* [OE-core][scarthgap 1/8] ofono: patch CVE-2024-7537
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 2/8] go: fix CVE-2025-22870 Steve Sakoman
` (6 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit
https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2024-7537.patch | 59 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_2.4.bb | 1 +
2 files changed, 60 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
new file mode 100644
index 0000000000..6e131121f2
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
@@ -0,0 +1,59 @@
+From e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Sun, 16 Mar 2025 12:26:42 +0200
+Subject: [PATCH] qmi: sms: Fix possible out-of-bounds read
+
+Fixes: CVE-2024-7537
+
+CVE: CVE-2024-7537
+Upstream-Status: Backport [https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ drivers/qmimodem/sms.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/qmimodem/sms.c b/drivers/qmimodem/sms.c
+index 3e2bef6e..75863480 100644
+--- a/drivers/qmimodem/sms.c
++++ b/drivers/qmimodem/sms.c
+@@ -467,6 +467,8 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+ const struct qmi_wms_result_msg_list *list;
+ uint32_t cnt = 0;
+ uint16_t tmp;
++ uint16_t length;
++ size_t msg_size;
+
+ DBG("");
+
+@@ -476,7 +478,7 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+ goto done;
+ }
+
+- list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, NULL);
++ list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, &length);
+ if (list == NULL) {
+ DBG("Err: get msg list empty");
+ goto done;
+@@ -485,6 +487,13 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+ cnt = GUINT32_FROM_LE(list->cnt);
+ DBG("msgs found %d", cnt);
+
++ msg_size = cnt * sizeof(list->msg[0]);
++
++ if (length != sizeof(list->cnt) + msg_size) {
++ DBG("Err: invalid msg list count");
++ goto done;
++ }
++
+ for (tmp = 0; tmp < cnt; tmp++) {
+ DBG("unread type %d ndx %d", list->msg[tmp].type,
+ GUINT32_FROM_LE(list->msg[tmp].ndx));
+@@ -498,8 +507,6 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data)
+
+ /* save list and get 1st msg */
+ if (cnt) {
+- int msg_size = cnt * sizeof(list->msg[0]);
+-
+ data->msg_list = g_try_malloc0(sizeof(list->cnt) + msg_size);
+ if (data->msg_list == NULL)
+ goto done;
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index 5ae63e6ef6..2cf6438117 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -25,6 +25,7 @@ SRC_URI = "\
file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
file://CVE-2023-4232.patch \
file://CVE-2023-4235.patch \
+ file://CVE-2024-7537.patch \
"
SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 2/8] go: fix CVE-2025-22870
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 1/8] ofono: patch CVE-2024-7537 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 3/8] cve-update-nvd2-native: add workaround for json5 style list Steve Sakoman
` (5 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID
as a hostname component. For example, when the NO_PROXY environment variable
is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly
match and not be proxied.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2025-22870.patch | 80 +++++++++++++++++++
2 files changed, 81 insertions(+)
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22870.patch
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index 05aa3a95b6..df77794506 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -14,5 +14,6 @@ SRC_URI += "\
file://0007-exec.go-filter-out-build-specific-paths-from-linker-.patch \
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
+ file://CVE-2025-22870.patch \
"
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go/CVE-2025-22870.patch b/meta/recipes-devtools/go/go/CVE-2025-22870.patch
new file mode 100644
index 0000000000..6ed394c8e5
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-22870.patch
@@ -0,0 +1,80 @@
+From 25177ecde0922c50753c043579d17828b7ee88e7 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 26 Feb 2025 16:08:57 -0800
+Subject: [PATCH] all: updated vendored x/net with security fix
+
+0b6d719 [internal-branch.go1.23-vendor] proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
+
+Fixes CVE-2025-22870
+For #71985
+
+Change-Id: Ib72c96bd0ab44d9ed2ac1428e0a9fc245464b3fc
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2141
+Commit-Queue: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/654695
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Michael Pratt <mpratt@google.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Junyang Shao <shaojunyang@google.com>
+
+CVE: CVE-2025-22870
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/cmd/internal/moddeps/moddeps_test.go | 1 +
+ src/vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
+index 3d4c99e..ffaa16c 100644
+--- a/src/cmd/internal/moddeps/moddeps_test.go
++++ b/src/cmd/internal/moddeps/moddeps_test.go
+@@ -33,6 +33,7 @@ import (
+ // See issues 36852, 41409, and 43687.
+ // (Also see golang.org/issue/27348.)
+ func TestAllDependencies(t *testing.T) {
++ t.Skip("TODO(#71985) 1.23.7 contains unreleased changes from vendored modules")
+ goBin := testenv.GoToolPath(t)
+
+ // Ensure that all packages imported within GOROOT
+diff --git a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
+index c3bd9a1..864961c 100644
+--- a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
++++ b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go
+@@ -14,6 +14,7 @@ import (
+ "errors"
+ "fmt"
+ "net"
++ "net/netip"
+ "net/url"
+ "os"
+ "strings"
+@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool {
+ if host == "localhost" {
+ return false
+ }
+- ip := net.ParseIP(host)
+- if ip != nil {
++ nip, err := netip.ParseAddr(host)
++ var ip net.IP
++ if err == nil {
++ ip = net.IP(nip.AsSlice())
+ if ip.IsLoopback() {
+ return false
+ }
+@@ -363,6 +366,9 @@ type domainMatch struct {
+ }
+
+ func (m domainMatch) match(host, port string, ip net.IP) bool {
++ if ip != nil {
++ return false
++ }
+ if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) {
+ return m.port == "" || m.port == port
+ }
+--
+2.40.0
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 3/8] cve-update-nvd2-native: add workaround for json5 style list
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 1/8] ofono: patch CVE-2024-7537 Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 2/8] go: fix CVE-2025-22870 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 4/8] xz: upgrade 5.4.6 -> 5.4.7 Steve Sakoman
` (4 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
NVD responses changed to an invalid json between:
* April 5, 2025 at 3:03:44 AM GMT+2
* April 5, 2025 at 4:19:48 AM GMT+2
The last response is since then in format
{
"resultsPerPage": 625,
"startIndex": 288000,
"totalResults": 288625,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2025-04-07T07:17:17.534",
"vulnerabilities": [
{...},
...
{...},
]
}
Json does not allow trailing , in responses, that is json5 format.
So cve-update-nvd2-native do_Fetch task fails with log backtrace ending:
...
File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file
0230: if raw_data is None:
0231: # We haven't managed to download data
0232: return False
0233:
*** 0234: data = json.loads(raw_data)
0235:
0236: index = data["startIndex"]
0237: total = data["totalResults"]
0238: per_page = data["resultsPerPage"]
...
File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode
0351: """
0352: try:
0353: obj, end = self.scan_once(s, idx)
0354: except StopIteration as err:
*** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None
0356: return obj, end
Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632)
...
There was no announcement about json format of API v2.0 by nvd.
Also this happens only if whole database is queried (database update is
fine, even when multiple pages as queried).
And lastly it's only the cve list, all other lists inside are fine.
So this looks like a bug in NVD 2.0 introduced with some update.
Patch this with simple character deletion for now and let's monitor the
situation and possibly switch to json5 in the future.
Note that there is no native json5 support in python, we'd have to use
one of external libraries for it.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e526327f5c9e739ac7981e4a43a4ce53a908945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 99acead18d..74c780493d 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -231,6 +231,11 @@ def update_db_file(db_tmp_file, d, database_time):
# We haven't managed to download data
return False
+ # hack for json5 style responses
+ if raw_data[-3:] == ',]}':
+ bb.note("Removing trailing ',' from nvd response")
+ raw_data = raw_data[:-3] + ']}'
+
data = json.loads(raw_data)
index = data["startIndex"]
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 4/8] xz: upgrade 5.4.6 -> 5.4.7
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-04-11 20:33 ` [OE-core][scarthgap 3/8] cve-update-nvd2-native: add workaround for json5 style list Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 5/8] xz: patch CVE-2025-31115 Steve Sakoman
` (3 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
License-Update: homepage update in [1]
[1] https://github.com/tukaani-project/xz/commit/c5c091332c6953a0ce940cb355ea9e99491429fc
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.4.7.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.4.7.bb} (94%)
diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.4.7.bb
similarity index 94%
rename from meta/recipes-extended/xz/xz_5.4.6.bb
rename to meta/recipes-extended/xz/xz_5.4.7.bb
index 3f82e476bf..53e5276951 100644
--- a/meta/recipes-extended/xz/xz_5.4.6.bb
+++ b/meta/recipes-extended/xz/xz_5.4.7.bb
@@ -17,7 +17,7 @@ LICENSE:${PN}-dbg = "GPL-2.0-or-later"
LICENSE:${PN}-locale = "GPL-2.0-or-later"
LICENSE:liblzma = "PD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \
file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \
@@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \
SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \
file://run-ptest \
"
-SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c"
+SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723836e71"
UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/"
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 5/8] xz: patch CVE-2025-31115
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-04-11 20:33 ` [OE-core][scarthgap 4/8] xz: upgrade 5.4.6 -> 5.4.7 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 6/8] go: fix CVE-2025-22871 Steve Sakoman
` (2 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Cherry-pick commits from [1] linked from [2] from branch v5.4
[1] https://tukaani.org/xz/xz-cve-2025-31115.patch
[2] https://tukaani.org/xz/threaded-decoder-early-free.html
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xz/xz/CVE-2025-31115-01.patch | 29 ++++
.../xz/xz/CVE-2025-31115-02.patch | 152 ++++++++++++++++++
.../xz/xz/CVE-2025-31115-03.patch | 98 +++++++++++
.../xz/xz/CVE-2025-31115-04.patch | 56 +++++++
meta/recipes-extended/xz/xz_5.4.7.bb | 4 +
5 files changed, 339 insertions(+)
create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
new file mode 100644
index 0000000000..efbb9b1e12
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
@@ -0,0 +1,29 @@
+From bdb788137e1f1d967e0c9d885b859e5b95c1b5bf Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 1/4] liblzma: mt dec: Fix a comment
+
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit 831b55b971cf579ee16a854f177c36b20d3c6999)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/bdb788137e1f1d967e0c9d885b859e5b95c1b5bf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 76212b46..8b378852 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -348,7 +348,7 @@ worker_enable_partial_update(void *thr_ptr)
+
+
+ /// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->mutex locked.
++/// This is called with thr->coder->mutex locked.
+ static void
+ worker_stop(struct worker_thread *thr)
+ {
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
new file mode 100644
index 0000000000..9a1351961d
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
@@ -0,0 +1,152 @@
+From 2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 2/4] liblzma: mt dec: Simplify by removing the THR_STOP state
+
+The main thread can directly set THR_IDLE in threads_stop() which is
+called when errors are detected. threads_stop() won't return the stopped
+threads to the pool or free the memory pointed by thr->in anymore, but
+it doesn't matter because the existing workers won't be reused after
+an error. The resources will be cleaned up when threads_end() is
+called (reinitializing the decoder always calls threads_end()).
+
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit c0c835964dfaeb2513a3c0bdb642105152fe9f34)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 75 ++++++++++----------------
+ 1 file changed, 29 insertions(+), 46 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 8b378852..e8e53587 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -24,15 +24,10 @@ typedef enum {
+ THR_IDLE,
+
+ /// Decoding is in progress.
+- /// Main thread may change this to THR_STOP or THR_EXIT.
++ /// Main thread may change this to THR_IDLE or THR_EXIT.
+ /// The worker thread may change this to THR_IDLE.
+ THR_RUN,
+
+- /// The main thread wants the thread to stop whatever it was doing
+- /// but not exit. Main thread may change this to THR_EXIT.
+- /// The worker thread may change this to THR_IDLE.
+- THR_STOP,
+-
+ /// The main thread wants the thread to exit.
+ THR_EXIT,
+
+@@ -347,27 +342,6 @@ worker_enable_partial_update(void *thr_ptr)
+ }
+
+
+-/// Things do to at THR_STOP or when finishing a Block.
+-/// This is called with thr->coder->mutex locked.
+-static void
+-worker_stop(struct worker_thread *thr)
+-{
+- // Update memory usage counters.
+- thr->coder->mem_in_use -= thr->in_size;
+- thr->in_size = 0; // thr->in was freed above.
+-
+- thr->coder->mem_in_use -= thr->mem_filters;
+- thr->coder->mem_cached += thr->mem_filters;
+-
+- // Put this thread to the stack of free threads.
+- thr->next = thr->coder->threads_free;
+- thr->coder->threads_free = thr;
+-
+- mythread_cond_signal(&thr->coder->cond);
+- return;
+-}
+-
+-
+ static MYTHREAD_RET_TYPE
+ worker_decoder(void *thr_ptr)
+ {
+@@ -398,17 +372,6 @@ next_loop_unlocked:
+ return MYTHREAD_RET_VALUE;
+ }
+
+- if (thr->state == THR_STOP) {
+- thr->state = THR_IDLE;
+- mythread_mutex_unlock(&thr->mutex);
+-
+- mythread_sync(thr->coder->mutex) {
+- worker_stop(thr);
+- }
+-
+- goto next_loop_lock;
+- }
+-
+ assert(thr->state == THR_RUN);
+
+ // Update progress info for get_progress().
+@@ -511,7 +474,22 @@ next_loop_unlocked:
+ && thr->coder->thread_error == LZMA_OK)
+ thr->coder->thread_error = ret;
+
+- worker_stop(thr);
++ // Return the worker thread to the stack of available
++ // threads.
++ {
++ // Update memory usage counters.
++ thr->coder->mem_in_use -= thr->in_size;
++ thr->in_size = 0; // thr->in was freed above.
++
++ thr->coder->mem_in_use -= thr->mem_filters;
++ thr->coder->mem_cached += thr->mem_filters;
++
++ // Put this thread to the stack of free threads.
++ thr->next = thr->coder->threads_free;
++ thr->coder->threads_free = thr;
++ }
++
++ mythread_cond_signal(&thr->coder->cond);
+ }
+
+ goto next_loop_lock;
+@@ -545,17 +523,22 @@ threads_end(struct lzma_stream_coder *coder, const lzma_allocator *allocator)
+ }
+
+
++/// Tell worker threads to stop without doing any cleaning up.
++/// The clean up will be done when threads_exit() is called;
++/// it's not possible to reuse the threads after threads_stop().
++///
++/// This is called before returning an unrecoverable error code
++/// to the application. It would be waste of processor time
++/// to keep the threads running in such a situation.
+ static void
+ threads_stop(struct lzma_stream_coder *coder)
+ {
+ for (uint32_t i = 0; i < coder->threads_initialized; ++i) {
++ // The threads that are in the THR_RUN state will stop
++ // when they check the state the next time. There's no
++ // need to signal coder->threads[i].cond.
+ mythread_sync(coder->threads[i].mutex) {
+- // The state must be changed conditionally because
+- // THR_IDLE -> THR_STOP is not a valid state change.
+- if (coder->threads[i].state != THR_IDLE) {
+- coder->threads[i].state = THR_STOP;
+- mythread_cond_signal(&coder->threads[i].cond);
+- }
++ coder->threads[i].state = THR_IDLE;
+ }
+ }
+
+@@ -1949,7 +1932,7 @@ stream_decoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator,
+ // accounting from scratch, too. Changes in filter and block sizes may
+ // affect number of threads.
+ //
+- // FIXME? Reusing should be easy but unlike the single-threaded
++ // Reusing threads doesn't seem worth it. Unlike the single-threaded
+ // decoder, with some types of input file combinations reusing
+ // could leave quite a lot of memory allocated but unused (first
+ // file could allocate a lot, the next files could use fewer
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
new file mode 100644
index 0000000000..a40a024cb0
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
@@ -0,0 +1,98 @@
+From 9a9c17712bd2a070581d9239692e527a2fe13845 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 3/4] liblzma: mt dec: Don't free the input buffer too early
+ (CVE-2025-31115)
+
+The input buffer must be valid as long as the main thread is writing
+to the worker-specific input buffer. Fix it by making the worker
+thread not free the buffer on errors and not return the worker thread to
+the pool. The input buffer will be freed when threads_end() is called.
+
+With invalid input, the bug could at least result in a crash. The
+effects include heap use after free and writing to an address based
+on the null pointer plus an offset.
+
+The bug has been there since the first committed version of the threaded
+decoder and thus affects versions from 5.3.3alpha to 5.8.0.
+
+As the commit message in 4cce3e27f529 says, I had made significant
+changes on top of Sebastian's patch. This bug was indeed introduced
+by my changes; it wasn't in Sebastian's version.
+
+Thanks to Harri K. Koskinen for discovering and reporting this issue.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reported-by: Harri K. Koskinen <x64nop@nannu.org>
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit d5a2ffe41bb77b918a8c96084885d4dbe4bf6480)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/9a9c17712bd2a070581d9239692e527a2fe13845]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 31 ++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index e8e53587..259c4c65 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -436,8 +436,7 @@ next_loop_unlocked:
+ }
+
+ // Either we finished successfully (LZMA_STREAM_END) or an error
+- // occurred. Both cases are handled almost identically. The error
+- // case requires updating thr->coder->thread_error.
++ // occurred.
+ //
+ // The sizes are in the Block Header and the Block decoder
+ // checks that they match, thus we know these:
+@@ -445,16 +444,30 @@ next_loop_unlocked:
+ assert(ret != LZMA_STREAM_END
+ || thr->out_pos == thr->block_options.uncompressed_size);
+
+- // Free the input buffer. Don't update in_size as we need
+- // it later to update thr->coder->mem_in_use.
+- lzma_free(thr->in, thr->allocator);
+- thr->in = NULL;
+-
+ mythread_sync(thr->mutex) {
++ // Block decoder ensures this, but do a sanity check anyway
++ // because thr->in_filled < thr->in_size means that the main
++ // thread is still writing to thr->in.
++ if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) {
++ assert(0);
++ ret = LZMA_PROG_ERROR;
++ }
++
+ if (thr->state != THR_EXIT)
+ thr->state = THR_IDLE;
+ }
+
++ // Free the input buffer. Don't update in_size as we need
++ // it later to update thr->coder->mem_in_use.
++ //
++ // This step is skipped if an error occurred because the main thread
++ // might still be writing to thr->in. The memory will be freed after
++ // threads_end() sets thr->state = THR_EXIT.
++ if (ret == LZMA_STREAM_END) {
++ lzma_free(thr->in, thr->allocator);
++ thr->in = NULL;
++ }
++
+ mythread_sync(thr->coder->mutex) {
+ // Move our progress info to the main thread.
+ thr->coder->progress_in += thr->in_pos;
+@@ -475,8 +488,8 @@ next_loop_unlocked:
+ thr->coder->thread_error = ret;
+
+ // Return the worker thread to the stack of available
+- // threads.
+- {
++ // threads only if no errors occurred.
++ if (ret == LZMA_STREAM_END) {
+ // Update memory usage counters.
+ thr->coder->mem_in_use -= thr->in_size;
+ thr->in_size = 0; // thr->in was freed above.
diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
new file mode 100644
index 0000000000..8dea412281
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
@@ -0,0 +1,56 @@
+From c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Thu, 3 Apr 2025 14:34:42 +0300
+Subject: [PATCH 4/4] liblzma: mt dec: Don't modify thr->in_size in the worker
+ thread
+
+Don't set thr->in_size = 0 when returning the thread to the stack of
+available threads. Not only is it useless, but the main thread may
+read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made
+no difference if the main thread saw the original value or 0. With
+invalid inputs (when worker thread stops early), thr->in_size was
+no longer modified after the previous commit with the security fix
+("Don't free the input buffer too early").
+
+So while the bug appears harmless now, it's important to fix it because
+the variable was being modified without proper locking. It's trivial
+to fix because there is no need to change the value. Only main thread
+needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new
+Block before the worker thread is activated.
+
+Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.")
+Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Thanks-to: Sam James <sam@gentoo.org>
+(cherry picked from commit 8188048854e8d11071b8a50d093c74f4c030acc9)
+
+CVE: CVE-2025-31115
+Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/liblzma/common/stream_decoder_mt.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c
+index 259c4c65..6bbbe53b 100644
+--- a/src/liblzma/common/stream_decoder_mt.c
++++ b/src/liblzma/common/stream_decoder_mt.c
+@@ -492,8 +492,6 @@ next_loop_unlocked:
+ if (ret == LZMA_STREAM_END) {
+ // Update memory usage counters.
+ thr->coder->mem_in_use -= thr->in_size;
+- thr->in_size = 0; // thr->in was freed above.
+-
+ thr->coder->mem_in_use -= thr->mem_filters;
+ thr->coder->mem_cached += thr->mem_filters;
+
+@@ -1558,6 +1556,10 @@ stream_decode_mt(void *coder_ptr, const lzma_allocator *allocator,
+ }
+
+ // Return if the input didn't contain the whole Block.
++ //
++ // NOTE: When we updated coder->thr->in_filled a few lines
++ // above, the worker thread might by now have finished its
++ // work and returned itself back to the stack of free threads.
+ if (coder->thr->in_filled < coder->thr->in_size) {
+ assert(*in_pos == in_size);
+ return LZMA_OK;
diff --git a/meta/recipes-extended/xz/xz_5.4.7.bb b/meta/recipes-extended/xz/xz_5.4.7.bb
index 53e5276951..563643d4d9 100644
--- a/meta/recipes-extended/xz/xz_5.4.7.bb
+++ b/meta/recipes-extended/xz/xz_5.4.7.bb
@@ -26,6 +26,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \
SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \
file://run-ptest \
+ file://CVE-2025-31115-01.patch \
+ file://CVE-2025-31115-02.patch \
+ file://CVE-2025-31115-03.patch \
+ file://CVE-2025-31115-04.patch \
"
SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723836e71"
UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 6/8] go: fix CVE-2025-22871
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-04-11 20:33 ` [OE-core][scarthgap 5/8] xz: patch CVE-2025-31115 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 7/8] ghostscript: upgrade 10.04.0 -> 10.05.0 Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 8/8] patch.py: set commituser and commitemail for addNote Steve Sakoman
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2025-22871.patch | 172 ++++++++++++++++++
2 files changed, 173 insertions(+)
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22871.patch
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index df77794506..b154aa3984 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -15,5 +15,6 @@ SRC_URI += "\
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
file://CVE-2025-22870.patch \
+ file://CVE-2025-22871.patch \
"
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go/CVE-2025-22871.patch b/meta/recipes-devtools/go/go/CVE-2025-22871.patch
new file mode 100644
index 0000000000..2750178a42
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-22871.patch
@@ -0,0 +1,172 @@
+From 15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 26 Feb 2025 13:40:00 -0800
+Subject: [PATCH] [release-branch.go1.23] net/http: reject newlines in
+ chunk-size lines
+
+Unlike request headers, where we are allowed to leniently accept
+a bare LF in place of a CRLF, chunked bodies must always use CRLF
+line terminators. We were already enforcing this for chunk-data lines;
+do so for chunk-size lines as well. Also reject bare CRs anywhere
+other than as part of the CRLF terminator.
+
+Fixes CVE-2025-22871
+Fixes #72010
+For #71988
+
+Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a
+Reviewed-on: https://go-review.googlesource.com/c/go/+/652998
+Reviewed-by: Jonathan Amsterdam <jba@google.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+(cherry picked from commit d31c805535f3fde95646ee4d87636aaaea66847b)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/657216
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931]
+CVE: CVE-2025-22871
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/net/http/internal/chunked.go | 19 +++++++++--
+ src/net/http/internal/chunked_test.go | 27 +++++++++++++++
+ src/net/http/serve_test.go | 49 +++++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 3 deletions(-)
+
+diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go
+index 196b5d8..0b08a97 100644
+--- a/src/net/http/internal/chunked.go
++++ b/src/net/http/internal/chunked.go
+@@ -164,6 +164,19 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) {
+ }
+ return nil, err
+ }
++
++ // RFC 9112 permits parsers to accept a bare \n as a line ending in headers,
++ // but not in chunked encoding lines. See https://www.rfc-editor.org/errata/eid7633,
++ // which explicitly rejects a clarification permitting \n as a chunk terminator.
++ //
++ // Verify that the line ends in a CRLF, and that no CRs appear before the end.
++ if idx := bytes.IndexByte(p, '\r'); idx == -1 {
++ return nil, errors.New("chunked line ends with bare LF")
++ } else if idx != len(p)-2 {
++ return nil, errors.New("invalid CR in chunked line")
++ }
++ p = p[:len(p)-2] // trim CRLF
++
+ if len(p) >= maxLineLength {
+ return nil, ErrLineTooLong
+ }
+@@ -171,14 +184,14 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) {
+ }
+
+ func trimTrailingWhitespace(b []byte) []byte {
+- for len(b) > 0 && isASCIISpace(b[len(b)-1]) {
++ for len(b) > 0 && isOWS(b[len(b)-1]) {
+ b = b[:len(b)-1]
+ }
+ return b
+ }
+
+-func isASCIISpace(b byte) bool {
+- return b == ' ' || b == '\t' || b == '\n' || b == '\r'
++func isOWS(b byte) bool {
++ return b == ' ' || b == '\t'
+ }
+
+ var semi = []byte(";")
+diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go
+index af79711..312f173 100644
+--- a/src/net/http/internal/chunked_test.go
++++ b/src/net/http/internal/chunked_test.go
+@@ -280,6 +280,33 @@ func TestChunkReaderByteAtATime(t *testing.T) {
+ }
+ }
+
++func TestChunkInvalidInputs(t *testing.T) {
++ for _, test := range []struct {
++ name string
++ b string
++ }{{
++ name: "bare LF in chunk size",
++ b: "1\na\r\n0\r\n",
++ }, {
++ name: "extra LF in chunk size",
++ b: "1\r\r\na\r\n0\r\n",
++ }, {
++ name: "bare LF in chunk data",
++ b: "1\r\na\n0\r\n",
++ }, {
++ name: "bare LF in chunk extension",
++ b: "1;\na\r\n0\r\n",
++ }} {
++ t.Run(test.name, func(t *testing.T) {
++ r := NewChunkedReader(strings.NewReader(test.b))
++ got, err := io.ReadAll(r)
++ if err == nil {
++ t.Fatalf("unexpectedly parsed invalid chunked data:\n%q", got)
++ }
++ })
++ }
++}
++
+ type funcReader struct {
+ f func(iteration int) ([]byte, error)
+ i int
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 0c76f1b..0e8af02 100644
+--- a/src/net/http/serve_test.go
++++ b/src/net/http/serve_test.go
+@@ -6980,3 +6980,52 @@ func testDisableContentLength(t *testing.T, mode testMode) {
+ t.Fatal(err)
+ }
+ }
++
++func TestInvalidChunkedBodies(t *testing.T) {
++ for _, test := range []struct {
++ name string
++ b string
++ }{{
++ name: "bare LF in chunk size",
++ b: "1\na\r\n0\r\n\r\n",
++ }, {
++ name: "bare LF at body end",
++ b: "1\r\na\r\n0\r\n\n",
++ }} {
++ t.Run(test.name, func(t *testing.T) {
++ reqc := make(chan error)
++ ts := newClientServerTest(t, http1Mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++ got, err := io.ReadAll(r.Body)
++ if err == nil {
++ t.Logf("read body: %q", got)
++ }
++ reqc <- err
++ })).ts
++
++ serverURL, err := url.Parse(ts.URL)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ conn, err := net.Dial("tcp", serverURL.Host)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ if _, err := conn.Write([]byte(
++ "POST / HTTP/1.1\r\n" +
++ "Host: localhost\r\n" +
++ "Transfer-Encoding: chunked\r\n" +
++ "Connection: close\r\n" +
++ "\r\n" +
++ test.b)); err != nil {
++ t.Fatal(err)
++ }
++ conn.(*net.TCPConn).CloseWrite()
++
++ if err := <-reqc; err == nil {
++ t.Errorf("server handler: io.ReadAll(r.Body) succeeded, want error")
++ }
++ })
++ }
++}
+--
+2.25.1
+
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 7/8] ghostscript: upgrade 10.04.0 -> 10.05.0
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-04-11 20:33 ` [OE-core][scarthgap 6/8] go: fix CVE-2025-22871 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
2025-04-11 20:33 ` [OE-core][scarthgap 8/8] patch.py: set commituser and commitemail for addNote Steve Sakoman
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
This upgrade addresses CVEs:
CVE-2025-27835 CVE-2025-27832
CVE-2025-27831 CVE-2025-27836
CVE-2025-27830 CVE-2025-27833
CVE-2025-27833 CVE-2025-27834
Changelog:
https://ghostscript.readthedocs.io/en/gs10.05.0/News.html
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{ghostscript_10.04.0.bb => ghostscript_10.05.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/ghostscript/{ghostscript_10.04.0.bb => ghostscript_10.05.0.bb} (97%)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb
similarity index 97%
rename from meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb
rename to meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb
index 546d734333..1d05945c30 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb
@@ -27,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://avoid-host-contamination.patch \
"
-SRC_URI[sha256sum] = "c764dfbb7b13fc71a7a05c634e014f9bb1fb83b899fe39efc0b6c3522a9998b1"
+SRC_URI[sha256sum] = "56e77833de683825c420d0af8cb90aa8ba7da71ea6fb5624290cbc1b53fe7942"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][scarthgap 8/8] patch.py: set commituser and commitemail for addNote
2025-04-11 20:33 [OE-core][scarthgap 0/8] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-04-11 20:33 ` [OE-core][scarthgap 7/8] ghostscript: upgrade 10.04.0 -> 10.05.0 Steve Sakoman
@ 2025-04-11 20:33 ` Steve Sakoman
7 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2025-04-11 20:33 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
When PATCHTOOL is set to 'git', and user don't setup
user.name and user.email for git, do_patch fail with
the following error, fix by passing -c options.
CmdError("git notes --ref refs/notes/devtool append -m 'original patch: 0001-PATCH-increase-to-cpp17-version.patch' HEAD", 0, 'stdout:
stderr: Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/patch.py | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 60a0cc8291..417333e431 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -462,21 +462,23 @@ class GitApplyTree(PatchTree):
return (tmpfile, cmd)
@staticmethod
- def addNote(repo, ref, key, value=None):
+ def addNote(repo, ref, key, value=None, commituser=None, commitemail=None):
note = key + (": %s" % value if value else "")
notes_ref = GitApplyTree.notes_ref
runcmd(["git", "config", "notes.rewriteMode", "ignore"], repo)
runcmd(["git", "config", "notes.displayRef", notes_ref, notes_ref], repo)
runcmd(["git", "config", "notes.rewriteRef", notes_ref, notes_ref], repo)
- runcmd(["git", "notes", "--ref", notes_ref, "append", "-m", note, ref], repo)
+ cmd = ["git"]
+ GitApplyTree.gitCommandUserOptions(cmd, commituser, commitemail)
+ runcmd(cmd + ["notes", "--ref", notes_ref, "append", "-m", note, ref], repo)
@staticmethod
- def removeNote(repo, ref, key):
+ def removeNote(repo, ref, key, commituser=None, commitemail=None):
notes = GitApplyTree.getNotes(repo, ref)
notes = {k: v for k, v in notes.items() if k != key and not k.startswith(key + ":")}
runcmd(["git", "notes", "--ref", GitApplyTree.notes_ref, "remove", "--ignore-missing", ref], repo)
for note, value in notes.items():
- GitApplyTree.addNote(repo, ref, note, value)
+ GitApplyTree.addNote(repo, ref, note, value, commituser, commitemail)
@staticmethod
def getNotes(repo, ref):
@@ -507,7 +509,7 @@ class GitApplyTree(PatchTree):
GitApplyTree.gitCommandUserOptions(cmd, d=d)
cmd += ["commit", "-m", subject, "--no-verify"]
runcmd(cmd, dir)
- GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit)
+ GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit, d.getVar('PATCH_GIT_USER_NAME'), d.getVar('PATCH_GIT_USER_EMAIL'))
@staticmethod
def extractPatches(tree, startcommits, outdir, paths=None):
@@ -654,7 +656,7 @@ class GitApplyTree(PatchTree):
raise
finally:
if patch_applied:
- GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file']))
+ GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file']), self.commituser, self.commitemail)
class QuiltTree(PatchSet):
--
2.43.0
^ permalink raw reply related [flat|nested] 16+ messages in thread