++ ++ goto next_fd; + +- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) +- ret = -errno; ++ } else if (errno != -ENOENT && ret == 0) ++ ret = -errno; ++ ++ } else if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ } ++ ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) ++ ret = -errno; ++ ++ if (n_todo == 0) ++ break; ++ } + + return ret; + } +@@ -250,5 +315,5 @@ + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) + return -EINVAL; + +- return rm_rf_children_inner(fd, name, -1, flags, NULL); ++ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); + } diff --git a/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch b/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch new file mode 100644 index 0000000000..b860da008c --- /dev/null +++ b/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch @@ -0,0 +1,35 @@ +Backport of the following upstream commit: +From bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 5 Oct 2021 10:32:56 +0200 +Subject: [PATCH] rm-rf: optionally fsync() after removing directory tree + +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/basic/rm-rf.c | 3 +++ + src/basic/rm-rf.h | 1 + + 2 files changed, 4 insertions(+) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -161,6 +161,9 @@ + ret = r; + } + ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) ++ ret = -errno; ++ + return ret; + } + +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -11,6 +11,7 @@ + REMOVE_PHYSICAL = 1 << 2, /* If not set, only removes files on tmpfs, never physical file systems */ + REMOVE_SUBVOLUME = 1 << 3, /* Drop btrfs subvolumes in the tree too */ + REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ ++ REMOVE_SYNCFS = 1 << 7, /* syncfs() the root of the specified directory after removing everything in it */ + } RemoveFlags; + + int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); diff --git a/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch b/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch new file mode 100644 index 0000000000..f80e6433c6 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch @@ -0,0 +1,318 @@ +Backport of the following upstream commit: +From 96906b22417c65d70933976e0ee920c70c9113a4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 26 Jan 2021 16:30:06 +0100 +Subject: [PATCH] rm-rf: refactor rm_rf_children(), split out body of directory + iteration loop + +This splits out rm_rf_children_inner() as body of the loop. We can use +that to implement rm_rf_child() for deleting one specific entry in a +directory. + +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com> +--- + src/basic/rm-rf.c | 223 ++++++++++++++++++++++++++------------------- + src/basic/rm-rf.h | 3 +- + 2 files changed, 131 insertions(+), 95 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -19,138 +19,153 @@ + #include "stat-util.h" + #include "string-util.h" + ++/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after ++ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove ++ * those again. */ + static bool is_physical_fs(const struct statfs *sfs) { + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { ++static int rm_rf_children_inner( ++ int fd, ++ const char *fname, ++ int is_dir, ++ RemoveFlags flags, ++ const struct stat *root_dev) { ++ ++ struct stat st; ++ int r; ++ ++ assert(fd >= 0); ++ assert(fname); ++ ++ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { ++ ++ r = fstatat(fd, fname, &st, AT_SYMLINK_NOFOLLOW); ++ if (r < 0) ++ return r; ++ ++ is_dir = S_ISDIR(st.st_mode); ++ } ++ ++ if (is_dir) { ++ _cleanup_close_ int subdir_fd = -1; ++ int q; ++ ++ /* if root_dev is set, remove subdirectories only if device is same */ ++ if (root_dev && st.st_dev != root_dev->st_dev) ++ return 0; ++ ++ /* Stop at mount points */ ++ r = fd_is_mount_point(fd, fname, 0); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ return 0; ++ ++ if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { ++ ++ /* This could be a subvolume, try to remove it */ ++ ++ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); ++ if (r < 0) { ++ if (!IN_SET(r, -ENOTTY, -EINVAL)) ++ return r; ++ ++ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ ++ } else ++ /* It was a subvolume, done. */ ++ return 1; ++ } ++ ++ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (subdir_fd < 0) ++ return -errno; ++ ++ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type ++ * again for each directory */ ++ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); ++ ++ r = unlinkat(fd, fname, AT_REMOVEDIR); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; ++ ++ return 1; ++ ++ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { ++ r = unlinkat(fd, fname, 0); ++ if (r < 0) ++ return r; ++ ++ return 1; ++ } ++ ++ return 0; ++} ++ ++int rm_rf_children( ++ int fd, ++ RemoveFlags flags, ++ const struct stat *root_dev) { ++ + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; + int ret = 0, r; +- struct statfs sfs; + + assert(fd >= 0); + + /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure.. */ ++ * fd, in all cases, including on failure. */ ++ ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } + + if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; + +- r = fstatfs(fd, &sfs); +- if (r < 0) { +- safe_close(fd); ++ if (fstatfs(dirfd(d), &sfs) < 0) + return -errno; + } + + if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, +- * unless explicitly requested. This is extra paranoia just +- * to be sure we never ever remove non-state data. */ ++ /* We refuse to clean physical file systems with this call, unless explicitly ++ * requested. This is extra paranoia just to be sure we never ever remove non-state ++ * data. */ ++ + _cleanup_free_ char *path = NULL; + + (void) fd_get_path(fd, &path); +- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); +- +- safe_close(fd); +- return -EPERM; ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); + } + } + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return errno == ENOENT ? 0 : -errno; +- } +- + FOREACH_DIRENT_ALL(de, d, return -errno) { +- bool is_dir; +- struct stat st; ++ int is_dir; + + if (dot_or_dot_dot(de->d_name)) + continue; + +- if (de->d_type == DT_UNKNOWN || +- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { +- if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- continue; +- } +- +- is_dir = S_ISDIR(st.st_mode); +- } else +- is_dir = de->d_type == DT_DIR; +- +- if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; +- +- /* if root_dev is set, remove subdirectories only if device is same */ +- if (root_dev && st.st_dev != root_dev->st_dev) +- continue; +- +- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (subdir_fd < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- continue; +- } +- +- /* Stop at mount points */ +- r = fd_is_mount_point(fd, de->d_name, 0); +- if (r < 0) { +- if (ret == 0 && r != -ENOENT) +- ret = r; +- +- continue; +- } +- if (r > 0) +- continue; +- +- if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { +- +- /* This could be a subvolume, try to remove it */ +- +- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +- if (r < 0) { +- if (!IN_SET(r, -ENOTTY, -EINVAL)) { +- if (ret == 0) +- ret = r; +- +- continue; +- } +- +- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ +- } else +- /* It was a subvolume, continue. */ +- continue; +- } +- +- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file +- * system type again for each directory */ +- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); +- if (r < 0 && ret == 0) +- ret = r; +- +- if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- } +- +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { +- +- if (unlinkat(fd, de->d_name, 0) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- } +- } ++ is_dir = ++ de->d_type == DT_UNKNOWN ? -1 : ++ de->d_type == DT_DIR; ++ ++ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; + } ++ + return ret; + } + + int rm_rf(const char *path, RemoveFlags flags) { + int fd, r; +- struct statfs s; + + assert(path); + +@@ -195,9 +210,10 @@ + if (FLAGS_SET(flags, REMOVE_ROOT)) { + + if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; ++ + if (statfs(path, &s) < 0) + return -errno; +- + if (is_physical_fs(&s)) + return log_error_errno(SYNTHETIC_ERRNO(EPERM), + "Attempted to remove files from a disk file system under \"%s\", refusing.", +@@ -225,3 +241,22 @@ + + return r; + } ++ ++int rm_rf_child(int fd, const char *name, RemoveFlags flags) { ++ ++ /* Removes one specific child of the specified directory */ ++ ++ if (fd < 0) ++ return -EBADF; ++ ++ if (!filename_is_valid(name)) ++ return -EINVAL; ++ ++ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */ ++ return -EINVAL; ++ ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) ++ return -EINVAL; ++ ++ return rm_rf_children_inner(fd, name, -1, flags, NULL); ++} +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -13,7 +13,8 @@ + REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ + } RemoveFlags; + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev); ++int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); ++int rm_rf_child(int fd, const char *name, RemoveFlags flags); + int rm_rf(const char *path, RemoveFlags flags); + + /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index b6f5a47d63..66446e2a7c 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -28,6 +28,11 @@ SRC_URI += "file://touchscreen.rules \ file://network-merge-link_drop-and-link_detach_from_manager.patch \ file://network-also-drop-requests-when-link-enters-linger-state.patch \ file://network-fix-Link-reference-counter-issue.patch \ + file://rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch \ + file://rm-rf-optionally-fsync-after-removing-directory-tree.patch \ + file://CVE-2021-3997-1.patch \ + file://CVE-2021-3997-2.patch \ + file://CVE-2021-3997-3.patch \ " # patches needed by musl -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 03/20] grub: add a fix for CVE-2020-25632 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 02/20] systemd: Fix CVE-2021-3997 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 04/20] grub: add a fix for CVE-2020-25647 Steve Sakoman ` (16 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Marta Rybczynska <rybczynska@gmail.com> Fix grub issue with module dereferencing. From the official description from NVD [1]: The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25632 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../grub/files/CVE-2020-25632.patch | 90 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 91 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25632.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2020-25632.patch b/meta/recipes-bsp/grub/files/CVE-2020-25632.patch new file mode 100644 index 0000000000..0b37c72f0f --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-25632.patch @@ -0,0 +1,90 @@ +From 7630ec5397fe418276b360f9011934b8c034936c Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Tue, 29 Sep 2020 14:08:55 +0200 +Subject: [PATCH] dl: Only allow unloading modules that are not dependencies + +When a module is attempted to be removed its reference counter is always +decremented. This means that repeated rmmod invocations will cause the +module to be unloaded even if another module depends on it. + +This may lead to a use-after-free scenario allowing an attacker to execute +arbitrary code and by-pass the UEFI Secure Boot protection. + +While being there, add the extern keyword to some function declarations in +that header file. + +Fixes: CVE-2020-25632 + +Reported-by: Chris Coulson <chris.coulson@canonical.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7630ec5397fe418276b360f9011934b8c034936c] +CVE: CVE-2020-25632 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/commands/minicmd.c | 7 +++++-- + grub-core/kern/dl.c | 9 +++++++++ + include/grub/dl.h | 8 +++++--- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 6bbce3128..fa498931e 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), + if (grub_dl_is_persistent (mod)) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); + +- if (grub_dl_unref (mod) <= 0) +- grub_dl_unload (mod); ++ if (grub_dl_ref_count (mod) > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module"); ++ ++ grub_dl_unref (mod); ++ grub_dl_unload (mod); + + return 0; + } +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 48eb5e7b6..48f8a7907 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -549,6 +549,15 @@ grub_dl_unref (grub_dl_t mod) + return --mod->ref_count; + } + ++int ++grub_dl_ref_count (grub_dl_t mod) ++{ ++ if (mod == NULL) ++ return 0; ++ ++ return mod->ref_count; ++} ++ + static void + grub_dl_flush_cache (grub_dl_t mod) + { +diff --git a/include/grub/dl.h b/include/grub/dl.h +index f03c03561..b3753c9ca 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); + grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); + grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); + int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); +-void grub_dl_unload_unneeded (void); +-int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); +-int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern void grub_dl_unload_unneeded (void); ++extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); ++ + extern grub_dl_t EXPORT_VAR(grub_dl_head); + + #ifndef GRUB_UTIL +-- +2.33.0 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index db7c23a84a..6a17940afb 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -45,6 +45,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_5.patch \ file://CVE-2020-27779_6.patch \ file://CVE-2020-27779_7.patch \ + file://CVE-2020-25632.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 04/20] grub: add a fix for CVE-2020-25647 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (2 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 03/20] grub: add a fix for CVE-2020-25632 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 05/20] ghostscript: fix CVE-2021-45949 Steve Sakoman ` (15 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Marta Rybczynska <rybczynska@gmail.com> Fix a grub issue with incorrect values from an usb device. From the official description from NVD [1]: During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../grub/files/CVE-2020-25647.patch | 119 ++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 120 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25647.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2020-25647.patch b/meta/recipes-bsp/grub/files/CVE-2020-25647.patch new file mode 100644 index 0000000000..cb77fd4772 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-25647.patch @@ -0,0 +1,119 @@ +From 128c16a682034263eb519c89bc0934eeb6fa8cfa Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas <javierm@redhat.com> +Date: Fri, 11 Dec 2020 19:19:21 +0100 +Subject: [PATCH] usb: Avoid possible out-of-bound accesses caused by malicious + devices + +The maximum number of configurations and interfaces are fixed but there is +no out-of-bound checking to prevent a malicious USB device to report large +values for these and cause accesses outside the arrays' memory. + +Fixes: CVE-2020-25647 + +Reported-by: Joseph Tartaro <joseph.tartaro@ioactive.com> +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=128c16a682034263eb519c89bc0934eeb6fa8cfa] +CVE: CVE-2020-25647 +Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> +--- + grub-core/bus/usb/usb.c | 15 ++++++++++++--- + include/grub/usb.h | 10 +++++++--- + 2 files changed, 19 insertions(+), 6 deletions(-) + +diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c +index 8da5e4c74..7cb3cc230 100644 +--- a/grub-core/bus/usb/usb.c ++++ b/grub-core/bus/usb/usb.c +@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, + grub_usb_err_t + grub_usb_clear_halt (grub_usb_device_t dev, int endpoint) + { ++ if (endpoint >= GRUB_USB_MAX_TOGGLE) ++ return GRUB_USB_ERR_BADDEVICE; ++ + dev->toggle[endpoint] = 0; + return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT + | GRUB_USB_REQTYPE_STANDARD +@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev) + return err; + descdev = &dev->descdev; + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + dev->config[i].descconf = NULL; + +- if (descdev->configcnt == 0) ++ if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF) + { + err = GRUB_USB_ERR_BADDEVICE; + goto fail; +@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev) + /* Skip the configuration descriptor. */ + pos = dev->config[i].descconf->length; + ++ if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF) ++ { ++ err = GRUB_USB_ERR_BADDEVICE; ++ goto fail; ++ } ++ + /* Read all interfaces. */ + for (currif = 0; currif < dev->config[i].descconf->numif; currif++) + { +@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev) + + fail: + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + grub_free (dev->config[i].descconf); + + return err; +diff --git a/include/grub/usb.h b/include/grub/usb.h +index 512ae1dd0..6475c552f 100644 +--- a/include/grub/usb.h ++++ b/include/grub/usb.h +@@ -23,6 +23,10 @@ + #include <grub/usbdesc.h> + #include <grub/usbtrans.h> + ++#define GRUB_USB_MAX_CONF 8 ++#define GRUB_USB_MAX_IF 32 ++#define GRUB_USB_MAX_TOGGLE 256 ++ + typedef struct grub_usb_device *grub_usb_device_t; + typedef struct grub_usb_controller *grub_usb_controller_t; + typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t; +@@ -167,7 +171,7 @@ struct grub_usb_configuration + struct grub_usb_desc_config *descconf; + + /* Interfaces associated to this configuration. */ +- struct grub_usb_interface interf[32]; ++ struct grub_usb_interface interf[GRUB_USB_MAX_IF]; + }; + + struct grub_usb_hub_port +@@ -191,7 +195,7 @@ struct grub_usb_device + struct grub_usb_controller controller; + + /* Device configurations (after opening the device). */ +- struct grub_usb_configuration config[8]; ++ struct grub_usb_configuration config[GRUB_USB_MAX_CONF]; + + /* Device address. */ + int addr; +@@ -203,7 +207,7 @@ struct grub_usb_device + int initialized; + + /* Data toggle values (used for bulk transfers only). */ +- int toggle[256]; ++ int toggle[GRUB_USB_MAX_TOGGLE]; + + /* Used by libusb wrapper. Schedulded for removal. */ + void *data; +-- +2.33.0 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 6a17940afb..9b20e1c09b 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -46,6 +46,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_6.patch \ file://CVE-2020-27779_7.patch \ file://CVE-2020-25632.patch \ + file://CVE-2020-25647.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 05/20] ghostscript: fix CVE-2021-45949 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (3 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 04/20] grub: add a fix for CVE-2020-25647 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 06/20] expat: fix CVE-2022-23852 Steve Sakoman ` (14 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Minjae Kim <flowergom@gmail.com> Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). To apply this CVE-2021-45959 patch, the check-stack-limits-after-function-evalution.patch should be applied first. References: https://nvd.nist.gov/vuln/detail/CVE-2021-45949 Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../ghostscript/CVE-2021-45949.patch | 65 +++++++++++++++++++ ...tack-limits-after-function-evalution.patch | 51 +++++++++++++++ .../ghostscript/ghostscript_9.52.bb | 2 + 3 files changed, 118 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch new file mode 100644 index 0000000000..f312f89e04 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch @@ -0,0 +1,65 @@ +From 6643ff0cb837db3eade489ffff21e3e92eee2ae0 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 28 Jan 2022 08:21:19 +0000 +Subject: [PATCH] [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7] +CVE: CVE-2021-45949 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0023fa4..f84671f 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -534,14 +534,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } + pop(num_out); /* Move op to base of result values */ +- ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ + /* Check if we are done collecting data. */ + + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) + make_null(op - i); + } +-- +2.17.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch new file mode 100644 index 0000000000..722bab4ddb --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch @@ -0,0 +1,51 @@ +From 7861fcad13c497728189feafb41cd57b5b50ea25 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 12 Feb 2021 10:34:23 +0000 +Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation. + +During function result sampling, after the callout to the Postscript +interpreter, make sure there is enough stack space available before pushing +or popping entries. + +In thise case, the Postscript procedure for the "function" is totally invalid +(as a function), and leaves the op stack in an unrecoverable state (as far as +function evaluation is concerned). We end up popping more entries off the +stack than are available. + +To cope, add in stack limit checking to throw an appropriate error when this +happens. + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 290809405..652ae02c6 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + } else { + if (stack_depth_adjust) { + stack_depth_adjust -= num_out; +- push(O_STACK_PAD - stack_depth_adjust); +- for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) +- make_null(op - i); ++ if ((O_STACK_PAD - stack_depth_adjust) < 0) { ++ stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); ++ check_op(stack_depth_adjust); ++ pop(stack_depth_adjust); ++ } ++ else { ++ check_ostack(O_STACK_PAD - stack_depth_adjust); ++ push(O_STACK_PAD - stack_depth_adjust); ++ for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) ++ make_null(op - i); ++ } + } + } + +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 32346e6811..ac3d0dca43 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -39,6 +39,8 @@ SRC_URI = "${SRC_URI_BASE} \ file://ghostscript-9.21-prevent_recompiling.patch \ file://cups-no-gcrypt.patch \ file://CVE-2020-15900.patch \ + file://check-stack-limits-after-function-evalution.patch \ + file://CVE-2021-45949.patch \ " SRC_URI_class-native = "${SRC_URI_BASE} \ -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 06/20] expat: fix CVE-2022-23852 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (4 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 05/20] ghostscript: fix CVE-2021-45949 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch Steve Sakoman ` (13 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../expat/expat/CVE-2022-23852.patch | 33 +++++++++++++++++++ meta/recipes-core/expat/expat_2.2.9.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23852.patch diff --git a/meta/recipes-core/expat/expat/CVE-2022-23852.patch b/meta/recipes-core/expat/expat/CVE-2022-23852.patch new file mode 100644 index 0000000000..41425c108b --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2022-23852.patch @@ -0,0 +1,33 @@ +From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro <ferivoz@riseup.net> +Date: Sat, 22 Jan 2022 17:48:00 +0100 +Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer + (CVE-2022-23852) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 + +CVE: CVE-2022-23852 + +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + expat/lib/xmlparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d54af683..5ce31402 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) { + keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer); + if (keep > XML_CONTEXT_BYTES) + keep = XML_CONTEXT_BYTES; ++ /* Detect and prevent integer overflow */ ++ if (keep > INT_MAX - neededSize) { ++ parser->m_errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } + neededSize += keep; + #endif /* defined XML_CONTEXT_BYTES */ + if (neededSize diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb index 757c18c5fa..6a6d5c066f 100644 --- a/meta/recipes-core/expat/expat_2.2.9.bb +++ b/meta/recipes-core/expat/expat_2.2.9.bb @@ -11,6 +11,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \ file://CVE-2021-45960.patch \ file://CVE-2021-46143.patch \ file://CVE-2022-22822-27.patch \ + file://CVE-2022-23852.patch \ file://libtool-tag.patch \ " -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (5 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 06/20] expat: fix CVE-2022-23852 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 Steve Sakoman ` (12 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-core/expat/expat/CVE-2021-46143.patch | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/meta/recipes-core/expat/expat/CVE-2021-46143.patch index d6bafba0ff..b1a726d9a8 100644 --- a/meta/recipes-core/expat/expat/CVE-2021-46143.patch +++ b/meta/recipes-core/expat/expat/CVE-2021-46143.patch @@ -4,6 +4,12 @@ Date: Sat, 25 Dec 2021 20:52:08 +0100 Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b + +CVE: CVE-2021-46143 + +Signed-off-by: Steve Sakoman <steve@sakoman.com> --- expat/lib/xmlparse.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (6 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags Steve Sakoman ` (11 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Add patches to fix CVE-2021-3995 and CVE-2021-3996 Also, add support include-strutils-cleanup-strto-functions.patch to solve compilation error where `ul_strtou64` function not found which is used in CVE-2021-3995.patch Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../util-linux/util-linux/CVE-2021-3995.patch | 139 +++++++++ .../util-linux/util-linux/CVE-2021-3996.patch | 226 +++++++++++++++ ...ude-strutils-cleanup-strto-functions.patch | 270 ++++++++++++++++++ .../util-linux/util-linux_2.35.1.bb | 3 + 4 files changed, 638 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch create mode 100644 meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch new file mode 100644 index 0000000000..1dcb66ad1d --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch @@ -0,0 +1,139 @@ +From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Wed, 24 Nov 2021 13:53:25 +0100 +Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995] + +Improper UID check allows an unprivileged user to unmount FUSE +filesystems of users with similar UID. + +Signed-off-by: Karel Zak <kzak@redhat.com> + +CVE: CVE-2021-3995 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + include/strutils.h | 2 +- + libmount/src/context_umount.c | 14 +++--------- + libmount/src/mountP.h | 1 + + libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++ + 4 files changed, 47 insertions(+), 12 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index 6e95707ea9..a84d29594d 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -91,8 +91,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma + if (n + 1 > nmax) + n = nmax - 1; + ++ memset(dest, '\0', nmax); + memcpy(dest, src, n); +- dest[nmax-1] = '\0'; + return dest; + } + +diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c +index 173637a15a..8773c65ffa 100644 +--- a/libmount/src/context_umount.c ++++ b/libmount/src/context_umount.c +@@ -393,10 +393,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + struct libmnt_ns *ns_old; + const char *type = mnt_fs_get_fstype(cxt->fs); + const char *optstr; +- char *user_id = NULL; +- size_t sz; +- uid_t uid; +- char uidstr[sizeof(stringify_value(ULONG_MAX))]; ++ uid_t uid, entry_uid; + + *errsv = 0; + +@@ -413,11 +410,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + optstr = mnt_fs_get_fs_options(cxt->fs); + if (!optstr) + return 0; +- +- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0) +- return 0; +- +- if (sz == 0 || user_id == NULL) ++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0) + return 0; + + /* get current user */ +@@ -434,8 +427,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + return 0; + } + +- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid); +- return strncmp(user_id, uidstr, sz) == 0; ++ return uid == entry_uid; + } + + /* +diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h +index d43a835418..22442ec55e 100644 +--- a/libmount/src/mountP.h ++++ b/libmount/src/mountP.h +@@ -400,6 +400,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry( + const struct libmnt_optmap **mapent); + + /* optstr.c */ ++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid); + extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end); + extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next); + extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next); +diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c +index 921b9318e7..16800f571c 100644 +--- a/libmount/src/optstr.c ++++ b/libmount/src/optstr.c +@@ -1090,6 +1090,48 @@ int mnt_optstr_fix_user(char **optstr) + return rc; + } + ++/* ++ * Converts value from @optstr addressed by @name to uid. ++ * ++ * Returns: 0 on success, 1 if not found, <0 on error ++ */ ++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid) ++{ ++ char *value = NULL; ++ size_t valsz = 0; ++ char buf[sizeof(stringify_value(UINT64_MAX))]; ++ int rc; ++ uint64_t num; ++ ++ assert(optstr); ++ assert(name); ++ assert(uid); ++ ++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz); ++ if (rc != 0) ++ goto fail; ++ ++ if (valsz > sizeof(buf) - 1) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ mem2strcpy(buf, value, valsz, sizeof(buf)); ++ ++ rc = ul_strtou64(buf, &num, 10); ++ if (rc != 0) ++ goto fail; ++ if (num > ULONG_MAX || (uid_t) num != num) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ *uid = (uid_t) num; ++ ++ return 0; ++fail: ++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc)); ++ return rc; ++} ++ + /** + * mnt_match_options: + * @optstr: options string diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch new file mode 100644 index 0000000000..1610b5a0fe --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch @@ -0,0 +1,226 @@ +From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Tue, 4 Jan 2022 10:54:20 +0100 +Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996] + +This issue is related to parsing the /proc/self/mountinfo file allows an +unprivileged user to unmount other user's filesystems that are either +world-writable themselves or mounted in a world-writable directory. + +The support for "(deleted)" is no more necessary as the Linux kernel does +not use it in /proc/self/mountinfo and /proc/self/mount files anymore. + +Signed-off-by: Karel Zak <kzak@redhat.com> + +CVE: CVE-2021-3996 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + libmount/src/tab_parse.c | 5 ----- + tests/expected/findmnt/filter-options | 1 - + tests/expected/findmnt/filter-options-nameval-neg | 3 +-- + tests/expected/findmnt/filter-types-neg | 1 - + tests/expected/findmnt/outputs-default | 3 +-- + tests/expected/findmnt/outputs-force-tree | 3 +-- + tests/expected/findmnt/outputs-kernel | 3 +-- + tests/expected/libmount/tabdiff-mount | 1 - + tests/expected/libmount/tabdiff-move | 1 - + tests/expected/libmount/tabdiff-remount | 1 - + tests/expected/libmount/tabdiff-umount | 1 - + tests/expected/libmount/tabfiles-parse-mountinfo | 11 ----------- + tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 ----------- + tests/ts/findmnt/files/mountinfo | 1 - + tests/ts/findmnt/files/mountinfo-nonroot | 1 - + tests/ts/libmount/files/mountinfo | 1 - + 16 files changed, 4 insertions(+), 44 deletions(-) + +diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c +index 917779ab6d..4407f9c9c7 100644 +--- a/libmount/src/tab_parse.c ++++ b/libmount/src/tab_parse.c +@@ -225,11 +225,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s) + goto fail; + } + +- /* remove "\040(deleted)" suffix */ +- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX); +- if (p && *p) +- *p = '\0'; +- + s = skip_separator(s); + + /* (6) vfs options (fs-independent) */ +diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options +index 2606bce76b..97b0ead0ad 100644 +--- a/tests/expected/findmnt/filter-options ++++ b/tests/expected/findmnt/filter-options +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg +index 5471d65af1..f0467ef755 100644 +--- a/tests/expected/findmnt/filter-options-nameval-neg ++++ b/tests/expected/findmnt/filter-options-nameval-neg +@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg +index 2606bce76b..97b0ead0ad 100644 +--- a/tests/expected/findmnt/filter-types-neg ++++ b/tests/expected/findmnt/filter-types-neg +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-default ++++ b/tests/expected/findmnt/outputs-default +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-force-tree ++++ b/tests/expected/findmnt/outputs-force-tree +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-kernel ++++ b/tests/expected/findmnt/outputs-kernel +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount +index 420aeacd5e..3c18f8dc4f 100644 +--- a/tests/expected/libmount/tabdiff-mount ++++ b/tests/expected/libmount/tabdiff-mount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: MOUNTED +-/fooooo on /mnt/foo: MOUNTED + tmpfs on /mnt/test/foo\rbar: MOUNTED +diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move +index 24f9bc791b..95820d93ef 100644 +--- a/tests/expected/libmount/tabdiff-move ++++ b/tests/expected/libmount/tabdiff-move +@@ -1,3 +1,2 @@ + //foo.home/bar/ on /mnt/music: MOVED to /mnt/music +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo\rbar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount +index 82ebeab390..876bfd9539 100644 +--- a/tests/expected/libmount/tabdiff-remount ++++ b/tests/expected/libmount/tabdiff-remount +@@ -1,4 +1,3 @@ + /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered' + //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo\rbar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount +index a3e0fe48a1..c7be725b92 100644 +--- a/tests/expected/libmount/tabdiff-umount ++++ b/tests/expected/libmount/tabdiff-umount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: UMOUNTED +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo\rbar: UMOUNTED +diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo +index 47eb770061..d5ba5248e4 100644 +--- a/tests/expected/libmount/tabfiles-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo\rbar + fstype: tmpfs +diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo +index 47eb770061..d5ba5248e4 100644 +--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo\rbar + fstype: tmpfs +diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo +index 475ea1a337..ff1e664a84 100644 +--- a/tests/ts/findmnt/files/mountinfo ++++ b/tests/ts/findmnt/files/mountinfo +@@ -30,4 +30,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot +index e15b467016..87b421d2ef 100644 +--- a/tests/ts/findmnt/files/mountinfo-nonroot ++++ b/tests/ts/findmnt/files/mountinfo-nonroot +@@ -29,4 +29,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo +index c063071833..2b01740481 100644 +--- a/tests/ts/libmount/files/mountinfo ++++ b/tests/ts/libmount/files/mountinfo +@@ -30,5 +30,4 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw + 49 20 0:56 / /mnt/test/foo\rbar rw,relatime shared:323 - tmpfs tmpfs rw diff --git a/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch b/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch new file mode 100644 index 0000000000..5d5a370821 --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch @@ -0,0 +1,270 @@ +From 84825b161ba5d18da4142893b9789b3fc71284d9 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Tue, 22 Jun 2021 14:20:42 +0200 +Subject: [PATCH] include/strutils: cleanup strto..() functions + +* add ul_strtos64() and ul_strtou64() +* add simple test + +Addresses: https://github.com/karelzak/util-linux/issues/1358 +Signed-off-by: Karel Zak <kzak@redhat.com> + +Upstream-Backport: [https://github.com/util-linux/util-linux/commit/84825b161ba5d18da4142893b9789b3fc71284d9] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + include/strutils.h | 3 + + lib/strutils.c | 174 ++++++++++++++++++++++++++------------------- + 2 files changed, 105 insertions(+), 72 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index e75a2f0e17..389e849905 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -19,6 +19,9 @@ extern int parse_size(const char *str, uintmax_t *res, int *power); + extern int strtosize(const char *str, uintmax_t *res); + extern uintmax_t strtosize_or_err(const char *str, const char *errmesg); + ++extern int ul_strtos64(const char *str, int64_t *num, int base); ++extern int ul_strtou64(const char *str, uint64_t *num, int base); ++ + extern int16_t strtos16_or_err(const char *str, const char *errmesg); + extern uint16_t strtou16_or_err(const char *str, const char *errmesg); + extern uint16_t strtox16_or_err(const char *str, const char *errmesg); +diff --git a/lib/strutils.c b/lib/strutils.c +index ee2c835495..d9976dca70 100644 +--- a/lib/strutils.c ++++ b/lib/strutils.c +@@ -319,39 +319,80 @@ char *strndup(const char *s, size_t n) + } + #endif + +-static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base); +-static uint64_t _strtou64_or_err(const char *str, const char *errmesg, int base); ++/* ++ * convert strings to numbers; returns <0 on error, and 0 on success ++ */ ++int ul_strtos64(const char *str, int64_t *num, int base) ++{ ++ char *end = NULL; + +-int16_t strtos16_or_err(const char *str, const char *errmesg) ++ errno = 0; ++ if (str == NULL || *str == '\0') ++ return -EINVAL; ++ *num = (int64_t) strtoimax(str, &end, base); ++ ++ if (errno || str == end || (end && *end)) ++ return -EINVAL; ++ return 0; ++} ++ ++int ul_strtou64(const char *str, uint64_t *num, int base) + { +- int32_t num = strtos32_or_err(str, errmesg); ++ char *end = NULL; + +- if (num < INT16_MIN || num > INT16_MAX) { +- errno = ERANGE; +- err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- } +- return num; ++ errno = 0; ++ if (str == NULL || *str == '\0') ++ return -EINVAL; ++ *num = (uint64_t) strtoumax(str, &end, base); ++ ++ if (errno || str == end || (end && *end)) ++ return -EINVAL; ++ return 0; + } + +-static uint16_t _strtou16_or_err(const char *str, const char *errmesg, int base) ++/* ++ * Covert strings to numbers and print message on error. ++ * ++ * Note that hex functions (strtox..()) returns unsigned numbers, if you need ++ * something else then use ul_strtos64(s, &n, 16). ++ */ ++int64_t strtos64_or_err(const char *str, const char *errmesg) + { +- uint32_t num = _strtou32_or_err(str, errmesg, base); ++ int64_t num = 0; + +- if (num > UINT16_MAX) { +- errno = ERANGE; +- err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ if (ul_strtos64(str, &num, 10) != 0) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); + } + return num; + } + +-uint16_t strtou16_or_err(const char *str, const char *errmesg) ++uint64_t strtou64_or_err(const char *str, const char *errmesg) + { +- return _strtou16_or_err(str, errmesg, 10); ++ uint64_t num = 0; ++ ++ if (ul_strtou64(str, &num, 10)) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-uint16_t strtox16_or_err(const char *str, const char *errmesg) ++uint64_t strtox64_or_err(const char *str, const char *errmesg) + { +- return _strtou16_or_err(str, errmesg, 16); ++ uint64_t num = 0; ++ ++ if (ul_strtou64(str, &num, 16)) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + + int32_t strtos32_or_err(const char *str, const char *errmesg) +@@ -365,9 +406,9 @@ int32_t strtos32_or_err(const char *str, const char *errmesg) + return num; + } + +-static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base) ++uint32_t strtou32_or_err(const char *str, const char *errmesg) + { +- uint64_t num = _strtou64_or_err(str, errmesg, base); ++ uint64_t num = strtou64_or_err(str, errmesg); + + if (num > UINT32_MAX) { + errno = ERANGE; +@@ -376,66 +417,48 @@ static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base) + return num; + } + +-uint32_t strtou32_or_err(const char *str, const char *errmesg) +-{ +- return _strtou32_or_err(str, errmesg, 10); +-} +- + uint32_t strtox32_or_err(const char *str, const char *errmesg) + { +- return _strtou32_or_err(str, errmesg, 16); ++ uint64_t num = strtox64_or_err(str, errmesg); ++ ++ if (num > UINT32_MAX) { ++ errno = ERANGE; ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-int64_t strtos64_or_err(const char *str, const char *errmesg) ++int16_t strtos16_or_err(const char *str, const char *errmesg) + { +- int64_t num; +- char *end = NULL; +- +- errno = 0; +- if (str == NULL || *str == '\0') +- goto err; +- num = strtoimax(str, &end, 10); +- +- if (errno || str == end || (end && *end)) +- goto err; ++ int64_t num = strtos64_or_err(str, errmesg); + +- return num; +-err: +- if (errno == ERANGE) ++ if (num < INT16_MIN || num > INT16_MAX) { ++ errno = ERANGE; + err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- +- errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-static uint64_t _strtou64_or_err(const char *str, const char *errmesg, int base) ++uint16_t strtou16_or_err(const char *str, const char *errmesg) + { +- uintmax_t num; +- char *end = NULL; +- +- errno = 0; +- if (str == NULL || *str == '\0') +- goto err; +- num = strtoumax(str, &end, base); +- +- if (errno || str == end || (end && *end)) +- goto err; ++ uint64_t num = strtou64_or_err(str, errmesg); + +- return num; +-err: +- if (errno == ERANGE) ++ if (num > UINT16_MAX) { ++ errno = ERANGE; + err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- +- errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-uint64_t strtou64_or_err(const char *str, const char *errmesg) ++uint16_t strtox16_or_err(const char *str, const char *errmesg) + { +- return _strtou64_or_err(str, errmesg, 10); +-} ++ uint64_t num = strtox64_or_err(str, errmesg); + +-uint64_t strtox64_or_err(const char *str, const char *errmesg) +-{ +- return _strtou64_or_err(str, errmesg, 16); ++ if (num > UINT16_MAX) { ++ errno = ERANGE; ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + + double strtod_or_err(const char *str, const char *errmesg) +@@ -1051,15 +1051,25 @@ static int test_strutils_cmp_paths(int a + + int main(int argc, char *argv[]) + { +- if (argc == 3 && strcmp(argv[1], "--size") == 0) ++ if (argc == 3 && strcmp(argv[1], "--size") == 0) { + return test_strutils_sizes(argc - 1, argv + 1); + +- else if (argc == 4 && strcmp(argv[1], "--cmp-paths") == 0) ++ } else if (argc == 4 && strcmp(argv[1], "--cmp-paths") == 0) { + return test_strutils_cmp_paths(argc - 1, argv + 1); + ++ } else if (argc == 3 && strcmp(argv[1], "--str2num") == 0) { ++ uint64_t n; ++ ++ if (ul_strtou64(argv[2], &n, 10) == 0) { ++ printf("'%s' --> %ju\n", argv[2], (uintmax_t) n); ++ return EXIT_SUCCESS; ++ } ++ } ++ + else { + fprintf(stderr, "usage: %1$s --size <number>[suffix]\n" +- " %1$s --cmp-paths <path> <path>\n", ++ " %1$s --cmp-paths <path> <path>\n" ++ " %1$s --num2num <str>\n", + argv[0]); + exit(EXIT_FAILURE); + } diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 731f0618eb..96d5eca518 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb @@ -12,6 +12,9 @@ SRC_URI += "file://configure-sbindir.patch \ file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ file://0001-include-cleanup-pidfd-inckudes.patch \ file://CVE-2021-37600.patch \ + file://include-strutils-cleanup-strto-functions.patch \ + file://CVE-2021-3995.patch \ + file://CVE-2021-3996.patch \ " SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags. 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (7 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 10/20] sstate: A third fix for for touching files inside pseudo Steve Sakoman ` (10 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Marek Vasut <marex@denx.de> Backport binutils upstream patch fixing sporadic link errors in c++ code. This triggers at least on arm32 and aarch64 with qt5 based applications. The ChangeLog part of the patch as well as space change is omitted. Binutils bug report for this problem is here: https://sourceware.org/bugzilla/show_bug.cgi?id=26520 Signed-off-by: Marek Vasut <marex@denx.de> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Steve Sakoman <steve@sakoman.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../binutils/binutils-2.34.inc | 1 + ...in-the-variable-table-used-when-reso.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 6104bec591..903b9d7b01 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -42,6 +42,7 @@ SRC_URI = "\ file://0015-sync-with-OE-libtool-changes.patch \ file://0016-Check-for-clang-before-checking-gcc-version.patch \ file://0017-binutils-drop-redundant-program_name-definition-fno-.patch \ + file://0018-Include-members-in-the-variable-table-used-when-reso.patch \ file://CVE-2020-0551.patch \ file://0001-gas-improve-reproducibility-for-stabs-debugging-data.patch \ file://CVE-2020-16592.patch \ diff --git a/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch b/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch new file mode 100644 index 0000000000..dc1e09d46b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch @@ -0,0 +1,32 @@ +From bf2252dca8c76e4c1f1c2dbf98dab7ffc9f5e5af Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Sat, 29 Aug 2020 08:03:15 +0100 +Subject: [PATCH] Include members in the variable table used when resolving + DW_AT_specification tags. + + PR 26520 + * dwarf2.c (scan_unit_for_symbols): Add member entries to the + variable table. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6f04d55f681149a69102a73937d0987719c3f16] +--- + bfd/dwarf2.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index dd3568a8532..ef2f6a3c63c 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -3248,7 +3248,8 @@ scan_unit_for_symbols (struct comp_unit *unit) + else + { + func = NULL; +- if (abbrev->tag == DW_TAG_variable) ++ if (abbrev->tag == DW_TAG_variable ++ || abbrev->tag == DW_TAG_member) + { + bfd_size_type amt = sizeof (struct varinfo); + var = (struct varinfo *) bfd_zalloc (abfd, amt); +-- +2.34.1 + -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 10/20] sstate: A third fix for for touching files inside pseudo 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (8 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 11/20] common-licenses: add Spencer-94 Steve Sakoman ` (9 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> This continues where commit 676757f "sstate: fix touching files inside pseudo" and commit 29fc8599 "sstate: another fix for touching files inside pseudo" left off. The previous changes switched from trying to check if the sstate file is writable before touching it, to always touching the sstate file and ignoring any errors. However, if the sstate file is actually a symbolic link that links to nothing, this would actually result in an empty sstate file being created. And this in turn leads to that future setscene tasks will fail when they try to unpack the empty file. Change the code so that if an sstate file linking to nothing already exists, it is overwritten with the new sstate file. Also change it so that the temporary file that is used is always removed, even if ln fails to link the sstate file to it. Change-Id: I3800f98d0f2a0dd076352df85fad7c81460e733d Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/sstate.bbclass | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index c2720cde92..00a0e8fbd7 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -841,14 +841,18 @@ sstate_create_package () { fi chmod 0664 $TFILE # Skip if it was already created by some other process - if [ ! -e ${SSTATE_PKG} ]; then + if [ -h ${SSTATE_PKG} ] && [ ! -e ${SSTATE_PKG} ]; then + # There is a symbolic link, but it links to nothing. + # Forcefully replace it with the new file. + ln -f $TFILE ${SSTATE_PKG} || true + elif [ ! -e ${SSTATE_PKG} ]; then # Move into place using ln to attempt an atomic op. # Abort if it already exists - ln $TFILE ${SSTATE_PKG} && rm $TFILE + ln $TFILE ${SSTATE_PKG} || true else - rm $TFILE + touch ${SSTATE_PKG} 2>/dev/null || true fi - touch ${SSTATE_PKG} 2>/dev/null || true + rm $TFILE } python sstate_sign_package () { @@ -878,7 +882,7 @@ python sstate_report_unihash() { sstate_unpack_package () { tar -xvzf ${SSTATE_PKG} # update .siginfo atime on local/NFS mirror if it is a symbolic link - [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true + [ ! -h ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true # update each symbolic link instead of any referenced file touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 11/20] common-licenses: add Spencer-94 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (9 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 10/20] sstate: A third fix for for touching files inside pseudo Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 12/20] lsof: correct LICENSE Steve Sakoman ` (8 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core Required to correct lsof licensing Previously added in master (along with many others), trimmed to just Spencer-94 for dunfell (From OE-Core rev: e2f9092c37395f4e3ee9d0777e28c83cce6007ee) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/files/common-licenses/Spencer-94 | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 meta/files/common-licenses/Spencer-94 diff --git a/meta/files/common-licenses/Spencer-94 b/meta/files/common-licenses/Spencer-94 new file mode 100644 index 0000000000..75ba7f7d2e --- /dev/null +++ b/meta/files/common-licenses/Spencer-94 @@ -0,0 +1,12 @@ +Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved. +This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions: + +1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 12/20] lsof: correct LICENSE 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (10 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 11/20] common-licenses: add Spencer-94 Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 13/20] tzdata: Remove BSD License specifier Steve Sakoman ` (7 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Ross Burton <ross@burtonini.com> The lsof LICENSE is superficially BSD-like, but it isn't BSD. Now that we have the full SPDX license set in oe-core, use Spencer-94. (From OE-Core rev: 5c1d61d1d4dfacb643a366285c0392e6a31087ed) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/lsof/lsof_4.91.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/lsof/lsof_4.91.bb b/meta/recipes-extended/lsof/lsof_4.91.bb index b3adfd57af..7c85bf23fc 100644 --- a/meta/recipes-extended/lsof/lsof_4.91.bb +++ b/meta/recipes-extended/lsof/lsof_4.91.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Lsof is a Unix-specific diagnostic tool. \ Its name stands for LiSt Open Files, and it does just that." HOMEPAGE = "http://people.freebsd.org/~abe/" SECTION = "devel" -LICENSE = "BSD" +LICENSE = "Spencer-94" LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429ba3b39dbb9f205172a" # Upstream lsof releases are hosted on an ftp server which times out download -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 13/20] tzdata: Remove BSD License specifier 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (11 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 12/20] lsof: correct LICENSE Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 14/20] e2fsprogs: Use specific BSD license variant Steve Sakoman ` (6 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> The code in question is licensed under the BSD-3-Clause license, so including the generic "BSD" license is unnecessary. (From OE-Core rev: c39fc075ce3fd5b53c2a2fccb43500ee0a12f39d) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/timezone/timezone.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index e9eb249afe..43d14d7f12 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -3,7 +3,7 @@ DESCRIPTION = "The Time Zone Database contains code and data that represent \ the history of local time for many representative locations around the globe." HOMEPAGE = "http://www.iana.org/time-zones" SECTION = "base" -LICENSE = "PD & BSD & BSD-3-Clause" +LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" PV = "2021e" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 14/20] e2fsprogs: Use specific BSD license variant 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (12 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 13/20] tzdata: Remove BSD License specifier Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 15/20] glib-2.0: " Steve Sakoman ` (5 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 966fb77981e4fed0ab7998439940b1e05dd0ee43) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc index 45fb9720ee..57e4665a34 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc @@ -3,7 +3,7 @@ DESCRIPTION = "The Ext2 Filesystem Utilities (e2fsprogs) contain all of the stan fixing, configuring , and debugging ext2 filesystems." HOMEPAGE = "http://e2fsprogs.sourceforge.net/" -LICENSE = "GPLv2 & LGPLv2 & BSD & MIT" +LICENSE = "GPLv2 & LGPLv2 & BSD-3-Clause & MIT" LICENSE_e2fsprogs-dumpe2fs = "GPLv2" LICENSE_e2fsprogs-e2fsck = "GPLv2" LICENSE_e2fsprogs-mke2fs = "GPLv2" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 15/20] glib-2.0: Use specific BSD license variant 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (13 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 14/20] e2fsprogs: Use specific BSD license variant Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 16/20] shadow: " Steve Sakoman ` (4 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 91cd1ef01a3f3883c04bac67af2672ec60e20fb8) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-core/glib-2.0/glib.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index c3ddf18387..1849a6e05c 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -4,7 +4,7 @@ HOMEPAGE = "https://developer.gnome.org/glib/" # pcre is under BSD; # docs/reference/COPYING is with a 'public domain'-like license! -LICENSE = "LGPLv2.1+ & BSD & PD" +LICENSE = "LGPLv2.1+ & BSD-3-Clause & PD" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ file://glib/glib.h;beginline=4;endline=17;md5=b88abb7f3ad09607e71cb9d530155906 \ file://gmodule/COPYING;md5=4fbd65380cdd255951079008b364516c \ -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 16/20] shadow: Use specific BSD license variant 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (14 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 15/20] glib-2.0: " Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 17/20] shadow-sysroot: sync license with shadow Steve Sakoman ` (3 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 65e3b23e1b266653fd30c90222e953f7e37fba0c) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/shadow/shadow.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 7061dc7505..bfe50c18f6 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" DESCRIPTION = "${SUMMARY}" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 17/20] shadow-sysroot: sync license with shadow 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (15 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 16/20] shadow: " Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 18/20] libcap: Use specific BSD license variant Steve Sakoman ` (2 subsequent siblings) 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Ross Burton <ross@burtonini.com> This recipe is just a single data file from shadow, but as we can't easily tell what license that specific file is under just copy the full license statement. (From OE-Core rev: f0e2f3b1f855ea6e184bd1d8d796279fedcbfa33) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index 5f7ea00bf1..4e68f826c6 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -2,7 +2,7 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" DEPENDS = "base-passwd" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 18/20] libcap: Use specific BSD license variant 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (16 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 17/20] shadow-sysroot: sync license with shadow Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 20/20] libusb1: correct SRC_URI Steve Sakoman 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-support/libcap/libcap_2.32.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/libcap/libcap_2.32.bb b/meta/recipes-support/libcap/libcap_2.32.bb index 325fa87a1b..d67babb5e9 100644 --- a/meta/recipes-support/libcap/libcap_2.32.bb +++ b/meta/recipes-support/libcap/libcap_2.32.bb @@ -4,7 +4,7 @@ These allow giving various kinds of specific privileges to individual \ users, without giving them full root permissions." HOMEPAGE = "http://sites.google.com/site/fullycapable/" # no specific GPL version required -LICENSE = "BSD | GPLv2" +LICENSE = "BSD-3-Clause | GPLv2" LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1" DEPENDS = "hostperl-runtime-native gperf-native" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (17 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 18/20] libcap: Use specific BSD license variant Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 20/20] libusb1: correct SRC_URI Steve Sakoman 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Rudolf J Streif <rudolf.streif@ibeeto.com> The Country Local Matrix (CLM) blob brcmfmac4373-sdio.clm_blob was not included with the files for the linux-firmware-bcm4373 package but instead packaged with linux-firmware. Signed-off-by: Rudolf J Streif <rudolf.streif@ibeeto.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 18ba64d4a12e7275381cf34fe72b757accbb1544) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb index 92b6ff5157..07389f6982 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb @@ -751,6 +751,7 @@ FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pc FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ " LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 20/20] libusb1: correct SRC_URI 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman ` (18 preceding siblings ...) 2022-02-03 19:50 ` [OE-core][dunfell 19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Steve Sakoman @ 2022-02-03 19:50 ` Steve Sakoman 19 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2022-02-03 19:50 UTC (permalink / raw) To: openembedded-core From: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-support/libusb/libusb1_1.0.22.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/libusb/libusb1_1.0.22.bb b/meta/recipes-support/libusb/libusb1_1.0.22.bb index a4fe4de2cb..ffa8f0320c 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.22.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.22.bb @@ -1,7 +1,7 @@ SUMMARY = "Userspace library to access USB (version 1.0)" DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "http://libusb.sf.net" +HOMEPAGE = "https://libusb.info" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ +SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ file://no-dll.patch \ file://run-ptest \ " -- 2.25.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 00/20] Patch review
@ 2022-02-21 14:13 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2022-02-21 14:13 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3253
The following changes since commit 88c0290520c9e4982d25c20e783bd91eec016b52:
libusb1: correct SRC_URI (2022-02-07 04:40:13 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
ruby: correctly set native/target dependencies
Bruce Ashfield (3):
linux-yocto/5.4: update to v5.4.173
linux-yocto/5.4: update to v5.4.176
linux-yocto/5.4: update to v5.4.178
Christian Eggers (1):
sdk: fix search for dynamic loader
Florian Amstutz (1):
devtool: deploy-target: Remove stripped binaries in pseudo context
Martin Beeger (1):
cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file
Purushottam Choudhary (1):
freetype: add missing CVE tag CVE-2020-15999
Richard Purdie (1):
default-distrovars.inc: Switch connectivity check to a
yoctoproject.org page
Ross Burton (1):
lighttpd: backport a fix for CVE-2022-22707
Saul Wold (1):
recipetool: Fix circular reference in SRC_URI
Stefan Herbrechtsmeier (1):
cve-check: create directory of CVE_CHECK_MANIFEST before copy
Steve Sakoman (5):
expat: fix CVE-2022-23990
connman: fix CVE-2022-23096-7
connman: fix CVE-2022-23098
connman: fix CVE-2021-33833
wpa-supplicant: fix CVE-2022-23303-4
Sundeep KOKKONDA (1):
binutils: Fix CVE-2021-45078
bkylerussell@gmail.com (1):
rpm: fix intermittent compression failure in do_package_write_rpm
wangmy (1):
linux-firmware: upgrade 20211216 -> 20220209
meta/classes/cve-check.bbclass | 1 +
meta/classes/sanity.bbclass | 2 +-
.../distro/include/default-distrovars.inc | 2 +-
meta/files/toolchain-shar-relocate.sh | 2 +-
.../connman/connman/CVE-2021-33833.patch | 72 +++
.../connman/connman/CVE-2022-23096-7.patch | 121 ++++
.../connman/connman/CVE-2022-23098.patch | 50 ++
.../connman/connman_1.37.bb | 3 +
.../wpa-supplicant/CVE-2022-23303-4.patch | 609 ++++++++++++++++++
.../wpa-supplicant/wpa-supplicant_2.9.bb | 1 +
.../expat/expat/CVE-2022-23990.patch | 49 ++
meta/recipes-core/expat/expat_2.2.9.bb | 1 +
.../binutils/binutils-2.34.inc | 1 +
.../binutils/0001-CVE-2021-45078.patch | 257 ++++++++
.../cmake/cmake/OEToolchainConfig.cmake | 1 -
..._internal-mode-parsing-when-Tn-is-us.patch | 34 +
meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 1 +
meta/recipes-devtools/ruby/ruby.inc | 4 +-
...ix-out-of-bounds-OOB-write-fixes-313.patch | 100 +++
.../lighttpd/lighttpd_1.4.55.bb | 1 +
...-sfnt-Fix-heap-buffer-overflow-59308.patch | 3 +
...20211216.bb => linux-firmware_20220209.bb} | 4 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
scripts/lib/devtool/deploy.py | 2 +-
scripts/lib/recipetool/create.py | 2 +-
27 files changed, 1331 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23990.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch
create mode 100644 meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211216.bb => linux-firmware_20220209.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 25+ messages in thread* [OE-core][dunfell 00/20] Patch review
@ 2020-11-06 14:35 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-11-06 14:35 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Tuesday.
Passed a-full on autobuilder with exception of known intermittent failure on
oe-selftest-centos (Unable to start bitbake server)
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1547
Passed on susequent oe-selftest-centos build:
https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/1532
The following changes since commit 5f644082fc3c2bbd89b898d5ca7cd4414cda4a64:
nasm: update 2.14.02 -> 2.15.03 for CVE fixes (2020-11-02 04:05:13 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrey Zhizhikin (1):
insane: add GitLab /archive/ tests
Changqing Li (1):
timezone: upgrade to 2020d
Chee Yang Lee (1):
bluez5: update to 5.55 to fix CVE-2020-27153
Joshua Watt (1):
jquery: Upgrade 3.4.1 -> 3.5.0 to fix CVE-2020-11022 and
CVE-2020-11023
Mark Jonas (4):
Add license text for PSF-2.0
Map license names PSF and PSFv2 to PSF-2.0
libsdl2: Fix directfb syntax error
libsdl2: Fix directfb SDL_RenderFillRect
Martin Jansa (3):
lib/oe/patch: prevent applying patches without any subject
lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
Revert "lib/oe/patch: fix handling of patches with no header"
Richard Leitner (1):
xcb-proto: backport fix for python gcd function
Richard Purdie (1):
sstatesig: Log timestamps for hashequiv in reprodubile builds for
do_package
Steve Sakoman (5):
sqlite3: fix CVE-2020-13434
sqlite3: fix CVE-2020-13435
sqlite3: fix CVE-2020-13630
sqlite3: fix CVE-2020-13631
sqlite3: fix CVE-2020-13632
Yann E. MORIN (2):
common-licenses: add bzip2-1.0.4
recipes-core/busybox: fixup licensing information
meta/classes/insane.bbclass | 4 +-
meta/conf/licenses.conf | 6 +-
meta/files/common-licenses/PSF-2.0 | 49 ++++
meta/files/common-licenses/bzip2-1.0.4 | 43 ++++
meta/lib/oe/patch.py | 13 +-
meta/lib/oe/sstatesig.py | 6 +
.../bluez5/{bluez5_5.54.bb => bluez5_5.55.bb} | 4 +-
meta/recipes-core/busybox/busybox.inc | 7 +-
.../{jquery_3.4.1.bb => jquery_3.5.0.bb} | 8 +-
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../libsdl2/directfb-renderfillrect-fix.patch | 33 +++
...ectfb-spurious-curly-brace-missing-e.patch | 49 ++++
.../libsdl2/libsdl2_2.0.12.bb | 2 +
...1-xcbgen-use-math-gcd-for-python-3-5.patch | 40 ++++
.../xorg-proto/xcb-proto_1.13.bb | 3 +-
.../sqlite/files/CVE-2020-13434.patch | 48 ++++
.../sqlite/files/CVE-2020-13435.patch | 219 ++++++++++++++++++
.../sqlite/files/CVE-2020-13630.patch | 32 +++
.../sqlite/files/CVE-2020-13631.patch | 99 ++++++++
.../sqlite/files/CVE-2020-13632.patch | 34 +++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 5 +
21 files changed, 684 insertions(+), 26 deletions(-)
create mode 100644 meta/files/common-licenses/PSF-2.0
create mode 100644 meta/files/common-licenses/bzip2-1.0.4
rename meta/recipes-connectivity/bluez5/{bluez5_5.54.bb => bluez5_5.55.bb} (91%)
rename meta/recipes-devtools/jquery/{jquery_3.4.1.bb => jquery_3.5.0.bb} (73%)
create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
create mode 100644 meta/recipes-graphics/xorg-proto/xcb-proto/0001-xcbgen-use-math-gcd-for-python-3-5.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13434.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13435.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13630.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13631.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-13632.patch
--
2.17.1
^ permalink raw reply [flat|nested] 25+ messages in thread* [OE-core][dunfell 00/20] Patch review @ 2020-07-17 14:37 Steve Sakoman 0 siblings, 0 replies; 25+ messages in thread From: Steve Sakoman @ 2020-07-17 14:37 UTC (permalink / raw) To: openembedded-core Please review this next set of patches for dunfell and have comments back by end of day Tuesday. Passed a-full build on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1179 The following changes since commit c2ad3af9da9bb3a98c1d5d1b3d21eb8db643c189: coreutils: don't split stdbuf to own package with single-binary (2020-07-13 17:14:28 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Alexander Kanavin (1): babeltrace: correct the git SRC_URI Charlie Davies (1): u-boot: fix condition to allow use of *.cfg Christian Eggers (1): avahi: Fix typo in recipe Douglas (2): nativesdk: clear MACHINE_FEATURES nativesdk: Set the CXXFLAGS to the BUILDSDK_CXXFLAGS Jens Rehsack (2): subversion: extend for nativesdk serf: extend for nativesdk Khem Raj (2): go: Disbale CGO for riscv64 go-dep: Fix build on riscv64 Konrad Weihmann (1): ptest: append to FILES Lee Chee Yang (1): bison: fix Argument list too long error Richard Purdie (4): oeqa/selftest/sstatetests: Avoid polluting DL_DIR qemurunner: Ensure pid location is deterministic qemurunner: Add extra debug info when qemu fails to start oeqa/utils/qemurunner: Fix missing pid file tracebacks Ross Burton (1): insane: consolidate skipping of temporary do_package files Tim Orling (2): lib/oe/recipeutils.py: add AUTHOR; BBCLASSEXTEND scripts/lib/recipetool/create.py: fix regex strings Yongxin Liu (2): linux-firmware: fix the wrong file path for ibt-misc linux-firmware: move ibt-misc to the end of ibt packages meta/classes/insane.bbclass | 13 +- meta/classes/nativesdk.bbclass | 3 +- meta/classes/ptest.bbclass | 2 +- meta/lib/oe/recipeutils.py | 2 +- meta/lib/oeqa/selftest/cases/sstatetests.py | 5 +- meta/lib/oeqa/utils/qemurunner.py | 15 +- meta/recipes-bsp/u-boot/u-boot.inc | 2 +- meta/recipes-connectivity/avahi/avahi_0.7.bb | 2 +- meta/recipes-devtools/bison/bison_3.5.3.bb | 2 +- .../0001-Update-sys-module-to-latest.patch | 145574 +++++++++++++++ meta/recipes-devtools/go/go-dep_0.5.4.bb | 1 + meta/recipes-devtools/go/go-runtime_1.14.bb | 1 + meta/recipes-devtools/go/go_1.14.bb | 2 +- .../subversion/subversion_1.13.0.bb | 2 +- .../linux-firmware/linux-firmware_20200619.bb | 5 +- .../recipes-kernel/lttng/babeltrace2_2.0.2.bb | 2 +- meta/recipes-kernel/lttng/babeltrace_1.5.8.bb | 2 +- meta/recipes-support/serf/serf_1.3.9.bb | 2 +- scripts/lib/recipetool/create.py | 10 +- 19 files changed, 145621 insertions(+), 26 deletions(-) create mode 100644 meta/recipes-devtools/go/go-dep/0001-Update-sys-module-to-latest.patch -- 2.17.1 ^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2022-02-21 14:14 UTC | newest] Thread overview: 25+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-02-03 19:50 [OE-core][dunfell 00/20] Patch review Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Steve Sakoman 2022-02-05 0:06 ` Ranjitsinh Rathod 2022-02-03 19:50 ` [OE-core][dunfell 02/20] systemd: Fix CVE-2021-3997 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 03/20] grub: add a fix for CVE-2020-25632 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 04/20] grub: add a fix for CVE-2020-25647 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 05/20] ghostscript: fix CVE-2021-45949 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 06/20] expat: fix CVE-2022-23852 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 10/20] sstate: A third fix for for touching files inside pseudo Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 11/20] common-licenses: add Spencer-94 Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 12/20] lsof: correct LICENSE Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 13/20] tzdata: Remove BSD License specifier Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 14/20] e2fsprogs: Use specific BSD license variant Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 15/20] glib-2.0: " Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 16/20] shadow: " Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 17/20] shadow-sysroot: sync license with shadow Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 18/20] libcap: Use specific BSD license variant Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Steve Sakoman 2022-02-03 19:50 ` [OE-core][dunfell 20/20] libusb1: correct SRC_URI Steve Sakoman -- strict thread matches above, loose matches on Subject: below -- 2022-02-21 14:13 [OE-core][dunfell 00/20] Patch review Steve Sakoman 2020-11-06 14:35 Steve Sakoman 2020-07-17 14:37 Steve Sakoman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox