* [OE-core][kirkstone 0/8] Patch review
@ 2022-08-09 21:27 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2022-08-09 21:27 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for the kirkstone 4.0.3 release.
The following changes since commit c33eb7fb1d1e91a005b22b65d221d4b899ec69dc:
openssh: Add openssh-sftp-server to openssh RDEPENDS (2022-08-02 12:32:44 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
lttng-modules: update 2.13.3 -> 2.13.4
Bruce Ashfield (5):
linux-yocto/5.10: update to v5.10.135
linux-yocto/5.15: update to v5.15.58
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
linux-yocto/5.15: update to v5.15.59
linux-yocto/5.15: fix reproducibility issues
He Zhe (1):
lttng-modules: Fix build failure for kernel v5.15.58
Sundeep KOKKONDA (1):
glibc : stable 2.35 branch updates
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
...x-compaction-migratepages-event-name.patch | 37 ----
...oduce-kfree_skb_reason-v5.15.58.v5.1.patch | 53 +++++
...emove-unused-tracepoints-v5.10-v5.15.patch | 44 -----
...g-Append-prev_state-to-tp-args-inste.patch | 59 ------
...vent-allow-same-provider-and-event-n.patch | 48 -----
...g-Don-t-re-read-p-state-when-emittin.patch | 183 ------------------
.../0004-fix-block-remove-genhd.h-v5.18.patch | 45 -----
...emove-REQ_OP_WRITE_SAME-support-v5.1.patch | 79 --------
...ndom-remove-unused-tracepoints-v5.18.patch | 47 -----
...rethook-for-kretprobe-if-possible-v5.patch | 72 -------
...ore-Remove-scsi-scsi_request.h-v5.18.patch | 44 -----
...n-cleanup-the-compaction-trace-event.patch | 106 ----------
...ules_2.13.3.bb => lttng-modules_2.13.4.bb} | 16 +-
20 files changed, 95 insertions(+), 816 deletions(-)
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-random-remove-unused-tracepoints-v5.10-v5.15.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-sched-tracing-Append-prev_state-to-tp-args-inste.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.3.bb => lttng-modules_2.13.4.bb} (60%)
--
2.25.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
0 siblings, 1 reply; 24+ messages in thread
From: Steve Sakoman @ 2022-10-27 2:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Friday.
This should be the final set of patches for the 4.0.5 release.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4380
The following changes since commit 4781fee6aea9512b7cb390b76e6f9f0a86a5bd11:
lttng-modules: Fix crash on powerpc64 (2022-10-17 04:30:43 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (2):
linux-yocto/5.10: update to v5.10.147
linux-yocto/5.10: update to v5.10.149
Steve Sakoman (1):
Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8"
Tim Orling (1):
git: upgrade 2.35.4 -> 2.35.5
Vyacheslav Yurkov (2):
files: overlayfs-etc: refactor preinit template
classes: files: Extend overlayfs-etc class
Yash Shinde (2):
binutils: stable 2.38 branch updates
glibc: stable 2.35 branch updates.
meta/classes/overlayfs-etc.bbclass | 5 +++-
meta/files/overlayfs-etc-preinit.sh.in | 23 ++++++++++++++----
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
.../git/{git_2.35.4.bb => git_2.35.5.bb} | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 ++---
.../linux/linux-yocto-tiny_5.10.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
...-tools_2.13.8.bb => lttng-tools_2.13.4.bb} | 2 +-
9 files changed, 45 insertions(+), 29 deletions(-)
rename meta/recipes-devtools/git/{git_2.35.4.bb => git_2.35.5.bb} (98%)
rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb => lttng-tools_2.13.4.bb} (98%)
--
2.25.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [OE-core][kirkstone 0/8] Patch review
2022-10-27 2:36 Steve Sakoman
@ 2022-10-28 2:07 ` Tim Orling
0 siblings, 0 replies; 24+ messages in thread
From: Tim Orling @ 2022-10-28 2:07 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2531 bytes --]
On Wed, Oct 26, 2022 at 7:36 PM Steve Sakoman <steve@sakoman.com> wrote:
> Please review this set of patches for kirkstone and have comments back by
> end of day Friday.
>
> This should be the final set of patches for the 4.0.5 release.
I am intentionally holding off on a Python 3.10.8 upgrade just to let this
release get out in a stable manner.
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4380
>
> The following changes since commit
> 4781fee6aea9512b7cb390b76e6f9f0a86a5bd11:
>
> lttng-modules: Fix crash on powerpc64 (2022-10-17 04:30:43 -1000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-nut
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>
> Bruce Ashfield (2):
> linux-yocto/5.10: update to v5.10.147
> linux-yocto/5.10: update to v5.10.149
>
> Steve Sakoman (1):
> Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8"
>
> Tim Orling (1):
> git: upgrade 2.35.4 -> 2.35.5
>
> Vyacheslav Yurkov (2):
> files: overlayfs-etc: refactor preinit template
> classes: files: Extend overlayfs-etc class
>
> Yash Shinde (2):
> binutils: stable 2.38 branch updates
> glibc: stable 2.35 branch updates.
>
> meta/classes/overlayfs-etc.bbclass | 5 +++-
> meta/files/overlayfs-etc-preinit.sh.in | 23 ++++++++++++++----
> meta/recipes-core/glibc/glibc-version.inc | 2 +-
> .../binutils/binutils-2.38.inc | 2 +-
> .../git/{git_2.35.4.bb => git_2.35.5.bb} | 2 +-
> .../linux/linux-yocto-rt_5.10.bb | 6 ++---
> .../linux/linux-yocto-tiny_5.10.bb | 8 +++----
> meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
> ...-tools_2.13.8.bb => lttng-tools_2.13.4.bb} | 2 +-
> 9 files changed, 45 insertions(+), 29 deletions(-)
> rename meta/recipes-devtools/git/{git_2.35.4.bb => git_2.35.5.bb} (98%)
> rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb =>
> lttng-tools_2.13.4.bb} (98%)
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#172179):
> https://lists.openembedded.org/g/openembedded-core/message/172179
> Mute This Topic: https://lists.openembedded.org/mt/94596838/924729
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ticotimo@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 5084 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-04-22 15:54 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-04-22 15:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209
The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304:
package.bbclass: correct check for /build in copydebugsources() (2023-04-14 07:19:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
ruby: CVE-2023-28756 ReDoS vulnerability in Time
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41722
Siddharth Doshi (1):
curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Sundeep KOKKONDA (1):
cargo : non vulnerable cve-2022-46176 added to excluded list
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
Xiangyu Chen (1):
shadow: backport patch to fix CVE-2023-29383
.../distro/include/cve-extra-exclusions.inc | 5 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +
.../go/go-1.18/CVE-2022-41722.patch | 103 +++++++++
.../go/go-1.18/CVE-2023-24537.patch | 75 +++++++
.../ruby/ruby/CVE-2023-28756.patch | 73 +++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../screen/screen/CVE-2023-24626.patch | 40 ++++
meta/recipes-extended/screen/screen_4.9.0.bb | 1 +
.../files/0001-Overhaul-valid_field.patch | 65 ++++++
.../shadow/files/CVE-2023-29383.patch | 53 +++++
meta/recipes-extended/shadow/shadow.inc | 2 +
.../curl/curl/CVE-2023-27535-pre1.patch | 196 ++++++++++++++++++
.../CVE-2023-27535_and_CVE-2023-27538.patch | 170 +++++++++++++++
.../curl/curl/CVE-2023-27536.patch | 52 +++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
15 files changed, 844 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-07-24 2:33 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5638
The following changes since commit d877d5f07772ec4a05332068ddc03cf387313036:
cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK (2023-07-17 04:45:01 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
ghostscript: fix CVE-2023-36664
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.119
linux-yocto/5.15: update to v5.15.120
Richard Purdie (1):
gcc-testsuite: Fix ppc cpu specification
Ross Burton (2):
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
Vijay Anusuri (1):
qemu: backport Debian patch to fix CVE-2023-0330
Xiangyu Chen (1):
package.bbclass: moving field data process before variable process in
process_pkgconfig
meta/classes/package.bbclass | 12 +-
meta/conf/machine/include/arm/arch-arm64.inc | 5 +
.../gcc/gcc-configure-common.inc | 1 -
meta/recipes-devtools/gcc/gcc-testsuite.inc | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-0330.patch | 75 +++++++++
.../ghostscript/CVE-2023-36664-0001.patch | 146 ++++++++++++++++++
.../ghostscript/CVE-2023-36664-0002.patch | 60 +++++++
.../ghostscript/ghostscript_9.55.0.bb | 2 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 ++--
12 files changed, 317 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-08-27 20:52 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-08-27 20:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, August 29.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5789
The following changes since commit ea920e3c8075f3a1b79039341f8c889f6197a07f:
glibc-locale: use stricter matching for metapackages' runtime dependencies (2023-08-22 07:07:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Narpat Mali (2):
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
python3-git: upgrade 3.1.27 -> 3.1.32
Ross Burton (3):
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux/cve-exclusion: add generated CVE_CHECK_IGNORES.
linux/cve-exclusion: remove obsolete manual entries
Siddharth (1):
Qemu: Resolve undefined reference issue in CVE-2023-2861
Soumya Sambu (1):
go: Fix CVE-2023-29409
Yogita Urade (1):
nghttp2: fix CVE-2023-35945
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.19/CVE-2023-29409.patch | 175 +
...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 -
...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 --
...n3-git_3.1.27.bb => python3-git_3.1.32.bb} | 6 +-
.../qemu/qemu/CVE-2023-2861.patch | 66 +-
meta/recipes-kernel/linux/cve-exclusion.inc | 869 --
.../linux/cve-exclusion_5.15.inc | 7193 +++++++++++++++++
.../linux/generate-cve-exclusions.py | 101 +
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 1 +
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 6 +
.../nghttp2/nghttp2/CVE-2023-35945.patch | 151 +
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 1 +
13 files changed, 7667 insertions(+), 1488 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-29409.patch
delete mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
delete mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
rename meta/recipes-devtools/python/{python3-git_3.1.27.bb => python3-git_3.1.32.bb} (80%)
create mode 100644 meta/recipes-kernel/linux/cve-exclusion_5.15.inc
create mode 100755 meta/recipes-kernel/linux/generate-cve-exclusions.py
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-35945.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-09-13 14:30 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896 Steve Sakoman
` (7 more replies)
0 siblings, 8 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 15.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5876
The following changes since commit 47a1dd7f389e3cf4ac2dc5fc21dccc870aafab4a:
sysklogd: fix integration with systemd-journald (2023-09-05 13:34:12 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Meenali Gupta (1):
flac: fix CVE-2020-22219
Michael Halstead (1):
yocto-uninative: Update to 4.3
Narpat Mali (1):
python3-pygments: Fix CVE-2022-40896
Siddharth Doshi (1):
gdb: Fix CVE-2023-39128
Soumya Sambu (1):
libxml2: Fix CVE-2023-39615
Yogita Urade (3):
dropbear: fix CVE-2023-36328
qemu: fix CVE-2021-3638
webkitgtk: fix CVE-2022-48503
meta/conf/distro/include/yocto-uninative.inc | 8 +-
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2023-36328.patch | 144 +++++++++++
.../libxml/libxml2/CVE-2023-39615-0001.patch | 37 +++
.../libxml/libxml2/CVE-2023-39615-0002.patch | 72 ++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
meta/recipes-devtools/gdb/gdb.inc | 1 +
.../gdb/gdb/0011-CVE-2023-39128.patch | 75 ++++++
.../python3-pygments/CVE-2022-40896.patch | 124 ++++++++++
.../python/python3-pygments_2.11.2.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3638.patch | 88 +++++++
.../flac/files/CVE-2020-22219.patch | 197 +++++++++++++++
meta/recipes-multimedia/flac/flac_1.3.4.bb | 1 +
.../webkit/webkitgtk/CVE-2022-48503.patch | 225 ++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
16 files changed, 975 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
create mode 100644 meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 2/8] dropbear: fix CVE-2023-36328 Steve Sakoman
` (6 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.mali@windriver.com>
CVE-2022-40896:
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.
The CVE issue is fixed by 3 different commits between the releases 2.14.0
(for Smithy lexer), 2.15.0 (for SQL+Jinja lexers) and 2.15.1 (for Java
properties) as per: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
1. Smithy lexer commit from 2.14.0 release applies successfully on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
Hence, backported the patch as CVE-2022-40896.patch.
2. SQL+Jinja lexers commit from 2.15.0 release doesn't apply on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
Actually, this code doesn't exist in 2.11.2 version and it has been introduce by
python3-pygments 2.13.0 version. Hence, this is not vulnerable for 2.11.2 version.
SQL+Jinja lexers is introduced by: https://github.com/pygments/pygments/commit/0bdbd5992baca32d18e01f0ec65337e06abf9456
3. Java properties commit from 2.15.1 release also doesn't apply on 2.11.2 version.
Commit: https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
Actually, this code also doesn't exist in 2.11.2 version as the code has been modified
in python3-pygments 2.14.0 by: https://github.com/pygments/pygments/commit/a38cb38e93c9635240b3ae89d78d38cf182745da
Hence, this is also not vulnerable for 2.11.2 version.
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python3-pygments/CVE-2022-40896.patch | 124 ++++++++++++++++++
.../python/python3-pygments_2.11.2.bb | 2 +
2 files changed, 126 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
diff --git a/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
new file mode 100644
index 0000000000..9848072a94
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
@@ -0,0 +1,124 @@
+From ed61747f328ff6aa343881b269600308ab8eac93 Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Wed, 6 Sep 2023 10:32:38 +0000
+Subject: [PATCH] Improve the Smithy metadata matcher.
+
+Previously, metadata foo bar baz = 23 was accepted, but according to
+the definition https://smithy.io/2.0/spec/idl.html#grammar-token-smithy-MetadataSection
+it should be "metadata"<whitespace>Identifier/String<optional whitespace>.
+
+CVE: CVE-2022-40896
+
+Upstream-Status: Backport [https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ pygments/lexers/smithy.py | 5 +-
+ tests/examplefiles/smithy/test.smithy | 12 +++++
+ tests/examplefiles/smithy/test.smithy.output | 52 ++++++++++++++++++++
+ 3 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/pygments/lexers/smithy.py b/pygments/lexers/smithy.py
+index 0f0a912..c5e25cd 100644
+--- a/pygments/lexers/smithy.py
++++ b/pygments/lexers/smithy.py
+@@ -58,8 +58,9 @@ class SmithyLexer(RegexLexer):
+ (words(aggregate_shapes,
+ prefix=r'^', suffix=r'(\s+' + identifier + r')'),
+ bygroups(Keyword.Declaration, Name.Class)),
+- (r'^(metadata)(\s+.+)(\s*)(=)',
+- bygroups(Keyword.Declaration, Name.Class, Whitespace, Name.Decorator)),
++ (r'^(metadata)(\s+)((?:\S+)|(?:\"[^"]+\"))(\s*)(=)',
++ bygroups(Keyword.Declaration, Whitespace, Name.Class,
++ Whitespace, Name.Decorator)),
+ (r"(true|false|null)", Keyword.Constant),
+ (r"(-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?)", Number),
+ (identifier + ":", Name.Label),
+diff --git a/tests/examplefiles/smithy/test.smithy b/tests/examplefiles/smithy/test.smithy
+index 3d20f06..9317fee 100644
+--- a/tests/examplefiles/smithy/test.smithy
++++ b/tests/examplefiles/smithy/test.smithy
+@@ -2,6 +2,18 @@ $version: "1.0"
+
+ namespace test
+
++metadata "foo" = ["bar", "baz"]
++metadata validators = [
++ {
++ name: "ValidatorName"
++ id: "ValidatorId"
++ message: "Some string"
++ configuration: {
++ selector: "operation"
++ }
++ }
++]
++
+ /// Define how an HTTP request is serialized given a specific protocol,
+ /// authentication scheme, and set of input parameters.
+ @trait(selector: "operation")
+diff --git a/tests/examplefiles/smithy/test.smithy.output b/tests/examplefiles/smithy/test.smithy.output
+index 1f22489..db44a38 100644
+--- a/tests/examplefiles/smithy/test.smithy.output
++++ b/tests/examplefiles/smithy/test.smithy.output
+@@ -7,6 +7,58 @@
+ ' test' Name.Class
+ '\n\n' Text.Whitespace
+
++'metadata' Keyword.Declaration
++' ' Text.Whitespace
++'"foo"' Name.Class
++' ' Text.Whitespace
++'=' Name.Decorator
++' ' Text.Whitespace
++'[' Text
++'"bar"' Literal.String.Double
++',' Punctuation
++' ' Text.Whitespace
++'"baz"' Literal.String.Double
++']' Text
++'\n' Text.Whitespace
++
++'metadata' Keyword.Declaration
++' ' Text.Whitespace
++'validators' Name.Class
++' ' Text.Whitespace
++'=' Name.Decorator
++' ' Text.Whitespace
++'[' Text
++'\n ' Text.Whitespace
++'{' Text
++'\n ' Text.Whitespace
++'name:' Name.Label
++' ' Text.Whitespace
++'"ValidatorName"' Literal.String.Double
++'\n ' Text.Whitespace
++'id:' Name.Label
++' ' Text.Whitespace
++'"ValidatorId"' Literal.String.Double
++'\n ' Text.Whitespace
++'message:' Name.Label
++' ' Text.Whitespace
++'"Some string"' Literal.String.Double
++'\n ' Text.Whitespace
++'configuration:' Name.Label
++' ' Text.Whitespace
++'{' Text
++'\n ' Text.Whitespace
++'selector:' Name.Label
++' ' Text.Whitespace
++'"operation"' Literal.String.Double
++'\n ' Text.Whitespace
++'}' Text
++'\n ' Text.Whitespace
++'}' Text
++'\n' Text.Whitespace
++
++']' Text
++'\n\n' Text.Whitespace
++
+ '/// Define how an HTTP request is serialized given a specific protocol,' Comment.Multiline
+ '\n' Text.Whitespace
+
+--
+2.40.0
diff --git a/meta/recipes-devtools/python/python3-pygments_2.11.2.bb b/meta/recipes-devtools/python/python3-pygments_2.11.2.bb
index 35d288c89e..6e787f23d2 100644
--- a/meta/recipes-devtools/python/python3-pygments_2.11.2.bb
+++ b/meta/recipes-devtools/python/python3-pygments_2.11.2.bb
@@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=98419e351433ac106a24e3ad435930bc"
inherit setuptools3
SRC_URI[sha256sum] = "4e426f72023d88d03b2fa258de560726ce890ff3b630f88c21cbb8b2503b8c6a"
+SRC_URI += "file://CVE-2022-40896.patch"
+
DEPENDS += "\
${PYTHON_PN} \
"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 2/8] dropbear: fix CVE-2023-36328
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 3/8] qemu: fix CVE-2021-3638 Steve Sakoman
` (5 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2023-36328.patch | 144 ++++++++++++++++++
2 files changed, 145 insertions(+)
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index f3f085b616..e61930f7db 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -29,6 +29,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
file://CVE-2021-36369.patch \
+ file://CVE-2023-36328.patch \
"
PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
new file mode 100644
index 0000000000..4d8c40f70b
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
@@ -0,0 +1,144 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden <czurnieden@gmx.de>
+Date: Wed, 6 Sep 2023 10:48:58 +0000
+Subject: [PATCH] Fix possible integer overflow
+
+CVE: CVE-2023-36328
+
+Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ libtommath/bn_mp_2expt.c | 4 ++++
+ libtommath/bn_mp_grow.c | 4 ++++
+ libtommath/bn_mp_init_size.c | 5 +++++
+ libtommath/bn_mp_mul_2d.c | 4 ++++
+ libtommath/bn_s_mp_mul_digs.c | 4 ++++
+ libtommath/bn_s_mp_mul_digs_fast.c | 4 ++++
+ libtommath/bn_s_mp_mul_high_digs.c | 4 ++++
+ libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++
+ 8 files changed, 33 insertions(+)
+
+diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
+index 0ae3df1..7d4d884 100644
+--- a/libtommath/bn_mp_2expt.c
++++ b/libtommath/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+ mp_err err;
+
++ if (b < 0) {
++ return MP_VAL;
++ }
++
+ /* zero a as per default */
+ mp_zero(a);
+
+diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
+index 9e904c5..e7b186c 100644
+--- a/libtommath/bn_mp_grow.c
++++ b/libtommath/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+ int i;
+ mp_digit *tmp;
+
++ if (size < 0) {
++ return MP_VAL;
++ }
++
+ /* if the alloc size is smaller alloc more ram */
+ if (a->alloc < size) {
+ /* reallocate the array a->dp
+diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
+index d622687..5fefa96 100644
+--- a/libtommath/bn_mp_init_size.c
++++ b/libtommath/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++ if (size < 0) {
++ return MP_VAL;
++ }
++
+ size = MP_MAX(MP_MIN_PREC, size);
+
+ /* alloc mem */
+diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
+index 87354de..2744163 100644
+--- a/libtommath/bn_mp_mul_2d.c
++++ b/libtommath/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
+ mp_digit d;
+ mp_err err;
+
++ if (b < 0) {
++ return MP_VAL;
++ }
++
+ /* copy */
+ if (a != c) {
+ if ((err = mp_copy(a, c)) != MP_OKAY) {
+diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
+index 64509d4..2d2f5b0 100644
+--- a/libtommath/bn_s_mp_mul_digs.c
++++ b/libtommath/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+ mp_word r;
+ mp_digit tmpx, *tmpt, *tmpy;
+
++ if (digs < 0) {
++ return MP_VAL;
++ }
++
+ /* can we use the fast multiplier? */
+ if ((digs < MP_WARRAY) &&
+ (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c
+index b2a287b..d6dd3cc 100644
+--- a/libtommath/bn_s_mp_mul_digs_fast.c
++++ b/libtommath/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+ mp_digit W[MP_WARRAY];
+ mp_word _W;
+
++ if (digs < 0) {
++ return MP_VAL;
++ }
++
+ /* grow the destination as required */
+ if (c->alloc < digs) {
+ if ((err = mp_grow(c, digs)) != MP_OKAY) {
+diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c
+index 2bb2a50..c9dd355 100644
+--- a/libtommath/bn_s_mp_mul_high_digs.c
++++ b/libtommath/bn_s_mp_mul_high_digs.c
+@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+ mp_word r;
+ mp_digit tmpx, *tmpt, *tmpy;
+
++ if (digs < 0) {
++ return MP_VAL;
++ }
++
+ /* can we use the fast multiplier? */
+ if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
+ && ((a->used + b->used + 1) < MP_WARRAY)
+diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c
+index a2c4fb6..4ce7f59 100644
+--- a/libtommath/bn_s_mp_mul_high_digs_fast.c
++++ b/libtommath/bn_s_mp_mul_high_digs_fast.c
+@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
+ mp_digit W[MP_WARRAY];
+ mp_word _W;
+
++ if (digs < 0) {
++ return MP_VAL;
++ }
++
+ /* grow the destination as required */
+ pa = a->used + b->used;
+ if (c->alloc < pa) {
+--
+2.35.5
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 3/8] qemu: fix CVE-2021-3638
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 2/8] dropbear: fix CVE-2023-36328 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 4/8] libxml2: Fix CVE-2023-39615 Steve Sakoman
` (4 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
QEMU: ati-vga: inconsistent check in ati_2d_blt() may lead to
out-of-bounds write.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-3638
https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3638.patch | 88 +++++++++++++++++++
2 files changed, 89 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index d77c376bb6..5526eacb96 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -100,6 +100,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-14394.patch \
file://CVE-2023-3354.patch \
file://CVE-2023-3180.patch \
+ file://CVE-2021-3638.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
new file mode 100644
index 0000000000..3cbb34c54c
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
@@ -0,0 +1,88 @@
+From 205ccfd7a5ec86bd9a5678b8bd157562fc9a1643 Mon Sep 17 00:00:00 2001
+From: Philippe Mathieu-Daudé <philmd@redhat.com>
+Date: Thu, 10 Aug 2023 07:30:54 +0000
+Subject: [PATCH] hw/display/ati_2d: Fix buffer overflow in ati_2d_blt
+ (CVE-2021-3638) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When building QEMU with DEBUG_ATI defined then running with
+'-device ati-vga,romfile="" -d unimp,guest_errors -trace ati\*'
+we get:
+
+ ati_mm_write 4 0x16c0 DP_CNTL <- 0x1
+ ati_mm_write 4 0x146c DP_GUI_MASTER_CNTL <- 0x2
+ ati_mm_write 4 0x16c8 DP_MIX <- 0xff0000
+ ati_mm_write 4 0x16c4 DP_DATATYPE <- 0x2
+ ati_mm_write 4 0x224 CRTC_OFFSET <- 0x0
+ ati_mm_write 4 0x142c DST_PITCH_OFFSET <- 0xfe00000
+ ati_mm_write 4 0x1420 DST_Y <- 0x3fff
+ ati_mm_write 4 0x1410 DST_HEIGHT <- 0x3fff
+ ati_mm_write 4 0x1588 DST_WIDTH_X <- 0x3fff3fff
+ ati_2d_blt: vram:0x7fff5fa00000 addr:0 ds:0x7fff61273800 stride:2560 bpp:32 rop:0xff
+ ati_2d_blt: 0 0 0, 0 127 0, (0,0) -> (16383,16383) 16383x16383 > ^
+ ati_2d_blt: pixman_fill(dst:0x7fff5fa00000, stride:254, bpp:8, x:16383, y:16383, w:16383, h:16383, xor:0xff000000)
+ Thread 3 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
+ (gdb) bt
+ #0 0x00007ffff7f62ce0 in sse2_fill.lto_priv () at /lib64/libpixman-1.so.0
+ #1 0x00007ffff7f09278 in pixman_fill () at /lib64/libpixman-1.so.0
+ #2 0x0000555557b5a9af in ati_2d_blt (s=0x631000028800) at hw/display/ati_2d.c:196
+ #3 0x0000555557b4b5a2 in ati_mm_write (opaque=0x631000028800, addr=5512, data=1073692671, size=4) at hw/display/ati.c:843
+ #4 0x0000555558b90ec4 in memory_region_write_accessor (mr=0x631000039cc0, addr=5512, ..., size=4, ...) at softmmu/memory.c:492
+
+Commit 584acf34cb0 ("ati-vga: Fix reverse bit blts") introduced
+the local dst_x and dst_y which adjust the (x, y) coordinates
+depending on the direction in the SRCCOPY ROP3 operation, but
+forgot to address the same issue for the PATCOPY, BLACKNESS and
+WHITENESS operations, which also call pixman_fill().
+
+Fix that now by using the adjusted coordinates in the pixman_fill
+call, and update the related debug printf().
+
+Reported-by: Qiang Liu <qiangliu@zju.edu.cn>
+Fixes: 584acf34cb0 ("ati-vga: Fix reverse bit blts")
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Message-Id: <20210906153103.1661195-1-philmd@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+CVE: CVE-2021-3638
+
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ hw/display/ati_2d.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
+index 4dc10ea79..692bec91d 100644
+--- a/hw/display/ati_2d.c
++++ b/hw/display/ati_2d.c
+@@ -84,7 +84,7 @@ void ati_2d_blt(ATIVGAState *s)
+ DPRINTF("%d %d %d, %d %d %d, (%d,%d) -> (%d,%d) %dx%d %c %c\n",
+ s->regs.src_offset, s->regs.dst_offset, s->regs.default_offset,
+ s->regs.src_pitch, s->regs.dst_pitch, s->regs.default_pitch,
+- s->regs.src_x, s->regs.src_y, s->regs.dst_x, s->regs.dst_y,
++ s->regs.src_x, s->regs.src_y, dst_x, dst_y,
+ s->regs.dst_width, s->regs.dst_height,
+ (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? '>' : '<'),
+ (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? 'v' : '^'));
+@@ -180,11 +180,11 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_stride /= sizeof(uint32_t);
+ DPRINTF("pixman_fill(%p, %d, %d, %d, %d, %d, %d, %x)\n",
+ dst_bits, dst_stride, bpp,
+- s->regs.dst_x, s->regs.dst_y,
++ dst_x, dst_y,
+ s->regs.dst_width, s->regs.dst_height,
+ filler);
+ pixman_fill((uint32_t *)dst_bits, dst_stride, bpp,
+- s->regs.dst_x, s->regs.dst_y,
++ dst_x, dst_y,
+ s->regs.dst_width, s->regs.dst_height,
+ filler);
+ if (dst_bits >= s->vga.vram_ptr + s->vga.vbe_start_addr &&
+--
+2.40.0
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 4/8] libxml2: Fix CVE-2023-39615
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-09-13 14:30 ` [OE-core][kirkstone 3/8] qemu: fix CVE-2021-3638 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 5/8] flac: fix CVE-2020-22219 Steve Sakoman
` (3 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Soumya Sambu <soumya.sambu@windriver.com>
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via
the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability
allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML
file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39615
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/libxml2/CVE-2023-39615-0001.patch | 37 ++++++++++
.../libxml/libxml2/CVE-2023-39615-0002.patch | 72 +++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
3 files changed, 111 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
new file mode 100644
index 0000000000..3506779c4c
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
@@ -0,0 +1,37 @@
+From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat May 6 17:47:37 2023 +0200
+Subject: [PATCH 1/2] parser: Fix old SAX1 parser with custom callbacks
+
+For some reason, xmlCtxtUseOptionsInternal set the start and end element
+SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1
+was specified. This means that custom SAX handlers could never work with
+that flag because these functions would receive the wrong user data
+argument and crash immediately.
+
+Fixes #535.
+
+CVE: CVE-2023-39615
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ parser.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 0f76577..b781c80 100644
+--- a/parser.c
++++ b/parser.c
+@@ -15069,8 +15069,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
+ }
+ #ifdef LIBXML_SAX1_ENABLED
+ if (options & XML_PARSE_SAX1) {
+- ctxt->sax->startElement = xmlSAX2StartElement;
+- ctxt->sax->endElement = xmlSAX2EndElement;
+ ctxt->sax->startElementNs = NULL;
+ ctxt->sax->endElementNs = NULL;
+ ctxt->sax->initialized = 1;
+--
+2.40.0
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
new file mode 100644
index 0000000000..d922ddc730
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
@@ -0,0 +1,72 @@
+From 235b15a590eecf97b09e87bdb7e4f8333e9de129 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon May 8 17:58:02 2023 +0200
+Subject: [PATCH 2/2] SAX: Always initialize SAX1 element handlers
+
+Follow-up to commit d0c3f01e. A parser context will be initialized to
+SAX version 2, but this can be overridden with XML_PARSE_SAX1 later,
+so we must initialize the SAX1 element handlers as well.
+
+Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so
+we don't switch to SAX1 if the SAX2 element handlers are NULL.
+
+CVE: CVE-2023-39615
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ SAX2.c | 11 +++++++----
+ parser.c | 5 +----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SAX2.c b/SAX2.c
+index 0319246..f7c77c2 100644
+--- a/SAX2.c
++++ b/SAX2.c
+@@ -2842,20 +2842,23 @@ xmlSAXVersion(xmlSAXHandler *hdlr, int version)
+ {
+ if (hdlr == NULL) return(-1);
+ if (version == 2) {
+- hdlr->startElement = NULL;
+- hdlr->endElement = NULL;
+ hdlr->startElementNs = xmlSAX2StartElementNs;
+ hdlr->endElementNs = xmlSAX2EndElementNs;
+ hdlr->serror = NULL;
+ hdlr->initialized = XML_SAX2_MAGIC;
+ #ifdef LIBXML_SAX1_ENABLED
+ } else if (version == 1) {
+- hdlr->startElement = xmlSAX2StartElement;
+- hdlr->endElement = xmlSAX2EndElement;
+ hdlr->initialized = 1;
+ #endif /* LIBXML_SAX1_ENABLED */
+ } else
+ return(-1);
++#ifdef LIBXML_SAX1_ENABLED
++ hdlr->startElement = xmlSAX2StartElement;
++ hdlr->endElement = xmlSAX2EndElement;
++#else
++ hdlr->startElement = NULL;
++ hdlr->endElement = NULL;
++#endif /* LIBXML_SAX1_ENABLED */
+ hdlr->internalSubset = xmlSAX2InternalSubset;
+ hdlr->externalSubset = xmlSAX2ExternalSubset;
+ hdlr->isStandalone = xmlSAX2IsStandalone;
+diff --git a/parser.c b/parser.c
+index b781c80..738dbee 100644
+--- a/parser.c
++++ b/parser.c
+@@ -1109,10 +1109,7 @@ xmlDetectSAX2(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL) return;
+ sax = ctxt->sax;
+ #ifdef LIBXML_SAX1_ENABLED
+- if ((sax) && (sax->initialized == XML_SAX2_MAGIC) &&
+- ((sax->startElementNs != NULL) ||
+- (sax->endElementNs != NULL) ||
+- ((sax->startElement == NULL) && (sax->endElement == NULL))))
++ if ((sax) && (sax->initialized == XML_SAX2_MAGIC))
+ ctxt->sax2 = 1;
+ #else
+ ctxt->sax2 = 1;
+--
+2.40.0
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 9241b279e4..437bccf4ed 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -27,6 +27,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
file://CVE-2022-40304.patch \
file://CVE-2023-28484.patch \
file://CVE-2023-29469.patch \
+ file://CVE-2023-39615-0001.patch \
+ file://CVE-2023-39615-0002.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 5/8] flac: fix CVE-2020-22219
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-09-13 14:30 ` [OE-core][kirkstone 4/8] libxml2: Fix CVE-2023-39615 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 6/8] webkitgtk: fix CVE-2022-48503 Steve Sakoman
` (2 subsequent siblings)
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Meenali Gupta <meenali.gupta@windriver.com>
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../flac/files/CVE-2020-22219.patch | 197 ++++++++++++++++++
meta/recipes-multimedia/flac/flac_1.3.4.bb | 1 +
2 files changed, 198 insertions(+)
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
diff --git a/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
new file mode 100644
index 0000000000..e042872dc0
--- /dev/null
+++ b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
@@ -0,0 +1,197 @@
+From 579ff6922089cbbbd179619e40e622e279bd719f Mon Sep 17 00:00:00 2001
+From: Martijn van Beurden <mvanb1@gmail.com>
+Date: Wed, 3 Aug 2022 13:52:19 +0200
+Subject: [PATCH] flac: Add and use _nofree variants of safe_realloc functions
+
+Parts of the code use realloc like
+
+x = safe_realloc(x, somesize);
+
+when this is the case, the safe_realloc variant used must free the
+old memory block in case it fails, otherwise it will leak. However,
+there are also instances in the code where handling is different:
+
+if (0 == (x = safe_realloc(y, somesize)))
+ return false
+
+in this case, y should not be freed, as y is not set to NULL we
+could encounter double frees. Here the safe_realloc_nofree
+functions are used.
+
+Upstream-Status: Backport [https://github.com/xiph/flac/commit/21fe95ee828b0b9b944f6aa0bb02d24fbb981815]
+CVE: CVE-2020-22219
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ include/share/alloc.h | 41 +++++++++++++++++++++++++++++++----
+ src/flac/encode.c | 4 ++--
+ src/flac/foreign_metadata.c | 2 +-
+ src/libFLAC/bitwriter.c | 2 +-
+ src/libFLAC/metadata_object.c | 2 +-
+ src/plugin_common/tags.c | 2 +-
+ src/share/utf8/iconvert.c | 2 +-
+ 7 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/share/alloc.h b/include/share/alloc.h
+index 914de9b..55bdd1d 100644
+--- a/include/share/alloc.h
++++ b/include/share/alloc.h
+@@ -161,17 +161,30 @@ static inline void *safe_realloc_(void *ptr, size_t size)
+ free(oldptr);
+ return newptr;
+ }
+-static inline void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t size2)
++static inline void *safe_realloc_nofree_add_2op_(void *ptr, size_t size1, size_t size2)
++{
++ size2 += size1;
++ if(size2 < size1)
++ return 0;
++ return realloc(ptr, size2);
++}
++
++static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
+ {
+ size2 += size1;
+ if(size2 < size1) {
+ free(ptr);
+ return 0;
+ }
+- return realloc(ptr, size2);
++ size3 += size2;
++ if(size3 < size2) {
++ free(ptr);
++ return 0;
++ }
++ return safe_realloc_(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
++static inline void *safe_realloc_nofree_add_3op_(void *ptr, size_t size1, size_t size2, size_t size3)
+ {
+ size2 += size1;
+ if(size2 < size1)
+@@ -182,7 +195,7 @@ static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t size2,
+ return realloc(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t size2, size_t size3, size_t size4)
++static inline void *safe_realloc_nofree_add_4op_(void *ptr, size_t size1, size_t size2, size_t size3, size_t size4)
+ {
+ size2 += size1;
+ if(size2 < size1)
+@@ -205,6 +218,15 @@ static inline void *safe_realloc_mul_2op_(void *ptr, size_t size1, size_t size2)
+ return safe_realloc_(ptr, size1*size2);
+ }
+
++static inline void *safe_realloc_nofree_mul_2op_(void *ptr, size_t size1, size_t size2)
++{
++ if(!size1 || !size2)
++ return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */
++ if(size1 > SIZE_MAX / size2)
++ return 0;
++ return realloc(ptr, size1*size2);
++}
++
+ /* size1 * (size2 + size3) */
+ static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t size2, size_t size3)
+ {
+@@ -216,4 +238,15 @@ static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t size2,
+ return safe_realloc_mul_2op_(ptr, size1, size2);
+ }
+
++/* size1 * (size2 + size3) */
++static inline void *safe_realloc_nofree_muladd2_(void *ptr, size_t size1, size_t size2, size_t size3)
++{
++ if(!size1 || (!size2 && !size3))
++ return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */
++ size2 += size3;
++ if(size2 < size3)
++ return 0;
++ return safe_realloc_nofree_mul_2op_(ptr, size1, size2);
++}
++
+ #endif
+diff --git a/src/flac/encode.c b/src/flac/encode.c
+index a9b907f..f87250c 100644
+--- a/src/flac/encode.c
++++ b/src/flac/encode.c
+@@ -1743,10 +1743,10 @@ static void static_metadata_clear(static_metadata_t *m)
+ static FLAC__bool static_metadata_append(static_metadata_t *m, FLAC__StreamMetadata *d, FLAC__bool needs_delete)
+ {
+ void *x;
+- if(0 == (x = safe_realloc_muladd2_(m->metadata, sizeof(*m->metadata), /*times (*/m->num_metadata, /*+*/1/*)*/)))
++ if(0 == (x = safe_realloc_nofree_muladd2_(m->metadata, sizeof(*m->metadata), /*times (*/m->num_metadata, /*+*/1/*)*/)))
+ return false;
+ m->metadata = (FLAC__StreamMetadata**)x;
+- if(0 == (x = safe_realloc_muladd2_(m->needs_delete, sizeof(*m->needs_delete), /*times (*/m->num_metadata, /*+*/1/*)*/)))
++ if(0 == (x = safe_realloc_nofree_muladd2_(m->needs_delete, sizeof(*m->needs_delete), /*times (*/m->num_metadata, /*+*/1/*)*/)))
+ return false;
+ m->needs_delete = (FLAC__bool*)x;
+ m->metadata[m->num_metadata] = d;
+diff --git a/src/flac/foreign_metadata.c b/src/flac/foreign_metadata.c
+index 9ad9c18..fdfb3cf 100644
+--- a/src/flac/foreign_metadata.c
++++ b/src/flac/foreign_metadata.c
+@@ -75,7 +75,7 @@ static FLAC__bool copy_data_(FILE *fin, FILE *fout, size_t size, const char **er
+
+ static FLAC__bool append_block_(foreign_metadata_t *fm, FLAC__off_t offset, FLAC__uint32 size, const char **error)
+ {
+- foreign_block_t *fb = safe_realloc_muladd2_(fm->blocks, sizeof(foreign_block_t), /*times (*/fm->num_blocks, /*+*/1/*)*/);
++ foreign_block_t *fb = safe_realloc_nofree_muladd2_(fm->blocks, sizeof(foreign_block_t), /*times (*/fm->num_blocks, /*+*/1/*)*/);
+ if(fb) {
+ fb[fm->num_blocks].offset = offset;
+ fb[fm->num_blocks].size = size;
+diff --git a/src/libFLAC/bitwriter.c b/src/libFLAC/bitwriter.c
+index 6e86585..a510b0d 100644
+--- a/src/libFLAC/bitwriter.c
++++ b/src/libFLAC/bitwriter.c
+@@ -124,7 +124,7 @@ FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, uint32_t bits_to_add)
+ FLAC__ASSERT(new_capacity > bw->capacity);
+ FLAC__ASSERT(new_capacity >= bw->words + ((bw->bits + bits_to_add + FLAC__BITS_PER_WORD - 1) / FLAC__BITS_PER_WORD));
+
+- new_buffer = safe_realloc_mul_2op_(bw->buffer, sizeof(bwword), /*times*/new_capacity);
++ new_buffer = safe_realloc_nofree_mul_2op_(bw->buffer, sizeof(bwword), /*times*/new_capacity);
+ if(new_buffer == 0)
+ return false;
+ bw->buffer = new_buffer;
+diff --git a/src/libFLAC/metadata_object.c b/src/libFLAC/metadata_object.c
+index de8e513..aef65be 100644
+--- a/src/libFLAC/metadata_object.c
++++ b/src/libFLAC/metadata_object.c
+@@ -98,7 +98,7 @@ static FLAC__bool free_copy_bytes_(FLAC__byte **to, const FLAC__byte *from, uint
+ /* realloc() failure leaves entry unchanged */
+ static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, uint32_t length)
+ {
+- FLAC__byte *x = safe_realloc_add_2op_(*entry, length, /*+*/1);
++ FLAC__byte *x = safe_realloc_nofree_add_2op_(*entry, length, /*+*/1);
+ if (x != NULL) {
+ x[length] = '\0';
+ *entry = x;
+diff --git a/src/plugin_common/tags.c b/src/plugin_common/tags.c
+index ae440c5..dfa10d3 100644
+--- a/src/plugin_common/tags.c
++++ b/src/plugin_common/tags.c
+@@ -317,7 +317,7 @@ FLAC__bool FLAC_plugin__tags_add_tag_utf8(FLAC__StreamMetadata *tags, const char
+ const size_t value_len = strlen(value);
+ const size_t separator_len = strlen(separator);
+ FLAC__byte *new_entry;
+- if(0 == (new_entry = safe_realloc_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
++ if(0 == (new_entry = safe_realloc_nofree_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
+ return false;
+ memcpy(new_entry+entry->length, separator, separator_len);
+ entry->length += separator_len;
+diff --git a/src/share/utf8/iconvert.c b/src/share/utf8/iconvert.c
+index 8ab53c1..876c06e 100644
+--- a/src/share/utf8/iconvert.c
++++ b/src/share/utf8/iconvert.c
+@@ -149,7 +149,7 @@ int iconvert(const char *fromcode, const char *tocode,
+ iconv_close(cd1);
+ return ret;
+ }
+- newbuf = safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
++ newbuf = safe_realloc_nofree_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
+ if (!newbuf)
+ goto fail;
+ ob = (ob - utfbuf) + newbuf;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/flac/flac_1.3.4.bb b/meta/recipes-multimedia/flac/flac_1.3.4.bb
index 012da0a0a0..1a44718bba 100644
--- a/meta/recipes-multimedia/flac/flac_1.3.4.bb
+++ b/meta/recipes-multimedia/flac/flac_1.3.4.bb
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
DEPENDS = "libogg"
SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
+ file://CVE-2020-22219.patch \
"
SRC_URI[sha256sum] = "8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 6/8] webkitgtk: fix CVE-2022-48503
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-09-13 14:30 ` [OE-core][kirkstone 5/8] flac: fix CVE-2020-22219 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 7/8] gdb: Fix CVE-2023-39128 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 8/8] yocto-uninative: Update to 4.3 Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
The issue was addressed with improved bounds checks. This issue
is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6,
macOS Monterey 12.5, Safari 15.6. Processing web content may
lead to arbitrary code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-48503
https://support.apple.com/en-us/HT213340
https://bugs.webkit.org/show_bug.cgi?id=241931
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../webkit/webkitgtk/CVE-2022-48503.patch | 225 ++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 226 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
new file mode 100644
index 0000000000..b67751736d
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
@@ -0,0 +1,225 @@
+From 612c245823a515c8c70c2ad486957bd8a850f0f9 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki <ysuzuki@apple.com>
+Date: Tue, 5 Sep 2023 08:40:19 +0000
+Subject: [PATCH] [JSC] Refactor wasm section ordering code
+ https://bugs.webkit.org/show_bug.cgi?id=241931 rdar://83326477
+
+Reviewed by Keith Miller.
+
+This patch refactors existing validateOrder code since it is too adhoc right now.
+
+* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
+(JSC::Wasm::ModuleInformation::dataSegmentsCount const):
+* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
+(JSC::Wasm::SectionParser::parseData):
+(JSC::Wasm::SectionParser::parseDataCount):
+* Source/JavaScriptCore/wasm/WasmSectionParser.h:
+* Source/JavaScriptCore/wasm/WasmSections.h:
+(JSC::Wasm::orderingNumber):
+(JSC::Wasm::isKnownSection):
+(JSC::Wasm::validateOrder):
+(JSC::Wasm::makeString):
+* Source/JavaScriptCore/wasm/WasmStreamingParser.cpp:
+(JSC::Wasm::StreamingParser::parseSectionPayload):
+(JSC::Wasm::StreamingParser::finalize):
+
+Canonical link: https://commits.webkit.org/251800@main
+
+CVE: CVE-2022-48503
+
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/612c245823a515c8c70c2ad486957bd8a850f0f9]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ .../wasm/WasmModuleInformation.h | 4 +-
+ .../JavaScriptCore/wasm/WasmSectionParser.cpp | 3 ++
+ .../JavaScriptCore/wasm/WasmSectionParser.h | 2 +-
+ Source/JavaScriptCore/wasm/WasmSections.h | 52 +++++++++++--------
+ .../wasm/WasmStreamingParser.cpp | 11 +++-
+ 5 files changed, 45 insertions(+), 27 deletions(-)
+
+diff --git a/Source/JavaScriptCore/wasm/WasmModuleInformation.h b/Source/JavaScriptCore/wasm/WasmModuleInformation.h
+index ae6bbeed..f9f1baf7 100644
+--- a/Source/JavaScriptCore/wasm/WasmModuleInformation.h
++++ b/Source/JavaScriptCore/wasm/WasmModuleInformation.h
+@@ -86,7 +86,7 @@ struct ModuleInformation : public ThreadSafeRefCounted<ModuleInformation> {
+ uint32_t memoryCount() const { return memory ? 1 : 0; }
+ uint32_t tableCount() const { return tables.size(); }
+ uint32_t elementCount() const { return elements.size(); }
+- uint32_t dataSegmentsCount() const { return numberOfDataSegments; }
++ uint32_t dataSegmentsCount() const { return numberOfDataSegments.value_or(0); }
+
+ const TableInformation& table(unsigned index) const { return tables[index]; }
+
+@@ -131,7 +131,7 @@ struct ModuleInformation : public ThreadSafeRefCounted<ModuleInformation> {
+ Vector<CustomSection> customSections;
+ Ref<NameSection> nameSection;
+ BranchHints branchHints;
+- uint32_t numberOfDataSegments { 0 };
++ std::optional<uint32_t> numberOfDataSegments;
+
+ BitVector m_declaredFunctions;
+ BitVector m_declaredExceptions;
+diff --git a/Source/JavaScriptCore/wasm/WasmSectionParser.cpp b/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
+index 5b511811..c55ee3c0 100644
+--- a/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
++++ b/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
+@@ -768,6 +768,8 @@ auto SectionParser::parseData() -> PartialResult
+ uint32_t segmentCount;
+ WASM_PARSER_FAIL_IF(!parseVarUInt32(segmentCount), "can't get Data section's count");
+ WASM_PARSER_FAIL_IF(segmentCount > maxDataSegments, "Data section's count is too big ", segmentCount, " maximum ", maxDataSegments);
++ if (m_info->numberOfDataSegments)
++ WASM_PARSER_FAIL_IF(segmentCount != m_info->numberOfDataSegments.value(), "Data section's count ", segmentCount, " is different from Data Count section's count ", m_info->numberOfDataSegments.value());
+ WASM_PARSER_FAIL_IF(!m_info->data.tryReserveCapacity(segmentCount), "can't allocate enough memory for Data section's ", segmentCount, " segments");
+
+ for (uint32_t segmentNumber = 0; segmentNumber < segmentCount; ++segmentNumber) {
+@@ -847,6 +849,7 @@ auto SectionParser::parseDataCount() -> PartialResult
+ {
+ uint32_t numberOfDataSegments;
+ WASM_PARSER_FAIL_IF(!parseVarUInt32(numberOfDataSegments), "can't get Data Count section's count");
++ WASM_PARSER_FAIL_IF(numberOfDataSegments > maxDataSegments, "Data Count section's count is too big ", numberOfDataSegments , " maximum ", maxDataSegments);
+
+ m_info->numberOfDataSegments = numberOfDataSegments;
+ return { };
+diff --git a/Source/JavaScriptCore/wasm/WasmSectionParser.h b/Source/JavaScriptCore/wasm/WasmSectionParser.h
+index 91fd3ed8..4d7dcbac 100644
+--- a/Source/JavaScriptCore/wasm/WasmSectionParser.h
++++ b/Source/JavaScriptCore/wasm/WasmSectionParser.h
+@@ -44,7 +44,7 @@ public:
+ {
+ }
+
+-#define WASM_SECTION_DECLARE_PARSER(NAME, ID, DESCRIPTION) PartialResult WARN_UNUSED_RETURN parse ## NAME();
++#define WASM_SECTION_DECLARE_PARSER(NAME, ID, ORDERING, DESCRIPTION) PartialResult WARN_UNUSED_RETURN parse ## NAME();
+ FOR_EACH_KNOWN_WASM_SECTION(WASM_SECTION_DECLARE_PARSER)
+ #undef WASM_SECTION_DECLARE_PARSER
+
+diff --git a/Source/JavaScriptCore/wasm/WasmSections.h b/Source/JavaScriptCore/wasm/WasmSections.h
+index bef20701..b422a587 100644
+--- a/Source/JavaScriptCore/wasm/WasmSections.h
++++ b/Source/JavaScriptCore/wasm/WasmSections.h
+@@ -33,20 +33,21 @@ IGNORE_RETURN_TYPE_WARNINGS_BEGIN
+
+ namespace JSC { namespace Wasm {
+
++// macro(Name, ID, OrderingNumber, Description).
+ #define FOR_EACH_KNOWN_WASM_SECTION(macro) \
+- macro(Type, 1, "Function signature declarations") \
+- macro(Import, 2, "Import declarations") \
+- macro(Function, 3, "Function declarations") \
+- macro(Table, 4, "Indirect function table and other tables") \
+- macro(Memory, 5, "Memory attributes") \
+- macro(Global, 6, "Global declarations") \
+- macro(Export, 7, "Exports") \
+- macro(Start, 8, "Start function declaration") \
+- macro(Element, 9, "Elements section") \
+- macro(Code, 10, "Function bodies (code)") \
+- macro(Data, 11, "Data segments") \
+- macro(DataCount, 12, "Data count") \
+- macro(Exception, 13, "Exception declarations") \
++ macro(Type, 1, 1, "Function signature declarations") \
++ macro(Import, 2, 2, "Import declarations") \
++ macro(Function, 3, 3, "Function declarations") \
++ macro(Table, 4, 4, "Indirect function table and other tables") \
++ macro(Memory, 5, 5, "Memory attributes") \
++ macro(Global, 6, 7, "Global declarations") \
++ macro(Export, 7, 8, "Exports") \
++ macro(Start, 8, 9, "Start function declaration") \
++ macro(Element, 9, 10, "Elements section") \
++ macro(Code, 10, 12, "Function bodies (code)") \
++ macro(Data, 11, 13, "Data segments") \
++ macro(DataCount, 12, 11, "Data count") \
++ macro(Exception, 13, 6, "Exception declarations") \
+
+ enum class Section : uint8_t {
+ // It's important that Begin is less than every other section number and that Custom is greater.
+@@ -54,18 +55,29 @@ enum class Section : uint8_t {
+ // Also, Begin is not a real section but is used as a marker for validating the ordering
+ // of sections.
+ Begin = 0,
+-#define DEFINE_WASM_SECTION_ENUM(NAME, ID, DESCRIPTION) NAME = ID,
++#define DEFINE_WASM_SECTION_ENUM(NAME, ID, ORDERING, DESCRIPTION) NAME = ID,
+ FOR_EACH_KNOWN_WASM_SECTION(DEFINE_WASM_SECTION_ENUM)
+ #undef DEFINE_WASM_SECTION_ENUM
+ Custom
+ };
+ static_assert(static_cast<uint8_t>(Section::Begin) < static_cast<uint8_t>(Section::Type), "Begin should come before the first known section.");
+
++inline unsigned orderingNumber(Section section)
++{
++ switch (section) {
++#define ORDERING_OF_SECTION(NAME, ID, ORDERING, DESCRIPTION) case Section::NAME: return ORDERING;
++ FOR_EACH_KNOWN_WASM_SECTION(ORDERING_OF_SECTION)
++#undef VALIDATE_SECTION
++ default:
++ return static_cast<unsigned>(section);
++ }
++}
++
+ template<typename Int>
+ inline bool isKnownSection(Int section)
+ {
+ switch (section) {
+-#define VALIDATE_SECTION(NAME, ID, DESCRIPTION) case static_cast<Int>(Section::NAME): return true;
++#define VALIDATE_SECTION(NAME, ID, ORDERING, DESCRIPTION) case static_cast<Int>(Section::NAME): return true;
+ FOR_EACH_KNOWN_WASM_SECTION(VALIDATE_SECTION)
+ #undef VALIDATE_SECTION
+ default:
+@@ -89,13 +101,7 @@ inline bool decodeSection(uint8_t sectionByte, Section& section)
+ inline bool validateOrder(Section previousKnown, Section next)
+ {
+ ASSERT(isKnownSection(previousKnown) || previousKnown == Section::Begin);
+- if (previousKnown == Section::DataCount && next == Section::Code)
+- return true;
+- if (previousKnown == Section::Exception)
+- return next >= Section::Global;
+- if (next == Section::Exception)
+- return previousKnown <= Section::Memory;
+- return static_cast<uint8_t>(previousKnown) < static_cast<uint8_t>(next);
++ return orderingNumber(previousKnown) < orderingNumber(next);
+ }
+
+ inline const char* makeString(Section section)
+@@ -105,7 +111,7 @@ inline const char* makeString(Section section)
+ return "Begin";
+ case Section::Custom:
+ return "Custom";
+-#define STRINGIFY_SECTION_NAME(NAME, ID, DESCRIPTION) case Section::NAME: return #NAME;
++#define STRINGIFY_SECTION_NAME(NAME, ID, ORDERING, DESCRIPTION) case Section::NAME: return #NAME;
+ FOR_EACH_KNOWN_WASM_SECTION(STRINGIFY_SECTION_NAME)
+ #undef STRINGIFY_SECTION_NAME
+ }
+diff --git a/Source/JavaScriptCore/wasm/WasmStreamingParser.cpp b/Source/JavaScriptCore/wasm/WasmStreamingParser.cpp
+index fa552eff..25e7e32d 100644
+--- a/Source/JavaScriptCore/wasm/WasmStreamingParser.cpp
++++ b/Source/JavaScriptCore/wasm/WasmStreamingParser.cpp
+@@ -161,7 +161,7 @@ auto StreamingParser::parseSectionPayload(Vector<uint8_t>&& data) -> State
+ {
+ SectionParser parser(data.data(), data.size(), m_offset, m_info.get());
+ switch (m_section) {
+-#define WASM_SECTION_PARSE(NAME, ID, DESCRIPTION) \
++#define WASM_SECTION_PARSE(NAME, ID, ORDERING, DESCRIPTION) \
+ case Section::NAME: { \
+ WASM_STREAMING_PARSER_FAIL_IF_HELPER_FAILS(parser.parse ## NAME()); \
+ break; \
+@@ -393,9 +393,18 @@ auto StreamingParser::finalize() -> State
+ m_state = fail("Number of functions parsed (", m_functionCount, ") does not match the number of declared functions (", m_info->functions.size(), ")");
+ break;
+ }
++
++ if (m_info->numberOfDataSegments) {
++ if (UNLIKELY(m_info->data.size() != m_info->numberOfDataSegments.value())) {
++ m_state = fail("Data section's count ", m_info->data.size(), " is different from Data Count section's count ", m_info->numberOfDataSegments.value());
++ break;
++ }
++ }
++
+ if (m_remaining.isEmpty()) {
+ if (UNLIKELY(Options::useEagerWebAssemblyModuleHashing()))
+ m_info->nameSection->setHash(m_hasher.computeHexDigest());
++
+ m_state = State::Finished;
+ m_client.didFinishParsing();
+ } else
+--
+2.40.0
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 20f475bebd..10fcd0813a 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -22,6 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
file://CVE-2022-42867.patch \
file://CVE-2022-46700.patch \
file://CVE-2023-23529.patch \
+ file://CVE-2022-48503.patch \
"
SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 7/8] gdb: Fix CVE-2023-39128
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-09-13 14:30 ` [OE-core][kirkstone 6/8] webkitgtk: fix CVE-2022-48503 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 8/8] yocto-uninative: Update to 4.3 Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.
Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gdb/gdb.inc | 1 +
.../gdb/gdb/0011-CVE-2023-39128.patch | 75 +++++++++++++++++++
2 files changed, 76 insertions(+)
create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc
index 649ee28727..099bd2d8f5 100644
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -14,5 +14,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
file://0008-resolve-restrict-keyword-conflict.patch \
file://0009-Fix-invalid-sigprocmask-call.patch \
file://0010-gdbserver-ctrl-c-handling.patch \
+ file://0011-CVE-2023-39128.patch \
"
SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"
diff --git a/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
new file mode 100644
index 0000000000..53b49cb21d
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
@@ -0,0 +1,75 @@
+From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001
+From: Tom Tromey <tromey@adacore.com>
+Date: Wed, 16 Aug 2023 11:29:19 -0600
+Subject: [PATCH] Avoid buffer overflow in ada_decode
+
+A bug report pointed out a buffer overflow in ada_decode, which Keith
+helpfully analyzed. ada_decode had a logic error when the input was
+all digits. While this isn't valid -- and would probably only appear
+in fuzzer tests -- it still should be handled properly.
+
+This patch adds a missing bounds check. Tested with the self-tests in
+an asan build.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
+Reviewed-by: Keith Seitz <keiths@redhat.com>
+
+Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
+CVE: CVE-2023-39128
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ gdb/ada-lang.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
+index 70a2b44..f682302 100644
+--- a/gdb/ada-lang.c
++++ b/gdb/ada-lang.c
+@@ -57,6 +57,7 @@
+ #include "cli/cli-utils.h"
+ #include "gdbsupport/function-view.h"
+ #include "gdbsupport/byte-vector.h"
++#include "gdbsupport/selftest.h"
+ #include <algorithm>
+ #include "ada-exp.h"
+
+@@ -1057,7 +1058,7 @@ ada_decode (const char *encoded, bool wrap)
+ i -= 1;
+ if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+ len0 = i - 1;
+- else if (encoded[i] == '$')
++ else if (i >= 0 && encoded[i] == '$')
+ len0 = i;
+ }
+
+@@ -1225,6 +1226,18 @@ ada_decode (const char *encoded, bool wrap)
+ return decoded;
+ }
+
++#ifdef GDB_SELF_TEST
++
++static void
++ada_decode_tests ()
++{
++ /* This isn't valid, but used to cause a crash. PR gdb/30639. The
++ result does not really matter very much. */
++ SELF_CHECK (ada_decode ("44") == "44");
++}
++
++#endif
++
+ /* Table for keeping permanent unique copies of decoded names. Once
+ allocated, names in this table are never released. While this is a
+ storage leak, it should not be significant unless there are massive
+@@ -13497,4 +13510,8 @@ DWARF attribute."),
+ gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang");
+ gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang");
+ gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang");
++
++#ifdef GDB_SELF_TEST
++ selftests::register_test ("ada-decode", ada_decode_tests);
++#endif
+ }
+--
+2.35.7
+
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 8/8] yocto-uninative: Update to 4.3
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-09-13 14:30 ` [OE-core][kirkstone 7/8] gdb: Fix CVE-2023-39128 Steve Sakoman
@ 2023-09-13 14:30 ` Steve Sakoman
7 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
From: Michael Halstead <mhalstead@linuxfoundation.org>
Add in stable updates to glibc 2.38 to fix malloc bugs
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/distro/include/yocto-uninative.inc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 6596c0f4a2..eaa3e9b31c 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
#
UNINATIVE_MAXGLIBCVERSION = "2.38"
-UNINATIVE_VERSION = "4.2"
+UNINATIVE_VERSION = "4.3"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "cff40e7bdde50aeda06707af8c001796a71b4cf33c5ae1616e5c47943ff6b94e"
-UNINATIVE_CHECKSUM[i686] ?= "a70516447e9a9f1465ffaf1c7f89e79d1692d2356d86fd2a5a63acd908db1ff2"
-UNINATIVE_CHECKSUM[x86_64] ?= "6a86d71eeafba4fefec600c9bf8cf4a01324d1eb52788b6e398d3f23c10d19fb"
+UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec"
+UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd"
+UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030"
--
2.34.1
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-11-29 23:04 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-11-29 23:04 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 1
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6260
The following changes since commit 8726ae02d760270f9e7fe7ef5715d8f7553371ce:
goarch: Move Go architecture mapping to a library (2023-11-21 05:32:39 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
gstreamer1.0-plugins-bad: fix CVE-2023-44429
vim: Upgrade 9.0.2048 -> 9.0.2068
Hitendra Prajapati (1):
grub: fix CVE-2023-4693
Li Wang (1):
systemtap_git: fix used uninitialized error
Ninad Palsule (1):
kernel-fitImage: Strip path component from dtb
Richard Purdie (1):
vim: Improve locale handling
Steve Sakoman (1):
vim: use upstream generated .po files
Vivek Kumbhar (1):
openssl: fix CVE-2023-5678 Generating excessively long X9.42 DH keys
or checking excessively long X9.42 DH keys or parameters may be very
slow
meta/classes/kernel-fitimage.bbclass | 5 +
.../grub/files/CVE-2023-4693.patch | 62 ++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../openssl/openssl/CVE-2023-5678.patch | 180 ++++++++++++++++++
.../openssl/openssl_3.0.12.bb | 1 +
...x-Prevent-Werror-maybe-uninitialized.patch | 53 ++++++
.../recipes-kernel/systemtap/systemtap_git.bb | 1 +
.../CVE-2023-44429.patch | 38 ++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 1 +
meta/recipes-support/vim/vim.inc | 20 +-
10 files changed, 350 insertions(+), 12 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-02-12 13:54 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-02-12 13:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, February 14
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6556
The following changes since commit 2bdae590ab20dc4518ba247c903060fa67ed0fc4:
openssl: Upgrade 3.0.12 -> 3.0.13 (2024-02-05 03:56:38 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
curl: Fix CVE-2023-46219
Bruce Ashfield (1):
kernel: fix localversion in v6.3+
Jermain Horsman (1):
systemd: Only add myhostname to nsswitch.conf if in PACKAGECONFIG
Kai Kang (1):
ghostscript: correct LICENSE with AGPLv3
Narpat Mali (1):
python3-pycryptodome: Fix CVE-2023-52323
Soumya Sambu (2):
go: Fix CVE-2023-45285 and CVE-2023-45287
libgit2: Fix CVE-2024-24575 and CVE-2024-24577
Vijay Anusuri (1):
libxml2: Fix for CVE-2024-25062
meta/classes/kernel-arch.bbclass | 7 +
meta/classes/kernel.bbclass | 10 +-
.../libxml/libxml2/CVE-2024-25062.patch | 33 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
meta/recipes-core/systemd/systemd_250.5.bb | 16 +-
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.20/CVE-2023-45285.patch | 110 ++
.../go/go-1.20/CVE-2023-45287.patch | 1695 +++++++++++++++++
.../python3-pycryptodome/CVE-2023-52323.patch | 436 +++++
.../python/python3-pycryptodome_3.14.1.bb | 1 +
.../CVE-2023-52323.patch | 436 +++++
.../python/python3-pycryptodomex_3.14.1.bb | 2 +
.../ghostscript/ghostscript_9.55.0.bb | 2 +-
.../curl/curl/CVE-2023-46219-0001.patch | 42 +
.../curl/curl/CVE-2023-46219-0002.patch | 133 ++
.../curl/curl/CVE-2023-46219-0003.patch | 81 +
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
.../libgit2/libgit2/CVE-2024-24575.patch | 56 +
.../libgit2/libgit2/CVE-2024-24577.patch | 52 +
meta/recipes-support/libgit2/libgit2_1.4.5.bb | 5 +-
20 files changed, 3113 insertions(+), 10 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-45285.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-45287.patch
create mode 100644 meta/recipes-devtools/python/python3-pycryptodome/CVE-2023-52323.patch
create mode 100644 meta/recipes-devtools/python/python3-pycryptodomex/CVE-2023-52323.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch
create mode 100644 meta/recipes-support/libgit2/libgit2/CVE-2024-24575.patch
create mode 100644 meta/recipes-support/libgit2/libgit2/CVE-2024-24577.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-03-12 13:53 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-03-12 13:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, March 13
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6670
The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:
golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (6):
linux-yocto/5.15: update to v5.15.149
linux-yocto/5.15: update CVE exclusions
linux-yocto/5.10: update to v5.10.210
linux-yocto/5.15: update to v5.15.150
linux-yocto/5.15: update CVE exclusions (5.15.150)
linux-yocto/5.15: fix partion scanning
Nikhil R (1):
librsvg: Fix do_package_qa error for librsvg
Vivek Kumbhar (1):
go: Backport fix CVE-2024-24784 & CVE-2024-24785
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.18/CVE-2024-24784.patch | 207 ++++++++++++++++++
.../go/go-1.18/CVE-2024-24785.patch | 196 +++++++++++++++++
meta/recipes-gnome/librsvg/librsvg_2.52.10.bb | 2 +
.../linux/cve-exclusion_5.15.inc | 197 ++++++++++++++++-
.../linux/linux-yocto-rt_5.10.bb | 4 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
11 files changed, 632 insertions(+), 42 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2024-24784.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2024-24785.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-05-24 12:14 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-05-24 12:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, May 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6956
The following changes since commit f85d5dfc91d536a00669ca3148d8c3b2727b183d:
libpciaccess: Remove duplicated license entry (2024-05-10 05:05:54 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bob Henz (1):
systemd-systemctl: Fix WantedBy processing
Colin McAllister (1):
initscripts: Add custom mount args for /var/lib
Dmitry Baryshkov (1):
go.bbclass: fix path to linker in native Go builds
Joerg Vehlow (1):
go: Always pass interpreter to linker
Peter Marko (1):
openssl: patch CVE-2024-4603
Stefan Herbrechtsmeier (1):
classes: go-mod: do not pack go mod cache
Vijay Anusuri (1):
binutils: Rename CVE-2022-38126 patch to CVE-2022-35205
Yogita Urade (1):
libarchive: fix CVE-2024-26256
meta/classes/go-mod.bbclass | 4 +
meta/classes/go.bbclass | 6 +-
.../openssl/openssl/CVE-2024-4603.patch | 180 ++++++++++++++++++
.../openssl/openssl_3.0.13.bb | 1 +
.../initscripts-1.0/read-only-rootfs-hook.sh | 4 +-
.../initscripts/initscripts_1.0.bb | 2 +
.../systemd/systemd-systemctl/systemctl | 11 ++
.../binutils/binutils-2.38.inc | 2 +-
...-38126.patch => 0016-CVE-2022-35205.patch} | 3 +-
.../libarchive/CVE-2024-26256.patch | 29 +++
.../libarchive/libarchive_3.6.2.bb | 5 +-
11 files changed, 240 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
rename meta/recipes-devtools/binutils/binutils/{0016-CVE-2022-38126.patch => 0016-CVE-2022-35205.patch} (94%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-08-04 17:08 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-08-04 17:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, August 6
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7206
The following changes since commit c6cafd2aa50357c80fbab79741d575ff567c5766:
gcc-runtime: remove bashism (2024-07-31 04:59:21 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ashish Sharma (1):
gtk+3 : backport fix for CVE-2024-6655
Bruce Ashfield (5):
linux-yocto/5.15: update to v5.15.158
linux-yocto/5.15: update to v5.15.160
linux-yocto/5.15: update to v5.15.161
linux-yocto/5.15: update to v5.15.162
linux-yocto/5.15: update to v5.15.164
Siddharth Doshi (1):
lttng-modules: Upgrade 2.13.9 -> 2.13.14
Soumya Sambu (1):
go: Fix CVE-2024-24789
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-24789.patch | 78 +++++++++++++++++++
.../gtk+/gtk+3/CVE-2024-6655.patch | 39 ++++++++++
meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb | 1 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++----
.../0009-Rename-genhd-wrapper-to-blkdev.patch | 19 +++--
...les_2.13.9.bb => lttng-modules_2.13.14.bb} | 4 +-
9 files changed, 151 insertions(+), 29 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24789.patch
create mode 100644 meta/recipes-gnome/gtk+/gtk+3/CVE-2024-6655.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.9.bb => lttng-modules_2.13.14.bb} (89%)
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-04-01 22:36 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1311
The following changes since commit 453c5c8d9031be2b3a25e2a04e0f5f6325ef7298:
cve-update-nvd2-native: handle missing vulnStatus (2025-03-31 09:13:54 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepesh Varatharajan (1):
llvm : Fix CVE-2024-0151
Divya Chellam (1):
zlib: fix CVE-2014-9485
Guocai He (1):
mesa: Update SRC_URI
Haixiao Yan (1):
glibc: Add single-threaded fast path to rand()
Michael Halstead (1):
yocto-uninative: Update to 4.7 for glibc 2.41
Peter Marko (3):
libarchive: ignore CVE-2025-1632
perl: ignore CVE-2023-47038
freetype: patch CVE-2025-27363
meta/conf/distro/include/yocto-uninative.inc | 10 +-
...dd-single-threaded-fast-path-to-rand.patch | 47 +
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
.../zlib/zlib/CVE-2014-9485.patch | 64 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
.../llvm/llvm/CVE-2024-0151.patch | 1087 +++++++++++++++++
meta/recipes-devtools/llvm/llvm_git.bb | 1 +
meta/recipes-devtools/perl/perl_5.34.3.bb | 2 +
.../libarchive/libarchive_3.6.2.bb | 2 +
.../freetype/freetype/CVE-2025-27363.patch | 44 +
.../freetype/freetype_2.11.1.bb | 1 +
.../recipes-graphics/mesa/mesa-demos_8.4.0.bb | 2 +-
meta/recipes-graphics/mesa/mesa.inc | 2 +-
13 files changed, 1257 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2014-9485.patch
create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-08-13 21:28 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-08-13 21:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2196
The following changes since commit bd620eb14660075fd0f7476bbbb65d5da6293874:
build-appliance-image: Update to kirkstone head revision (2025-08-08 06:31:30 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Guocai He (1):
gnupg: disable tests to avoid running target binaries at build time
Hitendra Prajapati (1):
libxslt: fix CVE-2023-40403
Peter Marko (3):
python3: patch CVE-2025-8194
go: ignore CVE-2025-0913
libarchive: patch CVE-2025-5918
Quentin Schulz (1):
go-helloworld: fix license
Yogita Urade (2):
tiff: fix CVE-2025-8176
tiff: fix CVE-2025-8177
meta/recipes-devtools/go/go-1.17.13.inc | 2 +-
.../python/python3/CVE-2025-8194.patch | 219 +++++++++++
.../python/python3_3.10.18.bb | 7 +-
.../go-examples/go-helloworld_0.1.bb | 4 +-
.../0001-FILE-seeking-support-2539.patch | 190 ++++++++++
.../0001-Improve-lseek-handling-2564.patch | 320 ++++++++++++++++
.../libarchive/libarchive/CVE-2025-5918.patch | 217 +++++++++++
.../libarchive/libarchive_3.6.2.bb | 3 +
.../libtiff/tiff/CVE-2025-8176-0001.patch | 61 +++
.../libtiff/tiff/CVE-2025-8176-0002.patch | 31 ++
.../libtiff/tiff/CVE-2025-8176-0003.patch | 28 ++
.../libtiff/tiff/CVE-2025-8177.patch | 35 ++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 +
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 +
.../libxslt/libxslt/CVE-2023-40403-001.patch | 257 +++++++++++++
.../libxslt/libxslt/CVE-2023-40403-002.patch | 147 ++++++++
.../libxslt/libxslt/CVE-2023-40403-003.patch | 231 ++++++++++++
.../libxslt/libxslt/CVE-2023-40403-004.patch | 349 ++++++++++++++++++
.../libxslt/libxslt/CVE-2023-40403-005.patch | 55 +++
.../recipes-support/libxslt/libxslt_1.1.35.bb | 5 +
20 files changed, 2160 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-8194.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-FILE-seeking-support-2539.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Improve-lseek-handling-2564.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0001.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0002.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0003.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-001.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-002.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-003.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-004.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-005.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-10-17 20:43 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-10-17 20:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2607
The following changes since commit 8f1000d9dad5e51f08a40b0f6650204425cc8efb:
glibc: : PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786) (2025-10-14 10:35:12 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (4):
linux-yocto/5.15: update to v5.15.188
linux-yocto/5.15: update to v5.15.189
linux-yocto/5.15: update to v5.15.193
linux-yocto/5.15: update to v5.15.194
Peter Marko (1):
python3: upgrade 3.10.18 -> 3.10.19
Rajeshkumar Ramasamy (2):
glib-networking: fix CVE-2025-60018
glib-networking: fix CVE-2025-60019
Saravanan (1):
cmake: fix CVE-2025-9301
.../glib-networking/CVE-2025-60018.patch | 83 +++++++
.../glib-networking/CVE-2025-60019.patch | 137 +++++++++++
.../glib-networking/glib-networking_2.72.2.bb | 2 +
.../cmake/cmake/CVE-2025-9301.patch | 71 ++++++
meta/recipes-devtools/cmake/cmake_3.22.3.bb | 1 +
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
.../python/python3/CVE-2025-8194.patch | 219 ------------------
...{python3_3.10.18.bb => python3_3.10.19.bb} | 3 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
11 files changed, 315 insertions(+), 241 deletions(-)
create mode 100644 meta/recipes-core/glib-networking/glib-networking/CVE-2025-60018.patch
create mode 100644 meta/recipes-core/glib-networking/glib-networking/CVE-2025-60019.patch
create mode 100644 meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-8194.patch
rename meta/recipes-devtools/python/{python3_3.10.18.bb => python3_3.10.19.bb} (99%)
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-11-03 20:59 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-11-03 20:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, November 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2677
The following changes since commit 99204008786f659ab03538cd2ae2fd23ed4164c5:
build-appliance-image: Update to kirkstone head revision (2025-10-31 06:30:23 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
openssh: fix CVE-2025-61985
Hitendra Prajapati (1):
go: fix CVE-2024-24783
Hongxu Jia (1):
u-boot: fix CVE-2024-42040
Jason Schonberg (1):
Don't use ftp.gnome.org
Peter Marko (3):
wpa-supplicant: patch CVE-2025-24912
binutils: patch CVE-2025-11412
binutils: patch CVE-2025-11413
Praveen Kumar (1):
bind: upgrade 9.18.33 -> 9.18.41
.../u-boot/files/CVE-2024-42040.patch | 56 +++++++++++++
meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +-
.../bind/{bind_9.18.33.bb => bind_9.18.41.bb} | 2 +-
.../openssh/openssh/CVE-2025-61985.patch | 35 ++++++++
.../openssh/openssh_8.9p1.bb | 1 +
.../wpa-supplicant/CVE-2025-24912-01.patch | 79 ++++++++++++++++++
.../wpa-supplicant/CVE-2025-24912-02.patch | 70 ++++++++++++++++
.../wpa-supplicant/wpa-supplicant_2.10.bb | 2 +
.../binutils/binutils-2.38.inc | 2 +
.../binutils/binutils/CVE-2025-11412.patch | 35 ++++++++
.../binutils/binutils/CVE-2025-11413.patch | 38 +++++++++
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-24783.patch | 83 +++++++++++++++++++
.../python/python3-pygobject_3.42.0.bb | 2 +-
meta/recipes-devtools/vala/vala.inc | 2 +-
meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb | 2 +-
meta/recipes-gnome/libgudev/libgudev_237.bb | 2 +-
.../recipes-support/libxslt/libxslt_1.1.35.bb | 2 +-
18 files changed, 411 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch
rename meta/recipes-connectivity/bind/{bind_9.18.33.bb => bind_9.18.41.bb} (97%)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-11412.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24783.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2025-11-03 20:59 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-13 14:30 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 2/8] dropbear: fix CVE-2023-36328 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 3/8] qemu: fix CVE-2021-3638 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 4/8] libxml2: Fix CVE-2023-39615 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 5/8] flac: fix CVE-2020-22219 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 6/8] webkitgtk: fix CVE-2022-48503 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 7/8] gdb: Fix CVE-2023-39128 Steve Sakoman
2023-09-13 14:30 ` [OE-core][kirkstone 8/8] yocto-uninative: Update to 4.3 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-03 20:59 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-10-17 20:43 Steve Sakoman
2025-08-13 21:28 Steve Sakoman
2025-04-01 22:36 Steve Sakoman
2024-08-04 17:08 Steve Sakoman
2024-05-24 12:14 Steve Sakoman
2024-03-12 13:53 Steve Sakoman
2024-02-12 13:54 Steve Sakoman
2023-11-29 23:04 Steve Sakoman
2023-08-27 20:52 Steve Sakoman
2023-07-24 2:33 Steve Sakoman
2023-04-22 15:54 Steve Sakoman
2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
2022-08-09 21:27 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox