* [OE-core][kirkstone 00/19] Patch review
@ 2022-05-25 14:29 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:29 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3703
The following changes since commit d3beac233558242ab6895e9ba8536a6df9df8eb3:
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES (2022-05-22 11:40:26 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (15):
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
libcgroup: upgrade 2.0.1 -> 2.0.2
mesa: upgrade 22.0.2 -> 22.0.3
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
sqlite3: upgrade 3.38.3 -> 3.38.5
Hitendra Prajapati (1):
pcre2: CVE-2022-1586 Out-of-bounds read
Peter Kjellerstedt (1):
license_image.bbclass: Make QA errors fail the build
Ross Burton (1):
oeqa/selftest/cve_check: add tests for recipe and image reports
Steve Sakoman (1):
go: upgrade 1.17.8 -> 1.17.10
meta/classes/license_image.bbclass | 2 +
meta/lib/oeqa/selftest/cases/cve_check.py | 77 ++++++++++++++++++-
.../mobile-broadband-provider-info_git.bb | 4 +-
...{libcgroup_2.0.1.bb => libcgroup_2.0.2.bb} | 2 +-
.../go/{go-1.17.8.inc => go-1.17.10.inc} | 2 +-
..._1.17.8.bb => go-binary-native_1.17.10.bb} | 4 +-
...1.17.8.bb => go-cross-canadian_1.17.10.bb} | 0
...go-cross_1.17.8.bb => go-cross_1.17.10.bb} | 0
...sssdk_1.17.8.bb => go-crosssdk_1.17.10.bb} | 0
...-native_1.17.8.bb => go-native_1.17.10.bb} | 0
...untime_1.17.8.bb => go-runtime_1.17.10.bb} | 0
.../go/{go_1.17.8.bb => go_1.17.10.bb} | 0
.../{mesa-gl_22.0.2.bb => mesa-gl_22.0.3.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../mesa/{mesa_22.0.2.bb => mesa_22.0.3.bb} | 0
...tools_1.20.1.bb => gst-devtools_1.20.2.bb} | 2 +-
...1.20.1.bb => gstreamer1.0-libav_1.20.2.bb} | 2 +-
...x_1.20.1.bb => gstreamer1.0-omx_1.20.2.bb} | 2 +-
....bb => gstreamer1.0-plugins-bad_1.20.2.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.20.2.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.20.2.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.20.2.bb} | 2 +-
....20.1.bb => gstreamer1.0-python_1.20.2.bb} | 2 +-
....bb => gstreamer1.0-rtsp-server_1.20.2.bb} | 2 +-
...1.20.1.bb => gstreamer1.0-vaapi_1.20.2.bb} | 2 +-
...er1.0_1.20.1.bb => gstreamer1.0_1.20.2.bb} | 2 +-
.../libpcre/libpcre2/CVE-2022-1586.patch | 58 ++++++++++++++
.../recipes-support/libpcre/libpcre2_10.39.bb | 5 +-
.../{sqlite3_3.38.3.bb => sqlite3_3.38.5.bb} | 2 +-
29 files changed, 158 insertions(+), 22 deletions(-)
rename meta/recipes-core/libcgroup/{libcgroup_2.0.1.bb => libcgroup_2.0.2.bb} (93%)
rename meta/recipes-devtools/go/{go-1.17.8.inc => go-1.17.10.inc} (92%)
rename meta/recipes-devtools/go/{go-binary-native_1.17.8.bb => go-binary-native_1.17.10.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.17.8.bb => go-cross-canadian_1.17.10.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.17.8.bb => go-cross_1.17.10.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.17.8.bb => go-crosssdk_1.17.10.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.17.8.bb => go-native_1.17.10.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.17.8.bb => go-runtime_1.17.10.bb} (100%)
rename meta/recipes-devtools/go/{go_1.17.8.bb => go_1.17.10.bb} (100%)
rename meta/recipes-graphics/mesa/{mesa-gl_22.0.2.bb => mesa-gl_22.0.3.bb} (100%)
rename meta/recipes-graphics/mesa/{mesa_22.0.2.bb => mesa_22.0.3.bb} (100%)
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.1.bb => gst-devtools_1.20.2.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.1.bb => gstreamer1.0-libav_1.20.2.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.1.bb => gstreamer1.0-omx_1.20.2.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.1.bb => gstreamer1.0-plugins-bad_1.20.2.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.1.bb => gstreamer1.0-plugins-base_1.20.2.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.1.bb => gstreamer1.0-plugins-good_1.20.2.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.1.bb => gstreamer1.0-plugins-ugly_1.20.2.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.1.bb => gstreamer1.0-python_1.20.2.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.1.bb => gstreamer1.0-rtsp-server_1.20.2.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.1.bb => gstreamer1.0-vaapi_1.20.2.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.1.bb => gstreamer1.0_1.20.2.bb} (97%)
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
rename meta/recipes-support/sqlite/{sqlite3_3.38.3.bb => sqlite3_3.38.5.bb} (86%)
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2022-08-31 14:39 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-08-31 14:39 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4160
with the exception of an autobuilder NAS timeout on qemux86-world which
passed on subsequent retest:
https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/3450
The following changes since commit 92f122e0c1a7589bec3b628474548aad7fe159b4:
wic: depend on cross-binutils (2022-08-31 04:16:07 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
bind: upgrade 9.18.4 -> 9.18.5
Andrei Gherzan (4):
linux-yocto: Fix COMPATIBLE_MACHINE regex match
shadow: Enable subid support
rootfspostcommands.py: Cleanup subid backup files generated by
shadow-utils
shadow: Avoid nss warning/error with musl
Bruce Ashfield (4):
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.15: update to v5.15.62
linux-yocto/5.10: update to v5.10.136
linux-yocto/5.10: update to v5.10.137
Khem Raj (5):
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
Mateusz Marciniec (1):
util-linux: Remove --enable-raw from EXTRA_OECONF
Pavel Zhukov (1):
parselogs: Ignore xf86OpenConsole error
Ross Burton (1):
libxml2: wrap xmllint to use the correct XML catalogues
Steve Sakoman (1):
lttng-modules: fix build for kernel 5.10.137
ghassaneben (1):
sqlite: fix CVE-2022-35737
meta/lib/oeqa/runtime/cases/parselogs.py | 1 +
meta/lib/rootfspostcommands.py | 7 ++
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.4 => bind-9.18.5}/bind9 | 0
.../{bind-9.18.4 => bind-9.18.5}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.4.bb => bind_9.18.5.bb} | 2 +-
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
.../util-linux/util-linux_2.37.4.bb | 2 +-
...f-message-when-not-in-place-eg.-musl.patch | 27 ++++++
meta/recipes-extended/shadow/shadow.inc | 9 ++
...guard-sys-quota.h-sys-swap.h-and-sys.patch | 37 ++++++++
.../watchdog/watchdog_5.16.bb | 1 +
.../xinetd/xinetd_2.3.15.4.bb | 2 +
meta/recipes-gnome/gcr/gcr_3.40.0.bb | 2 +
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 8 +-
.../linux/linux-yocto-rt_5.15.bb | 8 +-
.../linux/linux-yocto-tiny_5.10.bb | 10 +-
.../linux/linux-yocto-tiny_5.15.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 26 +++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 28 +++---
...djust-range-v5.10.137-in-block-probe.patch | 92 +++++++++++++++++++
.../lttng/lttng-modules_2.13.4.bb | 1 +
...CHE_CHECK-for-strerror_r-return-type.patch | 52 +++++++++++
meta/recipes-support/apr/apr_1.7.0.bb | 4 +
.../pinentry/pinentry_1.2.0.bb | 3 +
...riables-in-the-printf-implementation.patch | 26 ++++++
33 files changed, 313 insertions(+), 47 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.4.bb => bind_9.18.5.bb} (97%)
create mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
create mode 100644 meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch
create mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
create mode 100644 meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2022-12-18 16:12 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-12-18 16:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4645
The following changes since commit 45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2:
build-appliance-image: Update to kirkstone head revision (2022-12-13 15:59:33 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Stewart (1):
lsof: add update-alternatives logic
Carlos Alberto Lopez Perez (1):
xwayland: libxshmfence is needed when dri3 is enabled
Chen Qi (2):
bc: extend to nativesdk
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
Florin Diaconescu (1):
python3: upgrade 3.10.8 -> 3.10.9
Hitendra Prajapati (2):
golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing
regexps
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Marta Rybczynska (1):
efibootmgr: update compilation with musl
Mathieu Dubois-Briand (1):
dbus: Add missing CVE product name
Peter Marko (2):
externalsrc: fix lookup for .gitmodules
oeqa/selftest/externalsrc: add test for srctree_hash_files
Richard Purdie (1):
yocto-check-layer: Allow OE-Core to be tested
Ross Burton (4):
lib/buildstats: fix parsing of trees with reduced_proc_pressure
directories
combo-layer: remove unused import
combo-layer: dont use bb.utils.rename
combo-layer: add sync-revs command
Wang Mingyu (3):
bind: upgrade 9.18.8 -> 9.18.9
mpfr: upgrade 4.1.0 -> 4.1.1
libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
meta/classes/externalsrc.bbclass | 2 +-
meta/classes/rm_work.bbclass | 2 +-
meta/lib/oeqa/selftest/cases/externalsrc.py | 44 ++
meta/recipes-bsp/efibootmgr/efibootmgr_17.bb | 2 -
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.8 => bind-9.18.9}/bind9 | 0
.../{bind-9.18.8 => bind-9.18.9}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.8.bb => bind_9.18.9.bb} | 2 +-
meta/recipes-core/dbus/dbus_1.14.4.bb | 2 +
...t_4.4.30.bb => libxcrypt-compat_4.4.33.bb} | 0
meta/recipes-core/libxcrypt/libxcrypt.inc | 2 +-
.../libxml/libxml2/CVE-2022-40303.patch | 624 ++++++++++++++++++
.../libxml/libxml2/CVE-2022-40304.patch | 106 +++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2022-41715.patch | 270 ++++++++
.../python/python3/CVE-2022-42919.patch | 70 --
.../python/python3/cve-2022-37454.patch | 108 ---
.../{python3_3.10.8.bb => python3_3.10.9.bb} | 3 +-
meta/recipes-extended/bc/bc_1.07.1.bb | 2 +-
meta/recipes-extended/lsof/lsof_4.94.0.bb | 9 +
.../xwayland/xwayland_22.1.5.bb | 2 +-
.../mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb} | 2 +-
scripts/combo-layer | 30 +-
scripts/lib/buildstats.py | 4 +-
scripts/lib/checklayer/__init__.py | 11 +-
scripts/lib/checklayer/cases/bsp.py | 2 +-
scripts/lib/checklayer/cases/common.py | 3 +
scripts/lib/checklayer/cases/distro.py | 2 +-
scripts/yocto-check-layer | 5 +-
36 files changed, 1107 insertions(+), 205 deletions(-)
create mode 100644 meta/lib/oeqa/selftest/cases/externalsrc.py
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.8.bb => bind_9.18.9.bb} (97%)
rename meta/recipes-core/libxcrypt/{libxcrypt-compat_4.4.30.bb => libxcrypt-compat_4.4.33.bb} (100%)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
delete mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.10.8.bb => python3_3.10.9.bb} (99%)
rename meta/recipes-support/mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb} (91%)
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2024-10-29 18:59 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508 Steve Sakoman
` (18 more replies)
0 siblings, 19 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, October 31
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/362
The following changes since commit 983e3efb51ab22f1fa5f90cbbfba2d701aa425fc:
kmscube: create_framebuffer: backport modifier fix (2024-10-16 06:55:13 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Antoine Lubineau (1):
cve-check: add CVSS vector string to CVE database and reports
Ashish Sharma (1):
ghostscript: Backport CVE-2024-29508
Eilís 'pidge' Ní Fhlannagáin (1):
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Khem Raj (3):
zip: Make configure checks to be more robust
zip: Fix build with gcc-14
util-linux: Define pidfd_* function signatures
Martin Jansa (3):
vala: add -Wno-error=incompatible-pointer-types work around
libffi: backport a fix to build libffi-native with gcc-14
at-spi2-core: backport a patch to fix build with gcc-14 on host
Peter Marko (3):
openssl: patch CVE-2024-9143
python3: ignore fixed CVEs
cve-check: add support for cvss v4.0
Rohini Sangam (1):
vim: Upgrade 9.1.0698 -> 9.1.0764
Siddharth Doshi (1):
vim: Upgrade 9.1.0682 -> 9.1.0698
Steve Sakoman (1):
bmap-tools: update HOMEPAGE and SRC_URI
Wang Mingyu (1):
orc: upgrade 0.4.39 -> 0.4.40
Yogita Urade (1):
qemu: fix CVE-2023-3019
Zoltan Boszormenyi (1):
cracklib: Modify patch to compile with GCC 14
baruch@tkos.co.il (1):
overlayfs-etc: add option to skip creation of mount dirs
meta/classes/cve-check.bbclass | 12 +-
meta/classes/overlayfs-etc.bbclass | 5 +-
meta/files/overlayfs-etc-preinit.sh.in | 16 +-
.../openssl/openssl/CVE-2024-9143.patch | 202 ++++++
.../openssl/openssl_3.0.15.bb | 1 +
.../meta/cve-update-nvd2-native.bb | 19 +-
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../0001-check-for-sys-pidfd.h.patch | 50 ++
.../orc/{orc_0.4.39.bb => orc_0.4.40.bb} | 2 +-
.../python/python3_3.10.15.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 18 +-
.../qemu/qemu/CVE-2023-3019-0001.patch | 622 ++++++++++++++++++
.../qemu/qemu/CVE-2023-3019-0002.patch | 91 +++
meta/recipes-devtools/vala/vala.inc | 4 +
...port-dictionary-byte-order-dependent.patch | 2 +-
.../ghostscript/CVE-2024-29508-1.patch | 308 +++++++++
.../ghostscript/CVE-2024-29508-2.patch | 29 +
.../ghostscript/ghostscript_9.55.0.bb | 2 +
...e-dirent.h-for-closedir-opendir-APIs.patch | 45 ++
...y-correct-function-signatures-and-de.patch | 134 ++++
meta/recipes-extended/zip/zip_3.0.bb | 2 +
.../0001-Fix-function-prototype.patch | 27 +
.../atk/at-spi2-core_2.42.0.bb | 1 +
.../bmap-tools/bmap-tools_git.bb | 4 +-
...ward-declare-open_temp_exec_file-764.patch | 47 ++
meta/recipes-support/libffi/libffi_3.4.4.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
scripts/nativesdk-intercept/chgrp | 5 +-
scripts/nativesdk-intercept/chown | 5 +-
29 files changed, 1630 insertions(+), 31 deletions(-)
create mode 100755 meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
rename meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} (92%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch
create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch
create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch
create mode 100644 meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch
create mode 100644 meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 02/19] openssl: patch CVE-2024-9143 Steve Sakoman
` (17 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Ashish Sharma <asharma@mvista.com>
Import patch from ubuntu to fix
CVE-2024-29508
Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a]
Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ghostscript/CVE-2024-29508-1.patch | 308 ++++++++++++++++++
.../ghostscript/CVE-2024-29508-2.patch | 29 ++
.../ghostscript/ghostscript_9.55.0.bb | 2 +
3 files changed, 339 insertions(+)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch
new file mode 100644
index 0000000000..cb3b736289
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch
@@ -0,0 +1,308 @@
+Backport of:
+Note: updated to fix compiler warning.
+
+From ff1013a0ab485b66783b70145e342a82c670906a Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 25 Jan 2024 11:53:44 +0000
+Subject: Bug 707510 - review printing of pointers
+
+This is for item 4 of the report, which is addressed by the change in
+gdevpdtb.c. That change uses a fixed name for fonts which have no name
+instead of using the pointer to the address of the font.
+
+The remaining changes are all due to reviewing the use of PRI_INTPTR.
+In general we only use that for debugging purposes but there were a few
+places which were printing pointers arbitrarily, even in a release build.
+
+We really don't want to do that so I've modified the places which were
+printing pointer unconditionally so that they only do so if DEBUG is
+set at compile time, or a specific debug flag is set.
+
+CVE: CVE-2024-29508
+Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a]
+Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ base/gsfont.c | 4 ++--
+ base/gsicc_cache.c | 8 ++++----
+ base/gsmalloc.c | 4 ++--
+ base/gxclmem.c | 5 ++---
+ base/gxcpath.c | 6 +++++-
+ base/gxpath.c | 8 +++++++-
+ base/szlibc.c | 4 +++-
+ devices/gdevupd.c | 7 ++++++-
+ devices/vector/gdevpdtb.c | 4 ++--
+ psi/ialloc.c | 4 ++--
+ psi/igc.c | 6 +++---
+ psi/igcstr.c | 6 +++---
+ psi/iinit.c | 6 +++++-
+ psi/imainarg.c | 5 +++--
+ psi/isave.c | 4 ++--
+ psi/iutil.c | 6 +++++-
+ 16 files changed, 56 insertions(+), 31 deletions(-)
+
+--- a/base/gsfont.c
++++ b/base/gsfont.c
+@@ -778,7 +778,7 @@ gs_purge_font(gs_font * pfont)
+ else if (pdir->scaled_fonts == pfont)
+ pdir->scaled_fonts = next;
+ else { /* Shouldn't happen! */
+- lprintf1("purged font "PRI_INTPTR" not found\n", (intptr_t)pfont);
++ if_debug1m('u', pfont->memory, "purged font "PRI_INTPTR" not found\n", (intptr_t)pfont);
+ }
+
+ /* Purge the font from the scaled font cache. */
+--- a/base/gsicc_cache.c
++++ b/base/gsicc_cache.c
+@@ -149,7 +149,7 @@ icc_linkcache_finalize(const gs_memory_t
+
+ while (link_cache->head != NULL) {
+ if (link_cache->head->ref_count != 0) {
+- emprintf2(mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n",
++ if_debug2m(gs_debug_flag_icc, mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n",
+ (intptr_t)link_cache->head, link_cache->head->ref_count);
+ link_cache->head->ref_count = 0; /* force removal */
+ }
+@@ -560,7 +560,7 @@ gsicc_findcachelink(gsicc_hashlink_t has
+ /* that was building it failed to be able to complete building it */
+ /* this is probably a fatal error. MV ??? */
+ if (curr->valid == false) {
+- emprintf1(curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */
++ if_debug1m(gs_debug_flag_icc, curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */
+ }
+ gx_monitor_enter(icc_link_cache->lock); /* re-enter to loop and check */
+ }
+@@ -587,7 +587,7 @@ gsicc_remove_link(gsicc_link_t *link, co
+ /* NOTE: link->ref_count must be 0: assert ? */
+ gx_monitor_enter(icc_link_cache->lock);
+ if (link->ref_count != 0) {
+- emprintf2(memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count);
++ if_debug2m(gs_debug_flag_icc, memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count);
+ }
+ curr = icc_link_cache->head;
+ prev = NULL;
+--- a/base/gsmalloc.c
++++ b/base/gsmalloc.c
+@@ -419,7 +419,7 @@ gs_heap_resize_string(gs_memory_t * mem,
+ client_name_t cname)
+ {
+ if (gs_heap_object_type(mem, data) != &st_bytes)
+- lprintf2("%s: resizing non-string "PRI_INTPTR"!\n",
++ if_debug2m('a', mem, "%s: resizing non-string "PRI_INTPTR"!\n",
+ client_name_string(cname), (intptr_t)data);
+ return gs_heap_resize_object(mem, data, new_num, cname);
+ }
+--- a/base/gxclmem.c
++++ b/base/gxclmem.c
+@@ -490,8 +490,7 @@ memfile_fclose(clist_file_ptr cf, const
+ /* leaks if other users of the memfile don't 'fclose with delete=true */
+ if (f->openlist != NULL || ((f->base_memfile != NULL) && f->base_memfile->is_open)) {
+ /* TODO: do the cleanup rather than just giving an error */
+- emprintf1(f->memory,
+- "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n",
++ if_debug1(':', "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n",
+ (intptr_t)f);
+ return_error(gs_error_invalidfileaccess);
+ } else {
+--- a/base/gxcpath.c
++++ b/base/gxcpath.c
+@@ -172,8 +172,10 @@ gx_cpath_init_contained_shared(gx_clip_p
+ {
+ if (shared) {
+ if (shared->path.segments == &shared->path.local_segments) {
++#ifdef DEBUG
+ lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n",
+ (intptr_t)shared);
++#endif
+ return_error(gs_error_Fatal);
+ }
+ *pcpath = *shared;
+@@ -230,8 +232,10 @@ gx_cpath_init_local_shared_nested(gx_cli
+ if (shared) {
+ if ((shared->path.segments == &shared->path.local_segments) &&
+ !safely_nested) {
++#ifdef DEBUG
+ lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n",
+ (intptr_t)shared);
++#endif
+ return_error(gs_error_Fatal);
+ }
+ pcpath->path = shared->path;
+--- a/base/gxpath.c
++++ b/base/gxpath.c
+@@ -137,8 +137,10 @@ gx_path_init_contained_shared(gx_path *
+ {
+ if (shared) {
+ if (shared->segments == &shared->local_segments) {
++#ifdef DEBUG
+ lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n",
+ (intptr_t)shared);
++#endif
+ return_error(gs_error_Fatal);
+ }
+ *ppath = *shared;
+@@ -172,8 +174,10 @@ gx_path_alloc_shared(const gx_path * sha
+ ppath->procs = &default_path_procs;
+ if (shared) {
+ if (shared->segments == &shared->local_segments) {
++#ifdef DEBUG
+ lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n",
+ (intptr_t)shared);
++#endif
+ gs_free_object(mem, ppath, cname);
+ return 0;
+ }
+@@ -203,8 +207,10 @@ gx_path_init_local_shared(gx_path * ppat
+ {
+ if (shared) {
+ if (shared->segments == &shared->local_segments) {
++#ifdef DEBUG
+ lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n",
+ (intptr_t)shared);
++#endif
+ return_error(gs_error_Fatal);
+ }
+ *ppath = *shared;
+--- a/base/szlibc.c
++++ b/base/szlibc.c
+@@ -110,7 +110,9 @@ s_zlib_free(void *zmem, void *data)
+ gs_free_object(mem, data, "s_zlib_free(data)");
+ for (; ; block = block->next) {
+ if (block == 0) {
++#ifdef DEBUG
+ lprintf1("Freeing unrecorded data "PRI_INTPTR"!\n", (intptr_t)data);
++#endif
+ return;
+ }
+ if (block->data == data)
+--- a/devices/gdevupd.c
++++ b/devices/gdevupd.c
+@@ -1039,8 +1039,13 @@ upd_print_page(gx_device_printer *pdev,
+ */
+ if(!upd || B_OK4GO != (upd->flags & (B_OK4GO | B_ERROR))) {
+ #if UPD_MESSAGES & (UPD_M_ERROR | UPD_M_TOPCALLS)
++#ifdef DEBUG
+ errprintf(pdev->memory, "CALL-REJECTED upd_print_page(" PRI_INTPTR "," PRI_INTPTR ")\n",
+ (intptr_t)udev,(intptr_t) out);
++#else
++ errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n",
++ (intptr_t)udev,(intptr_t) out);
++#endif
+ #endif
+ return_error(gs_error_undefined);
+ }
+--- a/devices/vector/gdevpdtb.c
++++ b/devices/vector/gdevpdtb.c
+@@ -371,7 +371,7 @@ pdf_base_font_alloc(gx_device_pdf *pdev,
+ font_name.size -= SUBSET_PREFIX_SIZE;
+ }
+ } else {
+- gs_sprintf(fnbuf, ".F" PRI_INTPTR, (intptr_t)copied);
++ gs_snprintf(fnbuf, sizeof(fnbuf), "Anonymous");
+ font_name.data = (byte *)fnbuf;
+ font_name.size = strlen(fnbuf);
+ }
+--- a/psi/ialloc.c
++++ b/psi/ialloc.c
+@@ -386,7 +386,7 @@ gs_free_ref_array(gs_ref_memory_t * mem,
+ size = num_refs * sizeof(ref);
+ break;
+ default:
+- lprintf3("Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!",
++ if_debug3('A', "Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!",
+ r_type(parr), num_refs, (intptr_t)obj);
+ return;
+ }
+--- a/psi/igc.c
++++ b/psi/igc.c
+@@ -1061,7 +1061,7 @@ gc_extend_stack(gc_mark_stack * pms, gc_
+
+ if (cp == 0) { /* We were tracing outside collectible */
+ /* storage. This can't happen. */
+- lprintf1("mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n",
++ if_debug1('6', "mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n",
+ (intptr_t)cptr);
+ gs_abort(pstate->heap);
+ }
+@@ -1290,7 +1290,7 @@ igc_reloc_struct_ptr(const void /*obj_he
+
+ if (cp != 0 && cp->cbase <= (byte *)obj && (byte *)obj <cp->ctop) {
+ if (back > (cp->ctop - cp->cbase) >> obj_back_shift) {
+- lprintf2("Invalid back pointer %u at "PRI_INTPTR"!\n",
++ if_debug2('6', "Invalid back pointer %u at "PRI_INTPTR"!\n",
+ back, (intptr_t)obj);
+ gs_abort(NULL);
+ }
+--- a/psi/igcstr.c
++++ b/psi/igcstr.c
+@@ -152,7 +152,7 @@ gc_string_mark(const byte * ptr, uint si
+ return false;
+ #ifdef DEBUG
+ if (ptr - HDR_ID_OFFSET < cp->ctop) {
+- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n",
++ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n",
+ (intptr_t)ptr - HDR_ID_OFFSET, size, (intptr_t)cp->ctop, (intptr_t)cp->climit);
+ return false;
+ } else if (ptr + size > cp->climit) { /*
+@@ -171,7 +171,7 @@ gc_string_mark(const byte * ptr, uint si
+ while (ptr - HDR_ID_OFFSET == scp->climit && scp->outer != 0)
+ scp = scp->outer;
+ if (ptr - HDR_ID_OFFSET + size > scp->climit) {
+- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n",
++ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n",
+ (intptr_t)ptr - HDR_ID_OFFSET, size,
+ (intptr_t)scp->ctop, (intptr_t)scp->climit);
+ return false;
+--- a/psi/iinit.c
++++ b/psi/iinit.c
+@@ -395,8 +395,12 @@ zop_init(i_ctx_t *i_ctx_p)
+ if (def->proc != 0) {
+ code = def->proc(i_ctx_p);
+ if (code < 0) {
++#ifdef DEBUG
+ lprintf2("op_init proc "PRI_INTPTR" returned error %d!\n",
+ (intptr_t)def->proc, code);
++#else
++ lprintf("op_init proc returned error !\n");
++#endif
+ return code;
+ }
+ }
+--- a/psi/imainarg.c
++++ b/psi/imainarg.c
+@@ -229,7 +229,8 @@ gs_main_init_with_args01(gs_main_instanc
+ if (gs_debug[':'] && !have_dumped_args) {
+ int i;
+
+- dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ",
++ if (gs_debug_c(gs_debug_flag_init_details))
++ dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ",
+ (intptr_t)minst);
+ for (i=1; i<argc; i++)
+ dmprintf1(minst->heap, "%s ", argv[i]);
+--- a/psi/isave.c
++++ b/psi/isave.c
+@@ -487,7 +487,7 @@ alloc_save_change_in(gs_ref_memory_t *me
+ else if (r_is_struct(pcont))
+ cp->offset = (byte *) where - (byte *) pcont->value.pstruct;
+ else {
+- lprintf3("Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n",
++ if_debug3('u', "Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n",
+ r_type(pcont), (intptr_t) pcont, (intptr_t) where);
+ gs_abort((const gs_memory_t *)mem);
+ }
+--- a/psi/iutil.c
++++ b/psi/iutil.c
+@@ -537,7 +537,11 @@ other:
+ break;
+ }
+ /* Internal operator, no name. */
+- gs_sprintf(buf, "@"PRI_INTPTR, (intptr_t) op->value.opproc);
++#ifdef DEBUG
++ gs_snprintf(buf, sizeof(buf), "@"PRI_INTPTR, (intptr_t) op->value.opproc);
++#else
++ gs_snprintf(buf, sizeof(buf), "@anonymous_operator", (intptr_t) op->value.opproc);
++#endif
+ break;
+ }
+ case t_real:
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch
new file mode 100644
index 0000000000..11f89e0882
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch
@@ -0,0 +1,29 @@
+From d084021e06ba1caa1373fbbcf24a8510f43830ab Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Sat, 27 Jan 2024 09:30:30 +0000
+Subject: [PATCH] Coverity IDs 414141 & 414145
+
+These are the same problem reported two different ways. I forgot to
+remove the arguments to errprintf when I removed the format specifiers
+from the string as part of reviewing the pointer printing.
+
+CVE: CVE-2024-29508
+Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a]
+Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ devices/gdevupd.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/devices/gdevupd.c
++++ b/devices/gdevupd.c
+@@ -1043,8 +1043,7 @@ upd_print_page(gx_device_printer *pdev,
+ errprintf(pdev->memory, "CALL-REJECTED upd_print_page(" PRI_INTPTR "," PRI_INTPTR ")\n",
+ (intptr_t)udev,(intptr_t) out);
+ #else
+- errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n",
+- (intptr_t)udev,(intptr_t) out);
++ errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n");
+ #endif
+ #endif
+ return_error(gs_error_undefined);
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 525086e2af..969e637f5e 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -54,6 +54,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2024-29511-0002.patch \
file://CVE-2024-29509.patch \
file://CVE-2024-29506.patch \
+ file://CVE-2024-29508-1.patch \
+ file://CVE-2024-29508-2.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 02/19] openssl: patch CVE-2024-9143
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 03/19] qemu: fix CVE-2023-3019 Steve Sakoman
` (16 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from branch openssl-3.0.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-9143.patch | 202 ++++++++++++++++++
.../openssl/openssl_3.0.15.bb | 1 +
2 files changed, 203 insertions(+)
create mode 100755 meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch
new file mode 100755
index 0000000000..c72a4193c6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch
@@ -0,0 +1,202 @@
+From 72ae83ad214d2eef262461365a1975707f862712 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@openssl.org>
+Date: Thu, 19 Sep 2024 01:02:40 +1000
+Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse.
+
+The BN_GF2m_poly2arr() function converts characteristic-2 field
+(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
+to a compact array with just the exponents of the non-zero terms.
+
+These polynomials are then used in BN_GF2m_mod_arr() to perform modular
+reduction. A precondition of calling BN_GF2m_mod_arr() is that the
+polynomial must have a non-zero constant term (i.e. the array has `0` as
+its final element).
+
+Internally, callers of BN_GF2m_poly2arr() did not verify that
+precondition, and binary EC curve parameters with an invalid polynomial
+could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
+
+The precondition is always true for polynomials that arise from the
+standard form of EC parameters for characteristic-two fields (X9.62).
+See the "Finite Field Identification" section of:
+
+ https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
+
+The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
+basis X9.62 forms.
+
+This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
+the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
+
+Additionally, the return value is made unambiguous when there is not
+enough space to also pad the array with a final `-1` sentinel value.
+The return value is now always the number of elements (including the
+final `-1`) that would be filled when the output array is sufficiently
+large. Previously the same count was returned both when the array has
+just enough room for the final `-1` and when it had only enough space
+for non-sentinel values.
+
+Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
+degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
+CPU exhausition attacks via excessively large inputs.
+
+The above issues do not arise in processing X.509 certificates. These
+generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
+disallows explicit EC parameters. The TLS code in OpenSSL enforces this
+constraint only after the certificate is decoded, but, even if explicit
+parameters are specified, they are in X9.62 form, which cannot represent
+problem values as noted above.
+
+Initially reported as oss-fuzz issue 71623.
+
+A closely related issue was earlier reported in
+<https://github.com/openssl/openssl/issues/19826>.
+
+Severity: Low, CVE-2024-9143
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/25639)
+
+(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2)
+
+CVE: CVE-2024-9143
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ crypto/bn/bn_gf2m.c | 28 +++++++++++++++-------
+ test/ec_internal_test.c | 51 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
+index c811ae82d6b15..bcc66613cc14d 100644
+--- a/crypto/bn/bn_gf2m.c
++++ b/crypto/bn/bn_gf2m.c
+@@ -15,6 +15,7 @@
+ #include "bn_local.h"
+
+ #ifndef OPENSSL_NO_EC2M
++# include <openssl/ec.h>
+
+ /*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ /*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i) into an array of integers corresponding to the bits with non-zero
+- * coefficient. Array is terminated with -1. Up to max elements of the array
+- * will be filled. Return value is total number of array elements that would
+- * be filled if array was large enough.
++ * coefficient. The array is intended to be suitable for use with
++ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
++ * zero. This translates to a requirement that the input BIGNUM `a` is odd.
++ *
++ * Given sufficient room, the array is terminated with -1. Up to max elements
++ * of the array will be filled.
++ *
++ * The return value is total number of array elements that would be filled if
++ * array was large enough, including the terminating `-1`. It is `0` when `a`
++ * is not odd or the constant term is zero contrary to requirement.
++ *
++ * The return value is also `0` when the leading exponent exceeds
++ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
+ */
+ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+ {
+ int i, j, k = 0;
+ BN_ULONG mask;
+
+- if (BN_is_zero(a))
++ if (!BN_is_odd(a))
+ return 0;
+
+ for (i = a->top - 1; i >= 0; i--) {
+@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+ }
+ }
+
+- if (k < max) {
++ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
++ return 0;
++
++ if (k < max)
+ p[k] = -1;
+- k++;
+- }
+
+- return k;
++ return k + 1;
+ }
+
+ /*
+diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
+index 8c2cd05631696..02cfd4e9d8858 100644
+--- a/test/ec_internal_test.c
++++ b/test/ec_internal_test.c
+@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
+ }
+
+ #ifndef OPENSSL_NO_EC2M
++/* Test that decoding of invalid GF2m field parameters fails. */
++static int ec2m_field_sanity(void)
++{
++ int ret = 0;
++ BN_CTX *ctx = BN_CTX_new();
++ BIGNUM *p, *a, *b;
++ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
++
++ TEST_info("Testing GF2m hardening\n");
++
++ BN_CTX_start(ctx);
++ p = BN_CTX_get(ctx);
++ a = BN_CTX_get(ctx);
++ if (!TEST_ptr(b = BN_CTX_get(ctx))
++ || !TEST_true(BN_one(a))
++ || !TEST_true(BN_one(b)))
++ goto out;
++
++ /* Even pentanomial value should be rejected */
++ if (!TEST_true(BN_set_word(p, 0xf2)))
++ goto out;
++ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++ TEST_error("Zero constant term accepted in GF2m polynomial");
++
++ /* Odd hexanomial should also be rejected */
++ if (!TEST_true(BN_set_word(p, 0xf3)))
++ goto out;
++ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++ TEST_error("Hexanomial accepted as GF2m polynomial");
++
++ /* Excessive polynomial degree should also be rejected */
++ if (!TEST_true(BN_set_word(p, 0x71))
++ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
++ goto out;
++ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++ TEST_error("GF2m polynomial degree > %d accepted",
++ OPENSSL_ECC_MAX_FIELD_BITS);
++
++ ret = group1 == NULL && group2 == NULL && group3 == NULL;
++
++ out:
++ EC_GROUP_free(group1);
++ EC_GROUP_free(group2);
++ EC_GROUP_free(group3);
++ BN_CTX_end(ctx);
++ BN_CTX_free(ctx);
++
++ return ret;
++}
++
+ /* test EC_GF2m_simple_method directly */
+ static int field_tests_ec2_simple(void)
+ {
+@@ -443,6 +493,7 @@ int setup_tests(void)
+ ADD_TEST(field_tests_ecp_simple);
+ ADD_TEST(field_tests_ecp_mont);
+ #ifndef OPENSSL_NO_EC2M
++ ADD_TEST(ec2m_field_sanity);
+ ADD_TEST(field_tests_ec2_simple);
+ #endif
+ ADD_ALL_TESTS(field_tests_default, crv_len);
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.15.bb b/meta/recipes-connectivity/openssl/openssl_3.0.15.bb
index b76a763cc3..5f7e7c0000 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.15.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.15.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-9143.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 03/19] qemu: fix CVE-2023-3019
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 02/19] openssl: patch CVE-2024-9143 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 04/19] python3: ignore fixed CVEs Steve Sakoman
` (15 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
A DMA reentrancy issue leading to a use-after-free error
was found in the e1000e NIC emulation code in QEMU. This
issue could allow a privileged guest user to crash the
QEMU process on the host, resulting in a denial of service.
CVE-2023-3019-0002 is the CVE fix and CVE-2023-3019-0001
is dependent CVE fix.
fix indent issue in qemu.inc file.
CVE-2023-3019 patch required Mem ReenttranceyGuard structure
definition, it's defined in commit:
https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380
but the patch is causing errors:
Failed: qemux86 does not shutdown within timeout(120)
so backported only required structure definition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3019
Upstream patches:
https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66
https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 18 +-
.../qemu/qemu/CVE-2023-3019-0001.patch | 622 ++++++++++++++++++
.../qemu/qemu/CVE-2023-3019-0002.patch | 91 +++
3 files changed, 723 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 6ff3c2f9bc..1c0e8a93f1 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -97,14 +97,14 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2023-3301.patch \
file://CVE-2023-3255.patch \
file://CVE-2023-2861.patch \
- file://CVE-2020-14394.patch \
- file://CVE-2023-3354.patch \
- file://CVE-2023-3180.patch \
- file://CVE-2021-3638.patch \
- file://CVE-2023-1544.patch \
- file://CVE-2023-5088.patch \
- file://CVE-2024-24474.patch \
- file://CVE-2023-6693.patch \
+ file://CVE-2020-14394.patch \
+ file://CVE-2023-3354.patch \
+ file://CVE-2023-3180.patch \
+ file://CVE-2021-3638.patch \
+ file://CVE-2023-1544.patch \
+ file://CVE-2023-5088.patch \
+ file://CVE-2024-24474.patch \
+ file://CVE-2023-6693.patch \
file://scsi-disk-allow-MODE-SELECT-block-desriptor-to-set-the-block-size.patch \
file://scsi-disk-ensure-block-size-is-non-zero-and-changes-limited-to-bits-8-15.patch \
file://CVE-2023-42467.patch \
@@ -118,6 +118,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2024-4467-0003.patch \
file://CVE-2024-4467-0004.patch \
file://CVE-2024-4467-0005.patch \
+ file://CVE-2023-3019-0001.patch \
+ file://CVE-2023-3019-0002.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
new file mode 100644
index 0000000000..fccfe7d114
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
@@ -0,0 +1,622 @@
+From 7d0fefdf81f5973334c344f6b8e1896c309dff66 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Thu, 1 Jun 2023 12:18:58 +0900
+Subject: [PATCH] net: Provide MemReentrancyGuard * to qemu_new_nic()
+
+Recently MemReentrancyGuard was added to DeviceState to record that the
+device is engaging in I/O. The network device backend needs to update it
+when delivering a packet to a device.
+
+In preparation for such a change, add MemReentrancyGuard * as a
+parameter of qemu_new_nic().
+
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+CVE: CVE-2023-3019
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ hw/arm/musicpal.c | 3 ++-
+ hw/net/allwinner-sun8i-emac.c | 3 ++-
+ hw/net/allwinner_emac.c | 3 ++-
+ hw/net/cadence_gem.c | 3 ++-
+ hw/net/dp8393x.c | 3 ++-
+ hw/net/e1000.c | 3 ++-
+ hw/net/e1000e.c | 2 +-
+ hw/net/eepro100.c | 4 +++-
+ hw/net/etraxfs_eth.c | 3 ++-
+ hw/net/fsl_etsec/etsec.c | 3 ++-
+ hw/net/ftgmac100.c | 3 ++-
+ hw/net/imx_fec.c | 2 +-
+ hw/net/lan9118.c | 3 ++-
+ hw/net/mcf_fec.c | 3 ++-
+ hw/net/mipsnet.c | 3 ++-
+ hw/net/msf2-emac.c | 3 ++-
+ hw/net/ne2000-isa.c | 3 ++-
+ hw/net/ne2000-pci.c | 3 ++-
+ hw/net/npcm7xx_emc.c | 3 ++-
+ hw/net/opencores_eth.c | 3 ++-
+ hw/net/pcnet.c | 3 ++-
+ hw/net/rocker/rocker_fp.c | 4 ++--
+ hw/net/rtl8139.c | 3 ++-
+ hw/net/smc91c111.c | 3 ++-
+ hw/net/spapr_llan.c | 3 ++-
+ hw/net/stellaris_enet.c | 3 ++-
+ hw/net/sungem.c | 2 +-
+ hw/net/sunhme.c | 3 ++-
+ hw/net/tulip.c | 3 ++-
+ hw/net/virtio-net.c | 6 ++++--
+ hw/net/vmxnet3.c | 2 +-
+ hw/net/xen_nic.c | 4 +++-
+ hw/net/xgmac.c | 3 ++-
+ hw/net/xilinx_axienet.c | 3 ++-
+ hw/net/xilinx_ethlite.c | 3 ++-
+ hw/usb/dev-network.c | 3 ++-
+ include/hw/qdev-core.h | 7 +++++++
+ include/net/net.h | 1 +
+ net/net.c | 1 +
+ 39 files changed, 81 insertions(+), 38 deletions(-)
+
+diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
+index 2680ec55b..15fc7fee4 100644
+--- a/hw/arm/musicpal.c
++++ b/hw/arm/musicpal.c
+@@ -418,7 +418,8 @@ static void mv88w8618_eth_realize(DeviceState *dev, Error **errp)
+
+ address_space_init(&s->dma_as, s->dma_mr, "emac-dma");
+ s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ }
+
+ static const VMStateDescription mv88w8618_eth_vmsd = {
+diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c
+index ecc0245fe..cf93b2fda 100644
+--- a/hw/net/allwinner-sun8i-emac.c
++++ b/hw/net/allwinner-sun8i-emac.c
+@@ -816,7 +816,8 @@ static void allwinner_sun8i_emac_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_allwinner_sun8i_emac_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
+index ddddf35c4..b3d73143b 100644
+--- a/hw/net/allwinner_emac.c
++++ b/hw/net/allwinner_emac.c
+@@ -453,7 +453,8 @@ static void aw_emac_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ fifo8_create(&s->rx_fifo, RX_FIFO_SIZE);
+diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
+index 24b3a0ff6..cb61a7641 100644
+--- a/hw/net/cadence_gem.c
++++ b/hw/net/cadence_gem.c
+@@ -1633,7 +1633,8 @@ static void gem_realize(DeviceState *dev, Error **errp)
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_gem_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+
+ if (s->jumbo_max_len > MAX_FRAME_SIZE) {
+ error_setg(errp, "jumbo-max-len is greater than %d",
+diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
+index 45b954e46..abfcc6f69 100644
+--- a/hw/net/dp8393x.c
++++ b/hw/net/dp8393x.c
+@@ -943,7 +943,8 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
+ "dp8393x-regs", SONIC_REG_COUNT << s->it_shift);
+
+ s->nic = qemu_new_nic(&net_dp83932_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s);
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index f5bc81296..0857c2e7d 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -1733,7 +1733,8 @@ static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp)
+ macaddr);
+
+ d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
+- object_get_typename(OBJECT(d)), dev->id, d);
++ object_get_typename(OBJECT(d)), dev->id,
++ &dev->mem_reentrancy_guard, d);
+
+ qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
+
+diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
+index ac96f7665..b6e9b0e17 100644
+--- a/hw/net/e1000e.c
++++ b/hw/net/e1000e.c
+@@ -328,7 +328,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr)
+ int i;
+
+ s->nic = qemu_new_nic(&net_e1000e_info, &s->conf,
+- object_get_typename(OBJECT(s)), dev->id, s);
++ object_get_typename(OBJECT(s)), dev->id, &dev->mem_reentrancy_guard, s);
+
+ s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0;
+
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 679f52f80..871d9a095 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -1874,7 +1874,9 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp)
+ nic_reset(s);
+
+ s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
+- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
++ object_get_typename(OBJECT(pci_dev)),
++ pci_dev->qdev.id,
++ &pci_dev->qdev.mem_reentrancy_guard, s);
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str));
+diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c
+index 1b82aec79..ba57a978d 100644
+--- a/hw/net/etraxfs_eth.c
++++ b/hw/net/etraxfs_eth.c
+@@ -618,7 +618,8 @@ static void etraxfs_eth_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
+- object_get_typename(OBJECT(s)), dev->id, s);
++ object_get_typename(OBJECT(s)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->phy.read = tdk_read;
+diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c
+index bd9d62b55..f790613b5 100644
+--- a/hw/net/fsl_etsec/etsec.c
++++ b/hw/net/fsl_etsec/etsec.c
+@@ -391,7 +391,8 @@ static void etsec_realize(DeviceState *dev, Error **errp)
+ eTSEC *etsec = ETSEC_COMMON(dev);
+
+ etsec->nic = qemu_new_nic(&net_etsec_info, &etsec->conf,
+- object_get_typename(OBJECT(dev)), dev->id, etsec);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, etsec);
+ qemu_format_nic_info_str(qemu_get_queue(etsec->nic), etsec->conf.macaddr.a);
+
+ etsec->ptimer = ptimer_init(etsec_timer_hit, etsec, PTIMER_POLICY_DEFAULT);
+diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
+index 83ef0a783..346485ab4 100644
+--- a/hw/net/ftgmac100.c
++++ b/hw/net/ftgmac100.c
+@@ -1118,7 +1118,8 @@ static void ftgmac100_realize(DeviceState *dev, Error **errp)
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
+index 0db9aaf76..74e7e0d12 100644
+--- a/hw/net/imx_fec.c
++++ b/hw/net/imx_fec.c
+@@ -1318,7 +1318,7 @@ static void imx_eth_realize(DeviceState *dev, Error **errp)
+
+ s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf,
+ object_get_typename(OBJECT(dev)),
+- dev->id, s);
++ dev->id, &dev->mem_reentrancy_guard, s);
+
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
+index 6aff424cb..942bce9ae 100644
+--- a/hw/net/lan9118.c
++++ b/hw/net/lan9118.c
+@@ -1354,7 +1354,8 @@ static void lan9118_realize(DeviceState *dev, Error **errp)
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ s->eeprom[0] = 0xa5;
+ for (i = 0; i < 6; i++) {
+diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
+index 25e3e453a..a6be7bf41 100644
+--- a/hw/net/mcf_fec.c
++++ b/hw/net/mcf_fec.c
+@@ -643,7 +643,8 @@ static void mcf_fec_realize(DeviceState *dev, Error **errp)
+ mcf_fec_state *s = MCF_FEC_NET(dev);
+
+ s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
+index 2ade72dea..8e925de86 100644
+--- a/hw/net/mipsnet.c
++++ b/hw/net/mipsnet.c
+@@ -255,7 +255,8 @@ static void mipsnet_realize(DeviceState *dev, Error **errp)
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c
+index 9278fdce0..1efa3dbf0 100644
+--- a/hw/net/msf2-emac.c
++++ b/hw/net/msf2-emac.c
+@@ -527,7 +527,8 @@ static void msf2_emac_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_msf2_emac_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c
+index dd6f6e34d..30bd20c29 100644
+--- a/hw/net/ne2000-isa.c
++++ b/hw/net/ne2000-isa.c
+@@ -74,7 +74,8 @@ static void isa_ne2000_realizefn(DeviceState *dev, Error **errp)
+ ne2000_reset(s);
+
+ s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+ }
+
+diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c
+index 9e5d10859..4f8a69908 100644
+--- a/hw/net/ne2000-pci.c
++++ b/hw/net/ne2000-pci.c
+@@ -71,7 +71,8 @@ static void pci_ne2000_realize(PCIDevice *pci_dev, Error **errp)
+
+ s->nic = qemu_new_nic(&net_ne2000_info, &s->c,
+ object_get_typename(OBJECT(pci_dev)),
+- pci_dev->qdev.id, s);
++ pci_dev->qdev.id,
++ &pci_dev->qdev.mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+ }
+
+diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c
+index df2efe1bf..82e063ae9 100644
+--- a/hw/net/npcm7xx_emc.c
++++ b/hw/net/npcm7xx_emc.c
+@@ -806,7 +806,8 @@ static void npcm7xx_emc_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&emc->conf.macaddr);
+ emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf,
+- object_get_typename(OBJECT(dev)), dev->id, emc);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, emc);
+ qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c
+index 0b3dc3146..f96d6ea2c 100644
+--- a/hw/net/opencores_eth.c
++++ b/hw/net/opencores_eth.c
+@@ -732,7 +732,8 @@ static void sysbus_open_eth_realize(DeviceState *dev, Error **errp)
+ sysbus_init_irq(sbd, &s->irq);
+
+ s->nic = qemu_new_nic(&net_open_eth_info, &s->conf,
+- object_get_typename(OBJECT(s)), dev->id, s);
++ object_get_typename(OBJECT(s)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ }
+
+ static void qdev_open_eth_reset(DeviceState *dev)
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index dcd3fc494..da910a70b 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -1718,7 +1718,8 @@ void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
+ s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
++ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)),
++ dev->id, &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ /* Initialize the PROM */
+diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c
+index cbeed65bd..0d21948ad 100644
+--- a/hw/net/rocker/rocker_fp.c
++++ b/hw/net/rocker/rocker_fp.c
+@@ -241,8 +241,8 @@ FpPort *fp_port_alloc(Rocker *r, char *sw_name,
+ port->conf.bootindex = -1;
+ port->conf.peers = *peers;
+
+- port->nic = qemu_new_nic(&fp_port_info, &port->conf,
+- sw_name, NULL, port);
++ port->nic = qemu_new_nic(&fp_port_info, &port->conf, sw_name, NULL,
++ &DEVICE(r)->mem_reentrancy_guard, port);
+ qemu_format_nic_info_str(qemu_get_queue(port->nic),
+ port->conf.macaddr.a);
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 90b4fc63c..43d65d725 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -3398,7 +3398,8 @@ static void pci_rtl8139_realize(PCIDevice *dev, Error **errp)
+ s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
+
+ s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
+- object_get_typename(OBJECT(dev)), d->id, s);
++ object_get_typename(OBJECT(dev)), d->id,
++ &d->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->cplus_txbuffer = NULL;
+diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
+index ad778cd8f..4eda971ef 100644
+--- a/hw/net/smc91c111.c
++++ b/hw/net/smc91c111.c
+@@ -783,7 +783,8 @@ static void smc91c111_realize(DeviceState *dev, Error **errp)
+ sysbus_init_irq(sbd, &s->irq);
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ /* ??? Save/restore. */
+ }
+diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
+index a6876a936..475d5f3a3 100644
+--- a/hw/net/spapr_llan.c
++++ b/hw/net/spapr_llan.c
+@@ -325,7 +325,8 @@ static void spapr_vlan_realize(SpaprVioDevice *sdev, Error **errp)
+ memcpy(&dev->perm_mac.a, &dev->nicconf.macaddr.a, sizeof(dev->perm_mac.a));
+
+ dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
+- object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev);
++ object_get_typename(OBJECT(sdev)), sdev->qdev.id,
++ &sdev->qdev.mem_reentrancy_guard, dev);
+ qemu_format_nic_info_str(qemu_get_queue(dev->nic), dev->nicconf.macaddr.a);
+
+ dev->rxp_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, spapr_vlan_flush_rx_queue,
+diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
+index 8dd60783d..6768a6912 100644
+--- a/hw/net/stellaris_enet.c
++++ b/hw/net/stellaris_enet.c
+@@ -492,7 +492,8 @@ static void stellaris_enet_realize(DeviceState *dev, Error **errp)
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+
+ s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/sungem.c b/hw/net/sungem.c
+index 3684a4d73..c12d44e9d 100644
+--- a/hw/net/sungem.c
++++ b/hw/net/sungem.c
+@@ -1361,7 +1361,7 @@ static void sungem_realize(PCIDevice *pci_dev, Error **errp)
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_sungem_info, &s->conf,
+ object_get_typename(OBJECT(dev)),
+- dev->id, s);
++ dev->id, &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic),
+ s->conf.macaddr.a);
+ }
+diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c
+index fc34905f8..fa98528d7 100644
+--- a/hw/net/sunhme.c
++++ b/hw/net/sunhme.c
+@@ -892,7 +892,8 @@ static void sunhme_realize(PCIDevice *pci_dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_sunhme_info, &s->conf,
+- object_get_typename(OBJECT(d)), d->id, s);
++ object_get_typename(OBJECT(d)), d->id,
++ &d->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/net/tulip.c b/hw/net/tulip.c
+index 5f8badefc..ccaa26fd8 100644
+--- a/hw/net/tulip.c
++++ b/hw/net/tulip.c
+@@ -985,7 +985,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
+
+ s->nic = qemu_new_nic(&net_tulip_info, &s->c,
+ object_get_typename(OBJECT(pci_dev)),
+- pci_dev->qdev.id, s);
++ pci_dev->qdev.id,
++ &pci_dev->qdev.mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
+ }
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 42e66697f..f916813bc 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -3473,10 +3473,12 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp)
+ * Happen when virtio_net_set_netclient_name has been called.
+ */
+ n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
+- n->netclient_type, n->netclient_name, n);
++ n->netclient_type, n->netclient_name,
++ &dev->mem_reentrancy_guard, n);
+ } else {
+ n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
+- object_get_typename(OBJECT(dev)), dev->id, n);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, n);
+ }
+
+ for (i = 0; i < n->max_queue_pairs; i++) {
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index f65af4e9e..d4df039c5 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -2078,7 +2078,7 @@ static void vmxnet3_net_init(VMXNET3State *s)
+
+ s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf,
+ object_get_typename(OBJECT(s)),
+- d->id, s);
++ d->id, &d->mem_reentrancy_guard, s);
+
+ s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s);
+ s->tx_sop = true;
+diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
+index 5c815b4f0..0472ed81b 100644
+--- a/hw/net/xen_nic.c
++++ b/hw/net/xen_nic.c
+@@ -294,7 +294,9 @@ static int net_init(struct XenLegacyDevice *xendev)
+ }
+
+ netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
+- "xen", NULL, netdev);
++ "xen",
++ DEVICE(xendev)->id,
++ &xendev->qdev.mem_reentrancy_guard, netdev);
+
+ snprintf(qemu_get_queue(netdev->nic)->info_str,
+ sizeof(qemu_get_queue(netdev->nic)->info_str),
+diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
+index 0ab6ae91a..1f4f277d8 100644
+--- a/hw/net/xgmac.c
++++ b/hw/net/xgmac.c
+@@ -402,7 +402,8 @@ static void xgmac_enet_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) |
+diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
+index 990ff3a1c..8a3424380 100644
+--- a/hw/net/xilinx_axienet.c
++++ b/hw/net/xilinx_axienet.c
+@@ -968,7 +968,8 @@ static void xilinx_enet_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+
+ tdk_init(&s->TEMAC.phy);
+diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
+index 6e09f7e42..80cb869e2 100644
+--- a/hw/net/xilinx_ethlite.c
++++ b/hw/net/xilinx_ethlite.c
+@@ -235,7 +235,8 @@ static void xilinx_ethlite_realize(DeviceState *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
+- object_get_typename(OBJECT(dev)), dev->id, s);
++ object_get_typename(OBJECT(dev)), dev->id,
++ &dev->mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ }
+
+diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
+index 6c49c1601..ae447a8bc 100644
+--- a/hw/usb/dev-network.c
++++ b/hw/usb/dev-network.c
+@@ -1362,7 +1362,8 @@ static void usb_net_realize(USBDevice *dev, Error **errp)
+
+ qemu_macaddr_default_if_unset(&s->conf.macaddr);
+ s->nic = qemu_new_nic(&net_usbnet_info, &s->conf,
+- object_get_typename(OBJECT(s)), s->dev.qdev.id, s);
++ object_get_typename(OBJECT(s)), s->dev.qdev.id,
++ &s->dev.qdev.mem_reentrancy_guard, s);
+ qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
+ snprintf(s->usbstring_mac, sizeof(s->usbstring_mac),
+ "%02x%02x%02x%02x%02x%02x",
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index 20d306659..77c0455d8 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -162,6 +162,10 @@ struct NamedClockList {
+ QLIST_ENTRY(NamedClockList) node;
+ };
+
++typedef struct {
++ bool engaged_in_io;
++} MemReentrancyGuard;
++
+ /**
+ * DeviceState:
+ * @realized: Indicates whether the device has been fully constructed.
+@@ -193,6 +197,9 @@ struct DeviceState {
+ int instance_id_alias;
+ int alias_required_for_version;
+ ResettableState reset;
++
++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
++ MemReentrancyGuard mem_reentrancy_guard;
+ };
+
+ struct DeviceListener {
+diff --git a/include/net/net.h b/include/net/net.h
+index 523136c7a..1457b6c01 100644
+--- a/include/net/net.h
++++ b/include/net/net.h
+@@ -145,6 +145,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
+ NICConf *conf,
+ const char *model,
+ const char *name,
++ MemReentrancyGuard *reentrancy_guard,
+ void *opaque);
+ void qemu_del_nic(NICState *nic);
+ NetClientState *qemu_get_subqueue(NICState *nic, int queue_index);
+diff --git a/net/net.c b/net/net.c
+index f0d14dbfc..669e194c4 100644
+--- a/net/net.c
++++ b/net/net.c
+@@ -299,6 +299,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
+ NICConf *conf,
+ const char *model,
+ const char *name,
++ MemReentrancyGuard *reentrancy_guard,
+ void *opaque)
+ {
+ NetClientState **peers = conf->peers.ncs;
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
new file mode 100644
index 0000000000..0f1d201c31
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
@@ -0,0 +1,91 @@
+From 3c0463a650008aec7de29cf84540652730510921 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Thu, 1 Jun 2023 12:18:59 +0900
+Subject: [PATCH] net: Update MemReentrancyGuard for NIC
+
+Recently MemReentrancyGuard was added to DeviceState to record that the
+device is engaging in I/O. The network device backend needs to update it
+when delivering a packet to a device.
+
+This implementation follows what bottom half does, but it does not add
+a tracepoint for the case that the network device backend started
+delivering a packet to a device which is already engaging in I/O. This
+is because such reentrancy frequently happens for
+qemu_flush_queued_packets() and is insignificant.
+
+Fixes: CVE-2023-3019
+Reported-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+(cherry picked from commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+CVE: CVE-2023-3019
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ include/net/net.h | 1 +
+ net/net.c | 14 ++++++++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/include/net/net.h b/include/net/net.h
+index 1457b6c01..11d4564ea 100644
+--- a/include/net/net.h
++++ b/include/net/net.h
+@@ -112,6 +112,7 @@ struct NetClientState {
+ typedef struct NICState {
+ NetClientState *ncs;
+ NICConf *conf;
++ MemReentrancyGuard *reentrancy_guard;
+ void *opaque;
+ bool peer_deleted;
+ } NICState;
+diff --git a/net/net.c b/net/net.c
+index 669e194c4..b3008a52b 100644
+--- a/net/net.c
++++ b/net/net.c
+@@ -312,6 +312,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
+ nic = g_malloc0(info->size + sizeof(NetClientState) * queues);
+ nic->ncs = (void *)nic + info->size;
+ nic->conf = conf;
++ nic->reentrancy_guard = reentrancy_guard,
+ nic->opaque = opaque;
+
+ for (i = 0; i < queues; i++) {
+@@ -767,6 +768,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
+ int iovcnt,
+ void *opaque)
+ {
++ MemReentrancyGuard *owned_reentrancy_guard;
+ NetClientState *nc = opaque;
+ int ret;
+
+@@ -779,12 +781,24 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
+ return 0;
+ }
+
++ if (nc->info->type != NET_CLIENT_DRIVER_NIC ||
++ qemu_get_nic(nc)->reentrancy_guard->engaged_in_io) {
++ owned_reentrancy_guard = NULL;
++ } else {
++ owned_reentrancy_guard = qemu_get_nic(nc)->reentrancy_guard;
++ owned_reentrancy_guard->engaged_in_io = true;
++ }
++
+ if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) {
+ ret = nc->info->receive_iov(nc, iov, iovcnt);
+ } else {
+ ret = nc_sendv_compat(nc, iov, iovcnt, flags);
+ }
+
++ if (owned_reentrancy_guard) {
++ owned_reentrancy_guard->engaged_in_io = false;
++ }
++
+ if (ret == 0) {
+ nc->receive_disabled = 1;
+ }
+--
+2.40.0
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 04/19] python3: ignore fixed CVEs
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 03/19] qemu: fix CVE-2023-3019 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 05/19] cve-check: add CVSS vector string to CVE database and reports Steve Sakoman
` (14 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
These CVEs were fixed in 3.10.15
Commit 487e8cdf1df6feba6d88fa29e11791f4ebaaa362 removed patches in favor
of version upgrade, which caused the CVEs to re-appear in reports.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3_3.10.15.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/python/python3_3.10.15.bb b/meta/recipes-devtools/python/python3_3.10.15.bb
index 4157b8cb83..0eb619dfa2 100644
--- a/meta/recipes-devtools/python/python3_3.10.15.bb
+++ b/meta/recipes-devtools/python/python3_3.10.15.bb
@@ -63,6 +63,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
CVE_CHECK_IGNORE += "CVE-2015-20107"
# Not an issue, in fact expected behaviour
CVE_CHECK_IGNORE += "CVE-2023-36632"
+# Fixes are included in 3.10.15
+CVE_CHECK_IGNORE += "CVE-2023-27043 CVE-2024-6232 CVE-2024-7592"
PYTHON_MAJMIN = "3.10"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 05/19] cve-check: add CVSS vector string to CVE database and reports
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 04/19] python3: ignore fixed CVEs Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 06/19] cve-check: add support for cvss v4.0 Steve Sakoman
` (13 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Antoine Lubineau <antoine.lubineau@easymile.com>
This allows building detailed vulnerability analysis tools without
relying on external resources.
(From OE-Core rev: 048ff0ad927f4d37cc5547ebeba9e0c221687ea6)
Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cve-check.bbclass | 5 ++++-
meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 ++++++++---
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index f554150d94..b47c61da63 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -399,6 +399,7 @@ def get_cve_info(d, cves):
cve_data[row[0]]["scorev3"] = row[3]
cve_data[row[0]]["modified"] = row[4]
cve_data[row[0]]["vector"] = row[5]
+ cve_data[row[0]]["vectorString"] = row[6]
cursor.close()
conn.close()
return cve_data
@@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
+ write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
@@ -569,6 +571,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"scorev2" : cve_data[cve]["scorev2"],
"scorev3" : cve_data[cve]["scorev3"],
"vector" : cve_data[cve]["vector"],
+ "vectorString" : cve_data[cve]["vectorString"],
"status" : status,
"link": issue_link
}
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 1a3eeba6d0..060545b1e3 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -247,7 +247,7 @@ def initialize_db(conn):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
- SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -321,6 +321,7 @@ def update_db(conn, elt):
"""
accessVector = None
+ vectorString = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
c = conn.cursor()
@@ -335,25 +336,29 @@ def update_db(conn, elt):
date = elt['cve']['lastModified']
try:
accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
+ vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
except KeyError:
cvssv2 = 0.0
cvssv3 = None
try:
accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+ vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString']
cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
except KeyError:
pass
try:
accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+ vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString']
cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
except KeyError:
pass
accessVector = accessVector or "UNKNOWN"
+ vectorString = vectorString or "UNKNOWN"
cvssv3 = cvssv3 or 0.0
- conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
- [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
+ conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
try:
# Remove any pre-existing CVE configuration. Even for partial database
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 06/19] cve-check: add support for cvss v4.0
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 05/19] cve-check: add CVSS vector string to CVE database and reports Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 07/19] vim: Upgrade 9.1.0682 -> 9.1.0698 Steve Sakoman
` (12 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
https://nvd.nist.gov/general/news/cvss-v4-0-official-support
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
(From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cve-check.bbclass | 11 +++++++----
meta/recipes-core/meta/cve-update-nvd2-native.bb | 14 ++++++++++----
2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b47c61da63..dd9847f366 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-2.db"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -397,9 +397,10 @@ def get_cve_info(d, cves):
cve_data[row[0]]["summary"] = row[1]
cve_data[row[0]]["scorev2"] = row[2]
cve_data[row[0]]["scorev3"] = row[3]
- cve_data[row[0]]["modified"] = row[4]
- cve_data[row[0]]["vector"] = row[5]
- cve_data[row[0]]["vectorString"] = row[6]
+ cve_data[row[0]]["scorev4"] = row[4]
+ cve_data[row[0]]["modified"] = row[5]
+ cve_data[row[0]]["vector"] = row[6]
+ cve_data[row[0]]["vectorString"] = row[7]
cursor.close()
conn.close()
return cve_data
@@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
+ write_string += "CVSS v4 BASE SCORE: %s\n" % cve_data[cve]["scorev4"]
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
@@ -570,6 +572,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"summary" : cve_data[cve]["summary"],
"scorev2" : cve_data[cve]["scorev2"],
"scorev3" : cve_data[cve]["scorev3"],
+ "scorev4" : cve_data[cve]["scorev4"],
"vector" : cve_data[cve]["vector"],
"vectorString" : cve_data[cve]["vectorString"],
"status" : status,
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 060545b1e3..b4c46ef756 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -247,7 +247,7 @@ def initialize_db(conn):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
- SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
+ SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -353,12 +353,18 @@ def update_db(conn, elt):
cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
except KeyError:
pass
+ cvssv3 = cvssv3 or 0.0
+ try:
+ accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector']
+ vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString']
+ cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore']
+ except KeyError:
+ cvssv4 = 0.0
accessVector = accessVector or "UNKNOWN"
vectorString = vectorString or "UNKNOWN"
- cvssv3 = cvssv3 or 0.0
- conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
- [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
+ conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
try:
# Remove any pre-existing CVE configuration. Even for partial database
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 07/19] vim: Upgrade 9.1.0682 -> 9.1.0698
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 06/19] cve-check: add support for cvss v4.0 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 08/19] vim: Upgrade 9.1.0698 -> 9.1.0764 Steve Sakoman
` (11 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
This includes CVE-fix for CVE-2024-43790 and CVE-2024-43802
Changes between 9.1.0682 -> 9.1.0698
====================================
https://github.com/vim/vim/compare/v9.1.0682...v9.1.0698
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e530265415d93e3f49ec7874cf720aad18ab2e22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index f8ba37156a..11daa900d2 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0682"
-SRCREV = "cb90ea9cba6f033fe141db0e466fb4117f28402b"
+PV .= ".0698"
+SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c"
# Do not consider .z in x.y.z, as that is updated with every commit
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 08/19] vim: Upgrade 9.1.0698 -> 9.1.0764
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 07/19] vim: Upgrade 9.1.0682 -> 9.1.0698 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 09/19] orc: upgrade 0.4.39 -> 0.4.40 Steve Sakoman
` (10 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Rohini Sangam <rsangam@mvista.com>
This includes CVE-fix for CVE-2024-45306 and CVE-2024-47814
Changes between 9.1.0698 -> 9.1.0764
====================================
https://github.com/vim/vim/compare/v9.1.0698...v9.1.0764
Signed-off-by: Rohini Sangam <rsangam@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2f0e5e63399e544063c79b0b1f9555c820b0604c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 11daa900d2..582eddcb9d 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0698"
-SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c"
+PV .= ".0764"
+SRCREV = "51b62387be93c65fa56bbabe1c3c1ea5df187641"
# Do not consider .z in x.y.z, as that is updated with every commit
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 09/19] orc: upgrade 0.4.39 -> 0.4.40
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 08/19] vim: Upgrade 9.1.0698 -> 9.1.0764 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 10/19] overlayfs-etc: add option to skip creation of mount dirs Steve Sakoman
` (9 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} (92%)
diff --git a/meta/recipes-devtools/orc/orc_0.4.39.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb
similarity index 92%
rename from meta/recipes-devtools/orc/orc_0.4.39.bb
rename to meta/recipes-devtools/orc/orc_0.4.40.bb
index 320abf536a..e437831cd7 100644
--- a/meta/recipes-devtools/orc/orc_0.4.39.bb
+++ b/meta/recipes-devtools/orc/orc_0.4.40.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e"
SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz"
-SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0"
+SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bacef74ab"
inherit meson pkgconfig gtk-doc
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 10/19] overlayfs-etc: add option to skip creation of mount dirs
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 09/19] orc: upgrade 0.4.39 -> 0.4.40 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 11/19] bmap-tools: update HOMEPAGE and SRC_URI Steve Sakoman
` (8 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: "baruch@tkos.co.il" <baruch@tkos.co.il>
The 'preinit' script can't create mount directories when rootfs is
read-only. Add an option to skip this step. The user must make sure that
all required directories are already in the rootfs directory layout.
Cc: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 3d433d8559467d255bd19af2d0999c65ea24a48d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/overlayfs-etc.bbclass | 5 ++++-
meta/files/overlayfs-etc-preinit.sh.in | 16 +++++++++-------
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/meta/classes/overlayfs-etc.bbclass b/meta/classes/overlayfs-etc.bbclass
index 40116e4c6e..7096aae1a8 100644
--- a/meta/classes/overlayfs-etc.bbclass
+++ b/meta/classes/overlayfs-etc.bbclass
@@ -35,6 +35,7 @@ OVERLAYFS_ETC_USE_ORIG_INIT_NAME ??= "1"
OVERLAYFS_ETC_MOUNT_OPTIONS ??= "defaults"
OVERLAYFS_ETC_INIT_TEMPLATE ??= "${COREBASE}/meta/files/overlayfs-etc-preinit.sh.in"
OVERLAYFS_ETC_EXPOSE_LOWER ??= "0"
+OVERLAYFS_ETC_CREATE_MOUNT_DIRS ??= "1"
python create_overlayfs_etc_preinit() {
overlayEtcMountPoint = d.getVar("OVERLAYFS_ETC_MOUNT_POINT")
@@ -56,6 +57,7 @@ python create_overlayfs_etc_preinit() {
initBaseName = oe.path.join(d.getVar("base_sbindir"), "init")
origInitNameSuffix = ".orig"
exposeLower = oe.types.boolean(d.getVar('OVERLAYFS_ETC_EXPOSE_LOWER'))
+ createMoundDirs = oe.types.boolean(d.getVar('OVERLAYFS_ETC_CREATE_MOUNT_DIRS'))
args = {
'OVERLAYFS_ETC_MOUNT_POINT': overlayEtcMountPoint,
@@ -63,7 +65,8 @@ python create_overlayfs_etc_preinit() {
'OVERLAYFS_ETC_FSTYPE': overlayEtcFsType,
'OVERLAYFS_ETC_DEVICE': overlayEtcDevice,
'SBIN_INIT_NAME': initBaseName + origInitNameSuffix if useOrigInit else initBaseName,
- 'OVERLAYFS_ETC_EXPOSE_LOWER': "true" if exposeLower else "false"
+ 'OVERLAYFS_ETC_EXPOSE_LOWER': "true" if exposeLower else "false",
+ 'CREATE_MOUNT_DIRS': "true" if createMoundDirs else "false"
}
if useOrigInit:
diff --git a/meta/files/overlayfs-etc-preinit.sh.in b/meta/files/overlayfs-etc-preinit.sh.in
index 8db076f4ba..b05e3957a3 100644
--- a/meta/files/overlayfs-etc-preinit.sh.in
+++ b/meta/files/overlayfs-etc-preinit.sh.in
@@ -3,12 +3,15 @@
echo "PREINIT: Start"
PATH=/sbin:/bin:/usr/sbin:/usr/bin
-mount -o remount,rw /
-
-mkdir -p /proc
-mkdir -p /sys
-mkdir -p /run
-mkdir -p /var/run
+if {CREATE_MOUNT_DIRS}; then
+ mount -o remount,rw /
+
+ mkdir -p /proc
+ mkdir -p /sys
+ mkdir -p /run
+ mkdir -p /var/run
+ mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}
+fi
mount -t proc proc /proc
mount -t sysfs sysfs /sys
@@ -20,7 +23,6 @@ UPPER_DIR=$BASE_OVERLAY_ETC_DIR/upper
WORK_DIR=$BASE_OVERLAY_ETC_DIR/work
LOWER_DIR=$BASE_OVERLAY_ETC_DIR/lower
-mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}
if mount -n -t {OVERLAYFS_ETC_FSTYPE} \
-o {OVERLAYFS_ETC_MOUNT_OPTIONS} \
{OVERLAYFS_ETC_DEVICE} {OVERLAYFS_ETC_MOUNT_POINT}
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 11/19] bmap-tools: update HOMEPAGE and SRC_URI
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 10/19] overlayfs-etc: add option to skip creation of mount dirs Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 12/19] nativesdk-intercept: Fix bad intercept chgrp/chown logic Steve Sakoman
` (7 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
The bmaptool (previously: bmap-tools, bmap-tool, bmaptool) has been moved
to be under the Yocto Project umbrella and is now hosted at:
github.com/yoctoproject/bmaptool
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/bmap-tools/bmap-tools_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/meta/recipes-support/bmap-tools/bmap-tools_git.bb
index 89b7bf2b93..f8b382ca48 100644
--- a/meta/recipes-support/bmap-tools/bmap-tools_git.bb
+++ b/meta/recipes-support/bmap-tools/bmap-tools_git.bb
@@ -4,12 +4,12 @@ bmap. Bmaptool is a generic tool for creating the block map (bmap) for a file, \
and copying files using the block map. The idea is that large file containing \
unused blocks, like raw system image files, can be copied or flashed a lot \
faster with bmaptool than with traditional tools like "dd" or "cp"."
-HOMEPAGE = "https://github.com/01org/bmap-tools"
+HOMEPAGE = "https://github.com/yoctoproject/bmaptool"
SECTION = "console/utils"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https"
+SRC_URI = "git://github.com/yoctoproject/bmaptool.git;branch=main;protocol=https"
SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a"
S = "${WORKDIR}/git"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 12/19] nativesdk-intercept: Fix bad intercept chgrp/chown logic
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 11/19] bmap-tools: update HOMEPAGE and SRC_URI Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 13/19] zip: Make configure checks to be more robust Steve Sakoman
` (6 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Eilís 'pidge' Ní Fhlannagáin <pidge@baylibre.com>
Running either of these ends up corrupting the os.execv args.
If we run:
./scripts/nativesdk-intercept/chown -R foo:foo bar
The loop here ends up missing the conversion of foo:foo to root:root because
it sees sys.argv[0] and assumes that it's the user:group argument and that we
should convert that. We end up a os.execv(path, args) that have the following
args:
['root:root', '-R', 'foo:foo', 'bar']
As os.execv ignores args[0], we can just populate it with sys.argv[0] and then
loop through sys.argv[1:]. As both chgrp and chown would have either flags and
USER[:GROUP] next, this fixes the issue.
(Backported from OE-Core rev: 2a75f647ec7696d353f4b09099d777ba53f34d36)
Signed-off-by: Eilís 'pidge' Ní Fhlannagáin <pidge@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/nativesdk-intercept/chgrp | 5 ++++-
scripts/nativesdk-intercept/chown | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/scripts/nativesdk-intercept/chgrp b/scripts/nativesdk-intercept/chgrp
index 30cc417d3a..f8ae84b8b3 100755
--- a/scripts/nativesdk-intercept/chgrp
+++ b/scripts/nativesdk-intercept/chgrp
@@ -14,7 +14,10 @@ real_chgrp = shutil.which('chgrp', path=path)
args = list()
found = False
-for i in sys.argv:
+
+args.append(real_chgrp)
+
+for i in sys.argv[1:]:
if i.startswith("-"):
args.append(i)
continue
diff --git a/scripts/nativesdk-intercept/chown b/scripts/nativesdk-intercept/chown
index 3914b3e384..0805ceb70a 100755
--- a/scripts/nativesdk-intercept/chown
+++ b/scripts/nativesdk-intercept/chown
@@ -14,7 +14,10 @@ real_chown = shutil.which('chown', path=path)
args = list()
found = False
-for i in sys.argv:
+
+args.append(real_chown)
+
+for i in sys.argv[1:]:
if i.startswith("-"):
args.append(i)
continue
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 13/19] zip: Make configure checks to be more robust
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 12/19] nativesdk-intercept: Fix bad intercept chgrp/chown logic Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 14/19] zip: Fix build with gcc-14 Steve Sakoman
` (5 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Newer compilers are strict and have turned some warnings into hard
errors which results in subtle configure check failures. Therefore fix
these tests and also enable largefile support via cflags when its
desired
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...y-correct-function-signatures-and-de.patch | 134 ++++++++++++++++++
...2-unix.c-Do-not-redefine-DIR-as-FILE.patch | 35 +++++
meta/recipes-extended/zip/zip_3.0.bb | 2 +
3 files changed, 171 insertions(+)
create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch
create mode 100644 meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch
new file mode 100644
index 0000000000..a4f8382625
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch
@@ -0,0 +1,134 @@
+From 8810f2643c9372a8083272dc1fc157427646d961 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 10 Aug 2022 17:16:23 -0700
+Subject: [PATCH 1/2] configure: Specify correct function signatures and
+ declarations
+
+Include needed system headers in configure tests, this is needed because
+newer compilers are getting stricter about the C99 specs and turning
+-Wimplicit-function-declaration into hard error e.g. clang-15+
+
+Upstream-Status: Inactive-Upstream
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ unix/configure | 79 +++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 66 insertions(+), 13 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 1d9a9bb..f2b3d02 100644
+--- a/unix/configure
++++ b/unix/configure
+@@ -513,21 +513,70 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null
+ # Check for missing functions
+ # add NO_'function_name' to flags if missing
+
+-for func in rmdir strchr strrchr rename mktemp mktime mkstemp
+-do
+- echo Check for $func
+- echo "int main(){ $func(); return 0; }" > conftest.c
+- $CC $CFLAGS $LDFLAGS $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null
+- [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`"
+-done
++echo Check for rmdir
++cat > conftest.c << _EOF_
++#include <unistd.h>
++int main(){ rmdir(NULL); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_RMDIR"
++
++echo Check for strchr
++cat > conftest.c << _EOF_
++#include <string.h>
++int main(){ strchr(NULL,0); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_STRCHR"
+
++echo Check for strrchr
++cat > conftest.c << _EOF_
++#include <string.h>
++int main(){ strrchr(NULL,0); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_STRRCHR"
++
++echo Check for rename
++cat > conftest.c << _EOF_
++#include <stdio.h>
++int main(){ rename(NULL,NULL); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_RENAME"
++
++echo Check for mktemp
++cat > conftest.c << _EOF_
++#include <stdlib.h>
++int main(){ mktemp(NULL); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKTEMP"
++
++echo Check for mktime
++cat > conftest.c << _EOF_
++#include <time.h>
++int main(){ mktime(NULL); return 0; }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKTIME"
++
++echo Check for mkstemp
++cat > conftest.c << _EOF_
++#include <stdlib.h>
++int main(){ return mkstemp(NULL); }
++_EOF_
++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKSTEMP"
+
+ echo Check for memset
+-echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c
++cat > conftest.c << _EOF_
++#include <string.h>
++int main(){ char k; memset(&k,0,0); return 0; }
++_EOF_
+ $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+ [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DZMEM"
+
+-
+ echo Check for memmove
+ cat > conftest.c << _EOF_
+ #include <string.h>
+@@ -548,7 +597,7 @@ $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+ echo Check for errno declaration
+ cat > conftest.c << _EOF_
+ #include <errno.h>
+-main()
++int main()
+ {
+ errno = 0;
+ return 0;
+@@ -625,14 +674,18 @@ CFLAGS="${CFLAGS} ${OPT}"
+
+ echo Check for valloc
+ cat > conftest.c << _EOF_
+-main()
++#include <stdlib.h>
++int main()
+ {
+ #ifdef MMAP
+- valloc();
++ valloc(0);
+ #endif
++ return 0;
+ }
+ _EOF_
+-$CC ${CFLAGS} -c conftest.c > /dev/null 2>/dev/null
++#$CC ${CFLAGS} -c conftest.c > /dev/null 2>/dev/null
++$CC ${CFLAGS} -c conftest.c
++echo "==========================================="
+ [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_VALLOC"
+
+
+--
+2.37.1
+
diff --git a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
new file mode 100644
index 0000000000..a86e03e620
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
@@ -0,0 +1,35 @@
+From 76f5bf3546d826dcbc03acbefcf0b10b972bf136 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 10 Aug 2022 17:19:38 -0700
+Subject: [PATCH 2/2] unix.c: Do not redefine DIR as FILE
+
+DIR is already provided on Linux via
+/usr/include/dirent.h system header
+
+Upstream-Status: Inactive-Upstream
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ unix/unix.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/unix/unix.c b/unix/unix.c
+index ba87614..6e6f4d2 100644
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -61,13 +61,11 @@ local time_t label_utim = 0;
+ /* Local functions */
+ local char *readd OF((DIR *));
+
+-
+ #ifdef NO_DIR /* for AT&T 3B1 */
+ #include <sys/dir.h>
+ #ifndef dirent
+ # define dirent direct
+ #endif
+-typedef FILE DIR;
+ /*
+ ** Apparently originally by Rich Salz.
+ ** Cleaned up and modified by James W. Birdsall.
+--
+2.37.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index e1e6be6225..b6ec3cd9ad 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -17,6 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://0001-configure-use-correct-CPP.patch \
file://0002-configure-support-PIC-code-build.patch \
file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \
+ file://0001-configure-Specify-correct-function-signatures-and-de.patch \
+ file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \
file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 14/19] zip: Fix build with gcc-14
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 13/19] zip: Make configure checks to be more robust Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 15/19] vala: add -Wno-error=incompatible-pointer-types work around Steve Sakoman
` (4 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
zip's configure fails to link this piece of test code:
int main() { return closedir(opendir(".")); }
with GCC-14 because it now treats implicit declaration of function
as error, unline older GCC version where it was just a warning
and this test would build fine.
Remove 0002-unix.c-Do-not-redefine-DIR-as-FILE.patch which
is now unnecessary (MJ: this part wasn't applicable for kirkstone).
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3422411eb750c7e960b81676637cfb321dbadefb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...e-dirent.h-for-closedir-opendir-APIs.patch | 45 +++++++++++++++++++
...2-unix.c-Do-not-redefine-DIR-as-FILE.patch | 35 ---------------
meta/recipes-extended/zip/zip_3.0.bb | 2 +-
3 files changed, 46 insertions(+), 36 deletions(-)
create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch
delete mode 100644 meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch
new file mode 100644
index 0000000000..0d3af37ded
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch
@@ -0,0 +1,45 @@
+From 9db2f8cdbbc0dfb359d3b4e5dfe48c18652ce531 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 8 May 2024 19:02:46 -0700
+Subject: [PATCH] configure: Include dirent.h for closedir/opendir APIs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+GCC-14 is strict about function prototypes and since the
+testcase tries to compile/link opendir/closedir functions
+without including signatures, it fails to build the test
+due to missing signatures which come from dirent.h
+
+Therefore include the needed system header and make it more
+robust.
+
+Fixes
+a.c:2:21: error: implicit declaration of function ‘closedir’ [-Wimplicit-function-declaration]
+ 2 | int main() { return closedir(opendir(".")); }
+ | ^~~~~~~~
+a.c:2:30: error: implicit declaration of function ‘opendir’ [-Wimplicit-function-declaration]
+ 2 | int main() { return closedir(opendir(".")); }
+ | ^~~~~~~
+
+Upstream-Status: Inactive-Upstream
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ unix/configure | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/unix/configure b/unix/configure
+index f917086..1dd98c6 100644
+--- a/unix/configure
++++ b/unix/configure
+@@ -591,6 +591,7 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null
+
+ echo Check for directory libraries
+ cat > conftest.c << _EOF_
++#include <dirent.h>
+ int main() { return closedir(opendir(".")); }
+ _EOF_
+
+--
+2.45.0
+
diff --git a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
deleted file mode 100644
index a86e03e620..0000000000
--- a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 76f5bf3546d826dcbc03acbefcf0b10b972bf136 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 10 Aug 2022 17:19:38 -0700
-Subject: [PATCH 2/2] unix.c: Do not redefine DIR as FILE
-
-DIR is already provided on Linux via
-/usr/include/dirent.h system header
-
-Upstream-Status: Inactive-Upstream
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- unix/unix.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/unix/unix.c b/unix/unix.c
-index ba87614..6e6f4d2 100644
---- a/unix/unix.c
-+++ b/unix/unix.c
-@@ -61,13 +61,11 @@ local time_t label_utim = 0;
- /* Local functions */
- local char *readd OF((DIR *));
-
--
- #ifdef NO_DIR /* for AT&T 3B1 */
- #include <sys/dir.h>
- #ifndef dirent
- # define dirent direct
- #endif
--typedef FILE DIR;
- /*
- ** Apparently originally by Rich Salz.
- ** Cleaned up and modified by James W. Birdsall.
---
-2.37.1
-
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index b6ec3cd9ad..94de3715d2 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -18,8 +18,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://0002-configure-support-PIC-code-build.patch \
file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \
file://0001-configure-Specify-correct-function-signatures-and-de.patch \
- file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \
file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \
+ file://0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 15/19] vala: add -Wno-error=incompatible-pointer-types work around
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (13 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 14/19] zip: Fix build with gcc-14 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 16/19] cracklib: Modify patch to compile with GCC 14 Steve Sakoman
` (3 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* to allow building vala-native on hosts with gcc-14
* we could backport:
https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79
which is already included in scarthgap, but that's big patch doing almost the same
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/vala/vala.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/vala/vala.inc b/meta/recipes-devtools/vala/vala.inc
index 162e99bb03..87d8fedc3f 100644
--- a/meta/recipes-devtools/vala/vala.inc
+++ b/meta/recipes-devtools/vala/vala.inc
@@ -39,6 +39,10 @@ EOF
EXTRA_OECONF += " --disable-valadoc"
+# work around for vala-native build with gcc-14 instead of backporting
+# https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79
+BUILD_CFLAGS += "-Wno-error=incompatible-pointer-types"
+
# Vapigen wrapper needs to be available system-wide, because it will be used
# to build vapi files from all other packages with vala support
do_install:append:class-target() {
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 16/19] cracklib: Modify patch to compile with GCC 14
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (14 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 15/19] vala: add -Wno-error=incompatible-pointer-types work around Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 17/19] libffi: backport a fix to build libffi-native with gcc-14 Steve Sakoman
` (2 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Zoltan Boszormenyi <zboszor@gmail.com>
GCC 14 implicitly turns a warning into a compiler error:
| ../../git/src/lib/packlib.c: In function ‘PWClose’:
| ../../git/src/lib/packlib.c:554:40: error: passing argument 1 of ‘HwmsHostToBigEndian’ from incompatible pointer type [-Wincompatible-pointer-types]
| 554 | HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
| | ~~~~~~~^~~~~
| | |
| | uint32_t * {aka unsigned int *}
| ../../git/src/lib/packlib.c:142:27: note: expected ‘char *’ but argument is of type ‘uint32_t *’ {aka ‘unsigned int *’}
| 142 | HwmsHostToBigEndian(char *pHwms, int nLen,int nBitType)
| | ~~~~~~^~~~~
Add the cast to (char *) to silence it.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...0001-packlib.c-support-dictionary-byte-order-dependent.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
index 8fb512a224..cf7a0857e0 100644
--- a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
+++ b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
@@ -303,7 +303,7 @@ index 8acb7be..a9d8750 100644
+ PWDICT tmp_pwp;
+
+ memcpy(&tmp_pwp, pwp, sizeof(PWDICT));
-+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
++ HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
+ fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 17/19] libffi: backport a fix to build libffi-native with gcc-14
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (15 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 16/19] cracklib: Modify patch to compile with GCC 14 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 18/19] at-spi2-core: backport a patch to fix build with gcc-14 on host Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 19/19] util-linux: Define pidfd_* function signatures Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ward-declare-open_temp_exec_file-764.patch | 47 +++++++++++++++++++
meta/recipes-support/libffi/libffi_3.4.4.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch
diff --git a/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch b/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch
new file mode 100644
index 0000000000..4b135961fd
--- /dev/null
+++ b/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch
@@ -0,0 +1,47 @@
+From 216bf8daeb30880957e0c888efbed1f0a7478c32 Mon Sep 17 00:00:00 2001
+From: serge-sans-paille <serge.guelton@telecom-bretagne.eu>
+Date: Thu, 2 Feb 2023 14:46:29 +0000
+Subject: [PATCH] Forward declare open_temp_exec_file (#764)
+
+It's defined in closures.c and used in tramp.c.
+Also declare it as an hidden symbol, as it should be.
+
+Co-authored-by: serge-sans-paille <sguelton@mozilla.com>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+
+Upstream-Status: Backport [v3.4.5 https://github.com/libffi/libffi/commit/ce077e5565366171aa1b4438749b0922fce887a4]
+---
+ include/ffi_common.h | 4 ++++
+ src/tramp.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/include/ffi_common.h b/include/ffi_common.h
+index 2bd31b0..c53a794 100644
+--- a/include/ffi_common.h
++++ b/include/ffi_common.h
+@@ -128,6 +128,10 @@ void *ffi_data_to_code_pointer (void *data) FFI_HIDDEN;
+ static trampoline. */
+ int ffi_tramp_is_present (void *closure) FFI_HIDDEN;
+
++/* Return a file descriptor of a temporary zero-sized file in a
++ writable and executable filesystem. */
++int open_temp_exec_file(void) FFI_HIDDEN;
++
+ /* Extended cif, used in callback from assembly routine */
+ typedef struct
+ {
+diff --git a/src/tramp.c b/src/tramp.c
+index b9d273a..c3f4c99 100644
+--- a/src/tramp.c
++++ b/src/tramp.c
+@@ -39,6 +39,10 @@
+ #ifdef __linux__
+ #define _GNU_SOURCE 1
+ #endif
++
++#include <ffi.h>
++#include <ffi_common.h>
++
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
diff --git a/meta/recipes-support/libffi/libffi_3.4.4.bb b/meta/recipes-support/libffi/libffi_3.4.4.bb
index 4ceee6f3cc..f727e91345 100644
--- a/meta/recipes-support/libffi/libffi_3.4.4.bb
+++ b/meta/recipes-support/libffi/libffi_3.4.4.bb
@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8"
SRC_URI = "https://github.com/libffi/libffi/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
file://not-win32.patch \
file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \
+ file://0001-Forward-declare-open_temp_exec_file-764.patch \
"
SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676"
UPSTREAM_CHECK_URI = "https://github.com/libffi/libffi/releases/"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 18/19] at-spi2-core: backport a patch to fix build with gcc-14 on host
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (16 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 17/19] libffi: backport a fix to build libffi-native with gcc-14 Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 19/19] util-linux: Define pidfd_* function signatures Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* fixes:
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c: In function ?atspi_device_listener_new_simple?:
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:252:37: error: passing argument 1 of ?atspi_device_listener_new? from incompatible pointer type [-Wincompatible-pointer-types]
| 252 | return atspi_device_listener_new (device_remove_datum, callback, callback_destroyed);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | gboolean (*)(const AtspiDeviceEvent *, void *) {aka int (*)(const struct _AtspiDeviceEvent *, void *)}
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:222:50: note: expected ?AtspiDeviceListenerCB? {aka ?int (*)(struct _AtspiDeviceEvent *, void *)?} but argument is of type ?gboolean (*)(const AtspiDeviceEvent *, void *)? {aka ?int (*)(const struct _AtspiDeviceEvent *, void *)?}
| 222 | atspi_device_listener_new (AtspiDeviceListenerCB callback,
| | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-Fix-function-prototype.patch | 27 +++++++++++++++++++
.../atk/at-spi2-core_2.42.0.bb | 1 +
2 files changed, 28 insertions(+)
create mode 100644 meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch
diff --git a/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch b/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch
new file mode 100644
index 0000000000..4fe7866ff7
--- /dev/null
+++ b/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch
@@ -0,0 +1,27 @@
+From b29826379068a05cdd42ba6e956d17e4d6681c7b Mon Sep 17 00:00:00 2001
+From: Federico Mena Quintero <federico@gnome.org>
+Date: Tue, 23 Nov 2021 11:18:51 -0600
+Subject: [PATCH] Fix function prototype
+
+device_remove_datum already implicitly casts its cb to a
+AtspiDeviceListenerSimpleCB, which takes a const *event.
+
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [v2.43.92 https://github.com/GNOME/at-spi2-core/commit/1e91fc4cff2080696be914e26f4cdf0bf32d1550]
+---
+ atspi/atspi-device-listener.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/atspi/atspi-device-listener.c b/atspi/atspi-device-listener.c
+index 69f77d1..9776ebd 100644
+--- a/atspi/atspi-device-listener.c
++++ b/atspi/atspi-device-listener.c
+@@ -53,7 +53,7 @@ device_event_handler_new (AtspiDeviceListenerCB callback,
+ }
+
+ static gboolean
+-device_remove_datum (const AtspiDeviceEvent *event, void *user_data)
++device_remove_datum (AtspiDeviceEvent *event, void *user_data)
+ {
+ AtspiDeviceListenerSimpleCB cb = user_data;
+ return cb (event);
diff --git a/meta/recipes-support/atk/at-spi2-core_2.42.0.bb b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb
index 9ca969cbb8..97e09202fd 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.42.0.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb
@@ -11,6 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://0001-Ensure-x11_dep-is-defined.patch \
+ file://0001-Fix-function-prototype.patch \
"
SRC_URI[sha256sum] = "4b5da10e94fa3c6195f95222438f63a0234b99ef9df772c7640e82baeaa6e386"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 19/19] util-linux: Define pidfd_* function signatures
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (17 preceding siblings ...)
2024-10-29 18:59 ` [OE-core][kirkstone 18/19] at-spi2-core: backport a patch to fix build with gcc-14 on host Steve Sakoman
@ 2024-10-29 18:59 ` Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-10-29 18:59 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
glibc 2.36 has added sys/pidfd.h and APIs for
pidfd_send_signal and pidfd_open, therefore check
for this header and include it if it exists
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../0001-check-for-sys-pidfd.h.patch | 50 +++++++++++++++++++
2 files changed, 51 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index f8841e6be0..b9172230e7 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -35,6 +35,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://run-ptest \
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
+ file://0001-check-for-sys-pidfd.h.patch \
file://CVE-2024-28085-0001.patch \
file://CVE-2024-28085-0002.patch \
file://CVE-2024-28085-0003.patch \
diff --git a/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch b/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
new file mode 100644
index 0000000000..f2073eba02
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
@@ -0,0 +1,50 @@
+From a77af2e46ea233d9e5d3b16396d41a252a5a3172 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 7 Aug 2022 14:39:19 -0700
+Subject: [PATCH] check for sys/pidfd.h
+
+This header in newer glibc defines the signatures of functions
+pidfd_send_signal() and pidfd_open() and when these functions are
+defined by libc then we need to include the relevant header to get
+the definitions. Clang 15+ has started to error out when function
+signatures are missing.
+
+Fixes errors like
+misc-utils/kill.c:402:6: error: call to undeclared function 'pidfd_send_signal'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
+ if (pidfd_send_signal(pfd, ctl->numsig, &info, 0) < 0)
+
+Upstream-Status: Submitted [https://github.com/util-linux/util-linux/pull/1769]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.ac | 1 +
+ include/pidfd-utils.h | 4 +++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index c38d871..72e893f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -339,6 +339,7 @@ AC_CHECK_HEADERS([ \
+ sys/mkdev.h \
+ sys/mount.h \
+ sys/param.h \
++ sys/pidfd.h \
+ sys/prctl.h \
+ sys/resource.h \
+ sys/sendfile.h \
+diff --git a/include/pidfd-utils.h b/include/pidfd-utils.h
+index 4a6c3a6..7c0c061 100644
+--- a/include/pidfd-utils.h
++++ b/include/pidfd-utils.h
+@@ -4,8 +4,10 @@
+ #if defined(__linux__)
+ # include <sys/syscall.h>
+ # if defined(SYS_pidfd_send_signal) && defined(SYS_pidfd_open)
++# ifdef HAVE_SYS_PIDFD_H
++# include <sys/pidfd.h>
++# endif
+ # include <sys/types.h>
+-
+ # ifndef HAVE_PIDFD_SEND_SIGNAL
+ static inline int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
+ unsigned int flags)
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2024-11-13 3:15 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-13 3:15 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 14
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/426
The following changes since commit 2e8819c0b9ada2b600aecc40c974a18eb7c0a666:
xmlto: backport a patch to fix build with gcc-14 on host (2024-11-05 14:15:16 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexandre Belloni (1):
pseudo: Update to pull in fd leak fix
Archana Polampalli (1):
ghostscript: fix CVE-2023-46361
Khem Raj (1):
pseudo: Disable LFS on 32bit arches
Ola x Nilsson (1):
patch.py: Use shlex instead of deprecated pipe
Peter Marko (4):
curl: patch CVE-2024-9681
gstreamer1.0: ignore CVE-2024-0444
expat: patch CVE-2024-50602
glib-2.0: patch regression of CVE-2023-32665
Philip Lorenz (1):
cmake: Fix sporadic issues when determining compiler internals
Richard Purdie (10):
pseudo: Update to pull in linux-libc-headers race fix
pseudo: Switch back to the master branch
pseudo: Update to include logic fix
pseudo: Update to pull in syncfs probe fix
pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
pseudo: Update to pull in fchmodat fix
pseudo: Update to pull in python 3.12+ fix
pseudo: Fix to work with glibc 2.40
pseudo: Update to include open symlink handling bugfix
pseudo: Fix envp bug and add posix_spawn wrapper
meta/lib/oe/patch.py | 11 ++-
.../expat/expat/CVE-2024-50602-01.patch | 56 ++++++++++++
.../expat/expat/CVE-2024-50602-02.patch | 38 +++++++++
meta/recipes-core/expat/expat_2.5.0.bb | 2 +
...aliser-Convert-endianness-of-offsets.patch | 68 +++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 +
meta/recipes-devtools/cmake/cmake.inc | 1 +
...mpilerABI-Strip-pipe-from-compile-fl.patch | 52 ++++++++++++
.../pseudo/files/glibc238.patch | 23 ++---
meta/recipes-devtools/pseudo/pseudo_git.bb | 11 ++-
.../ghostscript/CVE-2023-46361.patch | 32 +++++++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../gstreamer/gstreamer1.0_1.20.7.bb | 3 +
.../curl/curl/CVE-2024-9681.patch | 85 +++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
15 files changed, 362 insertions(+), 23 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch
create mode 100644 meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2024-11-22 21:26 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, November 26
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/505
The following changes since commit fb45c5cf8c2b663af293acb069d446610f77ff1a:
build-appliance-image: Update to kirkstone head revision (2024-11-15 12:18:46 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.22
Archana Polampalli (6):
ffmpeg: fix CVE-2024-32230
ffmpeg: fix CVE-2023-51793
ffmpeg: fix CVE-2023-50008
ffmpeg: fix CVE-2024-31582
ffmpeg: fix CVE-2024-31578
ffmpeg: fix CVE-2023-51794
Chen Qi (1):
toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
Khem Raj (1):
webkitgtk: Fix build on 32bit arm
Liyin Zhang (1):
lttng-modules: fix build error after kernel update to 5.15.171
Ovidiu Panait (1):
webkitgtk: fix perl-native dependency
Regis Dargent (1):
udev-extraconf: fix network.sh script did not configure hotplugged
interfaces
Ross Burton (1):
webkitgtk: reduce size of -dbg package
Steve Sakoman (1):
llvm: reduce size of -dbg package
Vijay Anusuri (4):
ghostscript: Backport fix for multiple CVE's
libsoup: Fix for CVE-2024-52530 and CVE-2024-52532
libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532
glib-2.0: Backport fix for CVE-2024-52533
Wang Mingyu (1):
wireless-regdb: upgrade 2024.07.04 -> 2024.10.07
meta/files/toolchain-shar-extract.sh | 4 +
.../glib-2.0/glib-2.0/CVE-2024-52533.patch | 49 +++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 +
.../udev/udev-extraconf/network.sh | 32 --
meta/recipes-devtools/llvm/llvm_git.bb | 2 +
.../ghostscript/CVE-2024-46951.patch | 31 ++
.../ghostscript/CVE-2024-46952.patch | 62 ++++
.../ghostscript/CVE-2024-46953.patch | 67 ++++
.../ghostscript/CVE-2024-46955.patch | 60 ++++
.../ghostscript/CVE-2024-46956.patch | 30 ++
.../ghostscript/ghostscript_9.55.0.bb | 5 +
...c-fix-tracepoint-mm_page_alloc_zone_.patch | 61 ++++
.../lttng/lttng-modules_2.13.14.bb | 1 +
....07.04.bb => wireless-regdb_2024.10.07.bb} | 2 +-
.../ffmpeg/ffmpeg/CVE-2023-50008.patch | 29 ++
.../ffmpeg/ffmpeg/CVE-2023-51793.patch | 67 ++++
.../ffmpeg/ffmpeg/CVE-2023-51794.patch | 35 +++
.../ffmpeg/ffmpeg/CVE-2024-31578.patch | 49 +++
.../ffmpeg/ffmpeg/CVE-2024-31582.patch | 34 ++
.../ffmpeg/ffmpeg/CVE-2024-32230.patch | 35 +++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 6 +
...44e17d258106617b0e6d783d073b188a2548.patch | 296 ++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 7 +-
.../libsoup/libsoup-2.4/CVE-2024-52530.patch | 149 +++++++++
.../libsoup-2.4/CVE-2024-52532-1.patch | 36 +++
.../libsoup-2.4/CVE-2024-52532-2.patch | 42 +++
.../libsoup/libsoup-2.4_2.74.2.bb | 3 +
.../libsoup/libsoup/CVE-2024-52530.patch | 149 +++++++++
.../libsoup/libsoup/CVE-2024-52532-1.patch | 36 +++
.../libsoup/libsoup/CVE-2024-52532-2.patch | 42 +++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 6 +-
scripts/install-buildtools | 4 +-
32 files changed, 1395 insertions(+), 37 deletions(-)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} (94%)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/19] Patch review
@ 2025-01-07 18:08 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-01-07 18:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, January 9
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/758
The following changes since commit fb9ebc811800eb8880e3687243d75bafab77a700:
ovmf-native: remove .pyc files from install (2025-01-06 05:56:49 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (10):
linux-yocto/5.15: update to v5.15.167
linux-yocto/5.10: update to v5.10.226
linux-yocto/5.10: update to v5.10.227
linux-yocto/5.15: update to v5.15.168
linux-yocto/5.15: update to v5.15.169
linux-yocto/5.15: update to v5.15.170
linux-yocto/5.15: update to v5.15.171
linux-yocto/5.15: update to v5.15.173
linux-yocto/5.15: update to v5.15.174
linux-yocto/5.15: update to v5.15.175
Vijay Anusuri (9):
gstreamer1.0-plugins-base: Fix for multiple CVE's
gstreamer1.0: Backport fix for CVE-2024-47606
gstreamer1.0-plugins-good: fix several CVE's
gstreamer1.0-plugins-good: Fix for CVE-2024-47599
gstreamer1.0-plugins-good: Fix multiple CVEs
gstreamer1.0-plugins-good: Fix CVE-2024-47606
gstreamer1.0-plugins-good: Fix CVE-2024-47613
gstreamer1.0-plugins-good: Fix CVE-2024-47774
gstreamer1.0-plugins-good: Fix multiple CVE's
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../CVE-2024-47538.patch | 35 ++
.../CVE-2024-47541-1.patch | 38 ++
.../CVE-2024-47541-2.patch | 99 ++++
.../CVE-2024-47542.patch | 64 +++
.../CVE-2024-47600.patch | 38 ++
.../CVE-2024-47607.patch | 41 ++
.../CVE-2024-47615-1.patch | 79 +++
.../CVE-2024-47615-2.patch | 168 +++++++
.../CVE-2024-47835.patch | 39 ++
.../gstreamer1.0-plugins-base_1.20.7.bb | 9 +
...7544_47545_47546_47596_47597_47598-1.patch | 64 +++
...544_47545_47546_47596_47597_47598-10.patch | 97 ++++
...544_47545_47546_47596_47597_47598-11.patch | 36 ++
...544_47545_47546_47596_47597_47598-12.patch | 37 ++
...7544_47545_47546_47596_47597_47598-2.patch | 73 +++
...7544_47545_47546_47596_47597_47598-3.patch | 36 ++
...7544_47545_47546_47596_47597_47598-4.patch | 63 +++
...7544_47545_47546_47596_47597_47598-5.patch | 44 ++
...7544_47545_47546_47596_47597_47598-6.patch | 120 +++++
...7544_47545_47546_47596_47597_47598-7.patch | 449 ++++++++++++++++++
...7544_47545_47546_47596_47597_47598-8.patch | 56 +++
...7544_47545_47546_47596_47597_47598-9.patch | 49 ++
...4_47545_47546_47596_47597_47598-pre1.patch | 127 +++++
...2024-47540_47601_47602_47603_47834-1.patch | 56 +++
...2024-47540_47601_47602_47603_47834-2.patch | 31 ++
...2024-47540_47601_47602_47603_47834-3.patch | 39 ++
...2024-47540_47601_47602_47603_47834-4.patch | 47 ++
...2024-47540_47601_47602_47603_47834-5.patch | 48 ++
...2024-47540_47601_47602_47603_47834-6.patch | 39 ++
...2024-47540_47601_47602_47603_47834-7.patch | 40 ++
.../CVE-2024-47599.patch | 99 ++++
.../CVE-2024-47606.patch | 44 ++
.../CVE-2024-47613.patch | 53 +++
.../CVE-2024-47774.patch | 46 ++
.../CVE-2024-47775_47776_47777_47778-1.patch | 171 +++++++
.../CVE-2024-47775_47776_47777_47778-2.patch | 38 ++
.../CVE-2024-47775_47776_47777_47778-3.patch | 62 +++
.../CVE-2024-47775_47776_47777_47778-4.patch | 34 ++
.../CVE-2024-47775_47776_47777_47778-5.patch | 37 ++
.../CVE-2024-47775_47776_47777_47778-6.patch | 44 ++
.../CVE-2024-47775_47776_47777_47778-7.patch | 38 ++
.../gstreamer1.0-plugins-good_1.20.7.bb | 31 ++
.../gstreamer1.0/CVE-2024-47606.patch | 56 +++
.../gstreamer/gstreamer1.0_1.20.7.bb | 1 +
50 files changed, 2953 insertions(+), 38 deletions(-)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47538.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47541-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47541-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47542.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47600.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47607.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47615-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47615-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47835.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-10.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-11.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-12.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-3.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-4.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-5.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-6.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-7.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-8.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-9.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-pre1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-3.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-4.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-5.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-6.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-7.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47599.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47613.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47774.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-3.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-4.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-5.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-6.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-7.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/CVE-2024-47606.patch
--
2.43.0
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2025-01-07 18:08 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-29 18:59 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 02/19] openssl: patch CVE-2024-9143 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 03/19] qemu: fix CVE-2023-3019 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 04/19] python3: ignore fixed CVEs Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 05/19] cve-check: add CVSS vector string to CVE database and reports Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 06/19] cve-check: add support for cvss v4.0 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 07/19] vim: Upgrade 9.1.0682 -> 9.1.0698 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 08/19] vim: Upgrade 9.1.0698 -> 9.1.0764 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 09/19] orc: upgrade 0.4.39 -> 0.4.40 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 10/19] overlayfs-etc: add option to skip creation of mount dirs Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 11/19] bmap-tools: update HOMEPAGE and SRC_URI Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 12/19] nativesdk-intercept: Fix bad intercept chgrp/chown logic Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 13/19] zip: Make configure checks to be more robust Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 14/19] zip: Fix build with gcc-14 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 15/19] vala: add -Wno-error=incompatible-pointer-types work around Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 16/19] cracklib: Modify patch to compile with GCC 14 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 17/19] libffi: backport a fix to build libffi-native with gcc-14 Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 18/19] at-spi2-core: backport a patch to fix build with gcc-14 on host Steve Sakoman
2024-10-29 18:59 ` [OE-core][kirkstone 19/19] util-linux: Define pidfd_* function signatures Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-01-07 18:08 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-11-22 21:26 Steve Sakoman
2024-11-13 3:15 Steve Sakoman
2022-12-18 16:12 Steve Sakoman
2022-08-31 14:39 Steve Sakoman
2022-05-25 14:29 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox