* [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 02/10] linux-yocto: update CVE exclusions Steve Sakoman
` (8 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-28320
https://security-tracker.debian.org/tracker/CVE-2023-28320
Upstream Patch:
Introduced by: https://github.com/curl/curl/commit/3c49b405de4f (curl-7_9_8)
Fixed by: https://github.com/curl/curl/commit/13718030ad4b (curl-8_1_0)
Follow-up: https://github.com/curl/curl/commit/f446258f0269 (curl-8_1_0)
Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2023-28320-fol1.patch | 80 +++++++++++++++++++
meta/recipes-support/curl/curl_8.0.1.bb | 1 +
2 files changed, 81 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
new file mode 100644
index 0000000000..3c06d8c518
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
@@ -0,0 +1,80 @@
+From e442feb37ba25c80b8480b908d1c570fd9f41c5e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 16 May 2023 23:40:42 +0200
+Subject: [PATCH] hostip: include easy_lock.h before using
+ GLOBAL_INIT_IS_THREADSAFE
+
+Since that header file is the only place that define can be defined.
+
+Reported-by: Marc Deslauriers
+
+Follow-up to 13718030ad4b3209
+
+Closes #11121
+
+CVE: CVE-2023-28320
+Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269]
+
+(cherry picked from commit f446258f0269a62289cca0210157cb8558d0edc3)
+Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
+
+---
+ lib/hostip.c | 10 ++++------
+ lib/hostip.h | 9 ---------
+ 2 files changed, 4 insertions(+), 15 deletions(-)
+
+diff --git a/lib/hostip.c b/lib/hostip.c
+index d6906a2e8..2d26b5628 100644
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -70,6 +70,8 @@
+ #include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
+ #endif
+
++#include "easy_lock.h"
++
+ #if defined(CURLRES_SYNCH) && \
+ defined(HAVE_ALARM) && \
+ defined(SIGALRM) && \
+@@ -79,10 +81,6 @@
+ #define USE_ALARM_TIMEOUT
+ #endif
+
+-#ifdef USE_ALARM_TIMEOUT
+-#include "easy_lock.h"
+-#endif
+-
+ #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
+
+ /*
+@@ -265,8 +263,8 @@ void Curl_hostcache_prune(struct Curl_easy *data)
+ /* Beware this is a global and unique instance. This is used to store the
+ return address that we can jump back to from inside a signal handler. This
+ is not thread-safe stuff. */
+-sigjmp_buf curl_jmpenv;
+-curl_simple_lock curl_jmpenv_lock;
++static sigjmp_buf curl_jmpenv;
++static curl_simple_lock curl_jmpenv_lock;
+ #endif
+
+ /* lookup address, returns entry if found and not stale */
+diff --git a/lib/hostip.h b/lib/hostip.h
+index 4b5481f65..0dd19e87c 100644
+--- a/lib/hostip.h
++++ b/lib/hostip.h
+@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
+ #define CURL_INADDR_NONE INADDR_NONE
+ #endif
+
+-#ifdef HAVE_SIGSETJMP
+-/* Forward-declaration of variable defined in hostip.c. Beware this
+- * is a global and unique instance. This is used to store the return
+- * address that we can jump back to from inside a signal handler.
+- * This is not thread-safe stuff.
+- */
+-extern sigjmp_buf curl_jmpenv;
+-#endif
+-
+ /*
+ * Function provided by the resolver backend to set DNS servers to use.
+ */
diff --git a/meta/recipes-support/curl/curl_8.0.1.bb b/meta/recipes-support/curl/curl_8.0.1.bb
index bcfe4a6088..708f622fe1 100644
--- a/meta/recipes-support/curl/curl_8.0.1.bb
+++ b/meta/recipes-support/curl/curl_8.0.1.bb
@@ -18,6 +18,7 @@ SRC_URI = " \
file://CVE-2023-28320.patch \
file://CVE-2023-28321.patch \
file://CVE-2023-32001.patch \
+ file://CVE-2023-28320-fol1.patch \
"
SRC_URI[sha256sum] = "0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0"
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 02/10] linux-yocto: update CVE exclusions
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 03/10] glibc: fix CVE-2023-4527 Steve Sakoman
` (7 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_6.1.inc | 157 ++++++++++++++----
1 file changed, 123 insertions(+), 34 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 4e809940db..1656ffc8b5 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 16:54:59.886795 for version 6.1.38"
+# Generated at 2023-09-23 10:45:45.248445 for version 6.1.46
python check_kernel_cve_status_version() {
- this_version = "6.1.38"
+ this_version = "6.1.46"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4839,6 +4839,8 @@ CVE_CHECK_IGNORE += "CVE-2020-27194"
# fixed-version: Fixed after version 5.6rc4
CVE_CHECK_IGNORE += "CVE-2020-2732"
+# CVE-2020-27418 has no known resolution
+
# fixed-version: Fixed after version 5.10rc1
CVE_CHECK_IGNORE += "CVE-2020-27673"
@@ -6464,7 +6466,8 @@ CVE_CHECK_IGNORE += "CVE-2022-40768"
# fixed-version: Fixed after version 6.0rc4
CVE_CHECK_IGNORE += "CVE-2022-4095"
-# CVE-2022-40982 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2022-40982"
# cpe-stable-backport: Backported in 6.1.4
CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6546,9 +6549,9 @@ CVE_CHECK_IGNORE += "CVE-2022-4382"
# fixed-version: Fixed after version 6.1rc1
CVE_CHECK_IGNORE += "CVE-2022-43945"
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
# CVE-2022-44034 has no known resolution
@@ -6561,13 +6564,16 @@ CVE_CHECK_IGNORE += "CVE-2022-45869"
# CVE-2022-45885 has no known resolution
-# CVE-2022-45886 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45886"
-# CVE-2022-45887 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45887"
# CVE-2022-45888 needs backporting (fixed from 6.2rc1)
-# CVE-2022-45919 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45919"
# fixed-version: Fixed after version 6.1
CVE_CHECK_IGNORE += "CVE-2022-45934"
@@ -6629,7 +6635,8 @@ CVE_CHECK_IGNORE += "CVE-2022-48424"
# cpe-stable-backport: Backported in 6.1.33
CVE_CHECK_IGNORE += "CVE-2022-48425"
-# CVE-2022-48502 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2022-48502"
# fixed-version: Fixed after version 5.0rc1
CVE_CHECK_IGNORE += "CVE-2023-0030"
@@ -6643,7 +6650,8 @@ CVE_CHECK_IGNORE += "CVE-2023-0047"
# fixed-version: Fixed after version 6.0rc4
CVE_CHECK_IGNORE += "CVE-2023-0122"
-# CVE-2023-0160 has no known resolution
+# cpe-stable-backport: Backported in 6.1.28
+CVE_CHECK_IGNORE += "CVE-2023-0160"
# cpe-stable-backport: Backported in 6.1.7
CVE_CHECK_IGNORE += "CVE-2023-0179"
@@ -6726,7 +6734,8 @@ CVE_CHECK_IGNORE += "CVE-2023-1192"
# fixed-version: Fixed after version 6.1rc3
CVE_CHECK_IGNORE += "CVE-2023-1195"
-# CVE-2023-1206 needs backporting (fixed from 6.1.43)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-1206"
# fixed-version: Fixed after version 5.18rc1
CVE_CHECK_IGNORE += "CVE-2023-1249"
@@ -6809,11 +6818,14 @@ CVE_CHECK_IGNORE += "CVE-2023-2008"
# fixed-version: Fixed after version 6.0rc1
CVE_CHECK_IGNORE += "CVE-2023-2019"
-# CVE-2023-20569 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2023-20569"
-# CVE-2023-20588 has no known resolution
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-20588"
-# CVE-2023-20593 needs backporting (fixed from 6.1.41)
+# cpe-stable-backport: Backported in 6.1.41
+CVE_CHECK_IGNORE += "CVE-2023-20593"
# fixed-version: Fixed after version 6.0rc1
CVE_CHECK_IGNORE += "CVE-2023-20928"
@@ -6922,7 +6934,7 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
# fixed-version: Fixed after version 5.12rc1
CVE_CHECK_IGNORE += "CVE-2023-23586"
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+# CVE-2023-2430 needs backporting (fixed from 6.1.50)
# cpe-stable-backport: Backported in 6.1.22
CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -6933,6 +6945,8 @@ CVE_CHECK_IGNORE += "CVE-2023-25012"
# fixed-version: Fixed after version 6.0rc1
CVE_CHECK_IGNORE += "CVE-2023-2513"
+# CVE-2023-25775 needs backporting (fixed from 6.1.53)
+
# fixed-version: only affects 6.3rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-2598"
@@ -6979,7 +6993,8 @@ CVE_CHECK_IGNORE += "CVE-2023-28772"
# cpe-stable-backport: Backported in 6.1.22
CVE_CHECK_IGNORE += "CVE-2023-28866"
-# CVE-2023-2898 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-2898"
# cpe-stable-backport: Backported in 6.1.16
CVE_CHECK_IGNORE += "CVE-2023-2985"
@@ -7007,7 +7022,7 @@ CVE_CHECK_IGNORE += "CVE-2023-3106"
# CVE-2023-31082 has no known resolution
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
# CVE-2023-31084 needs backporting (fixed from 6.4rc3)
@@ -7019,7 +7034,8 @@ CVE_CHECK_IGNORE += "CVE-2023-3111"
# cpe-stable-backport: Backported in 6.1.35
CVE_CHECK_IGNORE += "CVE-2023-3117"
-# CVE-2023-31248 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-31248"
# cpe-stable-backport: Backported in 6.1.30
CVE_CHECK_IGNORE += "CVE-2023-3141"
@@ -7083,7 +7099,8 @@ CVE_CHECK_IGNORE += "CVE-2023-3317"
# cpe-stable-backport: Backported in 6.1.22
CVE_CHECK_IGNORE += "CVE-2023-33203"
-# CVE-2023-33250 has no known resolution
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-33250"
# cpe-stable-backport: Backported in 6.1.22
CVE_CHECK_IGNORE += "CVE-2023-33288"
@@ -7123,12 +7140,14 @@ CVE_CHECK_IGNORE += "CVE-2023-34255"
# cpe-stable-backport: Backported in 6.1.29
CVE_CHECK_IGNORE += "CVE-2023-34256"
-# CVE-2023-34319 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2023-34319"
# fixed-version: Fixed after version 5.18rc5
CVE_CHECK_IGNORE += "CVE-2023-3439"
-# CVE-2023-35001 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-35001"
# cpe-stable-backport: Backported in 6.1.11
CVE_CHECK_IGNORE += "CVE-2023-3567"
@@ -7161,19 +7180,25 @@ CVE_CHECK_IGNORE += "CVE-2023-3609"
# cpe-stable-backport: Backported in 6.1.36
CVE_CHECK_IGNORE += "CVE-2023-3610"
-# CVE-2023-3611 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3611"
# CVE-2023-3640 has no known resolution
-# CVE-2023-37453 has no known resolution
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-37453"
# CVE-2023-37454 has no known resolution
-# CVE-2023-3772 has no known resolution
+# CVE-2023-3772 needs backporting (fixed from 6.1.47)
-# CVE-2023-3773 has no known resolution
+# CVE-2023-3773 needs backporting (fixed from 6.1.47)
-# CVE-2023-3776 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3776"
+
+# cpe-stable-backport: Backported in 6.1.42
+CVE_CHECK_IGNORE += "CVE-2023-3777"
# fixed-version: Fixed after version 6.1rc4
CVE_CHECK_IGNORE += "CVE-2023-3812"
@@ -7202,25 +7227,89 @@ CVE_CHECK_IGNORE += "CVE-2023-38431"
# cpe-stable-backport: Backported in 6.1.36
CVE_CHECK_IGNORE += "CVE-2023-38432"
-# CVE-2023-3863 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-3863"
-# CVE-2023-4004 needs backporting (fixed from 6.1.42)
+# cpe-stable-backport: Backported in 6.1.36
+CVE_CHECK_IGNORE += "CVE-2023-3865"
+
+# cpe-stable-backport: Backported in 6.1.36
+CVE_CHECK_IGNORE += "CVE-2023-3866"
+
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3867"
+
+# cpe-stable-backport: Backported in 6.1.42
+CVE_CHECK_IGNORE += "CVE-2023-4004"
# CVE-2023-4010 has no known resolution
-# CVE-2023-4128 needs backporting (fixed from 6.5rc5)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-4015"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-40283"
-# CVE-2023-4132 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4128"
+
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-4132"
# CVE-2023-4133 needs backporting (fixed from 6.3)
# CVE-2023-4134 needs backporting (fixed from 6.5rc1)
-# CVE-2023-4147 needs backporting (fixed from 6.1.43)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-4147"
+
+# cpe-stable-backport: Backported in 6.1.46
+CVE_CHECK_IGNORE += "CVE-2023-4155"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4194"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4206"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4207"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4208"
+
+# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4273"
+
+# fixed-version: Fixed after version 5.19rc1
+CVE_CHECK_IGNORE += "CVE-2023-4385"
+
+# fixed-version: Fixed after version 5.18
+CVE_CHECK_IGNORE += "CVE-2023-4387"
+
+# fixed-version: Fixed after version 5.18rc3
+CVE_CHECK_IGNORE += "CVE-2023-4389"
+
+# fixed-version: Fixed after version 6.0rc3
+CVE_CHECK_IGNORE += "CVE-2023-4394"
+
+# fixed-version: Fixed after version 5.18
+CVE_CHECK_IGNORE += "CVE-2023-4459"
+
+# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+
+# CVE-2023-4569 needs backporting (fixed from 6.1.47)
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4611"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
-# CVE-2023-4155 has no known resolution
+# CVE-2023-4623 needs backporting (fixed from 6.1.53)
-# CVE-2023-4194 needs backporting (fixed from 6.5rc5)
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
-# CVE-2023-4273 needs backporting (fixed from 6.5rc5)
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 03/10] glibc: fix CVE-2023-4527
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 02/10] linux-yocto: update CVE exclusions Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 04/10] python3-git: upgrade 3.1.32 -> 3.1.37 Steve Sakoman
` (6 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Yash Shinde <Yash.Shinde@windriver.com>
Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0023-CVE-2023-4527.patch | 219 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.37.bb | 1 +
2 files changed, 220 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
diff --git a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
new file mode 100644
index 0000000000..211249211a
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
@@ -0,0 +1,219 @@
+From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 13 Sep 2023 14:10:56 +0200
+Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses
+ in no-aaaa mode
+
+Without passing alt_dns_packet_buffer, __res_context_search can only
+store 2048 bytes (what fits into dns_packet_buffer). However,
+the function returns the total packet size, and the subsequent
+DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
+of the stack-allocated buffer.
+
+Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
+stub resolver option") and bug 30842.
+
+(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
+CVE: CVE-2023-4527
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ NEWS | 7 ++
+ resolv/Makefile | 2 +
+ resolv/nss_dns/dns-host.c | 2 +-
+ resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++
+ 4 files changed, 139 insertions(+), 1 deletion(-)
+ create mode 100644 resolv/tst-resolv-noaaaa-vc.c
+
+diff --git a/NEWS b/NEWS
+--- a/NEWS
++++ b/NEWS
+@@ -25,6 +25,7 @@
+ [30101] gmon: fix memory corruption issues
+ [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
+ symlink for libraries without soname
++ [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
+ [30151] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling
+ [30163] posix: Fix system blocks SIGCHLD erroneously
+ [30305] x86_64: Fix asm constraints in feraiseexcept
+@@ -54,6 +55,12 @@
+ heap and prints it to the target log file, potentially revealing a
+ portion of the contents of the heap.
+
++ CVE-2023-4527: If the system is configured in no-aaaa mode via
++ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
++ family, and a DNS response is received over TCP that is larger than
++ 2048 bytes, getaddrinfo may potentially disclose stack contents via
++ the returned address data, or crash.
++
+ The following bugs are resolved with this release:
+
+ [12154] network: Cannot resolve hosts which have wildcard aliases
+diff --git a/resolv/Makefile b/resolv/Makefile
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -101,6 +101,7 @@
+ tst-resolv-invalid-cname \
+ tst-resolv-network \
+ tst-resolv-noaaaa \
++ tst-resolv-noaaaa-vc \
+ tst-resolv-nondecimal \
+ tst-resolv-res_init-multi \
+ tst-resolv-search \
+@@ -292,6 +293,7 @@
+ $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
+ $(shared-thread-library)
+ $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
++$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -427,7 +427,7 @@
+ {
+ n = __res_context_search (ctx, name, C_IN, T_A,
+ dns_packet_buffer, sizeof (dns_packet_buffer),
+- NULL, NULL, NULL, NULL, NULL);
++ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
+ if (n >= 0)
+ status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n,
+ &abuf, pat, errnop, herrnop, ttlp);
+diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c
+new file mode 100644
+--- /dev/null
++++ b/resolv/tst-resolv-noaaaa-vc.c
+@@ -0,0 +1,129 @@
++/* Test the RES_NOAAAA resolver option with a large response.
++ Copyright (C) 2022-2023 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <netdb.h>
++#include <resolv.h>
++#include <stdbool.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/xmemstream.h>
++
++/* Used to keep track of the number of queries. */
++static volatile unsigned int queries;
++
++/* If true, add a large TXT record at the start of the answer section. */
++static volatile bool stuff_txt;
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* If not using TCP, just force its use. */
++ if (!ctx->tcp)
++ {
++ struct resolv_response_flags flags = {.tc = true};
++ resolv_response_init (b, flags);
++ resolv_response_add_question (b, qname, qclass, qtype);
++ return;
++ }
++
++ /* The test needs to send four queries, the first three are used to
++ grow the NSS buffer via the ERANGE handshake. */
++ ++queries;
++ TEST_VERIFY (queries <= 4);
++
++ /* AAAA queries are supposed to be disabled. */
++ TEST_COMPARE (qtype, T_A);
++ TEST_COMPARE (qclass, C_IN);
++ TEST_COMPARE_STRING (qname, "example.com");
++
++ struct resolv_response_flags flags = {};
++ resolv_response_init (b, flags);
++ resolv_response_add_question (b, qname, qclass, qtype);
++
++ resolv_response_section (b, ns_s_an);
++
++ if (stuff_txt)
++ {
++ resolv_response_open_record (b, qname, qclass, T_TXT, 60);
++ int zero = 0;
++ for (int i = 0; i <= 15000; ++i)
++ resolv_response_add_data (b, &zero, sizeof (zero));
++ resolv_response_close_record (b);
++ }
++
++ for (int i = 0; i < 200; ++i)
++ {
++ resolv_response_open_record (b, qname, qclass, qtype, 60);
++ char ipv4[4] = {192, 0, 2, i + 1};
++ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
++ resolv_response_close_record (b);
++ }
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *obj = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response
++ });
++
++ _res.options |= RES_NOAAAA;
++
++ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt)
++ {
++ queries = 0;
++ stuff_txt = do_stuff_txt;
++
++ struct addrinfo *ai = NULL;
++ int ret;
++ ret = getaddrinfo ("example.com", "80",
++ &(struct addrinfo)
++ {
++ .ai_family = AF_UNSPEC,
++ .ai_socktype = SOCK_STREAM,
++ }, &ai);
++
++ char *expected_result;
++ {
++ struct xmemstream mem;
++ xopen_memstream (&mem);
++ for (int i = 0; i < 200; ++i)
++ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1);
++ xfclose_memstream (&mem);
++ expected_result = mem.buffer;
++ }
++
++ check_addrinfo ("example.com", ai, ret, expected_result);
++
++ free (expected_result);
++ freeaddrinfo (ai);
++ }
++
++ resolv_test_end (obj);
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb
index 3387441cad..caf454f368 100644
--- a/meta/recipes-core/glibc/glibc_2.37.bb
+++ b/meta/recipes-core/glibc/glibc_2.37.bb
@@ -49,6 +49,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \
file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
+ file://0023-CVE-2023-4527.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 04/10] python3-git: upgrade 3.1.32 -> 3.1.37
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 03/10] glibc: fix CVE-2023-4527 Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 05/10] bind: upgrade 9.18.17 -> 9.18.18 Steve Sakoman
` (5 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.mali@windriver.com>
The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.
Changelog:
==========
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by @bodograumann in #1618
- feat: full typing for "progress" parameter in Repo class by @madebylydia in #1634
- Fix CVE-2023-40590 by @EliahKagan in #1636
- #1566 Creating a lock now uses python built-in "open()" method to work arou… by @HageMaster3108 in #1619
- util: close lockfile after opening successfully by @skshetry in #1639
- Bump actions/checkout from 3 to 4 by @dependabot in #1643
- Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in #1645
- Fix CVE-2023-41040 by @facutuesca in #1644
- Only make config more permissive in tests that need it by @EliahKagan in #1648
- Added test for PR #1645 submodule path by @CosmosAtlas in #1647
- Fix Windows environment variable upcasing bug by @EliahKagan in #1650
- Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in #1654
- Better document env_case test/fixture and cwd by @EliahKagan in #1657
- Remove spurious executable permissions by @EliahKagan in #1658
- Fix up checks in Makefile and make them portable by @EliahKagan in #1661
- Fix URLs that were redirecting to another license by @EliahKagan in #1662
- Assorted small fixes/improvements to root dir docs by @EliahKagan in #1663
- Use venv instead of virtualenv in test_installation by @EliahKagan in #1664
- Omit py_modules in setup by @EliahKagan in #1665
- Don't track code coverage temporary files by @EliahKagan in #1666
- Configure tox by @EliahKagan in #1667
- Format tests with black and auto-exclude untracked paths by @EliahKagan in #1668
- Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in #1673
- Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in #1675
- Remove @NoEffect annotations by @EliahKagan in #1677
- Add more checks for the validity of refnames by @facutuesca in #1672
Note that the changes to the license file are just removal of excess whitespace
(the extra blank line at the end, and spaces appearing at the end of lines).
References:
https://github.com/gitpython-developers/GitPython/releases
https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst
https://github.com/gitpython-developers/GitPython/commit/e1af18377fd69f9c1007f8abf6ccb95b3c5a6558
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-git_3.1.32.bb b/meta/recipes-devtools/python/python3-git_3.1.37.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-git_3.1.32.bb
rename to meta/recipes-devtools/python/python3-git_3.1.37.bb
index f217577eb8..56a335a79e 100644
--- a/meta/recipes-devtools/python/python3-git_3.1.32.bb
+++ b/meta/recipes-devtools/python/python3-git_3.1.37.bb
@@ -6,13 +6,13 @@ access with big-files support."
HOMEPAGE = "http://github.com/gitpython-developers/GitPython"
SECTION = "devel/python"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5279a7ab369ba336989dcf2a107e5c8e"
PYPI_PACKAGE = "GitPython"
inherit pypi python_setuptools_build_meta
-SRC_URI[sha256sum] = "8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6"
+SRC_URI[sha256sum] = "f9b9ddc0761c125d5780eab2d64be4873fc6817c2899cbcb34b02344bdc7bc54"
DEPENDS += " ${PYTHON_PN}-gitdb"
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 05/10] bind: upgrade 9.18.17 -> 9.18.18
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 04/10] python3-git: upgrade 3.1.32 -> 3.1.37 Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 06/10] bind: update to 9.18.19 Steve Sakoman
` (4 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
============
Deprecate the 'dialup' and 'heartbeat-interval' options.
Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
Mark a primary server as temporarily unreachable if the TCP connection attempt times out.
Don't process detach and close netmgr events when the netmgr has been paused.
(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../bind/{bind_9.18.17.bb => bind_9.18.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.18.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.17.bb b/meta/recipes-connectivity/bind/bind_9.18.18.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.17.bb
rename to meta/recipes-connectivity/bind/bind_9.18.18.bb
index fa1249b370..b9579ab52a 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.17.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.18.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458"
+SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 06/10] bind: update to 9.18.19
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 05/10] bind: upgrade 9.18.17 -> 9.18.18 Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 07/10] ffmpeg: 5.1.2 -> 5.1.3 Steve Sakoman
` (3 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../bind/{bind_9.18.18.bb => bind_9.18.19.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb b/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to meta/recipes-connectivity/bind/bind_9.18.19.bb
index b9579ab52a..6936c1c6ad 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] = "115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 07/10] ffmpeg: 5.1.2 -> 5.1.3
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 06/10] bind: update to 9.18.19 Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS Steve Sakoman
` (2 subsequent siblings)
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
drop patch which is already part of 5.1.3.
0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307
0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/293dc39bcaa99f213c6b7a703e11f146abf5d3be
ffmpeg-fix-vulkan.patch : https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/7268323193d55365f914de39fadd5dbdb1f68976
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...c-stop-accessing-out-of-bounds-frame.patch | 89 ---------------
...c-stop-accessing-out-of-bounds-frame.patch | 108 ------------------
.../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch | 34 ------
.../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} | 5 +-
4 files changed, 1 insertion(+), 235 deletions(-)
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} (96%)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
deleted file mode 100644
index 2775a81cc8..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
-From: Paul B Mahol <onemda@gmail.com>
-Date: Sat, 12 Nov 2022 16:12:00 +0100
-Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
-
-Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
-
-Signed-off-by: <narpat.mali@windriver.com>
-
----
- libavcodec/rpzaenc.c | 22 +++++++++++++++-------
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
-index d710eb4f82..4ced9523e2 100644
---- a/libavcodec/rpzaenc.c
-+++ b/libavcodec/rpzaenc.c
-@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt
-
- // loop thru and compare pixels
- for (y = 0; y < bi->block_height; y++) {
-- for (x = 0; x < bi->block_width; x++){
-+ for (x = 0; x < bi->block_width; x++) {
- // TODO: optimize
- min_r = FFMIN(R(block_ptr[x]), min_r);
- min_g = FFMIN(G(block_ptr[x]), min_g);
-@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi,
- return -1;
-
- for (i = 0; i < bi->block_height; i++) {
-- for (j = 0; j < bi->block_width; j++){
-+ for (j = 0; j < bi->block_width; j++) {
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
- sumx += x;
-@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi
- int max_err = 0;
-
- for (i = 0; i < bi->block_height; i++) {
-- for (j = 0; j < bi->block_width; j++){
-+ for (j = 0; j < bi->block_width; j++) {
- int x_inc, lin_y, lin_x;
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
-@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels,
- uint16_t *dest_pixels,
- const BlockInfo *bi, int block_counter)
- {
-- for (int y = 0; y < 4; y++) {
-+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
-+
-+ for (int y = 0; y < y_size; y++) {
- memcpy(dest_pixels, src_pixels, 8);
- dest_pixels += bi->rowstride;
- src_pixels += bi->rowstride;
-@@ -730,14 +732,15 @@ post_skip :
-
- if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
- uint16_t *row_ptr;
-- int rgb555;
-+ int y_size, rgb555;
-
- block_offset = get_block_info(&bi, block_counter);
-
- row_ptr = &src_pixels[block_offset];
-+ y_size = FFMIN(4, bi.image_height - bi.row * 4);
-
-- for (int y = 0; y < 4; y++) {
-- for (int x = 0; x < 4; x++){
-+ for (int y = 0; y < y_size; y++) {
-+ for (int x = 0; x < 4; x++) {
- rgb555 = row_ptr[x] & ~0x8000;
-
- put_bits(&s->pb, 16, rgb555);
-@@ -745,6 +748,11 @@ post_skip :
- row_ptr += bi.rowstride;
- }
-
-+ for (int y = y_size; y < 4; y++) {
-+ for (int x = 0; x < 4; x++)
-+ put_bits(&s->pb, 16, 0);
-+ }
-+
- block_counter++;
- } else { // FOUR COLOR BLOCK
- block_counter += encode_four_color_block(min_color, max_color,
---
-2.34.1
-
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
deleted file mode 100644
index 923fc6a9c1..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001
-From: Paul B Mahol <onemda@gmail.com>
-Date: Sat, 12 Nov 2022 15:19:21 +0100
-Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame
-
-Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd]
-
-Signed-off-by: <narpat.mali@windriver.com>
-
----
- libavcodec/smcenc.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
-index f3d26a4e8d..33549b8ab4 100644
---- a/libavcodec/smcenc.c
-+++ b/libavcodec/smcenc.c
-@@ -61,6 +61,7 @@ typedef struct SMCContext {
- { \
- row_ptr += stride * 4; \
- pixel_ptr = row_ptr; \
-+ cur_y += 4; \
- } \
- } \
- }
-@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
- const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0];
- uint8_t *distinct_values = s->distinct_values;
- const uint8_t *pixel_ptr, *row_ptr;
-+ const int height = frame->height;
- const int width = frame->width;
- uint8_t block_values[16];
- int block_counter = 0;
-@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
- int color_octet_index = 0;
- int color_table_index; /* indexes to color pair, quad, or octet tables */
- int total_blocks;
-+ int cur_y = 0;
-
- memset(s->color_pairs, 0, sizeof(s->color_pairs));
- memset(s->color_quads, 0, sizeof(s->color_quads));
- memset(s->color_octets, 0, sizeof(s->color_octets));
-
- /* Number of 4x4 blocks in frame. */
-- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4);
-+ total_blocks = ((width + 3) / 4) * ((height + 3) / 4);
-
- pixel_ptr = row_ptr = src_pixels;
-
-@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
- int cache_index;
- int distinct = 0;
- int blocks = 0;
-+ int frame_y = cur_y;
-
- while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) {
-+ const int y_size = FFMIN(4, height - cur_y);
- int compare = 0;
-
-- for (int y = 0; y < 4; y++) {
-+ for (int y = 0; y < y_size; y++) {
- const ptrdiff_t offset = pixel_ptr - src_pixels;
- const uint8_t *prev_pixel_ptr = prev_pixels + offset;
-
-@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
-
- pixel_ptr = xpixel_ptr;
- row_ptr = xrow_ptr;
-+ cur_y = frame_y;
-
- while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) {
-+ const int y_size = FFMIN(4, height - cur_y);
- const ptrdiff_t offset = pixel_ptr - src_pixels;
- const int sy = offset / stride;
- const int sx = offset % stride;
-@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
- const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
- int compare = 0;
-
-- for (int y = 0; y < 4; y++) {
-+ for (int y = 0; y < y_size; y++) {
- compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4);
- if (compare)
- break;
-@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
-
- pixel_ptr = xpixel_ptr;
- row_ptr = xrow_ptr;
-+ cur_y = frame_y;
-
- while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) {
-- for (int y = 0; y < 4; y++)
-+ const int y_size = FFMIN(4, height - cur_y);
-+ for (int y = 0; y < y_size; y++)
- memcpy(block_values + y * 4, pixel_ptr + y * stride, 4);
-
- qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values);
-@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
-
- pixel_ptr = xpixel_ptr;
- row_ptr = xrow_ptr;
-+ cur_y = frame_y;
-
- blocks = coded_blocks;
- distinct = coded_distinct;
---
-2.34.1
-
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
deleted file mode 100644
index 95bd608a27..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Lynne <dev@lynne.ee>
-Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100)
-Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list
-X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690
-
-hwcontext_vulkan: remove optional encode/decode extensions from the list
-
-They're not currently used, so they don't need to be there.
-Vulkan stabilized the decode extensions less than a week ago, and their
-name prefixes were changed from EXT to KHR. It's a bit too soon to be
-depending on it, so rather than bumping, just remove these for now.
-
-Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690]
----
-
-diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c
-index f1db1c7291..2a9b5f4aac 100644
---- a/libavutil/hwcontext_vulkan.c
-+++ b/libavutil/hwcontext_vulkan.c
-@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = {
- { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY },
- { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM },
- #endif
--
-- /* Video encoding/decoding */
-- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
-- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
-- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
-- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
-- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
-- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
- };
-
- /* Converts return values to strings */
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb
similarity index 96%
rename from meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
rename to meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb
index aa5a8681cf..9899e570ad 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.3.bb
@@ -23,12 +23,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
- file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
- file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
- file://ffmpeg-fix-vulkan.patch \
"
-SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc"
+SRC_URI[sha256sum] = "1b113593ff907293be7aed95acdda5e785dd73616d7d4ec90a0f6adbc5a0312e"
# CVE-2023-39018 issue belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI)
# and not ffmepg itself.
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 07/10] ffmpeg: 5.1.2 -> 5.1.3 Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Steve Sakoman
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
This patch is to ensure recipes get rebuilt correctly and avoid
incorrect sstate cache reuse when toggling multilib.
The following steps show one example of such incorrect sstate cache reuse.
1. enable multilib && bitbake <some_image> -c populate_sdk
2. disable multilib && bitbake <some_image> -c populate_sdk
The error message is as below:
Error:
Problem: conflicting requests
- nothing provides binutils-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gcc-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gdb-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
(try to add '--skip-broken' to skip uninstallable packages)
We get this error because packagegroup-cross-canadian recipe is
not rebuilt when it should be.
Current codes have tracked the dependency to MULTILIB_VARIANTS, as
shown in the following chain:
RDEPENDS:packagegroup-cross-canadian-intel-x86-64 ->
all_multilib_tune_values -> MULTILIB_VARIANTS.
However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS.
See some results from 'bitbake-dumpsigs' below:
List of dependencies for variable MULTILIB_VARIANTS is ['extend_variants']
Variable MULTILIB_VARIANTS value is ${@extend_variants(d,'MULTILIBS','multilib')}
It's obvious that the value of MULTILIB_VARIANTS depend on the
value of MULTILIBS, so let's set this dependency manually.
(From OE-Core rev: 9f47d8eb51816d16078a23c0cef4d697555f913f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/multilib.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf
index 7f3b9463ef..ef3605a73d 100644
--- a/meta/conf/multilib.conf
+++ b/meta/conf/multilib.conf
@@ -2,6 +2,7 @@
baselib = "${@d.getVar('BASE_LIB:tune-' + (d.getVar('DEFAULTTUNE') or 'INVALID')) or d.getVar('BASELIB')}"
MULTILIB_VARIANTS = "${@extend_variants(d,'MULTILIBS','multilib')}"
+MULTILIB_VARIANTS[vardeps] += "MULTILIBS"
MULTILIB_SAVE_VARNAME = "DEFAULTTUNE TARGET_ARCH TARGET_SYS TARGET_VENDOR"
MULTILIBS ??= "multilib:lib32"
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
2023-09-26 21:43 ` [OE-core][mickledore 10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Steve Sakoman
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
The gcc_multilib_setup function is a function that is run at the
do_configure step, so it's counted into the signature computation.
The MULTILIB_VARIANTS this function uses is also extracted to be
taken into consideration. After the change of setting MULTILIB_VARIANTS
explictly vardeps on MULTILIBS, the change of MULTILIBS changes the
signature, thus causing rebuilding. However, in case of gcc-crosssdk,
the setting of multilib should have no effect on it, as it's used
to build nativesdk packages, not the target packages. So ignore
MULTILIB_VARIANTS in signature computation. This fixes oe-selftest
case sstatetests.SStateHashSameSigs2.test_sstate_nativesdk_samesigs_multilib.
(From OE-Core rev: 537c71162a711dec32a63a657c4b101269a3e267)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-crosssdk.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk.inc b/meta/recipes-devtools/gcc/gcc-crosssdk.inc
index bd2e71d63f..74c4537f4f 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk.inc
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk.inc
@@ -10,3 +10,5 @@ GCCMULTILIB = "--disable-multilib"
DEPENDS = "virtual/${TARGET_PREFIX}binutils-crosssdk gettext-native ${NATIVEDEPS}"
PROVIDES = "virtual/${TARGET_PREFIX}gcc-crosssdk virtual/${TARGET_PREFIX}g++-crosssdk"
+
+gcc_multilib_setup[vardepsexclude] = "MULTILIB_VARIANTS"
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [OE-core][mickledore 10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
2023-09-26 21:43 [OE-core][mickledore 00/10] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-09-26 21:43 ` [OE-core][mickledore 09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation Steve Sakoman
@ 2023-09-26 21:43 ` Steve Sakoman
9 siblings, 0 replies; 12+ messages in thread
From: Steve Sakoman @ 2023-09-26 21:43 UTC (permalink / raw)
To: openembedded-core
From: Jaeyoon Jung <jaeyoon.jung@lge.com>
Variable overrides in KCONFIG_CONFIG_COMMAND do not work as expected due
to double quote mismatches. The issue is reproducible in an environment
where gold is the default linker. Below is an example snippet of
run.do_terminal generated by do_menuconfig.
do_terminal() {
exec sh -c "make menuconfig CC="aarch64-webos-linux-gcc ..."
LD="aarch64-webos-linux-ld.bfd ..."
...
}
Although LD override is set to bfd correctly, it is not passed to make
and make menuconfig ends up with messages like:
| gold linker is not supported as it is not capable of linking the kernel proper.
| scripts/Kconfig.include:56: Sorry, this linker is not supported.
(From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7)
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4664d2b7974354e73d891762ebb2c8a12d62438)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/cml1.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/cml1.bbclass b/meta/classes-recipe/cml1.bbclass
index a09a042c3f..73c22f81d6 100644
--- a/meta/classes-recipe/cml1.bbclass
+++ b/meta/classes-recipe/cml1.bbclass
@@ -53,7 +53,7 @@ python do_menuconfig() {
# ensure that environment variables are overwritten with this tasks 'd' values
d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR")
- oe_terminal("sh -c \"make %s; if [ \\$? -ne 0 ]; then echo 'Command failed.'; printf 'Press any key to continue... '; read r; fi\"" % d.getVar('KCONFIG_CONFIG_COMMAND'),
+ oe_terminal("sh -c 'make %s; if [ \\$? -ne 0 ]; then echo \"Command failed.\"; printf \"Press any key to continue... \"; read r; fi'" % d.getVar('KCONFIG_CONFIG_COMMAND'),
d.getVar('PN') + ' Configuration', d)
# FIXME this check can be removed when the minimum bitbake version has been bumped
--
2.34.1
^ permalink raw reply related [flat|nested] 12+ messages in thread