[OE-core][dunfell 0/8] Patch review

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Clean a-full build on autobuilder (oe-selftest-fedora not run due to no
available fedora builders over the weekend):

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/941

The following changes since commit 12f0cbf348d5acb0a7913bb5dc98e7fccc5ec34f:

  icu: CVE-2020-10531 (2020-05-04 05:34:18 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Benjamin Fair (1):
  util-linux: fix build error in kill

Bruce Ashfield (3):
  linux-yocto/5.4: update to v5.4.28
  linux-yocto/5.4: update to v5.4.32
  linux-yocto/5.4: update to v5.4.34

Khem Raj (1):
  musl: Remove spurious unused patch

Pierre-Jean Texier (1):
  timezone: upgrade 2019c -> 2020a

Sakib Sajal (1):
  sqlite: backport CVE fixes

Vyacheslav Yurkov (1):
  os-release: sanitize required fields

 ...move-using-.end-directive-with-clang.patch | 36 ----------
 meta/recipes-core/os-release/os-release.bb    | 14 ++--
 .../0001-include-cleanup-pidfd-inckudes.patch | 42 +++++++++++
 ...-types.h-before-checking-SYS_pidfd_s.patch | 64 +++++++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |  2 +
 meta/recipes-extended/timezone/timezone.inc   | 10 +--
 .../linux/linux-yocto-rt_5.4.bb               |  6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +--
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++---
 .../sqlite/files/CVE-2020-11655.patch         | 32 +++++++++
 .../sqlite/files/CVE-2020-11656.patch         | 70 +++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  2 +
 12 files changed, 244 insertions(+), 64 deletions(-)
 delete mode 100644 meta/recipes-core/musl/0001-Remove-using-.end-directive-with-clang.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/0001-include-cleanup-pidfd-inckudes.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-11655.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-11656.patch

-- 
2.17.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Passed a-full build on the autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1029

The following changes since commit e2658a7d73b6f21939e644e533718cd05b288766:

  qemuarm: check serial consoles vs /proc/consoles (2020-06-01 07:02:44 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (8):
  linux-yocto/5.4: update to v5.4.38
  linux-yocto/5.4: update to v5.4.40
  kernel/reproducibility: kernel modules need SOURCE_DATE_EPOCH export
  linux-yocto/5.4: update to v5.4.42
  linux-yocto-rt/5.4: update to rt24
  linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
  linux-yocto: gather reproducibility configs into a fragment
  linux-yocto/5.4: update to v5.4.43

 meta/classes/kernel.bbclass                   | 15 +++++++++++++
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 4 files changed, 33 insertions(+), 18 deletions(-)

-- 
2.17.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1478

The following changes since commit 656d2070f8448681cb69a3d43dbae84a681c1a75:

  linux-yocto/5.4: update to v5.4.69 (2020-10-07 13:41:09 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Armin Kuster (1):
  timezone: update to 2020b

Naoki Hayama (1):
  uninative: Fix typo in error message

Richard Purdie (2):
  scripts/oe-build-perf-report: Allow operation with no buildstats
  oe-build-perf-report: Ensure correct data is shown for multiple branch
    options

Steve Sakoman (1):
  Revert "package: get_package_mapping: avoid dependency mapping if
    renamed package provides original name"

Victor Kamensky (2):
  qemu: add 34Kf-64tlb fictitious cpu type
  qemumips: use 34Kf-64tlb CPU emulation

Yoann Congal (1):
  bitbake-bblayers/create: Make the example recipe print its message

 meta/classes/package.bbclass                  |  16 +--
 meta/classes/uninative.bbclass                |   2 +-
 meta/conf/machine/qemumips.conf               |   2 +-
 meta/lib/bblayers/templates/example.bb        |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...tlb-fictitious-cpu-type-like-34Kf-bu.patch | 118 ++++++++++++++++++
 meta/recipes-extended/timezone/timezone.inc   |   8 +-
 meta/recipes-extended/timezone/tzdata.bb      |   8 +-
 scripts/oe-build-perf-report                  |   6 +-
 9 files changed, 137 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/0001-mips-add-34Kf-64tlb-fictitious-cpu-type-like-34Kf-bu.patch

-- 
2.17.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1700

The following changes since commit 02870c7fbaaa1c3869ecb439f5c58fcf40a533be:

  binutils: fix CVE-2020-16592/16598 (2020-12-14 05:58:27 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (2):
  selftest/reproducible: enable world reproducibility test
  selftest/reproducible: add an exclusion list for items that are not
    yet reproducible

Richard Purdie (5):
  grub: Fix build reproducibility issue
  grub: Add second fix for determinism issue
  u-boot-tools: Fix reproducibility issue
  groff: Fix reproducibility issue
  man-db: Avoid reproducibility failures after fixing groff-native

Steve Sakoman (1):
  selftest/reproducible: add packages to exclusion list for dunfell

 meta/lib/oeqa/selftest/cases/reproducible.py  | 96 ++++++++++++++++++-
 meta/recipes-bsp/grub/files/determinism.patch | 40 ++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 meta/recipes-bsp/u-boot/u-boot-tools.inc      | 15 +++
 meta/recipes-extended/groff/groff_1.22.4.bb   |  2 +-
 meta/recipes-extended/man-db/man-db_2.9.0.bb  |  5 +
 6 files changed, 154 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/determinism.patch

-- 
2.17.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3472

The following changes since commit aa2bb4f62dd7e5c6fdf220264c3d62fbf2cc7d16:

  xserver-xorg: update to 1.20.14 (2022-03-29 11:43:54 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Davide Gardenal (1):
  go: backport patch fix for CVE-2021-38297

Martin Jansa (1):
  boost: fix native build with glibc-2.34

Oleksandr Kravchuk (1):
  tzdata: update to 2022a

Peter Kjellerstedt (1):
  python3-jinja2: Correct HOMEPAGE

Ralph Siemsen (2):
  bluez5: fix CVE-2022-0204
  bind: update to 9.11.37

Richard Purdie (1):
  mirrors: Add missing gitsm entries for yocto/oe mirrors

Ross Burton (1):
  grub: ignore CVE-2021-46705

 meta/classes/mirrors.bbclass                  |  2 +
 meta/recipes-bsp/grub/grub2.inc               |  2 +
 .../bind/{bind_9.11.36.bb => bind_9.11.37.bb} |  4 +-
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2022-0204.patch         | 66 +++++++++++++
 meta/recipes-devtools/go/go-1.14.inc          |  4 +
 .../go/go-1.14/CVE-2021-38297.patch           | 97 +++++++++++++++++++
 .../python/python3-jinja2_2.11.3.bb           |  2 +-
 meta/recipes-extended/timezone/timezone.inc   |  6 +-
 ...e-warning-with-glibc-2.34-on-Linux-p.patch | 32 ++++++
 ...-elide-a-warning-that-caused-Solaris.patch | 24 +++++
 meta/recipes-support/boost/boost_1.72.0.bb    |  2 +
 12 files changed, 236 insertions(+), 6 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.11.36.bb => bind_9.11.37.bb} (97%)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
 create mode 100644 meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch
 create mode 100644 meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch

-- 
2.25.1

[OE-core][dunfell 1/8] grub: ignore CVE-2021-46705

[Steve Sakoman]

From: Ross Burton <ross@burtonini.com>

This is specific to SUSE Linux.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 594baef3b08d40fbbf1899f4cadeb9931c035c1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 75ef31f249..0d3f6d05da 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -15,6 +15,8 @@ CVE_PRODUCT = "grub2"
 
 # Applies only to RHEL
 CVE_CHECK_WHITELIST += "CVE-2019-14865"
+# Applies only to SUSE
+CVE_CHECK_WHITELIST += "CVE-2021-46705"
 
 SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
-- 
2.25.1

[OE-core][dunfell 2/8] go: backport patch fix for CVE-2021-38297

[Steve Sakoman]

From: Davide Gardenal <davidegarde2000@gmail.com>

Patch taken from
https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
from the following issue
https://github.com/golang/go/issues/48797

Original repo
https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc          |  4 +
 .../go/go-1.14/CVE-2021-38297.patch           | 97 +++++++++++++++++++
 2 files changed, 101 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 9b3c3b30a8..f98757d10d 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -19,9 +19,13 @@ SRC_URI += "\
     file://CVE-2021-34558.patch \
     file://CVE-2021-33196.patch \
     file://CVE-2021-33197.patch \
+    file://CVE-2021-38297.patch \
     file://CVE-2022-23806.patch \
     file://CVE-2022-23772.patch \
 "
+
+# file://CVE-2021-38297.patch
+
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
 
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
new file mode 100644
index 0000000000..24ceabf808
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
@@ -0,0 +1,97 @@
+From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001
+From: Michael Knyszek <mknyszek@google.com>
+Date: Thu, 2 Sep 2021 16:51:59 -0400
+Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let
+ command line args overwrite global data
+
+On Wasm, wasm_exec.js puts command line arguments at the beginning
+of the linear memory (following the "zero page"). Currently there
+is no limit for this, and a very long command line can overwrite
+the program's data section. Prevent this by limiting the command
+line to 4096 bytes, and in the linker ensuring the data section
+starts at a high enough address (8192).
+
+(Arguably our address assignment on Wasm is a bit confusing. This
+is the minimum fix I can come up with.)
+
+Thanks to Ben Lubar for reporting this issue.
+
+Change by Cherry Mui <cherryyz@google.com>.
+
+For #48797
+Fixes #48799
+Fixes CVE-2021-38297
+
+Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Than McIntosh <thanm@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
+Trust: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Heschi Kreinick <heschi@google.com>
+
+CVE: CVE-2021-38297
+
+Upstream-Status: Backport:
+https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
+
+Inline of ctxt.isWAsm followin this implemetation:
+https://github.com/golang/go/blob/4548fcc8dfd933c237f29bba6f90040a85922564/src/cmd/link/internal/ld/target.go#L127
+
+Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
+---
+ misc/wasm/wasm_exec.js           |  7 +++++++
+ src/cmd/link/internal/ld/data.go | 11 ++++++++++-
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js
+index 82041e6bb901..a0a264278b1b 100644
+--- a/misc/wasm/wasm_exec.js
++++ b/misc/wasm/wasm_exec.js
+@@ -564,6 +564,13 @@
+ 				offset += 8;
+ 			});
+ 
++			// The linker guarantees global data starts from at least wasmMinDataAddr.
++			// Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr.
++			const wasmMinDataAddr = 4096 + 4096;
++			if (offset >= wasmMinDataAddr) {
++				throw new Error("command line too long");
++			}
++
+ 			this._inst.exports.run(argc, argv);
+ 			if (this.exited) {
+ 				this._resolveExitPromise();
+diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go
+index 52035e96301c..54a1d188cdb9 100644
+--- a/src/cmd/link/internal/ld/data.go
++++ b/src/cmd/link/internal/ld/data.go
+@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64
+ 	return sect, n, va
+ }
+ 
++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js
++// to store command line args. Data sections starts from at least address 8192.
++// Keep in sync with wasm_exec.js.
++const wasmMinDataAddr = 4096 + 4096
++
+ // address assigns virtual addresses to all segments and sections and
+ // returns all segments in file order.
+ func (ctxt *Link) address() []*sym.Segment {
+@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment {
+ 	order = append(order, &Segtext)
+ 	Segtext.Rwx = 05
+ 	Segtext.Vaddr = va
+-	for _, s := range Segtext.Sections {
++	for i, s := range Segtext.Sections {
+ 		va = uint64(Rnd(int64(va), int64(s.Align)))
+ 		s.Vaddr = va
+ 		va += s.Length
++
++		if ctxt.Arch.Family == sys.Wasm && i == 0 && va < wasmMinDataAddr {
++			va = wasmMinDataAddr
++		}
+ 	}
+ 
+ 	Segtext.Length = va - uint64(*FlagTextAddr)
+ 
\ No newline at end of file
-- 
2.25.1

[OE-core][dunfell 3/8] bluez5: fix CVE-2022-0204

[Steve Sakoman]

From: Ralph Siemsen <ralph.siemsen@linaro.org>

Fix heap overflow when appending prepare writes

The code shall check if the prepare writes would append more the
allowed maximum attribute length.

Upstream-Status: Backport [https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0]
CVE: CVE-2022-0204

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2022-0204.patch         | 66 +++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 7cf061dcf6..4d4348898a 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,6 +55,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            file://CVE-2021-0129.patch \
            file://CVE-2021-3588.patch \
           file://CVE-2021-3658.patch \
+           file://CVE-2022-0204.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch
new file mode 100644
index 0000000000..646b5ddfc8
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2022-0204.patch
@@ -0,0 +1,66 @@
+From 0d328fdf6564b67fc2ec3533e3da201ebabcc9e3 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 8 Jun 2021 16:46:49 -0700
+Subject: [PATCH] shared/gatt-server: Fix heap overflow when appending prepare
+ writes
+
+The code shall check if the prepare writes would append more the
+allowed maximum attribute length.
+
+Fixes https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
+
+Upstream-Status: Backport [https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0]
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+CVE: CVE-2022-0204
+
+---
+ src/shared/gatt-server.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
+index 0c25a97..20e14bc 100644
+--- a/src/shared/gatt-server.c
++++ b/src/shared/gatt-server.c
+@@ -816,6 +816,20 @@ static uint8_t authorize_req(struct bt_gatt_server *server,
+ 						server->authorize_data);
+ }
+ 
++static uint8_t check_length(uint16_t length, uint16_t offset)
++{
++	if (length > BT_ATT_MAX_VALUE_LEN)
++		return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
++
++	if (offset > BT_ATT_MAX_VALUE_LEN)
++		return BT_ATT_ERROR_INVALID_OFFSET;
++
++	if (length + offset > BT_ATT_MAX_VALUE_LEN)
++		return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
++
++	return 0;
++}
++
+ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
+ 					uint16_t length, void *user_data)
+ {
+@@ -846,6 +860,10 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
+ 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
+ 				handle);
+ 
++	ecode = check_length(length, 0);
++	if (ecode)
++		goto error;
++
+ 	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ 	if (ecode)
+ 		goto error;
+@@ -1353,6 +1371,10 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
+ 	util_debug(server->debug_callback, server->debug_data,
+ 				"Prep Write Req - handle: 0x%04x", handle);
+ 
++	ecode = check_length(length, offset);
++	if (ecode)
++		goto error;
++
+ 	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ 	if (ecode)
+ 		goto error;
-- 
2.25.1

[OE-core][dunfell 4/8] bind: update to 9.11.37

[Steve Sakoman]

From: Ralph Siemsen <ralph.siemsen@linaro.org>

Security Fixes

The rules for acceptance of records into the cache have been tightened
to prevent the possibility of poisoning if forwarders send records
outside the configured bailiwick. (CVE-2021-25220)

License-Update: copyright years

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../bind/{bind_9.11.36.bb => bind_9.11.37.bb}                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.11.36.bb => bind_9.11.37.bb} (97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.11.36.bb b/meta/recipes-connectivity/bind/bind_9.11.37.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.11.36.bb
rename to meta/recipes-connectivity/bind/bind_9.11.37.bb
index 872baf6d2f..afc8cf0b3b 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.36.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.37.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
 SECTION = "console/network"
 
 LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89a97ebbf713f7125fe5c02223d3ae95"
 
 DEPENDS = "openssl libcap zlib"
 
@@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681"
+SRC_URI[sha256sum] = "0d8efbe7ec166ada90e46add4267b7e7c934790cba9bd5af6b8380a4fbfb5aff"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
-- 
2.25.1

[OE-core][dunfell 5/8] mirrors: Add missing gitsm entries for yocto/oe mirrors

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The missing gitsm:// mappings looks like an oversight, add them.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6600b9fca7888fb41647cd000b9efb7f0762dfde)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/mirrors.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass
index a36236df9f..669d0cc8ff 100644
--- a/meta/classes/mirrors.bbclass
+++ b/meta/classes/mirrors.bbclass
@@ -42,6 +42,7 @@ ftp://sourceware.org/pub http://ftp.gwdg.de/pub/linux/sources.redhat.com/sourcew
 cvs://.*/.*     http://downloads.yoctoproject.org/mirror/sources/ \n \
 svn://.*/.*     http://downloads.yoctoproject.org/mirror/sources/ \n \
 git://.*/.*     http://downloads.yoctoproject.org/mirror/sources/ \n \
+gitsm://.*/.*     http://downloads.yoctoproject.org/mirror/sources/ \n \
 hg://.*/.*      http://downloads.yoctoproject.org/mirror/sources/ \n \
 bzr://.*/.*     http://downloads.yoctoproject.org/mirror/sources/ \n \
 p4://.*/.*      http://downloads.yoctoproject.org/mirror/sources/ \n \
@@ -52,6 +53,7 @@ npm://.*/?.*    http://downloads.yoctoproject.org/mirror/sources/ \n \
 cvs://.*/.*     http://sources.openembedded.org/ \n \
 svn://.*/.*     http://sources.openembedded.org/ \n \
 git://.*/.*     http://sources.openembedded.org/ \n \
+gitsm://.*/.*     http://sources.openembedded.org/ \n \
 hg://.*/.*      http://sources.openembedded.org/ \n \
 bzr://.*/.*     http://sources.openembedded.org/ \n \
 p4://.*/.*      http://sources.openembedded.org/ \n \
-- 
2.25.1

[OE-core][dunfell 6/8] boost: fix native build with glibc-2.34

[Steve Sakoman]

From: Martin Jansa <Martin.Jansa@gmail.com>

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...e-warning-with-glibc-2.34-on-Linux-p.patch | 32 +++++++++++++++++++
 ...-elide-a-warning-that-caused-Solaris.patch | 24 ++++++++++++++
 meta/recipes-support/boost/boost_1.72.0.bb    |  2 ++
 3 files changed, 58 insertions(+)
 create mode 100644 meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch
 create mode 100644 meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch

diff --git a/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch b/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch
new file mode 100644
index 0000000000..46c706931b
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch
@@ -0,0 +1,32 @@
+From f9d0e594d43afcb4ab0043117249feb266ba4515 Mon Sep 17 00:00:00 2001
+From: Romain Geissler <romain.geissler@amadeus.com>
+Date: Tue, 10 Aug 2021 14:22:28 +0000
+Subject: [PATCH] Fix -Wsign-compare warning with glibc 2.34 on Linux
+ platforms.
+
+In file included from /data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/thread_only.hpp:17,
+                 from /data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/thread.hpp:12,
+                 from src/GetTest.cpp:12:
+/data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/pthread/thread_data.hpp: In member function 'void boost::thread_attributes::set_stack_size(std::size_t)':
+/data/mwrep/res/osp/Boost/21-0-0-0/include/boost/thread/pthread/thread_data.hpp:61:19: error: comparison of integer expressions of different signedness: 'std::size_t' {aka 'long unsigned int'} and 'long int' [-Werror=sign-compare]
+   61 |           if (size<PTHREAD_STACK_MIN) size=PTHREAD_STACK_MIN;
+      |                   ^
+
+Upstream-Status: Backport [1.78.0 https://github.com/boostorg/thread/commit/f9d0e594d43afcb4ab0043117249feb266ba4515]
+---
+ boost/thread/pthread/thread_data.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/boost/thread/pthread/thread_data.hpp b/boost/thread/pthread/thread_data.hpp
+index bc9b1367..c43b276d 100644
+--- a/boost/thread/pthread/thread_data.hpp
++++ b/boost/thread/pthread/thread_data.hpp
+@@ -58,7 +58,7 @@ namespace boost
+           std::size_t page_size = ::sysconf( _SC_PAGESIZE);
+ #endif
+ #ifdef PTHREAD_STACK_MIN
+-          if (size<PTHREAD_STACK_MIN) size=PTHREAD_STACK_MIN;
++          if (size<static_cast<std::size_t>(PTHREAD_STACK_MIN)) size=PTHREAD_STACK_MIN;
+ #endif
+           size = ((size+page_size-1)/page_size)*page_size;
+           int res = pthread_attr_setstacksize(&val_, size);
diff --git a/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch b/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch
new file mode 100644
index 0000000000..3784cf9165
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch
@@ -0,0 +1,24 @@
+From 74fb0a26099bc51d717f5f154b37231ce7df3e98 Mon Sep 17 00:00:00 2001
+From: Rob Boehne <robb@datalogics.com>
+Date: Wed, 20 Nov 2019 11:25:20 -0600
+Subject: [PATCH] Revert change to elide a warning that caused Solaris builds
+ to fail.
+
+Upstream-Status: Backport [1.73.0 https://github.com/boostorg/thread/commit/74fb0a26099bc51d717f5f154b37231ce7df3e98]
+---
+ boost/thread/pthread/thread_data.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/boost/thread/pthread/thread_data.hpp b/boost/thread/pthread/thread_data.hpp
+index aefbeb43..bc9b1367 100644
+--- a/boost/thread/pthread/thread_data.hpp
++++ b/boost/thread/pthread/thread_data.hpp
+@@ -57,7 +57,7 @@ namespace boost
+ #else
+           std::size_t page_size = ::sysconf( _SC_PAGESIZE);
+ #endif
+-#if PTHREAD_STACK_MIN > 0
++#ifdef PTHREAD_STACK_MIN
+           if (size<PTHREAD_STACK_MIN) size=PTHREAD_STACK_MIN;
+ #endif
+           size = ((size+page_size-1)/page_size)*page_size;
diff --git a/meta/recipes-support/boost/boost_1.72.0.bb b/meta/recipes-support/boost/boost_1.72.0.bb
index df1cc16937..b3ec11933c 100644
--- a/meta/recipes-support/boost/boost_1.72.0.bb
+++ b/meta/recipes-support/boost/boost_1.72.0.bb
@@ -9,4 +9,6 @@ SRC_URI += " \
            file://0001-dont-setup-compiler-flags-m32-m64.patch \
            file://0001-revert-cease-dependence-on-range.patch \
            file://0001-added-typedef-executor_type.patch \
+           file://0001-Revert-change-to-elide-a-warning-that-caused-Solaris.patch \
+           file://0001-Fix-Wsign-compare-warning-with-glibc-2.34-on-Linux-p.patch \
            "
-- 
2.25.1

[OE-core][dunfell 7/8] python3-jinja2: Correct HOMEPAGE

[Steve Sakoman]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 261778c1e3665b34c0d4e49bda63b520d5335587)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3-jinja2_2.11.3.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb b/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb
index dbdf563f87..9f054c6024 100644
--- a/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb
@@ -1,5 +1,5 @@
 DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python."
-HOMEPAGE = "https://pypi.org/project/Jinja/"
+HOMEPAGE = "https://pypi.org/project/Jinja2/"
 
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
-- 
2.25.1

[OE-core][dunfell 8/8] tzdata: update to 2022a

[Steve Sakoman]

From: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b280aecd79e95811f8baec6c4479c5752c54d9e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/timezone/timezone.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 43d14d7f12..cdd1a2ac3c 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "PD & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
-PV = "2021e"
+PV = "2022a"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.sha256sum] = "584666393a5424d13d27ec01183da17703273664742e049d4f62f62dab631775"
-SRC_URI[tzdata.sha256sum] = "07ec42b737d0d3c6be9c337f8abb5f00554a0f9cc4fcf01a703d69403b6bb2b1"
+SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7"
+SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664"
 
-- 
2.25.1

Re: [OE-core][dunfell 2/8] go: backport patch fix for CVE-2021-38297

[Ranjitsinh Rathod]

[-- Attachment #1: Type: text/plain, Size: 6650 bytes --]

Hi Steve,

There is one commented out line present. Is that really needed?

Thanks,
Ranjitsinh Rathod

On Mon, 4 Apr, 2022, 8:01 am Steve Sakoman, <steve@sakoman.com> wrote:

> From: Davide Gardenal <davidegarde2000@gmail.com>
>
> Patch taken from
>
> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> from the following issue
> https://github.com/golang/go/issues/48797
>
> Original repo
> https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
>
> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/recipes-devtools/go/go-1.14.inc          |  4 +
>  .../go/go-1.14/CVE-2021-38297.patch           | 97 +++++++++++++++++++
>  2 files changed, 101 insertions(+)
>  create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>
> diff --git a/meta/recipes-devtools/go/go-1.14.inc
> b/meta/recipes-devtools/go/go-1.14.inc
> index 9b3c3b30a8..f98757d10d 100644
> --- a/meta/recipes-devtools/go/go-1.14.inc
> +++ b/meta/recipes-devtools/go/go-1.14.inc
> @@ -19,9 +19,13 @@ SRC_URI += "\
>      file://CVE-2021-34558.patch \
>      file://CVE-2021-33196.patch \
>      file://CVE-2021-33197.patch \
> +    file://CVE-2021-38297.patch \
>      file://CVE-2022-23806.patch \
>      file://CVE-2022-23772.patch \
>  "
> +
> +# file://CVE-2021-38297.patch
> +
>  SRC_URI_append_libc-musl = "
> file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
>  SRC_URI[main.sha256sum] =
> "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
>
> diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> new file mode 100644
> index 0000000000..24ceabf808
> --- /dev/null
> +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> @@ -0,0 +1,97 @@
> +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001
> +From: Michael Knyszek <mknyszek@google.com>
> +Date: Thu, 2 Sep 2021 16:51:59 -0400
> +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let
> + command line args overwrite global data
> +
> +On Wasm, wasm_exec.js puts command line arguments at the beginning
> +of the linear memory (following the "zero page"). Currently there
> +is no limit for this, and a very long command line can overwrite
> +the program's data section. Prevent this by limiting the command
> +line to 4096 bytes, and in the linker ensuring the data section
> +starts at a high enough address (8192).
> +
> +(Arguably our address assignment on Wasm is a bit confusing. This
> +is the minimum fix I can come up with.)
> +
> +Thanks to Ben Lubar for reporting this issue.
> +
> +Change by Cherry Mui <cherryyz@google.com>.
> +
> +For #48797
> +Fixes #48799
> +Fixes CVE-2021-38297
> +
> +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
> +Reviewed-on:
> https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
> +Reviewed-by
> <https://team-review.git.corp.google.com/c/golang/go-private/+/1205933+Reviewed-by>:
> Roland Shoemaker <bracewell@google.com>
> +Reviewed-by: Than McIntosh <thanm@google.com>
> +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
> +Trust: Michael Knyszek <mknyszek@google.com>
> +Reviewed-by: Heschi Kreinick <heschi@google.com>
> +
> +CVE: CVE-2021-38297
> +
> +Upstream-Status: Backport:
> +
> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> +
> +Inline of ctxt.isWAsm followin this implemetation:
> +
> https://github.com/golang/go/blob/4548fcc8dfd933c237f29bba6f90040a85922564/src/cmd/link/internal/ld/target.go#L127
> +
> +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> +---
> + misc/wasm/wasm_exec.js           |  7 +++++++
> + src/cmd/link/internal/ld/data.go | 11 ++++++++++-
> + 2 files changed, 17 insertions(+), 1 deletion(-)
> +
> +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js
> +index 82041e6bb901..a0a264278b1b 100644
> +--- a/misc/wasm/wasm_exec.js
> ++++ b/misc/wasm/wasm_exec.js
> +@@ -564,6 +564,13 @@
> +                               offset += 8;
> +                       });
> +
> ++                      // The linker guarantees global data starts from
> at least wasmMinDataAddr.
> ++                      // Keep in sync with
> cmd/link/internal/ld/data.go:wasmMinDataAddr.
> ++                      const wasmMinDataAddr = 4096 + 4096;
> ++                      if (offset >= wasmMinDataAddr) {
> ++                              throw new Error("command line too long");
> ++                      }
> ++
> +                       this._inst.exports.run(argc, argv);
> +                       if (this.exited) {
> +                               this._resolveExitPromise();
> +diff --git a/src/cmd/link/internal/ld/data.go
> b/src/cmd/link/internal/ld/data.go
> +index 52035e96301c..54a1d188cdb9 100644
> +--- a/src/cmd/link/internal/ld/data.go
> ++++ b/src/cmd/link/internal/ld/data.go
> +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section,
> n int, s loader.Sym, va uint64
> +       return sect, n, va
> + }
> +
> ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for
> wasm_exec.js
> ++// to store command line args. Data sections starts from at least
> address 8192.
> ++// Keep in sync with wasm_exec.js.
> ++const wasmMinDataAddr = 4096 + 4096
> ++
> + // address assigns virtual addresses to all segments and sections and
> + // returns all segments in file order.
> + func (ctxt *Link) address() []*sym.Segment {
> +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment {
> +       order = append(order, &Segtext)
> +       Segtext.Rwx = 05
> +       Segtext.Vaddr = va
> +-      for _, s := range Segtext.Sections {
> ++      for i, s := range Segtext.Sections {
> +               va = uint64(Rnd(int64(va), int64(s.Align)))
> +               s.Vaddr = va
> +               va += s.Length
> ++
> ++              if ctxt.Arch.Family == sys.Wasm && i == 0 && va <
> wasmMinDataAddr {
> ++                      va = wasmMinDataAddr
> ++              }
> +       }
> +
> +       Segtext.Length = va - uint64(*FlagTextAddr)
> +
> \ No newline at end of file
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#163974):
> https://lists.openembedded.org/g/openembedded-core/message/163974
> Mute This Topic: https://lists.openembedded.org/mt/90233348/6360406
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ranjitsinhrathod1991@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 9976 bytes --]

Re: [OE-core][dunfell 2/8] go: backport patch fix for CVE-2021-38297

[Steve Sakoman]

[-- Attachment #1: Type: text/plain, Size: 6992 bytes --]

On Sun, Apr 3, 2022, 6:23 PM Ranjitsinh Rathod <
ranjitsinhrathod1991@gmail.com> wrote:

> Hi Steve,
>
> There is one commented out line present. Is that really needed?
>

Good catch!  I'll remove that prior to the pull request.

Steve


> Thanks,
> Ranjitsinh Rathod
>
> On Mon, 4 Apr, 2022, 8:01 am Steve Sakoman, <steve@sakoman.com> wrote:
>
>> From: Davide Gardenal <davidegarde2000@gmail.com>
>>
>> Patch taken from
>>
>> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
>> from the following issue
>> https://github.com/golang/go/issues/48797
>>
>> Original repo
>> https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
>>
>> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>>  meta/recipes-devtools/go/go-1.14.inc          |  4 +
>>  .../go/go-1.14/CVE-2021-38297.patch           | 97 +++++++++++++++++++
>>  2 files changed, 101 insertions(+)
>>  create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>>
>> diff --git a/meta/recipes-devtools/go/go-1.14.inc
>> b/meta/recipes-devtools/go/go-1.14.inc
>> index 9b3c3b30a8..f98757d10d 100644
>> --- a/meta/recipes-devtools/go/go-1.14.inc
>> +++ b/meta/recipes-devtools/go/go-1.14.inc
>> @@ -19,9 +19,13 @@ SRC_URI += "\
>>      file://CVE-2021-34558.patch \
>>      file://CVE-2021-33196.patch \
>>      file://CVE-2021-33197.patch \
>> +    file://CVE-2021-38297.patch \
>>      file://CVE-2022-23806.patch \
>>      file://CVE-2022-23772.patch \
>>  "
>> +
>> +# file://CVE-2021-38297.patch
>> +
>>  SRC_URI_append_libc-musl = "
>> file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
>>  SRC_URI[main.sha256sum] =
>> "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
>>
>> diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>> b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>> new file mode 100644
>> index 0000000000..24ceabf808
>> --- /dev/null
>> +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>> @@ -0,0 +1,97 @@
>> +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001
>> +From: Michael Knyszek <mknyszek@google.com>
>> +Date: Thu, 2 Sep 2021 16:51:59 -0400
>> +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let
>> + command line args overwrite global data
>> +
>> +On Wasm, wasm_exec.js puts command line arguments at the beginning
>> +of the linear memory (following the "zero page"). Currently there
>> +is no limit for this, and a very long command line can overwrite
>> +the program's data section. Prevent this by limiting the command
>> +line to 4096 bytes, and in the linker ensuring the data section
>> +starts at a high enough address (8192).
>> +
>> +(Arguably our address assignment on Wasm is a bit confusing. This
>> +is the minimum fix I can come up with.)
>> +
>> +Thanks to Ben Lubar for reporting this issue.
>> +
>> +Change by Cherry Mui <cherryyz@google.com>.
>> +
>> +For #48797
>> +Fixes #48799
>> +Fixes CVE-2021-38297
>> +
>> +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
>> +Reviewed-on:
>> https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
>> +Reviewed-by
>> <https://team-review.git.corp.google.com/c/golang/go-private/+/1205933+Reviewed-by>:
>> Roland Shoemaker <bracewell@google.com>
>> +Reviewed-by: Than McIntosh <thanm@google.com>
>> +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
>> +Trust: Michael Knyszek <mknyszek@google.com>
>> +Reviewed-by: Heschi Kreinick <heschi@google.com>
>> +
>> +CVE: CVE-2021-38297
>> +
>> +Upstream-Status: Backport:
>> +
>> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
>> +
>> +Inline of ctxt.isWAsm followin this implemetation:
>> +
>> https://github.com/golang/go/blob/4548fcc8dfd933c237f29bba6f90040a85922564/src/cmd/link/internal/ld/target.go#L127
>> +
>> +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
>> +---
>> + misc/wasm/wasm_exec.js           |  7 +++++++
>> + src/cmd/link/internal/ld/data.go | 11 ++++++++++-
>> + 2 files changed, 17 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js
>> +index 82041e6bb901..a0a264278b1b 100644
>> +--- a/misc/wasm/wasm_exec.js
>> ++++ b/misc/wasm/wasm_exec.js
>> +@@ -564,6 +564,13 @@
>> +                               offset += 8;
>> +                       });
>> +
>> ++                      // The linker guarantees global data starts from
>> at least wasmMinDataAddr.
>> ++                      // Keep in sync with
>> cmd/link/internal/ld/data.go:wasmMinDataAddr.
>> ++                      const wasmMinDataAddr = 4096 + 4096;
>> ++                      if (offset >= wasmMinDataAddr) {
>> ++                              throw new Error("command line too long");
>> ++                      }
>> ++
>> +                       this._inst.exports.run(argc, argv);
>> +                       if (this.exited) {
>> +                               this._resolveExitPromise();
>> +diff --git a/src/cmd/link/internal/ld/data.go
>> b/src/cmd/link/internal/ld/data.go
>> +index 52035e96301c..54a1d188cdb9 100644
>> +--- a/src/cmd/link/internal/ld/data.go
>> ++++ b/src/cmd/link/internal/ld/data.go
>> +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section,
>> n int, s loader.Sym, va uint64
>> +       return sect, n, va
>> + }
>> +
>> ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for
>> wasm_exec.js
>> ++// to store command line args. Data sections starts from at least
>> address 8192.
>> ++// Keep in sync with wasm_exec.js.
>> ++const wasmMinDataAddr = 4096 + 4096
>> ++
>> + // address assigns virtual addresses to all segments and sections and
>> + // returns all segments in file order.
>> + func (ctxt *Link) address() []*sym.Segment {
>> +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment {
>> +       order = append(order, &Segtext)
>> +       Segtext.Rwx = 05
>> +       Segtext.Vaddr = va
>> +-      for _, s := range Segtext.Sections {
>> ++      for i, s := range Segtext.Sections {
>> +               va = uint64(Rnd(int64(va), int64(s.Align)))
>> +               s.Vaddr = va
>> +               va += s.Length
>> ++
>> ++              if ctxt.Arch.Family == sys.Wasm && i == 0 && va <
>> wasmMinDataAddr {
>> ++                      va = wasmMinDataAddr
>> ++              }
>> +       }
>> +
>> +       Segtext.Length = va - uint64(*FlagTextAddr)
>> +
>> \ No newline at end of file
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#163974):
>> https://lists.openembedded.org/g/openembedded-core/message/163974
>> Mute This Topic: https://lists.openembedded.org/mt/90233348/6360406
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
>> ranjitsinhrathod1991@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>>

[-- Attachment #2: Type: text/html, Size: 11006 bytes --]

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4435

The following changes since commit 54bbfe94ae4514386c572564bf221edfdbb2ce38:

  selftest: skip virgl test on all Alma Linux (2022-10-21 06:28:52 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  tzdata: update to 2022d

Bartosz Golaszewski (1):
  bluez5: add dbus to RDEPENDS

Daniel McGregor (1):
  coreutils: add openssl PACKAGECONFIG

Frank de Brabander (1):
  cve-update-db-native: add timeout to urlopen() calls

Hitendra Prajapati (2):
  golang: CVE-2022-2880 ReverseProxy should not forward unparseable
    query parameters
  libX11: CVE-2022-3554 Fix memory leak

Ranjitsinh Rathod (1):
  expat: Fix CVE-2022-43680 for expat

Teoh Jay Shen (1):
  vim: Upgrade 9.0.0598 -> 9.0.0614

 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 meta/recipes-core/coreutils/coreutils_8.31.bb |   1 +
 .../expat/expat/CVE-2022-43680.patch          |  33 ++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   1 +
 .../recipes-core/meta/cve-update-db-native.bb |   9 +-
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-2880.patch            | 164 ++++++++++++++++++
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../xorg-lib/libx11/CVE-2022-3554.patch       |  58 +++++++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 11 files changed, 272 insertions(+), 7 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch

-- 
2.25.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back
by end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4774

The following changes since commit deb919a693e4371ace649680ca06ca6b6e3da4e2:

  lib/buildstats: fix parsing of trees with reduced_proc_pressure directories (2023-01-06 17:34:50 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Changqing Li (1):
  base.bbclass: Fix way to check ccache path

Chee Yang Lee (1):
  libksba: fix CVE-2022-47629

Hitendra Prajapati (1):
  grub2: Fix CVE-2022-2601 & CVE-2022-3775

Luis (1):
  rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively

Pavel Zhukov (1):
  oeqa/rpm.py: Increase timeout and add debug output

Steve Sakoman (3):
  ovmf: fix gcc12 warning in GenFfs
  ovmf: fix gcc12 warning in LzmaEnc
  ovmf: fix gcc12 warning for device path handling

 meta/classes/base.bbclass                     |   2 +-
 meta/classes/rm_work.bbclass                  |  15 ++-
 meta/lib/oeqa/runtime/cases/rpm.py            |  23 ++--
 .../grub/files/CVE-2022-2601.patch            |  87 +++++++++++++
 .../grub/files/CVE-2022-3775.patch            |  97 +++++++++++++++
 ...erflow-in-grub_font_get_glyph_intern.patch | 117 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   3 +
 ...1-Basetools-genffs-fix-gcc12-warning.patch |  49 ++++++++
 ...-Basetools-lzmaenc-fix-gcc12-warning.patch |  53 ++++++++
 ...001-Basetools-turn-off-gcc12-warning.patch |  41 ++++++
 meta/recipes-core/ovmf/ovmf_git.bb            |   3 +
 .../libksba/libksba/CVE-2022-47629.patch      |  69 +++++++++++
 meta/recipes-support/libksba/libksba_1.3.5.bb |   4 +-
 13 files changed, 545 insertions(+), 18 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-2601.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-3775.patch
 create mode 100644 meta/recipes-bsp/grub/files/font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-genffs-fix-gcc12-warning.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-lzmaenc-fix-gcc12-warning.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-turn-off-gcc12-warning.patch
 create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-47629.patch

-- 
2.25.1

[OE-core][dunfell 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Tuesday, January 30

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6495

The following changes since commit 82e67bd9c77f0c5cbb652ca91071b9e57bdcfb33:

  build-appliance-image: Update to dunfell head revision (2024-01-22 03:34:05 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Khem Raj (1):
  systemtap: Fix build with gcc-12

Ranjitsinh Rathod (1):
  openssh: Fix CVE-2023-51385

Vijay Anusuri (5):
  sqlite3: Backport fix for CVE-2023-7104
  gnutls: Backport fix for CVE-2023-5981
  gnutls: Backport fix for CVE-2024-0553
  pam: Fix for CVE-2024-22365
  xserver-xorg: Multiple CVE fixes

virendra thakur (1):
  opkg: Fix bad memory access error observe in file_read_line_alloc

 .../openssh/openssh/CVE-2023-51385.patch      |  95 ++++++++
 .../openssh/openssh_8.2p1.bb                  |   1 +
 ...possible-bad-memory-access-in-file_r.patch |  50 ++++
 meta/recipes-devtools/opkg/opkg_0.4.2.bb      |   1 +
 .../pam/libpam/CVE-2024-22365.patch           |  59 +++++
 meta/recipes-extended/pam/libpam_1.3.1.bb     |   1 +
 .../xserver-xorg/CVE-2023-6816.patch          |  55 +++++
 .../xserver-xorg/CVE-2024-0229-1.patch        |  87 +++++++
 .../xserver-xorg/CVE-2024-0229-2.patch        | 221 ++++++++++++++++++
 .../xserver-xorg/CVE-2024-0229-3.patch        |  41 ++++
 .../xserver-xorg/CVE-2024-0229-4.patch        |  45 ++++
 .../xserver-xorg/CVE-2024-0408.patch          |  64 +++++
 .../xserver-xorg/CVE-2024-0409.patch          |  46 ++++
 .../xserver-xorg/CVE-2024-21885.patch         | 113 +++++++++
 .../xserver-xorg/CVE-2024-21886-1.patch       |  74 ++++++
 .../xserver-xorg/CVE-2024-21886-2.patch       |  57 +++++
 .../xorg-xserver/xserver-xorg_1.20.14.bb      |  10 +
 ...ility-re-tweak-for-rhel6-use-functio.patch |  49 ++++
 .../recipes-kernel/systemtap/systemtap_git.bb |   4 +-
 .../gnutls/gnutls/CVE-2023-5981.patch         | 206 ++++++++++++++++
 .../gnutls/gnutls/CVE-2024-0553.patch         | 125 ++++++++++
 meta/recipes-support/gnutls/gnutls_3.6.14.bb  |   2 +
 .../sqlite/files/CVE-2023-7104.patch          |  46 ++++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 24 files changed, 1452 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
 create mode 100644 meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-22365.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6816.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-3.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-4.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0408.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21885.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
 create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch

-- 
2.34.1