* [OE-core][kirkstone 01/19] golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 02/19] libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Steve Sakoman
` (17 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2022-41715.patch | 270 ++++++++++++++++++
2 files changed, 271 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 9c467d63b2..a1942e9f15 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -18,6 +18,7 @@ SRC_URI += "\
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://CVE-2022-27664.patch \
file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \
+ file://CVE-2022-41715.patch \
"
SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch b/meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch
new file mode 100644
index 0000000000..994f37aaf3
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch
@@ -0,0 +1,270 @@
+From e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 Mon Sep 17 00:00:00 2001
+From: Russ Cox <rsc@golang.org>
+Date: Wed, 28 Sep 2022 11:18:51 -0400
+Subject: [PATCH] [release-branch.go1.18] regexp: limit size of parsed regexps
+
+Set a 128 MB limit on the amount of space used by []syntax.Inst
+in the compiled form corresponding to a given regexp.
+
+Also set a 128 MB limit on the rune storage in the *syntax.Regexp
+tree itself.
+
+Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.
+
+Fixes CVE-2022-41715.
+Updates #55949.
+Fixes #55950.
+
+Change-Id: Ia656baed81564436368cf950e1c5409752f28e1b
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1592136
+TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/438501
+Run-TryBot: Carlos Amedee <carlos@golang.org>
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997]
+CVE: CVE-2022-41715
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/regexp/syntax/parse.go | 145 ++++++++++++++++++++++++++++++--
+ src/regexp/syntax/parse_test.go | 13 +--
+ 2 files changed, 148 insertions(+), 10 deletions(-)
+
+diff --git a/src/regexp/syntax/parse.go b/src/regexp/syntax/parse.go
+index d7cf2af..3792960 100644
+--- a/src/regexp/syntax/parse.go
++++ b/src/regexp/syntax/parse.go
+@@ -90,15 +90,49 @@ const (
+ // until we've allocated at least maxHeight Regexp structures.
+ const maxHeight = 1000
+
++// maxSize is the maximum size of a compiled regexp in Insts.
++// It too is somewhat arbitrarily chosen, but the idea is to be large enough
++// to allow significant regexps while at the same time small enough that
++// the compiled form will not take up too much memory.
++// 128 MB is enough for a 3.3 million Inst structures, which roughly
++// corresponds to a 3.3 MB regexp.
++const (
++ maxSize = 128 << 20 / instSize
++ instSize = 5 * 8 // byte, 2 uint32, slice is 5 64-bit words
++)
++
++// maxRunes is the maximum number of runes allowed in a regexp tree
++// counting the runes in all the nodes.
++// Ignoring character classes p.numRunes is always less than the length of the regexp.
++// Character classes can make it much larger: each \pL adds 1292 runes.
++// 128 MB is enough for 32M runes, which is over 26k \pL instances.
++// Note that repetitions do not make copies of the rune slices,
++// so \pL{1000} is only one rune slice, not 1000.
++// We could keep a cache of character classes we've seen,
++// so that all the \pL we see use the same rune list,
++// but that doesn't remove the problem entirely:
++// consider something like [\pL01234][\pL01235][\pL01236]...[\pL^&*()].
++// And because the Rune slice is exposed directly in the Regexp,
++// there is not an opportunity to change the representation to allow
++// partial sharing between different character classes.
++// So the limit is the best we can do.
++const (
++ maxRunes = 128 << 20 / runeSize
++ runeSize = 4 // rune is int32
++)
++
+ type parser struct {
+ flags Flags // parse mode flags
+ stack []*Regexp // stack of parsed expressions
+ free *Regexp
+ numCap int // number of capturing groups seen
+ wholeRegexp string
+- tmpClass []rune // temporary char class work space
+- numRegexp int // number of regexps allocated
+- height map[*Regexp]int // regexp height for height limit check
++ tmpClass []rune // temporary char class work space
++ numRegexp int // number of regexps allocated
++ numRunes int // number of runes in char classes
++ repeats int64 // product of all repetitions seen
++ height map[*Regexp]int // regexp height, for height limit check
++ size map[*Regexp]int64 // regexp compiled size, for size limit check
+ }
+
+ func (p *parser) newRegexp(op Op) *Regexp {
+@@ -122,6 +156,104 @@ func (p *parser) reuse(re *Regexp) {
+ p.free = re
+ }
+
++func (p *parser) checkLimits(re *Regexp) {
++ if p.numRunes > maxRunes {
++ panic(ErrInternalError)
++ }
++ p.checkSize(re)
++ p.checkHeight(re)
++}
++
++func (p *parser) checkSize(re *Regexp) {
++ if p.size == nil {
++ // We haven't started tracking size yet.
++ // Do a relatively cheap check to see if we need to start.
++ // Maintain the product of all the repeats we've seen
++ // and don't track if the total number of regexp nodes
++ // we've seen times the repeat product is in budget.
++ if p.repeats == 0 {
++ p.repeats = 1
++ }
++ if re.Op == OpRepeat {
++ n := re.Max
++ if n == -1 {
++ n = re.Min
++ }
++ if n <= 0 {
++ n = 1
++ }
++ if int64(n) > maxSize/p.repeats {
++ p.repeats = maxSize
++ } else {
++ p.repeats *= int64(n)
++ }
++ }
++ if int64(p.numRegexp) < maxSize/p.repeats {
++ return
++ }
++
++ // We need to start tracking size.
++ // Make the map and belatedly populate it
++ // with info about everything we've constructed so far.
++ p.size = make(map[*Regexp]int64)
++ for _, re := range p.stack {
++ p.checkSize(re)
++ }
++ }
++
++ if p.calcSize(re, true) > maxSize {
++ panic(ErrInternalError)
++ }
++}
++
++func (p *parser) calcSize(re *Regexp, force bool) int64 {
++ if !force {
++ if size, ok := p.size[re]; ok {
++ return size
++ }
++ }
++
++ var size int64
++ switch re.Op {
++ case OpLiteral:
++ size = int64(len(re.Rune))
++ case OpCapture, OpStar:
++ // star can be 1+ or 2+; assume 2 pessimistically
++ size = 2 + p.calcSize(re.Sub[0], false)
++ case OpPlus, OpQuest:
++ size = 1 + p.calcSize(re.Sub[0], false)
++ case OpConcat:
++ for _, sub := range re.Sub {
++ size += p.calcSize(sub, false)
++ }
++ case OpAlternate:
++ for _, sub := range re.Sub {
++ size += p.calcSize(sub, false)
++ }
++ if len(re.Sub) > 1 {
++ size += int64(len(re.Sub)) - 1
++ }
++ case OpRepeat:
++ sub := p.calcSize(re.Sub[0], false)
++ if re.Max == -1 {
++ if re.Min == 0 {
++ size = 2 + sub // x*
++ } else {
++ size = 1 + int64(re.Min)*sub // xxx+
++ }
++ break
++ }
++ // x{2,5} = xx(x(x(x)?)?)?
++ size = int64(re.Max)*sub + int64(re.Max-re.Min)
++ }
++
++ if size < 1 {
++ size = 1
++ }
++ p.size[re] = size
++ return size
++}
++
+ func (p *parser) checkHeight(re *Regexp) {
+ if p.numRegexp < maxHeight {
+ return
+@@ -158,6 +290,7 @@ func (p *parser) calcHeight(re *Regexp, force bool) int {
+
+ // push pushes the regexp re onto the parse stack and returns the regexp.
+ func (p *parser) push(re *Regexp) *Regexp {
++ p.numRunes += len(re.Rune)
+ if re.Op == OpCharClass && len(re.Rune) == 2 && re.Rune[0] == re.Rune[1] {
+ // Single rune.
+ if p.maybeConcat(re.Rune[0], p.flags&^FoldCase) {
+@@ -189,7 +322,7 @@ func (p *parser) push(re *Regexp) *Regexp {
+ }
+
+ p.stack = append(p.stack, re)
+- p.checkHeight(re)
++ p.checkLimits(re)
+ return re
+ }
+
+@@ -299,7 +432,7 @@ func (p *parser) repeat(op Op, min, max int, before, after, lastRepeat string) (
+ re.Sub = re.Sub0[:1]
+ re.Sub[0] = sub
+ p.stack[n-1] = re
+- p.checkHeight(re)
++ p.checkLimits(re)
+
+ if op == OpRepeat && (min >= 2 || max >= 2) && !repeatIsValid(re, 1000) {
+ return "", &Error{ErrInvalidRepeatSize, before[:len(before)-len(after)]}
+@@ -503,6 +636,7 @@ func (p *parser) factor(sub []*Regexp) []*Regexp {
+
+ for j := start; j < i; j++ {
+ sub[j] = p.removeLeadingString(sub[j], len(str))
++ p.checkLimits(sub[j])
+ }
+ suffix := p.collapse(sub[start:i], OpAlternate) // recurse
+
+@@ -560,6 +694,7 @@ func (p *parser) factor(sub []*Regexp) []*Regexp {
+ for j := start; j < i; j++ {
+ reuse := j != start // prefix came from sub[start]
+ sub[j] = p.removeLeadingRegexp(sub[j], reuse)
++ p.checkLimits(sub[j])
+ }
+ suffix := p.collapse(sub[start:i], OpAlternate) // recurse
+
+diff --git a/src/regexp/syntax/parse_test.go b/src/regexp/syntax/parse_test.go
+index 1ef6d8a..67e3c56 100644
+--- a/src/regexp/syntax/parse_test.go
++++ b/src/regexp/syntax/parse_test.go
+@@ -484,12 +484,15 @@ var invalidRegexps = []string{
+ `(?P<>a)`,
+ `[a-Z]`,
+ `(?i)[a-Z]`,
+- `a{100000}`,
+- `a{100000,}`,
+- "((((((((((x{2}){2}){2}){2}){2}){2}){2}){2}){2}){2})",
+- strings.Repeat("(", 1000) + strings.Repeat(")", 1000),
+- strings.Repeat("(?:", 1000) + strings.Repeat(")*", 1000),
+ `\Q\E*`,
++ `a{100000}`, // too much repetition
++ `a{100000,}`, // too much repetition
++ "((((((((((x{2}){2}){2}){2}){2}){2}){2}){2}){2}){2})", // too much repetition
++ strings.Repeat("(", 1000) + strings.Repeat(")", 1000), // too deep
++ strings.Repeat("(?:", 1000) + strings.Repeat(")*", 1000), // too deep
++ "(" + strings.Repeat("(xx?)", 1000) + "){1000}", // too long
++ strings.Repeat("(xx?){1000}", 1000), // too long
++ strings.Repeat(`\pL`, 27000), // too many runes
+ }
+
+ var onlyPerl = []string{
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 02/19] libxml2: Fix CVE-2022-40303 && CVE-2022-40304
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 01/19] golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 03/19] dbus: Add missing CVE product name Steve Sakoman
` (16 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 && https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/libxml2/CVE-2022-40303.patch | 624 ++++++++++++++++++
.../libxml/libxml2/CVE-2022-40304.patch | 106 +++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
3 files changed, 732 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
new file mode 100644
index 0000000000..346ec37a9f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
@@ -0,0 +1,624 @@
+From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 25 Aug 2022 17:43:08 +0200
+Subject: [PATCH] CVE-2022-40303
+
+Fix integer overflows with XML_PARSE_HUGE
+
+Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
+to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
+XML_MAX_HUGE_LENGTH (1 billion bytes).
+
+Move some the length checks to the end of the respective loop to make
+them strict.
+
+xmlParseEntityValue didn't have a length limitation at all. But without
+XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
+
+Thanks to Maddie Stone working with Google Project Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
+CVE: CVE-2022-40303
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ parser.c | 233 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 121 insertions(+), 112 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1bc3713..0f76577 100644
+--- a/parser.c
++++ b/parser.c
+@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
+ * *
+ ************************************************************************/
+
++#define XML_MAX_HUGE_LENGTH 1000000000
++
+ #define XML_PARSER_BIG_ENTITY 1000
+ #define XML_PARSER_LOT_ENTITY 5000
+
+@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
+ errmsg = "Malformed declaration expecting version";
+ break;
+ case XML_ERR_NAME_TOO_LONG:
+- errmsg = "Name too long use XML_PARSE_HUGE option";
++ errmsg = "Name too long";
+ break;
+ #if 0
+ case:
+@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNameComplex++;
+@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3346,7 +3352,10 @@ const xmlChar *
+ xmlParseName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ GROW;
+
+@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
+ in++;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ size_t startPosition = 0;
+
+ #ifdef DEBUG
+@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
+ (xmlIsNameChar(ctxt, c) && (c != ':'))) {
+ if (count++ > XML_PARSER_CHUNK_SIZE) {
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- return(NULL);
+- }
+ count = 0;
+ GROW;
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ if (c == 0) {
+@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3467,7 +3473,10 @@ static const xmlChar *
+ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in, *e;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNCName++;
+@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ goto complex;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ const xmlChar *cur = *str;
+ int len = 0, l;
+ int c;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseStringName++;
+@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ COPY_BUF(l,buffer,len,c);
+ cur += l;
+ c = CUR_SCHAR(cur, l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ *str = cur;
+ return(buffer);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNmToken++;
+@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((max > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ COPY_BUF(l,buffer,len,c);
+ NEXTL(l);
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ return(buffer);
+@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ }
+ if (len == 0)
+ return(NULL);
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ return(NULL);
+ }
+@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int c, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlChar stop;
+ xmlChar *ret = NULL;
+ const xmlChar *cur = NULL;
+@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ GROW;
+ c = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
++ "entity value too long\n");
++ goto error;
++ }
+ }
+ buf[len] = 0;
+ if (ctxt->instate == XML_PARSER_EOF)
+@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ xmlChar *rep = NULL;
+ size_t len = 0;
+ size_t buf_size = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int c, l, in_space = 0;
+ xmlChar *current = NULL;
+ xmlEntityPtr ent;
+@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ while (((NXT(0) != limit) && /* checked */
+ (IS_CHAR(c)) && (c != '<')) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
+- /*
+- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
+- * special option is given
+- */
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+ if (c == '&') {
+ in_space = 0;
+ if (NXT(1) == '#') {
+@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ }
+ GROW;
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
++ "AttValue length too long\n");
++ goto mem_error;
++ }
+ }
+ if (ctxt->instate == XML_PARSER_EOF)
+ goto error;
+@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ } else
+ NEXT;
+
+- /*
+- * There we potentially risk an overflow, don't allow attribute value of
+- * length more than INT_MAX it is a very reasonable assumption !
+- */
+- if (len >= INT_MAX) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+-
+ if (attlen != NULL) *attlen = (int) len;
+ return(buf);
+
+@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int cur, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar stop;
+ int state = ctxt->instate;
+ int count = 0;
+@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+- xmlFree(buf);
+- ctxt->instate = (xmlParserInputState) state;
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
++ xmlFree(buf);
++ ctxt->instate = (xmlParserInputState) state;
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = (xmlParserInputState) state;
+@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar cur;
+ xmlChar stop;
+ int count = 0;
+@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 1 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+- xmlFree(buf);
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR;
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
++ xmlFree(buf);
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ if (cur != stop) {
+@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ int r, rl;
+ int cur, l;
+ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int inputid;
+
+ inputid = ctxt->input->id;
+@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ if ((r == '-') && (q == '-')) {
+ xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+- "Comment too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ if (len + 5 >= size) {
+ xmlChar *new_buf;
+ size_t new_size;
+@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++ "Comment too big found", NULL);
++ xmlFree (buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ if (cur == 0) {
+@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t len = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlParserInputState state;
+ const xmlChar *in;
+ size_t nbchar = 0;
+@@ -4966,8 +4983,7 @@ get_more:
+ buf[len] = 0;
+ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t len = 0;
+ size_t size = XML_PARSER_BUFFER_SIZE;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int cur, l;
+ const xmlChar *target;
+ xmlParserInputState state;
+@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ return;
+ }
+ count = 0;
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ }
+ COPY_BUF(l,buf,len,cur);
+ NEXTL(l);
+@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
++ "PI %s too big found", target);
++ xmlFree(buf);
++ ctxt->instate = state;
++ return;
++ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ buf[len] = 0;
+ if (cur != '?') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ const xmlChar *in = NULL, *start, *end, *last;
+ xmlChar *ret = NULL;
+ int line, col;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ GROW;
+ in = (xmlChar *) CUR_PTR;
+@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ start = in;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ if ((*in++ == 0x20) && (*in == 0x20)) break;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ last = last + delta;
+ }
+ end = ctxt->input->end;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+ }
+ }
+ }
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ col++;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ }
+ }
+ last = in;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ int s, sl;
+ int cur, l;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ /* Check 2.6.0 was NXT(0) not RAW */
+ if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
+@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+- "CData section too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
+ if (tmp == NULL) {
+ xmlFree(buf);
+@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ }
+ NEXTL(l);
+ cur = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
++ "CData section too big found\n");
++ xmlFree(buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
new file mode 100644
index 0000000000..b24be03315
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
@@ -0,0 +1,106 @@
+From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 31 Aug 2022 22:11:25 +0200
+Subject: [PATCH] CVE-2022-40304
+
+Fix dict corruption caused by entity reference cycles
+
+When an entity reference cycle is detected, the entity content is
+cleared by setting its first byte to zero. But the entity content might
+be allocated from a dict. In this case, the dict entry becomes corrupted
+leading to all kinds of logic errors, including memory errors like
+double-frees.
+
+Stop storing entity content, orig, ExternalID and SystemID in a dict.
+These values are unlikely to occur multiple times in a document, so they
+shouldn't have been stored in a dict in the first place.
+
+Thanks to Ned Williamson and Nathan Wachholz working with Google Project
+Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b]
+CVE: CVE-2022-40304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ entities.c | 55 ++++++++++++++++--------------------------------------
+ 1 file changed, 16 insertions(+), 39 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 1a8f86f..ec1b9a7 100644
+--- a/entities.c
++++ b/entities.c
+@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity)
+ if ((entity->children) && (entity->owner == 1) &&
+ (entity == (xmlEntityPtr) entity->children->parent))
+ xmlFreeNodeList(entity->children);
+- if (dict != NULL) {
+- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
+- xmlFree((char *) entity->name);
+- if ((entity->ExternalID != NULL) &&
+- (!xmlDictOwns(dict, entity->ExternalID)))
+- xmlFree((char *) entity->ExternalID);
+- if ((entity->SystemID != NULL) &&
+- (!xmlDictOwns(dict, entity->SystemID)))
+- xmlFree((char *) entity->SystemID);
+- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
+- xmlFree((char *) entity->URI);
+- if ((entity->content != NULL)
+- && (!xmlDictOwns(dict, entity->content)))
+- xmlFree((char *) entity->content);
+- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
+- xmlFree((char *) entity->orig);
+- } else {
+- if (entity->name != NULL)
+- xmlFree((char *) entity->name);
+- if (entity->ExternalID != NULL)
+- xmlFree((char *) entity->ExternalID);
+- if (entity->SystemID != NULL)
+- xmlFree((char *) entity->SystemID);
+- if (entity->URI != NULL)
+- xmlFree((char *) entity->URI);
+- if (entity->content != NULL)
+- xmlFree((char *) entity->content);
+- if (entity->orig != NULL)
+- xmlFree((char *) entity->orig);
+- }
++ if ((entity->name != NULL) &&
++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
++ xmlFree((char *) entity->name);
++ if (entity->ExternalID != NULL)
++ xmlFree((char *) entity->ExternalID);
++ if (entity->SystemID != NULL)
++ xmlFree((char *) entity->SystemID);
++ if (entity->URI != NULL)
++ xmlFree((char *) entity->URI);
++ if (entity->content != NULL)
++ xmlFree((char *) entity->content);
++ if (entity->orig != NULL)
++ xmlFree((char *) entity->orig);
+ xmlFree(entity);
+ }
+
+@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
+ ret->SystemID = xmlStrdup(SystemID);
+ } else {
+ ret->name = xmlDictLookup(dict, name, -1);
+- if (ExternalID != NULL)
+- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
+- if (SystemID != NULL)
+- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
++ ret->ExternalID = xmlStrdup(ExternalID);
++ ret->SystemID = xmlStrdup(SystemID);
+ }
+ if (content != NULL) {
+ ret->length = xmlStrlen(content);
+- if ((dict != NULL) && (ret->length < 5))
+- ret->content = (xmlChar *)
+- xmlDictLookup(dict, content, ret->length);
+- else
+- ret->content = xmlStrndup(content, ret->length);
++ ret->content = xmlStrndup(content, ret->length);
+ } else {
+ ret->length = 0;
+ ret->content = NULL;
+--
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 519985bbae..fffe7dda98 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -23,6 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
+ file://CVE-2022-40303.patch \
+ file://CVE-2022-40304.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 03/19] dbus: Add missing CVE product name
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 01/19] golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 02/19] libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 04/19] bind: upgrade 9.18.8 -> 9.18.9 Steve Sakoman
` (15 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Mathieu Dubois-Briand <mathieu.dubois-briand@hyprua.org>
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 67b2db202834f1213bed3580badda2a67655ab7d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/dbus/dbus_1.14.4.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/dbus/dbus_1.14.4.bb b/meta/recipes-core/dbus/dbus_1.14.4.bb
index 9684f0c6e2..85db58e214 100644
--- a/meta/recipes-core/dbus/dbus_1.14.4.bb
+++ b/meta/recipes-core/dbus/dbus_1.14.4.bb
@@ -182,3 +182,5 @@ do_install:class-nativesdk() {
rm -rf ${D}${localstatedir}/run
}
BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT += "d-bus_project:d-bus"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 04/19] bind: upgrade 9.18.8 -> 9.18.9
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 03/19] dbus: Add missing CVE product name Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 05/19] mpfr: upgrade 4.1.0 -> 4.1.1 Steve Sakoman
` (14 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
Fix a crash that could happen when you change
a dnssec-policy zone with NSEC3 to start using
inline-signing. [GL #3591]
Don't trust a placeholder KEYDATA from the managed-keys
zone by adding it into secroots. [GL #2895]
Fixed a race condition that could cause a crash
in dns_zone_synckeyzone(). [GL #3617]
Don't enforce the jemalloc use on NetBSD. [GL #3634]
Fix an inheritance bug when setting the port on
remote servers in configuration. [GL #3627]
Fix a resolver prefetch bug when the record's TTL value
is equal to the configured prefetch eligibility value,
but the record was erroneously not treated as eligible
for prefetching. [GL #3603]
Always call dns_adb_endudpfetch() after calling
dns_adb_beginudpfetch() for UDP queries in resolver.c,
in order to adjust back the quota. [GL #3598]
Fix a startup issue on Solaris systems with many
(reportedly > 510) CPUs. Thanks to Stacey Marshall from
Oracle for deep investigation of the problem. [GL #3563]
rpz-ip rules could be ineffective in some scenarios
with CD=1 queries. [GL #3247]
The RecursClients statistics counter could overflow
in certain resolution scenarios. [GL #3584]
Less ceremonial UNEXPECTED_ERROR() and FATAL_ERROR()
reporting macros. [GL !6914]
Fix a couple of bugs in cfg_print_duration(), which
could result in generating incomplete duration values
when printing the configuration using named-checkconf.
[GL !6880]
Refactor the isc_httpd implementation used in the
statistics channel. [GL !6879]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e57fe26b3f85ebfabdc8b574caa5c97602e4d771)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.8 => bind-9.18.9}/bind9 | 0
.../bind/{bind-9.18.8 => bind-9.18.9}/conf.patch | 0
.../bind/{bind-9.18.8 => bind-9.18.9}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.8 => bind-9.18.9}/named.service | 0
.../bind/{bind_9.18.8.bb => bind_9.18.9.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.8.bb => bind_9.18.9.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.9/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/bind9 b/meta/recipes-connectivity/bind/bind-9.18.9/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.9/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.9/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.9/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.9/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.9/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.9/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.9/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.8/named.service b/meta/recipes-connectivity/bind/bind-9.18.9/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.8/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.9/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.8.bb b/meta/recipes-connectivity/bind/bind_9.18.9.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.8.bb
rename to meta/recipes-connectivity/bind/bind_9.18.9.bb
index 2964dc9963..b95b900069 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.8.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.9.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "0e3c3ab9378db84ba0f37073d67ba125ae4f2ff8daf366c9db287e3f1b2c35f0"
+SRC_URI[sha256sum] = "6a9665998d568604460df0918fc8ccfad7d29388d4d842560c056cc211cbb243"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 05/19] mpfr: upgrade 4.1.0 -> 4.1.1
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 04/19] bind: upgrade 9.18.8 -> 9.18.9 Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 06/19] libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 Steve Sakoman
` (13 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
=========
- Bug fixes (see <https://www.mpfr.org/mpfr-4.1.0/#fixed> and/or the
ChangeLog file), in particular for macros implementing functions.
- Improved manual formatting.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f733eddc428cf9537f97cb91025b73dd1fdea932)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb} (91%)
diff --git a/meta/recipes-support/mpfr/mpfr_4.1.0.bb b/meta/recipes-support/mpfr/mpfr_4.1.1.bb
similarity index 91%
rename from meta/recipes-support/mpfr/mpfr_4.1.0.bb
rename to meta/recipes-support/mpfr/mpfr_4.1.1.bb
index 2121dad57c..f531a88961 100644
--- a/meta/recipes-support/mpfr/mpfr_4.1.0.bb
+++ b/meta/recipes-support/mpfr/mpfr_4.1.1.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
DEPENDS = "gmp autoconf-archive"
SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f"
+SRC_URI[sha256sum] = "ffd195bd567dbaffc3b98b23fd00aad0537680c9896171e44fe3ff79e28ac33d"
UPSTREAM_CHECK_URI = "http://www.mpfr.org/mpfr-current/"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 06/19] libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 05/19] mpfr: upgrade 4.1.0 -> 4.1.1 Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 07/19] python3: upgrade 3.10.8 -> 3.10.9 Steve Sakoman
` (12 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
==========
* Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c.
With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some
changes to huge page handling, that show this error when building with
GCC v12.2.1, and thus need a small fix.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6918477ad121f9c7335c661433a909e948f66d51)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{libxcrypt-compat_4.4.30.bb => libxcrypt-compat_4.4.33.bb} | 0
meta/recipes-core/libxcrypt/libxcrypt.inc | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/libxcrypt/{libxcrypt-compat_4.4.30.bb => libxcrypt-compat_4.4.33.bb} (100%)
diff --git a/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.30.bb b/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
similarity index 100%
rename from meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.30.bb
rename to meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index 2bdedcba6d..61b0381076 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \
inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
-SRCREV = "fee2687bad66e351a3dcc963a34ae80125923ff8"
+SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175"
SRCBRANCH ?= "develop"
SRC_URI += "file://fix_cflags_handling.patch"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 07/19] python3: upgrade 3.10.8 -> 3.10.9
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 06/19] libxcrypt-compat: upgrade 4.4.30 -> 4.4.33 Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 08/19] bc: extend to nativesdk Steve Sakoman
` (11 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Florin Diaconescu <florin.diaconescu009@gmail.com>
Security and bug fixes.
Drop patch for CVE-2022-42919 and CVE-2022-37454 which were merged in 3.10.9
Fixes:
* CVE-2022-45061 (gh-98433)
https://nvd.nist.gov/vuln/detail/CVE-2022-45061
List of changes:
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final
Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3/CVE-2022-42919.patch | 70 ------------
.../python/python3/cve-2022-37454.patch | 108 ------------------
.../{python3_3.10.8.bb => python3_3.10.9.bb} | 3 +-
3 files changed, 1 insertion(+), 180 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
delete mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.10.8.bb => python3_3.10.9.bb} (99%)
diff --git a/meta/recipes-devtools/python/python3/CVE-2022-42919.patch b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
deleted file mode 100644
index 6040724dae..0000000000
--- a/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 87ef80926ea0ec960a220af89d8ff4db99417b03 Mon Sep 17 00:00:00 2001
-From: Vivek Kumbhar <vkumbhar@mvista.com>
-Date: Thu, 24 Nov 2022 17:44:18 +0530
-Subject: [PATCH] CVE-2022-42919
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2]
-CVE: CVE-2022-42919
-Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
-
-[3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98503)
-
-Linux abstract sockets are insecure as they lack any form of filesystem
-permissions so their use allows anyone on the system to inject code into
-the process.
-
-This removes the default preference for abstract sockets in
-multiprocessing introduced in Python 3.9+ via
-https://github.com/python/cpython/pull/18866 while fixing
-https://github.com/python/cpython/issues/84031.
-
-Explicit use of an abstract socket by a user now generates a
-RuntimeWarning. If we choose to keep this warning, it should be
-backported to the 3.7 and 3.8 branches.
-(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
----
- Lib/multiprocessing/connection.py | 5 -----
- .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
- 2 files changed, 15 insertions(+), 5 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-
-diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
-index 510e4b5..8e2facf 100644
---- a/Lib/multiprocessing/connection.py
-+++ b/Lib/multiprocessing/connection.py
-@@ -73,11 +73,6 @@ def arbitrary_address(family):
- if family == 'AF_INET':
- return ('localhost', 0)
- elif family == 'AF_UNIX':
-- # Prefer abstract sockets if possible to avoid problems with the address
-- # size. When coding portable applications, some implementations have
-- # sun_path as short as 92 bytes in the sockaddr_un struct.
-- if util.abstract_sockets_supported:
-- return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
- return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
- elif family == 'AF_PIPE':
- return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
-diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-new file mode 100644
-index 0000000..02d95b5
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-@@ -0,0 +1,15 @@
-+On Linux the :mod:`multiprocessing` module returns to using filesystem backed
-+unix domain sockets for communication with the *forkserver* process instead of
-+the Linux abstract socket namespace. Only code that chooses to use the
-+:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
-+
-+Abstract sockets have no permissions and could allow any user on the system in
-+the same `network namespace
-+<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
-+whole system) to inject code into the multiprocessing *forkserver* process.
-+This was a potential privilege escalation. Filesystem based socket permissions
-+restrict this to the *forkserver* process user as was the default in Python 3.8
-+and earlier.
-+
-+This prevents Linux `CVE-2022-42919
-+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
---
-2.25.1
-
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37454.patch b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
deleted file mode 100644
index c019151a64..0000000000
--- a/meta/recipes-devtools/python/python3/cve-2022-37454.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 1f66b714c5f2fef80ec5389456ac31756dbfff0e Mon Sep 17 00:00:00 2001
-From: Theo Buehler <botovq@users.noreply.github.com>
-Date: Fri, 21 Oct 2022 21:26:01 +0200
-Subject: [PATCH] gh-98517: Fix buffer overflows in _sha3 module (#98519)
-
-This is a port of the applicable part of XKCP's fix [1] for
-CVE-2022-37454 and avoids the segmentation fault and the infinite
-loop in the test cases published in [2].
-
-[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
-[2]: https://mouha.be/sha-3-buffer-overflow/
-
-Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
----
-
-Patch applied without modification.
-
-CVE: CVE-2022-37454
-
-Upstream-Status: Backport [github.com/cpython/cpython.git 0e4e058602d...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
- Lib/test/test_hashlib.py | 9 +++++++++
- .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 +
- Modules/_sha3/kcp/KeccakSponge.inc | 15 ++++++++-------
- 3 files changed, 18 insertions(+), 7 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
-
-diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
-index ea31f8b..65330e1 100644
---- a/Lib/test/test_hashlib.py
-+++ b/Lib/test/test_hashlib.py
-@@ -491,6 +491,15 @@ class HashLibTestCase(unittest.TestCase):
- def test_case_md5_uintmax(self, size):
- self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')
-
-+ @unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit systems')
-+ @bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
-+ def test_sha3_update_overflow(self, size):
-+ """Regression test for gh-98517 CVE-2022-37454."""
-+ h = hashlib.sha3_224()
-+ h.update(b'\x01')
-+ h.update(b'\x01'*0xffff_ffff)
-+ self.assertEqual(h.hexdigest(), '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
-+
- # use the three examples from Federal Information Processing Standards
- # Publication 180-1, Secure Hash Standard, 1995 April 17
- # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
-diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
-new file mode 100644
-index 0000000..2d23a6a
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
-@@ -0,0 +1 @@
-+Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
-diff --git a/Modules/_sha3/kcp/KeccakSponge.inc b/Modules/_sha3/kcp/KeccakSponge.inc
-index e10739d..cf92e4d 100644
---- a/Modules/_sha3/kcp/KeccakSponge.inc
-+++ b/Modules/_sha3/kcp/KeccakSponge.inc
-@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
- i = 0;
- curData = data;
- while(i < dataByteLen) {
-- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
-+ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
- #ifdef SnP_FastLoop_Absorb
- /* processing full blocks first */
-
-@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
- }
- else {
- /* normal lane: using the message queue */
--
-- partialBlock = (unsigned int)(dataByteLen - i);
-- if (partialBlock+instance->byteIOIndex > rateInBytes)
-+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
- partialBlock = rateInBytes-instance->byteIOIndex;
-+ else
-+ partialBlock = (unsigned int)(dataByteLen - i);
- #ifdef KeccakReference
- displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
- #endif
-@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
- i = 0;
- curData = data;
- while(i < dataByteLen) {
-- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
-+ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
- for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
- SnP_Permute(instance->state);
- SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
-@@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
- SnP_Permute(instance->state);
- instance->byteIOIndex = 0;
- }
-- partialBlock = (unsigned int)(dataByteLen - i);
-- if (partialBlock+instance->byteIOIndex > rateInBytes)
-+ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
- partialBlock = rateInBytes-instance->byteIOIndex;
-+ else
-+ partialBlock = (unsigned int)(dataByteLen - i);
- i += partialBlock;
-
- SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
---
-2.32.0
-
diff --git a/meta/recipes-devtools/python/python3_3.10.8.bb b/meta/recipes-devtools/python/python3_3.10.9.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.10.8.bb
rename to meta/recipes-devtools/python/python3_3.10.9.bb
index 8963ce6dd2..d6b7a618c1 100644
--- a/meta/recipes-devtools/python/python3_3.10.8.bb
+++ b/meta/recipes-devtools/python/python3_3.10.9.bb
@@ -35,7 +35,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
- file://CVE-2022-42919.patch \
"
SRC_URI:append:class-native = " \
@@ -44,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "6a30ecde59c47048013eb5a658c9b5dec277203d2793667f578df7671f7f03f3"
+SRC_URI[sha256sum] = "5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 08/19] bc: extend to nativesdk
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 07/19] python3: upgrade 3.10.8 -> 3.10.9 Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 09/19] xwayland: libxshmfence is needed when dri3 is enabled Steve Sakoman
` (10 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
bc is needed for compiling kernel modules, more specifially
whenr running `make scripts prepare'.
In linux-yocto.inc, we have bc-native in DEPENDS. But we will
need nativesdk-bc in case we compile a kernel module inside
SDK.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 95b5c89066baccb1e64bfba7d9a66feeeb086da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/bc/bc_1.07.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/bc/bc_1.07.1.bb b/meta/recipes-extended/bc/bc_1.07.1.bb
index 1bec76bb2a..5a03751304 100644
--- a/meta/recipes-extended/bc/bc_1.07.1.bb
+++ b/meta/recipes-extended/bc/bc_1.07.1.bb
@@ -32,4 +32,4 @@ do_compile:prepend() {
ALTERNATIVE:${PN} = "bc dc"
ALTERNATIVE_PRIORITY = "100"
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 09/19] xwayland: libxshmfence is needed when dri3 is enabled
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 08/19] bc: extend to nativesdk Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 10/19] lsof: add update-alternatives logic Steve Sakoman
` (9 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Carlos Alberto Lopez Perez <clopez@igalia.com>
* The build error happens already at configure time:
| meson.build: ERROR: Problem encountered: DRI3 requested, but xshmfence not found
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 451fe4a067432b432b9cd38d2fc78072f6ce5421)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/xwayland/xwayland_22.1.5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
index c1c5407dee..51d847a093 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
@@ -23,7 +23,7 @@ OPENGL_PKGCONFIGS = "glx glamor dri3"
PACKAGECONFIG ??= "${XORG_CRYPTO} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \
"
-PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false"
+PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence"
PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11"
PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,libegl"
PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 10/19] lsof: add update-alternatives logic
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 09/19] xwayland: libxshmfence is needed when dri3 is enabled Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 11/19] rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work Steve Sakoman
` (8 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Alex Stewart <alex.stewart@ni.com>
Some distributions (NI LinuxRT) provide both busybox-lsof and
full-featured lsof implementations. When users install the full-featured
lsof package, the full-binary fails to replace the bbox-binary in PATH,
because `lsof` contains no update-alternatives logic.
Inherit the update-alternatives bbclass and assert that the
full-featured lsof package has higher priority than the busybox
implementation.
Co-Authored-By: Kyle Roeschley <kyle.roeschley@ni.com>
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e2893fa692a6e91eee09fc04c8c03fe27c718a58)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/lsof/lsof_4.94.0.bb | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-extended/lsof/lsof_4.94.0.bb b/meta/recipes-extended/lsof/lsof_4.94.0.bb
index c2b8bc839b..62f42975af 100644
--- a/meta/recipes-extended/lsof/lsof_4.94.0.bb
+++ b/meta/recipes-extended/lsof/lsof_4.94.0.bb
@@ -19,6 +19,15 @@ SRCREV = "005e014e1abdadb2493d8b3ce87b37a2c0a2351d"
S = "${WORKDIR}/git"
+
+inherit update-alternatives
+
+ALTERNATIVE_${PN} = "lsof"
+ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof"
+# Make our priority higher than busybox
+ALTERNATIVE_PRIORITY = "100"
+
+
export LSOF_INCLUDE = "${STAGING_INCDIR}"
do_configure () {
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 11/19] rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 10/19] lsof: add update-alternatives logic Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 12/19] lib/buildstats: fix parsing of trees with reduced_proc_pressure directories Steve Sakoman
` (7 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
For now, if we use rm_work and `bitbake core-image-minimal', some
recipes' WORKDIRs are not cleaned up, e.g., makedevs-native.
Adjust the dependency to make do_rm_work_all depend on do_rm_work
to solve this problem.
Below are the detailed explanation of why this would work.
Without this patch, the dependency chain is like:
[other deps] -> [do_rm_work] -+-> [do_build]
|
[do_rm_work_all] -------------+
With this patch, the depedency chain is like:
[other deps] -> [do_rm_work] -> [do_rm_work_all] -> [do_build]
Such dependency chain adjustment fixes the issue because do_rm_work_all
now depends on [other deps] and thus the [depends] of these [other deps].
Take core-image-minimal as an example. Before this adjustment,
do_rm_work_all does not have any relationship with do_rootfs, and we have
do_rootfs[depends] += "makedevs-native:do_populate_sysroot ..."
This essentially prevents 'recrdeptask' setting of do_rm_work_all extend
to makedevs-native. With this patch, the do_rm_work_all now depends
on do_rm_work which in turn depends on do_rootfs, and so do_rm_work_all's
recrdeptask could have effect on makedevs-native.
With this patch, all built recipes WORKDIR will be cleaned up with
a few expected exceptions such as kernel and qemu-helper-native.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b25cc45c9b39f79ba0a03c4556cb2e2431677b4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/rm_work.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index c2b569903a..8979714e62 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -174,7 +174,7 @@ python inject_rm_work() {
# other recipes and thus will typically run much later than completion of
# work in the recipe itself.
# In practice, addtask() here merely updates the dependencies.
- bb.build.addtask('do_rm_work', 'do_build', ' '.join(deps), d)
+ bb.build.addtask('do_rm_work', 'do_rm_work_all do_build', ' '.join(deps), d)
# Always update do_build_without_rm_work dependencies.
bb.build.addtask('do_build_without_rm_work', '', ' '.join(deps), d)
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 12/19] lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 11/19] rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 13/19] externalsrc: fix lookup for .gitmodules Steve Sakoman
` (6 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
The /proc/pressure support in buildstats is creating directories in the
buildstats tree called reduced_proc_pressure, which confuses the parsing
logic as that cannot be parsed as a name-epoc-version-revision tuple.
Explicitly skip this directory to solve the problem.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 24f0331f0b7e51161b1fa43d4592b491d2037fe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/buildstats.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/lib/buildstats.py b/scripts/lib/buildstats.py
index c69b5bf4d7..3b76286ba5 100644
--- a/scripts/lib/buildstats.py
+++ b/scripts/lib/buildstats.py
@@ -8,7 +8,7 @@ import json
import logging
import os
import re
-from collections import namedtuple,OrderedDict
+from collections import namedtuple
from statistics import mean
@@ -238,7 +238,7 @@ class BuildStats(dict):
subdirs = os.listdir(path)
for dirname in subdirs:
recipe_dir = os.path.join(path, dirname)
- if not os.path.isdir(recipe_dir):
+ if dirname == "reduced_proc_pressure" or not os.path.isdir(recipe_dir):
continue
name, epoch, version, revision = cls.split_nevr(dirname)
bsrecipe = BSRecipe(name, epoch, version, revision)
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 13/19] externalsrc: fix lookup for .gitmodules
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 12/19] lib/buildstats: fix parsing of trees with reduced_proc_pressure directories Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 14/19] oeqa/selftest/externalsrc: add test for srctree_hash_files Steve Sakoman
` (5 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Commit 0533edac277080e1bd130c14df0cbac61ba01a0c broke
bitbake parsing when bitbake is executed from directory with existing .gitmodules
and the recipe in externalsrc does not have .gitmodules
The check needs to search for .gitmodules in sources path, not cwd.
iParsing recipes...ERROR: ExpansionError during parsing <path to recipe>
...
bb.data_smart.ExpansionError: Failure expanding variable do_compile[file-checksums], expression was ${@srctree_hash_files(d)} which triggered exception CalledProcessError: Command '['git', 'config', '--file', '.gitmodules', '--get-regexp', 'path']' returned non-zero exit status 1.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 66ff3d1f65cd2e7f5319e98fa41f47a59b714c72)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/externalsrc.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass
index a6a8ca6318..57135f2e4c 100644
--- a/meta/classes/externalsrc.bbclass
+++ b/meta/classes/externalsrc.bbclass
@@ -229,7 +229,7 @@ def srctree_hash_files(d, srcdir=None):
env['GIT_INDEX_FILE'] = tmp_index.name
subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env)
git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8")
- if os.path.exists(".gitmodules"):
+ if os.path.exists(os.path.join(s_dir, ".gitmodules")):
submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 14/19] oeqa/selftest/externalsrc: add test for srctree_hash_files
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 13/19] externalsrc: fix lookup for .gitmodules Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:12 ` [OE-core][kirkstone 15/19] combo-layer: remove unused import Steve Sakoman
` (4 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7b9728e5b8bdf1193c1304ec3beeca4b5bf8d2da)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/externalsrc.py | 44 +++++++++++++++++++++
1 file changed, 44 insertions(+)
create mode 100644 meta/lib/oeqa/selftest/cases/externalsrc.py
diff --git a/meta/lib/oeqa/selftest/cases/externalsrc.py b/meta/lib/oeqa/selftest/cases/externalsrc.py
new file mode 100644
index 0000000000..1d800dc82c
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/externalsrc.py
@@ -0,0 +1,44 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+import shutil
+import tempfile
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import get_bb_var, runCmd
+
+class ExternalSrc(OESelftestTestCase):
+ # test that srctree_hash_files does not crash
+ # we should be actually checking do_compile[file-checksums] but oeqa currently does not support it
+ # so we check only that a recipe with externalsrc can be parsed
+ def test_externalsrc_srctree_hash_files(self):
+ test_recipe = "git-submodule-test"
+ git_url = "git://git.yoctoproject.org/git-submodule-test"
+ externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name
+
+ self.write_config(
+ """
+INHERIT += "externalsrc"
+EXTERNALSRC:pn-%s = "%s"
+""" % (test_recipe, externalsrc_dir)
+ )
+
+ # test with git without submodules
+ runCmd('git clone %s %s' % (git_url, externalsrc_dir))
+ os.unlink(externalsrc_dir + "/.gitmodules")
+ open(".gitmodules", 'w').close() # local file .gitmodules in cwd should not affect externalsrc parsing
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+ os.unlink(".gitmodules")
+
+ # test with git with submodules
+ runCmd('git checkout .gitmodules', cwd=externalsrc_dir)
+ runCmd('git submodule update --init --recursive', cwd=externalsrc_dir)
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+
+ # test without git
+ shutil.rmtree(os.path.join(externalsrc_dir, ".git"))
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 15/19] combo-layer: remove unused import
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (13 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 14/19] oeqa/selftest/externalsrc: add test for srctree_hash_files Steve Sakoman
@ 2022-12-18 16:12 ` Steve Sakoman
2022-12-18 16:13 ` [OE-core][kirkstone 16/19] combo-layer: dont use bb.utils.rename Steve Sakoman
` (3 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ebfab6c3034d41252d19c6e1a0ba79072aa51146)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/combo-layer | 1 -
1 file changed, 1 deletion(-)
diff --git a/scripts/combo-layer b/scripts/combo-layer
index 045de65642..c122f4b5e4 100755
--- a/scripts/combo-layer
+++ b/scripts/combo-layer
@@ -21,7 +21,6 @@ import re
import copy
import pipes
import shutil
-from collections import OrderedDict
from string import Template
from functools import reduce
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 16/19] combo-layer: dont use bb.utils.rename
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (14 preceding siblings ...)
2022-12-18 16:12 ` [OE-core][kirkstone 15/19] combo-layer: remove unused import Steve Sakoman
@ 2022-12-18 16:13 ` Steve Sakoman
2022-12-18 16:13 ` [OE-core][kirkstone 17/19] combo-layer: add sync-revs command Steve Sakoman
` (2 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:13 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Bitbake may not be configured, and bb isn't imported anyway.
Instead just use os.rename(), and take the filename from the file object
instead of duplicating logic.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 528f4fb3683d048537604e4562ea758968060d62)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/combo-layer | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/combo-layer b/scripts/combo-layer
index c122f4b5e4..e467f390c1 100755
--- a/scripts/combo-layer
+++ b/scripts/combo-layer
@@ -507,7 +507,7 @@ def check_patch(patchfile):
f.close()
if of:
of.close()
- bb.utils.rename(patchfile + '.tmp', patchfile)
+ os.rename(of.name, patchfile)
def drop_to_shell(workdir=None):
if not sys.stdin.isatty():
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 17/19] combo-layer: add sync-revs command
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (15 preceding siblings ...)
2022-12-18 16:13 ` [OE-core][kirkstone 16/19] combo-layer: dont use bb.utils.rename Steve Sakoman
@ 2022-12-18 16:13 ` Steve Sakoman
2022-12-18 16:13 ` [OE-core][kirkstone 18/19] yocto-check-layer: Allow OE-Core to be tested Steve Sakoman
2022-12-18 16:13 ` [OE-core][kirkstone 19/19] efibootmgr: update compilation with musl Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:13 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
When starting to use combo-layer, or if someone else is using it too,
the local last_revision may be incorrect.
This command will forcibly update the last_revision config values to the
latest SHA on the remote branch that is tracked.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bb5d12ecd1b0273983f7c05699f34dd64b11c25)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/combo-layer | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/scripts/combo-layer b/scripts/combo-layer
index e467f390c1..7f2020fca7 100755
--- a/scripts/combo-layer
+++ b/scripts/combo-layer
@@ -191,6 +191,23 @@ def runcmd(cmd,destdir=None,printerr=True,out=None,env=None):
logger.debug("output: %s" % output.replace(chr(0), '\\0'))
return output
+def action_sync_revs(conf, args):
+ """
+ Update the last_revision config option for each repo with the latest
+ revision in the remote's branch. Useful if multiple people are using
+ combo-layer.
+ """
+ repos = get_repos(conf, args[1:])
+
+ for name in repos:
+ repo = conf.repos[name]
+ ldir = repo['local_repo_dir']
+ branch = repo.get('branch', "master")
+ runcmd("git fetch", ldir)
+ lastrev = runcmd('git rev-parse origin/%s' % branch, ldir).strip()
+ print("Updating %s to %s" % (name, lastrev))
+ conf.update(name, "last_revision", lastrev)
+
def action_init(conf, args):
"""
Clone component repositories
@@ -1301,6 +1318,7 @@ actions = {
"update": action_update,
"pull": action_pull,
"splitpatch": action_splitpatch,
+ "sync-revs": action_sync_revs,
}
def main():
@@ -1311,10 +1329,11 @@ def main():
Create and update a combination layer repository from multiple component repositories.
Action:
- init initialise the combo layer repo
- update [components] get patches from component repos and apply them to the combo repo
- pull [components] just pull component repos only
- splitpatch [commit] generate commit patch and split per component, default commit is HEAD""")
+ init initialise the combo layer repo
+ update [components] get patches from component repos and apply them to the combo repo
+ pull [components] just pull component repos only
+ sync-revs [components] update the config file's last_revision for each repository
+ splitpatch [commit] generate commit patch and split per component, default commit is HEAD""")
parser.add_option("-c", "--conf", help = "specify the config file (conf/combo-layer.conf is the default).",
action = "store", dest = "conffile", default = "conf/combo-layer.conf")
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 18/19] yocto-check-layer: Allow OE-Core to be tested
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (16 preceding siblings ...)
2022-12-18 16:13 ` [OE-core][kirkstone 17/19] combo-layer: add sync-revs command Steve Sakoman
@ 2022-12-18 16:13 ` Steve Sakoman
2022-12-18 16:13 ` [OE-core][kirkstone 19/19] efibootmgr: update compilation with musl Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:13 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
For unknown reasons we've never seemingly run the check layer script
against OE-Core itself. This isn't entirely straightforward as the core
layer is a bit of a special case, we can't for example compare signatures
against ourselve and we can't remove core from bblayers.conf.
Core does have distro, machine and software components too, in the case
of distro, our fallback default settings. Whilst the qemu machines could
be split into a seperate layer directory, core wouldn't then parse at all
standalone due to the lack of any machine so it seems a bit pointless to
do that.
These changes tweak the script to handle core's special cases, specifically
to allow distro and machine directories and to account for the README placed
a directory level higher than other layers.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/checklayer/__init__.py | 11 ++++++++---
scripts/lib/checklayer/cases/bsp.py | 2 +-
scripts/lib/checklayer/cases/common.py | 3 +++
scripts/lib/checklayer/cases/distro.py | 2 +-
scripts/yocto-check-layer | 5 ++---
5 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index aa946f3036..938805289e 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -16,6 +16,7 @@ class LayerType(Enum):
BSP = 0
DISTRO = 1
SOFTWARE = 2
+ CORE = 3
ERROR_NO_LAYER_CONF = 98
ERROR_BSP_DISTRO = 99
@@ -106,7 +107,13 @@ def _detect_layer(layer_path):
if distros:
is_distro = True
- if is_bsp and is_distro:
+ layer['collections'] = _get_layer_collections(layer['path'])
+
+ if layer_name == "meta" and "core" in layer['collections']:
+ layer['type'] = LayerType.CORE
+ layer['conf']['machines'] = machines
+ layer['conf']['distros'] = distros
+ elif is_bsp and is_distro:
layer['type'] = LayerType.ERROR_BSP_DISTRO
elif is_bsp:
layer['type'] = LayerType.BSP
@@ -117,8 +124,6 @@ def _detect_layer(layer_path):
else:
layer['type'] = LayerType.SOFTWARE
- layer['collections'] = _get_layer_collections(layer['path'])
-
return layer
def detect_layers(layer_directories, no_auto):
diff --git a/scripts/lib/checklayer/cases/bsp.py b/scripts/lib/checklayer/cases/bsp.py
index a80a5844da..b76163fb56 100644
--- a/scripts/lib/checklayer/cases/bsp.py
+++ b/scripts/lib/checklayer/cases/bsp.py
@@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase
class BSPCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
- if self.tc.layer['type'] != LayerType.BSP:
+ if self.tc.layer['type'] not in (LayerType.BSP, LayerType.CORE):
raise unittest.SkipTest("BSPCheckLayer: Layer %s isn't BSP one." %\
self.tc.layer['name'])
diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py
index 491a13953c..722d3cf638 100644
--- a/scripts/lib/checklayer/cases/common.py
+++ b/scripts/lib/checklayer/cases/common.py
@@ -12,6 +12,9 @@ from checklayer.case import OECheckLayerTestCase
class CommonCheckLayer(OECheckLayerTestCase):
def test_readme(self):
+ if self.tc.layer['type'] == LayerType.CORE:
+ raise unittest.SkipTest("Core layer's README is top level")
+
# The top-level README file may have a suffix (like README.rst or README.txt).
readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*'))
self.assertTrue(len(readme_files) > 0,
diff --git a/scripts/lib/checklayer/cases/distro.py b/scripts/lib/checklayer/cases/distro.py
index f0bee5493c..a35332451c 100644
--- a/scripts/lib/checklayer/cases/distro.py
+++ b/scripts/lib/checklayer/cases/distro.py
@@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase
class DistroCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
- if self.tc.layer['type'] != LayerType.DISTRO:
+ if self.tc.layer['type'] not in (LayerType.DISTRO, LayerType.CORE):
raise unittest.SkipTest("DistroCheckLayer: Layer %s isn't Distro one." %\
self.tc.layer['name'])
diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index 0e5b75b1f7..67cc71950f 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -168,14 +168,13 @@ def main():
layers_tested = 0
for layer in layers:
- if layer['type'] == LayerType.ERROR_NO_LAYER_CONF or \
- layer['type'] == LayerType.ERROR_BSP_DISTRO:
+ if layer['type'] in (LayerType.ERROR_NO_LAYER_CONF, LayerType.ERROR_BSP_DISTRO):
continue
# Reset to a clean backup copy for each run
shutil.copyfile(bblayersconf + '.backup', bblayersconf)
- if check_bblayers(bblayersconf, layer['path'], logger):
+ if layer['type'] not in (LayerType.CORE, ) and check_bblayers(bblayersconf, layer['path'], logger):
logger.info("%s already in %s. To capture initial signatures, layer under test should not present "
"in BBLAYERS. Please remove %s from BBLAYERS." % (layer['name'], bblayersconf, layer['name']))
results[layer['name']] = None
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 19/19] efibootmgr: update compilation with musl
2022-12-18 16:12 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (17 preceding siblings ...)
2022-12-18 16:13 ` [OE-core][kirkstone 18/19] yocto-check-layer: Allow OE-Core to be tested Steve Sakoman
@ 2022-12-18 16:13 ` Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:13 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
Since the commit 005b6aba89eaf1b79fdd7565dd028fdd9bbfcc7d
(efivar: add musl libc compatibility) efibootmgr compiles with
musl too. Update the variable to take that into account.
Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-bsp/efibootmgr/efibootmgr_17.bb | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
index 11d8b9061d..be6571b3fa 100644
--- a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
+++ b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
@@ -34,6 +34,4 @@ do_install () {
}
CLEANBROKEN = "1"
-# https://github.com/rhboot/efivar/issues/202
-COMPATIBLE_HOST:libc-musl = 'null'
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread