* [OE-core][kirkstone 01/14] python3-pip: fix CVE-2023-5752
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT Steve Sakoman
` (12 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Jiaying Song <jiaying.song.cn@windriver.com>
When installing a package from a Mercurial VCS URL (ie "pip install
hg+...") with pip prior to v23.3, the specified Mercurial revision could
be used to inject arbitrary configuration options to the "hg clone" call
(ie "--config"). Controlling the Mercurial configuration can modify how
and which repository is installed. This vulnerability does not affect
users who aren't installing from Mercurial.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-5752
Upstream patches:
https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3-pip/CVE-2023-5752.patch | 34 +++++++++++++++++++
.../python/python3-pip_22.0.3.bb | 8 +++--
2 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch
diff --git a/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch b/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch
new file mode 100644
index 0000000000..ef66a59021
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch
@@ -0,0 +1,34 @@
+From b16dd80c50deaa4753045d93ed281d348509293f Mon Sep 17 00:00:00 2001
+From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
+Date: Sun, 1 Oct 2023 14:10:25 +0100
+Subject: [PATCH] Use `-r=...` instead of `-r ...` for hg
+
+This ensures that the resulting revision can not be misinterpreted as an
+option.
+
+Upstream-Status: Backport
+[https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4]
+
+CVE: CVE-2023-5752
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ src/pip/_internal/vcs/mercurial.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pip/_internal/vcs/mercurial.py b/src/pip/_internal/vcs/mercurial.py
+index 2a005e0..e440c12 100644
+--- a/src/pip/_internal/vcs/mercurial.py
++++ b/src/pip/_internal/vcs/mercurial.py
+@@ -31,7 +31,7 @@ class Mercurial(VersionControl):
+
+ @staticmethod
+ def get_base_rev_args(rev: str) -> List[str]:
+- return [rev]
++ return [f"-r={rev}"]
+
+ def fetch_new(
+ self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-pip_22.0.3.bb b/meta/recipes-devtools/python/python3-pip_22.0.3.bb
index 6e28b87ba3..28eab9c3de 100644
--- a/meta/recipes-devtools/python/python3-pip_22.0.3.bb
+++ b/meta/recipes-devtools/python/python3-pip_22.0.3.bb
@@ -34,9 +34,11 @@ LIC_FILES_CHKSUM = "\
inherit pypi python_setuptools_build_meta
-SRC_URI += "file://0001-change-shebang-to-python3.patch"
-SRC_URI += "file://no_shebang_mangling.patch"
-SRC_URI += "file://reproducible.patch"
+SRC_URI += "file://0001-change-shebang-to-python3.patch \
+ file://no_shebang_mangling.patch \
+ file://reproducible.patch \
+ file://CVE-2023-5752.patch \
+ "
SRC_URI[sha256sum] = "f29d589df8c8ab99c060e68ad294c4a9ed896624f6368c5349d70aa581b333d0"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 01/14] python3-pip: fix CVE-2023-5752 Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 03/14] coreutils: fix CVE-2024-0684 Steve Sakoman
` (11 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Instead, set product to yocto to filter them.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/builder/builder_0.1.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 39be3bd63f..719db90530 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,5 +29,5 @@ do_install () {
chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
}
-# -4178 is an unrelated 'builder'
-CVE_CHECK_IGNORE = "CVE-2008-4178"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 03/14] coreutils: fix CVE-2024-0684
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 01/14] python3-pip: fix CVE-2023-5752 Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 04/14] libsndfile: fix CVE-2024-50612 Steve Sakoman
` (10 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
Backport patch with tweaks for the current version to fix
CVE-2024-0684.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...0001-split-do-not-shrink-hold-buffer.patch | 42 +++++++++++++++++++
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
diff --git a/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
new file mode 100644
index 0000000000..3eab65dcf1
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
@@ -0,0 +1,42 @@
+From 80dca40bbb36b7b1630bb5a43d62b3ff21b4e064 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 25 Nov 2024 23:43:49 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it’s large for this batch it’s likely to be large for the next
+batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
+shrink it. Do not assume hold_size can be bufsize.
+
+CVE: CVE-2024-0684
+
+Upstream-Status: Backport [c4c5ed8f4e9cd55a12966d4f520e3a13101637d9]
+
+The original patch is tweaked to fit the current version.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/split.c b/src/split.c
+index 4b1b144..e44e867 100644
+--- a/src/split.c
++++ b/src/split.c
+@@ -785,10 +785,7 @@ line_bytes_split (uintmax_t n_bytes, char *buf, size_t bufsize)
+ {
+ cwrite (n_out == 0, hold, n_hold);
+ n_out += n_hold;
+- if (n_hold > bufsize)
+- hold = xrealloc (hold, bufsize);
+ n_hold = 0;
+- hold_size = bufsize;
+ }
+
+ /* Output to eol if present. */
+--
+2.25.1
+
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 8a2fbeca32..1cce9192ec 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://0001-local.mk-fix-cross-compiling-problem.patch \
file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
file://run-ptest \
+ file://0001-split-do-not-shrink-hold-buffer.patch \
"
SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 04/14] libsndfile: fix CVE-2024-50612
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-11-27 18:49 ` [OE-core][kirkstone 03/14] coreutils: fix CVE-2024-0684 Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 05/14] ffmpeg: fix CVE-2023-51798 Steve Sakoman
` (9 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsndfile1/CVE-2024-50612.patch | 402 ++++++++++++++++++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
2 files changed, 403 insertions(+)
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
new file mode 100644
index 0000000000..9e4b5f8ce0
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
@@ -0,0 +1,402 @@
+From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001
+From: Arthur Taylor <art@ified.ca>
+Date: Fri, 15 Nov 2024 19:46:53 -0800
+Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
+
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba]
+CVE: CVE-2024-50612
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/ogg.c | 12 ++--
+ src/ogg_opus.c | 17 +++--
+ src/ogg_vorbis.c | 167 +++++++++++++++++++++++++++--------------------
+ 3 files changed, 114 insertions(+), 82 deletions(-)
+
+diff --git a/src/ogg.c b/src/ogg.c
+index 7a4a167..c6e76e3 100644
+--- a/src/ogg.c
++++ b/src/ogg.c
+@@ -209,12 +209,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
+
+ int
+ ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+-{ int bytes ;
++{ int n ;
+
+- bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+- bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
++ n = psf_fwrite (page->header, 1, page->header_len, psf) ;
++ if (n == page->header_len)
++ n += psf_fwrite (page->body, 1, page->body_len, psf) ;
+
+- return bytes == page->header_len + page->body_len ;
++ if (n != page->body_len + page->header_len)
++ return -1 ;
++
++ return n ;
+ } /* ogg_write_page */
+
+ sf_count_t
+diff --git a/src/ogg_opus.c b/src/ogg_opus.c
+index d937ada..5ad53ac 100644
+--- a/src/ogg_opus.c
++++ b/src/ogg_opus.c
+@@ -815,15 +815,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+
+ /* The first page MUST only contain the header, so flush it out now */
+ ogg_stream_packetin (&odata->ostream, &op) ;
+- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+- { if (! (nn = ogg_write_page (psf, &odata->opage)))
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ { nn = ogg_write_page (psf, &odata->opage) ;
++ if (nn < 0)
+ { psf_log_printf (psf, "Opus : Failed to write header!\n") ;
+ if (psf->error)
+ return psf->error ;
+ return SFE_INTERNAL ;
+ } ;
+ psf->dataoffset += nn ;
+- }
++ } ;
+
+ /*
+ ** Metadata Tags (manditory)
+@@ -838,15 +839,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
+ op.packetno = 2 ;
+ ogg_stream_packetin (&odata->ostream, &op) ;
+- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+- { if (! (nn = ogg_write_page (psf, &odata->opage)))
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ { nn = ogg_write_page (psf, &odata->opage) ;
++ if (nn < 0)
+ { psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
+ if (psf->error)
+ return psf->error ;
+ return SFE_INTERNAL ;
+ } ;
+ psf->dataoffset += nn ;
+- }
++ } ;
+
+ return 0 ;
+ } /* ogg_opus_write_header */
+@@ -1124,7 +1126,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
+ */
+ oopus->u.encode.last_segments -= odata->opage.header [26] ;
+ oopus->pg_pos = oopus->pkt_pos ;
+- ogg_write_page (psf, &odata->opage) ;
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+ }
+ else
+ break ;
+diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
+index 5f53651..fa5709f 100644
+--- a/src/ogg_vorbis.c
++++ b/src/ogg_vorbis.c
+@@ -78,26 +78,6 @@
+
+ #include "ogg.h"
+
+-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+-
+-static int vorbis_read_header (SF_PRIVATE *psf) ;
+-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+-static int vorbis_close (SF_PRIVATE *psf) ;
+-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+-static int vorbis_byterate (SF_PRIVATE *psf) ;
+-static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ;
+-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+-static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+-
+ typedef struct
+ { int id ;
+ const char *name ;
+@@ -143,6 +123,46 @@ typedef struct
+ sf_count_t last_page ;
+ } VORBIS_PRIVATE ;
+
++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
++
++static int vorbis_read_header (SF_PRIVATE *psf) ;
++static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
++static int vorbis_close (SF_PRIVATE *psf) ;
++static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
++static int vorbis_byterate (SF_PRIVATE *psf) ;
++static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ;
++static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
++static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
++static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
++static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
++static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
++static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
++static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
++static void vorbis_log_error (SF_PRIVATE *psf, int error) ;
++
++
++static void
++vorbis_log_error(SF_PRIVATE *psf, int error) {
++ switch (error)
++ { case 0: return;
++ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ;
++ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ;
++ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ;
++ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
++ case OV_EFAULT:
++ case OV_EINVAL:
++ default: psf->error = SFE_INTERNAL ;
++ } ;
++} ;
++
+ static int
+ vorbis_read_header (SF_PRIVATE *psf)
+ { OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+@@ -386,7 +406,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ { ogg_packet header ;
+ ogg_packet header_comm ;
+ ogg_packet header_code ;
+- int result ;
+
+ vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
+ ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
+@@ -396,9 +415,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ /* This ensures the actual
+ * audio data will start on a new page, as per spec
+ */
+- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
+- { ogg_write_page (psf, &odata->opage) ;
+- } ;
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+ }
+
+ return 0 ;
+@@ -408,6 +427,7 @@ static int
+ vorbis_close (SF_PRIVATE *psf)
+ { OGG_PRIVATE* odata = psf->container_data ;
+ VORBIS_PRIVATE *vdata = psf->codec_data ;
++ int ret = 0 ;
+
+ if (odata == NULL || vdata == NULL)
+ return 0 ;
+@@ -418,34 +438,14 @@ vorbis_close (SF_PRIVATE *psf)
+ if (psf->file.mode == SFM_WRITE)
+ {
+ if (psf->write_current <= 0)
+- vorbis_write_header (psf, 0) ;
+-
+- vorbis_analysis_wrote (&vdata->vdsp, 0) ;
+- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+- {
++ ret = vorbis_write_header (psf, 0) ;
+
+- /* analysis, assume we want to use bitrate management */
+- vorbis_analysis (&vdata->vblock, NULL) ;
+- vorbis_bitrate_addblock (&vdata->vblock) ;
+-
+- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+- { /* weld the packet into the bitstream */
+- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+-
+- /* write out pages (if any) */
+- while (!odata->eos)
+- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+- if (result == 0) break ;
+- ogg_write_page (psf, &odata->opage) ;
+-
+- /* this could be set above, but for illustrative purposes, I do
+- it here (to show that vorbis does know where the stream ends) */
+-
+- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
+- }
+- }
+- }
+- }
++ if (ret == 0)
++ { /* A write of zero samples tells Vorbis the stream is done and to
++ flush. */
++ ret = vorbis_write_samples (psf, odata, vdata, 0) ;
++ } ;
++ } ;
+
+ /* ogg_page and ogg_packet structs always point to storage in
+ libvorbis. They are never freed or manipulated directly */
+@@ -455,7 +455,7 @@ vorbis_close (SF_PRIVATE *psf)
+ vorbis_comment_clear (&vdata->vcomment) ;
+ vorbis_info_clear (&vdata->vinfo) ;
+
+- return 0 ;
++ return ret ;
+ } /* vorbis_close */
+
+ int
+@@ -686,33 +686,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
+ /*==============================================================================
+ */
+
+-static void
++static int
+ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
+-{
+- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
++{ int ret ;
++
++ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
++ return ret ;
+
+ /*
+ ** Vorbis does some data preanalysis, then divvies up blocks for
+ ** more involved (potentially parallel) processing. Get a single
+ ** block for encoding now.
+ */
+- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
++ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
+ {
+ /* analysis, assume we want to use bitrate management */
+- vorbis_analysis (&vdata->vblock, NULL) ;
+- vorbis_bitrate_addblock (&vdata->vblock) ;
++ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
++ return ret ;
++ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
++ return ret ;
+
+- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
++ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
+ {
+ /* weld the packet into the bitstream */
+- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
++ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
++ return ret ;
+
+ /* write out pages (if any) */
+ while (!odata->eos)
+- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+- if (result == 0)
++ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
++ if (ret == 0)
+ break ;
+- ogg_write_page (psf, &odata->opage) ;
++
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+
+ /* This could be set above, but for illustrative purposes, I do
+ ** it here (to show that vorbis does know where the stream ends) */
+@@ -720,16 +727,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata
+ odata->eos = 1 ;
+ } ;
+ } ;
++ if (ret != 0)
++ return ret ;
+ } ;
++ if (ret != 0)
++ return ret ;
+
+ vdata->loc += in_frames ;
++
++ return 0 ;
+ } /* vorbis_write_data */
+
+
+ static sf_count_t
+ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ {
+- int i, m, j = 0 ;
++ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -738,14 +751,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_s */
+
+ static sf_count_t
+ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -754,14 +770,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_i */
+
+ static sf_count_t
+ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -770,14 +789,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = ptr [j++] ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_f */
+
+ static sf_count_t
+ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -786,7 +808,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) ptr [j++] ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_d */
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
index 0c654fd853..20240635f7 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://github.com/libsndfile/libsndfile/releases/download/${PV}/libs
file://noopus.patch \
file://0001-flac-Fix-improper-buffer-reusing-732.patch \
file://CVE-2022-33065.patch \
+ file://CVE-2024-50612.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/libsndfile/libsndfile/releases/"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 05/14] ffmpeg: fix CVE-2023-51798
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-11-27 18:49 ` [OE-core][kirkstone 04/14] libsndfile: fix CVE-2024-50612 Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:49 ` [OE-core][kirkstone 06/14] ffmpeg: fix CVE-2023-47342 Steve Sakoman
` (8 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker
to execute arbitrary code via a floating point exception (FPE) error at
libavfilter/vf_minterpolate.c:1078:60 in interpolate.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-51798.patch | 45 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch
new file mode 100644
index 0000000000..6250486c05
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch
@@ -0,0 +1,45 @@
+From c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Dec 2023 02:51:32 +0100
+Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
+
+Fixes: FPE
+Fixes: tickets/10758/poc20ffmpeg
+
+Discovered by Zeng Yunxiang
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 68146f06f852078866b3ef1564556e3a272920c7)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51798
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_minterpolate.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
+index 97d0e96..9296e67 100644
+--- a/libavfilter/vf_minterpolate.c
++++ b/libavfilter/vf_minterpolate.c
+@@ -1078,8 +1078,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
+ pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
+ (int64_t) outlink->time_base.den * inlink->time_base.num);
+
+- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+- alpha = av_clip(alpha, 0, ALPHA_MAX);
++ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
++ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
++ alpha = av_clip(alpha, 0, ALPHA_MAX);
++ } else {
++ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
++ alpha = 0;
++ }
+
+ if (alpha == 0 || alpha == ALPHA_MAX) {
+ av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 80a4e5b96f..b8bd77972b 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -35,6 +35,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2024-31582.patch \
file://CVE-2024-31578.patch \
file://CVE-2023-51794.patch \
+ file://CVE-2023-51798.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 06/14] ffmpeg: fix CVE-2023-47342
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-11-27 18:49 ` [OE-core][kirkstone 05/14] ffmpeg: fix CVE-2023-51798 Steve Sakoman
@ 2024-11-27 18:49 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 07/14] ffmpeg: fix CVE-2023-50007 Steve Sakoman
` (7 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:49 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-47342.patch | 39 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch
new file mode 100644
index 0000000000..39842229c1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch
@@ -0,0 +1,39 @@
+From e4d5ac8d7d2a08658b3db7dd821246fe6b35381f Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 19 Oct 2023 22:07:36 +0200
+Subject: [PATCH] avformat/rtsp: Use rtsp_st->stream_index
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: out of array access
+Fixes: rtpdec_h264.c149/poc
+
+Found-by: Hardik Shah of Vehere
+Reviewed-by: Martin Storsjö <martin@martin.st>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-47342
+
+Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/e4d5ac8d7d2a08658b3db7dd821246fe6b35381f]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/rtsp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
+index 70c1894..d435bd0 100644
+--- a/libavformat/rtsp.c
++++ b/libavformat/rtsp.c
+@@ -406,7 +406,7 @@ static void parse_fmtp(AVFormatContext *s, RTSPState *rt,
+ if (rtsp_st->sdp_payload_type == payload_type &&
+ rtsp_st->dynamic_handler &&
+ rtsp_st->dynamic_handler->parse_sdp_a_line) {
+- rtsp_st->dynamic_handler->parse_sdp_a_line(s, i,
++ rtsp_st->dynamic_handler->parse_sdp_a_line(s, rtsp_st->stream_index,
+ rtsp_st->dynamic_protocol_context, line);
+ }
+ }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index b8bd77972b..d233ced662 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -36,6 +36,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2024-31578.patch \
file://CVE-2023-51794.patch \
file://CVE-2023-51798.patch \
+ file://CVE-2023-47342.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 07/14] ffmpeg: fix CVE-2023-50007
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-11-27 18:49 ` [OE-core][kirkstone 06/14] ffmpeg: fix CVE-2023-47342 Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 08/14] ffmpeg: fix CVE-2023-51796 Steve Sakoman
` (6 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via theav_samples_set_silence function in the
libavutil/samplefmt.c:260:9 component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 79 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
new file mode 100644
index 0000000000..fd4dc486ee
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
@@ -0,0 +1,78 @@
+From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 11:45:34 +0100
+Subject: [PATCH 2/4] avfilter/af_afwtdn: fix crash with EOF handling
+
+CVE: CVE-2023-50007
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_afwtdn.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c
+index 09b504d..1839190 100644
+--- a/libavfilter/af_afwtdn.c
++++ b/libavfilter/af_afwtdn.c
+@@ -410,6 +410,7 @@ typedef struct AudioFWTDNContext {
+
+ uint64_t sn;
+ int64_t eof_pts;
++ int eof;
+
+ int wavelet_type;
+ int channels;
+@@ -1071,7 +1072,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
+ s->drop_samples = 0;
+ } else {
+ if (s->padd_samples < 0 && eof) {
+- out->nb_samples += s->padd_samples;
++ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+ s->padd_samples = 0;
+ }
+ if (!eof)
+@@ -1210,23 +1211,26 @@ static int activate(AVFilterContext *ctx)
+
+ FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+
+- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+- if (ret < 0)
+- return ret;
+- if (ret > 0)
+- return filter_frame(inlink, in);
++ if (!s->eof) {
++ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
++ if (ret < 0)
++ return ret;
++ if (ret > 0)
++ return filter_frame(inlink, in);
++ }
+
+ if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+- if (status == AVERROR_EOF) {
+- while (s->padd_samples != 0) {
+- ret = filter_frame(inlink, NULL);
+- if (ret < 0)
+- return ret;
+- }
+- ff_outlink_set_status(outlink, status, pts);
+- return ret;
+- }
++ if (status == AVERROR_EOF)
++ s->eof = 1;
+ }
++
++ if (s->eof && s->padd_samples != 0) {
++ return filter_frame(inlink, NULL);
++ } else if (s->eof) {
++ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
++ return 0;
++ }
++
+ FF_FILTER_FORWARD_WANTED(outlink, inlink);
+
+ return FFERROR_NOT_READY;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index d233ced662..ee13081e4d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -37,6 +37,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-51794.patch \
file://CVE-2023-51798.patch \
file://CVE-2023-47342.patch \
+ file://CVE-2023-50007.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 08/14] ffmpeg: fix CVE-2023-51796
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 07/14] ffmpeg: fix CVE-2023-50007 Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055 Steve Sakoman
` (5 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local
attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26
in areverse_request_frame.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2023-51796.patch | 39 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch
new file mode 100644
index 0000000000..4ec0aa5aee
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch
@@ -0,0 +1,39 @@
+From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 23 Dec 2023 18:04:32 +0100
+Subject: [PATCH 3/4] avfilter/f_reverse: Apply PTS compensation only when pts
+ is available
+
+Fixes: out of array access
+Fixes: tickets/10753/poc16ffmpeg
+
+Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
+Found-by: Zeng Yunxiang
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51796
+
+Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/f_reverse.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libavfilter/f_reverse.c b/libavfilter/f_reverse.c
+index f7a7e71..7b919d6 100644
+--- a/libavfilter/f_reverse.c
++++ b/libavfilter/f_reverse.c
+@@ -251,7 +251,9 @@ static int areverse_request_frame(AVFilterLink *outlink)
+ if (ret == AVERROR_EOF && s->nb_frames > 0) {
+ AVFrame *out = s->frames[s->nb_frames - 1];
+ out->pts = s->pts[s->flush_idx++] - s->nb_samples;
+- s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
++ if (s->nb_frames > 1)
++ s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
++
+
+ if (av_sample_fmt_is_planar(out->format))
+ reverse_samples_planar(out);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index ee13081e4d..8e0fc090ac 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -38,6 +38,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-51798.patch \
file://CVE-2023-47342.patch \
file://CVE-2023-50007.patch \
+ file://CVE-2023-51796.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 08/14] ffmpeg: fix CVE-2023-51796 Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b Steve Sakoman
` (4 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical.
This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c.
The manipulation leads to heap-based buffer overflow. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade
the affected component. The associated identifier of this vulnerability is VDB-273651.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2024-7055.patch | 38 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
new file mode 100644
index 0000000000..0a573330a2
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
@@ -0,0 +1,38 @@
+From 5372bfe01e4a04357ab4465c1426cf8c6412dfd5 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH 4/4] avcodec/pnmdec: Use 64bit for input size check
+
+Fixes: out of array read
+Fixes: poc3
+
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-7055
+
+Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5372bfe01e4a04357ab4465c1426cf8c6412dfd5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
+index 01f9dad..1b3f20a 100644
+--- a/libavcodec/pnmdec.c
++++ b/libavcodec/pnmdec.c
+@@ -256,7 +256,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, void *data,
+ }
+ break;
+ case AV_PIX_FMT_GBRPF32:
+- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+ return AVERROR_INVALIDDATA;
+ scale = 1.f / s->scale;
+ if (s->endian) {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 8e0fc090ac..7b03b7cbc0 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -39,6 +39,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2023-47342.patch \
file://CVE-2023-50007.patch \
file://CVE-2023-51796.patch \
+ file://CVE-2024-7055.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055 Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 11/14] package_rpm: use zstd's default compression level Steve Sakoman
` (3 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glib-2.0/gdatetime-test-fail-0001.patch | 72 +++++++++++++++++++
.../glib-2.0/gdatetime-test-fail-0002.patch | 65 +++++++++++++++++
.../glib-2.0/gdatetime-test-fail-0003.patch | 63 ++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
5 files changed, 206 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
new file mode 100644
index 0000000000..1997f88f12
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
@@ -0,0 +1,72 @@
+From 39af934b11ec7bb8f943ba963919816266a3316e Mon Sep 17 00:00:00 2001
+From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
+Date: Fri, 11 Oct 2024 09:38:52 +0100
+Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly
+ -8/-7
+
+In newer tzdata, it is an alias for America/Los_Angeles, which has a
+slightly different meaning: DST did not exist there before 1883. As a
+result, we can no longer hard-code the knowledge that interval 0 is
+standard time and interval 1 is summer time, and instead we need to look
+up the correct intervals from known timestamps.
+
+Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502
+Bug-Debian: https://bugs.debian.org/1084190
+[smcv: expand commit message, fix whitespace]
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 141263b66..cfe00906d 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2625,6 +2625,7 @@ test_posix_parse (void)
+ {
+ GTimeZone *tz;
+ GDateTime *gdt1, *gdt2;
++ gint i1, i2;
+
+ /* Check that an unknown zone name falls back to UTC. */
+ G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,16 +2649,25 @@ test_posix_parse (void)
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+ * but passes anyway because PST8PDT is a zone name.
++ *
++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in
++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
++ * and hence be aware that DST has not always existed.
++ * https://bugs.debian.org/1084190
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
+ g_assert_nonnull (tz);
+ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST");
+- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600);
+- g_assert (!g_time_zone_is_dst (tz, 0));
+- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT");
+- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600);
+- g_assert (g_time_zone_is_dst (tz, 1));
++ /* a date in winter = non-DST */
++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
++ /* approximately 6 months in seconds, i.e. a date in summer = DST */
++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
++ g_assert (!g_time_zone_is_dst (tz, i1));
++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT");
++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
++ g_assert (g_time_zone_is_dst (tz, i2));
+ g_time_zone_unref (tz);
+
+ tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
new file mode 100644
index 0000000000..b3d11b5076
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
@@ -0,0 +1,65 @@
+From 27eb6eb01d5752c201dd2ec02f656463d12ebee0 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:03:19 +0100
+Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously
+ correct
+
+Instead of using timestamp 0 as a magic number (in this case interpreted
+as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent
+year/month/day in winter, in this case 2024-01-01T00:00:00-08:00.
+
+Similarly, instead of using a timestamp 15 million seconds later
+(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent
+year/month/day in summer, in this case 2024-07-01T00:00:00-07:00.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index cfe00906d..22aa5112a 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2649,19 +2649,16 @@ test_posix_parse (void)
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+ * but passes anyway because PST8PDT is a zone name.
+- *
+- * Intervals i1 and i2 (rather than 0 and 1) are needed because in
+- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
+- * and hence be aware that DST has not always existed.
+- * https://bugs.debian.org/1084190
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
+ g_assert_nonnull (tz);
+ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+ /* a date in winter = non-DST */
+- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
+- /* approximately 6 months in seconds, i.e. a date in summer = DST */
+- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
++ /* a date in summer = DST */
++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0);
++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2));
+ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
+ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
+ g_assert (!g_time_zone_is_dst (tz, i1));
+@@ -2669,6 +2666,8 @@ test_posix_parse (void)
+ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
+ g_assert (g_time_zone_is_dst (tz, i2));
+ g_time_zone_unref (tz);
++ g_date_time_unref (gdt1);
++ g_date_time_unref (gdt2);
+
+ tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+ #ifdef G_OS_WIN32
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
new file mode 100644
index 0000000000..b9afad15c5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
@@ -0,0 +1,63 @@
+From 9dd5e9f49620f13a3eaf2b862b7aa3c680953f01 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:23:42 +0100
+Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is
+ not available
+
+On recent versions of Debian, PST8PDT is part of the tzdata-legacy
+package, which is not always installed and might disappear in future.
+Successfully tested with and without tzdata-legacy on Debian unstable.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 22aa5112a..4e963b171 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2626,6 +2626,7 @@ test_posix_parse (void)
+ GTimeZone *tz;
+ GDateTime *gdt1, *gdt2;
+ gint i1, i2;
++ const char *expect_id;
+
+ /* Check that an unknown zone name falls back to UTC. */
+ G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,11 +2649,25 @@ test_posix_parse (void)
+ g_time_zone_unref (tz);
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+- * but passes anyway because PST8PDT is a zone name.
++ * but can pass anyway because PST8PDT is a legacy System V zone name.
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
++ expect_id = "PST8PDT";
++
++#ifndef G_OS_WIN32
++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and
++ * not always present in some OSs; fall back to the equivalent geographical
++ * name if the "backward" time zones are absent. */
++ if (tz == NULL)
++ {
++ g_test_message ("Legacy PST8PDT time zone not available, falling back");
++ tz = g_time_zone_new_identifier ("America/Los_Angeles");
++ expect_id = "America/Los_Angeles";
++ }
++#endif
++
+ g_assert_nonnull (tz);
+- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id);
+ /* a date in winter = non-DST */
+ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
+ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 8007de0613..b8c75eaa49 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -51,6 +51,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2024-34397_18.patch \
file://0001-gvariant-serialiser-Convert-endianness-of-offsets.patch \
file://CVE-2024-52533.patch \
+ file://gdatetime-test-fail-0001.patch \
+ file://gdatetime-test-fail-0002.patch \
+ file://gdatetime-test-fail-0003.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 4734adcc08..adf095280f 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2024a"
+PV = "2024b"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
@@ -16,5 +16,5 @@ S = "${WORKDIR}/tz"
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8"
-SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3"
+SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672"
+SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 11/14] package_rpm: use zstd's default compression level
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 12/14] package_rpm: restrict rpm to 4 threads Steve Sakoman
` (2 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
zstd uses 3 by default, while 19 is the highest and slowest.
It's not clear why 19 was picked to begin with, possibly
I copy-pasted it from rpm's examples without thinking:
https://git.yoctoproject.org/poky/commit/?h=master-next&id=4a4d5f78a6962dda5f63e9891825c80a8a87bf66
This brings significant speedups in rpm's compression step:
for example compressing webkitgtk takes 11s instead of 36s.
The rpm size increases from 175648k to 234860k. I think it's
a worthy default tradeoff.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/package_rpm.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index f403af5343..198a6d0afd 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -4,7 +4,7 @@ IMAGE_PKGTYPE ?= "rpm"
RPM="rpm"
RPMBUILD="rpmbuild"
-RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
+RPMBUILD_COMPMODE ?= "${@'w3T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 12/14] package_rpm: restrict rpm to 4 threads
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 11/14] package_rpm: use zstd's default compression level Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 13/14] ninja: fix build with python 3.13 Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 14/14] gstreamer1.0: improve test reliability Steve Sakoman
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex@linutronix.de>
TL;DR version:
with this, and the previous compression level changes
I am seeing drastic speedups in package_write_rpm completion times:
webkitgtk goes from 78 seconds to 37 seconds
glibc-locale goes from 399 seconds to 58 seconds (!)
The long version:
rpm uses multithreading for two purposes:
- spawning compressors (which are nowadays themselves
multi-threaded, so the feature is not as useful as it once
was)
- parallel file classification
While the former behaves well on massively parallel CPUs
(it was written and verified here :), the latter was then added
by upstream and only benchmarked on their very old, slow laptop,
apparently:
https://github.com/rpm-software-management/rpm/commit/41f0e214f2266f02d6185ba11f797716de8125d4
On anything more capable it starts showing pathologic behavior,
presumably from spawning massive amount of very short-lived threads,
and then having to synchronize them. For example classifying glibc-locale
takes
5m20s with 256 threads (default on my machine!)
1m49s with 64 threads
59s with 16 threads
48s with 8 threads
Even a more typical recipe like webkitgtk is affected:
47s with 256 threads
32s with 64 threads
27s with 16 or 8 threads
I have found that the optimal amount is actually four: this also
means that only four compressors are running at a time, but
as they're themselves using threads, and typical recipes are dominated
by just two or three large packages, this does not affect overall
completion time.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/package_rpm.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index 198a6d0afd..ec31adf967 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -680,6 +680,7 @@ python do_package_rpm () {
cmd = cmd + " --define '_use_internal_dependency_generator 0'"
cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
cmd = cmd + " --define '_build_id_links none'"
+ cmd = cmd + " --define '_smp_ncpus_max 4'"
cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode
cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode
cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 13/14] ninja: fix build with python 3.13
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 12/14] package_rpm: restrict rpm to 4 threads Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
2024-11-27 18:50 ` [OE-core][kirkstone 14/14] gstreamer1.0: improve test reliability Steve Sakoman
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Markus Volk <f_l_k@t-online.de>
python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13
This commit adds a backport patch to use subprocess module instead
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...4efb41c039789b81f0dc0d67c1ed0faea17c.patch | 62 +++++++++++++++++++
meta/recipes-devtools/ninja/ninja_1.10.2.bb | 5 +-
2 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
diff --git a/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
new file mode 100644
index 0000000000..b23bedd04b
--- /dev/null
+++ b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
@@ -0,0 +1,62 @@
+From 9cf13cd1ecb7ae649394f4133d121a01e191560b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:20 +0900
+Subject: [PATCH 1/2] Replace pipes.quote with shlex.quote in configure.py
+
+Python 3.12 deprecated the pipes module and it will be removed
+in Python 3.13. In configure.py, I have replaced the usage of pipes.quote
+with shlex.quote, which is the exactly same function as pipes.quote.
+
+For more details, refer to PEP 0594: https://peps.python.org/pep-0594
+
+Upstream-Status: Backport [https://github.com/ninja-build/ninja/commit/885b4efb41c039789b81f0dc0d67c1ed0faea17c]
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ configure.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index 588250aa8a..c6973cd1a5 100755
+--- a/configure.py
++++ b/configure.py
+@@ -21,7 +21,7 @@
+
+ from optparse import OptionParser
+ import os
+-import pipes
++import shlex
+ import string
+ import subprocess
+ import sys
+@@ -262,7 +262,7 @@ def _run_command(self, cmdline):
+ env_keys = set(['CXX', 'AR', 'CFLAGS', 'CXXFLAGS', 'LDFLAGS'])
+ configure_env = dict((k, os.environ[k]) for k in os.environ if k in env_keys)
+ if configure_env:
+- config_str = ' '.join([k + '=' + pipes.quote(configure_env[k])
++ config_str = ' '.join([k + '=' + shlex.quote(configure_env[k])
+ for k in configure_env])
+ n.variable('configure_env', config_str + '$ ')
+ n.newline()
+
+From 0a9c9c5f50c60de4a7acfed8aaa048c74cd2f43b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:50 +0900
+Subject: [PATCH 2/2] Remove unused module string in configure.py
+
+---
+ configure.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.py b/configure.py
+index c6973cd1a5..939153df60 100755
+--- a/configure.py
++++ b/configure.py
+@@ -22,7 +22,6 @@
+ from optparse import OptionParser
+ import os
+ import shlex
+-import string
+ import subprocess
+ import sys
+
diff --git a/meta/recipes-devtools/ninja/ninja_1.10.2.bb b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
index 1509a54c9e..e7b82ed9ec 100644
--- a/meta/recipes-devtools/ninja/ninja_1.10.2.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
@@ -8,7 +8,10 @@ DEPENDS = "re2c-native ninja-native"
SRCREV = "e72d1d581c945c158ed68d9bc48911063022a2c6"
-SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https"
+SRC_URI = " \
+ git://github.com/ninja-build/ninja.git;branch=release;protocol=https \
+ file://885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch \
+"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
S = "${WORKDIR}/git"
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [OE-core][kirkstone 14/14] gstreamer1.0: improve test reliability
2024-11-27 18:49 [OE-core][kirkstone 00/14] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-11-27 18:50 ` [OE-core][kirkstone 13/14] ninja: fix build with python 3.13 Steve Sakoman
@ 2024-11-27 18:50 ` Steve Sakoman
13 siblings, 0 replies; 20+ messages in thread
From: Steve Sakoman @ 2024-11-27 18:50 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
First, libcheck has the ability to increase all test timeouts by an arbitrary
multiplier. Because we run our tests on loaded build machines,
increase all timeouts by 10x to reduce the chance of load causing failures.
Second, use GST_CHECKS_IGNORE to list test cases that should be skipped.
Drop skip-aggregator-test.patch as this is now redundant, and also skip
gstnetclientclock.c:test_functioning as this is very sensitive to load.
[ YOCTO #14808 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 669d0df81f651f7c033c8cb7872cac5bfe670a4f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gstreamer/gstreamer1.0/run-ptest | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
index 0cfa955f03..7d0312005f 100755
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
@@ -1,2 +1,16 @@
-#!/usr/bin/env sh
+#! /bin/sh
+
+# Multiply all timeouts by ten so they're more likely to work
+# on a loaded system.
+export CK_TIMEOUT_MULTIPLIER=5
+
+# Skip some tests that we know are problematic
+export GST_CHECKS_IGNORE=""
+# gstnetclientclock.c:test_functioning is very sensitive to load
+GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning"
+
+# aggregator.c:test_infinite_seek_50_src_live is known to be flaky
+# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410
+GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_infinite_seek_50_src_live"
+
gnome-desktop-testing-runner gstreamer
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread