* [OE-core][kirkstone 01/19] ghostscript: Backport fix for multiple CVE's
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 02/19] libsoup: Fix for CVE-2024-52530 and CVE-2024-52532 Steve Sakoman
` (17 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from ubuntu to fix
CVE-2024-46951
CVE-2024-46952
CVE-2024-46953
CVE-2024-46955
CVE-2024-46956
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ghostscript/CVE-2024-46951.patch | 31 +++++++++
.../ghostscript/CVE-2024-46952.patch | 62 +++++++++++++++++
.../ghostscript/CVE-2024-46953.patch | 67 +++++++++++++++++++
.../ghostscript/CVE-2024-46955.patch | 60 +++++++++++++++++
.../ghostscript/CVE-2024-46956.patch | 30 +++++++++
.../ghostscript/ghostscript_9.55.0.bb | 5 ++
6 files changed, 255 insertions(+)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
new file mode 100644
index 0000000000..b3481f03a4
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
@@ -0,0 +1,31 @@
+From ada21374f0c90cc3acf7ce0e96302394560c7aee Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:16:39 +0100
+Subject: PS interpreter - check the type of the Pattern Implementation
+
+Bug #707991
+
+See bug report for details.
+
+CVE-2024-46951
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46951.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee]
+CVE: CVE-2024-46951
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zcolor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -5054,6 +5054,9 @@ static int patterncomponent(i_ctx_t * i_
+ code = array_get(imemory, pImpl, 0, &pPatInst);
+ if (code < 0)
+ return code;
++
++ if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
++ return_error(gs_error_typecheck);
+ cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
+ if (pattern_instance_uses_base_space(cc.pattern))
+ *n = n_comps;
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
new file mode 100644
index 0000000000..8b495a6f99
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
@@ -0,0 +1,62 @@
+From 1fb76aaddac34530242dfbb9579d9997dae41264 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Mon, 2 Sep 2024 15:14:01 +0100
+Subject: PDF interpreter - sanitise W array values in Xref streams
+
+Bug #708001 "Buffer overflow in PDF XRef stream"
+
+See bug report. I've chosen to fix this by checking the values in the
+W array; these can (currently at least) only have certain relatively
+small values.
+
+As a future proofing fix I've also updated field_size in
+pdf_xref_stream_entries() to be a 64-bit integer. This is far bigger
+than required, but matches the W array values and so prevents the
+mismatch which could lead to a buffer overrun.
+
+CVE-2024-46952
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46952.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264]
+CVE: CVE-2024-46952
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ pdf/pdf_xref.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+--- a/pdf/pdf_xref.c
++++ b/pdf/pdf_xref.c
+@@ -53,7 +53,7 @@ static int resize_xref(pdf_context *ctx,
+ static int read_xref_stream_entries(pdf_context *ctx, pdf_c_stream *s, uint64_t first, uint64_t last, uint64_t *W)
+ {
+ uint i, j;
+- uint field_width = 0;
++ uint64_t field_width = 0;
+ uint32_t type = 0;
+ uint64_t objnum = 0, gen = 0;
+ byte *Buffer;
+@@ -292,6 +292,24 @@ static int pdfi_process_xref_stream(pdf_
+ }
+ pdfi_countdown(a);
+
++ /* W[0] is either:
++ * 0 (no type field) or a single byte with the type.
++ * W[1] is either:
++ * The object number of the next free object, the byte offset of this object in the file or the object5 number of the object stream where this object is stored.
++ * W[2] is either:
++ * The generation number to use if this object is used again, the generation number of the object or the index of this object within the object stream.
++ *
++ * Object and generation numbers are limited to unsigned 64-bit values, as are bytes offsets in the file, indexes of objects within the stream likewise (actually
++ * most of these are generally 32-bit max). So we can limit the field widths to 8 bytes, enough to hold a 64-bit number.
++ * Even if a later version of the spec makes these larger (which seems unlikely!) we still cna't cope with integers > 64-bits.
++ */
++ if (W[0] > 1 || W[1] > 8 || W[2] > 8) {
++ pdfi_close_file(ctx, XRefStrm);
++ pdfi_countdown(ctx->xref_table);
++ ctx->xref_table = NULL;
++ return code;
++ }
++
+ code = pdfi_dict_get_type(ctx, sdict, "Index", PDF_ARRAY, (pdf_obj **)&a);
+ if (code == gs_error_undefined) {
+ code = read_xref_stream_entries(ctx, XRefStrm, 0, size - 1, (uint64_t *)W);
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
new file mode 100644
index 0000000000..0e36838907
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
@@ -0,0 +1,67 @@
+From 294a3755e33f453dd92e2a7c4cfceb087ac09d6a Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 27 May 2024 13:38:36 +0100
+Subject: Bug 707793: Check for overflow validating format string
+
+for the output file name
+
+CVE-2024-46953
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46953.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a]
+CVE: CVE-2024-46953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ base/gsdevice.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+--- a/base/gsdevice.c
++++ b/base/gsdevice.c
+@@ -1069,7 +1069,7 @@ static int
+ gx_parse_output_format(gs_parsed_file_name_t *pfn, const char **pfmt)
+ {
+ bool have_format = false, field;
+- int width[2], int_width = sizeof(int) * 3, w = 0;
++ uint width[2], int_width = sizeof(int) * 3, w = 0;
+ uint i;
+
+ /* Scan the file name for a format string, and validate it if present. */
+@@ -1098,6 +1098,8 @@ gx_parse_output_format(gs_parsed_file_na
+ default: /* width (field = 0) and precision (field = 1) */
+ if (strchr("0123456789", pfn->fname[i])) {
+ width[field] = width[field] * 10 + pfn->fname[i] - '0';
++ if (width[field] > max_int)
++ return_error(gs_error_undefinedfilename);
+ continue;
+ } else if (0 == field && '.' == pfn->fname[i]) {
+ field++;
+@@ -1126,8 +1128,10 @@ gx_parse_output_format(gs_parsed_file_na
+ /* Calculate a conservative maximum width. */
+ w = max(width[0], width[1]);
+ w = max(w, int_width) + 5;
++ if (w > max_int)
++ return_error(gs_error_undefinedfilename);
+ }
+- return w;
++ return (int)w;
+ }
+
+ /*
+@@ -1180,10 +1184,15 @@ gx_parse_output_file_name(gs_parsed_file
+ if (!pfn->fname)
+ return 0;
+ code = gx_parse_output_format(pfn, pfmt);
+- if (code < 0)
++ if (code < 0) {
+ return code;
+- if (strlen(pfn->iodev->dname) + pfn->len + code >= gp_file_name_sizeof)
++ }
++
++ if (pfn->len >= gp_file_name_sizeof - strlen(pfn->iodev->dname) ||
++ code >= gp_file_name_sizeof - strlen(pfn->iodev->dname) - pfn->len) {
+ return_error(gs_error_undefinedfilename);
++ }
++
+ return 0;
+ }
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
new file mode 100644
index 0000000000..9186412a48
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
@@ -0,0 +1,60 @@
+From ca1fc2aefe9796e321d0589afe7efb35063c8b2a Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:11:53 +0100
+Subject: PS interpreter - check Indexed colour space index
+
+Bug #707990 "Out of bounds read when reading color in "Indexed" color space"
+
+Check the 'index' is in the valid range (0 to hival) for the colour
+space.
+
+Also a couple of additional checks on the type of the 'proc' for
+Indexed, DeviceN and Separation spaces. Make sure these really are
+procs in case the user changed the colour space array.
+
+CVE-2024-46955
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46955.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a]
+CVE: CVE-2024-46955
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zcolor.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -3628,6 +3628,7 @@ static int septransform(i_ctx_t *i_ctx_p
+ code = array_get(imemory, sepspace, 3, &proc);
+ if (code < 0)
+ return code;
++ check_proc(proc);
+ *esp = proc;
+ return o_push_estack;
+ }
+@@ -4449,6 +4450,7 @@ static int devicentransform(i_ctx_t *i_c
+ code = array_get(imemory, devicenspace, 3, &proc);
+ if (code < 0)
+ return code;
++ check_proc(proc);
+ *esp = proc;
+ return o_push_estack;
+ }
+@@ -4864,6 +4866,7 @@ static int indexedbasecolor(i_ctx_t * i_
+ code = array_get(imemory, space, 3, &proc);
+ if (code < 0)
+ return code;
++ check_proc(proc);
+ *ep = proc; /* lookup proc */
+ return o_push_estack;
+ } else {
+@@ -4877,6 +4880,9 @@ static int indexedbasecolor(i_ctx_t * i_
+ if (!r_has_type(op, t_integer))
+ return_error (gs_error_typecheck);
+ index = op->value.intval;
++ /* Ensure it is in range. See bug #707990 */
++ if (index < 0 || index > pcs->params.indexed.hival)
++ return_error(gs_error_rangecheck);
+ /* And remove it from the stack. */
+ ref_stack_pop(&o_stack, 1);
+ op = osp;
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
new file mode 100644
index 0000000000..77cf8a7da0
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
@@ -0,0 +1,30 @@
+From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Tue, 23 Jul 2024 11:48:39 +0100
+Subject: PostScript interpreter - fix buffer length check
+
+Bug 707895
+
+See bug report for details.
+
+CVE-2024-46956
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46956.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c]
+CVE: CVE-2024-46956
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)
+ if (code == ~(uint) 0) { /* all done */
+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
+ return o_pop_estack;
+- } else if (code > len) { /* overran string */
++ } else if (code > len - devlen) { /* overran string */
+ return_error(gs_error_rangecheck);
+ }
+ else if (iodev != iodev_default(imemory)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 9f368a291f..cd0a7de70e 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -57,6 +57,11 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2024-29508-1.patch \
file://CVE-2024-29508-2.patch \
file://CVE-2023-46361.patch \
+ file://CVE-2024-46951.patch \
+ file://CVE-2024-46952.patch \
+ file://CVE-2024-46953.patch \
+ file://CVE-2024-46955.patch \
+ file://CVE-2024-46956.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 02/19] libsoup: Fix for CVE-2024-52530 and CVE-2024-52532
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 01/19] ghostscript: Backport fix for multiple CVE's Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 03/19] libsoup-2.4: Backport fix " Steve Sakoman
` (16 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2024-52530.patch | 149 ++++++++++++++++++
.../libsoup/libsoup/CVE-2024-52532-1.patch | 36 +++++
.../libsoup/libsoup/CVE-2024-52532-2.patch | 42 +++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 6 +-
4 files changed, 232 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ * ignorable trailing whitespace.
+ */
+
++ /* No '\0's are allowed */
++ if (memchr (str, '\0', len))
++ return FALSE;
++
+ /* Skip over the Request-Line / Status-Line */
+ headers_start = memchr (str, '\n', len);
+ if (!headers_start)
+ return FALSE;
+- /* No '\0's in the Request-Line / Status-Line */
+- if (memchr (str, '\0', headers_start - str))
+- return FALSE;
+
+ /* We work on a copy of the headers, which we can write '\0's
+ * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ headers_copy[copy_len] = '\0';
+ value_end = headers_copy;
+
+- /* There shouldn't be any '\0's in the headers already, but
+- * this is the web we're talking about.
+- */
+- while ((p = memchr (headers_copy, '\0', copy_len))) {
+- memmove (p, p + 1, copy_len - (p - headers_copy));
+- copy_len--;
+- }
+-
+ while (*(value_end + 1)) {
+ name = value_end + 1;
+ name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ }
+ },
+
+- { "NUL in header name", "760832",
+- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "example.com" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "examplecom" },
+- { NULL }
+- }
+- },
+-
+ /************************/
+ /*** INVALID REQUESTS ***/
+ /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ SOUP_STATUS_EXPECTATION_FAILED,
+ NULL, NULL, -1,
+ { { NULL } }
++ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
++ },
++
++ { "NUL in header value", NULL,
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
+ }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ { NULL } }
+ },
+
+- { "NUL in header name", "760832",
+- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+ /********************************/
+ /*** VALID CONTINUE RESPONSES ***/
+ /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ { { NULL }
+ }
+ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
++
++ { "NUL in header value", "760832",
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..8fdf50aed4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/websocket/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
+index a1a730473..a14481340 100644
+--- a/libsoup/websocket/soup-websocket-connection.c
++++ b/libsoup/websocket/soup-websocket-connection.c
+@@ -1199,9 +1199,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+ }
+
+ priv->incoming->len = len + count;
+- } while (count > 0);
+
+- process_incoming (self);
++ process_incoming (self);
++ } while (count > 0 && !priv->close_sent && !priv->io_closing);
+
+ if (end) {
+ if (!priv->close_sent || !priv->close_received) {
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+ GError *error = NULL;
+ InvalidEncodeLengthTest context = { test, NULL };
+ guint i;
++ guint error_id;
+
+- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+
+ /* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+ WAIT_UNTIL (error != NULL || received != NULL);
+ g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ g_clear_error (&error);
++ g_signal_handler_disconnect (test->client, error_id);
+ g_assert_null (received);
+
+ g_thread_join (thread);
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 59cc4a1d0a..919fef5107 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -11,7 +11,11 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
-SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
+ file://CVE-2024-52530.patch \
+ file://CVE-2024-52532-1.patch \
+ file://CVE-2024-52532-2.patch \
+ "
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
PROVIDES = "libsoup-3.0"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 03/19] libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 01/19] ghostscript: Backport fix for multiple CVE's Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 02/19] libsoup: Fix for CVE-2024-52530 and CVE-2024-52532 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 04/19] glib-2.0: Backport fix for CVE-2024-52533 Steve Sakoman
` (15 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup-2.4/CVE-2024-52530.patch | 149 ++++++++++++++++++
.../libsoup-2.4/CVE-2024-52532-1.patch | 36 +++++
.../libsoup-2.4/CVE-2024-52532-2.patch | 42 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 3 +
4 files changed, 230 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ * ignorable trailing whitespace.
+ */
+
++ /* No '\0's are allowed */
++ if (memchr (str, '\0', len))
++ return FALSE;
++
+ /* Skip over the Request-Line / Status-Line */
+ headers_start = memchr (str, '\n', len);
+ if (!headers_start)
+ return FALSE;
+- /* No '\0's in the Request-Line / Status-Line */
+- if (memchr (str, '\0', headers_start - str))
+- return FALSE;
+
+ /* We work on a copy of the headers, which we can write '\0's
+ * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ headers_copy[copy_len] = '\0';
+ value_end = headers_copy;
+
+- /* There shouldn't be any '\0's in the headers already, but
+- * this is the web we're talking about.
+- */
+- while ((p = memchr (headers_copy, '\0', copy_len))) {
+- memmove (p, p + 1, copy_len - (p - headers_copy));
+- copy_len--;
+- }
+-
+ while (*(value_end + 1)) {
+ name = value_end + 1;
+ name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ }
+ },
+
+- { "NUL in header name", "760832",
+- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "example.com" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "examplecom" },
+- { NULL }
+- }
+- },
+-
+ /************************/
+ /*** INVALID REQUESTS ***/
+ /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ SOUP_STATUS_EXPECTATION_FAILED,
+ NULL, NULL, -1,
+ { { NULL } }
++ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
++ },
++
++ { "NUL in header value", NULL,
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
+ }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ { NULL } }
+ },
+
+- { "NUL in header name", "760832",
+- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+ /********************************/
+ /*** VALID CONTINUE RESPONSES ***/
+ /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ { { NULL }
+ }
+ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
++
++ { "NUL in header value", "760832",
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..68eb942762
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index a4095e1..9d5f4f8 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+ }
+
+ pv->incoming->len = len + count;
+- } while (count > 0);
+
+- process_incoming (self);
++ process_incoming (self);
++ } while (count > 0 && !pv->close_sent && !pv->io_closing);
+
+ if (end) {
+ if (!pv->close_sent || !pv->close_received) {
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+ GError *error = NULL;
+ InvalidEncodeLengthTest context = { test, NULL };
+ guint i;
++ guint error_id;
+
+- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+
+ /* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+ WAIT_UNTIL (error != NULL || received != NULL);
+ g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ g_clear_error (&error);
++ g_signal_handler_disconnect (test->client, error_id);
+ g_assert_null (received);
+
+ g_thread_join (thread);
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index be286e1849..b1962961ce 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -13,6 +13,9 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://0001-meson.build-set-c_std-to-gnu99.patch \
+ file://CVE-2024-52530.patch \
+ file://CVE-2024-52532-1.patch \
+ file://CVE-2024-52532-2.patch \
"
SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 04/19] glib-2.0: Backport fix for CVE-2024-52533
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 03/19] libsoup-2.4: Backport fix " Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 05/19] ffmpeg: fix CVE-2024-32230 Steve Sakoman
` (14 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glib-2.0/glib-2.0/CVE-2024-52533.patch | 49 +++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
new file mode 100644
index 0000000000..3a06a9d782
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
@@ -0,0 +1,49 @@
+From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
+CVE: CVE-2024-52533
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+ * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+ * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL |
+ * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- * 1 1 2 4 variable 1 variable
++ * 1 1 2 4 variable 1 variable 1
+ */
+-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8 *msg,
+ const gchar *hostname,
+--
+GitLab
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 239099d568..8007de0613 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -50,6 +50,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2024-34397_17.patch \
file://CVE-2024-34397_18.patch \
file://0001-gvariant-serialiser-Convert-endianness-of-offsets.patch \
+ file://CVE-2024-52533.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 05/19] ffmpeg: fix CVE-2024-32230
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 04/19] glib-2.0: Backport fix for CVE-2024-52533 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 06/19] ffmpeg: fix CVE-2023-51793 Steve Sakoman
` (13 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param
bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2024-32230.patch | 35 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
new file mode 100644
index 0000000000..0617b9b123
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
@@ -0,0 +1,35 @@
+From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 8 Apr 2024 18:38:42 +0200
+Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images
+
+Fixes: Ticket10952
+Fixes: poc21ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-32230
+
+Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/mpegvideo_enc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
+index 128d1a3..3bd84cd 100644
+--- a/libavcodec/mpegvideo_enc.c
++++ b/libavcodec/mpegvideo_enc.c
+@@ -1130,8 +1130,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg)
+ int dst_stride = i ? s->uvlinesize : s->linesize;
+ int h_shift = i ? h_chroma_shift : 0;
+ int v_shift = i ? v_chroma_shift : 0;
+- int w = s->width >> h_shift;
+- int h = s->height >> v_shift;
++ int w = AV_CEIL_RSHIFT(s->width , h_shift);
++ int h = AV_CEIL_RSHIFT(s->height, v_shift);
+ uint8_t *src = pic_arg->data[i];
+ uint8_t *dst = pic->f->data[i];
+ int vpad = 16;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 1295d5cdf1..40963d1254 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
file://CVE-2022-48434.patch \
+ file://CVE-2024-32230.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 06/19] ffmpeg: fix CVE-2023-51793
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 05/19] ffmpeg: fix CVE-2024-32230 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 07/19] ffmpeg: fix CVE-2023-50008 Steve Sakoman
` (12 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local
attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-51793.patch | 67 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
new file mode 100644
index 0000000000..71eeb92422
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
@@ -0,0 +1,67 @@
+From 0ecc1f0e48930723d7a467761b66850811c23e62 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Fri, 22 Dec 2023 12:31:35 +0100
+Subject: [PATCH 2/5] avfilter/vf_weave: Fix odd height handling
+
+Fixes: out of array access
+Fixes: tickets/10743/poc10ffmpeg
+
+Found-by: Zeng Yunxiang and Li Zeyuan
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51793
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_weave.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libavfilter/vf_weave.c b/libavfilter/vf_weave.c
+index 2bd3994..de9f79c 100644
+--- a/libavfilter/vf_weave.c
++++ b/libavfilter/vf_weave.c
+@@ -30,6 +30,7 @@ typedef struct WeaveContext {
+ int double_weave;
+ int nb_planes;
+ int planeheight[4];
++ int outheight[4];
+ int linesize[4];
+
+ AVFrame *prev;
+@@ -79,6 +80,9 @@ static int config_props_output(AVFilterLink *outlink)
+ s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
+ s->planeheight[0] = s->planeheight[3] = inlink->h;
+
++ s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
++ s->outheight[0] = s->outheight[3] = 2*inlink->h;
++
+ s->nb_planes = av_pix_fmt_count_planes(inlink->format);
+
+ return 0;
+@@ -104,19 +108,20 @@ static int weave_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
+ const int height = s->planeheight[i];
+ const int start = (height * jobnr) / nb_jobs;
+ const int end = (height * (jobnr+1)) / nb_jobs;
++ const int compensation = 2*end > s->outheight[i];
+
+ av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
+ out->linesize[i] * start * 2,
+ out->linesize[i] * 2,
+ in->data[i] + start * in->linesize[i],
+ in->linesize[i],
+- s->linesize[i], end - start);
++ s->linesize[i], end - start - compensation * field1);
+ av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
+ out->linesize[i] * start * 2,
+ out->linesize[i] * 2,
+ s->prev->data[i] + start * s->prev->linesize[i],
+ s->prev->linesize[i],
+- s->linesize[i], end - start);
++ s->linesize[i], end - start - compensation * field2);
+ }
+
+ return 0;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 40963d1254..9a99951f91 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
file://CVE-2022-48434.patch \
file://CVE-2024-32230.patch \
+ file://CVE-2023-51793.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 07/19] ffmpeg: fix CVE-2023-50008
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 06/19] ffmpeg: fix CVE-2023-51793 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 08/19] ffmpeg: fix CVE-2024-31582 Steve Sakoman
` (11 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-50008.patch | 29 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
new file mode 100644
index 0000000000..aff234dabd
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
@@ -0,0 +1,29 @@
+From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 12:08:20 +0100
+Subject: [PATCH 3/5] avfilter/vf_colorcorrect: fix memory leaks
+
+CVE: CVE-2023-50008
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_colorcorrect.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c
+index ee97b62..ac2de2a 100644
+--- a/libavfilter/vf_colorcorrect.c
++++ b/libavfilter/vf_colorcorrect.c
+@@ -498,6 +498,8 @@ static av_cold void uninit(AVFilterContext *ctx)
+ ColorCorrectContext *s = ctx->priv;
+
+ av_freep(&s->analyzeret);
++ av_freep(&s->uhistogram);
++ av_freep(&s->vhistogram);
+ }
+
+ static const AVFilterPad colorcorrect_inputs[] = {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 9a99951f91..ee7485a445 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2022-48434.patch \
file://CVE-2024-32230.patch \
file://CVE-2023-51793.patch \
+ file://CVE-2023-50008.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 08/19] ffmpeg: fix CVE-2024-31582
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 07/19] ffmpeg: fix CVE-2023-50008 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 09/19] ffmpeg: fix CVE-2024-31578 Steve Sakoman
` (10 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability
in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability
allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2024-31582.patch | 34 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
new file mode 100644
index 0000000000..99b46dc4ea
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
@@ -0,0 +1,34 @@
+From 99debe5f823f45a482e1dc08de35879aa9c74bd2 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Fri, 29 Dec 2023 05:56:43 +0800
+Subject: [PATCH 4/5] avfilter/vf_codecview: fix heap buffer overflow
+
+And improve the performance by a little bit.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31582
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_codecview.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c
+index aac038e..816d633 100644
+--- a/libavfilter/vf_codecview.c
++++ b/libavfilter/vf_codecview.c
+@@ -215,9 +215,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, int
+ buf[sx + w - 1] = color;
+ buf += stride;
+ }
+-
+- for (int x = sx; x < sx + w; x++)
+- buf[x] = color;
+ }
+
+ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index ee7485a445..4a743c6dd7 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2024-32230.patch \
file://CVE-2023-51793.patch \
file://CVE-2023-50008.patch \
+ file://CVE-2024-31582.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 09/19] ffmpeg: fix CVE-2024-31578
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 08/19] ffmpeg: fix CVE-2024-31582 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 10/19] ffmpeg: fix CVE-2023-51794 Steve Sakoman
` (9 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via
the av_hwframe_ctx_init function.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2024-31578.patch | 49 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
new file mode 100644
index 0000000000..e67f4777f7
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
@@ -0,0 +1,49 @@
+From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Tue, 20 Feb 2024 20:08:55 +0800
+Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant
+
+Fix heap use after free when vulkan_frames_init failed.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31578
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavutil/hwcontext.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
+index 31c7840..2a4d9ed 100644
+--- a/libavutil/hwcontext.c
++++ b/libavutil/hwcontext.c
+@@ -362,7 +362,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+ if (ctx->internal->hw_type->frames_init) {
+ ret = ctx->internal->hw_type->frames_init(ctx);
+ if (ret < 0)
+- goto fail;
++ return ret;
+ }
+
+ if (ctx->internal->pool_internal && !ctx->pool)
+@@ -372,14 +372,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+ if (ctx->initial_pool_size > 0) {
+ ret = hwframe_pool_prealloc(ref);
+ if (ret < 0)
+- goto fail;
++ return ret;
+ }
+
+ return 0;
+-fail:
+- if (ctx->internal->hw_type->frames_uninit)
+- ctx->internal->hw_type->frames_uninit(ctx);
+- return ret;
+ }
+
+ int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 4a743c6dd7..ae02310af8 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -33,6 +33,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-51793.patch \
file://CVE-2023-50008.patch \
file://CVE-2024-31582.patch \
+ file://CVE-2024-31578.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 10/19] ffmpeg: fix CVE-2023-51794
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 09/19] ffmpeg: fix CVE-2024-31578 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 11/19] wireless-regdb: upgrade 2024.07.04 -> 2024.10.07 Steve Sakoman
` (8 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a
local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-51794.patch | 35 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
new file mode 100644
index 0000000000..a33ae5ffe9
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
@@ -0,0 +1,35 @@
+From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 23 Dec 2023 04:03:01 +0100
+Subject: [PATCH] avfilter/af_stereowiden: Check length
+
+Fixes: out of array access
+Fixes: tickets/10746/poc13ffmpeg
+
+Found-by: Zeng Yunxiang
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51794
+
+Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_stereowiden.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c
+index 7cce1a8..f1a5b10 100644
+--- a/libavfilter/af_stereowiden.c
++++ b/libavfilter/af_stereowiden.c
+@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink)
+
+ s->length = s->delay * inlink->sample_rate / 1000;
+ s->length *= 2;
++ if (s->length == 0)
++ return AVERROR(EINVAL);
+ s->buffer = av_calloc(s->length, sizeof(*s->buffer));
+ if (!s->buffer)
+ return AVERROR(ENOMEM);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index ae02310af8..80a4e5b96f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -34,6 +34,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-50008.patch \
file://CVE-2024-31582.patch \
file://CVE-2024-31578.patch \
+ file://CVE-2023-51794.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 11/19] wireless-regdb: upgrade 2024.07.04 -> 2024.10.07
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 10/19] ffmpeg: fix CVE-2023-51794 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 12/19] scripts/install-buildtools: Update to 4.0.22 Steve Sakoman
` (7 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f124bb09a798d94eca5e93387bc361b147ce53f9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} (94%)
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
index daf5e6dfcd..0e4100fba7 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "9832a14e1be24abff7be30dee3c9a1afb5fdfcf475a0d91aafef039f8d85f5eb"
+SRC_URI[sha256sum] = "f76f2bd79a653e9f9dd50548d99d03a4a4eb157da056dfd5892f403ec28fb3d5"
inherit bin_package allarch
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 12/19] scripts/install-buildtools: Update to 4.0.22
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 11/19] wireless-regdb: upgrade 2024.07.04 -> 2024.10.07 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 13/19] webkitgtk: Fix build on 32bit arm Steve Sakoman
` (6 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Update to the 4.0.22 release of the 4.0 series for buildtools.
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 9054eb5f36..616330dfdc 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-4.0.21'
-DEFAULT_INSTALLER_VERSION = '4.0.21'
+DEFAULT_RELEASE = 'yocto-4.0.22'
+DEFAULT_INSTALLER_VERSION = '4.0.22'
DEFAULT_BUILDDATE = '202110XX'
# Python version sanity check
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 13/19] webkitgtk: Fix build on 32bit arm
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 12/19] scripts/install-buildtools: Update to 4.0.22 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 14/19] webkitgtk: fix perl-native dependency Steve Sakoman
` (5 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 9294ccb9530ce70b2513b2e112644ec5e9f8e701)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...44e17d258106617b0e6d783d073b188a2548.patch | 296 ++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 297 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
new file mode 100644
index 0000000000..32f92f7ff5
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -0,0 +1,296 @@
+From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro <aperez@igalia.com>
+Date: Thu, 2 Jun 2022 11:19:06 +0300
+Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
+ path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+
+Reviewed by NOBODY (OOPS!).
+
+Move the NEON fast path for the SVG lighting filter effects into
+FELightingSoftwareApplier, and arrange to actually use them by
+forwarding calls to applyPlatformGeneric() into applyPlatformNeon().
+
+Some changes were needed to adapt platformApplyNeon() to the current
+state of filters after r286140. This was not detected because the code
+bitrotted due to it being guarded with CPU(ARM_TRADITIONAL), which does
+not get used much these days: CPU(ARM_THUMB2) is more common. It should
+be possible to use the NEON fast paths also in Thumb mode, but that is
+left for a follow-up fix.
+
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp:
+(WebCore::FELightingSoftwareApplier::platformApplyNeonWorker):
+(WebCore::FELightingSoftwareApplier::getPowerCoefficients):
+(WebCore::FELighting::platformApplyNeonWorker): Deleted.
+(WebCore::FELighting::getPowerCoefficients): Deleted.
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h:
+(WebCore::FELightingSoftwareApplier::applyPlatformNeon):
+(WebCore::FELighting::platformApplyNeon): Deleted.
+* Source/WebCore/platform/graphics/filters/DistantLightSource.h:
+* Source/WebCore/platform/graphics/filters/FELighting.h:
+* Source/WebCore/platform/graphics/filters/PointLightSource.h:
+* Source/WebCore/platform/graphics/filters/SpotLightSource.h:
+* Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
+---
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ .../cpu/arm/filters/FELightingNEON.cpp | 4 +-
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +++++++++----------
+ .../graphics/filters/DistantLightSource.h | 4 ++
+ .../platform/graphics/filters/FELighting.h | 7 ---
+ .../graphics/filters/PointLightSource.h | 4 ++
+ .../graphics/filters/SpotLightSource.h | 4 ++
+ .../software/FELightingSoftwareApplier.h | 16 ++++++
+ 7 files changed, 57 insertions(+), 36 deletions(-)
+
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
++++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+@@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
+ return s_FELightingConstantsForNeon;
+ }
+
+-void FELighting::platformApplyNeonWorker(FELightingPaintingDataForNeon* parameters)
++void FELightingSoftwareApplier::platformApplyNeonWorker(FELightingPaintingDataForNeon* parameters)
+ {
+ neonDrawLighting(parameters);
+ }
+@@ -464,7 +464,7 @@ TOSTRING(neonDrawLighting) ":" NL
+ "b .lightStrengthCalculated" NL
+ ); // NOLINT
+
+-int FELighting::getPowerCoefficients(float exponent)
++int FELightingSoftwareApplier::getPowerCoefficients(float exponent)
+ {
+ // Calling a powf function from the assembly code would require to save
+ // and reload a lot of NEON registers. Since the base is in range [0..1]
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
++++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+@@ -24,14 +24,15 @@
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+-#ifndef FELightingNEON_h
+-#define FELightingNEON_h
++#pragma once
+
+ #if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+
+-#include "FELighting.h"
++#include "FELightingSoftwareApplier.h"
++#include "ImageBuffer.h"
+ #include "PointLightSource.h"
+ #include "SpotLightSource.h"
++#include <wtf/ObjectIdentifier.h>
+ #include <wtf/ParallelJobs.h>
+
+ namespace WebCore {
+@@ -93,14 +94,14 @@ extern "C" {
+ void neonDrawLighting(FELightingPaintingDataForNeon*);
+ }
+
+-inline void FELighting::platformApplyNeon(const LightingData& data, const LightSource::PaintingData& paintingData)
++inline void FELightingSoftwareApplier::applyPlatformNeon(const FELightingSoftwareApplier::LightingData& data, const LightSource::PaintingData& paintingData)
+ {
+- alignas(16) FELightingFloatArgumentsForNeon floatArguments;
+- FELightingPaintingDataForNeon neonData = {
++ WebCore::FELightingFloatArgumentsForNeon alignas(16) floatArguments;
++ WebCore::FELightingPaintingDataForNeon neonData = {
+ data.pixels->data(),
+ 1,
+- data.widthDecreasedByOne - 1,
+- data.heightDecreasedByOne - 1,
++ data.width - 2,
++ data.height - 2,
+ 0,
+ 0,
+ 0,
+@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeo
+ // Set light source arguments.
+ floatArguments.constOne = 1;
+
+- auto color = m_lightingColor.toColorTypeLossy<SRGBA<uint8_t>>().resolved();
++ auto color = data.lightingColor.toColorTypeLossy<SRGBA<uint8_t>>().resolved();
+
+ floatArguments.colorRed = color.red;
+ floatArguments.colorGreen = color.green;
+ floatArguments.colorBlue = color.blue;
+ floatArguments.padding4 = 0;
+
+- if (m_lightSource->type() == LS_POINT) {
++ if (data.lightSource->type() == LS_POINT) {
+ neonData.flags |= FLAG_POINT_LIGHT;
+- PointLightSource& pointLightSource = static_cast<PointLightSource&>(m_lightSource.get());
++ const auto& pointLightSource = *static_cast<const PointLightSource*>(data.lightSource);
+ floatArguments.lightX = pointLightSource.position().x();
+ floatArguments.lightY = pointLightSource.position().y();
+ floatArguments.lightZ = pointLightSource.position().z();
+ floatArguments.padding2 = 0;
+- } else if (m_lightSource->type() == LS_SPOT) {
++ } else if (data.lightSource->type() == LS_SPOT) {
+ neonData.flags |= FLAG_SPOT_LIGHT;
+- SpotLightSource& spotLightSource = static_cast<SpotLightSource&>(m_lightSource.get());
++ const auto& spotLightSource = *static_cast<const SpotLightSource*>(data.lightSource);
+ floatArguments.lightX = spotLightSource.position().x();
+ floatArguments.lightY = spotLightSource.position().y();
+ floatArguments.lightZ = spotLightSource.position().z();
+@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeo
+ if (spotLightSource.specularExponent() == 1)
+ neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
+ } else {
+- ASSERT(m_lightSource->type() == LS_DISTANT);
++ ASSERT(data.lightSource->type() == LS_DISTANT);
+ floatArguments.lightX = paintingData.initialLightingData.lightVector.x();
+ floatArguments.lightY = paintingData.initialLightingData.lightVector.y();
+ floatArguments.lightZ = paintingData.initialLightingData.lightVector.z();
+@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeo
+ // Set lighting arguments.
+ floatArguments.surfaceScale = data.surfaceScale;
+ floatArguments.minusSurfaceScaleDividedByFour = -data.surfaceScale / 4;
+- if (m_lightingType == FELighting::DiffuseLighting)
+- floatArguments.diffuseConstant = m_diffuseConstant;
++ if (data.filterType == FilterEffect::Type::FEDiffuseLighting)
++ floatArguments.diffuseConstant = data.diffuseConstant;
+ else {
+ neonData.flags |= FLAG_SPECULAR_LIGHT;
+- floatArguments.diffuseConstant = m_specularConstant;
+- neonData.specularExponent = getPowerCoefficients(m_specularExponent);
+- if (m_specularExponent == 1)
++ floatArguments.diffuseConstant = data.specularConstant;
++ neonData.specularExponent = getPowerCoefficients(data.specularExponent);
++ if (data.specularExponent == 1)
+ neonData.flags |= FLAG_SPECULAR_EXPONENT_IS_1;
+ }
+ if (floatArguments.diffuseConstant == 1)
+ neonData.flags |= FLAG_DIFFUSE_CONST_IS_1;
+
+- int optimalThreadNumber = ((data.widthDecreasedByOne - 1) * (data.heightDecreasedByOne - 1)) / s_minimalRectDimension;
++ static constexpr int minimalRectDimension = 100 * 100; // Empirical data limit for parallel jobs
++ int optimalThreadNumber = ((data.width - 2) * (data.height - 2)) / minimalRectDimension;
+ if (optimalThreadNumber > 1) {
+ // Initialize parallel jobs
+- ParallelJobs<FELightingPaintingDataForNeon> parallelJobs(&WebCore::FELighting::platformApplyNeonWorker, optimalThreadNumber);
++ ParallelJobs<FELightingPaintingDataForNeon> parallelJobs(&FELightingSoftwareApplier::platformApplyNeonWorker, optimalThreadNumber);
+
+ // Fill the parameter array
+ int job = parallelJobs.numberOfJobs();
+ if (job > 1) {
+ int yStart = 1;
+- int yStep = (data.heightDecreasedByOne - 1) / job;
++ int yStep = (data.height - 2) / job;
+ for (--job; job >= 0; --job) {
+ FELightingPaintingDataForNeon& params = parallelJobs.parameter(job);
+ params = neonData;
+ params.yStart = yStart;
+- params.pixels += (yStart - 1) * (data.widthDecreasedByOne + 1) * 4;
++ params.pixels += (yStart - 1) * data.width * 4;
+ if (job > 0) {
+ params.absoluteHeight = yStep;
+ yStart += yStep;
+ } else
+- params.absoluteHeight = data.heightDecreasedByOne - yStart;
++ params.absoluteHeight = (data.height - 1) - yStart;
+ }
+ parallelJobs.execute();
+ return;
+@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeo
+ } // namespace WebCore
+
+ #endif // CPU(ARM_NEON) && COMPILER(GCC_COMPATIBLE)
+-
+-#endif // FELightingNEON_h
+--- a/Source/WebCore/platform/graphics/filters/DistantLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
+@@ -25,6 +25,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+
+ class DistantLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/FELighting.h
++++ b/Source/WebCore/platform/graphics/filters/FELighting.h
+@@ -35,8 +35,6 @@
+
+ namespace WebCore {
+
+-struct FELightingPaintingDataForNeon;
+-
+ class FELighting : public FilterEffect {
+ public:
+ const Color& lightingColor() const { return m_lightingColor; }
+@@ -67,11 +65,6 @@ protected:
+
+ std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
+
+-#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+- static int getPowerCoefficients(float exponent);
+- inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
+-#endif
+-
+ Color m_lightingColor;
+ float m_surfaceScale;
+ float m_diffuseConstant;
+--- a/Source/WebCore/platform/graphics/filters/PointLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/PointLightSource.h
+@@ -26,6 +26,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+
+ class PointLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/SpotLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
+@@ -26,6 +26,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+
+ class SpotLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
++++ b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
+@@ -36,6 +36,7 @@
+ namespace WebCore {
+
+ class FELighting;
++struct FELightingPaintingDataForNeon;
+
+ class FELightingSoftwareApplier final : public FilterEffectConcreteApplier<FELighting> {
+ WTF_MAKE_FAST_ALLOCATED;
+@@ -132,8 +133,23 @@ private:
+
+ static void applyPlatformGenericPaint(const LightingData&, const LightSource::PaintingData&, int startY, int endY);
+ static void applyPlatformGenericWorker(ApplyParameters*);
++
++#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
++ static int getPowerCoefficients(float exponent);
++ static void platformApplyNeonWorker(FELightingPaintingDataForNeon*);
++ inline static void applyPlatformNeon(const LightingData&, const LightSource::PaintingData&);
++
++ inline static void applyPlatformGeneric(const LightingData& data, const LightSource::PaintingData& paintingData)
++ {
++ applyPlatformNeon(data, paintingData);
++ }
++#else
+ static void applyPlatformGeneric(const LightingData&, const LightSource::PaintingData&);
++#endif
++
+ static void applyPlatform(const LightingData&);
+ };
+
+ } // namespace WebCore
++
++#include "FELightingNEON.h"
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index a2d455ab92..16acb205b1 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
file://CVE-2022-48503.patch \
file://CVE-2023-32439.patch \
file://CVE-2024-40779.patch \
+ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \
"
SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 14/19] webkitgtk: fix perl-native dependency
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 13/19] webkitgtk: Fix build on 32bit arm Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 15/19] lttng-modules: fix build error after kernel update to 5.15.171 Steve Sakoman
` (4 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Currently, perl-native is missing from DEPENDS for webkitgtk even though
perlnative bbclass is inherited. This happens because the DEPENDS variable is
reassigned right after perlnative class is inherited:
inherit perlnative (DEPENDS += "perl-native")
...
DEPENDS = " \
..."
Adjust the DEPENDS line to use += in order to fix this.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: a207c8f42f809340e0794cd326cb5c45e32d7d56)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 16acb205b1..a62d99b227 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -36,7 +36,7 @@ REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', '
CVE_PRODUCT = "webkitgtk webkitgtk\+"
-DEPENDS = " \
+DEPENDS += " \
ruby-native \
gperf-native \
cairo \
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 15/19] lttng-modules: fix build error after kernel update to 5.15.171
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (13 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 14/19] webkitgtk: fix perl-native dependency Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 16/19] webkitgtk: reduce size of -dbg package Steve Sakoman
` (3 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Liyin Zhang <liyin.zhang.cn@windriver.com>
This patch fixes the following build error after kernel rebase.
lttng-modules-2.13.14/src/probes/../../include/lttng/define_trace.h:87,
lttng-modules-2.13.14/src/probes/../../include/instrumentation/events/kmem.h:576,
lttng-modules-2.13.14/src/probes/lttng-probe-kmem.c:35:
../../include/lttng/tracepoint-event-impl.h:133:6: error: conflicting types for 'trace_mm_page_alloc_zone_locked'; have 'void(struct page *, unsigned int, int)'
133 | void trace_##_name(_proto);
| ^~~~~~
../../include/instrumentation/events/kmem.h:444:1: note: in expansion of macro 'LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP'
444 | LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel-source/include/trace/events/kmem.h:9,
from lttng-modules-2.13.14/src/probes/lttng-probe-kmem.c:24:
kernel-source/include/linux/tracepoint.h:244:28: note: previous definition of 'trace_mm_page_alloc_zone_locked' with type 'void(struct page *, unsigned int, int, int)'
244 | static inline void trace_##name(proto) \
| ^~~~~~
kernel-source/include/linux/tracepoint.h:416:9: note: in expansion of macro '__DECLARE_TRACE'
416 | __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
| ^~~~~~~~~~~~~~~
kernel-source/include/linux/tracepoint.h:539:9: note: in expansion of macro 'DECLARE_TRACE'
539 | DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
| ^~~~~~~~~~~~~
kernel-source/include/trace/events/kmem.h:259:1: note: in expansion of macro 'DEFINE_EVENT'
259 | DEFINE_EVENT(mm_page, mm_page_alloc_zone_locked,
| ^~~~~~~~~~~~
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...c-fix-tracepoint-mm_page_alloc_zone_.patch | 61 +++++++++++++++++++
.../lttng/lttng-modules_2.13.14.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
new file mode 100644
index 0000000000..abcc519e81
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
@@ -0,0 +1,61 @@
+From 6479c4ae43e7a2096b97c800ece57defd0ba62b7 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Tue, 12 Nov 2024 11:19:23 -0500
+Subject: [PATCH] fix: mm/page_alloc: fix tracepoint
+ mm_page_alloc_zone_locked() (v5.15.171)
+
+See upstream backported commit:
+
+ commit 28e7a507196fefd119e7ca2286840f1a9aad5e8a
+ Author: Wonhyuk Yang <vvghjk1234@gmail.com>
+ Date: Thu May 19 14:08:54 2022 -0700
+
+ mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
+
+ [ Upstream commit 10e0f7530205799e7e971aba699a7cb3a47456de ]
+
+ Currently, trace point mm_page_alloc_zone_locked() doesn't show correct
+ information.
+
+ First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated
+ from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use
+ requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA.
+
+ Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages
+ to be stored on the per-cpu lists") percpu-list can store high order
+ pages. But trace point determine whether it is a refiil of percpu-list by
+ comparing requested order and 0.
+
+ To handle these problems, make mm_page_alloc_zone_locked() only be called
+ by __rmqueue_smallest with correct migration type. With a new argument
+ called percpu_refill, it can show roughly whether it is a refill of
+ percpu-list.
+
+ Link: https://lkml.kernel.org/r/20220512025307.57924-1-vvghjk1234@gmail.com
+
+Change-Id: Ib76feb79d95e9f93c84c3aa1b946e57ac2e2666a
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+Upstream-Status: Backport [https://git.lttng.org/?p=lttng-modules.git;a=commit;h=6479c4ae43e7a2096b97c800ece57defd0ba62b7]
+
+Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
+---
+ include/instrumentation/events/kmem.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h
+index 9a0f0bbf..96a5d9c2 100644
+--- a/include/instrumentation/events/kmem.h
++++ b/include/instrumentation/events/kmem.h
+@@ -381,6 +381,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc,
+ )
+
+ #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0) || \
++ LTTNG_KERNEL_RANGE(5,15,171, 5,16,0) || \
+ LTTNG_RHEL_KERNEL_RANGE(5,14,0,163,0,0, 5,15,0,0,0,0))
+
+ LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
+--
+2.25.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
index a3e29ab7b7..e8af0eca44 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
@@ -11,6 +11,7 @@ include lttng-platforms.inc
SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0009-Rename-genhd-wrapper-to-blkdev.patch \
+ file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \
"
# Use :append here so that the patch is applied also when using devupstream
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 16/19] webkitgtk: reduce size of -dbg package
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (14 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 15/19] lttng-modules: fix build error after kernel update to 5.15.171 Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 17/19] llvm: " Steve Sakoman
` (2 subsequent siblings)
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols (4.3GB to 700M at time of writing):
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster. On my machine:
PKG TASK ABSDIFF RELDIFF WALLTIME1 -> WALLTIME2
webkitgtk do_compile -613.8s -21.7% 2823.3s -> 2209.5s
webkitgtk do_package -143.4s -53.6% 267.7s -> 124.3s
webkitgtk do_install -93.7s -60.1% 156.0s -> 62.3s
webkitgtk do_populate_sysroot -51.6s -86.4% 59.7s -> 8.1s
Cumulative walltime:
-892.9s -26.5% 56:06.3 (3366.3s) -> 41:13.4 (2473.4s)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8361411ea0d67a2620680e2e86045799e072c80a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index a62d99b227..4849ee50ff 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -100,6 +100,10 @@ EXTRA_OECMAKE = " \
-DENABLE_GAMEPAD=OFF \
"
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the
+# debug symbols (4.3GB to 700M at time of writing)
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
+
# Javascript JIT is not supported on ARC
EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF "
# By default 25-bit "medium" calls are used on ARC
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 17/19] llvm: reduce size of -dbg package
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (15 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 16/19] webkitgtk: reduce size of -dbg package Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 18/19] toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 19/19] udev-extraconf: fix network.sh script did not configure hotplugged interfaces Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/llvm/llvm_git.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index 6c2e8a5570..8dcd124c71 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -94,6 +94,8 @@ EXTRA_OECMAKE:append:class-nativesdk = "\
-DLLVM_TABLEGEN=${STAGING_BINDIR_NATIVE}/llvm-tblgen${PV} \
-DLLVM_CONFIG_PATH=${STAGING_BINDIR_NATIVE}/llvm-config${PV} \
"
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the debug symbols
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
do_configure:prepend() {
# Fix paths in llvm-config
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 18/19] toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (16 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 17/19] llvm: " Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
2024-11-22 21:26 ` [OE-core][kirkstone 19/19] udev-extraconf: fix network.sh script did not configure hotplugged interfaces Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
When LD_LIBRARY_PATH is set, post-relocate-setup.sh will fail and
exit properly. But such failure is ignored and the SDK installation
will continue and tell user that things succeed. This is misleading.
So exit immediately if post-relocate-setup.sh fails.
Fixes [Yocto #15586]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8e2dcc1f71aa33cc6e56dfdebebbe7ef010c944)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 4 ++++
1 file changed, 4 insertions(+)
--git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index 4386b985bb..ec5e4aa922 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -284,6 +284,10 @@ post_relocate="$target_sdk_dir/post-relocate-setup.sh"
if [ -e "$post_relocate" ]; then
$SUDO_EXEC sed -e "s:@SDKPATH@:$target_sdk_dir:g" -i $post_relocate
$SUDO_EXEC /bin/sh $post_relocate "$target_sdk_dir" "@SDKPATH@"
+ if [ $? -ne 0 ]; then
+ echo "Executing $post_relocate failed"
+ exit 1
+ fi
$SUDO_EXEC rm -f $post_relocate
fi
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* [OE-core][kirkstone 19/19] udev-extraconf: fix network.sh script did not configure hotplugged interfaces
2024-11-22 21:26 [OE-core][kirkstone 00/19] Patch review Steve Sakoman
` (17 preceding siblings ...)
2024-11-22 21:26 ` [OE-core][kirkstone 18/19] toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails Steve Sakoman
@ 2024-11-22 21:26 ` Steve Sakoman
18 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-11-22 21:26 UTC (permalink / raw)
To: openembedded-core
From: Regis Dargent <regis.dargent@gmail.com>
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 32 -------------------
1 file changed, 32 deletions(-)
--git a/meta/recipes-core/udev/udev-extraconf/network.sh b/meta/recipes-core/udev/udev-extraconf/network.sh
index 3ee92714af..ace38808cd 100644
--- a/meta/recipes-core/udev/udev-extraconf/network.sh
+++ b/meta/recipes-core/udev/udev-extraconf/network.sh
@@ -6,38 +6,6 @@ echo "$INTERFACE" | grep -q wifi && exit 0
# udevd does clearenv(). Export shell PATH to children.
export PATH
-# Check if /etc/init.d/network has been run yet to see if we are
-# called by starting /etc/rcS.d/S03udev and not by hotplugging a device
-#
-# At this stage, network interfaces should not be brought up
-# automatically because:
-# a) /etc/init.d/network has not been run yet (security issue)
-# b) /var has not been populated yet so /etc/resolv,conf points to
-# oblivion, making the network unusable
-#
-
-spoofp="`grep ^spoofprotect /etc/network/options`"
-if test -z "$spoofp"
-then
- # This is the default from /etc/init.d/network
- spoofp_val=yes
-else
- spoofp_val=${spoofp#spoofprotect=}
-fi
-
-test "$spoofp_val" = yes && spoofp_val=1 || spoofp_val=0
-
-# I think it is safe to assume that "lo" will always be there ;)
-if test "`cat /proc/sys/net/ipv4/conf/lo/rp_filter`" != "$spoofp_val" -a -n "$spoofp_val"
-then
- echo "$INTERFACE" >> /dev/udev_network_queue
- exit 0
-fi
-
-#
-# Code taken from pcmcia-cs:/etc/pcmcia/network
-#
-
# if this interface has an entry in /etc/network/interfaces, let ifupdown
# handle it
if grep -q "iface \+$INTERFACE" /etc/network/interfaces; then
--
2.34.1
^ permalink raw reply related [flat|nested] 26+ messages in thread