* [OE-core][scarthgap 00/16] Patch review
@ 2024-09-20 13:38 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-09-20 13:38 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, September 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7346
The following changes since commit 343f40b0bc8ef65cc1e2abd6c9c33bb2e08bad3d:
libedit: Make docs generation deterministic (2024-09-12 14:34:56 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Alban Bedel (1):
bind: Fix build with the `httpstats` package config enabled
Chen Qi (1):
qemu: back port patches to fix riscv64 build failure
Colin McAllister (2):
udev-extraconf: Add collect flag to mount
busybox: Fix cut with "-s" flag
Guðni Már Gilbert (1):
bluez5: remove redundant patch for MAX_INPUT
Khem Raj (1):
gcc: Fix spurious '/' in GLIBC_DYNAMIC_LINKER on microblaze
Mark Hatle (1):
create-sdpx-2.2.bbclass: Switch from exists to isfile checking
debugsrc
Pedro Ferreira (2):
buildhistory: Fix intermittent package file list creation
buildhistory: Restoring files from preserve list
Peter Marko (1):
python3: Upgrade 3.12.5 -> 3.12.6
Richard Purdie (1):
buildhistory: Simplify intercept call sites and drop
SSTATEPOSTINSTFUNC usage
Siddharth Doshi (1):
openssl: Upgrade 3.2.2 -> 3.2.3
Steve Sakoman (1):
Revert "wpa-supplicant: Upgrade 2.10 -> 2.11"
Trevor Gamblin (2):
python3: upgrade 3.12.4 -> 3.12.5
python3: skip readline limited history tests
Vijay Anusuri (1):
libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006
meta/classes-global/sstate.bbclass | 5 +-
meta/classes/buildhistory.bbclass | 71 +-
meta/classes/create-spdx-2.2.bbclass | 3 +-
.../recipes-connectivity/bind/bind_9.18.28.bb | 2 +-
meta/recipes-connectivity/bluez5/bluez5.inc | 1 -
...shared-util.c-include-linux-limits.h.patch | 27 -
.../libpcap/libpcap/CVE-2023-7256-pre1.patch | 37 +
.../libpcap/libpcap/CVE-2023-7256.patch | 365 +++++
.../libpcap/libpcap/CVE-2024-8006.patch | 42 +
.../libpcap/libpcap_1.10.4.bb | 7 +-
...ke-history-reporting-when-test-fails.patch | 8 +-
.../openssl/openssl/CVE-2024-5535_1.patch | 113 --
.../openssl/openssl/CVE-2024-5535_10.patch | 203 ---
.../openssl/openssl/CVE-2024-5535_2.patch | 43 -
.../openssl/openssl/CVE-2024-5535_3.patch | 38 -
.../openssl/openssl/CVE-2024-5535_4.patch | 82 --
.../openssl/openssl/CVE-2024-5535_5.patch | 176 ---
.../openssl/openssl/CVE-2024-5535_6.patch | 1173 -----------------
.../openssl/openssl/CVE-2024-5535_7.patch | 43 -
.../openssl/openssl/CVE-2024-5535_8.patch | 66 -
.../openssl/openssl/CVE-2024-5535_9.patch | 271 ----
.../{openssl_3.2.2.bb => openssl_3.2.3.bb} | 14 +-
...all-wpa_passphrase-when-not-disabled.patch | 33 +
...te-Phase-2-authentication-requiremen.patch | 213 +++
...options-for-libwpa_client.so-and-wpa.patch | 73 +
...oval-of-wpa_passphrase-on-make-clean.patch | 26 +
...plicant_2.11.bb => wpa-supplicant_2.10.bb} | 10 +-
...1-cut-Fix-s-flag-to-omit-blank-lines.patch | 66 +
meta/recipes-core/busybox/busybox_1.36.1.bb | 1 +
.../recipes-core/udev/udev-extraconf/mount.sh | 2 +-
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 6 +-
...t_readline-skip-limited-history-test.patch | 38 +
.../python/python3/CVE-2024-7592.patch | 143 --
.../python/python3/CVE-2024-8088.patch | 128 --
.../{python3_3.12.4.bb => python3_3.12.6.bb} | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 3 +
...kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch | 75 ++
...kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch | 73 +
...cv-kvm-change-timer-regs-size-to-u64.patch | 107 ++
39 files changed, 1226 insertions(+), 2566 deletions(-)
delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
rename meta/recipes-connectivity/openssl/{openssl_3.2.2.bb => openssl_3.2.3.bb} (94%)
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.11.bb => wpa-supplicant_2.10.bb} (90%)
create mode 100644 meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
create mode 100644 meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
rename meta/recipes-devtools/python/{python3_3.12.4.bb => python3_3.12.6.bb} (99%)
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 00/16] Patch review
@ 2024-12-03 13:37 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569 Steve Sakoman
` (15 more replies)
0 siblings, 16 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes to scarthgap and have comments back by
end of day Thursday, December 5
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/560
The following changes since commit dac630ab5ee7aa6c5c7c294093adbd11b116c765:
llvm: reduce size of -dbg package (2024-11-22 05:42:54 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 5.0.5
Changqing Li (2):
acpica: fix CVE-2024-24856
libsoup: fix CVE-2024-52530, CVE-2024-52531
Deepthi Hemraj (1):
glibc: stable 2.39 branch updates
Florian Kreutzer (1):
dropbear: backport fix for concurrent channel open/close
Gassner, Tobias.ext (1):
rootfs: Ensure run-postinsts is not uninstalled for
read-only-rootfs-delayed-postinsts
Hitendra Prajapati (1):
libsndfile: fix CVE-2024-50612
Jiaying Song (1):
python3-zipp: fix CVE-2024-5569
Jinfeng Wang (1):
tzdata&tzcode-native: upgrade 2024a -> 2024b
Markus Volk (2):
gcc: add a backport patch to fix an issue with tzdata 2024b
ninja: fix build with python 3.13
Peter Marko (1):
builder: set CVE_PRODUCT
Robert Yang (1):
libgcrypt: Fix building error with '-O2' in sysroot path
Soumya Sambu (1):
python3-requests: upgrade 2.32.1 -> 2.32.2
Trevor Gamblin (1):
python3-urllib3: upgrade 2.2.1 -> 2.2.2
Yogita Urade (1):
qemu: upgrade 8.2.3 -> 8.2.7
meta/lib/oe/rootfs.py | 4 +
meta/lib/oeqa/selftest/cases/overlayfs.py | 41 +-
...e-channels-when-a-PID-hasn-t-started.patch | 45 +
.../recipes-core/dropbear/dropbear_2022.83.bb | 1 +
.../glib-2.0/gdatetime-test-fail-0001.patch | 72 +
.../glib-2.0/gdatetime-test-fail-0002.patch | 65 +
.../glib-2.0/gdatetime-test-fail-0003.patch | 63 +
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 3 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-devtools/gcc/gcc-13.3.inc | 1 +
...4fffe3fc82a710bea66ad651720d71c938b8.patch | 549 ++++++++
...4efb41c039789b81f0dc0d67c1ed0faea17c.patch | 62 +
meta/recipes-devtools/ninja/ninja_1.11.1.bb | 5 +-
...s_2.31.0.bb => python3-requests_2.32.0.bb} | 2 +-
...lib3_2.2.1.bb => python3-urllib3_2.2.2.bb} | 2 +-
.../python/python3-zipp/CVE-2024-5569.patch | 138 ++
.../python/python3-zipp_3.17.0.bb | 1 +
...u-native_8.2.3.bb => qemu-native_8.2.7.bb} | 0
...e_8.2.3.bb => qemu-system-native_8.2.7.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 14 +-
...kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch | 75 --
...kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch | 73 -
...cv-kvm-change-timer-regs-size-to-u64.patch | 107 --
.../qemu/qemu/CVE-2024-4467-0001.patch | 112 --
.../qemu/qemu/CVE-2024-4467-0002.patch | 55 -
.../qemu/qemu/CVE-2024-4467-0003.patch | 57 -
.../qemu/qemu/CVE-2024-4467-0004.patch | 1187 -----------------
.../qemu/qemu/CVE-2024-4467-0005.patch | 239 ----
.../qemu/qemu/CVE-2024-7409-0001.patch | 167 ---
.../qemu/qemu/CVE-2024-7409-0002.patch | 175 ---
.../qemu/qemu/CVE-2024-7409-0003.patch | 126 --
.../qemu/qemu/CVE-2024-7409-0004.patch | 164 ---
.../qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} | 0
.../acpica/acpica_20240322.bb | 3 +-
.../acpica/files/CVE-2024-24856.patch | 31 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
meta/recipes-graphics/builder/builder_0.1.bb | 3 +-
.../libsndfile1/CVE-2024-50612.patch | 412 ++++++
.../libsndfile/libsndfile1_1.2.2.bb | 1 +
...ilding-error-with-O2-in-sysroot-path.patch | 64 +
...ilding-error-with-O2-in-sysroot-path.patch | 39 -
.../libgcrypt/libgcrypt_1.10.3.bb | 2 +-
.../libsoup-3.4.4/CVE-2024-52530.patch | 150 +++
.../libsoup-3.4.4/CVE-2024-52531-1.patch | 116 ++
.../libsoup-3.4.4/CVE-2024-52531-2.patch | 40 +
.../libsoup-3.4.4/CVE-2024-52531-3.patch | 136 ++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 +
scripts/install-buildtools | 4 +-
48 files changed, 2016 insertions(+), 2602 deletions(-)
create mode 100644 meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
create mode 100644 meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
rename meta/recipes-devtools/python/{python3-requests_2.31.0.bb => python3-requests_2.32.0.bb} (84%)
rename meta/recipes-devtools/python/{python3-urllib3_2.2.1.bb => python3-urllib3_2.2.2.bb} (86%)
create mode 100644 meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
rename meta/recipes-devtools/qemu/{qemu-native_8.2.3.bb => qemu-native_8.2.7.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_8.2.3.bb => qemu-system-native_8.2.7.bb} (100%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
rename meta/recipes-devtools/qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} (100%)
create mode 100644 meta/recipes-extended/acpica/files/CVE-2024-24856.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
delete mode 100644 meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856 Steve Sakoman
` (14 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Jiaying Song <jiaying.song.cn@windriver.com>
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp
library, affecting all versions prior to 3.19.1. The vulnerability is
triggered when processing a specially crafted zip file that leads to an
infinite loop. This issue also impacts the zipfile module of CPython, as
features from the third-party zipp library are later merged into
CPython, and the affected code is identical in both projects. The
infinite loop can be initiated through the use of functions affecting
the `Path` module in both zipp and zipfile, such as `joinpath`, the
overloaded division operator, and `iterdir`. Although the infinite loop
is not resource exhaustive, it prevents the application from responding.
The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-5569
Upstream patches:
https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547
https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0
https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806
https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3-zipp/CVE-2024-5569.patch | 138 ++++++++++++++++++
.../python/python3-zipp_3.17.0.bb | 1 +
2 files changed, 139 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
diff --git a/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
new file mode 100644
index 0000000000..1cc43243bf
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch
@@ -0,0 +1,138 @@
+From b1804347ec2db16452a7bff2b469d2c66776b904 Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Fri, 31 May 2024 11:20:57 -0400
+Subject: [PATCH] fix CVE-2024-5569
+
+The patch includes the following changes:
+c18417e Add news fragment.
+58115d2 Employ SanitizedNames in CompleteDirs. Fixes broken test.
+564fcc1 Add SanitizedNames mixin.
+79a309f Add some assertions about malformed paths.
+
+Upstream-Status: Backport
+[https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547]
+[https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0]
+[https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806]
+[https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7]
+
+CVE: CVE-2024-5569
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ newsfragments/119.bugfix.rst | 1 +
+ tests/test_path.py | 17 ++++++++++
+ zipp/__init__.py | 64 +++++++++++++++++++++++++++++++++++-
+ 3 files changed, 81 insertions(+), 1 deletion(-)
+ create mode 100644 newsfragments/119.bugfix.rst
+
+diff --git a/newsfragments/119.bugfix.rst b/newsfragments/119.bugfix.rst
+new file mode 100644
+index 0000000..6c72e2d
+--- /dev/null
++++ b/newsfragments/119.bugfix.rst
+@@ -0,0 +1 @@
++Improved handling of malformed zip files.
+\ No newline at end of file
+diff --git a/tests/test_path.py b/tests/test_path.py
+index a77a5de..3752243 100644
+--- a/tests/test_path.py
++++ b/tests/test_path.py
+@@ -575,3 +575,20 @@ class TestPath(unittest.TestCase):
+ zipp.Path(alpharep)
+ with self.assertRaises(KeyError):
+ alpharep.getinfo('does-not-exist')
++
++ def test_malformed_paths(self):
++ """
++ Path should handle malformed paths.
++ """
++ data = io.BytesIO()
++ zf = zipfile.ZipFile(data, "w")
++ zf.writestr("/one-slash.txt", b"content")
++ zf.writestr("//two-slash.txt", b"content")
++ zf.writestr("../parent.txt", b"content")
++ zf.filename = ''
++ root = zipfile.Path(zf)
++ assert list(map(str, root.iterdir())) == [
++ 'one-slash.txt',
++ 'two-slash.txt',
++ 'parent.txt',
++ ]
+diff --git a/zipp/__init__.py b/zipp/__init__.py
+index becd010..e980e9b 100644
+--- a/zipp/__init__.py
++++ b/zipp/__init__.py
+@@ -84,7 +84,69 @@ class InitializedState:
+ super().__init__(*args, **kwargs)
+
+
+-class CompleteDirs(InitializedState, zipfile.ZipFile):
++class SanitizedNames:
++ """
++ ZipFile mix-in to ensure names are sanitized.
++ """
++
++ def namelist(self):
++ return list(map(self._sanitize, super().namelist()))
++
++ @staticmethod
++ def _sanitize(name):
++ r"""
++ Ensure a relative path with posix separators and no dot names.
++
++ Modeled after
++ https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813
++ but provides consistent cross-platform behavior.
++
++ >>> san = SanitizedNames._sanitize
++ >>> san('/foo/bar')
++ 'foo/bar'
++ >>> san('//foo.txt')
++ 'foo.txt'
++ >>> san('foo/.././bar.txt')
++ 'foo/bar.txt'
++ >>> san('foo../.bar.txt')
++ 'foo../.bar.txt'
++ >>> san('\\foo\\bar.txt')
++ 'foo/bar.txt'
++ >>> san('D:\\foo.txt')
++ 'D/foo.txt'
++ >>> san('\\\\server\\share\\file.txt')
++ 'server/share/file.txt'
++ >>> san('\\\\?\\GLOBALROOT\\Volume3')
++ '?/GLOBALROOT/Volume3'
++ >>> san('\\\\.\\PhysicalDrive1\\root')
++ 'PhysicalDrive1/root'
++
++ Retain any trailing slash.
++ >>> san('abc/')
++ 'abc/'
++
++ Raises a ValueError if the result is empty.
++ >>> san('../..')
++ Traceback (most recent call last):
++ ...
++ ValueError: Empty filename
++ """
++
++ def allowed(part):
++ return part and part not in {'..', '.'}
++
++ # Remove the drive letter.
++ # Don't use ntpath.splitdrive, because that also strips UNC paths
++ bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE)
++ clean = bare.replace('\\', '/')
++ parts = clean.split('/')
++ joined = '/'.join(filter(allowed, parts))
++ if not joined:
++ raise ValueError("Empty filename")
++ return joined + '/' * name.endswith('/')
++
++
++class CompleteDirs(InitializedState, SanitizedNames, zipfile.ZipFile):
+ """
+ A ZipFile subclass that ensures that implied directories
+ are always included in the namelist.
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
index e9e220e315..9f756887b5 100644
--- a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
+++ b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
@@ -3,6 +3,7 @@ HOMEPAGE = "https://github.com/jaraco/zipp"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
+SRC_URI += "file://CVE-2024-5569.patch"
SRC_URI[sha256sum] = "84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0"
DEPENDS += "python3-setuptools-scm-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 03/16] builder: set CVE_PRODUCT Steve Sakoman
` (13 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.
Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../acpica/acpica_20240322.bb | 3 +-
.../acpica/files/CVE-2024-24856.patch | 31 +++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/acpica/files/CVE-2024-24856.patch
diff --git a/meta/recipes-extended/acpica/acpica_20240322.bb b/meta/recipes-extended/acpica/acpica_20240322.bb
index 90e3599d32..1f93c0d435 100644
--- a/meta/recipes-extended/acpica/acpica_20240322.bb
+++ b/meta/recipes-extended/acpica/acpica_20240322.bb
@@ -16,7 +16,8 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
DEPENDS = "m4-native flex-native bison-native"
-SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master"
+SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master \
+ file://CVE-2024-24856.patch"
SRCREV = "170fc3076a86777077637f10b05c32ac21ac13aa"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/acpica/files/CVE-2024-24856.patch b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
new file mode 100644
index 0000000000..c0c9c00d12
--- /dev/null
+++ b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch
@@ -0,0 +1,31 @@
+From 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 Mon Sep 17 00:00:00 2001
+From: Huai-Yuan Liu <qq810974084@gmail.com>
+Date: Tue, 9 Apr 2024 23:23:39 +0800
+Subject: [PATCH] check null return of ACPI_ALLOCATE_ZEROED in
+ AcpiDbConvertToPackage
+
+ACPI_ALLOCATE_ZEROED may fails, Elements might be null and will cause null pointer dereference later.
+
+Signed-off-by: Huai-Yuan Liu <qq810974084@gmail.com>
+
+CVE: CVE-2024-24856
+Upstream-Status: Backport [https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ source/components/debugger/dbconvert.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/components/debugger/dbconvert.c b/source/components/debugger/dbconvert.c
+index 6a41000036..32ad5be179 100644
+--- a/source/components/debugger/dbconvert.c
++++ b/source/components/debugger/dbconvert.c
+@@ -354,6 +354,8 @@ AcpiDbConvertToPackage (
+
+ Elements = ACPI_ALLOCATE_ZEROED (
+ DB_DEFAULT_PKG_ELEMENTS * sizeof (ACPI_OBJECT));
++ if (!Elements)
++ return (AE_NO_MEMORY);
+
+ This = String;
+ for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++)
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 03/16] builder: set CVE_PRODUCT
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 04/16] libsndfile: fix CVE-2024-50612 Steve Sakoman
` (12 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Instead, set product to yocto to filter them.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/builder/builder_0.1.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 52c9351f93..709a0b4608 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -28,4 +28,5 @@ do_install () {
chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
}
-CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 04/16] libsndfile: fix CVE-2024-50612
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 03/16] builder: set CVE_PRODUCT Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531 Steve Sakoman
` (11 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsndfile1/CVE-2024-50612.patch | 412 ++++++++++++++++++
.../libsndfile/libsndfile1_1.2.2.bb | 1 +
2 files changed, 413 insertions(+)
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
new file mode 100644
index 0000000000..d96f2915c4
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
@@ -0,0 +1,412 @@
+From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001
+From: Arthur Taylor <art@ified.ca>
+Date: Fri, 15 Nov 2024 19:46:53 -0800
+Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
+
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba]
+CVE: CVE-2024-50612
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/ogg.c | 12 ++--
+ src/ogg_opus.c | 17 +++--
+ src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 114 insertions(+), 85 deletions(-)
+
+diff --git a/src/ogg.c b/src/ogg.c
+index 8cd4379..534c8f7 100644
+--- a/src/ogg.c
++++ b/src/ogg.c
+@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
+
+ int
+ ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+-{ int bytes ;
++{ int n ;
+
+- bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+- bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
++ n = psf_fwrite (page->header, 1, page->header_len, psf) ;
++ if (n == page->header_len)
++ n += psf_fwrite (page->body, 1, page->body_len, psf) ;
+
+- return bytes == page->header_len + page->body_len ;
++ if (n != page->body_len + page->header_len)
++ return -1 ;
++
++ return n ;
+ } /* ogg_write_page */
+
+ sf_count_t
+diff --git a/src/ogg_opus.c b/src/ogg_opus.c
+index 596bb69..8e3800a 100644
+--- a/src/ogg_opus.c
++++ b/src/ogg_opus.c
+@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+
+ /* The first page MUST only contain the header, so flush it out now */
+ ogg_stream_packetin (&odata->ostream, &op) ;
+- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+- { if (! (nn = ogg_write_page (psf, &odata->opage)))
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ { nn = ogg_write_page (psf, &odata->opage) ;
++ if (nn < 0)
+ { psf_log_printf (psf, "Opus : Failed to write header!\n") ;
+ if (psf->error)
+ return psf->error ;
+ return SFE_INTERNAL ;
+ } ;
+ psf->dataoffset += nn ;
+- }
++ } ;
+
+ /*
+ ** Metadata Tags (manditory)
+@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
+ op.packetno = 2 ;
+ ogg_stream_packetin (&odata->ostream, &op) ;
+- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+- { if (! (nn = ogg_write_page (psf, &odata->opage)))
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ { nn = ogg_write_page (psf, &odata->opage) ;
++ if (nn < 0)
+ { psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
+ if (psf->error)
+ return psf->error ;
+ return SFE_INTERNAL ;
+ } ;
+ psf->dataoffset += nn ;
+- }
++ } ;
+
+ return 0 ;
+ } /* ogg_opus_write_header */
+@@ -1132,7 +1134,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
+ if (nbytes > 0)
+ { oopus->u.encode.last_segments -= ogg_page_segments (&odata->opage) ;
+ oopus->pg_pos = oopus->pkt_pos ;
+- ogg_write_page (psf, &odata->opage) ;
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+ }
+ else
+ break ;
+diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
+index f9428ed..2cdbed3 100644
+--- a/src/ogg_vorbis.c
++++ b/src/ogg_vorbis.c
+@@ -82,28 +82,6 @@
+ /* How many seconds in the future to not bother bisection searching for. */
+ #define VORBIS_SEEK_THRESHOLD 2
+
+-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+-
+-static int vorbis_read_header (SF_PRIVATE *psf) ;
+-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+-static int vorbis_close (SF_PRIVATE *psf) ;
+-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+-static int vorbis_byterate (SF_PRIVATE *psf) ;
+-static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
+-static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+-static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+-
+ typedef struct
+ { int id ;
+ const char *name ;
+@@ -145,6 +123,45 @@ typedef struct
+ sf_count_t last_page ;
+ } VORBIS_PRIVATE ;
+
++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
++
++static int vorbis_read_header (SF_PRIVATE *psf) ;
++static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
++static int vorbis_close (SF_PRIVATE *psf) ;
++static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
++static int vorbis_byterate (SF_PRIVATE *psf) ;
++static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
++static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
++static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
++static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
++static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
++static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
++static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
++static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
++static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
++static void vorbis_log_error (SF_PRIVATE *psf, int error) ;
++
++
++static void
++vorbis_log_error(SF_PRIVATE *psf, int error) {
++ switch (error)
++ { case 0: return;
++ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ;
++ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ;
++ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ;
++ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
++ case OV_EFAULT:
++ case OV_EINVAL:
++ default: psf->error = SFE_INTERNAL ;
++ } ;
++} ;
++
+ static int
+ vorbis_read_header (SF_PRIVATE *psf)
+ { OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ { ogg_packet header ;
+ ogg_packet header_comm ;
+ ogg_packet header_code ;
+- int result ;
+
+ vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
+ ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
+@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ /* This ensures the actual
+ * audio data will start on a new page, as per spec
+ */
+- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
+- { ogg_write_page (psf, &odata->opage) ;
+- } ;
++ while (ogg_stream_flush (&odata->ostream, &odata->opage))
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+ }
+
+ return 0 ;
+@@ -402,6 +418,7 @@ static int
+ vorbis_close (SF_PRIVATE *psf)
+ { OGG_PRIVATE* odata = psf->container_data ;
+ VORBIS_PRIVATE *vdata = psf->codec_data ;
++ int ret = 0 ;
+
+ if (odata == NULL || vdata == NULL)
+ return 0 ;
+@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf)
+ if (psf->file.mode == SFM_WRITE)
+ {
+ if (psf->write_current <= 0)
+- vorbis_write_header (psf, 0) ;
+-
+- vorbis_analysis_wrote (&vdata->vdsp, 0) ;
+- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+- {
++ ret = vorbis_write_header (psf, 0) ;
+
+- /* analysis, assume we want to use bitrate management */
+- vorbis_analysis (&vdata->vblock, NULL) ;
+- vorbis_bitrate_addblock (&vdata->vblock) ;
+-
+- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+- { /* weld the packet into the bitstream */
+- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+-
+- /* write out pages (if any) */
+- while (!odata->eos)
+- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+- if (result == 0) break ;
+- ogg_write_page (psf, &odata->opage) ;
+-
+- /* this could be set above, but for illustrative purposes, I do
+- it here (to show that vorbis does know where the stream ends) */
+-
+- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
+- }
+- }
+- }
+- }
++ if (ret == 0)
++ { /* A write of zero samples tells Vorbis the stream is done and to
++ flush. */
++ ret = vorbis_write_samples (psf, odata, vdata, 0) ;
++ } ;
++ } ;
+
+ /* ogg_page and ogg_packet structs always point to storage in
+ libvorbis. They are never freed or manipulated directly */
+@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf)
+ vorbis_comment_clear (&vdata->vcomment) ;
+ vorbis_info_clear (&vdata->vinfo) ;
+
+- return 0 ;
++ return ret ;
+ } /* vorbis_close */
+
+ int
+@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
+ /*==============================================================================
+ */
+
+-static void
++static int
+ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
+-{
+- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
++{ int ret ;
++
++ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
++ return ret ;
+
+ /*
+ ** Vorbis does some data preanalysis, then divvies up blocks for
+ ** more involved (potentially parallel) processing. Get a single
+ ** block for encoding now.
+ */
+- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
++ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
+ {
+ /* analysis, assume we want to use bitrate management */
+- vorbis_analysis (&vdata->vblock, NULL) ;
+- vorbis_bitrate_addblock (&vdata->vblock) ;
++ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
++ return ret ;
++ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
++ return ret ;
+
+- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
++ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
+ {
+ /* weld the packet into the bitstream */
+- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
++ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
++ return ret ;
+
+ /* write out pages (if any) */
+ while (!odata->eos)
+- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+- if (result == 0)
++ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
++ if (ret == 0)
+ break ;
+- ogg_write_page (psf, &odata->opage) ;
++
++ if (ogg_write_page (psf, &odata->opage) < 0)
++ return -1 ;
+
+ /* This could be set above, but for illustrative purposes, I do
+ ** it here (to show that vorbis does know where the stream ends) */
+@@ -722,16 +726,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata
+ odata->eos = 1 ;
+ } ;
+ } ;
++ if (ret != 0)
++ return ret ;
+ } ;
++ if (ret != 0)
++ return ret ;
+
+ vdata->gp += in_frames ;
++
++ return 0 ;
+ } /* vorbis_write_data */
+
+
+ static sf_count_t
+ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ {
+- int i, m, j = 0 ;
++ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_s */
+
+ static sf_count_t
+ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_i */
+
+ static sf_count_t
+ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = ptr [j++] ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_f */
+
+ static sf_count_t
+ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+-{ int i, m, j = 0 ;
++{ int i, m, j = 0, ret ;
+ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ int in_frames = lens / psf->sf.channels ;
+@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+ for (m = 0 ; m < psf->sf.channels ; m++)
+ buffer [m][i] = (float) ptr [j++] ;
+
+- vorbis_write_samples (psf, odata, vdata, in_frames) ;
++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++ { vorbis_log_error (psf, ret) ;
++ return 0 ;
++ } ;
+
+ return lens ;
+ } /* vorbis_write_d */
+@@ -884,7 +906,7 @@ vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp)
+ return 0 ;
+
+ /* Search for a position a half large-block before our target. As Vorbis is
+- ** lapped, every sample position come from two blocks, the "left" half of
++ ** lapped, every sample position comes from two blocks, the "left" half of
+ ** one block and the "right" half of the previous block. The granule
+ ** position of an Ogg page of a Vorbis stream is the sample offset of the
+ ** last finished sample in the stream that can be decoded from a page. A
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
index a9ee7c3575..2a1b96d5e7 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
@@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only"
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \
file://noopus.patch \
file://cve-2022-33065.patch \
+ file://CVE-2024-50612.patch \
"
GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 04/16] libsndfile: fix CVE-2024-50612 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b Steve Sakoman
` (10 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531
CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52530
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup-3.4.4/CVE-2024-52530.patch | 150 ++++++++++++++++++
.../libsoup-3.4.4/CVE-2024-52531-1.patch | 116 ++++++++++++++
.../libsoup-3.4.4/CVE-2024-52531-2.patch | 40 +++++
.../libsoup-3.4.4/CVE-2024-52531-3.patch | 136 ++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 +
5 files changed, 446 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..fb6d5c3c6f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch
@@ -0,0 +1,150 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+CVE: CVE-2024-52530
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ * ignorable trailing whitespace.
+ */
+
++ /* No '\0's are allowed */
++ if (memchr (str, '\0', len))
++ return FALSE;
++
+ /* Skip over the Request-Line / Status-Line */
+ headers_start = memchr (str, '\n', len);
+ if (!headers_start)
+ return FALSE;
+- /* No '\0's in the Request-Line / Status-Line */
+- if (memchr (str, '\0', headers_start - str))
+- return FALSE;
+
+ /* We work on a copy of the headers, which we can write '\0's
+ * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ headers_copy[copy_len] = '\0';
+ value_end = headers_copy;
+
+- /* There shouldn't be any '\0's in the headers already, but
+- * this is the web we're talking about.
+- */
+- while ((p = memchr (headers_copy, '\0', copy_len))) {
+- memmove (p, p + 1, copy_len - (p - headers_copy));
+- copy_len--;
+- }
+-
+ while (*(value_end + 1)) {
+ name = value_end + 1;
+ name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ }
+ },
+
+- { "NUL in header name", "760832",
+- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "example.com" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+- SOUP_STATUS_OK,
+- "GET", "/", SOUP_HTTP_1_1,
+- { { "Host", "examplecom" },
+- { NULL }
+- }
+- },
+-
+ /************************/
+ /*** INVALID REQUESTS ***/
+ /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ SOUP_STATUS_EXPECTATION_FAILED,
+ NULL, NULL, -1,
+ { { NULL } }
++ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
++ },
++
++ { "NUL in header value", NULL,
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ SOUP_STATUS_BAD_REQUEST,
++ NULL, NULL, -1,
++ { { NULL } }
+ }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ { NULL } }
+ },
+
+- { "NUL in header name", "760832",
+- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+- { "NUL in header value", "760832",
+- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+- { { "Foo", "bar" },
+- { NULL }
+- }
+- },
+-
+ /********************************/
+ /*** VALID CONTINUE RESPONSES ***/
+ /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ { { NULL }
+ }
+ },
++
++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++ { "NUL in header name", NULL,
++ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
++
++ { "NUL in header value", "760832",
++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++ -1, 0, NULL,
++ { { NULL } }
++ },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
new file mode 100644
index 0000000000..c8e855c128
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch
@@ -0,0 +1,116 @@
+From 4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 12:18:58 -0500
+Subject: [PATCH] fuzzing: Cover soup_header_parse_param_list
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ fuzzing/fuzz.h | 9 +++++++--
+ fuzzing/fuzz_header_parsing.c | 19 +++++++++++++++++++
+ fuzzing/fuzz_header_parsing.dict | 8 ++++++++
+ fuzzing/meson.build | 2 ++
+ 4 files changed, 36 insertions(+), 2 deletions(-)
+ create mode 100644 fuzzing/fuzz_header_parsing.c
+ create mode 100644 fuzzing/fuzz_header_parsing.dict
+
+diff --git a/fuzzing/fuzz.h b/fuzzing/fuzz.h
+index 0d380285..f3bd28ee 100644
+--- a/fuzzing/fuzz.h
++++ b/fuzzing/fuzz.h
+@@ -1,13 +1,14 @@
+ #include "libsoup/soup.h"
+
+ int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
++static int set_logger = 0;
+
+ #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ static GLogWriterOutput
+ empty_logging_func (GLogLevelFlags log_level, const GLogField *fields,
+ gsize n_fields, gpointer user_data)
+ {
+- return G_LOG_WRITER_HANDLED;
++ return G_LOG_WRITER_HANDLED;
+ }
+ #endif
+
+@@ -16,6 +17,10 @@ static void
+ fuzz_set_logging_func (void)
+ {
+ #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+- g_log_set_writer_func (empty_logging_func, NULL, NULL);
++ if (!set_logger)
++ {
++ set_logger = 1;
++ g_log_set_writer_func (empty_logging_func, NULL, NULL);
++ }
+ #endif
+ }
+diff --git a/fuzzing/fuzz_header_parsing.c b/fuzzing/fuzz_header_parsing.c
+new file mode 100644
+index 00000000..a8e5c1f9
+--- /dev/null
++++ b/fuzzing/fuzz_header_parsing.c
+@@ -0,0 +1,19 @@
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++ GHashTable *elements;
++
++ // We only accept NUL terminated strings
++ if (!size || data[size - 1] != '\0')
++ return 0;
++
++ fuzz_set_logging_func ();
++
++ elements = soup_header_parse_param_list((char*)data);
++
++ g_hash_table_unref(elements);
++
++ return 0;
++}
+\ No newline at end of file
+diff --git a/fuzzing/fuzz_header_parsing.dict b/fuzzing/fuzz_header_parsing.dict
+new file mode 100644
+index 00000000..1562ca3a
+--- /dev/null
++++ b/fuzzing/fuzz_header_parsing.dict
+@@ -0,0 +1,8 @@
++"*=UTF-8''"
++"*=iso-8859-1''"
++"'"
++"''"
++"="
++"*="
++"""
++";"
+\ No newline at end of file
+diff --git a/fuzzing/meson.build b/fuzzing/meson.build
+index b14cbb50..5dd0f417 100644
+--- a/fuzzing/meson.build
++++ b/fuzzing/meson.build
+@@ -5,6 +5,7 @@ fuzz_targets = [
+ 'fuzz_cookie_parse',
+ 'fuzz_content_sniffer',
+ 'fuzz_date_time',
++ 'fuzz_header_parsing',
+ ]
+
+ fuzzing_args = '-fsanitize=fuzzer,address,undefined'
+@@ -34,6 +35,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto())
+ '-runs=200000',
+ '-artifact_prefix=meson-logs/' + target + '-',
+ '-print_final_stats=1',
++ '-max_len=4096',
+ ] + extra_args,
+ env: [
+ 'ASAN_OPTIONS=fast_unwind_on_malloc=0',
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
new file mode 100644
index 0000000000..7e0d81ba4c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch
@@ -0,0 +1,40 @@
+From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:52:08 -0500
+Subject: [PATCH] tests: Add test for passing invalid UTF-8 to
+ soup_header_parse_semi_param_list()
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=825fda3425546847b42ad5270544e9388ff349fe]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ tests/header-parsing-test.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 715c2c6f..5e423d2b 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -825,6 +825,17 @@ static struct ParamListTest {
+ { "filename", "t\xC3\xA9st.txt" },
+ },
+ },
++
++ /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
++ { TRUE,
++ "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
++ {
++ { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++ { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++ { "foo", NULL },
++
++ },
++ }
+ };
+ static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
+
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
new file mode 100644
index 0000000000..a47c8747c5
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch
@@ -0,0 +1,136 @@
+From a35222dd0bfab2ac97c10e86b95f762456628283 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 27 Aug 2024 13:53:26 -0500
+Subject: [PATCH] headers: Be more robust against invalid input when parsing
+ params
+
+If you pass invalid input to a function such as soup_header_parse_param_list_strict()
+it can cause an overflow if it decodes the input to UTF-8.
+
+This should never happen with valid UTF-8 input which libsoup's client API
+ensures, however it's server API does not currently.
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=a35222dd0bfab2ac97c10e86b95f762456628283]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ libsoup/soup-headers.c | 46 ++++++++++++++++++++++--------------------
+ 1 file changed, 24 insertions(+), 22 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index f30ee467..613e1905 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -646,8 +646,9 @@ soup_header_contains (const char *header, const char *token)
+ }
+
+ static void
+-decode_quoted_string (char *quoted_string)
++decode_quoted_string_inplace (GString *quoted_gstring)
+ {
++ char *quoted_string = quoted_gstring->str;
+ char *src, *dst;
+
+ src = quoted_string + 1;
+@@ -661,10 +662,11 @@ decode_quoted_string (char *quoted_string)
+ }
+
+ static gboolean
+-decode_rfc5987 (char *encoded_string)
++decode_rfc5987_inplace (GString *encoded_gstring)
+ {
+ char *q, *decoded;
+ gboolean iso_8859_1 = FALSE;
++ const char *encoded_string = encoded_gstring->str;
+
+ q = strchr (encoded_string, '\'');
+ if (!q)
+@@ -696,14 +698,7 @@ decode_rfc5987 (char *encoded_string)
+ decoded = utf8;
+ }
+
+- /* If encoded_string was UTF-8, then each 3-character %-escape
+- * will be converted to a single byte, and so decoded is
+- * shorter than encoded_string. If encoded_string was
+- * iso-8859-1, then each 3-character %-escape will be
+- * converted into at most 2 bytes in UTF-8, and so it's still
+- * shorter.
+- */
+- strcpy (encoded_string, decoded);
++ g_string_assign (encoded_gstring, decoded);
+ g_free (decoded);
+ return TRUE;
+ }
+@@ -713,15 +708,17 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ {
+ GHashTable *params;
+ GSList *list, *iter;
+- char *item, *eq, *name_end, *value;
+- gboolean override, duplicated;
+
+ params = g_hash_table_new_full (soup_str_case_hash,
+ soup_str_case_equal,
+- g_free, NULL);
++ g_free, g_free);
+
+ list = parse_list (header, delim);
+ for (iter = list; iter; iter = iter->next) {
++ char *item, *eq, *name_end;
++ gboolean override, duplicated;
++ GString *parsed_value = NULL;
++
+ item = iter->data;
+ override = FALSE;
+
+@@ -736,19 +733,19 @@ parse_param_list (const char *header, char delim, gboolean strict)
+
+ *name_end = '\0';
+
+- value = (char *)skip_lws (eq + 1);
++ parsed_value = g_string_new ((char *)skip_lws (eq + 1));
+
+ if (name_end[-1] == '*' && name_end > item + 1) {
+ name_end[-1] = '\0';
+- if (!decode_rfc5987 (value)) {
++ if (!decode_rfc5987_inplace (parsed_value)) {
++ g_string_free (parsed_value, TRUE);
+ g_free (item);
+ continue;
+ }
+ override = TRUE;
+- } else if (*value == '"')
+- decode_quoted_string (value);
+- } else
+- value = NULL;
++ } else if (parsed_value->str[0] == '"')
++ decode_quoted_string_inplace (parsed_value);
++ }
+
+ duplicated = g_hash_table_lookup_extended (params, item, NULL, NULL);
+
+@@ -756,11 +753,16 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ soup_header_free_param_list (params);
+ params = NULL;
+ g_slist_foreach (iter, (GFunc)g_free, NULL);
++ if (parsed_value)
++ g_string_free (parsed_value, TRUE);
+ break;
+- } else if (override || !duplicated)
+- g_hash_table_replace (params, item, value);
+- else
++ } else if (override || !duplicated) {
++ g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
++ } else {
++ if (parsed_value)
++ g_string_free (parsed_value, TRUE);
+ g_free (item);
++ }
+ }
+
+ g_slist_free (list);
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index 0e66715589..b2e32b892a 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -14,6 +14,10 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2024-52532-0001.patch \
file://CVE-2024-52532-0002.patch \
+ file://CVE-2024-52530.patch \
+ file://CVE-2024-52531-1.patch \
+ file://CVE-2024-52531-2.patch \
+ file://CVE-2024-52531-3.patch \
"
SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2 Steve Sakoman
` (9 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glib-2.0/gdatetime-test-fail-0001.patch | 72 +++++++++++++++++++
.../glib-2.0/gdatetime-test-fail-0002.patch | 65 +++++++++++++++++
.../glib-2.0/gdatetime-test-fail-0003.patch | 63 ++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 3 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
5 files changed, 206 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
new file mode 100644
index 0000000000..1997f88f12
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch
@@ -0,0 +1,72 @@
+From 39af934b11ec7bb8f943ba963919816266a3316e Mon Sep 17 00:00:00 2001
+From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
+Date: Fri, 11 Oct 2024 09:38:52 +0100
+Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly
+ -8/-7
+
+In newer tzdata, it is an alias for America/Los_Angeles, which has a
+slightly different meaning: DST did not exist there before 1883. As a
+result, we can no longer hard-code the knowledge that interval 0 is
+standard time and interval 1 is summer time, and instead we need to look
+up the correct intervals from known timestamps.
+
+Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502
+Bug-Debian: https://bugs.debian.org/1084190
+[smcv: expand commit message, fix whitespace]
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 141263b66..cfe00906d 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2625,6 +2625,7 @@ test_posix_parse (void)
+ {
+ GTimeZone *tz;
+ GDateTime *gdt1, *gdt2;
++ gint i1, i2;
+
+ /* Check that an unknown zone name falls back to UTC. */
+ G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,16 +2649,25 @@ test_posix_parse (void)
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+ * but passes anyway because PST8PDT is a zone name.
++ *
++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in
++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
++ * and hence be aware that DST has not always existed.
++ * https://bugs.debian.org/1084190
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
+ g_assert_nonnull (tz);
+ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST");
+- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600);
+- g_assert (!g_time_zone_is_dst (tz, 0));
+- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT");
+- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600);
+- g_assert (g_time_zone_is_dst (tz, 1));
++ /* a date in winter = non-DST */
++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
++ /* approximately 6 months in seconds, i.e. a date in summer = DST */
++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
++ g_assert (!g_time_zone_is_dst (tz, i1));
++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT");
++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
++ g_assert (g_time_zone_is_dst (tz, i2));
+ g_time_zone_unref (tz);
+
+ tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
new file mode 100644
index 0000000000..b3d11b5076
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch
@@ -0,0 +1,65 @@
+From 27eb6eb01d5752c201dd2ec02f656463d12ebee0 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:03:19 +0100
+Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously
+ correct
+
+Instead of using timestamp 0 as a magic number (in this case interpreted
+as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent
+year/month/day in winter, in this case 2024-01-01T00:00:00-08:00.
+
+Similarly, instead of using a timestamp 15 million seconds later
+(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent
+year/month/day in summer, in this case 2024-07-01T00:00:00-07:00.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index cfe00906d..22aa5112a 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2649,19 +2649,16 @@ test_posix_parse (void)
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+ * but passes anyway because PST8PDT is a zone name.
+- *
+- * Intervals i1 and i2 (rather than 0 and 1) are needed because in
+- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles,
+- * and hence be aware that DST has not always existed.
+- * https://bugs.debian.org/1084190
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
+ g_assert_nonnull (tz);
+ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
+ /* a date in winter = non-DST */
+- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0);
+- /* approximately 6 months in seconds, i.e. a date in summer = DST */
+- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000);
++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
++ /* a date in summer = DST */
++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0);
++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2));
+ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST");
+ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600);
+ g_assert (!g_time_zone_is_dst (tz, i1));
+@@ -2669,6 +2666,8 @@ test_posix_parse (void)
+ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600);
+ g_assert (g_time_zone_is_dst (tz, i2));
+ g_time_zone_unref (tz);
++ g_date_time_unref (gdt1);
++ g_date_time_unref (gdt2);
+
+ tz = g_time_zone_new_identifier ("PST8PDT6:32:15");
+ #ifdef G_OS_WIN32
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
new file mode 100644
index 0000000000..b9afad15c5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch
@@ -0,0 +1,63 @@
+From 9dd5e9f49620f13a3eaf2b862b7aa3c680953f01 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 18 Oct 2024 11:23:42 +0100
+Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is
+ not available
+
+On recent versions of Debian, PST8PDT is part of the tzdata-legacy
+package, which is not always installed and might disappear in future.
+Successfully tested with and without tzdata-legacy on Debian unstable.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport
+[https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1]
+
+Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
+---
+ glib/tests/gdatetime.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
+index 22aa5112a..4e963b171 100644
+--- a/glib/tests/gdatetime.c
++++ b/glib/tests/gdatetime.c
+@@ -2626,6 +2626,7 @@ test_posix_parse (void)
+ GTimeZone *tz;
+ GDateTime *gdt1, *gdt2;
+ gint i1, i2;
++ const char *expect_id;
+
+ /* Check that an unknown zone name falls back to UTC. */
+ G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+@@ -2648,11 +2649,25 @@ test_posix_parse (void)
+ g_time_zone_unref (tz);
+
+ /* This fails rules_from_identifier on Unix (though not on Windows)
+- * but passes anyway because PST8PDT is a zone name.
++ * but can pass anyway because PST8PDT is a legacy System V zone name.
+ */
+ tz = g_time_zone_new_identifier ("PST8PDT");
++ expect_id = "PST8PDT";
++
++#ifndef G_OS_WIN32
++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and
++ * not always present in some OSs; fall back to the equivalent geographical
++ * name if the "backward" time zones are absent. */
++ if (tz == NULL)
++ {
++ g_test_message ("Legacy PST8PDT time zone not available, falling back");
++ tz = g_time_zone_new_identifier ("America/Los_Angeles");
++ expect_id = "America/Los_Angeles";
++ }
++#endif
++
+ g_assert_nonnull (tz);
+- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT");
++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id);
+ /* a date in winter = non-DST */
+ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0);
+ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1));
+--
+2.34.1
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
index 506e72bd4c..ce7c57df9a 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -18,6 +18,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://memory-monitor.patch \
file://skip-timeout.patch \
file://CVE-2024-52533.patch \
+ file://gdatetime-test-fail-0001.patch \
+ file://gdatetime-test-fail-0002.patch \
+ file://gdatetime-test-fail-0003.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch \
file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 4734adcc08..adf095280f 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2024a"
+PV = "2024b"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
@@ -16,5 +16,5 @@ S = "${WORKDIR}/tz"
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8"
-SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3"
+SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672"
+SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 08/16] python3-requests: upgrade 2.32.1 -> 2.32.2 Steve Sakoman
` (8 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Trevor Gamblin <tgamblin@baylibre.com>
(From OE-Core rev: 32fdd5673c25084af4ba295b271455cd92ca09d5)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{python3-urllib3_2.2.1.bb => python3-urllib3_2.2.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_2.2.1.bb => python3-urllib3_2.2.2.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_2.2.1.bb
rename to meta/recipes-devtools/python/python3-urllib3_2.2.2.bb
index fc1828b4ee..31a03a60b3 100644
--- a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
-SRC_URI[sha256sum] = "d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19"
+SRC_URI[sha256sum] = "dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"
inherit pypi python_hatchling
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 08/16] python3-requests: upgrade 2.32.1 -> 2.32.2
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 09/16] scripts/install-buildtools: Update to 5.0.5 Steve Sakoman
` (7 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Soumya Sambu <soumya.sambu@windriver.com>
https://requests.readthedocs.io/en/latest/community/updates/#id2
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
https://github.com/psf/requests/compare/v2.32.1...v2.32.2
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{python3-requests_2.31.0.bb => python3-requests_2.32.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-requests_2.31.0.bb => python3-requests_2.32.0.bb} (84%)
diff --git a/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/meta/recipes-devtools/python/python3-requests_2.32.0.bb
similarity index 84%
rename from meta/recipes-devtools/python/python3-requests_2.31.0.bb
rename to meta/recipes-devtools/python/python3-requests_2.32.0.bb
index 287b4f8eee..b4df4c5dc7 100644
--- a/meta/recipes-devtools/python/python3-requests_2.31.0.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
-SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"
+SRC_URI[sha256sum] = "fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8"
inherit pypi setuptools3
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 09/16] scripts/install-buildtools: Update to 5.0.5
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 08/16] python3-requests: upgrade 2.32.1 -> 2.32.2 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 10/16] glibc: stable 2.39 branch updates Steve Sakoman
` (6 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Update to the 5.0.5 release of the 5.0 series for buildtools.
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 92a4c9dfb1..ee6bfb89eb 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.0.3'
-DEFAULT_INSTALLER_VERSION = '5.0.3'
+DEFAULT_RELEASE = 'yocto-5.0.5'
+DEFAULT_INSTALLER_VERSION = '5.0.5'
DEFAULT_BUILDDATE = '202110XX'
# Python version sanity check
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 10/16] glibc: stable 2.39 branch updates
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 09/16] scripts/install-buildtools: Update to 5.0.5 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 11/16] qemu: upgrade 8.2.3 -> 8.2.7 Steve Sakoman
` (5 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Below commits on glibc-2.39 stable branch are updated.
dcaf51b41e elf: Change ldconfig auxcache magic number (bug 32231)
b3c51635ef Make tst-strtod-underflow type-generic
b74be22f65 Add crt1-2.0.o for glibc 2.0 compatibility tests
fcdf98f38c Add tests of more strtod special cases
3edc0f22a6 Add more tests of strtod end pointer
988de94538 Make tst-strtod2 and tst-strtod5 type-generic
a2f7087237 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145)
6624318c89 Do not set errno for overflowing NaN payload in strtod/nan (bug 32045)
63bcc01744 Improve NaN payload testing
86369c9ee4 Make __strtod_internal tests type-generic
a7be595c67 Fix strtod subnormal rounding (bug 30220)
9cfeccf65a More thoroughly test underflow / errno in tst-strtod-round
293e4e3c90 Test errno setting on strtod overflow in tst-strtod-round
d8b4fc3653 Add tests of fread
373aab3e52 stdio-common: Add new test for fdopen
Testresults:
After update |Before update |Difference
PASS: 4889 |PASS: 4885 |PASS: +4
FAIL: 229 |FAIL: 229 |FAIL: 0
XPASS: 4 |XPASS: 4 |XPASS: 0
XFAIL: 16 |XFAIL: 16 |XFAIL: 0
UNSUPPORTED: 227|UNSUPPORTED: 227|UNSUPPORTED: 0
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index dc162b2946..b3b21bd07d 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.39/master"
PV = "2.39+git"
-SRCREV_glibc ?= "84f6bfce2c37e32b9888321fc3131ffbbe6deeba"
+SRCREV_glibc ?= "dcaf51b41e259387602774829c45222d0507f90a"
SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 11/16] qemu: upgrade 8.2.3 -> 8.2.7
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 10/16] glibc: stable 2.39 branch updates Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 12/16] gcc: add a backport patch to fix an issue with tzdata 2024b Steve Sakoman
` (4 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
This includes fix for: CVE-2024-4693, CVE-2024-6505 and CVE-2024-7730
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped:
0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
CVE-2024-4467 and CVE-2024-7409 since already contained the fix.
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...u-native_8.2.3.bb => qemu-native_8.2.7.bb} | 0
...e_8.2.3.bb => qemu-system-native_8.2.7.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 14 +-
...kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch | 75 --
...kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch | 73 -
...cv-kvm-change-timer-regs-size-to-u64.patch | 107 --
.../qemu/qemu/CVE-2024-4467-0001.patch | 112 --
.../qemu/qemu/CVE-2024-4467-0002.patch | 55 -
.../qemu/qemu/CVE-2024-4467-0003.patch | 57 -
.../qemu/qemu/CVE-2024-4467-0004.patch | 1187 -----------------
.../qemu/qemu/CVE-2024-4467-0005.patch | 239 ----
.../qemu/qemu/CVE-2024-7409-0001.patch | 167 ---
.../qemu/qemu/CVE-2024-7409-0002.patch | 175 ---
.../qemu/qemu/CVE-2024-7409-0003.patch | 126 --
.../qemu/qemu/CVE-2024-7409-0004.patch | 164 ---
.../qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} | 0
16 files changed, 1 insertion(+), 2550 deletions(-)
rename meta/recipes-devtools/qemu/{qemu-native_8.2.3.bb => qemu-native_8.2.7.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_8.2.3.bb => qemu-system-native_8.2.7.bb} (100%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
rename meta/recipes-devtools/qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} (100%)
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.7.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_8.2.3.bb
rename to meta/recipes-devtools/qemu/qemu-native_8.2.7.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e9f63b9eaf..40ee267a42 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -40,18 +40,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
file://qemu-guest-agent.init \
file://qemu-guest-agent.udev \
- file://CVE-2024-4467-0001.patch \
- file://CVE-2024-4467-0002.patch \
- file://CVE-2024-4467-0003.patch \
- file://CVE-2024-4467-0004.patch \
- file://CVE-2024-4467-0005.patch \
- file://CVE-2024-7409-0001.patch \
- file://CVE-2024-7409-0002.patch \
- file://CVE-2024-7409-0003.patch \
- file://CVE-2024-7409-0004.patch \
- file://0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch \
- file://0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch \
- file://0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -68,7 +56,7 @@ SRC_URI:append:class-native = " \
file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
"
-SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964"
+SRC_URI[sha256sum] = "1f0604f296ab9acb4854c054764a1ba408643fc299bd54a6500cccfaaca65b55"
CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch b/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
deleted file mode 100644
index 39a6a85162..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9 Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:31 -0300
-Subject: [PATCH 1/3] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
-
-KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using
-kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when
-running with TARGET_RISCV64. The most likely reason why no one noticed
-this is because we're not implementing kvm_cpu_synchronize_state() in
-RISC-V yet.
-
-Create a new helper that returns a KVM ID with u32 size and use it in
-RISCV_FP_F_REG().
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-2-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index c1675158fe..2eef2be86a 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
- return id;
- }
-
-+static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
-+{
-+ return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
-+}
-+
- #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
- KVM_REG_RISCV_CORE_REG(name))
-
-@@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
- #define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
- KVM_REG_RISCV_TIMER_REG(name))
-
--#define RISCV_FP_F_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, idx)
-+#define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
-
- #define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
-
-@@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
- if (riscv_has_ext(env, RVF)) {
- uint32_t reg;
- for (i = 0; i < 32; i++) {
-- ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
-+ ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), ®);
- if (ret) {
- return ret;
- }
-@@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
- uint32_t reg;
- for (i = 0; i < 32; i++) {
- reg = env->fpr[i];
-- ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
-+ ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), ®);
- if (ret) {
- return ret;
- }
---
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
deleted file mode 100644
index 9480d3e0b5..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 125b95d79e746cbab6b72683b3382dd372e38c61 Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:32 -0300
-Subject: [PATCH 2/3] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
-
-KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in
-RISCV_FP_D_REG() ends up encoding the wrong size if we're running with
-TARGET_RISCV32.
-
-Create a new helper that returns a KVM ID with u64 size and use it with
-RISCV_FP_D_REG().
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-3-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [125b95d79e746cbab6b72683b3382dd372e38c61]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index 2eef2be86a..82ed4455a5 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
- return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
- }
-
-+static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
-+{
-+ return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx;
-+}
-+
- #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
- KVM_REG_RISCV_CORE_REG(name))
-
-@@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
-
- #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
-
--#define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
-+#define RISCV_FP_D_REG(idx) kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx)
-
- #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
- do { \
-@@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
- if (riscv_has_ext(env, RVD)) {
- uint64_t reg;
- for (i = 0; i < 32; i++) {
-- ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
-+ ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), ®);
- if (ret) {
- return ret;
- }
-@@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
- uint64_t reg;
- for (i = 0; i < 32; i++) {
- reg = env->fpr[i];
-- ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
-+ ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), ®);
- if (ret) {
- return ret;
- }
---
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
deleted file mode 100644
index 1ea1bcfe70..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From cbae1080988e0f1af0fb4c816205f7647f6de16f Mon Sep 17 00:00:00 2001
-From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Date: Fri, 8 Dec 2023 15:38:33 -0300
-Subject: [PATCH 3/3] target/riscv/kvm: change timer regs size to u64
-
-KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at
-this moment we'll return u32 regs if we're running a RISCV32 target.
-
-Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it.
-
-Reported-by: Andrew Jones <ajones@ventanamicro.com>
-Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
-Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
-Message-ID: <20231208183835.2411523-4-dbarboza@ventanamicro.com>
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-
-Upstream-Status: Backport [cbae1080988e0f1af0fb4c816205f7647f6de16f]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- target/riscv/kvm/kvm-cpu.c | 26 +++++++++++++-------------
- 1 file changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
-index 82ed4455a5..ddbe820e10 100644
---- a/target/riscv/kvm/kvm-cpu.c
-+++ b/target/riscv/kvm/kvm-cpu.c
-@@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
- #define RISCV_CSR_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
- KVM_REG_RISCV_CSR_REG(name))
-
--#define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
-+#define RISCV_TIMER_REG(name) kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \
- KVM_REG_RISCV_TIMER_REG(name))
-
- #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
-@@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
- } \
- } while (0)
-
--#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
-+#define KVM_RISCV_GET_TIMER(cs, name, reg) \
- do { \
-- int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \
-+ int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), ®); \
- if (ret) { \
- abort(); \
- } \
- } while (0)
-
--#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
-+#define KVM_RISCV_SET_TIMER(cs, name, reg) \
- do { \
-- int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \
-+ int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), ®); \
- if (ret) { \
- abort(); \
- } \
-@@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs)
- return;
- }
-
-- KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
-- KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
-- KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
-- KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
-+ KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time);
-+ KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare);
-+ KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state);
-+ KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency);
-
- env->kvm_timer_dirty = true;
- }
-@@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
- return;
- }
-
-- KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
-- KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
-+ KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time);
-+ KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare);
-
- /*
- * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
-@@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
- * TODO If KVM changes, adapt here.
- */
- if (env->kvm_timer_state) {
-- KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
-+ KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state);
- }
-
- /*
-@@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
- * during the migration.
- */
- if (migration_is_running(migrate_get_current()->state)) {
-- KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
-+ KVM_RISCV_GET_TIMER(cs, frequency, reg);
- if (reg != env->kvm_timer_frequency) {
- error_report("Dst Hosts timer frequency != Src Hosts");
- }
---
-2.25.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
deleted file mode 100644
index dbcc71bb4e..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From bd385a5298d7062668e804d73944d52aec9549f1 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 08:29:04 +0000
-Subject: [PATCH] qcow2: Don't open data_file with BDRV_O_NO_IO
-
-One use case for 'qemu-img info' is verifying that untrusted images
-don't reference an unwanted external file, be it as a backing file or an
-external data file. To make sure that calling 'qemu-img info' can't
-already have undesired side effects with a malicious image, just don't
-open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
-I/O, we don't need to have it open.
-
-This changes the output of iotests case 061, which used 'qemu-img info'
-to show that opening an image with an invalid data file fails. After
-this patch, it succeeds. Replace this part of the test with a qemu-io
-call, but keep the final 'qemu-img info' to show that the invalid data
-file is correctly displayed in the output.
-
-Fixes: CVE-2024-4467
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4667
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block/qcow2.c | 17 ++++++++++++++++-
- tests/qemu-iotests/061 | 6 ++++--
- tests/qemu-iotests/061.out | 8 ++++++--
- 3 files changed, 26 insertions(+), 5 deletions(-)
-
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 13e032bd5..7af7c0bee 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
- goto fail;
- }
-
-- if (open_data_file) {
-+ if (open_data_file && (flags & BDRV_O_NO_IO)) {
-+ /*
-+ * Don't open the data file for 'qemu-img info' so that it can be used
-+ * to verify that an untrusted qcow2 image doesn't refer to external
-+ * files.
-+ *
-+ * Note: This still makes has_data_file() return true.
-+ */
-+ if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
-+ s->data_file = NULL;
-+ } else {
-+ s->data_file = bs->file;
-+ }
-+ qdict_extract_subqdict(options, NULL, "data-file.");
-+ qdict_del(options, "data-file");
-+ } else if (open_data_file) {
- /* Open external data file */
- bdrv_graph_co_rdunlock();
- s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs,
-diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061
-index 53c7d428e..b71ac097d 100755
---- a/tests/qemu-iotests/061
-+++ b/tests/qemu-iotests/061
-@@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
- echo
- _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M
- $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
-
- echo
- $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG"
--_img_info --format-specific
-+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
-+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io
- TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts
-
- echo
-diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out
-index 139fc6817..24c33add7 100644
---- a/tests/qemu-iotests/061.out
-+++ b/tests/qemu-iotests/061.out
-@@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
- qemu-img: data-file can only be set for images that use an external data file
-
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)
-@@ -560,7 +562,9 @@ Format specific information:
- corrupt: false
- extended l2: false
-
--qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image
-+qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image
-+read 4096/4096 bytes at offset 0
-+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- image: TEST_DIR/t.IMGFMT
- file format: IMGFMT
- virtual size: 64 MiB (67108864 bytes)
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
deleted file mode 100644
index 686176189c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 2eb42a728d27a43fdcad5f37d3f65706ce6deba5 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 09:35:24 +0000
-Subject: [PATCH] iotests/244: Don't store data-file with protocol in image
-
-We want to disable filename parsing for data files because it's too easy
-to abuse in malicious image files. Make the test ready for the change by
-passing the data file explicitly in command line options.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- tests/qemu-iotests/244 | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244
-index 3e61fa25b..bb9cc6512 100755
---- a/tests/qemu-iotests/244
-+++ b/tests/qemu-iotests/244
-@@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
- $QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
-
- # blkdebug doesn't support copy offloading, so this tests the error path
--$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG"
--$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
--$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
-+test_img_with_blkdebug="json:{
-+ 'driver': 'qcow2',
-+ 'file': {
-+ 'driver': 'file',
-+ 'filename': '$TEST_IMG'
-+ },
-+ 'data-file': {
-+ 'driver': 'blkdebug',
-+ 'image': {
-+ 'driver': 'file',
-+ 'filename': '$TEST_IMG.data'
-+ }
-+ }
-+}"
-+$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug"
-+$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug"
-
- echo
- echo "=== Flushing should flush the data file ==="
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
deleted file mode 100644
index 02611d6732..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 7e1110664ecbc4826f3c978ccb06b6c1bce823e6 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 16 Aug 2024 10:24:58 +0000
-Subject: [PATCH] iotests/270: Don't store data-file with json: prefix in image
-
-We want to disable filename parsing for data files because it's too easy
-to abuse in malicious image files. Make the test ready for the change by
-passing the data file explicitly in command line options.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- tests/qemu-iotests/270 | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270
-index 74352342d..c37b674aa 100755
---- a/tests/qemu-iotests/270
-+++ b/tests/qemu-iotests/270
-@@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \
- # "write" 2G of data without using any space.
- # (qemu-img create does not like it, though, because null-co does not
- # support image creation.)
--$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
-- "$TEST_IMG"
-+test_img_with_null_data="json:{
-+ 'driver': '$IMGFMT',
-+ 'file': {
-+ 'filename': '$TEST_IMG'
-+ },
-+ 'data-file': {
-+ 'driver': 'null-co',
-+ 'size':'4294967296'
-+ }
-+}"
-
- # This gives us a range of:
- # 2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31
-@@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
- # on L2 boundaries, we need large L2 tables; hence the cluster size of
- # 2 MB. (Anything from 256 kB should work, though, because then one L2
- # table covers 8 GB.)
--$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io
-+$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io
-
- _check_test_img
-
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
deleted file mode 100644
index 7568a453c4..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
+++ /dev/null
@@ -1,1187 +0,0 @@
-From 6bc30f19498547fac9cef98316a65cf6c1f14205 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Tue, 5 Dec 2023 13:20:02 -0500
-Subject: [PATCH] graph-lock: remove AioContext locking
-
-Stop acquiring/releasing the AioContext lock in
-bdrv_graph_wrlock()/bdrv_graph_unlock() since the lock no longer has any
-effect.
-
-The distinction between bdrv_graph_wrunlock() and
-bdrv_graph_wrunlock_ctx() becomes meaningless and they can be collapsed
-into one function.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Kevin Wolf <kwolf@redhat.com>
-Message-ID: <20231205182011.1976568-6-stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block.c | 50 +++++++++++++++---------------
- block/backup.c | 4 +--
- block/blklogwrites.c | 8 ++---
- block/blkverify.c | 4 +--
- block/block-backend.c | 11 +++----
- block/commit.c | 16 +++++-----
- block/graph-lock.c | 44 ++------------------------
- block/mirror.c | 22 ++++++-------
- block/qcow2.c | 4 +--
- block/quorum.c | 8 ++---
- block/replication.c | 14 ++++-----
- block/snapshot.c | 4 +--
- block/stream.c | 12 +++----
- block/vmdk.c | 20 ++++++------
- blockdev.c | 8 ++---
- blockjob.c | 12 +++----
- include/block/graph-lock.h | 21 ++-----------
- scripts/block-coroutine-wrapper.py | 4 +--
- tests/unit/test-bdrv-drain.c | 40 ++++++++++++------------
- tests/unit/test-bdrv-graph-mod.c | 20 ++++++------
- 20 files changed, 133 insertions(+), 193 deletions(-)
-
-diff --git a/block.c b/block.c
-index bfb0861ec..25e1ebc60 100644
---- a/block.c
-+++ b/block.c
-@@ -1708,12 +1708,12 @@ bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, const char *node_name,
- open_failed:
- bs->drv = NULL;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- if (bs->file != NULL) {
- bdrv_unref_child(bs, bs->file);
- assert(!bs->file);
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- g_free(bs->opaque);
- bs->opaque = NULL;
-@@ -3575,9 +3575,9 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
-
- bdrv_ref(drain_bs);
- bdrv_drained_begin(drain_bs);
-- bdrv_graph_wrlock(backing_hd);
-+ bdrv_graph_wrlock();
- ret = bdrv_set_backing_hd_drained(bs, backing_hd, errp);
-- bdrv_graph_wrunlock(backing_hd);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(drain_bs);
- bdrv_unref(drain_bs);
-
-@@ -3790,13 +3790,13 @@ BdrvChild *bdrv_open_child(const char *filename,
- return NULL;
- }
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- ctx = bdrv_get_aio_context(bs);
- aio_context_acquire(ctx);
- child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
- errp);
- aio_context_release(ctx);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- return child;
- }
-@@ -4650,9 +4650,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
- aio_context_release(ctx);
- }
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- tran_commit(tran);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
- BlockDriverState *bs = bs_entry->state.bs;
-@@ -4669,9 +4669,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
- goto cleanup;
-
- abort:
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- tran_abort(tran);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
- if (bs_entry->prepared) {
-@@ -4852,12 +4852,12 @@ bdrv_reopen_parse_file_or_backing(BDRVReopenState *reopen_state,
- }
-
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(new_child_bs);
-+ bdrv_graph_wrlock();
-
- ret = bdrv_set_file_or_backing_noperm(bs, new_child_bs, is_backing,
- tran, errp);
-
-- bdrv_graph_wrunlock_ctx(ctx);
-+ bdrv_graph_wrunlock();
-
- if (old_ctx != ctx) {
- aio_context_release(ctx);
-@@ -5209,14 +5209,14 @@ static void bdrv_close(BlockDriverState *bs)
- bs->drv = NULL;
- }
-
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- QLIST_FOREACH_SAFE(child, &bs->children, next, next) {
- bdrv_unref_child(bs, child);
- }
-
- assert(!bs->backing);
- assert(!bs->file);
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
-
- g_free(bs->opaque);
- bs->opaque = NULL;
-@@ -5509,9 +5509,9 @@ int bdrv_drop_filter(BlockDriverState *bs, Error **errp)
- bdrv_graph_rdunlock_main_loop();
-
- bdrv_drained_begin(child_bs);
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- ret = bdrv_replace_node_common(bs, child_bs, true, true, errp);
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(child_bs);
-
- return ret;
-@@ -5561,7 +5561,7 @@ int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
- aio_context_acquire(old_context);
- new_context = NULL;
-
-- bdrv_graph_wrlock(bs_top);
-+ bdrv_graph_wrlock();
-
- child = bdrv_attach_child_noperm(bs_new, bs_top, "backing",
- &child_of_bds, bdrv_backing_role(bs_new),
-@@ -5593,7 +5593,7 @@ out:
- tran_finalize(tran, ret);
-
- bdrv_refresh_limits(bs_top, NULL, NULL);
-- bdrv_graph_wrunlock(bs_top);
-+ bdrv_graph_wrunlock();
-
- bdrv_drained_end(bs_top);
- bdrv_drained_end(bs_new);
-@@ -5620,7 +5620,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
- bdrv_ref(old_bs);
- bdrv_drained_begin(old_bs);
- bdrv_drained_begin(new_bs);
-- bdrv_graph_wrlock(new_bs);
-+ bdrv_graph_wrlock();
-
- bdrv_replace_child_tran(child, new_bs, tran);
-
-@@ -5631,7 +5631,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
-
- tran_finalize(tran, ret);
-
-- bdrv_graph_wrunlock(new_bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(old_bs);
- bdrv_drained_end(new_bs);
- bdrv_unref(old_bs);
-@@ -5718,9 +5718,9 @@ BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict *options,
- bdrv_ref(bs);
- bdrv_drained_begin(bs);
- bdrv_drained_begin(new_node_bs);
-- bdrv_graph_wrlock(new_node_bs);
-+ bdrv_graph_wrlock();
- ret = bdrv_replace_node(bs, new_node_bs, errp);
-- bdrv_graph_wrunlock(new_node_bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(new_node_bs);
- bdrv_drained_end(bs);
- bdrv_unref(bs);
-@@ -5975,7 +5975,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
-
- bdrv_ref(top);
- bdrv_drained_begin(base);
-- bdrv_graph_wrlock(base);
-+ bdrv_graph_wrlock();
-
- if (!top->drv || !base->drv) {
- goto exit_wrlock;
-@@ -6015,7 +6015,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
- * That's a FIXME.
- */
- bdrv_replace_node_common(top, base, false, false, &local_err);
-- bdrv_graph_wrunlock(base);
-+ bdrv_graph_wrunlock();
-
- if (local_err) {
- error_report_err(local_err);
-@@ -6052,7 +6052,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
- goto exit;
-
- exit_wrlock:
-- bdrv_graph_wrunlock(base);
-+ bdrv_graph_wrunlock();
- exit:
- bdrv_drained_end(base);
- bdrv_unref(top);
-diff --git a/block/backup.c b/block/backup.c
-index 8aae5836d..ec29d6b81 100644
---- a/block/backup.c
-+++ b/block/backup.c
-@@ -496,10 +496,10 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- block_copy_set_speed(bcs, speed);
-
- /* Required permissions are taken by copy-before-write filter target */
-- bdrv_graph_wrlock(target);
-+ bdrv_graph_wrlock();
- block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
- &error_abort);
-- bdrv_graph_wrunlock(target);
-+ bdrv_graph_wrunlock();
-
- return &job->common;
-
-diff --git a/block/blklogwrites.c b/block/blklogwrites.c
-index 84e03f309..ba717dab4 100644
---- a/block/blklogwrites.c
-+++ b/block/blklogwrites.c
-@@ -251,9 +251,9 @@ static int blk_log_writes_open(BlockDriverState *bs, QDict *options, int flags,
- ret = 0;
- fail_log:
- if (ret < 0) {
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, s->log_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- s->log_file = NULL;
- }
- fail:
-@@ -265,10 +265,10 @@ static void blk_log_writes_close(BlockDriverState *bs)
- {
- BDRVBlkLogWritesState *s = bs->opaque;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, s->log_file);
- s->log_file = NULL;
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- }
-
- static int64_t coroutine_fn GRAPH_RDLOCK
-diff --git a/block/blkverify.c b/block/blkverify.c
-index 9b17c4664..ec45d8335 100644
---- a/block/blkverify.c
-+++ b/block/blkverify.c
-@@ -151,10 +151,10 @@ static void blkverify_close(BlockDriverState *bs)
- {
- BDRVBlkverifyState *s = bs->opaque;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, s->test_file);
- s->test_file = NULL;
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- }
-
- static int64_t coroutine_fn GRAPH_RDLOCK
-diff --git a/block/block-backend.c b/block/block-backend.c
-index 86315d62c..a2348b31e 100644
---- a/block/block-backend.c
-+++ b/block/block-backend.c
-@@ -885,7 +885,6 @@ void blk_remove_bs(BlockBackend *blk)
- {
- ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
- BdrvChild *root;
-- AioContext *ctx;
-
- GLOBAL_STATE_CODE();
-
-@@ -915,10 +914,9 @@ void blk_remove_bs(BlockBackend *blk)
- root = blk->root;
- blk->root = NULL;
-
-- ctx = bdrv_get_aio_context(root->bs);
-- bdrv_graph_wrlock(root->bs);
-+ bdrv_graph_wrlock();
- bdrv_root_unref_child(root);
-- bdrv_graph_wrunlock_ctx(ctx);
-+ bdrv_graph_wrunlock();
- }
-
- /*
-@@ -929,16 +927,15 @@ void blk_remove_bs(BlockBackend *blk)
- int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp)
- {
- ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
-- AioContext *ctx = bdrv_get_aio_context(bs);
-
- GLOBAL_STATE_CODE();
- bdrv_ref(bs);
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- blk->root = bdrv_root_attach_child(bs, "root", &child_root,
- BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
- blk->perm, blk->shared_perm,
- blk, errp);
-- bdrv_graph_wrunlock_ctx(ctx);
-+ bdrv_graph_wrunlock();
- if (blk->root == NULL) {
- return -EPERM;
- }
-diff --git a/block/commit.c b/block/commit.c
-index 69cc75be0..1dd7a65ff 100644
---- a/block/commit.c
-+++ b/block/commit.c
-@@ -100,9 +100,9 @@ static void commit_abort(Job *job)
- bdrv_graph_rdunlock_main_loop();
-
- bdrv_drained_begin(commit_top_backing_bs);
-- bdrv_graph_wrlock(commit_top_backing_bs);
-+ bdrv_graph_wrlock();
- bdrv_replace_node(s->commit_top_bs, commit_top_backing_bs, &error_abort);
-- bdrv_graph_wrunlock(commit_top_backing_bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(commit_top_backing_bs);
-
- bdrv_unref(s->commit_top_bs);
-@@ -339,7 +339,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
- * this is the responsibility of the interface (i.e. whoever calls
- * commit_start()).
- */
-- bdrv_graph_wrlock(top);
-+ bdrv_graph_wrlock();
- s->base_overlay = bdrv_find_overlay(top, base);
- assert(s->base_overlay);
-
-@@ -370,19 +370,19 @@ void commit_start(const char *job_id, BlockDriverState *bs,
- ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- iter_shared_perms, errp);
- if (ret < 0) {
-- bdrv_graph_wrunlock(top);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
- }
-
- if (bdrv_freeze_backing_chain(commit_top_bs, base, errp) < 0) {
-- bdrv_graph_wrunlock(top);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
- s->chain_frozen = true;
-
- ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp);
-- bdrv_graph_wrunlock(top);
-+ bdrv_graph_wrunlock();
-
- if (ret < 0) {
- goto fail;
-@@ -434,9 +434,9 @@ fail:
- * otherwise this would fail because of lack of permissions. */
- if (commit_top_bs) {
- bdrv_drained_begin(top);
-- bdrv_graph_wrlock(top);
-+ bdrv_graph_wrlock();
- bdrv_replace_node(commit_top_bs, top, &error_abort);
-- bdrv_graph_wrunlock(top);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(top);
- }
- }
-diff --git a/block/graph-lock.c b/block/graph-lock.c
-index 079e878d9..c81162b14 100644
---- a/block/graph-lock.c
-+++ b/block/graph-lock.c
-@@ -106,27 +106,12 @@ static uint32_t reader_count(void)
- return rd;
- }
-
--void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs)
-+void no_coroutine_fn bdrv_graph_wrlock(void)
- {
-- AioContext *ctx = NULL;
--
- GLOBAL_STATE_CODE();
- assert(!qatomic_read(&has_writer));
- assert(!qemu_in_coroutine());
-
-- /*
-- * Release only non-mainloop AioContext. The mainloop often relies on the
-- * BQL and doesn't lock the main AioContext before doing things.
-- */
-- if (bs) {
-- ctx = bdrv_get_aio_context(bs);
-- if (ctx != qemu_get_aio_context()) {
-- aio_context_release(ctx);
-- } else {
-- ctx = NULL;
-- }
-- }
--
- /* Make sure that constantly arriving new I/O doesn't cause starvation */
- bdrv_drain_all_begin_nopoll();
-
-@@ -155,27 +140,13 @@ void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs)
- } while (reader_count() >= 1);
-
- bdrv_drain_all_end();
--
-- if (ctx) {
-- aio_context_acquire(bdrv_get_aio_context(bs));
-- }
- }
-
--void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx)
-+void no_coroutine_fn bdrv_graph_wrunlock(void)
- {
- GLOBAL_STATE_CODE();
- assert(qatomic_read(&has_writer));
-
-- /*
-- * Release only non-mainloop AioContext. The mainloop often relies on the
-- * BQL and doesn't lock the main AioContext before doing things.
-- */
-- if (ctx && ctx != qemu_get_aio_context()) {
-- aio_context_release(ctx);
-- } else {
-- ctx = NULL;
-- }
--
- WITH_QEMU_LOCK_GUARD(&aio_context_list_lock) {
- /*
- * No need for memory barriers, this works in pair with
-@@ -197,17 +168,6 @@ void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx)
- * progress.
- */
- aio_bh_poll(qemu_get_aio_context());
--
-- if (ctx) {
-- aio_context_acquire(ctx);
-- }
--}
--
--void no_coroutine_fn bdrv_graph_wrunlock(BlockDriverState *bs)
--{
-- AioContext *ctx = bs ? bdrv_get_aio_context(bs) : NULL;
--
-- bdrv_graph_wrunlock_ctx(ctx);
- }
-
- void coroutine_fn bdrv_graph_co_rdlock(void)
-diff --git a/block/mirror.c b/block/mirror.c
-index abbddb39e..f9db6f0f7 100644
---- a/block/mirror.c
-+++ b/block/mirror.c
-@@ -768,7 +768,7 @@ static int mirror_exit_common(Job *job)
- * check for an op blocker on @to_replace, and we have our own
- * there.
- */
-- bdrv_graph_wrlock(target_bs);
-+ bdrv_graph_wrlock();
- if (bdrv_recurse_can_replace(src, to_replace)) {
- bdrv_replace_node(to_replace, target_bs, &local_err);
- } else {
-@@ -777,7 +777,7 @@ static int mirror_exit_common(Job *job)
- "would not lead to an abrupt change of visible data",
- to_replace->node_name, target_bs->node_name);
- }
-- bdrv_graph_wrunlock(target_bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(to_replace);
- if (local_err) {
- error_report_err(local_err);
-@@ -800,9 +800,9 @@ static int mirror_exit_common(Job *job)
- * valid.
- */
- block_job_remove_all_bdrv(bjob);
-- bdrv_graph_wrlock(mirror_top_bs);
-+ bdrv_graph_wrlock();
- bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
-- bdrv_graph_wrunlock(mirror_top_bs);
-+ bdrv_graph_wrunlock();
-
- bdrv_drained_end(target_bs);
- bdrv_unref(target_bs);
-@@ -1916,13 +1916,13 @@ static BlockJob *mirror_start_job(
- */
- bdrv_disable_dirty_bitmap(s->dirty_bitmap);
-
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- ret = block_job_add_bdrv(&s->common, "source", bs, 0,
- BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
- BLK_PERM_CONSISTENT_READ,
- errp);
- if (ret < 0) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
-
-@@ -1967,17 +1967,17 @@ static BlockJob *mirror_start_job(
- ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- iter_shared_perms, errp);
- if (ret < 0) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
- }
-
- if (bdrv_freeze_backing_chain(mirror_top_bs, target, errp) < 0) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
- }
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
-
- QTAILQ_INIT(&s->ops_in_flight);
-
-@@ -2003,12 +2003,12 @@ fail:
-
- bs_opaque->stop = true;
- bdrv_drained_begin(bs);
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- assert(mirror_top_bs->backing->bs == bs);
- bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
- &error_abort);
- bdrv_replace_node(mirror_top_bs, bs, &error_abort);
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(bs);
-
- bdrv_unref(mirror_top_bs);
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 7af7c0bee..77dd49d4f 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -2822,9 +2822,9 @@ qcow2_do_close(BlockDriverState *bs, bool close_data_file)
- if (close_data_file && has_data_file(bs)) {
- GLOBAL_STATE_CODE();
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, s->data_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- s->data_file = NULL;
- bdrv_graph_rdlock_main_loop();
- }
-diff --git a/block/quorum.c b/block/quorum.c
-index 505b8b3e1..db8fe891c 100644
---- a/block/quorum.c
-+++ b/block/quorum.c
-@@ -1037,14 +1037,14 @@ static int quorum_open(BlockDriverState *bs, QDict *options, int flags,
-
- close_exit:
- /* cleanup on error */
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- for (i = 0; i < s->num_children; i++) {
- if (!opened[i]) {
- continue;
- }
- bdrv_unref_child(bs, s->children[i]);
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- g_free(s->children);
- g_free(opened);
- exit:
-@@ -1057,11 +1057,11 @@ static void quorum_close(BlockDriverState *bs)
- BDRVQuorumState *s = bs->opaque;
- int i;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- for (i = 0; i < s->num_children; i++) {
- bdrv_unref_child(bs, s->children[i]);
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- g_free(s->children);
- }
-diff --git a/block/replication.c b/block/replication.c
-index 5ded5f1ca..424b537ff 100644
---- a/block/replication.c
-+++ b/block/replication.c
-@@ -560,7 +560,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
- return;
- }
-
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
-
- bdrv_ref(hidden_disk->bs);
- s->hidden_disk = bdrv_attach_child(bs, hidden_disk->bs, "hidden disk",
-@@ -568,7 +568,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
- &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- aio_context_release(aio_context);
- return;
- }
-@@ -579,7 +579,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
- BDRV_CHILD_DATA, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- aio_context_release(aio_context);
- return;
- }
-@@ -592,7 +592,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
- if (!top_bs || !bdrv_is_root_node(top_bs) ||
- !check_top_bs(top_bs, bs)) {
- error_setg(errp, "No top_bs or it is invalid");
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- reopen_backing_file(bs, false, NULL);
- aio_context_release(aio_context);
- return;
-@@ -600,7 +600,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
- bdrv_op_block_all(top_bs, s->blocker);
- bdrv_op_unblock(top_bs, BLOCK_OP_TYPE_DATAPLANE, s->blocker);
-
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
-
- s->backup_job = backup_job_create(
- NULL, s->secondary_disk->bs, s->hidden_disk->bs,
-@@ -691,12 +691,12 @@ static void replication_done(void *opaque, int ret)
- if (ret == 0) {
- s->stage = BLOCK_REPLICATION_DONE;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, s->secondary_disk);
- s->secondary_disk = NULL;
- bdrv_unref_child(bs, s->hidden_disk);
- s->hidden_disk = NULL;
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- s->error = 0;
- } else {
-diff --git a/block/snapshot.c b/block/snapshot.c
-index c4d40e80d..6fd720aef 100644
---- a/block/snapshot.c
-+++ b/block/snapshot.c
-@@ -292,9 +292,9 @@ int bdrv_snapshot_goto(BlockDriverState *bs,
- }
-
- /* .bdrv_open() will re-attach it */
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, fallback);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- ret = bdrv_snapshot_goto(fallback_bs, snapshot_id, errp);
- open_ret = drv->bdrv_open(bs, options, bs->open_flags, &local_err);
-diff --git a/block/stream.c b/block/stream.c
-index 01fe7c0f1..048c2d282 100644
---- a/block/stream.c
-+++ b/block/stream.c
-@@ -99,9 +99,9 @@ static int stream_prepare(Job *job)
- }
- }
-
-- bdrv_graph_wrlock(s->target_bs);
-+ bdrv_graph_wrlock();
- bdrv_set_backing_hd_drained(unfiltered_bs, base, &local_err);
-- bdrv_graph_wrunlock(s->target_bs);
-+ bdrv_graph_wrunlock();
-
- /*
- * This call will do I/O, so the graph can change again from here on.
-@@ -366,10 +366,10 @@ void stream_start(const char *job_id, BlockDriverState *bs,
- * already have our own plans. Also don't allow resize as the image size is
- * queried only at the job start and then cached.
- */
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
- if (block_job_add_bdrv(&s->common, "active node", bs, 0,
- basic_flags | BLK_PERM_WRITE, errp)) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
-
-@@ -389,11 +389,11 @@ void stream_start(const char *job_id, BlockDriverState *bs,
- ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- basic_flags, errp);
- if (ret < 0) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- goto fail;
- }
- }
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
-
- s->base_overlay = base_overlay;
- s->above_base = above_base;
-diff --git a/block/vmdk.c b/block/vmdk.c
-index d6971c706..bf78e1238 100644
---- a/block/vmdk.c
-+++ b/block/vmdk.c
-@@ -272,7 +272,7 @@ static void vmdk_free_extents(BlockDriverState *bs)
- BDRVVmdkState *s = bs->opaque;
- VmdkExtent *e;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- for (i = 0; i < s->num_extents; i++) {
- e = &s->extents[i];
- g_free(e->l1_table);
-@@ -283,7 +283,7 @@ static void vmdk_free_extents(BlockDriverState *bs)
- bdrv_unref_child(bs, e->file);
- }
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- g_free(s->extents);
- }
-@@ -1247,9 +1247,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
- 0, 0, 0, 0, 0, &extent, errp);
- if (ret < 0) {
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, extent_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- bdrv_graph_rdlock_main_loop();
- goto out;
- }
-@@ -1266,9 +1266,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
- g_free(buf);
- if (ret) {
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, extent_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- bdrv_graph_rdlock_main_loop();
- goto out;
- }
-@@ -1277,9 +1277,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
- ret = vmdk_open_se_sparse(bs, extent_file, bs->open_flags, errp);
- if (ret) {
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, extent_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- bdrv_graph_rdlock_main_loop();
- goto out;
- }
-@@ -1287,9 +1287,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options,
- } else {
- error_setg(errp, "Unsupported extent type '%s'", type);
- bdrv_graph_rdunlock_main_loop();
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(bs, extent_file);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- bdrv_graph_rdlock_main_loop();
- ret = -ENOTSUP;
- goto out;
-diff --git a/blockdev.c b/blockdev.c
-index c91f49e7b..9e1381169 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -1611,9 +1611,9 @@ static void external_snapshot_abort(void *opaque)
- }
-
- bdrv_drained_begin(state->new_bs);
-- bdrv_graph_wrlock(state->old_bs);
-+ bdrv_graph_wrlock();
- bdrv_replace_node(state->new_bs, state->old_bs, &error_abort);
-- bdrv_graph_wrunlock(state->old_bs);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(state->new_bs);
-
- bdrv_unref(state->old_bs); /* bdrv_replace_node() ref'ed old_bs */
-@@ -3657,7 +3657,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child,
- BlockDriverState *parent_bs, *new_bs = NULL;
- BdrvChild *p_child;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
-
- parent_bs = bdrv_lookup_bs(parent, parent, errp);
- if (!parent_bs) {
-@@ -3693,7 +3693,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child,
- }
-
- out:
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- }
-
- BlockJobInfoList *qmp_query_block_jobs(Error **errp)
-diff --git a/blockjob.c b/blockjob.c
-index b7a29052b..731041231 100644
---- a/blockjob.c
-+++ b/blockjob.c
-@@ -199,7 +199,7 @@ void block_job_remove_all_bdrv(BlockJob *job)
- * to process an already freed BdrvChild.
- */
- aio_context_release(job->job.aio_context);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- aio_context_acquire(job->job.aio_context);
- while (job->nodes) {
- GSList *l = job->nodes;
-@@ -212,7 +212,7 @@ void block_job_remove_all_bdrv(BlockJob *job)
-
- g_slist_free_1(l);
- }
-- bdrv_graph_wrunlock_ctx(job->job.aio_context);
-+ bdrv_graph_wrunlock();
- }
-
- bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs)
-@@ -514,7 +514,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
- int ret;
- GLOBAL_STATE_CODE();
-
-- bdrv_graph_wrlock(bs);
-+ bdrv_graph_wrlock();
-
- if (job_id == NULL && !(flags & JOB_INTERNAL)) {
- job_id = bdrv_get_device_name(bs);
-@@ -523,7 +523,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
- job = job_create(job_id, &driver->job_driver, txn, bdrv_get_aio_context(bs),
- flags, cb, opaque, errp);
- if (job == NULL) {
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- return NULL;
- }
-
-@@ -563,11 +563,11 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
- goto fail;
- }
-
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- return job;
-
- fail:
-- bdrv_graph_wrunlock(bs);
-+ bdrv_graph_wrunlock();
- job_early_fail(&job->job);
- return NULL;
- }
-diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h
-index 22b5db1ed..d7545e82d 100644
---- a/include/block/graph-lock.h
-+++ b/include/block/graph-lock.h
-@@ -110,34 +110,17 @@ void unregister_aiocontext(AioContext *ctx);
- *
- * The wrlock can only be taken from the main loop, with BQL held, as only the
- * main loop is allowed to modify the graph.
-- *
-- * If @bs is non-NULL, its AioContext is temporarily released.
-- *
-- * This function polls. Callers must not hold the lock of any AioContext other
-- * than the current one and the one of @bs.
- */
- void no_coroutine_fn TSA_ACQUIRE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrlock(BlockDriverState *bs);
-+bdrv_graph_wrlock(void);
-
- /*
- * bdrv_graph_wrunlock:
- * Write finished, reset global has_writer to 0 and restart
- * all readers that are waiting.
-- *
-- * If @bs is non-NULL, its AioContext is temporarily released.
-- */
--void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrunlock(BlockDriverState *bs);
--
--/*
-- * bdrv_graph_wrunlock_ctx:
-- * Write finished, reset global has_writer to 0 and restart
-- * all readers that are waiting.
-- *
-- * If @ctx is non-NULL, its lock is temporarily released.
- */
- void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA
--bdrv_graph_wrunlock_ctx(AioContext *ctx);
-+bdrv_graph_wrunlock(void);
-
- /*
- * bdrv_graph_co_rdlock:
-diff --git a/scripts/block-coroutine-wrapper.py b/scripts/block-coroutine-wrapper.py
-index a38e5833f..38364fa55 100644
---- a/scripts/block-coroutine-wrapper.py
-+++ b/scripts/block-coroutine-wrapper.py
-@@ -261,8 +261,8 @@ def gen_no_co_wrapper(func: FuncDecl) -> str:
- graph_lock=' bdrv_graph_rdlock_main_loop();'
- graph_unlock=' bdrv_graph_rdunlock_main_loop();'
- elif func.graph_wrlock:
-- graph_lock=' bdrv_graph_wrlock(NULL);'
-- graph_unlock=' bdrv_graph_wrunlock(NULL);'
-+ graph_lock=' bdrv_graph_wrlock();'
-+ graph_unlock=' bdrv_graph_wrunlock();'
-
- return f"""\
- /*
-diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c
-index 704d1a3f3..d9754dfeb 100644
---- a/tests/unit/test-bdrv-drain.c
-+++ b/tests/unit/test-bdrv-drain.c
-@@ -807,9 +807,9 @@ static void test_blockjob_common_drain_node(enum drain_type drain_type,
- tjob->bs = src;
- job = &tjob->common;
-
-- bdrv_graph_wrlock(target);
-+ bdrv_graph_wrlock();
- block_job_add_bdrv(job, "target", target, 0, BLK_PERM_ALL, &error_abort);
-- bdrv_graph_wrunlock(target);
-+ bdrv_graph_wrunlock();
-
- switch (result) {
- case TEST_JOB_SUCCESS:
-@@ -991,11 +991,11 @@ static void bdrv_test_top_close(BlockDriverState *bs)
- {
- BdrvChild *c, *next_c;
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- QLIST_FOREACH_SAFE(c, &bs->children, next, next_c) {
- bdrv_unref_child(bs, c);
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- }
-
- static int coroutine_fn GRAPH_RDLOCK
-@@ -1085,10 +1085,10 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete,
-
- null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
- &error_abort);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds,
- BDRV_CHILD_DATA, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- /* This child will be the one to pass to requests through to, and
- * it will stall until a drain occurs */
-@@ -1096,21 +1096,21 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete,
- &error_abort);
- child_bs->total_sectors = 65536 >> BDRV_SECTOR_BITS;
- /* Takes our reference to child_bs */
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- tts->wait_child = bdrv_attach_child(bs, child_bs, "wait-child",
- &child_of_bds,
- BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY,
- &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- /* This child is just there to be deleted
- * (for detach_instead_of_delete == true) */
- null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
- &error_abort);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA,
- &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- blk = blk_new(qemu_get_aio_context(), BLK_PERM_ALL, BLK_PERM_ALL);
- blk_insert_bs(blk, bs, &error_abort);
-@@ -1193,14 +1193,14 @@ static void no_coroutine_fn detach_indirect_bh(void *opaque)
-
- bdrv_dec_in_flight(data->child_b->bs);
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_unref_child(data->parent_b, data->child_b);
-
- bdrv_ref(data->c);
- data->child_c = bdrv_attach_child(data->parent_b, data->c, "PB-C",
- &child_of_bds, BDRV_CHILD_DATA,
- &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- }
-
- static void coroutine_mixed_fn detach_by_parent_aio_cb(void *opaque, int ret)
-@@ -1298,7 +1298,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb)
- /* Set child relationships */
- bdrv_ref(b);
- bdrv_ref(a);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- child_b = bdrv_attach_child(parent_b, b, "PB-B", &child_of_bds,
- BDRV_CHILD_DATA, &error_abort);
- child_a = bdrv_attach_child(parent_b, a, "PB-A", &child_of_bds,
-@@ -1308,7 +1308,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb)
- bdrv_attach_child(parent_a, a, "PA-A",
- by_parent_cb ? &child_of_bds : &detach_by_driver_cb_class,
- BDRV_CHILD_DATA, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- g_assert_cmpint(parent_a->refcnt, ==, 1);
- g_assert_cmpint(parent_b->refcnt, ==, 1);
-@@ -1727,7 +1727,7 @@ static void test_drop_intermediate_poll(void)
- * Establish the chain last, so the chain links are the first
- * elements in the BDS.parents lists
- */
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- for (i = 0; i < 3; i++) {
- if (i) {
- /* Takes the reference to chain[i - 1] */
-@@ -1735,7 +1735,7 @@ static void test_drop_intermediate_poll(void)
- &chain_child_class, BDRV_CHILD_COW, &error_abort);
- }
- }
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- job = block_job_create("job", &test_simple_job_driver, NULL, job_node,
- 0, BLK_PERM_ALL, 0, 0, NULL, NULL, &error_abort);
-@@ -1982,10 +1982,10 @@ static void do_test_replace_child_mid_drain(int old_drain_count,
- new_child_bs->total_sectors = 1;
-
- bdrv_ref(old_child_bs);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds,
- BDRV_CHILD_COW, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- parent_s->setup_completed = true;
-
- for (i = 0; i < old_drain_count; i++) {
-@@ -2016,9 +2016,9 @@ static void do_test_replace_child_mid_drain(int old_drain_count,
- g_assert(parent_bs->quiesce_counter == old_drain_count);
- bdrv_drained_begin(old_child_bs);
- bdrv_drained_begin(new_child_bs);
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_replace_node(old_child_bs, new_child_bs, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- bdrv_drained_end(new_child_bs);
- bdrv_drained_end(old_child_bs);
- g_assert(parent_bs->quiesce_counter == new_drain_count);
-diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c
-index 074adcbb9..8ee6ef38d 100644
---- a/tests/unit/test-bdrv-graph-mod.c
-+++ b/tests/unit/test-bdrv-graph-mod.c
-@@ -137,10 +137,10 @@ static void test_update_perm_tree(void)
-
- blk_insert_bs(root, bs, &error_abort);
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(filter, bs, "child", &child_of_bds,
- BDRV_CHILD_DATA, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- aio_context_acquire(qemu_get_aio_context());
- ret = bdrv_append(filter, bs, NULL);
-@@ -206,11 +206,11 @@ static void test_should_update_child(void)
-
- bdrv_set_backing_hd(target, bs, &error_abort);
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- g_assert(target->backing->bs == bs);
- bdrv_attach_child(filter, target, "target", &child_of_bds,
- BDRV_CHILD_DATA, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
- aio_context_acquire(qemu_get_aio_context());
- bdrv_append(filter, bs, &error_abort);
- aio_context_release(qemu_get_aio_context());
-@@ -248,7 +248,7 @@ static void test_parallel_exclusive_write(void)
- bdrv_ref(base);
- bdrv_ref(fl1);
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(top, fl1, "backing", &child_of_bds,
- BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
- &error_abort);
-@@ -260,7 +260,7 @@ static void test_parallel_exclusive_write(void)
- &error_abort);
-
- bdrv_replace_node(fl1, fl2, &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- bdrv_drained_end(fl2);
- bdrv_drained_end(fl1);
-@@ -367,7 +367,7 @@ static void test_parallel_perm_update(void)
- */
- bdrv_ref(base);
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(top, ws, "file", &child_of_bds, BDRV_CHILD_DATA,
- &error_abort);
- c_fl1 = bdrv_attach_child(ws, fl1, "first", &child_of_bds,
-@@ -380,7 +380,7 @@ static void test_parallel_perm_update(void)
- bdrv_attach_child(fl2, base, "backing", &child_of_bds,
- BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
- &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- /* Select fl1 as first child to be active */
- s->selected = c_fl1;
-@@ -434,11 +434,11 @@ static void test_append_greedy_filter(void)
- BlockDriverState *base = no_perm_node("base");
- BlockDriverState *fl = exclusive_writer_node("fl1");
-
-- bdrv_graph_wrlock(NULL);
-+ bdrv_graph_wrlock();
- bdrv_attach_child(top, base, "backing", &child_of_bds,
- BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY,
- &error_abort);
-- bdrv_graph_wrunlock(NULL);
-+ bdrv_graph_wrunlock();
-
- aio_context_acquire(qemu_get_aio_context());
- bdrv_append(fl, base, &error_abort);
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
deleted file mode 100644
index bcdd0fbed8..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 7ead946998610657d38d1a505d5f25300d4ca613 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 25 Apr 2024 14:56:02 +0000
-Subject: [PATCH] block: Parse filenames only when explicitly requested
-
-When handling image filenames from legacy options such as -drive or from
-tools, these filenames are parsed for protocol prefixes, including for
-the json:{} pseudo-protocol.
-
-This behaviour is intended for filenames that come directly from the
-command line and for backing files, which may come from the image file
-itself. Higher level management tools generally take care to verify that
-untrusted images don't contain a bad (or any) backing file reference;
-'qemu-img info' is a suitable tool for this.
-
-However, for other files that can be referenced in images, such as
-qcow2 data files or VMDK extents, the string from the image file is
-usually not verified by management tools - and 'qemu-img info' wouldn't
-be suitable because in contrast to backing files, it already opens these
-other referenced files. So here the string should be interpreted as a
-literal local filename. More complex configurations need to be specified
-explicitly on the command line or in QMP...
-
-CVE: CVE-2024-4467
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
----
- block.c | 94 ++++++++++++++++++++++++++++++++++-----------------------
- 1 file changed, 57 insertions(+), 37 deletions(-)
-
-diff --git a/block.c b/block.c
-index 25e1ebc60..f3cb32cd7 100644
---- a/block.c
-+++ b/block.c
-@@ -86,6 +86,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
- BlockDriverState *parent,
- const BdrvChildClass *child_class,
- BdrvChildRole child_role,
-+ bool parse_filename,
- Error **errp);
-
- static bool bdrv_recurse_has_child(BlockDriverState *bs,
-@@ -2047,7 +2048,8 @@ static void parse_json_protocol(QDict *options, const char **pfilename,
- * block driver has been specified explicitly.
- */
- static int bdrv_fill_options(QDict **options, const char *filename,
-- int *flags, Error **errp)
-+ int *flags, bool allow_parse_filename,
-+ Error **errp)
- {
- const char *drvname;
- bool protocol = *flags & BDRV_O_PROTOCOL;
-@@ -2089,7 +2091,7 @@ static int bdrv_fill_options(QDict **options, const char *filename,
- if (protocol && filename) {
- if (!qdict_haskey(*options, "filename")) {
- qdict_put_str(*options, "filename", filename);
-- parse_filename = true;
-+ parse_filename = allow_parse_filename;
- } else {
- error_setg(errp, "Can't specify 'file' and 'filename' options at "
- "the same time");
-@@ -3675,7 +3677,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
- }
-
- backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
-- &child_of_bds, bdrv_backing_role(bs), errp);
-+ &child_of_bds, bdrv_backing_role(bs), true,
-+ errp);
- if (!backing_hd) {
- bs->open_flags |= BDRV_O_NO_BACKING;
- error_prepend(errp, "Could not open backing file: ");
-@@ -3712,7 +3715,8 @@ free_exit:
- static BlockDriverState *
- bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
- BlockDriverState *parent, const BdrvChildClass *child_class,
-- BdrvChildRole child_role, bool allow_none, Error **errp)
-+ BdrvChildRole child_role, bool allow_none,
-+ bool parse_filename, Error **errp)
- {
- BlockDriverState *bs = NULL;
- QDict *image_options;
-@@ -3743,7 +3747,8 @@ bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
- }
-
- bs = bdrv_open_inherit(filename, reference, image_options, 0,
-- parent, child_class, child_role, errp);
-+ parent, child_class, child_role, parse_filename,
-+ errp);
- if (!bs) {
- goto done;
- }
-@@ -3753,6 +3758,33 @@ done:
- return bs;
- }
-
-+static BdrvChild *bdrv_open_child_common(const char *filename,
-+ QDict *options, const char *bdref_key,
-+ BlockDriverState *parent,
-+ const BdrvChildClass *child_class,
-+ BdrvChildRole child_role,
-+ bool allow_none, bool parse_filename,
-+ Error **errp)
-+{
-+ BlockDriverState *bs;
-+ BdrvChild *child;
-+
-+ GLOBAL_STATE_CODE();
-+
-+ bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
-+ child_role, allow_none, parse_filename, errp);
-+ if (bs == NULL) {
-+ return NULL;
-+ }
-+
-+ bdrv_graph_wrlock();
-+ child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
-+ errp);
-+ bdrv_graph_wrunlock();
-+
-+ return child;
-+}
-+
- /*
- * Opens a disk image whose options are given as BlockdevRef in another block
- * device's options.
-@@ -3778,31 +3810,15 @@ BdrvChild *bdrv_open_child(const char *filename,
- BdrvChildRole child_role,
- bool allow_none, Error **errp)
- {
-- BlockDriverState *bs;
-- BdrvChild *child;
-- AioContext *ctx;
--
-- GLOBAL_STATE_CODE();
--
-- bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
-- child_role, allow_none, errp);
-- if (bs == NULL) {
-- return NULL;
-- }
--
-- bdrv_graph_wrlock();
-- ctx = bdrv_get_aio_context(bs);
-- aio_context_acquire(ctx);
-- child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
-- errp);
-- aio_context_release(ctx);
-- bdrv_graph_wrunlock();
--
-- return child;
-+ return bdrv_open_child_common(filename, options, bdref_key, parent,
-+ child_class, child_role, allow_none, false,
-+ errp);
- }
-
- /*
-- * Wrapper on bdrv_open_child() for most popular case: open primary child of bs.
-+ * This does mostly the same as bdrv_open_child(), but for opening the primary
-+ * child of a node. A notable difference from bdrv_open_child() is that it
-+ * enables filename parsing for protocol names (including json:).
- *
- * The caller must hold the lock of the main AioContext and no other AioContext.
- * @parent can move to a different AioContext in this function. Callers must
-@@ -3819,8 +3835,8 @@ int bdrv_open_file_child(const char *filename,
- role = parent->drv->is_filter ?
- (BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY) : BDRV_CHILD_IMAGE;
-
-- if (!bdrv_open_child(filename, options, bdref_key, parent,
-- &child_of_bds, role, false, errp))
-+ if (!bdrv_open_child_common(filename, options, bdref_key, parent,
-+ &child_of_bds, role, false, true, errp))
- {
- return -EINVAL;
- }
-@@ -3865,7 +3881,8 @@ BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
-
- }
-
-- bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
-+ bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, false,
-+ errp);
- obj = NULL;
- qobject_unref(obj);
- visit_free(v);
-@@ -3962,7 +3979,7 @@ static BlockDriverState * no_coroutine_fn
- bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
- int flags, BlockDriverState *parent,
- const BdrvChildClass *child_class, BdrvChildRole child_role,
-- Error **errp)
-+ bool parse_filename, Error **errp)
- {
- int ret;
- BlockBackend *file = NULL;
-@@ -4011,9 +4028,11 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
- }
-
- /* json: syntax counts as explicit options, as if in the QDict */
-- parse_json_protocol(options, &filename, &local_err);
-- if (local_err) {
-- goto fail;
-+ if (parse_filename) {
-+ parse_json_protocol(options, &filename, &local_err);
-+ if (local_err) {
-+ goto fail;
-+ }
- }
-
- bs->explicit_options = qdict_clone_shallow(options);
-@@ -4038,7 +4057,8 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
- parent->open_flags, parent->options);
- }
-
-- ret = bdrv_fill_options(&options, filename, &flags, &local_err);
-+ ret = bdrv_fill_options(&options, filename, &flags, parse_filename,
-+ &local_err);
- if (ret < 0) {
- goto fail;
- }
-@@ -4107,7 +4127,7 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options,
-
- file_bs = bdrv_open_child_bs(filename, options, "file", bs,
- &child_of_bds, BDRV_CHILD_IMAGE,
-- true, &local_err);
-+ true, true, &local_err);
- if (local_err) {
- goto fail;
- }
-@@ -4270,7 +4290,7 @@ BlockDriverState *bdrv_open(const char *filename, const char *reference,
- GLOBAL_STATE_CODE();
-
- return bdrv_open_inherit(filename, reference, options, flags, NULL,
-- NULL, 0, errp);
-+ NULL, 0, true, errp);
- }
-
- /* Return true if the NULL-terminated @list contains @str */
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
deleted file mode 100644
index 631e93a6d2..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From fb1c2aaa981e0a2fa6362c9985f1296b74f055ac Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 08:50:01 -0500
-Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add()
-
-Upcoming patches to fix a CVE need to track an opaque pointer passed
-in by the owner of a client object, as well as request for a time
-limit on how fast negotiation must complete. Prepare for that by
-changing the signature of nbd_client_new() and adding an accessor to
-get at the opaque pointer, although for now the two servers
-(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though
-they pass in a new default timeout value.
-
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-11-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- blockdev-nbd.c | 6 ++++--
- include/block/nbd.h | 11 ++++++++++-
- nbd/server.c | 20 +++++++++++++++++---
- qemu-nbd.c | 4 +++-
- 4 files changed, 34 insertions(+), 7 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 213012435..267a1de90 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed);
-+ /* TODO - expose handshake timeout as QMP option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ nbd_server->tlscreds, nbd_server->tlsauthz,
-+ nbd_blockdev_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 4e7bd6342..1d4d65922 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts;
-
- extern const BlockExportDriver blk_exp_nbd;
-
-+/*
-+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must
-+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow.
-+ */
-+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp);
- NBDExport *nbd_export_find(const char *name);
-
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool));
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner);
-+void *nbd_client_owner(NBDClient *client);
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
-
-diff --git a/nbd/server.c b/nbd/server.c
-index 091b57119..f8881936e 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -124,12 +124,14 @@ struct NBDMetaContexts {
- struct NBDClient {
- int refcount; /* atomic */
- void (*close_fn)(NBDClient *client, bool negotiated);
-+ void *owner;
-
- QemuMutex lock;
-
- NBDExport *exp;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
-+ uint32_t handshake_max_secs;
- QIOChannelSocket *sioc; /* The underlying data channel */
- QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */
-
-@@ -3160,6 +3162,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-
- qemu_co_mutex_init(&client->send_lock);
-
-+ /* TODO - utilize client->handshake_max_secs */
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
-@@ -3174,14 +3177,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- }
-
- /*
-- * Create a new client listener using the given channel @sioc.
-+ * Create a new client listener using the given channel @sioc and @owner.
- * Begin servicing it in a coroutine. When the connection closes, call
-- * @close_fn with an indication of whether the client completed negotiation.
-+ * @close_fn with an indication of whether the client completed negotiation
-+ * within @handshake_max_secs seconds (0 for unbounded).
- */
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool))
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner)
- {
- NBDClient *client;
- Coroutine *co;
-@@ -3194,13 +3200,21 @@ void nbd_client_new(QIOChannelSocket *sioc,
- object_ref(OBJECT(client->tlscreds));
- }
- client->tlsauthz = g_strdup(tlsauthz);
-+ client->handshake_max_secs = handshake_max_secs;
- client->sioc = sioc;
- qio_channel_set_delay(QIO_CHANNEL(sioc), false);
- object_ref(OBJECT(client->sioc));
- client->ioc = QIO_CHANNEL(sioc);
- object_ref(OBJECT(client->ioc));
- client->close_fn = close_fn;
-+ client->owner = owner;
-
- co = qemu_coroutine_create(nbd_co_client_start, client);
- qemu_coroutine_enter(co);
- }
-+
-+void *
-+nbd_client_owner(NBDClient *client)
-+{
-+ return client->owner;
-+}
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 186e6468b..5fa399c0b 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -389,7 +389,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
- nb_fds++;
- nbd_update_server_watch();
-- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
-+ /* TODO - expose handshake timeout as command line option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ tlscreds, tlsauthz, nbd_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(void)
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
deleted file mode 100644
index ca8ef0b44d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From c8a76dbd90c2f48df89b75bef74917f90a59b623 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Tue, 6 Aug 2024 13:53:00 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100
-
-Allowing an unlimited number of clients to any web service is a recipe
-for a rudimentary denial of service attack: the client merely needs to
-open lots of sockets without closing them, until qemu no longer has
-any more fds available to allocate.
-
-For qemu-nbd, we default to allowing only 1 connection unless more are
-explicitly asked for (-e or --shared); this was historically picked as
-a nice default (without an explicit -t, a non-persistent qemu-nbd goes
-away after a client disconnects, without needing any additional
-follow-up commands), and we are not going to change that interface now
-(besides, someday we want to point people towards qemu-storage-daemon
-instead of qemu-nbd).
-
-But for qemu proper, and the newer qemu-storage-daemon, the QMP
-nbd-server-start command has historically had a default of unlimited
-number of connections, in part because unlike qemu-nbd it is
-inherently persistent until nbd-server-stop. Allowing multiple client
-sockets is particularly useful for clients that can take advantage of
-MULTI_CONN (creating parallel sockets to increase throughput),
-although known clients that do so (such as libnbd's nbdcopy) typically
-use only 8 or 16 connections (the benefits of scaling diminish once
-more sockets are competing for kernel attention). Picking a number
-large enough for typical use cases, but not unlimited, makes it
-slightly harder for a malicious client to perform a denial of service
-merely by opening lots of connections withot progressing through the
-handshake.
-
-This change does not eliminate CVE-2024-7409 on its own, but reduces
-the chance for fd exhaustion or unlimited memory usage as an attack
-surface. On the other hand, by itself, it makes it more obvious that
-with a finite limit, we have the problem of an unauthenticated client
-holding 100 fds opened as a way to block out a legitimate client from
-being able to connect; thus, later patches will further add timeouts
-to reject clients that are not making progress.
-
-This is an INTENTIONAL change in behavior, and will break any client
-of nbd-server-start that was not passing an explicit max-connections
-parameter, yet expects more than 100 simultaneous connections. We are
-not aware of any such client (as stated above, most clients aware of
-MULTI_CONN get by just fine on 8 or 16 connections, and probably cope
-with later connections failing by relying on the earlier connections;
-libvirt has not yet been passing max-connections, but generally
-creates NBD servers with the intent for a single client for the sake
-of live storage migration; meanwhile, the KubeSAN project anticipates
-a large cluster sharing multiple clients [up to 8 per node, and up to
-100 nodes in a cluster], but it currently uses qemu-nbd with an
-explicit --shared=0 rather than qemu-storage-daemon with
-nbd-server-start).
-
-We considered using a deprecation period (declare that omitting
-max-parameters is deprecated, and make it mandatory in 3 releases -
-then we don't need to pick an arbitrary default); that has zero risk
-of breaking any apps that accidentally depended on more than 100
-connections, and where such breakage might not be noticed under unit
-testing but only under the larger loads of production usage. But it
-does not close the denial-of-service hole until far into the future,
-and requires all apps to change to add the parameter even if 100 was
-good enough. It also has a drawback that any app (like libvirt) that
-is accidentally relying on an unlimited default should seriously
-consider their own CVE now, at which point they are going to change to
-pass explicit max-connections sooner than waiting for 3 qemu releases.
-Finally, if our changed default breaks an app, that app can always
-pass in an explicit max-parameters with a larger value.
-
-It is also intentional that the HMP interface to nbd-server-start is
-not changed to expose max-connections (any client needing to fine-tune
-things should be using QMP).
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-12-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[ericb: Expand commit message to summarize Dan's argument for why we
-break corner-case back-compat behavior without a deprecation period]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- block/monitor/block-hmp-cmds.c | 3 ++-
- blockdev-nbd.c | 8 ++++++++
- include/block/nbd.h | 7 +++++++
- qapi/block-export.json | 4 ++--
- 4 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index c729cbf1e..78a697585 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -415,7 +415,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
- goto exit;
- }
-
-- nbd_server_start(addr, NULL, NULL, 0, &local_err);
-+ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS,
-+ &local_err);
- qapi_free_SocketAddress(addr);
- if (local_err != NULL) {
- goto exit;
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 267a1de90..24ba5382d 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
-
- void nbd_server_start_options(NbdServerOptions *arg, Error **errp)
- {
-+ if (!arg->has_max_connections) {
-+ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz,
- arg->max_connections, errp);
- }
-@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr,
- {
- SocketAddress *addr_flat = socket_address_flatten(addr);
-
-+ if (!has_max_connections) {
-+ max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp);
- qapi_free_SocketAddress(addr_flat);
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 1d4d65922..d4f8b21ae 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd;
- */
- #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-
-+/*
-+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at
-+ * once; must be large enough to allow a MULTI_CONN-aware client like
-+ * nbdcopy to create its typical number of 8-16 sockets.
-+ */
-+#define NBD_DEFAULT_MAX_CONNECTIONS 100
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-diff --git a/qapi/block-export.json b/qapi/block-export.json
-index 7874a49ba..1d255d77e 100644
---- a/qapi/block-export.json
-+++ b/qapi/block-export.json
-@@ -28,7 +28,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0)
-+# default: 100)
- #
- # Since: 4.2
- ##
-@@ -63,7 +63,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0).
-+# default: 100).
- #
- # Returns: error if the server is already running.
- #
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
deleted file mode 100644
index b2b9b15c54..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From b9b72cb3ce15b693148bd09cef7e50110566d8a0 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Aug 2024 16:05:08 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients
-
-A client that opens a socket but does not negotiate is merely hogging
-qemu's resources (an open fd and a small amount of memory); and a
-malicious client that can access the port where NBD is listening can
-attempt a denial of service attack by intentionally opening and
-abandoning lots of unfinished connections. The previous patch put a
-default bound on the number of such ongoing connections, but once that
-limit is hit, no more clients can connect (including legitimate ones).
-The solution is to insist that clients complete handshake within a
-reasonable time limit, defaulting to 10 seconds. A client that has
-not successfully completed NBD_OPT_GO by then (including the case of
-where the client didn't know TLS credentials to even reach the point
-of NBD_OPT_GO) is wasting our time and does not deserve to stay
-connected. Later patches will allow fine-tuning the limit away from
-the default value (including disabling it for doing integration
-testing of the handshake process itself).
-
-Note that this patch in isolation actually makes it more likely to see
-qemu SEGV after nbd-server-stop, as any client socket still connected
-when the server shuts down will now be closed after 10 seconds rather
-than at the client's whims. That will be addressed in the next patch.
-
-For a demo of this patch in action:
-$ qemu-nbd -f raw -r -t -e 10 file &
-$ nbdsh --opt-mode -c '
-H = list()
-for i in range(20):
- print(i)
- H.insert(i, nbd.NBD())
- H[i].set_opt_mode(True)
- H[i].connect_uri("nbd://localhost")
-'
-$ kill $!
-
-where later connections get to start progressing once earlier ones are
-forcefully dropped for taking too long, rather than hanging.
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-13-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: rebase to changes earlier in series, reduce scope of timer]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- nbd/server.c | 28 +++++++++++++++++++++++++++-
- nbd/trace-events | 1 +
- 2 files changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index f8881936e..6155e329a 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -3155,22 +3155,48 @@ static void nbd_client_receive_next_request(NBDClient *client)
- }
- }
-
-+static void nbd_handshake_timer_cb(void *opaque)
-+{
-+ QIOChannel *ioc = opaque;
-+
-+ trace_nbd_handshake_timer_cb();
-+ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
-+}
-+
- static coroutine_fn void nbd_co_client_start(void *opaque)
- {
- NBDClient *client = opaque;
- Error *local_err = NULL;
-+ QEMUTimer *handshake_timer = NULL;
-
- qemu_co_mutex_init(&client->send_lock);
-
-- /* TODO - utilize client->handshake_max_secs */
-+ /*
-+ * Create a timer to bound the time spent in negotiation. If the
-+ * timer expires, it is likely nbd_negotiate will fail because the
-+ * socket was shutdown.
-+ */
-+ if (client->handshake_max_secs > 0) {
-+ handshake_timer = aio_timer_new(qemu_get_aio_context(),
-+ QEMU_CLOCK_REALTIME,
-+ SCALE_NS,
-+ nbd_handshake_timer_cb,
-+ client->sioc);
-+ timer_mod(handshake_timer,
-+ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
-+ client->handshake_max_secs * NANOSECONDS_PER_SECOND);
-+ }
-+
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
- }
-+ timer_free(handshake_timer);
- client_close(client, false);
- return;
- }
-
-+ timer_free(handshake_timer);
- WITH_QEMU_LOCK_GUARD(&client->lock) {
- nbd_client_receive_next_request(client);
- }
-diff --git a/nbd/trace-events b/nbd/trace-events
-index 00ae3216a..cbd0a4ab7 100644
---- a/nbd/trace-events
-+++ b/nbd/trace-events
-@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload
- nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64
- nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32
- nbd_trip(void) "Reading request"
-+nbd_handshake_timer_cb(void) "client took too long to negotiate"
-
- # client-connection.c
- nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
deleted file mode 100644
index 9515c631ad..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 3e7ef738c8462c45043a1d39f702a0990406a3b3 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 12:23:13 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop
-
-A malicious client can attempt to connect to an NBD server, and then
-intentionally delay progress in the handshake, including if it does
-not know the TLS secrets. Although the previous two patches reduce
-this behavior by capping the default max-connections parameter and
-killing slow clients, they did not eliminate the possibility of a
-client waiting to close the socket until after the QMP nbd-server-stop
-command is executed, at which point qemu would SEGV when trying to
-dereference the NULL nbd_server global which is no longer present.
-This amounts to a denial of service attack. Worse, if another NBD
-server is started before the malicious client disconnects, I cannot
-rule out additional adverse effects when the old client interferes
-with the connection count of the new server (although the most likely
-is a crash due to an assertion failure when checking
-nbd_server->connections > 0).
-
-For environments without this patch, the CVE can be mitigated by
-ensuring (such as via a firewall) that only trusted clients can
-connect to an NBD server. Note that using frameworks like libvirt
-that ensure that TLS is used and that nbd-server-stop is not executed
-while any trusted clients are still connected will only help if there
-is also no possibility for an untrusted client to open a connection
-but then stall on the NBD handshake.
-
-Given the previous patches, it would be possible to guarantee that no
-clients remain connected by having nbd-server-stop sleep for longer
-than the default handshake deadline before finally freeing the global
-nbd_server object, but that could make QMP non-responsive for a long
-time. So intead, this patch fixes the problem by tracking all client
-sockets opened while the server is running, and forcefully closing any
-such sockets remaining without a completed handshake at the time of
-nbd-server-stop, then waiting until the coroutines servicing those
-sockets notice the state change. nbd-server-stop now has a second
-AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the
-blk_exp_close_all_type() that disconnects all clients that completed
-handshakes), but forced socket shutdown is enough to progress the
-coroutines and quickly tear down all clients before the server is
-freed, thus finally fixing the CVE.
-
-This patch relies heavily on the fact that nbd/server.c guarantees
-that it only calls nbd_blockdev_client_closed() from the main loop
-(see the assertion in nbd_client_put() and the hoops used in
-nbd_client_put_nonzero() to achieve that); if we did not have that
-guarantee, we would also need a mutex protecting our accesses of the
-list of connections to survive re-entrancy from independent iothreads.
-
-Although I did not actually try to test old builds, it looks like this
-problem has existed since at least commit 862172f45c (v2.12.0, 2017) -
-even back when that patch started using a QIONetListener to handle
-listening on multiple sockets, nbd_server_free() was already unaware
-that the nbd_blockdev_client_closed callback can be reached later by a
-client thread that has not completed handshakes (and therefore the
-client's socket never got added to the list closed in
-nbd_export_close_all), despite that patch intentionally tearing down
-the QIONetListener to prevent new clients.
-
-Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Fixes: CVE-2024-7409
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-14-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-
-CVE: CVE-2024-7409
-
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3]
-
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
----
- blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 24ba5382d..f73409ae4 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -21,12 +21,18 @@
- #include "io/channel-socket.h"
- #include "io/net-listener.h"
-
-+typedef struct NBDConn {
-+ QIOChannelSocket *cioc;
-+ QLIST_ENTRY(NBDConn) next;
-+} NBDConn;
-+
- typedef struct NBDServerData {
- QIONetListener *listener;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
- uint32_t max_connections;
- uint32_t connections;
-+ QLIST_HEAD(, NBDConn) conns;
- } NBDServerData;
-
- static NBDServerData *nbd_server;
-@@ -51,6 +57,14 @@ int nbd_server_max_connections(void)
-
- static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- {
-+ NBDConn *conn = nbd_client_owner(client);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
-+
-+ object_unref(OBJECT(conn->cioc));
-+ QLIST_REMOVE(conn, next);
-+ g_free(conn);
-+
- nbd_client_put(client);
- assert(nbd_server->connections > 0);
- nbd_server->connections--;
-@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- gpointer opaque)
- {
-+ NBDConn *conn = g_new0(NBDConn, 1);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
- nbd_server->connections++;
-+ object_ref(OBJECT(cioc));
-+ conn->cioc = cioc;
-+ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next);
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
- /* TODO - expose handshake timeout as QMP option */
- nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
- nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed, NULL);
-+ nbd_blockdev_client_closed, conn);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s)
-
- static void nbd_server_free(NBDServerData *server)
- {
-+ NBDConn *conn, *tmp;
-+
- if (!server) {
- return;
- }
-
-+ /*
-+ * Forcefully close the listener socket, and any clients that have
-+ * not yet disconnected on their own.
-+ */
- qio_net_listener_disconnect(server->listener);
- object_unref(OBJECT(server->listener));
-+ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
-+ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
-+ NULL);
-+ }
-+
-+ AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0);
-+
- if (server->tlscreds) {
- object_unref(OBJECT(server->tlscreds));
- }
---
-2.40.0
diff --git a/meta/recipes-devtools/qemu/qemu_8.2.3.bb b/meta/recipes-devtools/qemu/qemu_8.2.7.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu_8.2.3.bb
rename to meta/recipes-devtools/qemu/qemu_8.2.7.bb
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 12/16] gcc: add a backport patch to fix an issue with tzdata 2024b
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 11/16] qemu: upgrade 8.2.3 -> 8.2.7 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 13/16] ninja: fix build with python 3.13 Steve Sakoman
` (3 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Markus Volk <f_l_k@t-online.de>
There is an issue in the std::chrono::tzdb parser that causes problems
since the tzdata-2024b release started using %z in the main format.
As a real world problem I encounter an issue with the waybar clock module,
which ignores the timezone setting and only shows system time.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-13.3.inc | 1 +
...4fffe3fc82a710bea66ad651720d71c938b8.patch | 549 ++++++++++++++++++
2 files changed, 550 insertions(+)
create mode 100644 meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
diff --git a/meta/recipes-devtools/gcc/gcc-13.3.inc b/meta/recipes-devtools/gcc/gcc-13.3.inc
index 90f5ef88a9..ffe90c7188 100644
--- a/meta/recipes-devtools/gcc/gcc-13.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.3.inc
@@ -66,6 +66,7 @@ SRC_URI = "${BASEURI} \
file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
file://0027-Fix-gcc-vect-module-testcases.patch \
+ file://gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch \
"
SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083"
diff --git a/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch b/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
new file mode 100644
index 0000000000..e5abdcc703
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
@@ -0,0 +1,549 @@
+From ab884fffe3fc82a710bea66ad651720d71c938b8 Mon Sep 17 00:00:00 2001
+From: Jonathan Wakely <jwakely@redhat.com>
+Date: Tue, 30 Apr 2024 09:52:13 +0100
+Subject: [PATCH] libstdc++: Fix std::chrono::tzdb to work with vanguard format
+
+I found some issues in the std::chrono::tzdb parser by testing the
+tzdata "vanguard" format, which uses new features that aren't enabled in
+the "main" and "rearguard" data formats.
+
+Since 2024a the keyword "minimum" is no longer valid for the FROM and TO
+fields in a Rule line, which means that "m" is now a valid abbreviation
+for "maximum". Previously we expected either "mi" or "ma". For backwards
+compatibility, a FROM field beginning with "mi" is still supported and
+is treated as 1900. The "maximum" keyword is only allowed in TO now,
+because it makes no sense in FROM. To support these changes the
+minmax_year and minmax_year2 classes for parsing FROM and TO are
+replaced with a single years_from_to class that reads both fields.
+
+The vanguard format makes use of %z in Zone FORMAT fields, which caused
+an exception to be thrown from ZoneInfo::set_abbrev because no % or /
+characters were expected when a Zone doesn't use a named Rule. The
+ZoneInfo::to(sys_info&) function now uses format_abbrev_str to replace
+any %z with the current offset. Although format_abbrev_str also checks
+for %s and STD/DST formats, those only make sense when a named Rule is
+in effect, so won't occur when ZoneInfo::to(sys_info&) is used.
+
+Since making this change on trunk, the tzdata-2024b release started
+using %z in the main format, not just vanguard. This makes a backport to
+release branches necessary (see PR 116657).
+
+This change also implements a feature that has always been missing from
+time_zone::_M_get_sys_info: finding the Rule that is active before the
+specified time point, so that we can correctly handle %s in the FORMAT
+for the first new sys_info that gets created. This requires implementing
+a poorly documented feature of zic, to get the LETTERS field from a
+later transition, as described at
+https://mm.icann.org/pipermail/tz/2024-April/058891.html
+In order for this to work we need to be able to distinguish an empty
+letters field (as used by CE%sT where the variable part is either empty
+or "S") from "the letters field is not known for this transition". The
+tzdata file uses "-" for an empty letters field, which libstdc++ was
+previously replacing with "" when the Rule was parsed. Instead, we now
+preserve the "-" in the Rule object, so that "" can be used for the case
+where we don't know the letters (and so need to decide it).
+
+(cherry picked from commit 0ca8d56f2085715f27ee536c6c344bc47af49cdd)
+
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=5ceea2ac106d6dd1aa8175670b15a801316cf1c9]
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ libstdc++-v3/src/c++20/tzdb.cc | 265 +++++++++++-------
+ .../std/time/time_zone/sys_info_abbrev.cc | 106 +++++++
+ libstdc++-v3/testsuite/std/time/tzdb/1.cc | 6 +-
+ 3 files changed, 274 insertions(+), 103 deletions(-)
+ create mode 100644 libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc
+
+diff --git a/libstdc++-v3/src/c++20/tzdb.cc b/libstdc++-v3/src/c++20/tzdb.cc
+index c7c7cc9deee6..7e8cce7ce8cf 100644
+--- a/libstdc++-v3/src/c++20/tzdb.cc
++++ b/libstdc++-v3/src/c++20/tzdb.cc
+@@ -342,51 +342,103 @@ namespace std::chrono
+ friend istream& operator>>(istream&, on_day&);
+ };
+
+- // Wrapper for chrono::year that reads a year, or one of the keywords
+- // "minimum" or "maximum", or an unambiguous prefix of a keyword.
+- struct minmax_year
++ // Wrapper for two chrono::year values, which reads the FROM and TO
++ // fields of a Rule line. The FROM field is a year and TO is a year or
++ // one of the keywords "maximum" or "only" (or an abbreviation of those).
++ // For backwards compatibility, the keyword "minimum" is recognized
++ // for FROM and interpreted as 1900.
++ struct years_from_to
+ {
+- year& y;
++ year& from;
++ year& to;
+
+- friend istream& operator>>(istream& in, minmax_year&& y)
++ friend istream& operator>>(istream& in, years_from_to&& yy)
+ {
+- if (ws(in).peek() == 'm') // keywords "minimum" or "maximum"
++ string s;
++ auto c = ws(in).peek();
++ if (c == 'm') [[unlikely]] // keyword "minimum"
+ {
+- string s;
+- in >> s; // extract the rest of the word, but only look at s[1]
+- if (s[1] == 'a')
+- y.y = year::max();
+- else if (s[1] == 'i')
+- y.y = year::min();
+- else
+- in.setstate(ios::failbit);
++ in >> s; // extract the rest of the word
++ yy.from = year(1900);
++ }
++ else if (int num = 0; in >> num) [[likely]]
++ yy.from = year{num};
++
++ c = ws(in).peek();
++ if (c == 'm') // keyword "maximum"
++ {
++ in >> s; // extract the rest of the word
++ yy.to = year::max();
++ }
++ else if (c == 'o') // keyword "only"
++ {
++ in >> s; // extract the rest of the word
++ yy.to = yy.from;
+ }
+ else if (int num = 0; in >> num)
+- y.y = year{num};
++ yy.to = year{num};
++
+ return in;
+ }
+ };
+
+- // As above for minmax_year, but also supports the keyword "only",
+- // meaning that the TO year is the same as the FROM year.
+- struct minmax_year2
++ bool
++ select_std_or_dst_abbrev(string& abbrev, minutes save)
+ {
+- minmax_year to;
+- year from;
++ if (size_t pos = abbrev.find('/'); pos != string::npos)
++ {
++ // Select one of "STD/DST" for standard or daylight.
++ if (save == 0min)
++ abbrev.erase(pos);
++ else
++ abbrev.erase(0, pos + 1);
++ return true;
++ }
++ return false;
++ }
+
+- friend istream& operator>>(istream& in, minmax_year2&& y)
+- {
+- if (ws(in).peek() == 'o') // keyword "only"
+- {
+- string s;
+- in >> s; // extract the whole keyword
+- y.to.y = y.from;
+- }
+- else
+- in >> std::move(y.to);
+- return in;
+- }
+- };
++ // Set the sys_info::abbrev string by expanding any placeholders.
++ void
++ format_abbrev_str(sys_info& info, string_view letters = {})
++ {
++ if (size_t pos = info.abbrev.find('%'); pos != string::npos)
++ {
++ if (info.abbrev[pos + 1] == 's')
++ {
++ // Expand "%s" to the variable part, given by Rule::letters.
++ if (letters == "-")
++ info.abbrev.erase(pos, 2);
++ else
++ info.abbrev.replace(pos, 2, letters);
++ }
++ else if (info.abbrev[pos + 1] == 'z')
++ {
++ // Expand "%z" to the UT offset as +/-hh, +/-hhmm, or +/-hhmmss.
++ hh_mm_ss<seconds> t(info.offset);
++ string z(1, "+-"[t.is_negative()]);
++ long val = t.hours().count();
++ int digits = 2;
++ if (int m = t.minutes().count())
++ {
++ digits = 4;
++ val *= 100;
++ val += m;
++ if (int s = t.seconds().count())
++ {
++ digits = 6;
++ val *= 100;
++ val += s;
++ }
++ }
++ auto sval = std::to_string(val);
++ z += string(digits - sval.size(), '0');
++ z += sval;
++ info.abbrev.replace(pos, 2, z);
++ }
++ }
++ else
++ select_std_or_dst_abbrev(info.abbrev, info.save);
++ }
+
+ // A time zone information record.
+ // Zone NAME STDOFF RULES FORMAT [UNTIL]
+@@ -462,6 +514,7 @@ namespace std::chrono
+ info.offset = offset();
+ info.save = minutes(m_save);
+ info.abbrev = format();
++ format_abbrev_str(info); // expand %z
+ return true;
+ }
+
+@@ -469,12 +522,9 @@ namespace std::chrono
+ friend class time_zone;
+
+ void
+- set_abbrev(const string& abbrev)
++ set_abbrev(string abbrev)
+ {
+- // In practice, the FORMAT field never needs expanding here.
+- if (abbrev.find_first_of("/%") != abbrev.npos)
+- __throw_runtime_error("std::chrono::time_zone: invalid data");
+- m_buf = abbrev;
++ m_buf = std::move(abbrev);
+ m_pos = 0;
+ m_expanded = true;
+ }
+@@ -544,9 +594,7 @@ namespace std::chrono
+
+ // Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+
+- in >> quoted(rule.name)
+- >> minmax_year{rule.from}
+- >> minmax_year2{rule.to, rule.from};
++ in >> quoted(rule.name) >> years_from_to{rule.from, rule.to};
+
+ if (char type; in >> type && type != '-')
+ in.setstate(ios::failbit);
+@@ -557,7 +605,7 @@ namespace std::chrono
+ if (save_time.indicator != at_time::Wall)
+ {
+ // We don't actually store the save_time.indicator, because we
+- // assume that it's always deducable from the actual offset value.
++ // assume that it's always deducible from the offset value.
+ auto expected = save_time.time == 0s
+ ? at_time::Standard
+ : at_time::Daylight;
+@@ -567,8 +615,6 @@ namespace std::chrono
+ rule.save = save_time.time;
+
+ in >> rule.letters;
+- if (rule.letters == "-")
+- rule.letters.clear();
+ return in;
+ }
+
+@@ -719,58 +765,6 @@ namespace std::chrono
+ #endif // TZDB_DISABLED
+ };
+
+-#ifndef TZDB_DISABLED
+- namespace
+- {
+- bool
+- select_std_or_dst_abbrev(string& abbrev, minutes save)
+- {
+- if (size_t pos = abbrev.find('/'); pos != string::npos)
+- {
+- // Select one of "STD/DST" for standard or daylight.
+- if (save == 0min)
+- abbrev.erase(pos);
+- else
+- abbrev.erase(0, pos + 1);
+- return true;
+- }
+- return false;
+- }
+-
+- // Set the sys_info::abbrev string by expanding any placeholders.
+- void
+- format_abbrev_str(sys_info& info, string_view letters = {})
+- {
+- if (size_t pos = info.abbrev.find("%s"); pos != string::npos)
+- {
+- // Expand "%s" to the variable part, given by Rule::letters.
+- info.abbrev.replace(pos, 2, letters);
+- }
+- else if (size_t pos = info.abbrev.find("%z"); pos != string::npos)
+- {
+- // Expand "%z" to the UT offset as +/-hh, +/-hhmm, or +/-hhmmss.
+- hh_mm_ss<seconds> t(info.offset);
+- string z(1, "+-"[t.is_negative()]);
+- long val = t.hours().count();
+- if (minutes m = t.minutes(); m != m.zero())
+- {
+- val *= 100;
+- val += m.count();
+- if (seconds s = t.seconds(); s != s.zero())
+- {
+- val *= 100;
+- val += s.count();
+- }
+- }
+- z += std::to_string(val);
+- info.abbrev.replace(pos, 2, z);
+- }
+- else
+- select_std_or_dst_abbrev(info.abbrev, info.save);
+- }
+- }
+-#endif // TZDB_DISABLED
+-
+ // Implementation of std::chrono::time_zone::get_info(const sys_time<D>&)
+ sys_info
+ time_zone::_M_get_sys_info(sys_seconds tp) const
+@@ -839,12 +833,72 @@ namespace std::chrono
+ info.abbrev = ri.format();
+
+ string_view letters;
+- if (i != infos.begin())
++ if (i != infos.begin() && i[-1].expanded())
++ letters = i[-1].next_letters();
++
++ if (letters.empty())
+ {
+- if (i[-1].expanded())
+- letters = i[-1].next_letters();
+- // XXX else need to find Rule active before this time and use it
+- // to know the initial offset, save, and letters.
++ sys_seconds t = info.begin - seconds(1);
++ const year_month_day date(chrono::floor<days>(t));
++
++ // Try to find a Rule active before this time, to get initial
++ // SAVE and LETTERS values. There may not be a Rule for the period
++ // before the first DST transition, so find the earliest DST->STD
++ // transition and use the LETTERS from that.
++ const Rule* active_rule = nullptr;
++ sys_seconds active_rule_start = sys_seconds::min();
++ const Rule* first_std = nullptr;
++ for (const auto& rule : rules)
++ {
++ if (rule.save == minutes(0))
++ {
++ if (!first_std)
++ first_std = &rule;
++ else if (rule.from < first_std->from)
++ first_std = &rule;
++ else if (rule.from == first_std->from)
++ {
++ if (rule.start_time(rule.from, {})
++ < first_std->start_time(first_std->from, {}))
++ first_std = &rule;
++ }
++ }
++
++ year y = date.year();
++
++ if (y > rule.to) // rule no longer applies at time t
++ continue;
++ if (y < rule.from) // rule doesn't apply yet at time t
++ continue;
++
++ sys_seconds rule_start;
++
++ seconds offset{}; // appropriate for at_time::Universal
++ if (rule.when.indicator == at_time::Wall)
++ offset = info.offset;
++ else if (rule.when.indicator == at_time::Standard)
++ offset = ri.offset();
++
++ // Time the rule takes effect this year:
++ rule_start = rule.start_time(y, offset);
++
++ if (rule_start >= t && rule.from < y)
++ {
++ // Try this rule in the previous year.
++ rule_start = rule.start_time(--y, offset);
++ }
++
++ if (active_rule_start < rule_start && rule_start < t)
++ {
++ active_rule_start = rule_start;
++ active_rule = &rule;
++ }
++ }
++
++ if (active_rule)
++ letters = active_rule->letters;
++ else if (first_std)
++ letters = first_std->letters;
+ }
+
+ const Rule* curr_rule = nullptr;
+@@ -2069,9 +2123,11 @@ namespace std::chrono
+ istringstream in2(std::move(rules));
+ in2 >> rules_time;
+ inf.m_save = duration_cast<minutes>(rules_time.time);
++ // If the FORMAT is "STD/DST" then we can choose the right one
++ // now, so that we store a shorter string.
+ select_std_or_dst_abbrev(fmt, inf.m_save);
+ }
+- inf.set_abbrev(fmt);
++ inf.set_abbrev(std::move(fmt));
+ }
+
+ // YEAR [MONTH [DAY [TIME]]]
+@@ -2082,7 +2138,12 @@ namespace std::chrono
+ abbrev_month m{January};
+ int d = 1;
+ at_time t{};
++ // XXX DAY should support ON format, e.g. lastSun or Sun>=8
+ in >> m >> d >> t;
++ // XXX UNTIL field should be interpreted
++ // "using the rules in effect just before the transition"
++ // so might need to store as year_month_day and hh_mm_ss and only
++ // convert to a sys_time once we know the offset in effect.
+ inf.m_until = sys_days(year(y)/m.m/day(d)) + seconds(t.time);
+ }
+ else
+diff --git a/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc b/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc
+new file mode 100644
+index 000000000000..f1a8fff02f58
+--- /dev/null
++++ b/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc
+@@ -0,0 +1,106 @@
++// { dg-do run { target c++20 } }
++// { dg-require-effective-target tzdb }
++// { dg-require-effective-target cxx11_abi }
++// { dg-xfail-run-if "no weak override on AIX" { powerpc-ibm-aix* } }
++
++#include <chrono>
++#include <fstream>
++#include <testsuite_hooks.h>
++
++static bool override_used = false;
++
++namespace __gnu_cxx
++{
++ const char* zoneinfo_dir_override() {
++ override_used = true;
++ return "./";
++ }
++}
++
++using namespace std::chrono;
++
++void
++test_format()
++{
++ std::ofstream("tzdata.zi") << R"(# version test_1
++Zone Africa/Bissau -1:2:20 - LMT 1912 Ja 1 1u
++ -1 - %z 1975
++ 0 - GMT
++Zon Some/Zone 1:2:3 - %z 1900
++ 1:23:45 - %z 1950
++Zo Another/Zone 1:2:3 - AZ0 1901
++ 1 Roolz A%sZ 2000
++ 1 Roolz SAZ/DAZ 2005
++ 1 Roolz %z
++Rule Roolz 1950 max - April 1 2 1 D
++Rul Roolz 1950 max - Oct 1 1 0 S
++Z Strange/Zone 1 - X%sX 1980
++ 1 - FOO/BAR 1990
++ 2:00 - %zzz 1995
++ 0:9 - %zzz 1996
++ 0:8:7 - %zzz 1997
++ 0:6:5.5 - %zzz 1998
++)";
++
++ const auto& db = reload_tzdb();
++ VERIFY( override_used ); // If this fails then XFAIL for the target.
++ VERIFY( db.version == "test_1" );
++
++ // Test formatting %z as
++ auto tz = locate_zone("Africa/Bissau");
++ auto inf = tz->get_info(sys_days(1974y/1/1));
++ VERIFY( inf.abbrev == "-01" );
++
++ tz = locate_zone("Some/Zone");
++ inf = tz->get_info(sys_days(1899y/1/1));
++ VERIFY( inf.abbrev == "+010203" );
++ inf = tz->get_info(sys_days(1955y/1/1));
++ VERIFY( inf.abbrev == "+012345" );
++
++ tz = locate_zone("Another/Zone");
++ // Test formatting %s as the LETTER/S field from the active Rule.
++ inf = tz->get_info(sys_days(1910y/January/1));
++ VERIFY( inf.abbrev == "ASZ" );
++ inf = tz->get_info(sys_days(1950y/January/1));
++ VERIFY( inf.abbrev == "ASZ" );
++ inf = tz->get_info(sys_days(1950y/June/1));
++ VERIFY( inf.abbrev == "ADZ" );
++ inf = tz->get_info(sys_days(1999y/January/1));
++ VERIFY( inf.abbrev == "ASZ" );
++ inf = tz->get_info(sys_days(1999y/July/1));
++ VERIFY( inf.abbrev == "ADZ" );
++ // Test formatting STD/DST according to the active Rule.
++ inf = tz->get_info(sys_days(2000y/January/2));
++ VERIFY( inf.abbrev == "SAZ" );
++ inf = tz->get_info(sys_days(2001y/January/1));
++ VERIFY( inf.abbrev == "SAZ" );
++ inf = tz->get_info(sys_days(2001y/July/1));
++ VERIFY( inf.abbrev == "DAZ" );
++ // Test formatting %z as the offset determined by the active Rule.
++ inf = tz->get_info(sys_days(2005y/January/2));
++ VERIFY( inf.abbrev == "+01" );
++ inf = tz->get_info(sys_days(2006y/January/1));
++ VERIFY( inf.abbrev == "+01" );
++ inf = tz->get_info(sys_days(2006y/July/1));
++ VERIFY( inf.abbrev == "+02" );
++
++ // Test formatting %z, %s and S/D for a Zone with no associated Rules.
++ tz = locate_zone("Strange/Zone");
++ inf = tz->get_info(sys_days(1979y/January/1));
++ VERIFY( inf.abbrev == "XX" ); // No Rule means nothing to use for %s.
++ inf = tz->get_info(sys_days(1981y/July/1));
++ VERIFY( inf.abbrev == "FOO" ); // Always standard time means first string.
++ inf = tz->get_info(sys_days(1994y/July/1));
++ VERIFY( inf.abbrev == "+02zz" );
++ inf = tz->get_info(sys_days(1995y/July/1));
++ VERIFY( inf.abbrev == "+0009zz" );
++ inf = tz->get_info(sys_days(1996y/July/1));
++ VERIFY( inf.abbrev == "+000807zz" );
++ inf = tz->get_info(sys_days(1997y/July/1));
++ VERIFY( inf.abbrev == "+000606zz" );
++}
++
++int main()
++{
++ test_format();
++}
+diff --git a/libstdc++-v3/testsuite/std/time/tzdb/1.cc b/libstdc++-v3/testsuite/std/time/tzdb/1.cc
+index 796f3a8b4256..7a31c1c20ba7 100644
+--- a/libstdc++-v3/testsuite/std/time/tzdb/1.cc
++++ b/libstdc++-v3/testsuite/std/time/tzdb/1.cc
+@@ -39,11 +39,15 @@ test_locate()
+ const tzdb& db = get_tzdb();
+ const time_zone* tz = db.locate_zone("GMT");
+ VERIFY( tz != nullptr );
+- VERIFY( tz->name() == "Etc/GMT" );
+ VERIFY( tz == std::chrono::locate_zone("GMT") );
+ VERIFY( tz == db.locate_zone("Etc/GMT") );
+ VERIFY( tz == db.locate_zone("Etc/GMT+0") );
+
++ // Since 2022f GMT is now a Zone and Etc/GMT a link instead of vice versa,
++ // but only when using the vanguard format. As of 2024a, the main and
++ // rearguard formats still have Etc/GMT as a Zone and GMT as a link.
++ VERIFY( tz->name() == "GMT" || tz->name() == "Etc/GMT" );
++
+ VERIFY( db.locate_zone(db.current_zone()->name()) == db.current_zone() );
+ }
+
+--
+2.43.5
+
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 13/16] ninja: fix build with python 3.13
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 12/16] gcc: add a backport patch to fix an issue with tzdata 2024b Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 14/16] libgcrypt: Fix building error with '-O2' in sysroot path Steve Sakoman
` (2 subsequent siblings)
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Markus Volk <f_l_k@t-online.de>
python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13
This commit adds a backport patch to use subprocess module instead
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...4efb41c039789b81f0dc0d67c1ed0faea17c.patch | 62 +++++++++++++++++++
meta/recipes-devtools/ninja/ninja_1.11.1.bb | 5 +-
2 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
diff --git a/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
new file mode 100644
index 0000000000..b23bedd04b
--- /dev/null
+++ b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch
@@ -0,0 +1,62 @@
+From 9cf13cd1ecb7ae649394f4133d121a01e191560b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:20 +0900
+Subject: [PATCH 1/2] Replace pipes.quote with shlex.quote in configure.py
+
+Python 3.12 deprecated the pipes module and it will be removed
+in Python 3.13. In configure.py, I have replaced the usage of pipes.quote
+with shlex.quote, which is the exactly same function as pipes.quote.
+
+For more details, refer to PEP 0594: https://peps.python.org/pep-0594
+
+Upstream-Status: Backport [https://github.com/ninja-build/ninja/commit/885b4efb41c039789b81f0dc0d67c1ed0faea17c]
+
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ configure.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.py b/configure.py
+index 588250aa8a..c6973cd1a5 100755
+--- a/configure.py
++++ b/configure.py
+@@ -21,7 +21,7 @@
+
+ from optparse import OptionParser
+ import os
+-import pipes
++import shlex
+ import string
+ import subprocess
+ import sys
+@@ -262,7 +262,7 @@ def _run_command(self, cmdline):
+ env_keys = set(['CXX', 'AR', 'CFLAGS', 'CXXFLAGS', 'LDFLAGS'])
+ configure_env = dict((k, os.environ[k]) for k in os.environ if k in env_keys)
+ if configure_env:
+- config_str = ' '.join([k + '=' + pipes.quote(configure_env[k])
++ config_str = ' '.join([k + '=' + shlex.quote(configure_env[k])
+ for k in configure_env])
+ n.variable('configure_env', config_str + '$ ')
+ n.newline()
+
+From 0a9c9c5f50c60de4a7acfed8aaa048c74cd2f43b Mon Sep 17 00:00:00 2001
+From: Byoungchan Lee <byoungchan.lee@gmx.com>
+Date: Mon, 9 Oct 2023 20:13:50 +0900
+Subject: [PATCH 2/2] Remove unused module string in configure.py
+
+---
+ configure.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.py b/configure.py
+index c6973cd1a5..939153df60 100755
+--- a/configure.py
++++ b/configure.py
+@@ -22,7 +22,6 @@
+ from optparse import OptionParser
+ import os
+ import shlex
+-import string
+ import subprocess
+ import sys
+
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 8e297ec4d4..b74150bc64 100644
--- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -8,7 +8,10 @@ DEPENDS = "re2c-native ninja-native"
SRCREV = "a524bf3f6bacd1b4ad85d719eed2737d8562f27a"
-SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https"
+SRC_URI = " \
+ git://github.com/ninja-build/ninja.git;branch=release;protocol=https \
+ file://885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch \
+"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
S = "${WORKDIR}/git"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 14/16] libgcrypt: Fix building error with '-O2' in sysroot path
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 13/16] ninja: fix build with python 3.13 Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 15/16] dropbear: backport fix for concurrent channel open/close Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts Steve Sakoman
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Robert Yang <liezhi.yang@windriver.com>
* Backport a patch to fix:
$ . oe-init-build-env build-O2
$ bitbake libgcrypt
random/rndjent.c:40:10: fatal error: stdio.h: No such file or directory
* Remove 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch which
is fixed by the backported patch.
Note, master branch's libgcrypt_1.11.0.bb has already fixed this problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ilding-error-with-O2-in-sysroot-path.patch | 64 +++++++++++++++++++
...ilding-error-with-O2-in-sysroot-path.patch | 39 -----------
.../libgcrypt/libgcrypt_1.10.3.bb | 2 +-
3 files changed, 65 insertions(+), 40 deletions(-)
create mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
delete mode 100644 meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
diff --git a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
new file mode 100644
index 0000000000..dee4969f35
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
@@ -0,0 +1,64 @@
+From b99952adc6ee611641709610d2e4dc90ba9acf37 Mon Sep 17 00:00:00 2001
+From: "simit.ghane" <simit.ghane@lge.com>
+Date: Tue, 7 May 2024 14:09:03 +0530
+Subject: [PATCH] Fix building error with '-O2' in sysroot path
+
+* cipher/Makefile.am (o_flag_munging): Tweak the sed script.
+* random/Makefile.am (o_flag_munging): Ditto.
+--
+
+Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0'
+respectively when compiling cipher and random in the filesystem
+paths as well if they happen to contain '-O2' or '-Ofast
+
+If we are cross compiling libgcrypt and sysroot contains such
+characters, we would
+get compile errors because the sysroot path has been modified.
+
+Fix this by adding blank spaces and tabs before the original matching
+pattern in the sed command.
+
+Signed-off-by: simit.ghane <simit.ghane@lge.com>
+
+ChangeLog entries added by wk
+
+Note that there is also the configure option --disable-O-flag-munging;
+see the README.
+
+Upstream-Status: Backport [https://dev.gnupg.org/rCb99952adc6ee611641709610d2e4dc90ba9acf37 https://dev.gnupg.org/rC5afadba008918d651afefb842ae123cc18454c74]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ cipher/Makefile.am | 2 +-
+ random/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/Makefile.am b/cipher/Makefile.am
+index 2c39586e..a914ed2b 100644
+--- a/cipher/Makefile.am
++++ b/cipher/Makefile.am
+@@ -168,7 +168,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c
+
+
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g'
+ else
+ o_flag_munging = cat
+ endif
+diff --git a/random/Makefile.am b/random/Makefile.am
+index 0c935a05..340df38a 100644
+--- a/random/Makefile.am
++++ b/random/Makefile.am
+@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+
+ # The rndjent module needs to be compiled without optimization. */
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/-O\([1-9sgz][1-9sgz]*\)/-O0/g' -e 's/-Ofast/-O0/g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([1-9sgz][1-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g'
+ else
+ o_flag_munging = cat
+ endif
+--
+2.44.1
+
diff --git a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
deleted file mode 100644
index cf9ebfb3e6..0000000000
--- a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0f66e796a8522e1043dda03b88d5f6feae839d16 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Wed, 16 Aug 2017 10:44:41 +0800
-Subject: [PATCH] libgcrypt: fix building error with '-O2' in sysroot path
-
-Upstream-Status: Pending
-
-Characters like '-O2' or '-Ofast' will be replaced by '-O1' when
-compiling cipher.
-If we are cross compiling libgcrypt and sysroot contains such
-characters, we would
-get compile errors because the sysroot path has been modified.
-
-Fix this by adding blank spaces before and after the original matching
-pattern in the
-sed command.
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
-Rebase to 1.8.0
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
----
- cipher/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cipher/Makefile.am b/cipher/Makefile.am
-index c3d642b..88c883a 100644
---- a/cipher/Makefile.am
-+++ b/cipher/Makefile.am
-@@ -153,7 +153,7 @@ gost-s-box: gost-s-box.c
-
-
- if ENABLE_O_FLAG_MUNGING
--o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g'
-+o_flag_munging = sed -e 's/ -O\([2-9sgz][2-9sgz]*\) / -O1 /' -e 's/ -Ofast / -O1 /g'
- else
- o_flag_munging = cat
- endif
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
index 5a76201ab5..3d49d586bb 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
@@ -21,11 +21,11 @@ DEPENDS = "libgpg-error"
UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \
- file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
file://no-native-gpg-error.patch \
file://no-bench-slope.patch \
file://run-ptest \
+ file://0001-Fix-building-error-with-O2-in-sysroot-path.patch \
"
SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 15/16] dropbear: backport fix for concurrent channel open/close
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (13 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 14/16] libgcrypt: Fix building error with '-O2' in sysroot path Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts Steve Sakoman
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: Florian Kreutzer <florian.kreutzer.oss@rohde-schwarz.com>
Prevents sporadic crashes of dropbear server when multiple channels are
active at the same time.
Upstream discussion:
https://github.com/mkj/dropbear/pull/326/commits
https://github.com/mkj/dropbear/issues/321
Issue was introduced in dropbear-2022.83 and fixed in v2024.86.
Signed-off-by: Florian Kreutzer <florian.kreutzer.oss@rohde-schwarz.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...e-channels-when-a-PID-hasn-t-started.patch | 45 +++++++++++++++++++
.../recipes-core/dropbear/dropbear_2022.83.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
diff --git a/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
new file mode 100644
index 0000000000..dff6534027
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch
@@ -0,0 +1,45 @@
+From 5c34e70b80e5fc539f96e029b56b95cdee556010 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Sun, 8 Sep 2024 11:07:41 +0200
+Subject: Don't close channels when a PID hasn't started
+
+If check_close() ran prior to a server channel exec/shell
+request, it would send a close immediately.
+This fix changes it to exclude write_fd==FD_UNINIT from
+being closed there.
+
+When a channel was closed by the time shell/exec request
+was received, then data sent hits an assertion.
+This fixes #321 on Github.
+
+The "pid == 0" check was initially added to avoid waiting
+to close a channel when a process has never been launched
+(which is correct), but that isn't correct in the case
+of the closed-fd test.
+
+Fixes: 8e6f73e879ca ("- Remove "flushing" handling for exited processes)
+
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/71521d1b78706a70d3570b860e65234cefdc8c81]
+
+Signed-off-by: Florian Kreutzer <florian.kreutzer.oss@rohde-schwarz.com>
+---
+ common-channel.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/common-channel.c b/common-channel.c
+index be5b57f..9926972 100644
+--- a/common-channel.c
++++ b/common-channel.c
+@@ -317,7 +317,8 @@ static void check_close(struct Channel *channel) {
+
+ if ((channel->recv_eof && !write_pending(channel))
+ /* have a server "session" and child has exited */
+- || (channel->type->check_close && close_allowed)) {
++ || (channel->writefd != FD_UNINIT
++ && channel->type->check_close && close_allowed)) {
+ close_chan_fd(channel, channel->writefd, SHUT_WR);
+ }
+
+--
+2.34.1
+
diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb
index 686cb8a809..772e08eaed 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb
@@ -14,6 +14,7 @@ RCONFLICTS:${PN} = "openssh-sshd openssh"
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
file://0001-urandom-xauth-changes-to-options.h.patch \
+ file://0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch \
file://init \
file://dropbearkey.service \
file://dropbear@.service \
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
` (14 preceding siblings ...)
2024-12-03 13:37 ` [OE-core][scarthgap 15/16] dropbear: backport fix for concurrent channel open/close Steve Sakoman
@ 2024-12-03 13:37 ` Steve Sakoman
15 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-03 13:37 UTC (permalink / raw)
To: openembedded-core
From: "Gassner, Tobias.ext" <tobias.gassner.ext@karlstorz.com>
This patch ensures that pkg_postinst_ontarget task is executed for read only rootfs when
read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES. The issue was that run-postinsts
could be uninstalled at the end of rootfs construction and that shouldn't happen for
the delayed usecase.
In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py testing
the fix has been implemented.
Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 60f587475dda99eaa07848880058b69286b8900e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/rootfs.py | 4 +++
meta/lib/oeqa/selftest/cases/overlayfs.py | 41 ++++++++++++++++++++++-
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oe/rootfs.py b/meta/lib/oe/rootfs.py
index 8cd48f9450..5abce4ad7d 100644
--- a/meta/lib/oe/rootfs.py
+++ b/meta/lib/oe/rootfs.py
@@ -269,7 +269,11 @@ class Rootfs(object, metaclass=ABCMeta):
self.pm.remove(["run-postinsts"])
image_rorfs = bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs",
+ True, False, self.d) and \
+ not bb.utils.contains("IMAGE_FEATURES",
+ "read-only-rootfs-delayed-postinsts",
True, False, self.d)
+
image_rorfs_force = self.d.getVar('FORCE_RO_REMOVE')
if image_rorfs or image_rorfs_force == "1":
diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py b/meta/lib/oeqa/selftest/cases/overlayfs.py
index e31063567b..580fbdcb9c 100644
--- a/meta/lib/oeqa/selftest/cases/overlayfs.py
+++ b/meta/lib/oeqa/selftest/cases/overlayfs.py
@@ -5,7 +5,7 @@
#
from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import bitbake, runqemu
+from oeqa.utils.commands import bitbake, runqemu, get_bb_vars
from oeqa.core.decorator import OETestTag
from oeqa.core.decorator.data import skipIfNotMachine
@@ -466,6 +466,45 @@ IMAGE_INSTALL:append = " overlayfs-user"
line = getline_qemu(output, "Read-only file system")
self.assertTrue(line, msg=output)
+ @skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently")
+ def test_postinst_on_target_for_read_only_rootfs(self):
+ """
+ Summary: The purpose of this test case is to verify that post-installation
+ on target scripts are executed even if using read-only rootfs when
+ read-only-rootfs-delayed-postinsts is set
+ Expected: The test files are created on first boot
+ """
+
+ import oe.path
+
+ vars = get_bb_vars(("IMAGE_ROOTFS", "sysconfdir"), "core-image-minimal")
+ sysconfdir = vars["sysconfdir"]
+ self.assertIsNotNone(sysconfdir)
+ # Need to use oe.path here as sysconfdir starts with /
+ targettestdir = os.path.join(sysconfdir, "postinst-test")
+
+ config = self.get_working_config()
+
+ args = {
+ 'OVERLAYFS_INIT_OPTION': "",
+ 'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1,
+ 'OVERLAYFS_ROOTFS_TYPE': "ext4",
+ 'OVERLAYFS_ETC_CREATE_MOUNT_DIRS': 1
+ }
+
+ # read-only-rootfs is already set in get_working_config()
+ config += 'EXTRA_IMAGE_FEATURES += "read-only-rootfs-delayed-postinsts"\n'
+ config += 'CORE_IMAGE_EXTRA_INSTALL = "postinst-delayed-b"\n'
+
+ self.write_config(config.format(**args))
+
+ res = bitbake('core-image-minimal')
+
+ with runqemu('core-image-minimal', image_fstype='wic') as qemu:
+ for filename in ("rootfs", "delayed-a", "delayed-b"):
+ status, output = qemu.run_serial("test -f %s && echo found" % os.path.join(targettestdir, filename))
+ self.assertIn("found", output, "%s was not present on boot" % filename)
+
def get_working_config(self):
return """
# Use systemd as init manager
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 00/16] Patch review
@ 2025-03-05 22:10 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-03-05 22:10 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Friday, March 7
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1127
The following changes since commit c74a6d6afc52606825e583cae1162e13a5369498:
ccache.conf: Add include_file_ctime to sloppiness (2025-02-27 12:19:58 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Alexis Cellier (1):
systemd: add libpcre2 as RRECOMMENDS if pcre2 is enabled
Archana Polampalli (4):
ffmpeg: fix CVE-2025-25473
ffmpeg: fix CVE-2025-25471
ffmpeg: fix CVE-2025-22921
ffmpeg: fix CVE-2025-0518
Poonam Jadhav (1):
curl: ignore CVE-2025-0725
Vijay Anusuri (10):
openssh: Fix CVE-2025-26466
xwayland: Fix CVE-2024-9632
xwayland: Fix CVE-2025-26594
xwayland: Fix CVE-2025-26595
xwayland: Fix CVE-2025-26596
xwayland: Fix CVE-2025-26597
xwayland: Fix CVE-2025-26598
xwayland: Fix CVE-2025-26599
xwayland: Fix CVE-2025-26600
xwayland: Fix CVE-2025-26601
.../openssh/openssh/CVE-2025-26466.patch | 38 +++++
.../openssh/openssh_9.6p1.bb | 1 +
meta/recipes-core/systemd/systemd_255.17.bb | 2 +-
.../xwayland/xwayland/CVE-2024-9632.patch | 59 ++++++++
.../xwayland/xwayland/CVE-2025-26594-1.patch | 54 +++++++
.../xwayland/xwayland/CVE-2025-26594-2.patch | 51 +++++++
.../xwayland/xwayland/CVE-2025-26595.patch | 65 +++++++++
.../xwayland/xwayland/CVE-2025-26596.patch | 49 +++++++
.../xwayland/xwayland/CVE-2025-26597.patch | 46 ++++++
.../xwayland/xwayland/CVE-2025-26598.patch | 120 ++++++++++++++++
.../xwayland/xwayland/CVE-2025-26599-1.patch | 66 +++++++++
.../xwayland/xwayland/CVE-2025-26599-2.patch | 129 +++++++++++++++++
.../xwayland/xwayland/CVE-2025-26600.patch | 68 +++++++++
.../xwayland/xwayland/CVE-2025-26601-1.patch | 71 ++++++++++
.../xwayland/xwayland/CVE-2025-26601-2.patch | 85 +++++++++++
.../xwayland/xwayland/CVE-2025-26601-3.patch | 52 +++++++
.../xwayland/xwayland/CVE-2025-26601-4.patch | 132 ++++++++++++++++++
.../xwayland/xwayland_23.2.5.bb | 17 ++-
.../ffmpeg/ffmpeg/CVE-2025-0518.patch | 34 +++++
.../ffmpeg/ffmpeg/CVE-2025-22921.patch | 34 +++++
.../ffmpeg/ffmpeg/CVE-2025-25471.patch | 39 ++++++
.../ffmpeg/ffmpeg/CVE-2025-25473.patch | 36 +++++
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 4 +
meta/recipes-support/curl/curl_8.7.1.bb | 2 +
24 files changed, 1252 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-26466.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25471.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 00/16] Patch review
@ 2025-06-10 19:33 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-06-10 19:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Friday, June 12
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1777
The following changes since commit 29e623b2ad00555788412fa520fbb9ffec794cbb:
systemd: upgrade 255.18 -> 255.21 (2025-06-05 09:11:42 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Andrew Fernandes (1):
gtk+: add missing libdrm dependency
Changqing Li (12):
libsoup-2.4: fix CVE-2025-32052
libsoup: fix CVE-2025-32052
libsoup: fix CVE-2025-32051
libsoup-2.4: fix CVE-2025-32050
libsoup: fix CVE-2025-32050
libsoup-2.4: fix CVE-2025-46421
libsoup: fix CVE-2025-46421
libsoup-2.4: fix CVE-2025-4948
libsoup: fix CVE-2025-4948
libsoup-2.4: fix CVE-2025-4476
libsoup-2.4: fix CVE-2025-2784
libsoup: fix CVE-2025-2784
Peter Marko (2):
python3: upgrade 3.12.9 -> 3.12.11
testimage: get real os-release file
Vijay Anusuri (1):
kea: upgrade 2.4.1 -> 2.4.2
meta/classes-recipe/testimage.bbclass | 4 +-
.../kea/{kea_2.4.1.bb => kea_2.4.2.bb} | 4 +-
...shebang-overflow-on-python-config.py.patch | 2 +-
...-use-prefix-value-from-build-configu.patch | 2 +-
...sts-due-to-load-variability-on-YP-AB.patch | 6 +-
...001-ctypes-correct-gcc-check-in-test.patch | 53 -------
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
..._fileno-test-due-to-load-variability.patch | 2 +-
...orlines-skip-due-to-load-variability.patch | 2 +-
.../python/python3/makerace.patch | 2 +-
.../{python3_3.12.9.bb => python3_3.12.11.bb} | 3 +-
meta/recipes-gnome/gtk+/gtk4_4.14.1.bb | 1 +
.../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++++
.../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 ++++
.../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 ++++
.../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 +++++
.../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++++
.../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 +++++
.../libsoup/libsoup-2.4_2.74.3.bb | 6 +
.../libsoup/libsoup-3.4.4/CVE-2025-2784.patch | 137 +++++++++++++++++
.../libsoup-3.4.4/CVE-2025-32050.patch | 29 ++++
.../libsoup-3.4.4/CVE-2025-32051-1.patch | 29 ++++
.../libsoup-3.4.4/CVE-2025-32051-2.patch | 57 +++++++
.../libsoup-3.4.4/CVE-2025-32052.patch | 31 ++++
.../libsoup-3.4.4/CVE-2025-46421.patch | 139 ++++++++++++++++++
.../libsoup/libsoup-3.4.4/CVE-2025-4948.patch | 97 ++++++++++++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 7 +
27 files changed, 788 insertions(+), 67 deletions(-)
rename meta/recipes-connectivity/kea/{kea_2.4.1.bb => kea_2.4.2.bb} (94%)
delete mode 100644 meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch
rename meta/recipes-devtools/python/{python3_3.12.9.bb => python3_3.12.11.bb} (99%)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-2784.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32050.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32051-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32052.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-46421.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4948.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 00/16] Patch review
@ 2025-07-24 21:35 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-07-24 21:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2084
The following changes since commit 24c0ab18045920bb5c1e965c0ea6d176fd6de234:
oe-debuginfod: add option for data storage (2025-07-16 14:09:39 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Alexander Kanavin (1):
mtools: upgrade 4.0.43 -> 4.0.44
Archana Polampalli (1):
openssl: CVE-2024-41996
Deepesh Varatharajan (2):
binutils: Fix CVE-2025-7545
glibc: stable 2.39 branch updates
Hitendra Prajapati (1):
libpam: fix CVE-2025-6020
Jinfeng Wang (1):
mtools: upgrade 4.0.48 -> 4.0.49
Peter Marko (2):
orc: set CVE_PRODUCT
openssl: patch CVE-2025-27587
Richard Purdie (1):
mtools: upgrade 4.0.46 -> 4.0.47
Roland Kovacs (2):
libxml2: fix CVE-2025-49795
sqlite3: fix CVE-2025-6965
Vijay Anusuri (1):
xserver-xorg: upgrade 21.1.6 -> 21.1.18
Wang Mingyu (3):
mtools: upgrade 4.0.44 -> 4.0.45
mtools: upgrade 4.0.45 -> 4.0.46
mtools: upgrade 4.0.47 -> 4.0.48
Yash Shinde (1):
binutils: Fix CVE-2025-7546
.../openssl/openssl/CVE-2024-41996.patch | 44 +
.../openssl/openssl/CVE-2025-27587-1.patch | 1918 +++++++++++++++++
.../openssl/openssl/CVE-2025-27587-2.patch | 129 ++
.../openssl/openssl_3.2.4.bb | 3 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../libxml/libxml2/CVE-2025-49795.patch | 92 +
meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 +
.../binutils/binutils-2.42.inc | 2 +
.../binutils/0023-CVE-2025-7545.patch | 39 +
.../binutils/0023-CVE-2025-7546.patch | 58 +
.../mtools/mtools/clang_UNUSED.patch | 19 +-
.../mtools/disable-hardcoded-configs.patch | 7 +-
.../mtools/mtools/mtools-makeinfo.patch | 19 +-
.../{mtools_4.0.43.bb => mtools_4.0.49.bb} | 2 +-
meta/recipes-devtools/orc/orc_0.4.40.bb | 3 +
.../libpam/0001-pam-inline-pam-asprintf.patch | 101 +
.../libpam/0002-pam-namespace-rebase.patch | 750 +++++++
.../pam/libpam/CVE-2025-6020-01.patch | 1128 ++++++++++
.../pam/libpam/CVE-2025-6020-02.patch | 187 ++
.../pam/libpam/CVE-2025-6020-03.patch | 35 +
meta/recipes-extended/pam/libpam_1.5.3.bb | 5 +
...org_21.1.16.bb => xserver-xorg_21.1.18.bb} | 2 +-
.../sqlite/sqlite3/CVE-2025-6965.patch | 112 +
meta/recipes-support/sqlite/sqlite3_3.45.3.bb | 1 +
24 files changed, 4636 insertions(+), 23 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch
rename meta/recipes-devtools/mtools/{mtools_4.0.43.bb => mtools_4.0.49.bb} (93%)
create mode 100644 meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch
create mode 100644 meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.16.bb => xserver-xorg_21.1.18.bb} (92%)
create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][scarthgap 00/16] Patch review
@ 2026-03-29 22:37 Yoann Congal
2026-03-29 22:41 ` Yoann Congal
0 siblings, 1 reply; 23+ messages in thread
From: Yoann Congal @ 2026-03-29 22:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, March 31.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3546
Note: This particular build had a gnutls patch that I removed because it needed a small change[0].
Build (currently running) without the gnutls patch: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3551
[0]: https://lore.kernel.org/openembedded-core/DHFLXG1K82R7.3EOQRZ2H6KW8Q@smile.fr/T/#t
The following changes since commit 41597b5260fb5ca811d0fb4ae7e65246d61734eb:
Revert "scripts/install-buildtools: Update to 5.0.16" (2026-03-26 09:48:20 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
for you to fetch changes up to e6f3b2e043259650d80fb6f761797c5cf5587eb5:
python3-pyopenssl: Fix CVE-2026-27459 (2026-03-30 00:09:38 +0200)
----------------------------------------------------------------
Hitendra Prajapati (2):
libxml-parser-perl: fix for CVE-2006-10003
busybox: fix for CVE-2026-26157, CVE-2026-26158
João Marcos Costa (Schneider Electric) (1):
spdx: add option to include only compiled sources
Martin Jansa (3):
dtc: backport fix for build with glibc-2.43
elfutils: don't add -Werror to avoid discarded-qualifiers
binutils: backport patch to fix build with glibc-2.43 on host
Michael Halstead (2):
yocto-uninative: Update to 5.0 for needed patchelf updates
yocto-uninative: Update to 5.1 for glibc 2.43
Nguyen Dat Tho (1):
python3-cryptography: Fix CVE-2026-26007
Paul Barker (1):
tzdata,tzcode-native: Upgrade 2025b -> 2025c
Richard Purdie (1):
pseudo: Add fix for glibc 2.43
Sunil Dora (1):
rust: Enable dynamic linking with llvm
Vijay Anusuri (3):
python3-pyopenssl: Fix CVE-2026-27448
python3-pyopenssl: Fix CVE-2026-27459
gnutls: Fix CVE-2025-14831
sureshha (1):
systemd: backport patch to fix journal-file issue
meta/classes/spdx-common.bbclass | 3 +
meta/conf/distro/include/yocto-uninative.inc | 10 +-
meta/lib/oe/spdx30_tasks.py | 12 +
.../CVE-2026-26157-CVE-2026-26158-01.patch | 198 +++++++
.../CVE-2026-26157-CVE-2026-26158-02.patch | 37 ++
meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
...not-trigger-assertion-on-removed-or-.patch | 65 +++
meta/recipes-core/systemd/systemd_255.21.bb | 1 +
.../binutils/binutils-2.42.inc | 1 +
...tect-against-standard-library-macros.patch | 31 ++
.../elfutils/elfutils_0.191.bb | 1 +
...001-config-eu.am-do-not-force-Werror.patch | 34 ++
.../libxml-parser-perl/CVE-2006-10003.patch | 73 +++
.../perl/libxml-parser-perl_2.47.bb | 1 +
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../python3-cryptography/CVE-2026-26007.patch | 149 ++++++
.../python/python3-cryptography_42.0.5.bb | 1 +
.../python3-pyopenssl/CVE-2026-27448.patch | 124 +++++
.../python3-pyopenssl/CVE-2026-27459.patch | 109 ++++
.../python/python3-pyopenssl_24.0.0.bb | 5 +
meta/recipes-devtools/rust/rust_1.75.0.bb | 2 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../0001-Fix-discarded-const-qualifiers.patch | 85 +++
meta/recipes-kernel/dtc/dtc_1.7.0.bb | 1 +
.../gnutls/gnutls/CVE-2025-14831-1.patch | 61 +++
.../gnutls/gnutls/CVE-2025-14831-2.patch | 30 ++
.../gnutls/gnutls/CVE-2025-14831-3.patch | 45 ++
.../gnutls/gnutls/CVE-2025-14831-4.patch | 200 +++++++
.../gnutls/gnutls/CVE-2025-14831-5.patch | 500 ++++++++++++++++++
.../gnutls/gnutls/CVE-2025-14831-6.patch | 119 +++++
.../gnutls/gnutls/CVE-2025-14831-7.patch | 150 ++++++
.../gnutls/gnutls/CVE-2025-14831-8.patch | 105 ++++
.../gnutls/gnutls/CVE-2025-14831-9.patch | 437 +++++++++++++++
meta/recipes-support/gnutls/gnutls_3.8.4.bb | 9 +
34 files changed, 2600 insertions(+), 9 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-02.patch
create mode 100644 meta/recipes-core/systemd/systemd/0023-journal-file-do-not-trigger-assertion-on-removed-or-.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch
create mode 100644 meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch
create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [OE-core][scarthgap 00/16] Patch review
2026-03-29 22:37 [OE-core][scarthgap 00/16] Patch review Yoann Congal
@ 2026-03-29 22:41 ` Yoann Congal
0 siblings, 0 replies; 23+ messages in thread
From: Yoann Congal @ 2026-03-29 22:41 UTC (permalink / raw)
To: Yoann Congal, openembedded-core
On Mon Mar 30, 2026 at 12:37 AM CEST, Yoann Congal wrote:
> Please review this set of changes for scarthgap and have comments back by
> end of day Tuesday, March 31.
>
> Passed a-full on autobuilder:
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3546
> Note: This particular build had a gnutls patch that I removed because it needed a small change[0].
> Build (currently running) without the gnutls patch: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3551
>
> [0]: https://lore.kernel.org/openembedded-core/DHFLXG1K82R7.3EOQRZ2H6KW8Q@smile.fr/T/#t
*sigh* I need to check on my tooling because it did not sent the right
branch. Please ignore this series. I'll send the correct one shortly.
Sorry for the noise.
> The following changes since commit 41597b5260fb5ca811d0fb4ae7e65246d61734eb:
>
> Revert "scripts/install-buildtools: Update to 5.0.16" (2026-03-26 09:48:20 +0000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
>
> for you to fetch changes up to e6f3b2e043259650d80fb6f761797c5cf5587eb5:
>
> python3-pyopenssl: Fix CVE-2026-27459 (2026-03-30 00:09:38 +0200)
>
> ----------------------------------------------------------------
>
> Hitendra Prajapati (2):
> libxml-parser-perl: fix for CVE-2006-10003
> busybox: fix for CVE-2026-26157, CVE-2026-26158
>
> João Marcos Costa (Schneider Electric) (1):
> spdx: add option to include only compiled sources
>
> Martin Jansa (3):
> dtc: backport fix for build with glibc-2.43
> elfutils: don't add -Werror to avoid discarded-qualifiers
> binutils: backport patch to fix build with glibc-2.43 on host
>
> Michael Halstead (2):
> yocto-uninative: Update to 5.0 for needed patchelf updates
> yocto-uninative: Update to 5.1 for glibc 2.43
>
> Nguyen Dat Tho (1):
> python3-cryptography: Fix CVE-2026-26007
>
> Paul Barker (1):
> tzdata,tzcode-native: Upgrade 2025b -> 2025c
>
> Richard Purdie (1):
> pseudo: Add fix for glibc 2.43
>
> Sunil Dora (1):
> rust: Enable dynamic linking with llvm
>
> Vijay Anusuri (3):
> python3-pyopenssl: Fix CVE-2026-27448
> python3-pyopenssl: Fix CVE-2026-27459
> gnutls: Fix CVE-2025-14831
>
> sureshha (1):
> systemd: backport patch to fix journal-file issue
>
> meta/classes/spdx-common.bbclass | 3 +
> meta/conf/distro/include/yocto-uninative.inc | 10 +-
> meta/lib/oe/spdx30_tasks.py | 12 +
> .../CVE-2026-26157-CVE-2026-26158-01.patch | 198 +++++++
> .../CVE-2026-26157-CVE-2026-26158-02.patch | 37 ++
> meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
> ...not-trigger-assertion-on-removed-or-.patch | 65 +++
> meta/recipes-core/systemd/systemd_255.21.bb | 1 +
> .../binutils/binutils-2.42.inc | 1 +
> ...tect-against-standard-library-macros.patch | 31 ++
> .../elfutils/elfutils_0.191.bb | 1 +
> ...001-config-eu.am-do-not-force-Werror.patch | 34 ++
> .../libxml-parser-perl/CVE-2006-10003.patch | 73 +++
> .../perl/libxml-parser-perl_2.47.bb | 1 +
> meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
> .../python3-cryptography/CVE-2026-26007.patch | 149 ++++++
> .../python/python3-cryptography_42.0.5.bb | 1 +
> .../python3-pyopenssl/CVE-2026-27448.patch | 124 +++++
> .../python3-pyopenssl/CVE-2026-27459.patch | 109 ++++
> .../python/python3-pyopenssl_24.0.0.bb | 5 +
> meta/recipes-devtools/rust/rust_1.75.0.bb | 2 +
> meta/recipes-extended/timezone/timezone.inc | 6 +-
> .../0001-Fix-discarded-const-qualifiers.patch | 85 +++
> meta/recipes-kernel/dtc/dtc_1.7.0.bb | 1 +
> .../gnutls/gnutls/CVE-2025-14831-1.patch | 61 +++
> .../gnutls/gnutls/CVE-2025-14831-2.patch | 30 ++
> .../gnutls/gnutls/CVE-2025-14831-3.patch | 45 ++
> .../gnutls/gnutls/CVE-2025-14831-4.patch | 200 +++++++
> .../gnutls/gnutls/CVE-2025-14831-5.patch | 500 ++++++++++++++++++
> .../gnutls/gnutls/CVE-2025-14831-6.patch | 119 +++++
> .../gnutls/gnutls/CVE-2025-14831-7.patch | 150 ++++++
> .../gnutls/gnutls/CVE-2025-14831-8.patch | 105 ++++
> .../gnutls/gnutls/CVE-2025-14831-9.patch | 437 +++++++++++++++
> meta/recipes-support/gnutls/gnutls_3.8.4.bb | 9 +
> 34 files changed, 2600 insertions(+), 9 deletions(-)
> create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-01.patch
> create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-02.patch
> create mode 100644 meta/recipes-core/systemd/systemd/0023-journal-file-do-not-trigger-assertion-on-removed-or-.patch
> create mode 100644 meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch
> create mode 100644 meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch
> create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
> create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
> create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
> create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
> create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch
> create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2026-03-29 22:41 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-03 13:37 [OE-core][scarthgap 00/16] Patch review Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 03/16] builder: set CVE_PRODUCT Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 04/16] libsndfile: fix CVE-2024-50612 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 08/16] python3-requests: upgrade 2.32.1 -> 2.32.2 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 09/16] scripts/install-buildtools: Update to 5.0.5 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 10/16] glibc: stable 2.39 branch updates Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 11/16] qemu: upgrade 8.2.3 -> 8.2.7 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 12/16] gcc: add a backport patch to fix an issue with tzdata 2024b Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 13/16] ninja: fix build with python 3.13 Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 14/16] libgcrypt: Fix building error with '-O2' in sysroot path Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 15/16] dropbear: backport fix for concurrent channel open/close Steve Sakoman
2024-12-03 13:37 ` [OE-core][scarthgap 16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2026-03-29 22:37 [OE-core][scarthgap 00/16] Patch review Yoann Congal
2026-03-29 22:41 ` Yoann Congal
2025-07-24 21:35 Steve Sakoman
2025-06-10 19:33 Steve Sakoman
2025-03-05 22:10 Steve Sakoman
2024-09-20 13:38 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox