* [OE-core][kirkstone 00/16] Patch review
@ 2022-09-13 14:17 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2022-09-13 14:17 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4220
The following changes since commit bfce90b1260d07f01a8dc2998c9e63ca36d4ebbe:
npm: use npm_registry to cache package (2022-09-06 07:10:59 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alejandro Hernandez Samaniego (1):
rootfs.py: dont try to list installed packages for baremetal images
Alexandre Belloni (2):
ruby: drop capstone support
runqemu: display host uptime when starting
Joshua Watt (1):
oeqa: qemurunner: Report UNIX Epoch timestamp on login
Khem Raj (2):
autoconf: Fix strict prototype errors in generated tests
autoconf: Update K & R stype functions
Kristian Amlie (1):
externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.
Martin Jansa (1):
libxml2: Port gentest.py to Python-3
Pavel Zhukov (1):
core-image.bbclass: Exclude openssh complementary packages
Peter Bergin (1):
rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is
writable
Peter Kjellerstedt (1):
cairo: Adapt the license information based on what is being built
Richard Purdie (3):
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
wangmy (2):
cracklib: upgrade 2.9.7 -> 2.9.8
vala: upgrade 0.56.2 -> 0.56.3
meta/classes/core-image.bbclass | 4 +
meta/classes/externalsrc.bbclass | 8 +-
meta/classes/kernel.bbclass | 16 +-
meta/classes/rootfs-postcommands.bbclass | 30 +-
meta/lib/oe/rootfs.py | 4 +
meta/lib/oeqa/utils/qemurunner.py | 4 +-
.../0001-Port-gentest.py-to-Python-3.patch | 814 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 11 +
...ilers-that-moan-about-K-R-func-decls.patch | 138 +++
.../autoconf/autoconf_2.71.bb | 1 +
.../gcc/gcc-multilib-config.inc | 2 +-
...001-Remove-dependency-on-libcapstone.patch | 36 +
meta/recipes-devtools/ruby/ruby_3.1.2.bb | 2 +-
meta/recipes-devtools/vala/vala_0.56.2.bb | 3 -
meta/recipes-devtools/vala/vala_0.56.3.bb | 3 +
...01-rules-Drop-using-register-keyword.patch | 278 ------
...rrect-parameter-types-to-Debug-calls.patch | 40 -
.../{cracklib_2.9.7.bb => cracklib_2.9.8.bb} | 4 +-
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 6 +-
scripts/runqemu | 6 +
20 files changed, 1058 insertions(+), 352 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
create mode 100644 meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
delete mode 100644 meta/recipes-devtools/vala/vala_0.56.2.bb
create mode 100644 meta/recipes-devtools/vala/vala_0.56.3.bb
delete mode 100644 meta/recipes-extended/cracklib/cracklib/0001-rules-Drop-using-register-keyword.patch
delete mode 100644 meta/recipes-extended/cracklib/cracklib/0002-rules-Correct-parameter-types-to-Debug-calls.patch
rename meta/recipes-extended/cracklib/{cracklib_2.9.7.bb => cracklib_2.9.8.bb} (83%)
--
2.25.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2023-08-17 2:49 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-08-17 2:49 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 18.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5748
The following changes since commit e1a604db8d2cf8782038b4016cc2e2052467333b:
build-appliance-image: Update to kirkstone head revision (2023-08-07 04:41:22 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Adrian Freihofer (1):
dmidecode: fixup for CVE-2023-30630
Alberto Planas (1):
rpm2cpio.sh: update to the last 4.x version
Alexander Kanavin (1):
libxcrypt: update PV to match SRCREV
Archana Polampalli (2):
ghostscript: fix CVE-2023-38559
qemu: fix CVE-2023-3180
Ashish Sharma (1):
curl: Backport fix CVE-2023-32001
Bruce Ashfield (3):
linux-yocto/5.10: update to v5.10.186
linux-yocto/5.10: update to v5.10.187
linux-yocto/5.10: update to v5.10.188
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Martin Jansa (1):
npm.bbclass: avoid DeprecationWarning with new python
Narpat Mali (1):
python3-certifi: fix CVE-2023-37920
Pavel Zhukov (1):
scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2
Peter Marko (1):
procps: patch CVE-2023-4016
Vivek Kumbhar (1):
qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
handshake can lead to remote unauthenticated denial of service
Yogita Urade (1):
qemu: fix CVE-2020-14394
meta/classes/npm.bbclass | 2 +-
...ibxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} | 0
.../dmidecode/CVE-2023-30630_1a.patch | 236 ++++++++++++++
...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 +++-----
.../dmidecode/CVE-2023-30630_2.patch | 11 +-
.../dmidecode/CVE-2023-30630_3.patch | 60 ++--
.../dmidecode/CVE-2023-30630_4.patch | 149 ++++-----
.../dmidecode/dmidecode_3.3.bb | 3 +-
.../python3-certifi/CVE-2023-37920.patch | 301 ++++++++++++++++++
.../python/python3-certifi_2021.10.8.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2020-14394.patch | 79 +++++
.../qemu/qemu/CVE-2023-3180.patch | 50 +++
.../qemu/qemu/CVE-2023-3354.patch | 87 +++++
.../ghostscript/CVE-2023-38559.patch | 32 ++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../procps/procps/CVE-2023-4016.patch | 85 +++++
meta/recipes-extended/procps/procps_3.3.17.bb | 1 +
.../linux-firmware/linux-firmware_20230515.bb | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
.../curl/curl/CVE-2023-32001.patch | 39 +++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
scripts/rpm2cpio.sh | 30 +-
25 files changed, 1117 insertions(+), 223 deletions(-)
rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%)
create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2023-11-22 2:30 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2023-11-22 2:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 23
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6227
The following changes since commit 4bb6373e5f4a1330a063d1afe855d6c24d5461e7:
python3-jinja2: Fixed ptest result output as per the standard (2023-11-08 04:10:02 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Chaitanya Vadrevu (1):
go: Fix issue in DNS resolver
Deepthi Hemraj (2):
binutils: Fix CVE-2022-47007
binutils: Fix CVE-2022-48064
Lee Chee Yang (1):
ghostscript: ignore GhostPCL CVE-2023-38560
Meenali Gupta (5):
avahi: fix CVE-2023-38471
avahi: fix CVE-2023-38470
avahi: fix CVE-2023-38469
avahi: fix CVE-2023-38472
avahi: fix CVE-2023-38473
Niranjan Pradhan (1):
qemu 6.2.0: Fix CVE-2023-1544
Peter Marko (2):
go: ignore CVE-2023-45283 and CVE-2023-45284
goarch: Move Go architecture mapping to a library
Soumya Sambu (1):
sudo: upgrade 1.9.13p3 -> 1.9.15p2
Vijay Anusuri (1):
tiff: Backport fix for CVE-2023-41175
Wenlin Kang (1):
libxcrypt: fixed some build error for nativesdk with mingw
Yogita Urade (1):
grub: fix CVE-2023-4692
meta/classes/base.bbclass | 2 +-
meta/classes/goarch.bbclass | 27 +----
meta/lib/oe/go.py | 32 ++++++
.../grub/files/CVE-2023-4692.patch | 97 ++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
meta/recipes-connectivity/avahi/avahi_0.8.bb | 5 +
.../avahi/files/CVE-2023-38469.patch | 47 ++++++++
.../avahi/files/CVE-2023-38470.patch | 59 ++++++++++
.../avahi/files/CVE-2023-38471.patch | 73 ++++++++++++
.../avahi/files/CVE-2023-38472.patch | 46 ++++++++
.../avahi/files/CVE-2023-38473.patch | 108 ++++++++++++++++++
.../0001-Fix-for-compilation-on-Windows.patch | 37 ++++++
...dom-bytes.c-fixed-conversion-error-w.patch | 47 ++++++++
meta/recipes-core/libxcrypt/libxcrypt.inc | 4 +
.../binutils/binutils-2.38.inc | 2 +
.../binutils/0033-CVE-2022-47007.patch | 34 ++++++
.../binutils/0034-CVE-2022-48064.patch | 57 +++++++++
meta/recipes-devtools/go/go-1.17.13.inc | 5 +-
...Fix-issue-with-DNS-not-being-updated.patch | 51 +++++++++
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-1544.patch | 70 ++++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 3 +
...me.c-correctly-include-header-for-ou.patch | 25 ----
meta/recipes-extended/sudo/sudo.inc | 5 +-
.../{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} | 3 +-
.../libtiff/tiff/CVE-2023-41175.patch | 69 +++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
27 files changed, 854 insertions(+), 57 deletions(-)
create mode 100644 meta/lib/oe/go.py
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
delete mode 100644 meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
rename meta/recipes-extended/sudo/{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} (92%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2024-02-27 21:56 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-02-27 21:56 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 29
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6616
The following changes since commit 5103ce67741782e43612f495bcc851c6509b734b:
runqemu: direct mesa to use its own drivers, rather than ones provided by host distro (2024-02-25 05:51:38 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Adrian Freihofer (8):
oeqa: replace deprecated assertEquals
oeqa/selftest/recipetool: fix for python 3.12
oeqa/selftest/recipetool: expect meson.bb
oeqa/selftest/oelib/buildhistory: git default branch
feature-microblaze-versions.inc: python 3.12 regex
meta/lib/oeqa: python 3.12 regex
meta/recipes: python 3.12 regex
scripts: python 3.12 regex
Bruce Ashfield (2):
kernel: fix localversion in v6.3+
kernel: make LOCALVERSION consistent between recipes
Chris Laplante (1):
recipetool/create_buildsys_python: use importlib instead of imp
Ming Liu (1):
kernel.bbclass: introduce KERNEL_LOCALVERSION
Ross Burton (3):
populate_sdk_ext: use ConfigParser instead of SafeConfigParser
runqemu: add qmp socket support
oeqa/selftest/recipetool: downgrade meson version to not use
pyproject.toml
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
meta/classes/kernel-arch.bbclass | 1 -
meta/classes/kernel.bbclass | 24 +++++++++++-
meta/classes/kernelsrc.bbclass | 1 +
meta/classes/linux-kernel-base.bbclass | 11 ++++++
meta/classes/module-base.bbclass | 1 +
meta/classes/populate_sdk_ext.bbclass | 2 +-
meta/conf/documentation.conf | 1 +
.../feature-microblaze-versions.inc | 2 +-
meta/lib/oeqa/oetest.py | 2 +-
meta/lib/oeqa/sdk/buildtools-cases/sanity.py | 2 +-
meta/lib/oeqa/selftest/cases/bblayers.py | 2 +-
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/fitimage.py | 6 +--
meta/lib/oeqa/selftest/cases/liboe.py | 2 +-
.../oeqa/selftest/cases/oelib/buildhistory.py | 18 +++++++--
meta/lib/oeqa/selftest/cases/recipetool.py | 19 ++++++----
.../make-mod-scripts/make-mod-scripts_1.0.bb | 3 ++
.../perf/perf/sort-pmuevents.py | 8 ++--
meta/recipes-rt/rt-tests/files/rt_bmark.py | 2 +-
scripts/combo-layer | 2 +-
scripts/contrib/bbvars.py | 6 +--
scripts/contrib/convert-overrides.py | 8 ++--
scripts/lib/checklayer/__init__.py | 4 +-
scripts/lib/recipetool/create.py | 12 +++---
scripts/lib/recipetool/create_buildsys.py | 38 +++++++++----------
.../lib/recipetool/create_buildsys_python.py | 5 +--
scripts/oe-check-sstate | 2 +-
scripts/oe-pkgdata-util | 2 +-
scripts/opkg-query-helper.py | 2 +-
scripts/runqemu | 19 ++++++++--
30 files changed, 134 insertions(+), 75 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2024-10-02 13:12 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2024-10-02 13:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7370
The following changes since commit ff720f337e40761c7d4d544c963cf518ad5403ad:
lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex (2024-09-21 06:18:58 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (3):
install-buildtools: remove md5 checksum validation
install-buildtools: fix "test installation" step
scripts/install-buildtools: Update to 4.0.21
Deepthi Hemraj (3):
gcc: upgrade to v11.5
glibc: stable 2.35 branch updates
bintuils: stable 2.38 branch update
Jinfeng Wang (1):
procps: patch CVE-2023-4016
Martin Jansa (1):
populate_sdk_base: inherit nopackages
Mingli Yu (1):
curl: free old conn better on reuse
Paul Eggleton (1):
install-buildtools: support buildtools-make-tarball and update to 4.1
Peter Marko (4):
gnupg: Document CVE-2022-3219 and mark wontfix
wpa-supplicant: Ignore CVE-2024-5290
wpa-supplicant: Patch CVE-2024-3596
wpa-supplicant: Patch security advisory 2024-2
Purushottam Choudhary (1):
kmscube: Add patch to fix -int-conversion build error
Vijay Anusuri (1):
curl: backport Debian patch for CVE-2024-8096
meta/classes/populate_sdk_base.bbclass | 2 +-
meta/conf/distro/include/maintainers.inc | 2 +-
...valid-Rejected-Groups-element-length.patch | 52 +
...valid-Rejected-Groups-element-length.patch | 50 +
...id-Rejected-Groups-element-in-the-pa.patch | 38 +
.../wpa-supplicant/CVE-2024-3596_00.patch | 82 +
.../wpa-supplicant/CVE-2024-3596_01.patch | 165 +
.../wpa-supplicant/CVE-2024-3596_02.patch | 62 +
.../wpa-supplicant/CVE-2024-3596_03.patch | 37 +
.../wpa-supplicant/CVE-2024-3596_04.patch | 52 +
.../wpa-supplicant/CVE-2024-3596_05.patch | 51 +
.../wpa-supplicant/CVE-2024-3596_06.patch | 46 +
.../wpa-supplicant/CVE-2024-3596_07.patch | 67 +
.../wpa-supplicant/CVE-2024-3596_08.patch | 47 +
.../wpa-supplicant/wpa-supplicant_2.10.bb | 15 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
.../gcc/{gcc-11.4.inc => gcc-11.5.inc} | 8 +-
...ian_11.4.bb => gcc-cross-canadian_11.5.bb} | 0
.../{gcc-cross_11.4.bb => gcc-cross_11.5.bb} | 0
...-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} | 0
...cc-runtime_11.4.bb => gcc-runtime_11.5.bb} | 0
...itizers_11.4.bb => gcc-sanitizers_11.5.bb} | 0
...{gcc-source_11.4.bb => gcc-source_11.5.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 38 -
.../gcc/gcc/CVE-2023-4039.patch | 2893 -----------------
.../gcc/{gcc_11.4.bb => gcc_11.5.bb} | 0
...initial_11.4.bb => libgcc-initial_11.5.bb} | 0
.../gcc/{libgcc_11.4.bb => libgcc_11.5.bb} | 0
...ibgfortran_11.4.bb => libgfortran_11.5.bb} | 0
.../procps/procps/CVE-2023-4016-2.patch | 60 +
meta/recipes-extended/procps/procps_3.3.17.bb | 3 +-
...001-common-fix-cast-type-in-init_egl.patch | 34 +
meta/recipes-graphics/kmscube/kmscube_git.bb | 6 +-
...01-url-free-old-conn-better-on-reuse.patch | 95 +
.../curl/curl/CVE-2024-8096.patch | 210 ++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 2 +
scripts/install-buildtools | 63 +-
39 files changed, 1219 insertions(+), 2967 deletions(-)
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
rename meta/recipes-devtools/gcc/{gcc-11.4.inc => gcc-11.5.inc} (95%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.4.bb => gcc-cross-canadian_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.4.bb => gcc-cross_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.4.bb => gcc-runtime_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.4.bb => gcc-sanitizers_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.4.bb => gcc-source_11.5.bb} (100%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
delete mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
rename meta/recipes-devtools/gcc/{gcc_11.4.bb => gcc_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.4.bb => libgcc-initial_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.4.bb => libgcc_11.5.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.4.bb => libgfortran_11.5.bb} (100%)
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016-2.patch
create mode 100644 meta/recipes-graphics/kmscube/kmscube/0001-common-fix-cast-type-in-init_egl.patch
create mode 100644 meta/recipes-support/curl/curl/0001-url-free-old-conn-better-on-reuse.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-8096.patch
--
2.34.1
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-01-20 17:50 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616 Steve Sakoman
` (15 more replies)
0 siblings, 16 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/842
The following changes since commit 8c32d91b64ae296d7832ddeb42983f4f3c237946:
ofono: fix CVE-2024-7547 (2025-01-14 05:49:41 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.23
Alexander Kanavin (1):
rsync: update 3.2.5 -> 3.2.7
Archana Polampalli (6):
rsync: fix CVE-2024-12084
rsync: fix CVE-2024-12085
rsync: fix CVE-2024-12086
rsync: fix CVE-2024-12087
rsync: fix CVE-2024-12088
rsync: fix CVE-2024-12747
Divya Chellam (1):
wget: fix CVE-2024-10524
Khem Raj (1):
rsync: Delete pedantic errors re-ordering patch
Peter Marko (2):
socat: patch CVE-2024-54661
ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542
Ross Burton (2):
classes/nativesdk: also override TUNE_PKGARCH
classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package
architecture
Zhang Peng (2):
avahi: fix CVE-2024-52616
vte: fix CVE-2024-37535
meta/classes/nativesdk.bbclass | 1 +
meta/classes/qemu.bbclass | 8 +-
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2024-52616.patch | 104 +++++++++
...024-7540_CVE-2024-7541_CVE-2024-7542.patch | 52 +++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
.../socat/socat/CVE-2024-54661.patch | 113 ++++++++++
.../socat/socat_1.7.4.4.bb | 4 +-
meta/recipes-devtools/gcc/gcc-testsuite.inc | 6 +-
...-prototypes-to-function-declarations.patch | 28 ++-
...antic-errors-at-the-end-of-configure.patch | 68 ------
.../rsync/files/CVE-2024-12084-0001.patch | 156 ++++++++++++++
.../rsync/files/CVE-2024-12084-0002.patch | 43 ++++
.../rsync/files/CVE-2024-12085.patch | 32 +++
.../rsync/files/CVE-2024-12086-0001.patch | 42 ++++
.../rsync/files/CVE-2024-12086-0002.patch | 108 ++++++++++
.../rsync/files/CVE-2024-12086-0003.patch | 108 ++++++++++
.../rsync/files/CVE-2024-12086-0004.patch | 41 ++++
.../rsync/files/CVE-2024-12087-0001.patch | 49 +++++
.../rsync/files/CVE-2024-12087-0002.patch | 31 +++
.../rsync/files/CVE-2024-12087-0003.patch | 40 ++++
.../rsync/files/CVE-2024-12088.patch | 141 +++++++++++++
.../rsync/files/CVE-2024-12747.patch | 192 +++++++++++++++++
.../rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} | 15 +-
.../wget/wget/CVE-2024-10524.patch | 197 ++++++++++++++++++
meta/recipes-extended/wget/wget_1.21.4.bb | 1 +
.../vte/vte/CVE-2024-37535-0001.patch | 63 ++++++
.../vte/vte/CVE-2024-37535-0002.patch | 85 ++++++++
meta/recipes-support/vte/vte_0.66.2.bb | 9 +-
scripts/install-buildtools | 4 +-
30 files changed, 1645 insertions(+), 98 deletions(-)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
create mode 100644 meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
delete mode 100644 meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
rename meta/recipes-devtools/rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} (81%)
create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 02/16] socat: patch CVE-2024-54661 Steve Sakoman
` (14 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Zhang Peng <peng.zhang1.cn@windriver.com>
CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]
Upstream patches:
[https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2024-52616.patch | 104 ++++++++++++++++++
2 files changed, 105 insertions(+)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 5d1c86978a..b3739ad2c0 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -35,6 +35,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://CVE-2023-38471-2.patch \
file://CVE-2023-38472.patch \
file://CVE-2023-38473.patch \
+ file://CVE-2024-52616.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
new file mode 100644
index 0000000000..a156f98728
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
@@ -0,0 +1,104 @@
+From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 11 Nov 2024 00:56:09 +0100
+Subject: [PATCH] Properly randomize query id of DNS packets
+
+CVE: CVE-2024-52616
+Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
+ configure.ac | 3 ++-
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 971f5e714..00a15056e 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -40,6 +40,13 @@
+ #include "addr-util.h"
+ #include "rr-util.h"
+
++#ifdef HAVE_SYS_RANDOM_H
++#include <sys/random.h>
++#endif
++#ifndef HAVE_GETRANDOM
++# define getrandom(d, len, flags) (-1)
++#endif
++
+ #define CACHE_ENTRIES_MAX 500
+
+ typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
+@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
+ int fd_ipv4, fd_ipv6;
+ AvahiWatch *watch_ipv4, *watch_ipv6;
+
+- uint16_t next_id;
+-
+ /* Cache */
+ AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+ AvahiHashmap *cache_by_key;
+@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
+ avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
+ }
+
++static uint16_t get_random_uint16(void) {
++ uint16_t next_id;
++
++ if (getrandom(&next_id, sizeof(next_id), 0) == -1)
++ next_id = (uint16_t) rand();
++ return next_id;
++}
++
++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
++ uint16_t next_id;
++
++ next_id = get_random_uint16();
++ while (find_lookup(e, next_id)) {
++ /* This ID is already used, get new. */
++ next_id = get_random_uint16();
++ }
++ return next_id;
++}
++
++
+ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+ AvahiWideAreaLookupEngine *e,
+ AvahiKey *key,
+@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+ /* If more than 65K wide area quries are issued simultaneously,
+ * this will break. This should be limited by some higher level */
+
+- for (;; e->next_id++)
+- if (!find_lookup(e, e->next_id))
+- break; /* This ID is not yet used. */
+-
+- l->id = e->next_id++;
++ l->id = avahi_wide_area_next_id(e);
+
+ /* We keep the packet around in case we need to repeat our query */
+ l->packet = avahi_dns_packet_new(0);
+@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+ e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+
+ e->n_dns_servers = e->current_dns_server = 0;
+- e->next_id = (uint16_t) rand();
+
+ /* Initialize cache */
+ AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
+diff --git a/configure.ac b/configure.ac
+index a3211b80e..31bce3d76 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
+ # whether libc's malloc does too. (Same for realloc.)
+ #AC_FUNC_MALLOC
+ #AC_FUNC_REALLOC
+-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
++AC_CHECK_HEADERS([sys/random.h])
+
+ AC_FUNC_CHOWN
+ AC_FUNC_STAT
+
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 02/16] socat: patch CVE-2024-54661
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 03/16] wget: fix CVE-2024-10524 Steve Sakoman
` (13 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Picked upstream commit
https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f
Since this was the only commit in 1.8.0.2 it also contained release
changes which were dropped.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../socat/socat/CVE-2024-54661.patch | 113 ++++++++++++++++++
.../socat/socat_1.7.4.4.bb | 4 +-
2 files changed, 116 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
diff --git a/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
new file mode 100644
index 0000000000..d1ac148cbd
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
@@ -0,0 +1,113 @@
+From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001
+From: Gerhard Rieger <gerhard@dest-unreach.org>
+Date: Fri, 6 Dec 2024 11:42:09 +0100
+Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in
+ readline.sh
+
+CVE: CVE-2024-54661
+Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ readline.sh | 10 +++++++--
+ test.sh | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 2 deletions(-)
+
+diff --git a/readline.sh b/readline.sh
+index b6f8438..1045303 100755
+--- a/readline.sh
++++ b/readline.sh
+@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
+ else
+ HISTOPT=
+ fi
+-mkdir -p /tmp/$USER || exit 1
+ #
+ #
+
+-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
++if test -w .; then
++ STDERR=./socat-readline.${1##*/}.log
++ rm -f $STDERR
++else
++ STDERR=/dev/null
++fi
++
++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+
+diff --git a/test.sh b/test.sh
+index 46bebf8..5204ac7 100755
+--- a/test.sh
++++ b/test.sh
+@@ -15657,6 +15657,69 @@ esac
+ N=$((N+1))
+
+
++# Test the readline.sh file overwrite vulnerability
++NAME=READLINE_SH_OVERWRITE
++case "$TESTS" in
++*%$N%*|*%functions%*|*%bugs%*|*%readline%*|*%security%*|*%$NAME%*)
++TEST="$NAME: Test the readline.sh file overwrite vulnerability"
++# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file,
++# run readline.sh
++# When the temporary file is kept the test succeeded
++if ! eval $NUMCOND; then :
++elif ! cond=$(checkconds \
++ "" \
++ "" \
++ "readline.sh" \
++ "" \
++ "" \
++ "" \
++ "" ); then
++ $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
++ numCANT=$((numCANT+1))
++ listCANT="$listCANT $N"
++ namesCANT="$namesCANT $NAME"
++else
++ tf="$td/test$N.file"
++ te="$td/test$N.stderr"
++ tdiff="$td/test$N.diff"
++ da="test$N $(date) $RANDOM"
++ echo "$da" >"$tf"
++ ln -sf "$tf" /tmp/$USER/stderr2
++ CMD0="readline.sh cat"
++ printf "test $F_n $TEST... " $N
++ $CMD0 </dev/null >/dev/null 2>"${te}0"
++ rc0=$?
++# if [ "$rc0" -ne 0 ]; then
++# $PRINTF "$CANT (rc0=$rc0)\n"
++# echo "$CMD0"
++# cat "${te}0" >&2
++# numCANT=$((numCANT+1))
++# listCANT="$listCANT $N"
++# namesCANT="$namesCANT $NAME"
++# elif ! echo "$da" |diff - "$tf" >$tdiff; then
++ if ! echo "$da" |diff - "$tf" >$tdiff; then
++ $PRINTF "$FAILED (diff)\n"
++ echo "$CMD0 &"
++ cat "${te}0" >&2
++ echo "// diff:" >&2
++ cat "$tdiff" >&2
++ numFAIL=$((numFAIL+1))
++ listFAIL="$listFAIL $N"
++ namesFAIL="$namesFAIL $NAME"
++ else
++ $PRINTF "$OK\n"
++ if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
++ if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
++ if [ "$VERBOSE" ]; then echo "$CMD1"; fi
++ if [ "$DEBUG" ]; then cat "${te}1" >&2; fi
++ numOK=$((numOK+1))
++ listOK="$listOK $N"
++ fi
++fi # NUMCOND
++ ;;
++esac
++N=$((N+1))
++
+ # end of common tests
+
+ ##################################################################################
+--
+2.30.2
+
diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.4.bb b/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
index 5a379380d1..86ca5879be 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
@@ -9,7 +9,9 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2"
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+ file://CVE-2024-54661.patch \
+ "
SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 03/16] wget: fix CVE-2024-10524
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 02/16] socat: patch CVE-2024-54661 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 04/16] vte: fix CVE-2024-37535 Steve Sakoman
` (12 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
Applications that use Wget to access a remote resource using
shorthand URLs and pass arbitrary user credentials in the URL
are vulnerable. In these cases attackers can enter crafted
credentials which will cause Wget to access an arbitrary host.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-10524
Upstream-patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../wget/wget/CVE-2024-10524.patch | 197 ++++++++++++++++++
meta/recipes-extended/wget/wget_1.21.4.bb | 1 +
2 files changed, 198 insertions(+)
create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch
diff --git a/meta/recipes-extended/wget/wget/CVE-2024-10524.patch b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
new file mode 100644
index 0000000000..21f990ee73
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
@@ -0,0 +1,197 @@
+From c419542d956a2607bbce5df64b9d378a8588d778 Mon Sep 17 00:00:00 2001
+From: Tim Rühsen <tim.ruehsen@gmx.de>
+Date: Sun, 27 Oct 2024 19:53:14 +0100
+Subject: [PATCH] Fix CVE-2024-10524 (drop support for shorthand URLs)
+
+* doc/wget.texi: Add documentation for removed support for shorthand URLs.
+* src/html-url.c (src/html-url.c): Call maybe_prepend_scheme.
+* src/main.c (main): Likewise.
+* src/retr.c (getproxy): Likewise.
+* src/url.c: Rename definition of rewrite_shorthand_url to maybe_prepend_scheme,
+ add new function is_valid_port.
+* src/url.h: Rename declaration of rewrite_shorthand_url to maybe_prepend_scheme.
+
+Reported-by: Goni Golan <gonig@jfrog.com>
+
+CVE: CVE-2024-10524
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ doc/wget.texi | 12 ++++-------
+ src/html-url.c | 2 +-
+ src/main.c | 2 +-
+ src/retr.c | 2 +-
+ src/url.c | 57 ++++++++++++++++----------------------------------
+ src/url.h | 2 +-
+ 6 files changed, 26 insertions(+), 51 deletions(-)
+
+diff --git a/doc/wget.texi b/doc/wget.texi
+index 3c24de2..503a03d 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -314,8 +314,8 @@ for text files. Here is an example:
+ ftp://host/directory/file;type=a
+ @end example
+
+-Two alternative variants of @sc{url} specification are also supported,
+-because of historical (hysterical?) reasons and their widespreaded use.
++The two alternative variants of @sc{url} specifications are no longer
++supported because of security considerations:
+
+ @sc{ftp}-only syntax (supported by @code{NcFTP}):
+ @example
+@@ -327,12 +327,8 @@ host:/dir/file
+ host[:port]/dir/file
+ @end example
+
+-These two alternative forms are deprecated, and may cease being
+-supported in the future.
+-
+-If you do not understand the difference between these notations, or do
+-not know which one to use, just use the plain ordinary format you use
+-with your favorite browser, like @code{Lynx} or @code{Netscape}.
++These two alternative forms have been deprecated long time ago,
++and support is removed with version 1.22.0.
+
+ @c man begin OPTIONS
+
+diff --git a/src/html-url.c b/src/html-url.c
+index 896d6fc..3deea9c 100644
+--- a/src/html-url.c
++++ b/src/html-url.c
+@@ -931,7 +931,7 @@ get_urls_file (const char *file)
+ url_text = merged;
+ }
+
+- new_url = rewrite_shorthand_url (url_text);
++ new_url = maybe_prepend_scheme (url_text);
+ if (new_url)
+ {
+ xfree (url_text);
+diff --git a/src/main.c b/src/main.c
+index d1c3c3e..f1d7792 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -2126,7 +2126,7 @@ only if outputting to a regular file.\n"));
+ struct iri *iri = iri_new ();
+ struct url *url_parsed;
+
+- t = rewrite_shorthand_url (argv[optind]);
++ t = maybe_prepend_scheme (argv[optind]);
+ if (!t)
+ t = argv[optind];
+
+diff --git a/src/retr.c b/src/retr.c
+index 38c9fcf..a124046 100644
+--- a/src/retr.c
++++ b/src/retr.c
+@@ -1493,7 +1493,7 @@ getproxy (struct url *u)
+
+ /* Handle shorthands. `rewritten_storage' is a kludge to allow
+ getproxy() to return static storage. */
+- rewritten_url = rewrite_shorthand_url (proxy);
++ rewritten_url = maybe_prepend_scheme (proxy);
+ if (rewritten_url)
+ return rewritten_url;
+
+diff --git a/src/url.c b/src/url.c
+index 0acd3f3..6868825 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -594,60 +594,39 @@ parse_credentials (const char *beg, const char *end, char **user, char **passwd)
+ return true;
+ }
+
+-/* Used by main.c: detect URLs written using the "shorthand" URL forms
+- originally popularized by Netscape and NcFTP. HTTP shorthands look
+- like this:
+-
+- www.foo.com[:port]/dir/file -> http://www.foo.com[:port]/dir/file
+- www.foo.com[:port] -> http://www.foo.com[:port]
+-
+- FTP shorthands look like this:
+-
+- foo.bar.com:dir/file -> ftp://foo.bar.com/dir/file
+- foo.bar.com:/absdir/file -> ftp://foo.bar.com//absdir/file
++static bool is_valid_port(const char *p)
++{
++ unsigned port = (unsigned) atoi (p);
++ if (port == 0 || port > 65535)
++ return false;
+
+- If the URL needs not or cannot be rewritten, return NULL. */
++ int digits = strspn (p, "0123456789");
++ return digits && (p[digits] == '/' || p[digits] == '\0');
++}
+
++/* Prepend "http://" to url if scheme is missing, otherwise return NULL. */
+ char *
+-rewrite_shorthand_url (const char *url)
++maybe_prepend_scheme (const char *url)
+ {
+- const char *p;
+- char *ret;
+-
+ if (url_scheme (url) != SCHEME_INVALID)
+ return NULL;
+
+- /* Look for a ':' or '/'. The former signifies NcFTP syntax, the
+- latter Netscape. */
+- p = strpbrk (url, ":/");
++ const char *p = strchr (url, ':');
+ if (p == url)
+ return NULL;
+
+ /* If we're looking at "://", it means the URL uses a scheme we
+ don't support, which may include "https" when compiled without
+- SSL support. Don't bogusly rewrite such URLs. */
++ SSL support. Don't bogusly prepend "http://" to such URLs. */
+ if (p && p[0] == ':' && p[1] == '/' && p[2] == '/')
+ return NULL;
+
+- if (p && *p == ':')
+- {
+- /* Colon indicates ftp, as in foo.bar.com:path. Check for
+- special case of http port number ("localhost:10000"). */
+- int digits = strspn (p + 1, "0123456789");
+- if (digits && (p[1 + digits] == '/' || p[1 + digits] == '\0'))
+- goto http;
+-
+- /* Turn "foo.bar.com:path" to "ftp://foo.bar.com/path". */
+- if ((ret = aprintf ("ftp://%s", url)) != NULL)
+- ret[6 + (p - url)] = '/';
+- }
+- else
+- {
+- http:
+- /* Just prepend "http://" to URL. */
+- ret = aprintf ("http://%s", url);
+- }
+- return ret;
++ if (p && p[0] == ':' && !is_valid_port (p + 1))
++ return NULL;
++
++
++ fprintf(stderr, "Prepended http:// to '%s'\n", url);
++ return aprintf ("http://%s", url);
+ }
+
+ static void split_path (const char *, char **, char **);
+diff --git a/src/url.h b/src/url.h
+index fb9da33..5f99b0a 100644
+--- a/src/url.h
++++ b/src/url.h
+@@ -128,7 +128,7 @@ char *uri_merge (const char *, const char *);
+
+ int mkalldirs (const char *);
+
+-char *rewrite_shorthand_url (const char *);
++char *maybe_prepend_scheme (const char *);
+ bool schemes_are_similar_p (enum url_scheme a, enum url_scheme b);
+
+ bool are_urls_equal (const char *u1, const char *u2);
+--
+2.40.0
+
diff --git a/meta/recipes-extended/wget/wget_1.21.4.bb b/meta/recipes-extended/wget/wget_1.21.4.bb
index bc65a8f7c8..b5f50f6c84 100644
--- a/meta/recipes-extended/wget/wget_1.21.4.bb
+++ b/meta/recipes-extended/wget/wget_1.21.4.bb
@@ -1,6 +1,7 @@
SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0002-improve-reproducibility.patch \
file://CVE-2024-38428.patch \
+ file://CVE-2024-10524.patch \
"
SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 04/16] vte: fix CVE-2024-37535
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 03/16] wget: fix CVE-2024-10524 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 05/16] rsync: update 3.2.5 -> 3.2.7 Steve Sakoman
` (11 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Zhang Peng <peng.zhang1.cn@windriver.com>
CVE-2024-37535:
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service
(memory consumption) via a window resize escape sequence, a related
issue to CVE-2000-0476.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-37535]
Upstream patches:
[https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2]
[https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../vte/vte/CVE-2024-37535-0001.patch | 63 ++++++++++++++
.../vte/vte/CVE-2024-37535-0002.patch | 85 +++++++++++++++++++
meta/recipes-support/vte/vte_0.66.2.bb | 9 +-
3 files changed, 155 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch
diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
new file mode 100644
index 0000000000..f7c84323fb
--- /dev/null
+++ b/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
@@ -0,0 +1,63 @@
+From 036bc3ddcbb56f05c6ca76712a53b89dee1369e2 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@src.gnome.org>
+Date: Sun, 2 Jun 2024 19:19:35 +0200
+Subject: [PATCH] emulation: Restrict resize request to sane numbers
+
+Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+(cherry picked from commit fd5511f24b7269195a7083f409244e9787c705dc)
+
+CVE: CVE-2024-37535
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/vteseq.cc | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/vteseq.cc b/src/vteseq.cc
+index 2c5b1e128..5b3f398e2 100644
+--- a/src/vteseq.cc
++++ b/src/vteseq.cc
+@@ -213,9 +213,18 @@ Terminal::emit_bell()
+ /* Emit a "resize-window" signal. (Grid size.) */
+ void
+ Terminal::emit_resize_window(guint columns,
+- guint rows)
+-{
+- _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n");
++ guint rows)
++{
++ // Ignore resizes with excessive number of rows or columns,
++ // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786
++ if (columns < VTE_MIN_GRID_WIDTH ||
++ columns > 511 ||
++ rows < VTE_MIN_GRID_HEIGHT ||
++ rows > 511)
++ return;
++
++ _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n",
++ columns, rows);
+ g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows);
+ }
+
+@@ -4467,8 +4476,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq)
+ else if (param < 24)
+ return;
+
+- _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param);
+-
+ emit_resize_window(m_column_count, param);
+ }
+
+@@ -8990,9 +8997,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq)
+ seq.collect(1, {&height, &width});
+
+ if (width != -1 && height != -1) {
+- _vte_debug_print(VTE_DEBUG_EMULATION,
+- "Resizing window to %d columns, %d rows.\n",
+- width, height);
+ emit_resize_window(width, height);
+ }
+ break;
+--
+GitLab
diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch
new file mode 100644
index 0000000000..c396817060
--- /dev/null
+++ b/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch
@@ -0,0 +1,85 @@
+From c313849c2e5133802e21b13fa0b141b360171d39 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@src.gnome.org>
+Date: Sun, 2 Jun 2024 19:19:35 +0200
+Subject: [PATCH] widget: Add safety limit to widget size requests
+
+https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+(cherry picked from commit 1803ba866053a3d7840892b9d31fe2944a183eda)
+
+CVE: CVE-2024-37535
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+diff --git a/src/vtegtk.cc b/src/vtegtk.cc
+index 24bdd7184..48cae79c1 100644
+--- a/src/vtegtk.cc
++++ b/src/vtegtk.cc
+@@ -91,6 +91,38 @@
+ template<typename T>
+ constexpr bool check_enum_value(T value) noexcept;
+
++static inline void
++sanitise_widget_size_request(int* minimum,
++ int* natural) noexcept
++{
++ // Overly large size requests will make gtk happily allocate
++ // a window size over the window system's limits (see
++ // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786),
++ // leading to aborting the whole process.
++ // The toolkit should be in a better position to know about
++ // these limits and not exceed them (which here is certainly
++ // possible since our minimum sizes are very small), let's
++ // limit the widget's size request to some large value
++ // that hopefully is within the absolute limits of
++ // the window system (assumed here to be int16 range,
++ // and leaving some space for the widgets that contain
++ // the terminal).
++ auto const limit = (1 << 15) - (1 << 12);
++
++ if (*minimum > limit || *natural > limit) {
++ static auto warned = false;
++
++ if (!warned) {
++ g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n",
++ *minimum, *natural);
++ warned = true;
++ }
++ }
++
++ *minimum = std::min(*minimum, limit);
++ *natural = std::clamp(*natural, *minimum, limit);
++}
++
+ struct _VteTerminalClassPrivate {
+ GtkStyleProvider *style_provider;
+ };
+@@ -510,6 +542,7 @@ try
+ {
+ VteTerminal *terminal = VTE_TERMINAL(widget);
+ WIDGET(terminal)->get_preferred_width(minimum_width, natural_width);
++ sanitise_widget_size_request(minimum_width, natural_width);
+ }
+ catch (...)
+ {
+@@ -524,6 +557,7 @@ try
+ {
+ VteTerminal *terminal = VTE_TERMINAL(widget);
+ WIDGET(terminal)->get_preferred_height(minimum_height, natural_height);
++ sanitise_widget_size_request(minimum_height, natural_height);
+ }
+ catch (...)
+ {
+@@ -781,6 +815,7 @@ try
+ WIDGET(terminal)->measure(orientation, for_size,
+ minimum, natural,
+ minimum_baseline, natural_baseline);
++ sanitise_widget_size_request(minimum, natural);
+ }
+ catch (...)
+ {
+--
+GitLab
diff --git a/meta/recipes-support/vte/vte_0.66.2.bb b/meta/recipes-support/vte/vte_0.66.2.bb
index af1c47cf80..365e4361cb 100644
--- a/meta/recipes-support/vte/vte_0.66.2.bb
+++ b/meta/recipes-support/vte/vte_0.66.2.bb
@@ -19,8 +19,13 @@ GIR_MESON_OPTION = 'gir'
inherit gnomebase gtk-doc features_check upstream-version-is-even gobject-introspection
# vapigen.m4 is required when vala is not present (but the one from vala should be used normally)
-SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
- file://0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch"
+SRC_URI += " \
+ file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
+ file://0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch \
+ file://CVE-2024-37535-0001.patch \
+ file://CVE-2024-37535-0002.patch \
+ "
+
SRC_URI[archive.sha256sum] = "e89974673a72a0a06edac6d17830b82bb124decf0cb3b52cebc92ec3ff04d976"
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 05/16] rsync: update 3.2.5 -> 3.2.7
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 04/16] vte: fix CVE-2024-37535 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 06/16] rsync: Delete pedantic errors re-ordering patch Steve Sakoman
` (10 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Rebase patches.
(From OE-Core rev: 827c787893caa973c509acf7cac9e17fec5692a4)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-prototypes-to-function-declarations.patch | 28 +++++++--------
...antic-errors-at-the-end-of-configure.patch | 36 ++++---------------
.../rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} | 2 +-
3 files changed, 20 insertions(+), 46 deletions(-)
rename meta/recipes-devtools/rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} (97%)
diff --git a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch
index 474d82db22..8895adad74 100644
--- a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch
+++ b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch
@@ -1,4 +1,4 @@
-From 785c0072c80c2f6e0839478453cf65fdeac15da0 Mon Sep 17 00:00:00 2001
+From 651425fced0691d9063fe417388ba6ca1c38c40b Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 29 Aug 2022 19:53:28 -0700
Subject: [PATCH] Add missing prototypes to function declarations
@@ -15,6 +15,7 @@ Fixes errors like
Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
checksum.c | 2 +-
exclude.c | 2 +-
@@ -29,23 +30,23 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
10 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/checksum.c b/checksum.c
-index fb8c0a0..174c28c 100644
+index 60de365..67a9e16 100644
--- a/checksum.c
+++ b/checksum.c
-@@ -629,7 +629,7 @@ int sum_end(char *sum)
- return csum_len_for_type(cursum_type, 0);
+@@ -778,7 +778,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list)
}
+ #endif
-void init_checksum_choices()
+void init_checksum_choices(void)
{
- #ifdef SUPPORT_XXH3
- char buf[32816];
+ #if defined SUPPORT_XXH3 || defined USE_OPENSSL
+ struct name_num_item *nni;
diff --git a/exclude.c b/exclude.c
-index adc82e2..79f5a82 100644
+index ffe55b1..a85ea76 100644
--- a/exclude.c
+++ b/exclude.c
-@@ -358,7 +358,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end)
+@@ -363,7 +363,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end)
memcpy(partial_string_buf, s_start, partial_string_len);
}
@@ -53,9 +54,9 @@ index adc82e2..79f5a82 100644
+void free_implied_include_partial_string(void)
{
if (partial_string_buf) {
- free(partial_string_buf);
+ if (partial_string_len)
diff --git a/hlink.c b/hlink.c
-index 66810a3..6511dfb 100644
+index 20291f2..5c26a6b 100644
--- a/hlink.c
+++ b/hlink.c
@@ -117,8 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count)
@@ -82,7 +83,7 @@ index a1a7245..4eae062 100644
/* statistical data */
diff --git a/log.c b/log.c
-index 44344e2..991e359 100644
+index e4ba1cc..8482b71 100644
--- a/log.c
+++ b/log.c
@@ -131,7 +131,7 @@ static void logit(int priority, const char *buf)
@@ -95,7 +96,7 @@ index 44344e2..991e359 100644
int options = LOG_PID;
diff --git a/main.c b/main.c
-index 9ebfbea..affa244 100644
+index d2a7b9b..c50af45 100644
--- a/main.c
+++ b/main.c
@@ -244,7 +244,7 @@ void read_del_stats(int f)
@@ -168,6 +169,3 @@ index bbba7b2..61f8dc9 100644
{
uLong flags;
---
-2.37.2
-
diff --git a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
index 1d9c4bfe48..f11f13dd48 100644
--- a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
+++ b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
@@ -1,4 +1,4 @@
-From e64a58387db46239902b610871a0eb81626e99ff Mon Sep 17 00:00:00 2001
+From e6321b0b456fca987b48d5ec7aba7e2826128e5f Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 18 Aug 2022 07:46:28 -0700
Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure'
@@ -6,37 +6,16 @@ Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure'
Problem reported by Khem Raj in:
https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html
Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html]
+
---
- configure.ac | 35 ++++++++++++++++++++---------------
- 1 file changed, 20 insertions(+), 15 deletions(-)
+ configure.ac | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
diff --git a/configure.ac b/configure.ac
-index d185b2d3..7e9514f7 100644
+index a2c9955..afabef0 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then
- with_included_popt=yes
- fi
-
--if test x"$GCC" = x"yes"; then
-- if test x"$with_included_popt" != x"yes"; then
-- # Turn pedantic warnings into errors to ensure an array-init overflow is an error.
-- CFLAGS="$CFLAGS -pedantic-errors"
-- else
-- # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
-- # turn off pedantic warnings (which will not lose the error for array-init overflow).
-- # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
-- # -Wpedantic and use that as a flag.
-- case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
-- *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
-- esac
-- fi
--fi
--
- AC_MSG_CHECKING([whether to use included libpopt])
- if test x"$with_included_popt" = x"yes"; then
- AC_MSG_RESULT($srcdir/popt)
-@@ -1444,6 +1429,26 @@ case "$CC" in
+@@ -1437,6 +1437,26 @@ case "$CC" in
;;
esac
@@ -63,6 +42,3 @@ index d185b2d3..7e9514f7 100644
AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
AC_OUTPUT
---
-2.37.1
-
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.5.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
similarity index 97%
rename from meta/recipes-devtools/rsync/rsync_3.2.5.bb
rename to meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 983bdd5ab0..84052d0ff1 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.5.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,7 +18,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch \
"
-SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba"
+SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
# -16548 required for v3.1.3pre1. Already in v3.1.3.
CVE_CHECK_IGNORE += " CVE-2017-16548 "
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 06/16] rsync: Delete pedantic errors re-ordering patch
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 05/16] rsync: update 3.2.5 -> 3.2.7 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 07/16] rsync: fix CVE-2024-12084 Steve Sakoman
` (9 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
It has been fixed by removing the check upstream see
https://github.com/WayneD/rsync/commit/9a3449a3980421f84ac55498ba565bc112b20d6c
(From OE-Core rev: c6228b8371ea5c3c452db7b536948ae96d83844b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...antic-errors-at-the-end-of-configure.patch | 44 -------------------
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 -
2 files changed, 45 deletions(-)
delete mode 100644 meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
diff --git a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
deleted file mode 100644
index f11f13dd48..0000000000
--- a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From e6321b0b456fca987b48d5ec7aba7e2826128e5f Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Thu, 18 Aug 2022 07:46:28 -0700
-Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure'
-
-Problem reported by Khem Raj in:
-https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html
-Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html]
-
----
- configure.ac | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index a2c9955..afabef0 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1437,6 +1437,26 @@ case "$CC" in
- ;;
- esac
-
-+# Enable -pedantic-errors last, so that it doesn't mess up other
-+# 'configure' tests. For example, Autoconf uses empty function
-+# prototypes like 'int main () {}' which Clang 15's -pedantic-errors
-+# would reject. Generally it's not a good idea to try to run
-+# 'configure' itself with strict compiler checking.
-+if test x"$GCC" = x"yes"; then
-+ if test x"$with_included_popt" != x"yes"; then
-+ # Turn pedantic warnings into errors to ensure an array-init overflow is an error.
-+ CFLAGS="$CFLAGS -pedantic-errors"
-+ else
-+ # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
-+ # turn off pedantic warnings (which will not lose the error for array-init overflow).
-+ # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
-+ # -Wpedantic and use that as a flag.
-+ case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
-+ *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
-+ esac
-+ fi
-+fi
-+
- AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig])
- AC_OUTPUT
-
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 84052d0ff1..53c2136f4d 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -15,7 +15,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://makefile-no-rebuild.patch \
file://determism.patch \
file://0001-Add-missing-prototypes-to-function-declarations.patch \
- file://0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 07/16] rsync: fix CVE-2024-12084
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 06/16] rsync: Delete pedantic errors re-ordering patch Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 08/16] rsync: fix CVE-2024-12085 Steve Sakoman
` (8 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due
to improper handling of attacker-controlled checksum lengths (s2length) in the code.
When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write
out of bounds in the sum2 buffer.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12084-0001.patch | 156 ++++++++++++++++++
.../rsync/files/CVE-2024-12084-0002.patch | 43 +++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 2 +
3 files changed, 201 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
new file mode 100644
index 0000000000..d654067fab
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
@@ -0,0 +1,156 @@
+From 0902b52f6687b1f7952422080d50b93108742e53 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 29 Oct 2024 22:55:29 -0700
+Subject: [PATCH] Some checksum buffer fixes.
+
+- Put sum2_array into sum_struct to hold an array of sum2 checksums
+ that are each xfer_sum_len bytes.
+- Remove sum2 buf from sum_buf.
+- Add macro sum2_at() to access each sum2 array element.
+- Throw an error if a sums header has an s2length larger than
+ xfer_sum_len.
+
+CVE: CVE-2024-12084
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0902b52f6687b1f7952422080d50b93108742e53]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ io.c | 3 ++-
+ match.c | 8 ++++----
+ rsync.c | 5 ++++-
+ rsync.h | 4 +++-
+ sender.c | 4 +++-
+ 5 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/io.c b/io.c
+index a99ac0ec..bb60eeca 100644
+--- a/io.c
++++ b/io.c
+@@ -55,6 +55,7 @@ extern int read_batch;
+ extern int compat_flags;
+ extern int protect_args;
+ extern int checksum_seed;
++extern int xfer_sum_len;
+ extern int daemon_connection;
+ extern int protocol_version;
+ extern int remove_source_files;
+@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum)
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f);
+- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) {
++ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) {
+ rprintf(FERROR, "Invalid checksum length %d [%s]\n",
+ sum->s2length, who_am_i());
+ exit_cleanup(RERR_PROTOCOL);
+diff --git a/match.c b/match.c
+index cdb30a15..36e78ed2 100644
+--- a/match.c
++++ b/match.c
+@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s,
+ done_csum2 = 1;
+ }
+
+- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) {
++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) {
+ false_alarms++;
+ continue;
+ }
+@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s,
+ if (i != aligned_i) {
+ if (sum != s->sums[aligned_i].sum1
+ || l != s->sums[aligned_i].len
+- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0)
++ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0)
+ goto check_want_i;
+ i = aligned_i;
+ }
+@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s,
+ if (sum != s->sums[i].sum1)
+ goto check_want_i;
+ get_checksum2((char *)map, l, sum2);
+- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0)
++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0)
+ goto check_want_i;
+ /* OK, we have a re-alignment match. Bump the offset
+ * forward to the new match point. */
+@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s,
+ && (!updating_basis_file || s->sums[want_i].offset >= offset
+ || s->sums[want_i].flags & SUMFLG_SAME_OFFSET)
+ && sum == s->sums[want_i].sum1
+- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) {
++ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) {
+ /* we've found an adjacent match - the RLL coder
+ * will be happy */
+ i = want_i;
+diff --git a/rsync.c b/rsync.c
+index cd288f57..b130aba5 100644
+--- a/rsync.c
++++ b/rsync.c
+@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha
+ */
+ void free_sums(struct sum_struct *s)
+ {
+- if (s->sums) free(s->sums);
++ if (s->sums) {
++ free(s->sums);
++ free(s->sum2_array);
++ }
+ free(s);
+ }
+
+diff --git a/rsync.h b/rsync.h
+index d3709fe0..8ddbe702 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -958,12 +958,12 @@ struct sum_buf {
+ uint32 sum1; /**< simple checksum */
+ int32 chain; /**< next hash-table collision */
+ short flags; /**< flag bits */
+- char sum2[SUM_LENGTH]; /**< checksum */
+ };
+
+ struct sum_struct {
+ OFF_T flength; /**< total file length */
+ struct sum_buf *sums; /**< points to info for each chunk */
++ char *sum2_array; /**< checksums of length xfer_sum_len */
+ int32 count; /**< how many chunks */
+ int32 blength; /**< block_length */
+ int32 remainder; /**< flength % block_length */
+@@ -982,6 +982,8 @@ struct map_struct {
+ int status; /* first errno from read errors */
+ };
+
++#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len))
++
+ #define NAME_IS_FILE (0) /* filter name as a file */
+ #define NAME_IS_DIR (1<<0) /* filter name as a dir */
+ #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */
+diff --git a/sender.c b/sender.c
+index 3d4f052e..ab205341 100644
+--- a/sender.c
++++ b/sender.c
+@@ -31,6 +31,7 @@ extern int log_before_transfer;
+ extern int stdout_format_has_i;
+ extern int logfile_format_has_i;
+ extern int want_xattr_optim;
++extern int xfer_sum_len;
+ extern int csum_length;
+ extern int append_mode;
+ extern int copy_links;
+@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f)
+ return(s);
+
+ s->sums = new_array(struct sum_buf, s->count);
++ s->sum2_array = new_array(char, s->count * xfer_sum_len);
+
+ for (i = 0; i < s->count; i++) {
+ s->sums[i].sum1 = read_int(f);
+- read_buf(f, s->sums[i].sum2, s->s2length);
++ read_buf(f, sum2_at(s, i), s->s2length);
+
+ s->sums[i].offset = offset;
+ s->sums[i].flags = 0;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
new file mode 100644
index 0000000000..266b80c241
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
@@ -0,0 +1,43 @@
+From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 5 Nov 2024 11:01:03 -0800
+Subject: [PATCH] Another cast when multiplying integers.
+
+CVE: CVE-2024-12084
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ rsync.h | 2 +-
+ sender.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rsync.h b/rsync.h
+index 8ddbe702..0f9e277f 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -982,7 +982,7 @@ struct map_struct {
+ int status; /* first errno from read errors */
+ };
+
+-#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len))
++#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len))
+
+ #define NAME_IS_FILE (0) /* filter name as a file */
+ #define NAME_IS_DIR (1<<0) /* filter name as a dir */
+diff --git a/sender.c b/sender.c
+index ab205341..2bbff2fa 100644
+--- a/sender.c
++++ b/sender.c
+@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f)
+ return(s);
+
+ s->sums = new_array(struct sum_buf, s->count);
+- s->sum2_array = new_array(char, s->count * xfer_sum_len);
++ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len);
+
+ for (i = 0; i < s->count; i++) {
+ s->sums[i].sum1 = read_int(f);
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 53c2136f4d..749d44948d 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -15,6 +15,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://makefile-no-rebuild.patch \
file://determism.patch \
file://0001-Add-missing-prototypes-to-function-declarations.patch \
+ file://CVE-2024-12084-0001.patch \
+ file://CVE-2024-12084-0002.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 08/16] rsync: fix CVE-2024-12085
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 07/16] rsync: fix CVE-2024-12084 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 09/16] rsync: fix CVE-2024-12086 Steve Sakoman
` (7 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in the rsync daemon which could be triggered when rsync compares
file checksums. This flaw allows an attacker to manipulate the checksum length
(s2length) to cause a comparison between a checksum and uninitialized memory and
leak one byte of uninitialized stack data at a time.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12085.patch | 32 +++++++++++++++++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
new file mode 100644
index 0000000000..165d5a62f9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
@@ -0,0 +1,32 @@
+From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Thu, 14 Nov 2024 09:57:08 +1100
+Subject: [PATCH] prevent information leak off the stack
+
+prevent leak of uninitialised stack data in hash_search
+
+CVE: CVE-2024-12085
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ match.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/match.c b/match.c
+index 36e78ed2..dfd6af2c 100644
+--- a/match.c
++++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+ int more;
+ schar *map;
+
++ // prevent possible memory leaks
++ memset(sum2, 0, sizeof sum2);
++
+ /* want_i is used to encourage adjacent matches, allowing the RLL
+ * coding of the output to work more efficiently. */
+ want_i = 0;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 749d44948d..6f4d539e4a 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://0001-Add-missing-prototypes-to-function-declarations.patch \
file://CVE-2024-12084-0001.patch \
file://CVE-2024-12084-0002.patch \
+ file://CVE-2024-12085.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 09/16] rsync: fix CVE-2024-12086
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 08/16] rsync: fix CVE-2024-12085 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 10/16] rsync: fix CVE-2024-12087 Steve Sakoman
` (6 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in rsync. It could allow a server to enumerate the contents of an
arbitrary file from the client's machine. This issue occurs when files are being
copied from a client to a server. During this process, the rsync server will send
checksums of local data to the client to compare with in order to determine what
data needs to be sent to the server. By sending specially constructed checksum values
for arbitrary files, an attacker may be able to reconstruct the data of those files
byte-by-byte based on the responses from the client.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12086-0001.patch | 42 +++++++
.../rsync/files/CVE-2024-12086-0002.patch | 108 ++++++++++++++++++
.../rsync/files/CVE-2024-12086-0003.patch | 108 ++++++++++++++++++
.../rsync/files/CVE-2024-12086-0004.patch | 41 +++++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 4 +
5 files changed, 303 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
new file mode 100644
index 0000000000..958a25a37b
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
@@ -0,0 +1,42 @@
+From 8ad4b5d912fad1df29717dddaa775724da77d299 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 11:08:03 +1100
+Subject: [PATCH] refuse fuzzy options when fuzzy not selected
+
+this prevents a malicious server providing a file to compare to when
+the user has not given the fuzzy option
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=8ad4b5d912fad1df29717dddaa775724da77d299]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ receiver.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/receiver.c b/receiver.c
+index 6b4b369e..2d7f6033 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern filter_rule_list daemon_filter_list;
+ extern OFF_T preallocated_len;
++extern int fuzzy_basis;
+
+ extern struct name_num_item *xfer_sum_nni;
+ extern int xfer_sum_len;
+@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name)
+ fnamecmp = get_backup_name(fname);
+ break;
+ case FNAMECMP_FUZZY:
++ if (fuzzy_basis == 0) {
++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
++ exit_cleanup(RERR_PROTOCOL);
++ }
+ if (file->dirname) {
+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+ fnamecmp = fnamecmpbuf;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
new file mode 100644
index 0000000000..5d25f12dd8
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
@@ -0,0 +1,108 @@
+From b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 12:26:10 +1100
+Subject: [PATCH] added secure_relative_open()
+
+this is an open that enforces no symlink following for all path
+components in a relative path
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ syscall.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
+
+diff --git a/syscall.c b/syscall.c
+index b4b0f1f1..cffc814b 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -33,6 +33,8 @@
+ #include <sys/syscall.h>
+ #endif
+
++#include "ifuncs.h"
++
+ extern int dry_run;
+ extern int am_root;
+ extern int am_sender;
+@@ -707,3 +709,75 @@ int do_open_nofollow(const char *pathname, int flags)
+
+ return fd;
+ }
++
++/*
++ open a file relative to a base directory. The basedir can be NULL,
++ in which case the current working directory is used. The relpath
++ must be a relative path, and the relpath must not contain any
++ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
++ applies to all path components, not just the last component)
++*/
++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
++{
++ if (!relpath || relpath[0] == '/') {
++ // must be a relative path
++ errno = EINVAL;
++ return -1;
++ }
++
++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
++ // really old system, all we can do is live with the risks
++ if (!basedir) {
++ return open(relpath, flags, mode);
++ }
++ char fullpath[MAXPATHLEN];
++ pathjoin(fullpath, sizeof fullpath, basedir, relpath);
++ return open(fullpath, flags, mode);
++#else
++ int dirfd = AT_FDCWD;
++ if (basedir != NULL) {
++ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
++ if (dirfd == -1) {
++ return -1;
++ }
++ }
++ int retfd = -1;
++
++ char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
++ if (!path_copy) {
++ return -1;
++ }
++
++ for (const char *part = strtok(path_copy, "/");
++ part != NULL;
++ part = strtok(NULL, "/"))
++ {
++ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
++ if (next_fd == -1 && errno == ENOTDIR) {
++ if (strtok(NULL, "/") != NULL) {
++ // this is not the last component of the path
++ errno = ELOOP;
++ goto cleanup;
++ }
++ // this could be the last component of the path, try as a file
++ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
++ goto cleanup;
++ }
++ if (next_fd == -1) {
++ goto cleanup;
++ }
++ if (dirfd != AT_FDCWD) close(dirfd);
++ dirfd = next_fd;
++ }
++
++ // the path must be a directory
++ errno = EINVAL;
++
++cleanup:
++ free(path_copy);
++ if (dirfd != AT_FDCWD) {
++ close(dirfd);
++ }
++ return retfd;
++#endif // O_NOFOLLOW, O_DIRECTORY
++}
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
new file mode 100644
index 0000000000..de1747adf2
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
@@ -0,0 +1,108 @@
+From c35e28331f10ba6eba370611abd78bde32d54da7 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 12:28:13 +1100
+Subject: [PATCH] receiver: use secure_relative_open() for basis file
+
+this prevents attacks where the basis file is manipulated by a
+malicious sender to gain information about files outside the
+destination tree
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c35e28331f10ba6eba370611abd78bde32d54da7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ receiver.c | 42 ++++++++++++++++++++++++++----------------
+ 1 file changed, 26 insertions(+), 16 deletions(-)
+
+diff --git a/receiver.c b/receiver.c
+index 2d7f6033..8031b8f4 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -552,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name)
+ progress_init();
+
+ while (1) {
++ const char *basedir = NULL;
++
+ cleanup_disable();
+
+ /* This call also sets cur_flist. */
+@@ -722,27 +724,29 @@ int recv_files(int f_in, int f_out, char *local_name)
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ if (file->dirname) {
+- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+- fnamecmp = fnamecmpbuf;
+- } else
+- fnamecmp = xname;
++ basedir = file->dirname;
++ }
++ fnamecmp = xname;
+ break;
+ default:
+ if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) {
+ fnamecmp_type -= FNAMECMP_FUZZY + 1;
+ if (file->dirname) {
+- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL);
+- } else
+- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname);
++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname);
++ basedir = fnamecmpbuf;
++ } else {
++ basedir = basis_dir[fnamecmp_type];
++ }
++ fnamecmp = xname;
+ } else if (fnamecmp_type >= basis_dir_cnt) {
+ rprintf(FERROR,
+ "invalid basis_dir index: %d.\n",
+ fnamecmp_type);
+ exit_cleanup(RERR_PROTOCOL);
+- } else
+- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname);
+- fnamecmp = fnamecmpbuf;
++ } else {
++ basedir = basis_dir[fnamecmp_type];
++ fnamecmp = fname;
++ }
+ break;
+ }
+ if (!fnamecmp || (daemon_filter_list.head
+@@ -765,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ }
+
+ /* open the file */
+- fd1 = do_open(fnamecmp, O_RDONLY, 0);
++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+
+ if (fd1 == -1 && protocol_version < 29) {
+ if (fnamecmp != fname) {
+@@ -776,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name)
+
+ if (fd1 == -1 && basis_dir[0]) {
+ /* pre-29 allowed only one alternate basis */
+- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+- basis_dir[0], fname);
+- fnamecmp = fnamecmpbuf;
++ basedir = basis_dir[0];
++ fnamecmp = fname;
+ fnamecmp_type = FNAMECMP_BASIS_DIR_LOW;
+- fd1 = do_open(fnamecmp, O_RDONLY, 0);
++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+ }
+ }
+
++ if (basedir) {
++ // for the following code we need the full
++ // path name as a single string
++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp);
++ fnamecmp = fnamecmpbuf;
++ }
++
+ one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR;
+ updating_basis_or_equiv = one_inplace
+ || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP));
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
new file mode 100644
index 0000000000..b85e1dfae4
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
@@ -0,0 +1,41 @@
+From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Tue, 26 Nov 2024 09:16:31 +1100
+Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open
+
+CVE: CVE-2024-12086
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ syscall.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/syscall.c b/syscall.c
+index cffc814b..081357bb 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags)
+ must be a relative path, and the relpath must not contain any
+ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
+ applies to all path components, not just the last component)
++
++ The relpath must also not contain any ../ elements in the path
+ */
+ int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
+ {
+@@ -724,6 +726,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
+ errno = EINVAL;
+ return -1;
+ }
++ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
++ // no ../ elements allowed in the relpath
++ errno = EINVAL;
++ return -1;
++ }
+
+ #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
+ // really old system, all we can do is live with the risks
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 6f4d539e4a..b6baec63a2 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,6 +18,10 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://CVE-2024-12084-0001.patch \
file://CVE-2024-12084-0002.patch \
file://CVE-2024-12085.patch \
+ file://CVE-2024-12086-0001.patch \
+ file://CVE-2024-12086-0002.patch \
+ file://CVE-2024-12086-0003.patch \
+ file://CVE-2024-12086-0004.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 10/16] rsync: fix CVE-2024-12087
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 09/16] rsync: fix CVE-2024-12086 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 11/16] rsync: fix CVE-2024-12088 Steve Sakoman
` (5 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A path traversal vulnerability exists in rsync. It stems from behavior enabled
by the `--inc-recursive` option, a default-enabled option for many client options
and can be enabled by the server even if not explicitly enabled by the client.
When using the `--inc-recursive` option, a lack of proper symlink verification
coupled with deduplication checks occurring on a per-file-list basis could allow
a server to write files outside of the client's intended destination directory.
A malicious server could write malicious files to arbitrary locations named after
valid directories/paths on the client.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12087-0001.patch | 49 +++++++++++++++++++
.../rsync/files/CVE-2024-12087-0002.patch | 31 ++++++++++++
.../rsync/files/CVE-2024-12087-0003.patch | 40 +++++++++++++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 ++
4 files changed, 123 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
new file mode 100644
index 0000000000..67abc64a62
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
@@ -0,0 +1,49 @@
+From 688f5c379a433038bde36897a156d589be373a98 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 14 Nov 2024 15:46:50 -0800
+Subject: [PATCH] Refuse a duplicate dirlist.
+
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=688f5c379a433038bde36897a156d589be373a98]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ flist.c | 9 +++++++++
+ rsync.h | 1 +
+ 2 files changed, 10 insertions(+)
+
+diff --git a/flist.c b/flist.c
+index 464d556e..847b1054 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+ init_hard_links();
+ #endif
+
++ if (inc_recurse && dir_ndx >= 0) {
++ struct file_struct *file = dir_flist->files[dir_ndx];
++ if (file->flags & FLAG_GOT_DIR_FLIST) {
++ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
++ exit_cleanup(RERR_PROTOCOL);
++ }
++ file->flags |= FLAG_GOT_DIR_FLIST;
++ }
++
+ flist = flist_new(0, "recv_file_list");
+ flist_expand(flist, FLIST_START_LARGE);
+
+diff --git a/rsync.h b/rsync.h
+index 0f9e277f..b9a7101a 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,6 +84,7 @@
+ #define FLAG_DUPLICATE (1<<4) /* sender */
+ #define FLAG_MISSING_DIR (1<<4) /* generator */
+ #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */
++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
new file mode 100644
index 0000000000..8a22e0c371
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
@@ -0,0 +1,31 @@
+From 344327385fa47fa5bb67a32c237735e6240cfb93 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Tue, 26 Nov 2024 16:12:45 +1100
+Subject: [PATCH] range check dir_ndx before use
+
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=344327385fa47fa5bb67a32c237735e6240cfb93]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ flist.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/flist.c b/flist.c
+index 847b1054..087f9da6 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+ #endif
+
+ if (inc_recurse && dir_ndx >= 0) {
++ if (dir_ndx >= dir_flist->used) {
++ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
++ exit_cleanup(RERR_PROTOCOL);
++ }
+ struct file_struct *file = dir_flist->files[dir_ndx];
+ if (file->flags & FLAG_GOT_DIR_FLIST) {
+ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
new file mode 100644
index 0000000000..0ece69c4e7
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
@@ -0,0 +1,40 @@
+From 996af4a79f9afe4d7158ecdd87c78cee382c6b39 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 15 Jan 2025 15:10:24 +0100
+Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
+
+fixes commit 688f5c379a43 (Refuse a duplicate dirlist.)
+
+Fixes: https://github.com/RsyncProject/rsync/issues/702
+Fixes: https://github.com/RsyncProject/rsync/issues/697
+CVE: CVE-2024-12087
+
+Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/996af4a79f9afe4d7158ecdd87c78cee382c6b39]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ rsync.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync.h b/rsync.h
+index 9be1297b..479ac484 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,7 +84,6 @@
+ #define FLAG_DUPLICATE (1<<4) /* sender */
+ #define FLAG_MISSING_DIR (1<<4) /* generator */
+ #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */
+-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
+@@ -93,6 +92,7 @@
+ #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */
+ #define FLAG_TIME_FAILED (1<<11)/* generator */
+ #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */
++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
+
+ /* These flags are passed to functions but not stored. */
+
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index b6baec63a2..bfbe97c57d 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -22,6 +22,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://CVE-2024-12086-0002.patch \
file://CVE-2024-12086-0003.patch \
file://CVE-2024-12086-0004.patch \
+ file://CVE-2024-12087-0001.patch \
+ file://CVE-2024-12087-0002.patch \
+ file://CVE-2024-12087-0003.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 11/16] rsync: fix CVE-2024-12088
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 10/16] rsync: fix CVE-2024-12087 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 12/16] rsync: fix CVE-2024-12747 Steve Sakoman
` (4 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to
properly verify if a symbolic link destination contains another symbolic link within it.
This results in a path traversal vulnerability, which may lead to arbitrary file write
outside the desired directory
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12088.patch | 141 ++++++++++++++++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 +
2 files changed, 142 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
new file mode 100644
index 0000000000..b2a3a86e1a
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
@@ -0,0 +1,141 @@
+From 407c71c7ce562137230e8ba19149c81ccc47c387 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 15:15:53 +1100
+Subject: [PATCH] make --safe-links stricter
+
+when --safe-links is used also reject links where a '../' component is
+included in the destination as other than the leading part of the
+filename
+
+CVE: CVE-2024-12088
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=407c71c7ce562137230e8ba19149c81ccc47c387]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ testsuite/safe-links.test | 55 ++++++++++++++++++++++++++++++++++++
+ testsuite/unsafe-byname.test | 2 +-
+ util1.c | 26 ++++++++++++++++-
+ 3 files changed, 81 insertions(+), 2 deletions(-)
+ create mode 100644 testsuite/safe-links.test
+
+diff --git a/testsuite/safe-links.test b/testsuite/safe-links.test
+new file mode 100644
+index 00000000..6e95a4b9
+--- /dev/null
++++ b/testsuite/safe-links.test
+@@ -0,0 +1,55 @@
++#!/bin/sh
++
++. "$suitedir/rsync.fns"
++
++test_symlink() {
++ is_a_link "$1" || test_fail "File $1 is not a symlink"
++}
++
++test_regular() {
++ if [ ! -f "$1" ]; then
++ test_fail "File $1 is not regular file or not exists"
++ fi
++}
++
++test_notexist() {
++ if [ -e "$1" ]; then
++ test_fail "File $1 exists"
++ fi
++ if [ -h "$1" ]; then
++ test_fail "File $1 exists as a symlink"
++ fi
++}
++
++cd "$tmpdir"
++
++mkdir from
++
++mkdir "from/safe"
++mkdir "from/unsafe"
++
++mkdir "from/safe/files"
++mkdir "from/safe/links"
++
++touch "from/safe/files/file1"
++touch "from/safe/files/file2"
++touch "from/unsafe/unsafefile"
++
++ln -s ../files/file1 "from/safe/links/"
++ln -s ../files/file2 "from/safe/links/"
++ln -s ../../unsafe/unsafefile "from/safe/links/"
++ln -s a/a/a/../../../unsafe2 "from/safe/links/"
++
++#echo "LISTING FROM"
++#ls -lR from
++
++echo "rsync with relative path and just -a"
++$RSYNC -avv --safe-links from/safe/ to
++
++#echo "LISTING TO"
++#ls -lR to
++
++test_symlink to/links/file1
++test_symlink to/links/file2
++test_notexist to/links/unsafefile
++test_notexist to/links/unsafe2
+diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test
+index 75e72014..d2e318ef 100644
+--- a/testsuite/unsafe-byname.test
++++ b/testsuite/unsafe-byname.test
+@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe
+ test_unsafe .. from/file safe
+ test_unsafe ../.. from/file unsafe
+ test_unsafe ..//.. from//file unsafe
+-test_unsafe dir/.. from safe
++test_unsafe dir/.. from unsafe
+ test_unsafe dir/../.. from unsafe
+ test_unsafe dir/..//.. from unsafe
+
+diff --git a/util1.c b/util1.c
+index da50ff1e..f260d398 100644
+--- a/util1.c
++++ b/util1.c
+@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
+ *
+ * "src" is the top source directory currently applicable at the level
+ * of the referenced symlink. This is usually the symlink's full path
+- * (including its name), as referenced from the root of the transfer. */
++ * (including its name), as referenced from the root of the transfer.
++ *
++ * NOTE: this also rejects dest names with a .. component in other
++ * than the first component of the name ie. it rejects names such as
++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or
++ * 'b' could later be replaced with symlinks such as a link to '.'
++ * resulting in the link being transferred now becoming unsafe
++ */
+ int unsafe_symlink(const char *dest, const char *src)
+ {
+ const char *name, *slash;
+@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src)
+ if (!dest || !*dest || *dest == '/')
+ return 1;
+
++ // reject destinations with /../ in the name other than at the start of the name
++ const char *dest2 = dest;
++ while (strncmp(dest2, "../", 3) == 0) {
++ dest2 += 3;
++ while (*dest2 == '/') {
++ // allow for ..//..///../foo
++ dest2++;
++ }
++ }
++ if (strstr(dest2, "/../"))
++ return 1;
++
++ // reject if the destination ends in /..
++ const size_t dlen = strlen(dest);
++ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0)
++ return 1;
++
+ /* find out what our safety margin is */
+ for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
+ /* ".." segment starts the count over. "." segment is ignored. */
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index bfbe97c57d..df3627ed53 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://CVE-2024-12087-0001.patch \
file://CVE-2024-12087-0002.patch \
file://CVE-2024-12087-0003.patch \
+ file://CVE-2024-12088.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 12/16] rsync: fix CVE-2024-12747
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 11/16] rsync: fix CVE-2024-12088 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 13/16] ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542 Steve Sakoman
` (3 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in rsync. This vulnerability arises from a race condition during
rsync's handling of symbolic links. Rsync's default behavior when encountering
symbolic links is to skip them. If an attacker replaced a regular file with a
symbolic link at the right time, it was possible to bypass the default behavior
and traverse symbolic links. Depending on the privileges of the rsync process,
an attacker could leak sensitive information, potentially leading to privilege escalation.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../rsync/files/CVE-2024-12747.patch | 192 ++++++++++++++++++
meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 +
2 files changed, 193 insertions(+)
create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
new file mode 100644
index 0000000000..b1dd0a03b9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
@@ -0,0 +1,192 @@
+From 0590b09d9a34ae72741b91ec0708a820650198b0 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Wed, 18 Dec 2024 08:59:42 +1100
+Subject: [PATCH] fixed symlink race condition in sender
+
+when we open a file that we don't expect to be a symlink use
+O_NOFOLLOW to prevent a race condition where an attacker could change
+a file between being a normal file and a symlink
+
+CVE: CVE-2024-12747
+
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0590b09d9a34ae72741b91ec0708a820650198b0]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ checksum.c | 2 +-
+ flist.c | 2 +-
+ generator.c | 4 ++--
+ receiver.c | 2 +-
+ sender.c | 2 +-
+ syscall.c | 20 ++++++++++++++++++++
+ t_unsafe.c | 3 +++
+ tls.c | 3 +++
+ trimslash.c | 2 ++
+ util1.c | 2 +-
+ 10 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/checksum.c b/checksum.c
+index cb21882c..66e80896 100644
+--- a/checksum.c
++++ b/checksum.c
+@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
+ int32 remainder;
+ int fd;
+
+- fd = do_open(fname, O_RDONLY, 0);
++ fd = do_open_checklinks(fname);
+ if (fd == -1) {
+ memset(sum, 0, file_sum_len);
+ return;
+diff --git a/flist.c b/flist.c
+index 087f9da6..17832533 100644
+--- a/flist.c
++++ b/flist.c
+@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
+
+ if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
+ if (st.st_size == 0) {
+- int fd = do_open(fname, O_RDONLY, 0);
++ int fd = do_open_checklinks(fname);
+ if (fd >= 0) {
+ st.st_size = get_device_size(fd, fname);
+ close(fd);
+diff --git a/generator.c b/generator.c
+index 110db28f..3f13bb95 100644
+--- a/generator.c
++++ b/generator.c
+@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+
+ if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
+ /* This early open into fd skips the regular open below. */
+- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
++ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
+ real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
+ }
+
+@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+ }
+
+ /* open the file */
+- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
++ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
+ rsyserr(FERROR, errno, "failed to open %s, continuing",
+ full_fname(fnamecmp));
+ pretend_missing:
+diff --git a/receiver.c b/receiver.c
+index 8031b8f4..edfbb210 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ if (fnamecmp != fname) {
+ fnamecmp = fname;
+ fnamecmp_type = FNAMECMP_FNAME;
+- fd1 = do_open(fnamecmp, O_RDONLY, 0);
++ fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
+ }
+
+ if (fd1 == -1 && basis_dir[0]) {
+diff --git a/sender.c b/sender.c
+index 2bbff2fa..a4d46c39 100644
+--- a/sender.c
++++ b/sender.c
+@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out)
+ exit_cleanup(RERR_PROTOCOL);
+ }
+
+- fd = do_open(fname, O_RDONLY, 0);
++ fd = do_open_checklinks(fname);
+ if (fd == -1) {
+ if (errno == ENOENT) {
+ enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
+diff --git a/syscall.c b/syscall.c
+index 081357bb..8cea2900 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -45,6 +45,8 @@ extern int preallocate_files;
+ extern int preserve_perms;
+ extern int preserve_executability;
+ extern int open_noatime;
++extern int copy_links;
++extern int copy_unsafe_links;
+
+ #ifndef S_BLKSIZE
+ # if defined hpux || defined __hpux__ || defined __hpux
+@@ -788,3 +790,21 @@ cleanup:
+ return retfd;
+ #endif // O_NOFOLLOW, O_DIRECTORY
+ }
++
++/*
++ varient of do_open/do_open_nofollow which does do_open() if the
++ copy_links or copy_unsafe_links options are set and does
++ do_open_nofollow() otherwise
++
++ This is used to prevent a race condition where an attacker could be
++ switching a file between being a symlink and being a normal file
++
++ The open is always done with O_RDONLY flags
++ */
++int do_open_checklinks(const char *pathname)
++{
++ if (copy_links || copy_unsafe_links) {
++ return do_open(pathname, O_RDONLY, 0);
++ }
++ return do_open_nofollow(pathname, O_RDONLY);
++}
+diff --git a/t_unsafe.c b/t_unsafe.c
+index 010cac50..e10619a2 100644
+--- a/t_unsafe.c
++++ b/t_unsafe.c
+@@ -28,6 +28,9 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 0;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
++
+ short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
+
+ int
+diff --git a/tls.c b/tls.c
+index e6b0708a..858f8f10 100644
+--- a/tls.c
++++ b/tls.c
+@@ -49,6 +49,9 @@ int list_only = 0;
+ int link_times = 0;
+ int link_owner = 0;
+ int nsec_times = 0;
++int safe_symlinks = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+
+ #ifdef SUPPORT_XATTRS
+
+diff --git a/trimslash.c b/trimslash.c
+index 1ec928ca..f2774cd7 100644
+--- a/trimslash.c
++++ b/trimslash.c
+@@ -26,6 +26,8 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 1;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+
+ int
+ main(int argc, char **argv)
+diff --git a/util1.c b/util1.c
+index f260d398..d84bc414 100644
+--- a/util1.c
++++ b/util1.c
+@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
+ int len; /* Number of bytes read into `buf'. */
+ OFF_T prealloc_len = 0, offset = 0;
+
+- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) {
++ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) {
+ int save_errno = errno;
+ rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
+ errno = save_errno;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index df3627ed53..37e79e1e56 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -26,6 +26,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://CVE-2024-12087-0002.patch \
file://CVE-2024-12087-0003.patch \
file://CVE-2024-12088.patch \
+ file://CVE-2024-12747.patch \
"
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 13/16] ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 12/16] rsync: fix CVE-2024-12747 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 14/16] scripts/install-buildtools: Update to 4.0.23 Steve Sakoman
` (2 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Cherry-pick commit
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...024-7540_CVE-2024-7541_CVE-2024-7542.patch | 52 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
new file mode 100644
index 0000000000..0b06e057e5
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
@@ -0,0 +1,52 @@
+From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Tue, 17 Dec 2024 11:31:28 +0200
+Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
+
+Fixes: CVE-2024-7540
+Fixes: CVE-2024-7541
+Fixes: CVE-2024-7542
+
+CVE: CVE-2024-7540
+CVE: CVE-2024-7541
+CVE: CVE-2024-7542
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ drivers/atmodem/sms.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
+index d994856b..0668c631 100644
+--- a/drivers/atmodem/sms.c
++++ b/drivers/atmodem/sms.c
+@@ -412,7 +412,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
+ struct sms_data *data = ofono_sms_get_data(sms);
+ GAtResultIter iter;
+ const char *hexpdu;
+- unsigned char pdu[176];
++ unsigned char pdu[176] = {0};
+ long pdu_len;
+ int tpdu_len;
+
+@@ -479,7 +479,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
+ struct sms_data *data = ofono_sms_get_data(sms);
+ GAtResultIter iter;
+ const char *hexpdu;
+- unsigned char pdu[176];
++ unsigned char pdu[176] = {0};
+ long pdu_len;
+ int tpdu_len;
+
+@@ -661,7 +661,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
+ struct sms_data *data = ofono_sms_get_data(sms);
+ GAtResultIter iter;
+ const char *hexpdu;
+- unsigned char pdu[176];
++ unsigned char pdu[176] = {0};
+ long pdu_len;
+ int tpdu_len;
+ int index;
+--
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 8205ea683d..1083b91d56 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -24,6 +24,7 @@ SRC_URI = "\
file://CVE-2024-7545.patch \
file://CVE-2024-7546.patch \
file://CVE-2024-7547.patch \
+ file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 14/16] scripts/install-buildtools: Update to 4.0.23
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 13/16] ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 15/16] classes/nativesdk: also override TUNE_PKGARCH Steve Sakoman
2025-01-20 17:51 ` [OE-core][kirkstone 16/16] classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Update to the 4.0.23 release of the 4.0 series for buildtools.
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 616330dfdc..01253e5f95 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-4.0.22'
-DEFAULT_INSTALLER_VERSION = '4.0.22'
+DEFAULT_RELEASE = 'yocto-4.0.23'
+DEFAULT_INSTALLER_VERSION = '4.0.23'
DEFAULT_BUILDDATE = '202110XX'
# Python version sanity check
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 15/16] classes/nativesdk: also override TUNE_PKGARCH
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 14/16] scripts/install-buildtools: Update to 4.0.23 Steve Sakoman
@ 2025-01-20 17:50 ` Steve Sakoman
2025-01-20 17:51 ` [OE-core][kirkstone 16/16] classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:50 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
The nativesdk class overrides PACKAGE_ARCH and unsets TUNE_FEATURES, but
as recipes might want to look at TUNE_PKGARCH too (for example, when
setting QEMU_EXTRAOPTIONS) we should also override that variable.
Otherwise, a nativesdk recipe will have the TUNE_PKGARCH of the target,
which leads to errors (eg passing mips arguments to an arm qemu).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05322beb290e1db30bef49b4364f8a8e6e9f7408)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/nativesdk.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/nativesdk.bbclass b/meta/classes/nativesdk.bbclass
index e46739e325..39bd5a7224 100644
--- a/meta/classes/nativesdk.bbclass
+++ b/meta/classes/nativesdk.bbclass
@@ -23,6 +23,7 @@ RECIPE_SYSROOT = "${WORKDIR}/recipe-sysroot"
#
PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}"
PACKAGE_ARCHS = "${SDK_PACKAGE_ARCHS}"
+TUNE_PKGARCH = "${SDK_ARCH}"
#
# We need chrpath >= 0.14 to ensure we can deal with 32 and 64 bit
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 16/16] classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-01-20 17:50 ` [OE-core][kirkstone 15/16] classes/nativesdk: also override TUNE_PKGARCH Steve Sakoman
@ 2025-01-20 17:51 ` Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-01-20 17:51 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Using the package architecture to select the right qemu options to pass
to qemu-user is incorrect, and fails for recipes that set PACKAGE_ARCH
to MACHINE_ARCH (as the qemuppc workarounds suggest) because there are
not typically any options set for the machine name.
Solve this by using TUNE_PKGARCH instead: for the majority of recipes
this is the same value, but for machine-specific recipes it remains the
same instead of changing to the machine name.
This means we can remove the qemuppc workarounds, as they're obsolete.
Also update the gcc-testsuite recipe which uses the same pattern to use
TUNE_PKGARCH, and generalise the else codepath to avoid needing to
update the list of architectures.
[ YOCTO #15647 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/qemu.bbclass | 8 ++------
meta/recipes-devtools/gcc/gcc-testsuite.inc | 6 ++++--
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/meta/classes/qemu.bbclass b/meta/classes/qemu.bbclass
index 7493ac34d4..1b888f4699 100644
--- a/meta/classes/qemu.bbclass
+++ b/meta/classes/qemu.bbclass
@@ -54,8 +54,8 @@ def qemu_run_binary(data, rootfs_path, binary):
# this dance). For others (e.g. arm) a -cpu option is not necessary, since the
# qemu-arm default CPU supports all required architecture levels.
-QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')) or ""}"
-QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${PACKAGE_ARCH}"
+QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH')) or ""}"
+QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${TUNE_PKGARCH}"
QEMU_EXTRAOPTIONS_ppce500v2 = " -cpu e500v2"
QEMU_EXTRAOPTIONS_ppce500mc = " -cpu e500mc"
@@ -65,7 +65,3 @@ QEMU_EXTRAOPTIONS_ppce6500 = " -cpu e500mc"
QEMU_EXTRAOPTIONS_ppc64e6500 = " -cpu e500mc"
QEMU_EXTRAOPTIONS_ppc7400 = " -cpu 7400"
QEMU_EXTRAOPTIONS_powerpc64le = " -cpu POWER9"
-# Some packages e.g. fwupd sets PACKAGE_ARCH = MACHINE_ARCH and uses meson which
-# needs right options to usermode qemu
-QEMU_EXTRAOPTIONS_qemuppc = " -cpu 7400"
-QEMU_EXTRAOPTIONS_qemuppc64 = " -cpu POWER9"
diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc
index 64f60c730f..eaac98f9ba 100644
--- a/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -53,8 +53,10 @@ python check_prepare() {
# - valid for x86*, powerpc, arm, arm64
if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]:
args += ["-cpu", "max"]
- elif qemu_binary.lstrip("qemu-") in ["ppc"]:
- args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split()
+ else:
+ extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH'))
+ if extra:
+ args += extra.split()
sysroot = d.getVar("RECIPE_SYSROOT")
args += ["-L", sysroot]
# lib paths are static here instead of using $libdir since this is used by a -cross recipe
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-03-05 15:58 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-03-05 15:58 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 7
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1121
The following changes since commit 8ea258ad9c83be5d9548a796f7dda4ac820fc435:
elfutils: Fix multiple CVEs (2025-02-28 07:18:33 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Johannes Kauffmann (1):
mesa: Fix missing GLES3 headers in SDK sysroot
Peter Marko (1):
libxml2: mark patch as fixing CVE-2025-27113
Vijay Anusuri (14):
xwayland: Fix CVE-2024-21885
xwayland: Fix CVE-2024-21886
xwayland: Fix CVE-2024-31080
xwayland: Fix CVE-2024-31081
xwayland: Fix CVE-2024-31083
xwayland: Fix CVE-2024-9632
xwayland: Fix CVE-2025-26594
xwayland: Fix CVE-2025-26595
xwayland: Fix CVE-2025-26596
xwayland: Fix CVE-2025-26597
xwayland: Fix CVE-2025-26598
xwayland: Fix CVE-2025-26599
xwayland: Fix CVE-2025-26600
xwayland: Fix CVE-2025-26601
...-child-axis.patch => CVE-2025-27113.patch} | 1 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +-
meta/recipes-graphics/mesa/mesa.inc | 5 +
.../xwayland/xwayland/CVE-2024-21885.patch | 113 +++++++++++++++
.../xwayland/xwayland/CVE-2024-21886-1.patch | 74 ++++++++++
.../xwayland/xwayland/CVE-2024-21886-2.patch | 57 ++++++++
.../xwayland/xwayland/CVE-2024-31080.patch | 49 +++++++
.../xwayland/xwayland/CVE-2024-31081.patch | 47 +++++++
.../xwayland/CVE-2024-31083-0001.patch | 118 ++++++++++++++++
.../xwayland/CVE-2024-31083-0002.patch | 77 ++++++++++
.../xwayland/xwayland/CVE-2024-9632.patch | 59 ++++++++
.../xwayland/xwayland/CVE-2025-26594-1.patch | 54 +++++++
.../xwayland/xwayland/CVE-2025-26594-2.patch | 51 +++++++
.../xwayland/xwayland/CVE-2025-26595.patch | 65 +++++++++
.../xwayland/xwayland/CVE-2025-26596.patch | 49 +++++++
.../xwayland/xwayland/CVE-2025-26597.patch | 46 ++++++
.../xwayland/xwayland/CVE-2025-26598.patch | 120 ++++++++++++++++
.../xwayland/xwayland/CVE-2025-26599-1.patch | 66 +++++++++
.../xwayland/xwayland/CVE-2025-26599-2.patch | 129 +++++++++++++++++
.../xwayland/xwayland/CVE-2025-26600.patch | 68 +++++++++
.../xwayland/xwayland/CVE-2025-26601-1.patch | 71 ++++++++++
.../xwayland/xwayland/CVE-2025-26601-2.patch | 85 +++++++++++
.../xwayland/xwayland/CVE-2025-26601-3.patch | 52 +++++++
.../xwayland/xwayland/CVE-2025-26601-4.patch | 132 ++++++++++++++++++
.../xwayland/xwayland_22.1.8.bb | 21 +++
25 files changed, 1610 insertions(+), 1 deletion(-)
rename meta/recipes-core/libxml/libxml2/{0001-pattern-Fix-compilation-of-explicit-child-axis.patch => CVE-2025-27113.patch} (98%)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21885.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31080.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31081.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
* [OE-core][kirkstone 00/16] Patch review
@ 2025-07-15 20:36 Steve Sakoman
0 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, July 17
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2021
The following changes since commit a7cea8a5c91d26ba7c3f72448f0897f5c2f81fd1:
linux-yocto/5.15: update to v5.15.186 (2025-07-08 09:05:09 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
openssl: fix CVE-2024-41996
ofono: fix CVE-2023-4232
ofono: fix CVE-2023-4235
gdk-pixbuf: fix CVE-2025-7345
Chen Qi (2):
coreutils: fix CVE-2025-5278
sudo: upgrade from 1.9.15p2 to 1.9.15p5
Deepesh Varatharajan (1):
bintuils: stable 2.38 branch update
Guocai He (1):
tcf-agent: correct the SRC_URI
Hitendra Prajapati (1):
libxml2: fix CVE-2025-49794 & CVE-2025-49796
Peter Marko (4):
python3: update CVE product
openssl: upgrade 3.0.16 -> 3.0.17
ghostscript: ignore CVE-2025-46646
iputils: patch CVE-2025-48964
Praveen Kumar (1):
sudo: upgrade 1.9.15p5 -> 1.9.17p1
Ross Burton (1):
oeqa/core/decorator: add decorators to skip based on HOST_ARCH
Steve Sakoman (1):
Revert "coreutils: fix CVE-2025-5278"
meta/lib/oeqa/core/decorator/data.py | 24 +++
.../ofono/ofono/CVE-2023-4232.patch | 30 +++
.../ofono/ofono/CVE-2023-4235.patch | 37 ++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 2 +
.../openssl/openssl/CVE-2024-41996.patch | 48 +++++
.../{openssl_3.0.16.bb => openssl_3.0.17.bb} | 3 +-
.../coreutils/coreutils/CVE-2025-5278.patch | 10 +-
.../CVE-2025-49794-CVE-2025-49796.patch | 181 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
.../binutils/binutils-2.38.inc | 2 +-
.../python/python3_3.10.18.bb | 2 +-
.../tcf-agent/tcf-agent_git.bb | 2 +-
.../ghostscript/ghostscript_9.55.0.bb | 2 +
.../iputils/iputils/CVE-2025-48964.patch | 99 ++++++++++
.../iputils/iputils_20211215.bb | 1 +
...o.conf.in-fix-conflict-with-multilib.patch | 7 +-
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb} | 54 +++++-
.../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 ++++++
.../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 1 +
20 files changed, 548 insertions(+), 15 deletions(-)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} (98%)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb} (52%)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
--
2.43.0
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2025-07-15 20:36 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-20 17:50 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 02/16] socat: patch CVE-2024-54661 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 03/16] wget: fix CVE-2024-10524 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 04/16] vte: fix CVE-2024-37535 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 05/16] rsync: update 3.2.5 -> 3.2.7 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 06/16] rsync: Delete pedantic errors re-ordering patch Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 07/16] rsync: fix CVE-2024-12084 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 08/16] rsync: fix CVE-2024-12085 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 09/16] rsync: fix CVE-2024-12086 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 10/16] rsync: fix CVE-2024-12087 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 11/16] rsync: fix CVE-2024-12088 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 12/16] rsync: fix CVE-2024-12747 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 13/16] ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 14/16] scripts/install-buildtools: Update to 4.0.23 Steve Sakoman
2025-01-20 17:50 ` [OE-core][kirkstone 15/16] classes/nativesdk: also override TUNE_PKGARCH Steve Sakoman
2025-01-20 17:51 ` [OE-core][kirkstone 16/16] classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-03-05 15:58 Steve Sakoman
2024-10-02 13:12 Steve Sakoman
2024-02-27 21:56 Steve Sakoman
2023-11-22 2:30 Steve Sakoman
2023-08-17 2:49 Steve Sakoman
2022-09-13 14:17 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox