* [OE-core][kirkstone 00/18] Patch review
@ 2022-10-04 15:50 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 01/18] binutils : Fix CVE-2022-38127 Steve Sakoman
` (17 more replies)
0 siblings, 18 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4294
The following changes since commit d19cd09b43a7009d660b28ac9dcb21b8038e399f:
busybox: add devmem 128-bit support (2022-09-24 04:03:56 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (2):
rpm: update 4.17.0 -> 4.17.1
tzdata: update to 2022d
Daniel McGregor (1):
coreutils: add openssl PACKAGECONFIG
Denys Dmytriyenko (1):
glibc-locale: explicitly remove empty dirs in ${libdir}
Florin Diaconescu (2):
rsync: update 3.2.3 -> 3.2.4
rsync: update 3.2.4 -> 3.2.5
He Zhe (3):
lttng-tools: Disable on qemuriscv32
stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
lttng-tools: Disable on riscv32
Khem Raj (3):
webkitgtk: Upgrade to 2.36.6 minor update
webkitgtk: Update to 2.36.7
rpm: Remove -Wimplicit-function-declaration warnings
Martin Jansa (1):
create-pull-request: don't switch the git remote protocol to git://
Richard Purdie (2):
vim: Upgrade 9.0.0541 -> 9.0.0598
go: Fix reproducibility failures
Teoh Jay Shen (1):
bind: upgrade 9.18.6 -> 9.18.7
pgowda (1):
binutils : Fix CVE-2022-38127
wangmy (1):
bind: upgrade 9.18.5 -> 9.18.6
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.5 => bind-9.18.7}/bind9 | 0
.../{bind-9.18.5 => bind-9.18.7}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.5.bb => bind_9.18.7.bb} | 2 +-
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 +
meta/recipes-core/glibc/glibc-locale.inc | 5 +-
.../binutils/binutils-2.38.inc | 4 +
.../binutils/0017-CVE-2022-38127-1.patch | 1224 +++++++++++++++++
.../binutils/0017-CVE-2022-38127-2.patch | 188 +++
.../binutils/0017-CVE-2022-38127-3.patch | 211 +++
.../binutils/0017-CVE-2022-38127-4.patch | 43 +
meta/recipes-devtools/go/go-runtime.inc | 2 +
.../rpm/files/0001-CVE-2021-3521.patch | 57 -
...lib-rpm-as-the-installation-path-for.patch | 14 +-
...lling-execute-package-scriptlets-wit.patch | 18 +-
...-linux-gnux32-variant-to-triplet-han.patch | 31 +
.../rpm/files/0002-CVE-2021-3521.patch | 64 -
.../rpm/files/0003-CVE-2021-3521.patch | 329 -----
.../rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} | 6 +-
...-the-hostname-in-the-certificate-whe.patch | 31 -
.../rsync/files/makefile-no-rebuild.patch | 12 +-
.../rsync/{rsync_3.2.3.bb => rsync_3.2.5.bb} | 17 +-
...le-float128-math-on-powerpc64-to-avo.patch | 43 +
.../stress-ng/stress-ng_0.13.12.bb | 4 +-
meta/recipes-extended/timezone/timezone.inc | 6 +-
meta/recipes-kernel/lttng/lttng-platforms.inc | 4 +
...ebkitgtk_2.36.5.bb => webkitgtk_2.36.7.bb} | 3 +-
meta/recipes-support/vim/vim.inc | 4 +-
scripts/create-pull-request | 2 +-
35 files changed, 1803 insertions(+), 522 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.7}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.5.bb => bind_9.18.7.bb} (97%)
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch
delete mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
create mode 100644 meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
delete mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
delete mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
rename meta/recipes-devtools/rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} (97%)
delete mode 100644 meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
rename meta/recipes-devtools/rsync/{rsync_3.2.3.bb => rsync_3.2.5.bb} (67%)
create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.36.5.bb => webkitgtk_2.36.7.bb} (98%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 01/18] binutils : Fix CVE-2022-38127
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 02/18] vim: Upgrade 9.0.0541 -> 9.0.0598 Steve Sakoman
` (16 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: pgowda <pgowda.cve@gmail.com>
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199]
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed]
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../binutils/binutils-2.38.inc | 4 +
.../binutils/0017-CVE-2022-38127-1.patch | 1224 +++++++++++++++++
.../binutils/0017-CVE-2022-38127-2.patch | 188 +++
.../binutils/0017-CVE-2022-38127-3.patch | 211 +++
.../binutils/0017-CVE-2022-38127-4.patch | 43 +
5 files changed, 1670 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 2ddeb0ed39..fc88d4a79e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -35,5 +35,9 @@ SRC_URI = "\
file://0014-CVE-2019-1010204.patch \
file://0015-CVE-2022-38533.patch \
file://0016-CVE-2022-38126.patch \
+ file://0017-CVE-2022-38127-1.patch \
+ file://0017-CVE-2022-38127-2.patch \
+ file://0017-CVE-2022-38127-3.patch \
+ file://0017-CVE-2022-38127-4.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch
new file mode 100644
index 0000000000..9bbf1d6453
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch
@@ -0,0 +1,1224 @@
+From 19c26da69d68d5d863f37c06ad73ab6292d02ffa Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 6 Apr 2022 14:43:37 +0100
+Subject: [PATCH] Add code to display the contents of .debug_loclists sections
+ which contain offset entry tables.
+
+ PR 28981
+ * dwarf.c (fetch_indexed_value): Rename to fecth_indexed_addr and
+ return the address, rather than a string.
+ (fetch_indexed_value): New function - returns a value indexed by a
+ DW_FORM_loclistx or DW_FORM_rnglistx form.
+ (read_and_display_attr_value): Add support for DW_FORM_loclistx
+ and DW_FORM_rnglistx.
+ (process_debug_info): Load the loclists and rnglists sections.
+ (display_loclists_list): Add support for DW_LLE_base_addressx,
+ DW_LLE_startx_endx, DW_LLE_startx_length and
+ DW_LLE_default_location.
+ (display_offset_entry_loclists): New function. Displays a
+ .debug_loclists section that contains offset entry tables.
+ (display_debug_loc): Call the new function.
+ (display_debug_rnglists_list): Add support for
+ DW_RLE_base_addressx, DW_RLE_startx_endx and DW_RLE_startx_length.
+ (display_debug_ranges): Display the contents of the section's
+ header.
+ * dwarf.h (struct debug_info): Add loclists_base field.
+ * testsuite/binutils-all/dw5.W: Update expected output.
+ * testsuite/binutils-all/x86-64/pr26808.dump: Likewise.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ binutils/ChangeLog | 24 +
+ binutils/dwarf.c | 513 +++++++++++++++---
+ binutils/dwarf.h | 4 +
+ binutils/testsuite/binutils-all/dw5.W | 2 +-
+ .../binutils-all/x86-64/pr26808.dump | 82 +--
+ gas/ChangeLog | 5 +
+ gas/testsuite/gas/elf/dwarf-5-irp.d | 2 +-
+ 7 files changed, 517 insertions(+), 115 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 15b3c81a138..bc862f77c04 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -240,7 +240,7 @@ static const char *
+ dwarf_vmatoa_1 (const char *fmtch, dwarf_vma value, unsigned num_bytes)
+ {
+ /* As dwarf_vmatoa is used more then once in a printf call
+- for output, we are cycling through an fixed array of pointers
++ for output, we are cycling through a fixed array of pointers
+ for return address. */
+ static int buf_pos = 0;
+ static struct dwarf_vmatoa_buf
+@@ -796,24 +796,70 @@ fetch_indexed_string (dwarf_vma idx, str
+ return ret;
+ }
+
+-static const char *
+-fetch_indexed_value (dwarf_vma offset, dwarf_vma bytes)
++static dwarf_vma
++fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes)
+ {
+ struct dwarf_section *section = &debug_displays [debug_addr].section;
+
+ if (section->start == NULL)
+- return (_("<no .debug_addr section>"));
++ {
++ warn (_("<no .debug_addr section>"));
++ return 0;
++ }
+
+- if (offset + bytes > section->size)
++ if (offset + num_bytes > section->size)
+ {
+ warn (_("Offset into section %s too big: 0x%s\n"),
+ section->name, dwarf_vmatoa ("x", offset));
+- return "<offset too big>";
++ return 0;
+ }
+
+- return dwarf_vmatoa ("x", byte_get (section->start + offset, bytes));
++ return byte_get (section->start + offset, num_bytes);
+ }
+
++/* Fetch a value from a debug section that has been indexed by
++ something in another section (eg DW_FORM_loclistx).
++ Returns 0 if the value could not be found. */
++
++static dwarf_vma
++fetch_indexed_value (dwarf_vma index,
++ enum dwarf_section_display_enum sec_enum)
++{
++ struct dwarf_section *section = &debug_displays [sec_enum].section;
++
++ if (section->start == NULL)
++ {
++ warn (_("Unable to locate %s section\n"), section->uncompressed_name);
++ return 0;
++ }
++
++ uint32_t pointer_size, bias;
++
++ if (byte_get (section->start, 4) == 0xffffffff)
++ {
++ pointer_size = 8;
++ bias = 20;
++ }
++ else
++ {
++ pointer_size = 4;
++ bias = 12;
++ }
++
++ dwarf_vma offset = index * pointer_size;
++
++ /* Offsets are biased by the size of the section header. */
++ offset += bias;
++
++ if (offset + pointer_size > section->size)
++ {
++ warn (_("Offset into section %s too big: 0x%s\n"),
++ section->name, dwarf_vmatoa ("x", offset));
++ return 0;
++ }
++
++ return byte_get (section->start + offset, pointer_size);
++}
+
+ /* FIXME: There are better and more efficient ways to handle
+ these structures. For now though, I just want something that
+@@ -1999,6 +2045,8 @@ skip_attr_bytes (unsigned long form,
+ case DW_FORM_strx:
+ case DW_FORM_GNU_addr_index:
+ case DW_FORM_addrx:
++ case DW_FORM_loclistx:
++ case DW_FORM_rnglistx:
+ READ_ULEB (uvalue, data, end);
+ break;
+
+@@ -2410,9 +2458,6 @@ read_and_display_attr_value (unsigned lo
+
+ switch (form)
+ {
+- default:
+- break;
+-
+ case DW_FORM_ref_addr:
+ if (dwarf_version == 2)
+ SAFE_BYTE_GET_AND_INC (uvalue, data, pointer_size, end);
+@@ -2496,6 +2541,8 @@ read_and_display_attr_value (unsigned lo
+ case DW_FORM_udata:
+ case DW_FORM_GNU_addr_index:
+ case DW_FORM_addrx:
++ case DW_FORM_loclistx:
++ case DW_FORM_rnglistx:
+ READ_ULEB (uvalue, data, end);
+ break;
+
+@@ -2515,6 +2562,9 @@ read_and_display_attr_value (unsigned lo
+ case DW_FORM_implicit_const:
+ uvalue = implicit_const;
+ break;
++
++ default:
++ break;
+ }
+
+ switch (form)
+@@ -2710,6 +2760,8 @@ read_and_display_attr_value (unsigned lo
+ case DW_FORM_addrx2:
+ case DW_FORM_addrx3:
+ case DW_FORM_addrx4:
++ case DW_FORM_loclistx:
++ case DW_FORM_rnglistx:
+ if (!do_loc)
+ {
+ dwarf_vma base;
+@@ -2728,11 +2780,11 @@ read_and_display_attr_value (unsigned lo
+ /* We have already displayed the form name. */
+ printf (_("%c(index: 0x%s): %s"), delimiter,
+ dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_value (offset, pointer_size));
++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size)));
+ else
+ printf (_("%c(addr_index: 0x%s): %s"), delimiter,
+ dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_value (offset, pointer_size));
++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size)));
+ }
+ break;
+
+@@ -2754,6 +2806,13 @@ read_and_display_attr_value (unsigned lo
+ {
+ switch (attribute)
+ {
++ case DW_AT_loclists_base:
++ if (debug_info_p->loclists_base)
++ warn (_("CU @ 0x%s has multiple loclists_base values"),
++ dwarf_vmatoa ("x", debug_info_p->cu_offset));
++ debug_info_p->loclists_base = uvalue;
++ break;
++
+ case DW_AT_frame_base:
+ have_frame_base = 1;
+ /* Fall through. */
+@@ -2776,7 +2835,8 @@ read_and_display_attr_value (unsigned lo
+ case DW_AT_GNU_call_site_target_clobbered:
+ if ((dwarf_version < 4
+ && (form == DW_FORM_data4 || form == DW_FORM_data8))
+- || form == DW_FORM_sec_offset)
++ || form == DW_FORM_sec_offset
++ || form == DW_FORM_loclistx)
+ {
+ /* Process location list. */
+ unsigned int lmax = debug_info_p->max_loc_offsets;
+@@ -2796,11 +2856,17 @@ read_and_display_attr_value (unsigned lo
+ lmax, sizeof (*debug_info_p->have_frame_base));
+ debug_info_p->max_loc_offsets = lmax;
+ }
+- if (this_set != NULL)
++
++ if (form == DW_FORM_loclistx)
++ uvalue = fetch_indexed_value (uvalue, loclists);
++ else if (this_set != NULL)
+ uvalue += this_set->section_offsets [DW_SECT_LOC];
++
+ debug_info_p->have_frame_base [num] = have_frame_base;
+ if (attribute != DW_AT_GNU_locviews)
+ {
++ uvalue += debug_info_p->loclists_base;
++
+ /* Corrupt DWARF info can produce more offsets than views.
+ See PR 23062 for an example. */
+ if (debug_info_p->num_loc_offsets
+@@ -2844,7 +2910,8 @@ read_and_display_attr_value (unsigned lo
+ case DW_AT_ranges:
+ if ((dwarf_version < 4
+ && (form == DW_FORM_data4 || form == DW_FORM_data8))
+- || form == DW_FORM_sec_offset)
++ || form == DW_FORM_sec_offset
++ || form == DW_FORM_rnglistx)
+ {
+ /* Process range list. */
+ unsigned int lmax = debug_info_p->max_range_lists;
+@@ -2858,6 +2925,10 @@ read_and_display_attr_value (unsigned lo
+ lmax, sizeof (*debug_info_p->range_lists));
+ debug_info_p->max_range_lists = lmax;
+ }
++
++ if (form == DW_FORM_rnglistx)
++ uvalue = fetch_indexed_value (uvalue, rnglists);
++
+ debug_info_p->range_lists [num] = uvalue;
+ debug_info_p->num_range_lists++;
+ }
+@@ -3231,6 +3302,7 @@ read_and_display_attr_value (unsigned lo
+ have_frame_base = 1;
+ /* Fall through. */
+ case DW_AT_location:
++ case DW_AT_loclists_base:
+ case DW_AT_string_length:
+ case DW_AT_return_addr:
+ case DW_AT_data_member_location:
+@@ -3248,7 +3320,8 @@ read_and_display_attr_value (unsigned lo
+ case DW_AT_GNU_call_site_target_clobbered:
+ if ((dwarf_version < 4
+ && (form == DW_FORM_data4 || form == DW_FORM_data8))
+- || form == DW_FORM_sec_offset)
++ || form == DW_FORM_sec_offset
++ || form == DW_FORM_loclistx)
+ printf (_(" (location list)"));
+ /* Fall through. */
+ case DW_AT_allocated:
+@@ -3517,6 +3590,9 @@ process_debug_info (struct dwarf_section
+ }
+
+ load_debug_section_with_follow (abbrev_sec, file);
++ load_debug_section_with_follow (loclists, file);
++ load_debug_section_with_follow (rnglists, file);
++
+ if (debug_displays [abbrev_sec].section.start == NULL)
+ {
+ warn (_("Unable to locate %s section!\n"),
+@@ -3729,6 +3805,7 @@ process_debug_info (struct dwarf_section
+ debug_information [unit].have_frame_base = NULL;
+ debug_information [unit].max_loc_offsets = 0;
+ debug_information [unit].num_loc_offsets = 0;
++ debug_information [unit].loclists_base = 0;
+ debug_information [unit].range_lists = NULL;
+ debug_information [unit].max_range_lists= 0;
+ debug_information [unit].num_range_lists = 0;
+@@ -6465,20 +6542,21 @@ display_loc_list (struct dwarf_section *
+ /* Display a location list from a normal (ie, non-dwo) .debug_loclists section. */
+
+ static void
+-display_loclists_list (struct dwarf_section *section,
+- unsigned char **start_ptr,
+- unsigned int debug_info_entry,
+- dwarf_vma offset,
+- dwarf_vma base_address,
+- unsigned char **vstart_ptr,
+- int has_frame_base)
+-{
+- unsigned char *start = *start_ptr, *vstart = *vstart_ptr;
+- unsigned char *section_end = section->start + section->size;
+- dwarf_vma cu_offset;
+- unsigned int pointer_size;
+- unsigned int offset_size;
+- int dwarf_version;
++display_loclists_list (struct dwarf_section * section,
++ unsigned char ** start_ptr,
++ unsigned int debug_info_entry,
++ dwarf_vma offset,
++ dwarf_vma base_address,
++ unsigned char ** vstart_ptr,
++ int has_frame_base)
++{
++ unsigned char * start = *start_ptr;
++ unsigned char * vstart = *vstart_ptr;
++ unsigned char * section_end = section->start + section->size;
++ dwarf_vma cu_offset;
++ unsigned int pointer_size;
++ unsigned int offset_size;
++ unsigned int dwarf_version;
+
+ /* Initialize it due to a false compiler warning. */
+ dwarf_vma begin = -1, vbegin = -1;
+@@ -6544,27 +6622,59 @@ display_loclists_list (struct dwarf_sect
+ case DW_LLE_end_of_list:
+ printf (_("<End of list>\n"));
+ break;
++
++ case DW_LLE_base_addressx:
++ READ_ULEB (base_address, start, section_end);
++ print_dwarf_vma (base_address, pointer_size);
++ printf (_("(index into .debug_addr) "));
++ base_address = fetch_indexed_addr (base_address, pointer_size);
++ print_dwarf_vma (base_address, pointer_size);
++ printf (_("(base address)\n"));
++ break;
++
++ case DW_LLE_startx_endx:
++ READ_ULEB (begin, start, section_end);
++ begin = fetch_indexed_addr (begin, pointer_size);
++ READ_ULEB (end, start, section_end);
++ end = fetch_indexed_addr (end, pointer_size);
++ break;
++
++ case DW_LLE_startx_length:
++ READ_ULEB (begin, start, section_end);
++ begin = fetch_indexed_addr (begin, pointer_size);
++ READ_ULEB (end, start, section_end);
++ end += begin;
++ break;
++
++ case DW_LLE_default_location:
++ begin = end = 0;
++ break;
++
+ case DW_LLE_offset_pair:
+ READ_ULEB (begin, start, section_end);
+ begin += base_address;
+ READ_ULEB (end, start, section_end);
+ end += base_address;
+ break;
++
++ case DW_LLE_base_address:
++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size,
++ section_end);
++ print_dwarf_vma (base_address, pointer_size);
++ printf (_("(base address)\n"));
++ break;
++
+ case DW_LLE_start_end:
+ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end);
+ SAFE_BYTE_GET_AND_INC (end, start, pointer_size, section_end);
+ break;
++
+ case DW_LLE_start_length:
+ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end);
+ READ_ULEB (end, start, section_end);
+ end += begin;
+ break;
+- case DW_LLE_base_address:
+- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size,
+- section_end);
+- print_dwarf_vma (base_address, pointer_size);
+- printf (_("(base address)\n"));
+- break;
++
+ #ifdef DW_LLE_view_pair
+ case DW_LLE_view_pair:
+ if (vstart)
+@@ -6578,15 +6688,17 @@ display_loclists_list (struct dwarf_sect
+ printf (_("views for:\n"));
+ continue;
+ #endif
++
+ default:
+ error (_("Invalid location list entry type %d\n"), llet);
+ return;
+ }
++
+ if (llet == DW_LLE_end_of_list)
+ break;
+- if (llet != DW_LLE_offset_pair
+- && llet != DW_LLE_start_end
+- && llet != DW_LLE_start_length)
++
++ if (llet == DW_LLE_base_address
++ || llet == DW_LLE_base_addressx)
+ continue;
+
+ if (start == section_end)
+@@ -6828,6 +6940,218 @@ loc_offsets_compar (const void *ap, cons
+ }
+
+ static int
++display_offset_entry_loclists (struct dwarf_section *section)
++{
++ unsigned char * start = section->start;
++ unsigned char * const end = start + section->size;
++
++ introduce (section, false);
++
++ do
++ {
++ dwarf_vma length;
++ unsigned short version;
++ unsigned char address_size;
++ unsigned char segment_selector_size;
++ uint32_t offset_entry_count;
++ uint32_t i;
++ bool is_64bit;
++
++ printf (_("Table at Offset 0x%lx\n"), (long)(start - section->start));
++
++ SAFE_BYTE_GET_AND_INC (length, start, 4, end);
++ if (length == 0xffffffff)
++ {
++ is_64bit = true;
++ SAFE_BYTE_GET_AND_INC (length, start, 8, end);
++ }
++ else
++ is_64bit = false;
++
++ SAFE_BYTE_GET_AND_INC (version, start, 2, end);
++ SAFE_BYTE_GET_AND_INC (address_size, start, 1, end);
++ SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, end);
++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, end);
++
++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", length));
++ printf (_(" DWARF version: %u\n"), version);
++ printf (_(" Address size: %u\n"), address_size);
++ printf (_(" Segment size: %u\n"), segment_selector_size);
++ printf (_(" Offset entries: %u\n"), offset_entry_count);
++
++ if (version < 5)
++ {
++ warn (_("The %s section contains a corrupt or "
++ "unsupported version number: %d.\n"),
++ section->name, version);
++ return 0;
++ }
++
++ if (segment_selector_size != 0)
++ {
++ warn (_("The %s section contains an "
++ "unsupported segment selector size: %d.\n"),
++ section->name, segment_selector_size);
++ return 0;
++ }
++
++ if (offset_entry_count == 0)
++ {
++ warn (_("The %s section contains a table without offset\n"),
++ section->name);
++ return 0;
++ }
++
++ printf (_("\n Offset Entries starting at 0x%lx:\n"),
++ (long)(start - section->start));
++
++ if (is_64bit)
++ {
++ for (i = 0; i < offset_entry_count; i++)
++ {
++ dwarf_vma entry;
++
++ SAFE_BYTE_GET_AND_INC (entry, start, 8, end);
++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry));
++ }
++ }
++ else
++ {
++ for (i = 0; i < offset_entry_count; i++)
++ {
++ uint32_t entry;
++
++ SAFE_BYTE_GET_AND_INC (entry, start, 4, end);
++ printf (_(" [%6u] 0x%x\n"), i, entry);
++ }
++ }
++
++ putchar ('\n');
++
++ uint32_t j;
++
++ for (j = 1, i = 0; i < offset_entry_count;)
++ {
++ unsigned char lle;
++ dwarf_vma base_address = 0;
++ dwarf_vma begin;
++ dwarf_vma finish;
++ dwarf_vma off = start - section->start;
++
++ if (j != i)
++ {
++ printf (_(" Offset Entry %u\n"), i);
++ j = i;
++ }
++
++ printf (" ");
++ print_dwarf_vma (off, 4);
++
++ SAFE_BYTE_GET_AND_INC (lle, start, 1, end);
++
++ switch (lle)
++ {
++ case DW_LLE_end_of_list:
++ printf (_("<End of list>\n\n"));
++ i ++;
++ continue;
++
++ case DW_LLE_base_addressx:
++ READ_ULEB (base_address, start, end);
++ print_dwarf_vma (base_address, address_size);
++ printf (_("(index into .debug_addr) "));
++ base_address = fetch_indexed_addr (base_address, address_size);
++ print_dwarf_vma (base_address, address_size);
++ printf (_("(base address)\n"));
++ continue;
++
++ case DW_LLE_startx_endx:
++ READ_ULEB (begin, start, end);
++ begin = fetch_indexed_addr (begin, address_size);
++ READ_ULEB (finish, start, end);
++ finish = fetch_indexed_addr (finish, address_size);
++ break;
++
++ case DW_LLE_startx_length:
++ READ_ULEB (begin, start, end);
++ begin = fetch_indexed_addr (begin, address_size);
++ READ_ULEB (finish, start, end);
++ finish += begin;
++ break;
++
++ case DW_LLE_offset_pair:
++ READ_ULEB (begin, start, end);
++ begin += base_address;
++ READ_ULEB (finish, start, end);
++ finish += base_address;
++ break;
++
++ case DW_LLE_default_location:
++ begin = finish = 0;
++ break;
++
++ case DW_LLE_base_address:
++ SAFE_BYTE_GET_AND_INC (base_address, start, address_size, end);
++ print_dwarf_vma (base_address, address_size);
++ printf (_("(base address)\n"));
++ continue;
++
++ case DW_LLE_start_end:
++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end);
++ SAFE_BYTE_GET_AND_INC (finish, start, address_size, end);
++ break;
++
++ case DW_LLE_start_length:
++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end);
++ READ_ULEB (finish, start, end);
++ finish += begin;
++ break;
++
++ default:
++ error (_("Invalid location list entry type %d\n"), lle);
++ return 0;
++ }
++
++ if (start == end)
++ {
++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"),
++ (unsigned long) off);
++ break;
++ }
++
++ print_dwarf_vma (begin, address_size);
++ print_dwarf_vma (finish, address_size);
++
++ if (begin == finish)
++ fputs (_(" (start == end)"), stdout);
++ else if (begin > finish)
++ fputs (_(" (start > end)"), stdout);
++
++ /* Read the counted location descriptions. */
++ READ_ULEB (length, start, end);
++
++ if (length > (size_t) (end - start))
++ {
++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"),
++ (unsigned long) off);
++ break;
++ }
++
++ putchar (' ');
++ (void) decode_location_expression (start, address_size, address_size,
++ version, length, 0, section);
++ start += length;
++ putchar ('\n');
++ }
++
++ putchar ('\n');
++ }
++ while (start < end);
++
++ return 1;
++}
++
++static int
+ display_debug_loc (struct dwarf_section *section, void *file)
+ {
+ unsigned char *start = section->start, *vstart = NULL;
+@@ -6893,13 +7217,9 @@ display_debug_loc (struct dwarf_section
+ }
+
+ SAFE_BYTE_GET_AND_INC (offset_entry_count, hdrptr, 4, end);
++
+ if (offset_entry_count != 0)
+- {
+- warn (_("The %s section contains "
+- "unsupported offset entry count: %d.\n"),
+- section->name, offset_entry_count);
+- return 0;
+- }
++ return display_offset_entry_loclists (section);
+
+ expected_start = hdrptr - section_begin;
+ }
+@@ -6959,9 +7279,10 @@ display_debug_loc (struct dwarf_section
+ if (debug_information [first].num_loc_offsets > 0
+ && debug_information [first].loc_offsets [0] != expected_start
+ && debug_information [first].loc_views [0] != expected_start)
+- warn (_("Location lists in %s section start at 0x%s\n"),
++ warn (_("Location lists in %s section start at 0x%s rather than 0x%s\n"),
+ section->name,
+- dwarf_vmatoa ("x", debug_information [first].loc_offsets [0]));
++ dwarf_vmatoa ("x", debug_information [first].loc_offsets [0]),
++ dwarf_vmatoa ("x", expected_start));
+
+ if (!locs_sorted)
+ array = (unsigned int *) xcmalloc (num_loc_list, sizeof (unsigned int));
+@@ -7639,24 +7960,44 @@ display_debug_rnglists_list (unsigned ch
+ case DW_RLE_end_of_list:
+ printf (_("<End of list>\n"));
+ break;
+- case DW_RLE_base_address:
+- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish);
++ case DW_RLE_base_addressx:
++ READ_ULEB (base_address, start, finish);
++ print_dwarf_vma (base_address, pointer_size);
++ printf (_("(base address index) "));
++ base_address = fetch_indexed_addr (base_address, pointer_size);
+ print_dwarf_vma (base_address, pointer_size);
+ printf (_("(base address)\n"));
+ break;
+- case DW_RLE_start_length:
+- SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish);
++ case DW_RLE_startx_endx:
++ READ_ULEB (begin, start, finish);
++ READ_ULEB (end, start, finish);
++ begin = fetch_indexed_addr (begin, pointer_size);
++ end = fetch_indexed_addr (begin, pointer_size);
++ break;
++ case DW_RLE_startx_length:
++ READ_ULEB (begin, start, finish);
+ READ_ULEB (length, start, finish);
++ begin = fetch_indexed_addr (begin, pointer_size);
+ end = begin + length;
+ break;
+ case DW_RLE_offset_pair:
+ READ_ULEB (begin, start, finish);
+ READ_ULEB (end, start, finish);
+ break;
++ case DW_RLE_base_address:
++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish);
++ print_dwarf_vma (base_address, pointer_size);
++ printf (_("(base address)\n"));
++ break;
+ case DW_RLE_start_end:
+ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish);
+ SAFE_BYTE_GET_AND_INC (end, start, pointer_size, finish);
+ break;
++ case DW_RLE_start_length:
++ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish);
++ READ_ULEB (length, start, finish);
++ end = begin + length;
++ break;
+ default:
+ error (_("Invalid range list entry type %d\n"), rlet);
+ rlet = DW_RLE_end_of_list;
+@@ -7664,7 +8005,7 @@ display_debug_rnglists_list (unsigned ch
+ }
+ if (rlet == DW_RLE_end_of_list)
+ break;
+- if (rlet == DW_RLE_base_address)
++ if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx)
+ continue;
+
+ /* Only a DW_RLE_offset_pair needs the base address added. */
+@@ -7709,6 +8050,8 @@ display_debug_ranges (struct dwarf_secti
+ return 0;
+ }
+
++ introduce (section, false);
++
+ if (is_rnglists)
+ {
+ dwarf_vma initial_length;
+@@ -7745,19 +8088,19 @@ display_debug_ranges (struct dwarf_secti
+ }
+ }
+
+- /* Get and check the version number. */
++ /* Get the other fields in the header. */
+ SAFE_BYTE_GET_AND_INC (version, start, 2, finish);
+-
+- if (version != 5)
+- {
+- warn (_("Only DWARF version 5 debug_rnglists info "
+- "is currently supported.\n"));
+- return 0;
+- }
+-
+ SAFE_BYTE_GET_AND_INC (address_size, start, 1, finish);
+-
+ SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, finish);
++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish);
++
++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", initial_length));
++ printf (_(" DWARF version: %u\n"), version);
++ printf (_(" Address size: %u\n"), address_size);
++ printf (_(" Segment size: %u\n"), segment_selector_size);
++ printf (_(" Offset entries: %u\n"), offset_entry_count);
++
++ /* Check the fields. */
+ if (segment_selector_size != 0)
+ {
+ warn (_("The %s section contains "
+@@ -7766,16 +8109,39 @@ display_debug_ranges (struct dwarf_secti
+ return 0;
+ }
+
+- SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish);
+- if (offset_entry_count != 0)
++ if (version < 5)
+ {
+- warn (_("The %s section contains "
+- "unsupported offset entry count: %u.\n"),
+- section->name, offset_entry_count);
++ warn (_("Only DWARF version 5+ debug_rnglists info "
++ "is currently supported.\n"));
+ return 0;
+ }
+- }
+
++ if (offset_entry_count != 0)
++ {
++ printf (_("\n Offsets starting at 0x%lx:\n"), (long)(start - section->start));
++ if (offset_size == 8)
++ {
++ for (i = 0; i < offset_entry_count; i++)
++ {
++ dwarf_vma entry;
++
++ SAFE_BYTE_GET_AND_INC (entry, start, 8, finish);
++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry));
++ }
++ }
++ else
++ {
++ for (i = 0; i < offset_entry_count; i++)
++ {
++ uint32_t entry;
++
++ SAFE_BYTE_GET_AND_INC (entry, start, 4, finish);
++ printf (_(" [%6u] 0x%x\n"), i, entry);
++ }
++ }
++ }
++ }
++
+ if (load_debug_info (file) == 0)
+ {
+ warn (_("Unable to load/parse the .debug_info section, so cannot interpret the %s section.\n"),
+@@ -7834,8 +8200,7 @@ display_debug_ranges (struct dwarf_secti
+ warn (_("Range lists in %s section start at 0x%lx\n"),
+ section->name, (unsigned long) range_entries[0].ranges_offset);
+
+- introduce (section, false);
+-
++ putchar ('\n');
+ printf (_(" Offset Begin End\n"));
+
+ for (i = 0; i < num_range_list; i++)
+@@ -7895,8 +8260,12 @@ display_debug_ranges (struct dwarf_secti
+ start = next;
+ last_start = next;
+
+- (is_rnglists ? display_debug_rnglists_list : display_debug_ranges_list)
+- (start, finish, pointer_size, offset, base_address);
++ if (is_rnglists)
++ display_debug_rnglists_list
++ (start, finish, pointer_size, offset, base_address);
++ else
++ display_debug_ranges_list
++ (start, finish, pointer_size, offset, base_address);
+ }
+ putchar ('\n');
+
+diff --git a/binutils/dwarf.h b/binutils/dwarf.h
+index 4fc62abfa4c..ccce2461c81 100644
+--- a/binutils/dwarf.h
++++ b/binutils/dwarf.h
+@@ -181,9 +181,13 @@ typedef struct
+ /* This is an array of offsets to the location view table. */
+ dwarf_vma * loc_views;
+ int * have_frame_base;
++
++ /* Information for associating location lists with CUs. */
+ unsigned int num_loc_offsets;
+ unsigned int max_loc_offsets;
+ unsigned int num_loc_views;
++ dwarf_vma loclists_base;
++
+ /* List of .debug_ranges offsets seen in this .debug_info. */
+ dwarf_vma * range_lists;
+ unsigned int num_range_lists;
+diff --git a/binutils/testsuite/binutils-all/dw5.W b/binutils/testsuite/binutils-all/dw5.W
+index ebab8b7d3b0..bfcdac175ba 100644
+--- a/binutils/testsuite/binutils-all/dw5.W
++++ b/binutils/testsuite/binutils-all/dw5.W
+@@ -281,7 +281,7 @@ Contents of the .debug_loclists section:
+ 00000039 <End of list>
+
+ Contents of the .debug_rnglists section:
+-
++#...
+ Offset Begin End
+ 0000000c 0000000000001234 0000000000001236
+ 00000016 0000000000001234 0000000000001239
+diff --git a/binutils/testsuite/binutils-all/x86-64/pr26808.dump b/binutils/testsuite/binutils-all/x86-64/pr26808.dump
+index f64f9d008f9..7ef73b24dc9 100644
+--- a/binutils/testsuite/binutils-all/x86-64/pr26808.dump
++++ b/binutils/testsuite/binutils-all/x86-64/pr26808.dump
+@@ -30,13 +30,13 @@ Contents of the .debug_info.dwo section:
+ <a5> DW_AT_decl_file : 1
+ <a6> DW_AT_decl_line : 30
+ <a7> DW_AT_type : <0x90>
+- <ab> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section>
++ <ab> DW_AT_low_pc : (addr_index: 0x0): 0
+ <ac> DW_AT_high_pc : 0x304
+ <b4> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <b6> DW_AT_GNU_all_tail_call_sites: 1
+ <b6> DW_AT_sibling : <0x11b>
+ <2><ba>: Abbrev Number: 14 (DW_TAG_lexical_block)
+- <bb> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section>
++ <bb> DW_AT_low_pc : (addr_index: 0x1): 0
+ <bc> DW_AT_high_pc : 0x2fa
+ <3><c4>: Abbrev Number: 15 (DW_TAG_variable)
+ <c5> DW_AT_name : c1
+@@ -56,7 +56,7 @@ Contents of the .debug_info.dwo section:
+ <ff> DW_AT_artificial : 1
+ <ff> DW_AT_location : 2 byte block: fb 2 (DW_OP_GNU_addr_index <0x2>)
+ <3><102>: Abbrev Number: 14 (DW_TAG_lexical_block)
+- <103> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section>
++ <103> DW_AT_low_pc : (addr_index: 0x3): 0
+ <104> DW_AT_high_pc : 0x2f
+ <4><10c>: Abbrev Number: 17 (DW_TAG_variable)
+ <10d> DW_AT_name : i
+@@ -274,7 +274,7 @@ Contents of the .debug_info.dwo section:
+ <2dd> DW_AT_decl_file : 1
+ <2de> DW_AT_decl_line : 70
+ <2df> DW_AT_linkage_name: _Z4f13iv
+- <2e8> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section>
++ <2e8> DW_AT_low_pc : (addr_index: 0x0): 0
+ <2e9> DW_AT_high_pc : 0x6
+ <2f1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <2f3> DW_AT_GNU_all_call_sites: 1
+@@ -282,7 +282,7 @@ Contents of the .debug_info.dwo section:
+ <2f4> DW_AT_specification: <0x219>
+ <2f8> DW_AT_decl_file : 2
+ <2f9> DW_AT_decl_line : 30
+- <2fa> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section>
++ <2fa> DW_AT_low_pc : (addr_index: 0x1): 0
+ <2fb> DW_AT_high_pc : 0x20
+ <303> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <305> DW_AT_object_pointer: <0x30d>
+@@ -300,7 +300,7 @@ Contents of the .debug_info.dwo section:
+ <31d> DW_AT_specification: <0x223>
+ <321> DW_AT_decl_file : 2
+ <322> DW_AT_decl_line : 38
+- <323> DW_AT_low_pc : (addr_index: 0x2): <no .debug_addr section>
++ <323> DW_AT_low_pc : (addr_index: 0x2): 0
+ <324> DW_AT_high_pc : 0x18
+ <32c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <32e> DW_AT_object_pointer: <0x336>
+@@ -316,7 +316,7 @@ Contents of the .debug_info.dwo section:
+ <341> DW_AT_specification: <0x22d>
+ <345> DW_AT_decl_file : 2
+ <346> DW_AT_decl_line : 46
+- <347> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section>
++ <347> DW_AT_low_pc : (addr_index: 0x3): 0
+ <348> DW_AT_high_pc : 0x18
+ <350> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <352> DW_AT_object_pointer: <0x35a>
+@@ -332,7 +332,7 @@ Contents of the .debug_info.dwo section:
+ <365> DW_AT_specification: <0x237>
+ <369> DW_AT_decl_file : 2
+ <36a> DW_AT_decl_line : 54
+- <36b> DW_AT_low_pc : (addr_index: 0x4): <no .debug_addr section>
++ <36b> DW_AT_low_pc : (addr_index: 0x4): 0
+ <36c> DW_AT_high_pc : 0x16
+ <374> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <376> DW_AT_object_pointer: <0x37e>
+@@ -348,7 +348,7 @@ Contents of the .debug_info.dwo section:
+ <389> DW_AT_specification: <0x26b>
+ <38d> DW_AT_decl_file : 2
+ <38e> DW_AT_decl_line : 62
+- <38f> DW_AT_low_pc : (addr_index: 0x5): <no .debug_addr section>
++ <38f> DW_AT_low_pc : (addr_index: 0x5): 0
+ <390> DW_AT_high_pc : 0x16
+ <398> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <39a> DW_AT_object_pointer: <0x3a2>
+@@ -366,7 +366,7 @@ Contents of the .debug_info.dwo section:
+ <3b2> DW_AT_specification: <0x275>
+ <3b6> DW_AT_decl_file : 2
+ <3b7> DW_AT_decl_line : 72
+- <3b8> DW_AT_low_pc : (addr_index: 0x6): <no .debug_addr section>
++ <3b8> DW_AT_low_pc : (addr_index: 0x6): 0
+ <3b9> DW_AT_high_pc : 0x1b
+ <3c1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <3c3> DW_AT_object_pointer: <0x3cb>
+@@ -382,7 +382,7 @@ Contents of the .debug_info.dwo section:
+ <3d6> DW_AT_specification: <0x27f>
+ <3da> DW_AT_decl_file : 2
+ <3db> DW_AT_decl_line : 82
+- <3dc> DW_AT_low_pc : (addr_index: 0x7): <no .debug_addr section>
++ <3dc> DW_AT_low_pc : (addr_index: 0x7): 0
+ <3dd> DW_AT_high_pc : 0x1b
+ <3e5> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <3e7> DW_AT_object_pointer: <0x3ef>
+@@ -398,7 +398,7 @@ Contents of the .debug_info.dwo section:
+ <3fa> DW_AT_specification: <0x289>
+ <3fe> DW_AT_decl_file : 2
+ <3ff> DW_AT_decl_line : 92
+- <400> DW_AT_low_pc : (addr_index: 0x8): <no .debug_addr section>
++ <400> DW_AT_low_pc : (addr_index: 0x8): 0
+ <401> DW_AT_high_pc : 0x19
+ <409> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <40b> DW_AT_object_pointer: <0x413>
+@@ -414,7 +414,7 @@ Contents of the .debug_info.dwo section:
+ <41e> DW_AT_specification: <0x2ae>
+ <422> DW_AT_decl_file : 2
+ <423> DW_AT_decl_line : 102
+- <424> DW_AT_low_pc : (addr_index: 0x9): <no .debug_addr section>
++ <424> DW_AT_low_pc : (addr_index: 0x9): 0
+ <425> DW_AT_high_pc : 0x19
+ <42d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <42f> DW_AT_object_pointer: <0x437>
+@@ -432,7 +432,7 @@ Contents of the .debug_info.dwo section:
+ <447> DW_AT_specification: <0x2b8>
+ <44b> DW_AT_decl_file : 2
+ <44c> DW_AT_decl_line : 112
+- <44d> DW_AT_low_pc : (addr_index: 0xa): <no .debug_addr section>
++ <44d> DW_AT_low_pc : (addr_index: 0xa): 0
+ <44e> DW_AT_high_pc : 0x1f
+ <456> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <458> DW_AT_object_pointer: <0x460>
+@@ -451,7 +451,7 @@ Contents of the .debug_info.dwo section:
+ <471> DW_AT_decl_line : 120
+ <472> DW_AT_linkage_name: _Z4f11av
+ <47b> DW_AT_type : <0x242>
+- <47f> DW_AT_low_pc : (addr_index: 0xb): <no .debug_addr section>
++ <47f> DW_AT_low_pc : (addr_index: 0xb): 0
+ <480> DW_AT_high_pc : 0xb
+ <488> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <48a> DW_AT_GNU_all_call_sites: 1
+@@ -459,7 +459,7 @@ Contents of the .debug_info.dwo section:
+ <48b> DW_AT_specification: <0x2c2>
+ <48f> DW_AT_decl_file : 2
+ <490> DW_AT_decl_line : 126
+- <491> DW_AT_low_pc : (addr_index: 0xc): <no .debug_addr section>
++ <491> DW_AT_low_pc : (addr_index: 0xc): 0
+ <492> DW_AT_high_pc : 0x20
+ <49a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <49c> DW_AT_object_pointer: <0x4a4>
+@@ -478,7 +478,7 @@ Contents of the .debug_info.dwo section:
+ <4b4> DW_AT_decl_line : 134
+ <4b5> DW_AT_linkage_name: _Z3t12v
+ <4bd> DW_AT_type : <0x249>
+- <4c1> DW_AT_low_pc : (addr_index: 0xd): <no .debug_addr section>
++ <4c1> DW_AT_low_pc : (addr_index: 0xd): 0
+ <4c2> DW_AT_high_pc : 0x19
+ <4ca> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <4cc> DW_AT_GNU_all_tail_call_sites: 1
+@@ -489,7 +489,7 @@ Contents of the .debug_info.dwo section:
+ <4d2> DW_AT_decl_line : 142
+ <4d3> DW_AT_linkage_name: _Z3t13v
+ <4db> DW_AT_type : <0x249>
+- <4df> DW_AT_low_pc : (addr_index: 0xe): <no .debug_addr section>
++ <4df> DW_AT_low_pc : (addr_index: 0xe): 0
+ <4e0> DW_AT_high_pc : 0x14
+ <4e8> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <4ea> DW_AT_GNU_all_tail_call_sites: 1
+@@ -500,13 +500,13 @@ Contents of the .debug_info.dwo section:
+ <4f0> DW_AT_decl_line : 150
+ <4f1> DW_AT_linkage_name: _Z3t14v
+ <4f9> DW_AT_type : <0x249>
+- <4fd> DW_AT_low_pc : (addr_index: 0xf): <no .debug_addr section>
++ <4fd> DW_AT_low_pc : (addr_index: 0xf): 0
+ <4fe> DW_AT_high_pc : 0x61
+ <506> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <508> DW_AT_GNU_all_tail_call_sites: 1
+ <508> DW_AT_sibling : <0x532>
+ <2><50c>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <50d> DW_AT_low_pc : (addr_index: 0x10): <no .debug_addr section>
++ <50d> DW_AT_low_pc : (addr_index: 0x10): 0
+ <50e> DW_AT_high_pc : 0x57
+ <3><516>: Abbrev Number: 25 (DW_TAG_variable)
+ <517> DW_AT_name : s1
+@@ -538,13 +538,13 @@ Contents of the .debug_info.dwo section:
+ <54b> DW_AT_decl_line : 163
+ <54c> DW_AT_linkage_name: _Z3t15v
+ <554> DW_AT_type : <0x249>
+- <558> DW_AT_low_pc : (addr_index: 0x11): <no .debug_addr section>
++ <558> DW_AT_low_pc : (addr_index: 0x11): 0
+ <559> DW_AT_high_pc : 0x5d
+ <561> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <563> DW_AT_GNU_all_tail_call_sites: 1
+ <563> DW_AT_sibling : <0x58d>
+ <2><567>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <568> DW_AT_low_pc : (addr_index: 0x12): <no .debug_addr section>
++ <568> DW_AT_low_pc : (addr_index: 0x12): 0
+ <569> DW_AT_high_pc : 0x53
+ <3><571>: Abbrev Number: 25 (DW_TAG_variable)
+ <572> DW_AT_name : s1
+@@ -576,7 +576,7 @@ Contents of the .debug_info.dwo section:
+ <5a9> DW_AT_decl_line : 176
+ <5aa> DW_AT_linkage_name: _Z3t16v
+ <5b2> DW_AT_type : <0x249>
+- <5b6> DW_AT_low_pc : (addr_index: 0x13): <no .debug_addr section>
++ <5b6> DW_AT_low_pc : (addr_index: 0x13): 0
+ <5b7> DW_AT_high_pc : 0x13
+ <5bf> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <5c1> DW_AT_GNU_all_tail_call_sites: 1
+@@ -587,13 +587,13 @@ Contents of the .debug_info.dwo section:
+ <5c7> DW_AT_decl_line : 184
+ <5c8> DW_AT_linkage_name: _Z3t17v
+ <5d0> DW_AT_type : <0x249>
+- <5d4> DW_AT_low_pc : (addr_index: 0x14): <no .debug_addr section>
++ <5d4> DW_AT_low_pc : (addr_index: 0x14): 0
+ <5d5> DW_AT_high_pc : 0x5f
+ <5dd> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <5df> DW_AT_GNU_all_call_sites: 1
+ <5df> DW_AT_sibling : <0x612>
+ <2><5e3>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <5e4> DW_AT_low_pc : (addr_index: 0x15): <no .debug_addr section>
++ <5e4> DW_AT_low_pc : (addr_index: 0x15): 0
+ <5e5> DW_AT_high_pc : 0x59
+ <3><5ed>: Abbrev Number: 25 (DW_TAG_variable)
+ <5ee> DW_AT_name : c
+@@ -602,7 +602,7 @@ Contents of the .debug_info.dwo section:
+ <5f2> DW_AT_type : <0x53d>
+ <5f6> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17)
+ <3><5f9>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <5fa> DW_AT_low_pc : (addr_index: 0x16): <no .debug_addr section>
++ <5fa> DW_AT_low_pc : (addr_index: 0x16): 0
+ <5fb> DW_AT_high_pc : 0x50
+ <4><603>: Abbrev Number: 25 (DW_TAG_variable)
+ <604> DW_AT_name : i
+@@ -620,13 +620,13 @@ Contents of the .debug_info.dwo section:
+ <618> DW_AT_decl_line : 199
+ <619> DW_AT_linkage_name: _Z3t18v
+ <621> DW_AT_type : <0x249>
+- <625> DW_AT_low_pc : (addr_index: 0x17): <no .debug_addr section>
++ <625> DW_AT_ow_pc : (addr_index: 0x17): 0
+ <626> DW_AT_high_pc : 0x5f
+ <62e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <630> DW_AT_GNU_all_tail_call_sites: 1
+ <630> DW_AT_sibling : <0x67a>
+ <2><634>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <635> DW_AT_low_pc : (addr_index: 0x18): <no .debug_addr section>
++ <635> DW_AT_low_pc : (addr_index: 0x18): 0
+ <636> DW_AT_high_pc : 0x55
+ <3><63e>: Abbrev Number: 25 (DW_TAG_variable)
+ <63f> DW_AT_name : c
+@@ -635,7 +635,7 @@ Contents of the .debug_info.dwo section:
+ <643> DW_AT_type : <0x53d>
+ <647> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17)
+ <3><64a>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <64b> DW_AT_low_pc : (addr_index: 0x19): <no .debug_addr section>
++ <64b> DW_AT_low_pc : (addr_index: 0x19): 0
+ <64c> DW_AT_high_pc : 0x4c
+ <4><654>: Abbrev Number: 25 (DW_TAG_variable)
+ <655> DW_AT_name : i
+@@ -644,7 +644,7 @@ Contents of the .debug_info.dwo section:
+ <659> DW_AT_type : <0x242>
+ <65d> DW_AT_location : 2 byte block: 91 68 (DW_OP_fbreg: -24)
+ <4><660>: Abbrev Number: 24 (DW_TAG_lexical_block)
+- <661> DW_AT_low_pc : (addr_index: 0x1a): <no .debug_addr section>
++ <661> DW_AT_low_pc : (addr_index: 0x1a): 0
+ <662> DW_AT_high_pc : 0x34
+ <5><66a>: Abbrev Number: 25 (DW_TAG_variable)
+ <66b> DW_AT_name : s
+@@ -786,7 +786,7 @@ Contents of the .debug_info.dwo section:
+ <7d3> DW_AT_decl_line : 32
+ <7d4> DW_AT_linkage_name: _Z4t16av
+ <7dd> DW_AT_type : <0x7c4>
+- <7e1> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section>
++ <7e1> DW_AT_low_pc : (addr_index: 0x0): 0
+ <7e2> DW_AT_high_pc : 0x13
+ <7ea> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <7ec> DW_AT_GNU_all_tail_call_sites: 1
+@@ -878,14 +878,14 @@ Contents of the .debug_info.dwo section:
+ <908> DW_AT_decl_file : 1
+ <909> DW_AT_decl_line : 70
+ <90a> DW_AT_linkage_name: _Z4f13iv
+- <913> DW_AT_low_pc : (addr_index: 0x0): <no .debug_addr section>
++ <913> DW_AT_low_pc : (addr_index: 0x0): 0
+ <914> DW_AT_high_pc : 0x6
+ <91c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <91e> DW_AT_GNU_all_call_sites: 1
+ <1><91e>: Abbrev Number: 17 (DW_TAG_subprogram)
+ <91f> DW_AT_specification: <0x8a8>
+ <923> DW_AT_decl_file : 2
+- <924> DW_AT_low_pc : (addr_index: 0x1): <no .debug_addr section>
++ <924> DW_AT_low_pc : (addr_index: 0x1): 0
+ <925> DW_AT_high_pc : 0xf
+ <92d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <92f> DW_AT_object_pointer: <0x937>
+@@ -903,7 +903,7 @@ Contents of the .debug_info.dwo section:
+ <94b> DW_AT_specification: <0x89b>
+ <94f> DW_AT_decl_file : 2
+ <950> DW_AT_decl_line : 36
+- <951> DW_AT_low_pc : (addr_index: 0x2): <no .debug_addr section>
++ <951> DW_AT_low_pc : (addr_index: 0x2): 0
+ <952> DW_AT_high_pc : 0x20
+ <95a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <95c> DW_AT_object_pointer: <0x964>
+@@ -922,7 +922,7 @@ Contents of the .debug_info.dwo section:
+ <978> DW_AT_decl_line : 72
+ <979> DW_AT_linkage_name: _Z3f10v
+ <981> DW_AT_type : <0x8b7>
+- <985> DW_AT_low_pc : (addr_index: 0x3): <no .debug_addr section>
++ <985> DW_AT_low_pc : (addr_index: 0x3): 0
+ <986> DW_AT_high_pc : 0xb
+ <98e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <990> DW_AT_GNU_all_call_sites: 1
+@@ -933,7 +933,7 @@ Contents of the .debug_info.dwo section:
+ <997> DW_AT_decl_line : 80
+ <998> DW_AT_linkage_name: _Z4f11bPFivE
+ <9a5> DW_AT_type : <0x8b7>
+- <9a9> DW_AT_low_pc : (addr_index: 0x4): <no .debug_addr section>
++ <9a9> DW_AT_low_pc : (addr_index: 0x4): 0
+ <9aa> DW_AT_high_pc : 0x14
+ <9b2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <9b4> DW_AT_GNU_all_tail_call_sites: 1
+@@ -954,7 +954,7 @@ Contents of the .debug_info.dwo section:
+ <9d3> DW_AT_specification: <0x8e0>
+ <9d7> DW_AT_decl_file : 2
+ <9d8> DW_AT_decl_line : 88
+- <9d9> DW_AT_low_pc : (addr_index: 0x5): <no .debug_addr section>
++ <9d9> DW_AT_low_pc : (addr_index: 0x5): 0
+ <9da> DW_AT_high_pc : 0xf
+ <9e2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <9e4> DW_AT_object_pointer: <0x9ec>
+@@ -976,7 +976,7 @@ Contents of the .debug_info.dwo section:
+ <a06> DW_AT_decl_line : 96
+ <a07> DW_AT_linkage_name: _Z3f13v
+ <a0f> DW_AT_type : <0xa1e>
+- <a13> DW_AT_low_pc : (addr_index: 0x6): <no .debug_addr section>
++ <a13> DW_AT_low_pc : (addr_index: 0x6): 0
+ <a14> DW_AT_high_pc : 0xb
+ <a1c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <a1e> DW_AT_GNU_all_call_sites: 1
+@@ -990,7 +990,7 @@ Contents of the .debug_info.dwo section:
+ <a2a> DW_AT_decl_line : 104
+ <a2b> DW_AT_linkage_name: _Z3f14v
+ <a33> DW_AT_type : <0xa42>
+- <a37> DW_AT_low_pc : (addr_index: 0x7): <no .debug_addr section>
++ <a37> DW_AT_low_pc : (addr_index: 0x7): 0
+ <a38> DW_AT_high_pc : 0xb
+ <a40> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <a42> DW_AT_GNU_all_call_sites: 1
+@@ -1010,7 +1010,7 @@ Contents of the .debug_info.dwo section:
+ <a5b> DW_AT_decl_line : 112
+ <a5c> DW_AT_linkage_name: _Z3f15v
+ <a64> DW_AT_type : <0xa73>
+- <a68> DW_AT_low_pc : (addr_index: 0x8): <no .debug_addr section>
++ <a68> DW_AT_low_pc : (addr_index: 0x8): 0
+ <a69> DW_AT_high_pc : 0xb
+ <a71> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <a73> DW_AT_GNU_all_call_sites: 1
+@@ -1030,7 +1030,7 @@ Contents of the .debug_info.dwo section:
+ <a8f> DW_AT_decl_line : 127
+ <a90> DW_AT_linkage_name: _Z3f18i
+ <a98> DW_AT_type : <0xa42>
+- <a9c> DW_AT_low_pc : (addr_index: 0x9): <no .debug_addr section>
++ <a9c> DW_AT_low_pc : (addr_index: 0x9): 0
+ <a9d> DW_AT_high_pc : 0x44
+ <aa5> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa)
+ <aa7> DW_AT_GNU_all_call_sites: 1
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch
new file mode 100644
index 0000000000..0583bfcfab
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch
@@ -0,0 +1,188 @@
+From ec41dd75c866599fc03c390c6afb5736c159c0ff Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 21 Jun 2022 16:37:27 +0100
+Subject: [PATCH] Binutils support for dwarf-5 (location and range lists
+ related)
+
+ * dwarf.h (struct debug_info): Add rnglists_base field.
+ * dwarf.c (read_and_display_attr_value): Read attribute DW_AT_rnglists_base.
+ (display_debug_rnglists_list): While handling DW_RLE_base_addressx,
+ DW_RLE_startx_endx, DW_RLE_startx_length items, pass the proper parameter
+ value to fetch_indexed_addr(), i.e. fetch the proper entry in .debug_addr section.
+ (display_debug_ranges): Add rnglists_base to the .debug_rnglists base address.
+ (load_separate_debug_files): Load .debug_addr section, if exists.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ binutils/ChangeLog | 10 +++++++++
+ binutils/dwarf.c | 53 ++++++++++++++++++++++++++++++++++------------
+ binutils/dwarf.h | 1 +
+ 3 files changed, 51 insertions(+), 13 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index cb2523af1f3..30b64ac68a8 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -2812,7 +2812,12 @@ read_and_display_attr_value (unsigned lo
+ dwarf_vmatoa ("x", debug_info_p->cu_offset));
+ debug_info_p->loclists_base = uvalue;
+ break;
+-
++ case DW_AT_rnglists_base:
++ if (debug_info_p->rnglists_base)
++ warn (_("CU @ 0x%s has multiple rnglists_base values"),
++ dwarf_vmatoa ("x", debug_info_p->cu_offset));
++ debug_info_p->rnglists_base = uvalue;
++ break;
+ case DW_AT_frame_base:
+ have_frame_base = 1;
+ /* Fall through. */
+@@ -3303,6 +3308,7 @@ read_and_display_attr_value (unsigned lo
+ /* Fall through. */
+ case DW_AT_location:
+ case DW_AT_loclists_base:
++ case DW_AT_rnglists_base:
+ case DW_AT_string_length:
+ case DW_AT_return_addr:
+ case DW_AT_data_member_location:
+@@ -3322,7 +3328,10 @@ read_and_display_attr_value (unsigned lo
+ && (form == DW_FORM_data4 || form == DW_FORM_data8))
+ || form == DW_FORM_sec_offset
+ || form == DW_FORM_loclistx)
+- printf (_(" (location list)"));
++ {
++ if (attribute != DW_AT_rnglists_base)
++ printf (_(" (location list)"));
++ }
+ /* Fall through. */
+ case DW_AT_allocated:
+ case DW_AT_associated:
+@@ -3809,6 +3818,7 @@ process_debug_info (struct dwarf_section
+ debug_information [unit].range_lists = NULL;
+ debug_information [unit].max_range_lists= 0;
+ debug_information [unit].num_range_lists = 0;
++ debug_information [unit].rnglists_base = 0;
+ }
+
+ if (!do_loc && dwarf_start_die == 0)
+@@ -7932,9 +7942,16 @@ display_debug_rnglists_list (unsigned ch
+ unsigned char * finish,
+ unsigned int pointer_size,
+ dwarf_vma offset,
+- dwarf_vma base_address)
++ dwarf_vma base_address,
++ unsigned int offset_size)
+ {
+ unsigned char *next = start;
++ unsigned int debug_addr_section_hdr_len;
++
++ if (offset_size == 4)
++ debug_addr_section_hdr_len = 8;
++ else
++ debug_addr_section_hdr_len = 16;
+
+ while (1)
+ {
+@@ -7964,20 +7981,24 @@ display_debug_rnglists_list (unsigned ch
+ READ_ULEB (base_address, start, finish);
+ print_dwarf_vma (base_address, pointer_size);
+ printf (_("(base address index) "));
+- base_address = fetch_indexed_addr (base_address, pointer_size);
++ base_address = fetch_indexed_addr ((base_address * pointer_size)
++ + debug_addr_section_hdr_len, pointer_size);
+ print_dwarf_vma (base_address, pointer_size);
+ printf (_("(base address)\n"));
+ break;
+ case DW_RLE_startx_endx:
+ READ_ULEB (begin, start, finish);
+ READ_ULEB (end, start, finish);
+- begin = fetch_indexed_addr (begin, pointer_size);
+- end = fetch_indexed_addr (begin, pointer_size);
++ begin = fetch_indexed_addr ((begin * pointer_size)
++ + debug_addr_section_hdr_len, pointer_size);
++ end = fetch_indexed_addr ((begin * pointer_size)
++ + debug_addr_section_hdr_len, pointer_size);
+ break;
+ case DW_RLE_startx_length:
+ READ_ULEB (begin, start, finish);
+ READ_ULEB (length, start, finish);
+- begin = fetch_indexed_addr (begin, pointer_size);
++ begin = fetch_indexed_addr ((begin * pointer_size)
++ + debug_addr_section_hdr_len, pointer_size);
+ end = begin + length;
+ break;
+ case DW_RLE_offset_pair:
+@@ -8003,6 +8024,7 @@ display_debug_rnglists_list (unsigned ch
+ rlet = DW_RLE_end_of_list;
+ break;
+ }
++
+ if (rlet == DW_RLE_end_of_list)
+ break;
+ if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx)
+@@ -8043,6 +8065,7 @@ display_debug_ranges (struct dwarf_secti
+ /* Initialize it due to a false compiler warning. */
+ unsigned char address_size = 0;
+ dwarf_vma last_offset = 0;
++ unsigned int offset_size = 0;
+
+ if (bytes == 0)
+ {
+@@ -8054,10 +8077,10 @@ display_debug_ranges (struct dwarf_secti
+
+ if (is_rnglists)
+ {
+- dwarf_vma initial_length;
+- unsigned char segment_selector_size;
+- unsigned int offset_size, offset_entry_count;
+- unsigned short version;
++ dwarf_vma initial_length;
++ unsigned char segment_selector_size;
++ unsigned int offset_entry_count;
++ unsigned short version;
+
+ /* Get and check the length of the block. */
+ SAFE_BYTE_GET_AND_INC (initial_length, start, 4, finish);
+@@ -8230,7 +8253,8 @@ display_debug_ranges (struct dwarf_secti
+ (unsigned long) offset, i);
+ continue;
+ }
+- next = section_begin + offset;
++
++ next = section_begin + offset + debug_info_p->rnglists_base;
+
+ /* If multiple DWARF entities reference the same range then we will
+ have multiple entries in the `range_entries' list for the same
+@@ -8262,7 +8286,7 @@ display_debug_ranges (struct dwarf_secti
+
+ if (is_rnglists)
+ display_debug_rnglists_list
+- (start, finish, pointer_size, offset, base_address);
++ (start, finish, pointer_size, offset, base_address, offset_size);
+ else
+ display_debug_ranges_list
+ (start, finish, pointer_size, offset, base_address);
+@@ -11911,6 +11935,9 @@ load_separate_debug_files (void * file,
+ && load_debug_section (abbrev, file)
+ && load_debug_section (info, file))
+ {
++ /* Load the .debug_addr section, if it exists. */
++ load_debug_section (debug_addr, file);
++
+ free_dwo_info ();
+
+ if (process_debug_info (& debug_displays[info].section, file, abbrev,
+diff --git a/binutils/dwarf.h b/binutils/dwarf.h
+index 040e674c6ce..8a89c08e7c2 100644
+--- a/binutils/dwarf.h
++++ b/binutils/dwarf.h
+@@ -192,6 +192,7 @@ typedef struct
+ dwarf_vma * range_lists;
+ unsigned int num_range_lists;
+ unsigned int max_range_lists;
++ dwarf_vma rnglists_base;
+ }
+ debug_info;
+
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch
new file mode 100644
index 0000000000..56331b1128
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch
@@ -0,0 +1,211 @@
+From f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199 Mon Sep 17 00:00:00 2001
+From: "Kumar N, Bhuvanendra" <Kavitha.Natarajan@amd.com>
+Date: Wed, 22 Jun 2022 17:07:25 +0100
+Subject: [PATCH] Binutils support for split-dwarf and dwarf-5
+
+ * dwarf.c (fetch_indexed_string): Added new parameter
+ str_offsets_base to calculate the string offset.
+ (read_and_display_attr_value): Read DW_AT_str_offsets_base
+ attribute.
+ (process_debug_info): While allocating memory and initializing
+ debug_information, do it for do_debug_info also, if its true.
+ (load_separate_debug_files): Load .debug_str_offsets if exists.
+ * dwarf.h (struct debug_info): Add str_offsets_base field.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ binutils/ChangeLog | 13 ++++++++++-
+ binutils/dwarf.c | 57 ++++++++++++++++++++++++++++++++++------------
+ binutils/dwarf.h | 1 +
+ 3 files changed, 56 insertions(+), 15 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index f9c46cf54dd..d9a3144023c 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -687,8 +687,11 @@ fetch_indirect_line_string (dwarf_vma of
+ }
+
+ static const char *
+-fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set,
+- dwarf_vma offset_size, bool dwo)
++fetch_indexed_string (dwarf_vma idx,
++ struct cu_tu_set * this_set,
++ dwarf_vma offset_size,
++ bool dwo,
++ dwarf_vma str_offsets_base)
+ {
+ enum dwarf_section_display_enum str_sec_idx = dwo ? str_dwo : str;
+ enum dwarf_section_display_enum idx_sec_idx = dwo ? str_index_dwo : str_index;
+@@ -776,7 +779,15 @@ fetch_indexed_string (dwarf_vma idx, str
+ return _("<index offset is too big>");
+ }
+
+- str_offset = byte_get (curr + index_offset, offset_size);
++ if (str_offsets_base > 0)
++ {
++ if (offset_size == 8)
++ str_offsets_base -= 16;
++ else
++ str_offsets_base -= 8;
++ }
++
++ str_offset = byte_get (curr + index_offset + str_offsets_base, offset_size);
+ str_offset -= str_section->address;
+ if (str_offset >= str_section->size)
+ {
+@@ -2721,11 +2732,13 @@ read_and_display_attr_value (unsigned lo
+ /* We have already displayed the form name. */
+ printf (_("%c(offset: 0x%s): %s"), delimiter,
+ dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_string (uvalue, this_set, offset_size, dwo));
++ fetch_indexed_string (uvalue, this_set, offset_size, dwo,
++ debug_info_p->str_offsets_base));
+ else
+ printf (_("%c(indexed string: 0x%s): %s"), delimiter,
+ dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_string (uvalue, this_set, offset_size, dwo));
++ fetch_indexed_string (uvalue, this_set, offset_size, dwo,
++ debug_info_p->str_offsets_base));
+ }
+ break;
+
+@@ -2800,7 +2813,7 @@ read_and_display_attr_value (unsigned lo
+ break;
+ }
+
+- if ((do_loc || do_debug_loc || do_debug_ranges)
++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+ && num_debug_info_entries == 0
+ && debug_info_p != NULL)
+ {
+@@ -2818,6 +2831,13 @@ read_and_display_attr_value (unsigned lo
+ dwarf_vmatoa ("x", debug_info_p->cu_offset));
+ debug_info_p->rnglists_base = uvalue;
+ break;
++ case DW_AT_str_offsets_base:
++ if (debug_info_p->str_offsets_base)
++ warn (_("CU @ 0x%s has multiple str_offsets_base values"),
++ dwarf_vmatoa ("x", debug_info_p->cu_offset));
++ debug_info_p->str_offsets_base = uvalue;
++ break;
++
+ case DW_AT_frame_base:
+ have_frame_base = 1;
+ /* Fall through. */
+@@ -2956,7 +2976,9 @@ read_and_display_attr_value (unsigned lo
+ case DW_FORM_strx2:
+ case DW_FORM_strx3:
+ case DW_FORM_strx4:
+- add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset);
++ add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false,
++ debug_info_p->str_offsets_base),
++ cu_offset);
+ break;
+ case DW_FORM_string:
+ add_dwo_name ((const char *) orig_data, cu_offset);
+@@ -2988,7 +3010,9 @@ read_and_display_attr_value (unsigned lo
+ case DW_FORM_strx2:
+ case DW_FORM_strx3:
+ case DW_FORM_strx4:
+- add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset);
++ add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false,
++ debug_info_p->str_offsets_base),
++ cu_offset);
+ break;
+ case DW_FORM_string:
+ add_dwo_dir ((const char *) orig_data, cu_offset);
+@@ -3309,6 +3333,7 @@ read_and_display_attr_value (unsigned lo
+ case DW_AT_location:
+ case DW_AT_loclists_base:
+ case DW_AT_rnglists_base:
++ case DW_AT_str_offsets_base:
+ case DW_AT_string_length:
+ case DW_AT_return_addr:
+ case DW_AT_data_member_location:
+@@ -3329,7 +3354,8 @@ read_and_display_attr_value (unsigned lo
+ || form == DW_FORM_sec_offset
+ || form == DW_FORM_loclistx)
+ {
+- if (attribute != DW_AT_rnglists_base)
++ if (attribute != DW_AT_rnglists_base
++ && attribute != DW_AT_str_offsets_base)
+ printf (_(" (location list)"));
+ }
+ /* Fall through. */
+@@ -3562,7 +3588,7 @@ process_debug_info (struct dwarf_section
+ return false;
+ }
+
+- if ((do_loc || do_debug_loc || do_debug_ranges)
++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+ && num_debug_info_entries == 0
+ && ! do_types)
+ {
+@@ -3797,7 +3823,7 @@ process_debug_info (struct dwarf_section
+ continue;
+ }
+
+- if ((do_loc || do_debug_loc || do_debug_ranges)
++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+ && num_debug_info_entries == 0
+ && alloc_num_debug_info_entries > unit
+ && ! do_types)
+@@ -3819,6 +3845,7 @@ process_debug_info (struct dwarf_section
+ debug_information [unit].max_range_lists= 0;
+ debug_information [unit].num_range_lists = 0;
+ debug_information [unit].rnglists_base = 0;
++ debug_information [unit].str_offsets_base = 0;
+ }
+
+ if (!do_loc && dwarf_start_die == 0)
+@@ -4089,7 +4116,7 @@ process_debug_info (struct dwarf_section
+
+ /* Set num_debug_info_entries here so that it can be used to check if
+ we need to process .debug_loc and .debug_ranges sections. */
+- if ((do_loc || do_debug_loc || do_debug_ranges)
++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+ && num_debug_info_entries == 0
+ && ! do_types)
+ {
+@@ -6237,7 +6264,7 @@ display_debug_macro (struct dwarf_sectio
+ READ_ULEB (lineno, curr, end);
+ READ_ULEB (offset, curr, end);
+ string = (const unsigned char *)
+- fetch_indexed_string (offset, NULL, offset_size, false);
++ fetch_indexed_string (offset, NULL, offset_size, false, 0);
+ if (op == DW_MACRO_define_strx)
+ printf (" DW_MACRO_define_strx ");
+ else
+@@ -7851,7 +7878,7 @@ display_debug_str_offsets (struct dwarf_
+ SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, entries_end);
+ if (dwo)
+ string = (const unsigned char *)
+- fetch_indexed_string (idx, NULL, entry_length, dwo);
++ fetch_indexed_string (idx, NULL, entry_length, dwo, 0);
+ else
+ string = fetch_indirect_string (offset);
+
+@@ -11937,6 +11964,8 @@ load_separate_debug_files (void * file,
+ {
+ /* Load the .debug_addr section, if it exists. */
+ load_debug_section (debug_addr, file);
++ /* Load the .debug_str_offsets section, if it exists. */
++ load_debug_section (str_index, file);
+
+ free_dwo_info ();
+
+diff --git a/binutils/dwarf.h b/binutils/dwarf.h
+index 8a89c08e7c2..adbf20f9a28 100644
+--- a/binutils/dwarf.h
++++ b/binutils/dwarf.h
+@@ -193,6 +193,7 @@ typedef struct
+ unsigned int num_range_lists;
+ unsigned int max_range_lists;
+ dwarf_vma rnglists_base;
++ dwarf_vma str_offsets_base;
+ }
+ debug_info;
+
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch
new file mode 100644
index 0000000000..e59b19c184
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch
@@ -0,0 +1,43 @@
+From e98e7d9a70dcc987bff0e925f20b78cd4a2979ed Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Jun 2022 13:30:35 +0100
+Subject: [PATCH] Fix NULL pointer indirection when parsing corrupt DWARF data.
+
+ PR 29290
+ * dwarf.c (read_and_display_attr_value): Check that debug_info_p
+ is set before dereferencing it.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ binutils/dwarf.c | 11 +++++------
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index bcabb61b871..37b477b886d 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -2727,18 +2727,17 @@ read_and_display_attr_value (unsigned lo
+ {
+ const char *suffix = strrchr (section->name, '.');
+ bool dwo = suffix && strcmp (suffix, ".dwo") == 0;
++ const char *strng;
+
++ strng = fetch_indexed_string (uvalue, this_set, offset_size, dwo,
++ debug_info_p ? debug_info_p->str_offsets_base : 0);
+ if (do_wide)
+ /* We have already displayed the form name. */
+ printf (_("%c(offset: 0x%s): %s"), delimiter,
+- dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_string (uvalue, this_set, offset_size, dwo,
+- debug_info_p->str_offsets_base));
++ dwarf_vmatoa ("x", uvalue), strng);
+ else
+ printf (_("%c(indexed string: 0x%s): %s"), delimiter,
+- dwarf_vmatoa ("x", uvalue),
+- fetch_indexed_string (uvalue, this_set, offset_size, dwo,
+- debug_info_p->str_offsets_base));
++ dwarf_vmatoa ("x", uvalue), strng);
+ }
+ break;
+
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 02/18] vim: Upgrade 9.0.0541 -> 9.0.0598
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 01/18] binutils : Fix CVE-2022-38127 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 03/18] webkitgtk: Upgrade to 2.36.6 minor update Steve Sakoman
` (15 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2022-3278.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5ff60f8495..cbc370100b 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0541"
-SRCREV = "ee7c8d999beb847457f768757b1bdcd76391c1f4"
+PV .= ".0598"
+SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 03/18] webkitgtk: Upgrade to 2.36.6 minor update
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 01/18] binutils : Fix CVE-2022-38127 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 02/18] vim: Upgrade 9.0.0541 -> 9.0.0598 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 04/18] webkitgtk: Update to 2.36.7 Steve Sakoman
` (14 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
(From OE-Core rev: bee36428a45c6c0c24d4c0fcf64bd890f3481c4a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../webkit/{webkitgtk_2.36.5.bb => webkitgtk_2.36.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-sato/webkit/{webkitgtk_2.36.5.bb => webkitgtk_2.36.6.bb} (98%)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.36.5.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
index b3fe357010..37b977f9ba 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.5.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
@@ -17,7 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
"
-SRC_URI[sha256sum] = "d5532fa884c943dc48f1911473dd663aba407a3b35caa7b04bac1419b41e5908"
+SRC_URI[sha256sum] = "1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 04/18] webkitgtk: Update to 2.36.7
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 03/18] webkitgtk: Upgrade to 2.36.6 minor update Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 05/18] rsync: update 3.2.3 -> 3.2.4 Steve Sakoman
` (13 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
including fixes for CVE-2022-32893
(From OE-Core rev: edbfd06927ef4a9bb1ea1ff80fbc901ede89ce42)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-sato/webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb} (98%)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
index 37b977f9ba..026e24ae39 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
@@ -16,8 +16,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://reproducibility.patch \
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
"
-
-SRC_URI[sha256sum] = "1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
+SRC_URI[sha256sum] = "0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 05/18] rsync: update 3.2.3 -> 3.2.4
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 04/18] webkitgtk: Update to 2.36.7 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 06/18] rsync: update 3.2.4 -> 3.2.5 Steve Sakoman
` (12 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Florin Diaconescu <florin.diaconescu009@gmail.com>
Drop configure options that have been removed upstream.
License-Update: formatting
Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.4
Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-the-hostname-in-the-certificate-whe.patch | 31 -------------------
.../rsync/files/makefile-no-rebuild.patch | 12 +++----
.../rsync/{rsync_3.2.3.bb => rsync_3.2.4.bb} | 17 +++++++---
3 files changed, 19 insertions(+), 41 deletions(-)
delete mode 100644 meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
rename meta/recipes-devtools/rsync/{rsync_3.2.3.bb => rsync_3.2.4.bb} (67%)
diff --git a/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch b/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
deleted file mode 100644
index 2d51ddf965..0000000000
--- a/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From fbe85634d88e82fbb439ae2a5d1aca8b8c309bea Mon Sep 17 00:00:00 2001
-From: Matt McCutchen <matt@mattmccutchen.net>
-Date: Wed, 26 Aug 2020 12:16:08 -0400
-Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
- openssl.
-
-CVE: CVE-2020-14387
-
-Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c3f7414]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- rsync-ssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rsync-ssl b/rsync-ssl
-index 8101975..46701af 100755
---- a/rsync-ssl
-+++ b/rsync-ssl
-@@ -129,7 +129,7 @@ function rsync_ssl_helper {
- fi
-
- if [[ $RSYNC_SSL_TYPE == openssl ]]; then
-- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
-+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
- elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
- exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
- else
---
-2.17.1
-
diff --git a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch
index 4ba7665280..42a6372ba7 100644
--- a/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch
+++ b/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch
@@ -1,4 +1,4 @@
-From 1f29584e57f5fda09970c66f3b94f4720e09c1bb Mon Sep 17 00:00:00 2001
+From 81700d1a0e51391028c761cc8ef1cd660084d114 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Tue, 12 Apr 2016 15:51:54 +0100
Subject: [PATCH] rsync: remove upstream's rebuild logic
@@ -14,12 +14,12 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
1 file changed, 54 deletions(-)
diff --git a/Makefile.in b/Makefile.in
-index 672fcc4..c12d8d4 100644
+index 3cde955..d963a70 100644
--- a/Makefile.in
+++ b/Makefile.in
-@@ -168,60 +168,6 @@ gen: conf proto.h man
- gensend: gen
- rsync -aic $(GENFILES) $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/
+@@ -190,60 +190,6 @@ gensend: gen
+ fi
+ rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true
-aclocal.m4: $(srcdir)/m4/*.m4
- aclocal -I $(srcdir)/m4
@@ -41,7 +41,7 @@ index 672fcc4..c12d8d4 100644
- else \
- echo "config.h.in has CHANGED."; \
- fi
-- @if test -f configure.sh.old -o -f config.h.in.old; then \
+- @if test -f configure.sh.old || test -f config.h.in.old; then \
- if test "$(MAKECMDGOALS)" = reconfigure; then \
- echo 'Continuing with "make reconfigure".'; \
- else \
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.3.bb b/meta/recipes-devtools/rsync/rsync_3.2.4.bb
similarity index 67%
rename from meta/recipes-devtools/rsync/rsync_3.2.3.bb
rename to meta/recipes-devtools/rsync/rsync_3.2.4.bb
index 6168ee85fc..e6f917b5cd 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.4.bb
@@ -6,7 +6,7 @@ SECTION = "console/network"
# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0)
# Includes opennsh and xxhash dynamic link exception
LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=9e5a4f9b3a253d51520617aa54f8eb26"
+LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7"
DEPENDS = "popt"
@@ -14,10 +14,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://rsyncd.conf \
file://makefile-no-rebuild.patch \
file://determism.patch \
- file://0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch \
"
-SRC_URI[sha256sum] = "becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e"
+SRC_URI[sha256sum] = "6f761838d08052b0b6579cf7f6737d93e47f01f4da04c5d24d3447b7f2a5fad1"
# -16548 required for v3.1.3pre1. Already in v3.1.3.
CVE_CHECK_IGNORE += " CVE-2017-16548 "
@@ -41,7 +40,17 @@ PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd"
CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes"
EXTRA_OEMAKE = 'STRIP=""'
-EXTRA_OECONF = "--disable-simd --disable-md2man --disable-asm --with-nobody-group=nogroup"
+EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup"
+
+#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)':
+#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target
+#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
+#| | ^~~~~~~~~~~~~~~~~~~~~
+#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default
+#| 480 | }
+#| | ^
+#| If you can't fix the issue, re-run ./configure with --disable-roll-simd.
+EXTRA_OECONF:append:libc-musl = " --disable-roll-simd"
# rsync 3.0 uses configure.sh instead of configure, and
# makefile checks the existence of configure.sh
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 06/18] rsync: update 3.2.4 -> 3.2.5
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 05/18] rsync: update 3.2.3 -> 3.2.4 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 07/18] rpm: update 4.17.0 -> 4.17.1 Steve Sakoman
` (11 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Florin Diaconescu <florin.diaconescu009@gmail.com>
Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.5
Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/rsync/{rsync_3.2.4.bb => rsync_3.2.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/rsync/{rsync_3.2.4.bb => rsync_3.2.5.bb} (96%)
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.4.bb b/meta/recipes-devtools/rsync/rsync_3.2.5.bb
similarity index 96%
rename from meta/recipes-devtools/rsync/rsync_3.2.4.bb
rename to meta/recipes-devtools/rsync/rsync_3.2.5.bb
index e6f917b5cd..e43f35ea2f 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.4.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.5.bb
@@ -16,7 +16,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://determism.patch \
"
-SRC_URI[sha256sum] = "6f761838d08052b0b6579cf7f6737d93e47f01f4da04c5d24d3447b7f2a5fad1"
+SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba"
# -16548 required for v3.1.3pre1. Already in v3.1.3.
CVE_CHECK_IGNORE += " CVE-2017-16548 "
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 07/18] rpm: update 4.17.0 -> 4.17.1
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 06/18] rsync: update 3.2.4 -> 3.2.5 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 08/18] rpm: Remove -Wimplicit-function-declaration warnings Steve Sakoman
` (10 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
(From OE-Core rev: 826eb17fe741d38be24d31f3bba35074e404a414)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rpm/files/0001-CVE-2021-3521.patch | 57 ---
...lib-rpm-as-the-installation-path-for.patch | 14 +-
...-linux-gnux32-variant-to-triplet-han.patch | 31 ++
.../rpm/files/0002-CVE-2021-3521.patch | 64 ----
.../rpm/files/0003-CVE-2021-3521.patch | 329 ------------------
.../rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} | 6 +-
6 files changed, 40 insertions(+), 461 deletions(-)
delete mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
create mode 100644 meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
delete mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
delete mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
rename meta/recipes-devtools/rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} (97%)
diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
deleted file mode 100644
index 044b4dd2a0..0000000000
--- a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:56:20 +0300
-Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function
-
-No functional changes, just to reduce code duplication and needed by
-the following commits.
-
-CVE: CVE-2021-3521
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- rpmio/rpmpgp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index d0688ebe9a..e472b5320f 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
- return algo;
- }
-
-+static pgpDigParams pgpDigParamsNew(uint8_t tag)
-+{
-+ pgpDigParams digp = xcalloc(1, sizeof(*digp));
-+ digp->tag = tag;
-+ return digp;
-+}
-+
- int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- pgpDigParams * ret)
- {
-@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- if (pkttype && pkt.tag != pkttype) {
- break;
- } else {
-- digp = xcalloc(1, sizeof(*digp));
-- digp->tag = pkt.tag;
-+ digp = pgpDigParamsNew(pkt.tag);
- }
- }
-
-@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
- digps = xrealloc(digps, alloced * sizeof(*digps));
- }
-
-- digps[count] = xcalloc(1, sizeof(**digps));
-- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY;
-+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY);
- /* Copy UID from main key to subkey */
- digps[count]->userid = xstrdup(mainkey->userid);
-
---
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
index 6d236ac400..c6cf9d4c88 100644
--- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
+++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
@@ -1,4 +1,4 @@
-From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001
+From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 27 Feb 2017 09:43:30 +0200
Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
-index eb7d6941b..10a889b5d 100644
+index 372875fc4..1b7add9ee 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -871,7 +871,7 @@ else
+@@ -884,7 +884,7 @@ else
usrprefix=$prefix
fi
@@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644
AC_SUBST(OBJDUMP)
diff --git a/macros.in b/macros.in
-index a1f795e5f..689e784ef 100644
+index d53ab5ed5..9d10441c8 100644
--- a/macros.in
+++ b/macros.in
-@@ -933,7 +933,7 @@ package or when debugging this package.\
+@@ -911,7 +911,7 @@ package or when debugging this package.\
%_sharedstatedir %{_prefix}/com
%_localstatedir %{_prefix}/var
%_lib lib
@@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644
%_infodir %{_datadir}/info
%_mandir %{_datadir}/man
diff --git a/rpm.am b/rpm.am
-index 7b57f433b..9bbb9ee96 100644
+index ebe4e40d1..e6920e258 100644
--- a/rpm.am
+++ b/rpm.am
@@ -1,10 +1,10 @@
@@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644
+rpmconfigdir = $(libdir)/rpm
# Libtool version (current-revision-age) for all our libraries
- rpm_version_info = 11:0:2
+ rpm_version_info = 12:0:3
diff --git a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
new file mode 100644
index 0000000000..2174a79e75
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
@@ -0,0 +1,31 @@
+From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Thu, 4 Aug 2022 12:15:08 +0200
+Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling
+
+x32 is a 64 bit x86 ABI with 32 bit pointers.
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 372875fc49..7d6a3d274e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then
+ host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'`
+ host_os_gnu=-gnuabi64
+ fi
++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then
++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'`
++ host_os_gnu=-gnux32
++fi
+ if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then
+ host_os=`echo "${host_os}" | sed 's/-gnu$//'`
+ fi
+--
+2.30.2
+
diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
deleted file mode 100644
index 683b57d455..0000000000
--- a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:51:10 +0300
-Subject: [PATCH 2/3] Process MPI's from all kinds of signatures
-
-No immediate effect but needed by the following commits.
-
-CVE: CVE-2021-3521
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- rpmio/rpmpgp.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index 25f67048fd..509e777e6d 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg)
- return NULL;
- }
-
--static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
-+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo,
- const uint8_t *p, const uint8_t *h, size_t hlen,
- pgpDigParams sigp)
- {
-@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
- int mpil = pgpMpiLen(p);
- if (pend - p < mpil)
- break;
-- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) {
-- if (sigalg->setmpi(sigalg, i, p))
-- break;
-- }
-+ if (sigalg->setmpi(sigalg, i, p))
-+ break;
- p += mpil;
- }
-
-@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
- }
-
- p = ((uint8_t *)v) + sizeof(*v);
-- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
-+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
- } break;
- case 4:
- { pgpPktSigV4 v = (pgpPktSigV4)h;
-@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
- p += 2;
- if (p > hend)
- return 1;
--
-- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
-+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
- } break;
- default:
- rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version);
---
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
deleted file mode 100644
index a5ec802501..0000000000
--- a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
+++ /dev/null
@@ -1,329 +0,0 @@
-From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:59:30 +0300
-Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP
- public keys
-
-All subkeys must be followed by a binding signature by the primary key
-as per the OpenPGP RFC, enforce the presence and validity in the parser.
-
-The implementation is as kludgey as they come to work around our
-simple-minded parser structure without touching API, to maximise
-backportability. Store all the raw packets internally as we decode them
-to be able to access previous elements at will, needed to validate ordering
-and access the actual data. Add testcases for manipulated keys whose
-import previously would succeed.
-
-Depends on the two previous commits:
-7b399fcb8f52566e6f3b4327197a85facd08db91 and
-236b802a4aa48711823a191d1b7f753c82a89ec5
-
-Fixes CVE-2021-3521.
-
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9]
-CVE:CVE-2021-3521
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- rpmio/rpmpgp.c | 99 +++++++++++++++++--
- tests/Makefile.am | 3 +
- tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++
- .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++
- tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++
- tests/rpmsigdig.at | 28 ++++++
- 6 files changed, 209 insertions(+), 8 deletions(-)
- create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc
- create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc
- create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index 509e777e6d..371ad4d9b6 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag)
- return digp;
- }
-
-+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag)
-+{
-+ int rc = -1;
-+ if (pkt->tag == exptag) {
-+ uint8_t head[] = {
-+ 0x99,
-+ (pkt->blen >> 8),
-+ (pkt->blen ),
-+ };
-+
-+ rpmDigestUpdate(hash, head, 3);
-+ rpmDigestUpdate(hash, pkt->body, pkt->blen);
-+ rc = 0;
-+ }
-+ return rc;
-+}
-+
-+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig,
-+ const struct pgpPkt *all, int i)
-+{
-+ int rc = -1;
-+ DIGEST_CTX hash = NULL;
-+
-+ switch (selfsig->sigtype) {
-+ case PGPSIGTYPE_SUBKEY_BINDING:
-+ hash = rpmDigestInit(selfsig->hash_algo, 0);
-+ if (hash) {
-+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY);
-+ if (!rc)
-+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY);
-+ }
-+ break;
-+ default:
-+ /* ignore types we can't handle */
-+ rc = 0;
-+ break;
-+ }
-+
-+ if (hash && rc == 0)
-+ rc = pgpVerifySignature(key, selfsig, hash);
-+
-+ rpmDigestFinal(hash, NULL, NULL, 0);
-+
-+ return rc;
-+}
-+
- int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- pgpDigParams * ret)
- {
- const uint8_t *p = pkts;
- const uint8_t *pend = pkts + pktlen;
- pgpDigParams digp = NULL;
-- struct pgpPkt pkt;
-+ pgpDigParams selfsig = NULL;
-+ int i = 0;
-+ int alloced = 16; /* plenty for normal cases */
-+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all));
- int rc = -1; /* assume failure */
-+ int expect = 0;
-+ int prevtag = 0;
-
- while (p < pend) {
-- if (decodePkt(p, (pend - p), &pkt))
-+ struct pgpPkt *pkt = &all[i];
-+ if (decodePkt(p, (pend - p), pkt))
- break;
-
- if (digp == NULL) {
-- if (pkttype && pkt.tag != pkttype) {
-+ if (pkttype && pkt->tag != pkttype) {
- break;
- } else {
-- digp = pgpDigParamsNew(pkt.tag);
-+ digp = pgpDigParamsNew(pkt->tag);
- }
- }
-
-- if (pgpPrtPkt(&pkt, digp))
-+ if (expect) {
-+ if (pkt->tag != expect)
-+ break;
-+ selfsig = pgpDigParamsNew(pkt->tag);
-+ }
-+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp))
- break;
-
-- p += (pkt.body - pkt.head) + pkt.blen;
-- if (pkttype == PGPTAG_SIGNATURE)
-- break;
-+ if (selfsig) {
-+ /* subkeys must be followed by binding signature */
-+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
-+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
-+ break;
-+ }
-+
-+ int xx = pgpVerifySelf(digp, selfsig, all, i);
-+
-+ selfsig = pgpDigParamsFree(selfsig);
-+ if (xx)
-+ break;
-+ expect = 0;
-+ }
-+
-+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY)
-+ expect = PGPTAG_SIGNATURE;
-+ prevtag = pkt->tag;
-+
-+ i++;
-+ p += (pkt->body - pkt->head) + pkt->blen;
-+ if (pkttype == PGPTAG_SIGNATURE)
-+ break;
-+
-+ if (alloced <= i) {
-+ alloced *= 2;
-+ all = xrealloc(all, alloced * sizeof(*all));
-+ }
-+
- }
-
- rc = (digp && (p == pend)) ? 0 : -1;
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index a41ce10de8..7bb23247f1 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec
- EXTRA_DIST += data/SPECS/hello-cd.spec
- EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub
- EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret
-+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc
-+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc
-+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc
- EXTRA_DIST += data/macros.testfile
- EXTRA_DIST += data/macros.debug
- EXTRA_DIST += data/SOURCES/foo.c
-diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc
-new file mode 100644
-index 0000000000..aea00f9d7a
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-badbind.asc
-@@ -0,0 +1,25 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
-+=WCfs
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
-new file mode 100644
-index 0000000000..aea00f9d7a
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
-@@ -0,0 +1,25 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
-+=WCfs
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc
-new file mode 100644
-index 0000000000..3a2e7417f8
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc
-@@ -0,0 +1,37 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4
-+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En
-+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ
-+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF
-+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/
-+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB
-+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j
-+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos
-+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ
-+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX
-+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ
-+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ
-+E4XX4jtDmdZPreZALsiB
-+=rRop
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
-index 8e7c759b8f..e2d30a7f1b 100644
---- a/tests/rpmsigdig.at
-+++ b/tests/rpmsigdig.at
-@@ -2,6 +2,34 @@
-
- AT_BANNER([RPM signatures and digests])
-
-+AT_SETUP([rpmkeys --import invalid keys])
-+AT_KEYWORDS([rpmkeys import])
-+RPMDB_INIT
-+
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.]
-+)
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.]
-+)
-+
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.]
-+)
-+AT_CLEANUP
-+
- # ------------------------------
- # Test pre-built package verification
- AT_SETUP([rpmkeys -Kv <unsigned> 1])
---
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.17.1.bb
similarity index 97%
rename from meta/recipes-devtools/rpm/rpm_4.17.0.bb
rename to meta/recipes-devtools/rpm/rpm_4.17.1.bb
index c392ac0db4..9b6446f265 100644
--- a/meta/recipes-devtools/rpm/rpm_4.17.0.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.17.1.bb
@@ -39,13 +39,11 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc
file://0001-tools-Add-error.h-for-non-glibc-case.patch \
file://0001-docs-do-not-build-manpages-requires-pandoc.patch \
file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
- file://0001-CVE-2021-3521.patch \
- file://0002-CVE-2021-3521.patch \
- file://0003-CVE-2021-3521.patch \
+ file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
"
PE = "1"
-SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3"
+SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11"
S = "${WORKDIR}/git"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 08/18] rpm: Remove -Wimplicit-function-declaration warnings
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 07/18] rpm: update 4.17.0 -> 4.17.1 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 09/18] bind: upgrade 9.18.5 -> 9.18.6 Steve Sakoman
` (9 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
(From OE-Core rev: 9f2dbfc51ef2faf1b6154856adb69ca9f764573b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...alling-execute-package-scriptlets-wit.patch | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
index 4020a31092..2a0069cafe 100644
--- a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
+++ b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
@@ -28,11 +28,18 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
lib/rpmscript.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
-diff --git a/lib/rpmscript.c b/lib/rpmscript.c
-index cc98c4885..f8bd3df04 100644
--- a/lib/rpmscript.c
+++ b/lib/rpmscript.c
-@@ -394,8 +394,7 @@ exit:
+@@ -17,7 +17,7 @@
+ #include "rpmio/rpmio_internal.h"
+
+ #include "lib/rpmplugins.h" /* rpm plugins hooks */
+-
++#include "lib/rpmchroot.h" /* rpmChrootOut */
+ #include "debug.h"
+
+ struct scriptNextFileFunc_s {
+@@ -391,8 +391,7 @@ exit:
Fclose(out); /* XXX dup'd STDOUT_FILENO */
if (fn) {
@@ -42,7 +49,7 @@ index cc98c4885..f8bd3df04 100644
free(fn);
}
free(mline);
-@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd,
+@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int
if (rc != RPMRC_FAIL) {
if (script_type & RPMSCRIPTLET_EXEC) {
@@ -57,6 +64,3 @@ index cc98c4885..f8bd3df04 100644
} else {
rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc);
}
---
-2.11.0
-
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 09/18] bind: upgrade 9.18.5 -> 9.18.6
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 08/18] rpm: Remove -Wimplicit-function-declaration warnings Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 10/18] bind: upgrade 9.18.6 -> 9.18.7 Steve Sakoman
` (8 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
(From OE-Core rev: f7061fc14cbc4388b1fd0cf6233b1a2e743e20e5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.5 => bind-9.18.6}/bind9 | 0
.../bind/{bind-9.18.5 => bind-9.18.6}/conf.patch | 0
.../bind/{bind-9.18.5 => bind-9.18.6}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.5 => bind-9.18.6}/named.service | 0
.../bind/{bind_9.18.5.bb => bind_9.18.6.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.5 => bind-9.18.6}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.5.bb => bind_9.18.6.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.6/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.6/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.6/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/bind9 b/meta/recipes-connectivity/bind/bind-9.18.6/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.6/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.6/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.6/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.6/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.6/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.6/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.6/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.5/named.service b/meta/recipes-connectivity/bind/bind-9.18.6/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.5/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.6/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.5.bb b/meta/recipes-connectivity/bind/bind_9.18.6.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.5.bb
rename to meta/recipes-connectivity/bind/bind_9.18.6.bb
index 28acecc507..9adcdc2508 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "0cee078d74f0bdc4ec374435026b25de7892f26540a18b22a02ef728a11dcae7"
+SRC_URI[sha256sum] = "d43a0fed03c774d1685d203598218c0b7774a88fcc390a0170710d5feb7fbff1"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 10/18] bind: upgrade 9.18.6 -> 9.18.7
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 09/18] bind: upgrade 9.18.5 -> 9.18.6 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 11/18] tzdata: update to 2022d Steve Sakoman
` (7 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Teoh Jay Shen <jay.shen.teoh@intel.com>
CVE fixed :
-CVE-2022-2795
-CVE-2022-2881
-CVE-2022-2906
-CVE-2022-3080
-CVE-2022-38178
Notes for BIND 9.18.7 [https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7]
(From OE-Core rev: 5b87b79c6bb155d23ad4eab3243118b98a3b5906)
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.6 => bind-9.18.7}/bind9 | 0
.../bind/{bind-9.18.6 => bind-9.18.7}/conf.patch | 0
.../bind/{bind-9.18.6 => bind-9.18.7}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.6 => bind-9.18.7}/named.service | 0
.../bind/{bind_9.18.6.bb => bind_9.18.7.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.6 => bind-9.18.7}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.6.bb => bind_9.18.7.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/bind9 b/meta/recipes-connectivity/bind/bind-9.18.7/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.7/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.6/named.service b/meta/recipes-connectivity/bind/bind-9.18.7/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.6/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.7/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.6.bb b/meta/recipes-connectivity/bind/bind_9.18.7.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.6.bb
rename to meta/recipes-connectivity/bind/bind_9.18.7.bb
index 9adcdc2508..11c8a4e9d3 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.6.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.7.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "d43a0fed03c774d1685d203598218c0b7774a88fcc390a0170710d5feb7fbff1"
+SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 11/18] tzdata: update to 2022d
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 10/18] bind: upgrade 9.18.6 -> 9.18.7 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 12/18] lttng-tools: Disable on qemuriscv32 Steve Sakoman
` (6 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index d032fed356..d3c78e9157 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022c"
+PV = "2022d"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "3e7ce1f3620cc0481907c7e074d69910793285bffe0ca331ef1a6d1ae3ea90cc"
-SRC_URI[tzdata.sha256sum] = "6974f4e348bf2323274b56dff9e7500247e3159eaa4b485dfa0cd66e75c14bfe"
+SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0"
+SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 12/18] lttng-tools: Disable on qemuriscv32
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 11/18] tzdata: update to 2022d Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 13/18] create-pull-request: don't switch the git remote protocol to git:// Steve Sakoman
` (5 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: He Zhe <zhe.he@windriver.com>
lttng-tools requires SYS_ppoll and SYS_pselect6 which are not supported on
riscv32. This has been confirmed by lttng-tools upstream.
https://github.com/lttng/lttng-tools/pull/162
It's also turned off for riscv32 in meta-riscv.
https://github.com/riscv/meta-riscv/blob/master/conf/layer.conf
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68b07bb7f0f01925f9da1cb966239ee49d5c84e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/lttng/lttng-platforms.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-kernel/lttng/lttng-platforms.inc b/meta/recipes-kernel/lttng/lttng-platforms.inc
index 933c65d85d..98b13b194c 100644
--- a/meta/recipes-kernel/lttng/lttng-platforms.inc
+++ b/meta/recipes-kernel/lttng/lttng-platforms.inc
@@ -15,3 +15,7 @@ LTTNGUST:arc = ""
COMPATIBLE_HOST:arc:pn-lttng-ust = "null"
+# Whether the platform supports lttng-tools
+# lttng-tools requires SYS_ppoll and SYS_pselect6 which are not supported on riscv32.
+# It's also turned off for riscv32 in meta-riscv. See https://github.com/riscv/meta-riscv/blob/master/conf/layer.conf
+COMPATIBLE_HOST:qemuriscv32:pn-lttng-tools = "null"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 13/18] create-pull-request: don't switch the git remote protocol to git://
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 12/18] lttng-tools: Disable on qemuriscv32 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 14/18] stress-cpu: disable float128 math on powerpc64 to avoid SIGILL Steve Sakoman
` (4 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <Martin.Jansa@gmail.com>
Many git repos prefer https:// nowadays and many removed support
for git://.
This breaks the script when using github.com even when selected remote
is ssh (git@github.com:openembedded/...), it will re-write it to git://
before calling git pull-request causing:
openembedded-core $ scripts/create-pull-request -u github -b jansa/artifacts -o pull-kernel
NOTE: Assuming local branch HEAD, use -l to override.
fatal: unable to connect to github.com:
github.com[0: 140.82.121.3]: errno=Connection timed out
warn: No match for commit ea003bd026aa24bb4c8b7562f44ed6512e921259 found at git://github.com/shr-distribution/oe-core
warn: Are you sure you pushed 'jansa/artifacts' there?
ERROR: git request-pull reported an error
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64c466920b808c35d1ac87b47cf438bc79becea7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/create-pull-request | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/create-pull-request b/scripts/create-pull-request
index 8eefcf63a5..2f91a355b0 100755
--- a/scripts/create-pull-request
+++ b/scripts/create-pull-request
@@ -128,7 +128,7 @@ PROTO_RE="[a-z][a-z+]*://"
GIT_RE="\(^\($PROTO_RE\)\?\)\($USER_RE@\)\?\([^:/]*\)[:/]\(.*\)"
REMOTE_URL=${REMOTE_URL%.git}
REMOTE_REPO=$(echo $REMOTE_URL | sed "s#$GIT_RE#\5#")
-REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#git://\4/\5#")
+REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#https://\4/\5#")
if [ -z "$BRANCH" ]; then
BRANCH=$(git branch | grep -e "^\* " | cut -d' ' -f2)
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 14/18] stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 13/18] create-pull-request: don't switch the git remote protocol to git:// Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 15/18] lttng-tools: Disable on riscv32 Steve Sakoman
` (3 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: He Zhe <zhe.he@windriver.com>
float128 requires instructions of xsmaddqp and xsmsubqp which are added to
qemu since v7.0 by the following commit.
https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f
While kirkstone is still at v6.2 and thus experiences SIGILL as follow
root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s
stress-ng: info: [972] setting to a 30 second run per stressor
stress-ng: info: [972] dispatching hogs: 2 cpu
stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL'
<snip>
This is specific to kirkstone since qemu on master branch has upgraded to v7.1.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...le-float128-math-on-powerpc64-to-avo.patch | 43 +++++++++++++++++++
.../stress-ng/stress-ng_0.13.12.bb | 4 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch
diff --git a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch
new file mode 100644
index 0000000000..bb35b3030a
--- /dev/null
+++ b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch
@@ -0,0 +1,43 @@
+From ea9ee4dd64ee88e03a959b2c694aa8feb53c7e78 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Wed, 28 Sep 2022 16:47:24 +0800
+Subject: [PATCH] stress-cpu: disable float128 math on powerpc64 to avoid
+ SIGILL
+
+float128 requires instructions of xsmaddqp and xsmsubqp which are added to
+qemu since v7.0 by the following commit.
+https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f
+
+While kirkstone is still at v6.2 and thus experiences SIGILL as follow
+root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s
+stress-ng: info: [972] setting to a 30 second run per stressor
+stress-ng: info: [972] dispatching hogs: 2 cpu
+stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL'
+<snip>
+
+Upstream-Status: Inappropriate [This is specific to kirkstone since qemu on
+master branch has upgraded to v7.1.]
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ stress-cpu.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/stress-cpu.c b/stress-cpu.c
+index 0a08f1d1..2849e715 100644
+--- a/stress-cpu.c
++++ b/stress-cpu.c
+@@ -41,6 +41,10 @@
+ #undef HAVE_FLOAT_DECIMAL128
+ #endif
+
++#if defined(STRESS_ARCH_PPC64)
++#undef HAVE_FLOAT128
++#endif
++
+ #define GAMMA (0.57721566490153286060651209008240243104215933593992L)
+ #define OMEGA (0.56714329040978387299996866221035554975381578718651L)
+ #define PSI (3.35988566624317755317201130291892717968890513373197L)
+--
+2.25.1
+
diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb
index fe177a4de0..807ecd3466 100644
--- a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb
+++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb
@@ -5,7 +5,9 @@ HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master"
+SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \
+ file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \
+ "
SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305"
S = "${WORKDIR}/git"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 15/18] lttng-tools: Disable on riscv32
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (13 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 14/18] stress-cpu: disable float128 math on powerpc64 to avoid SIGILL Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 16/18] glibc-locale: explicitly remove empty dirs in ${libdir} Steve Sakoman
` (2 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: He Zhe <zhe.he@windriver.com>
As a bunch of other assignments did, let this cover all riscv32 architectures,
not just qemuriscv32.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 976fe5e3fb630e9daf5bbde79ee2148a7a97694a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/lttng/lttng-platforms.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/lttng/lttng-platforms.inc b/meta/recipes-kernel/lttng/lttng-platforms.inc
index 98b13b194c..900e36df82 100644
--- a/meta/recipes-kernel/lttng/lttng-platforms.inc
+++ b/meta/recipes-kernel/lttng/lttng-platforms.inc
@@ -18,4 +18,4 @@ COMPATIBLE_HOST:arc:pn-lttng-ust = "null"
# Whether the platform supports lttng-tools
# lttng-tools requires SYS_ppoll and SYS_pselect6 which are not supported on riscv32.
# It's also turned off for riscv32 in meta-riscv. See https://github.com/riscv/meta-riscv/blob/master/conf/layer.conf
-COMPATIBLE_HOST:qemuriscv32:pn-lttng-tools = "null"
+COMPATIBLE_HOST:riscv32:pn-lttng-tools = "null"
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 16/18] glibc-locale: explicitly remove empty dirs in ${libdir}
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (14 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 15/18] lttng-tools: Disable on riscv32 Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 17/18] coreutils: add openssl PACKAGECONFIG Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 18/18] go: Fix reproducibility failures Steve Sakoman
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Denys Dmytriyenko <denis@denix.org>
glibc-locale defaults to ENABLE_BINARY_LOCALE_GENERATION ?= "0", but gets
changed to "1" in the default-distrovars.inc
When it is explicitly set back to "0", it fails with this error:
ERROR: glibc-locale-2.35-r0 do_package: QA Issue: glibc-locale: Files/directories were installed but not shipped in any package:
/usr/lib/locale
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
glibc-locale: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: glibc-locale-2.35-r0 do_package: Fatal QA errors were found, failing task.
There's a code to remove empty dirs in ${libdir}, but it's keyed off of
PACKAGE_NO_GCONV to clean up $[libdir]/gconv, just extend it to also cover
other empty dirs, including ${libdir}/locale.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/glibc/glibc-locale.inc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index b8de7d3192..7c14abfe99 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -87,10 +87,9 @@ do_install() {
if [ ${PACKAGE_NO_GCONV} -eq 0 ]; then
copy_locale_files ${libdir}/gconv 0755
copy_locale_files ${datadir}/i18n 0644
- else
- # Remove the libdir if it is empty when gconv is not copied
- find ${D}${libdir} -type d -empty -delete
fi
+ # Remove empty dirs in libdir when gconv or locales are not copied
+ find ${D}${libdir} -type d -empty -delete
copy_locale_files ${datadir}/locale 0644
install -m 0644 ${LOCALETREESRC}/SUPPORTED ${WORKDIR}/SUPPORTED
}
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 17/18] coreutils: add openssl PACKAGECONFIG
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (15 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 16/18] glibc-locale: explicitly remove empty dirs in ${libdir} Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 18/18] go: Fix reproducibility failures Steve Sakoman
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Daniel McGregor <daniel.mcgregor@vecima.com>
coreutils-native will pick up openssl on the host if it's GPL
compatible (version >= 3), which causes uninative failures with hosts
that don't have openssl3.
Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't
by default.
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9859a8124a0c09ac38d476445e7df7097f41d153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 865cffd4cd..8a2fbeca32 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -49,6 +49,7 @@ PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,,"
PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux"
+PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
# [ df mktemp nice printenv base64 gets a special treatment and is not included in this
bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 18/18] go: Fix reproducibility failures
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
` (16 preceding siblings ...)
2022-10-04 15:50 ` [OE-core][kirkstone 17/18] coreutils: add openssl PACKAGECONFIG Steve Sakoman
@ 2022-10-04 15:50 ` Steve Sakoman
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-04 15:50 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We're seeing "cmd" static libs being sometimes present and sometimes not.
The issue depends whether BUILD == TARGET so they're present for qemux86-64
on x86-64 hosts but not for qemux86-64 on an aarch64 system.
Add an extra deletion to make the files consistent between the different
hosts.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e652835814c389a826ad2d262ee26c14dfb48b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-runtime.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/go/go-runtime.inc b/meta/recipes-devtools/go/go-runtime.inc
index e18339cddb..02601f7992 100644
--- a/meta/recipes-devtools/go/go-runtime.inc
+++ b/meta/recipes-devtools/go/go-runtime.inc
@@ -50,6 +50,8 @@ do_install() {
rm -rf ${D}${libdir}/go/pkg/tool
rm -rf ${D}${libdir}/go/pkg/obj
rm -rf ${D}${libdir}/go/pkg/bootstrap
+ # the cmd directory is built for the native arch so if BUILD == TARGET
+ rm -rf ${D}${libdir}/go/pkg/${BUILD_GOTUPLE}/cmd
find src -mindepth 1 -maxdepth 1 -type d | while read srcdir; do
cp --preserve=mode,timestamps -R $srcdir ${D}${libdir}/go/src/
done
--
2.25.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 00/18] Patch review
@ 2023-06-19 2:55 Steve Sakoman
2023-08-02 12:04 ` Marta Rybczynska
0 siblings, 1 reply; 22+ messages in thread
From: Steve Sakoman @ 2023-06-19 2:55 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5481
The following changes since commit 6e0d694ea1eb5d478dc7508d181c3a820098ee5f:
uninative: Upgrade to 4.0 to include latest gcc 13.1.1 (2023-06-09 06:04:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Andrew Jeffery (1):
Revert "ipk: Decode byte data to string in manifest handling"
Bruce Ashfield (5):
linux-yocto/5.15: update to v5.15.109
linux-yocto/5.15: update to v5.15.110
linux-yocto/5.15: update to v5.15.111
linux-yocto/5.15: update to v5.15.112
linux-yocto/5.15: update to v5.15.113
Chen Qi (1):
openssh: fix CVE-2023-28531
Deepthi Hemraj (1):
glibc: stable 2.35 branch updates
Ian Ray (1):
systemd-systemctl: support instance expansion in WantedBy
Jan Vermaete (1):
cve-update-nvd2-native: added the missing http import
Marta Rybczynska (1):
cve-update-nvd2-native: new CVE database fetcher
Qiu Tingting (1):
e2fsprogs: fix ptest bug for second running
Randy MacLeod (1):
vim: upgrade 9.0.1429 -> 9.0.1527
Sanjay Chitroda (1):
cups: Fix CVE-2023-32324
Yogita Urade (4):
webkitgtk: fix CVE-2022-46691
webkitgtk: fix CVE-2022-46699
webkitgtk: fix CVE-2022-42867
webkitgtk: fix CVE-2022-46700
meta/classes/cve-check.bbclass | 4 +-
meta/lib/oe/package_manager/ipk/manifest.py | 2 +-
...-destination-constraints-for-smartca.patch | 35 ++
.../openssh/openssh_8.9p1.bb | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/CVE-2023-0687.patch | 82 -----
meta/recipes-core/glibc/glibc_2.35.bb | 1 -
.../meta/cve-update-nvd2-native.bb | 334 ++++++++++++++++++
.../systemd/systemd-systemctl/systemctl | 9 +-
.../e2fsprogs/e2fsprogs/run-ptest | 1 +
.../e2fsprogs/e2fsprogs_1.46.5.bb | 3 +
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-32324.patch | 36 ++
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../webkit/webkitgtk/CVE-2022-42867.patch | 104 ++++++
.../webkit/webkitgtk/CVE-2022-46691.patch | 43 +++
.../webkit/webkitgtk/CVE-2022-46699.patch | 136 +++++++
.../webkit/webkitgtk/CVE-2022-46700.patch | 67 ++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 4 +
meta/recipes-support/vim/vim.inc | 4 +-
22 files changed, 792 insertions(+), 115 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][kirkstone 00/18] Patch review
2023-06-19 2:55 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
@ 2023-08-02 12:04 ` Marta Rybczynska
0 siblings, 0 replies; 22+ messages in thread
From: Marta Rybczynska @ 2023-08-02 12:04 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3913 bytes --]
On Mon, Jun 19, 2023 at 4:55 AM Steve Sakoman <steve@sakoman.com> wrote:
> Please review this set of changes for kirkstone and have comments back by
> end of day Tuesday.
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5481
>
> The following changes since commit
> 6e0d694ea1eb5d478dc7508d181c3a820098ee5f:
>
> uninative: Upgrade to 4.0 to include latest gcc 13.1.1 (2023-06-09
> 06:04:24 -1000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-nut
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>
> Andrew Jeffery (1):
> Revert "ipk: Decode byte data to string in manifest handling"
>
> Bruce Ashfield (5):
> linux-yocto/5.15: update to v5.15.109
> linux-yocto/5.15: update to v5.15.110
> linux-yocto/5.15: update to v5.15.111
> linux-yocto/5.15: update to v5.15.112
> linux-yocto/5.15: update to v5.15.113
>
> Chen Qi (1):
> openssh: fix CVE-2023-28531
>
> Deepthi Hemraj (1):
> glibc: stable 2.35 branch updates
>
> Ian Ray (1):
> systemd-systemctl: support instance expansion in WantedBy
>
> Jan Vermaete (1):
> cve-update-nvd2-native: added the missing http import
>
> Marta Rybczynska (1):
> cve-update-nvd2-native: new CVE database fetcher
>
> Qiu Tingting (1):
> e2fsprogs: fix ptest bug for second running
>
> Randy MacLeod (1):
> vim: upgrade 9.0.1429 -> 9.0.1527
>
> Sanjay Chitroda (1):
> cups: Fix CVE-2023-32324
>
> Yogita Urade (4):
> webkitgtk: fix CVE-2022-46691
> webkitgtk: fix CVE-2022-46699
> webkitgtk: fix CVE-2022-42867
> webkitgtk: fix CVE-2022-46700
>
> meta/classes/cve-check.bbclass | 4 +-
> meta/lib/oe/package_manager/ipk/manifest.py | 2 +-
> ...-destination-constraints-for-smartca.patch | 35 ++
> .../openssh/openssh_8.9p1.bb | 1 +
> meta/recipes-core/glibc/glibc-version.inc | 2 +-
> .../glibc/glibc/CVE-2023-0687.patch | 82 -----
> meta/recipes-core/glibc/glibc_2.35.bb | 1 -
> .../meta/cve-update-nvd2-native.bb | 334 ++++++++++++++++++
> .../systemd/systemd-systemctl/systemctl | 9 +-
> .../e2fsprogs/e2fsprogs/run-ptest | 1 +
> .../e2fsprogs/e2fsprogs_1.46.5.bb | 3 +
> meta/recipes-extended/cups/cups.inc | 1 +
> .../cups/cups/CVE-2023-32324.patch | 36 ++
> .../linux/linux-yocto-rt_5.15.bb | 6 +-
> .../linux/linux-yocto-tiny_5.15.bb | 6 +-
> meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
> .../webkit/webkitgtk/CVE-2022-42867.patch | 104 ++++++
> .../webkit/webkitgtk/CVE-2022-46691.patch | 43 +++
> .../webkit/webkitgtk/CVE-2022-46699.patch | 136 +++++++
> .../webkit/webkitgtk/CVE-2022-46700.patch | 67 ++++
> meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 4 +
> meta/recipes-support/vim/vim.inc | 4 +-
> 22 files changed, 792 insertions(+), 115 deletions(-)
> create mode 100644
> meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
> delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
> create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
> create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
> create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
> create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
> create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
> create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
>
>
>
Tested for the CVE fetcher backport to kirkstone, no unexpected issues seen.
Kind regards,
Marta
[-- Attachment #2: Type: text/html, Size: 5679 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 00/18] Patch review
@ 2026-04-06 6:26 Yoann Congal
0 siblings, 0 replies; 22+ messages in thread
From: Yoann Congal @ 2026-04-06 6:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, April 8.
Please note:
- This will be the last review cycle for kirkstone.
- If you expect a patch to get merged and it is not in this series ping
me as soon as possible.
- Some patches look OK to me and are included here but will only be
merged if some patches are sent/fixed in more recent branches:
- Pending a fix for the scarthgap branch:
- curl: patch CVE-2026-3784
- curl: patch CVE-2026-3783
- curl: patch CVE-2026-1965
- Pending an equivalement patch sent for whinlatter:
- vim: Fix CVE-2026-33412
- libarchive: Fix CVE-2026-4111
- Pending an equivalement patch sent for whinlatter and scarthgap
- python3: Fix CVE-2025-15282
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3603
The following changes since commit c4194cadb1180da37514c55cd97827eb0269c8e2:
build-appliance-image: Update to kirkstone head revision (2026-03-20 09:58:53 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
for you to fetch changes up to 38444a1a8eb2575e2ad273a922d9793e10c3858c:
scripts/install-buildtools: Update to 4.0.34 (2026-04-06 00:08:58 +0200)
----------------------------------------------------------------
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.200
linux-yocto/5.15: update to v5.15.201
Fabien Thomas (1):
README.OE-Core: update contributor links and add kirkstone prefix
Hitendra Prajapati (1):
vim: Fix CVE-2026-33412
Jinfeng Wang (1):
tzdata/tzcode-native: upgrade 2025c -> 2026a
Paul Barker (1):
create-pull-request: Keep commit hash to be pulled in cover email
Peter Marko (1):
libtheora: mark CVE-2024-56431 as not vulnerable yet
Vijay Anusuri (10):
tzdata,tzcode-native: Upgrade 2025b -> 2025c
python3: Fix CVE-2025-15282
python3-pyopenssl: Fix CVE-2026-27448
python3-pyopenssl: Fix CVE-2026-27459
libarchive: Fix CVE-2026-4111
sqlite3: Fix CVE-2025-70873
curl: patch CVE-2025-14524
curl: patch CVE-2026-1965
curl: patch CVE-2026-3783
curl: patch CVE-2026-3784
Yoann Congal (1):
scripts/install-buildtools: Update to 4.0.34
README.OE-Core.md | 10 +-
.../python3-pyopenssl/CVE-2026-27448.patch | 125 +++++++
.../python3-pyopenssl/CVE-2026-27459.patch | 106 ++++++
.../python/python3-pyopenssl_22.0.0.bb | 5 +
.../python/python3/CVE-2025-15282.patch | 68 ++++
.../python/python3_3.10.19.bb | 1 +
.../libarchive/CVE-2026-4111-1.patch | 32 ++
.../libarchive/CVE-2026-4111-2.patch | 308 ++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 2 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../libtheora/libtheora_1.1.1.bb | 3 +
.../curl/curl/CVE-2025-14524.patch | 42 +++
.../curl/curl/CVE-2026-1965-1.patch | 98 ++++++
.../curl/curl/CVE-2026-1965-2.patch | 29 ++
.../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++
.../curl/curl/CVE-2026-3783.patch | 157 +++++++++
.../curl/curl/CVE-2026-3784.patch | 73 +++++
meta/recipes-support/curl/curl_7.82.0.bb | 6 +
.../sqlite/files/CVE-2025-70873.patch | 33 ++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
.../vim/files/CVE-2026-33412.patch | 61 ++++
meta/recipes-support/vim/vim.inc | 1 +
scripts/create-pull-request | 2 +-
scripts/install-buildtools | 4 +-
27 files changed, 1249 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-15282.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2026-04-06 6:27 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-04 15:50 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 01/18] binutils : Fix CVE-2022-38127 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 02/18] vim: Upgrade 9.0.0541 -> 9.0.0598 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 03/18] webkitgtk: Upgrade to 2.36.6 minor update Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 04/18] webkitgtk: Update to 2.36.7 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 05/18] rsync: update 3.2.3 -> 3.2.4 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 06/18] rsync: update 3.2.4 -> 3.2.5 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 07/18] rpm: update 4.17.0 -> 4.17.1 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 08/18] rpm: Remove -Wimplicit-function-declaration warnings Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 09/18] bind: upgrade 9.18.5 -> 9.18.6 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 10/18] bind: upgrade 9.18.6 -> 9.18.7 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 11/18] tzdata: update to 2022d Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 12/18] lttng-tools: Disable on qemuriscv32 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 13/18] create-pull-request: don't switch the git remote protocol to git:// Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 14/18] stress-cpu: disable float128 math on powerpc64 to avoid SIGILL Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 15/18] lttng-tools: Disable on riscv32 Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 16/18] glibc-locale: explicitly remove empty dirs in ${libdir} Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 17/18] coreutils: add openssl PACKAGECONFIG Steve Sakoman
2022-10-04 15:50 ` [OE-core][kirkstone 18/18] go: Fix reproducibility failures Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-06-19 2:55 [OE-core][kirkstone 00/18] Patch review Steve Sakoman
2023-08-02 12:04 ` Marta Rybczynska
2026-04-06 6:26 Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox