* [OE-core][kirkstone 00/27] Patch review
@ 2022-04-20 14:07 Steve Sakoman
0 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-04-20 14:07 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
The following changes since commit d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
webkitgtk: adjust patch status
Davide Gardenal (1):
create-spdx: fix error when symlink cannot be created
Ferry Toth (2):
apt: add apt selftest to test signed package feeds
package_manager: fix missing dependency on gnupg when signing deb
package feeds
Jon Mason (1):
qemuarm64: use virtio pci interfaces
Kai Kang (1):
update_udev_hwdb: fix multilib issue with systemd
Khem Raj (5):
babeltrace: Disable warnings as errors
xserver-xorg: Fix build with gcc12
systemtap: Fix build with gcc-12
gnupg: Disable FORTIFY_SOURCES on mips
mdadm: Drop clang specific cflags
Konrad Weihmann (2):
git: correct license
ncurses: use COPYING file
Martin Jansa (1):
systemd-boot: remove outdated EFI_LD comment
Paulo Neves (1):
selftest/lic_checksum: Add test for filename containing space
Peter Kjellerstedt (2):
u-boot: Correct the SRC_URI
u-boot: Inherit pkgconfig
Richard Purdie (1):
buildtools-tarball: Only add cert envvars if certs are included
Ross Burton (1):
zlib: upgrade to 1.2.12
wangmy (5):
linux-firmware: upgrade 20220310 -> 20220411
libsoup: upgrade 3.0.5 -> 3.0.6
apt: upgrade 2.4.3 -> 2.4.4
libusb1: upgrade 1.0.25 -> 1.0.26
libgit2: upgrade 1.4.2 -> 1.4.3
zhengruoqin (3):
wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
git: upgrade 2.35.2 -> 2.35.3
ruby: upgrade 3.1.1 -> 3.1.2
meta/classes/create-spdx.bbclass | 10 +-
meta/classes/sign_package_feed.bbclass | 1 +
meta/conf/machine/qemuarm64.conf | 8 +-
meta/lib/oeqa/runtime/cases/apt.py | 38 +-
meta/lib/oeqa/selftest/cases/lic_checksum.py | 18 +
meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++
meta/recipes-bsp/u-boot/u-boot-common.inc | 6 +-
meta/recipes-core/meta/buildtools-tarball.bb | 6 +-
meta/recipes-core/ncurses/ncurses.inc | 2 +-
.../systemd/systemd-boot_250.4.bb | 1 -
meta/recipes-core/systemd/systemd_250.4.bb | 5 -
meta/recipes-core/udev/eudev_3.2.10.bb | 4 -
...configure-Pass-LDFLAGS-to-link-tests.patch | 25 +-
.../zlib/zlib/CVE-2018-25032.patch | 347 ------------------
meta/recipes-core/zlib/zlib/cc.patch | 27 ++
.../zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} | 7 +-
.../apt/{apt_2.4.3.bb => apt_2.4.4.bb} | 2 +-
.../git/{git_2.35.2.bb => git_2.35.3.bb} | 15 +-
.../ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 -
.../0001-render-Fix-build-with-gcc-12.patch | 90 +++++
.../xorg-xserver/xserver-xorg_21.1.3.bb | 1 +
...20220310.bb => linux-firmware_20220411.bb} | 4 +-
.../recipes-kernel/lttng/babeltrace2_2.0.4.bb | 2 +-
...ility-re-tweak-for-rhel6-use-functio.patch | 49 +++
.../recipes-kernel/systemtap/systemtap_git.bb | 3 +-
....02.18.bb => wireless-regdb_2022.04.08.bb} | 2 +-
...spection.cmake-prefix-variables-obta.patch | 5 +-
meta/recipes-support/gnupg/gnupg_2.3.4.bb | 3 +
.../{libgit2_1.4.2.bb => libgit2_1.4.3.bb} | 2 +-
.../{libsoup_3.0.5.bb => libsoup_3.0.6.bb} | 2 +-
.../{libusb1_1.0.25.bb => libusb1_1.0.26.bb} | 2 +-
scripts/postinst-intercepts/update_udev_hwdb | 5 +-
33 files changed, 322 insertions(+), 412 deletions(-)
delete mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
create mode 100644 meta/recipes-core/zlib/zlib/cc.patch
rename meta/recipes-core/zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} (83%)
rename meta/recipes-devtools/apt/{apt_2.4.3.bb => apt_2.4.4.bb} (97%)
rename meta/recipes-devtools/git/{git_2.35.2.bb => git_2.35.3.bb} (86%)
rename meta/recipes-devtools/ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} (97%)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-render-Fix-build-with-gcc-12.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220310.bb => linux-firmware_20220411.bb} (99%)
create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.02.18.bb => wireless-regdb_2022.04.08.bb} (94%)
rename meta/recipes-support/libgit2/{libgit2_1.4.2.bb => libgit2_1.4.3.bb} (91%)
rename meta/recipes-support/libsoup/{libsoup_3.0.5.bb => libsoup_3.0.6.bb} (94%)
rename meta/recipes-support/libusb/{libusb1_1.0.25.bb => libusb1_1.0.26.bb} (94%)
--
2.25.1
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [OE-core][kirkstone 00/27] Patch review
[not found] <16E7A00050A35F84.23874@lists.openembedded.org>
@ 2022-04-20 14:53 ` Steve Sakoman
2022-04-20 15:05 ` Khem Raj
2022-04-21 5:14 ` Randy MacLeod
0 siblings, 2 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-04-20 14:53 UTC (permalink / raw)
To: steve; +Cc: openembedded-core
On Wed, Apr 20, 2022 at 4:08 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> Please review this set of patches for kirkstone and have comments back by
> end of day Friday.
I'd particularly like feedback on the security/bug fix version updates
at the end of this series.
In the past I took these only on request.
Would people like me to be more proactive on this type of upgrade
(such as this series), or should I continue to take them only on
request?
Steve
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
>
> The following changes since commit d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
>
> lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>
> Alexander Kanavin (1):
> webkitgtk: adjust patch status
>
> Davide Gardenal (1):
> create-spdx: fix error when symlink cannot be created
>
> Ferry Toth (2):
> apt: add apt selftest to test signed package feeds
> package_manager: fix missing dependency on gnupg when signing deb
> package feeds
>
> Jon Mason (1):
> qemuarm64: use virtio pci interfaces
>
> Kai Kang (1):
> update_udev_hwdb: fix multilib issue with systemd
>
> Khem Raj (5):
> babeltrace: Disable warnings as errors
> xserver-xorg: Fix build with gcc12
> systemtap: Fix build with gcc-12
> gnupg: Disable FORTIFY_SOURCES on mips
> mdadm: Drop clang specific cflags
>
> Konrad Weihmann (2):
> git: correct license
> ncurses: use COPYING file
>
> Martin Jansa (1):
> systemd-boot: remove outdated EFI_LD comment
>
> Paulo Neves (1):
> selftest/lic_checksum: Add test for filename containing space
>
> Peter Kjellerstedt (2):
> u-boot: Correct the SRC_URI
> u-boot: Inherit pkgconfig
>
> Richard Purdie (1):
> buildtools-tarball: Only add cert envvars if certs are included
>
> Ross Burton (1):
> zlib: upgrade to 1.2.12
>
> wangmy (5):
> linux-firmware: upgrade 20220310 -> 20220411
> libsoup: upgrade 3.0.5 -> 3.0.6
> apt: upgrade 2.4.3 -> 2.4.4
> libusb1: upgrade 1.0.25 -> 1.0.26
> libgit2: upgrade 1.4.2 -> 1.4.3
>
> zhengruoqin (3):
> wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
> git: upgrade 2.35.2 -> 2.35.3
> ruby: upgrade 3.1.1 -> 3.1.2
>
> meta/classes/create-spdx.bbclass | 10 +-
> meta/classes/sign_package_feed.bbclass | 1 +
> meta/conf/machine/qemuarm64.conf | 8 +-
> meta/lib/oeqa/runtime/cases/apt.py | 38 +-
> meta/lib/oeqa/selftest/cases/lic_checksum.py | 18 +
> meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++
> meta/recipes-bsp/u-boot/u-boot-common.inc | 6 +-
> meta/recipes-core/meta/buildtools-tarball.bb | 6 +-
> meta/recipes-core/ncurses/ncurses.inc | 2 +-
> .../systemd/systemd-boot_250.4.bb | 1 -
> meta/recipes-core/systemd/systemd_250.4.bb | 5 -
> meta/recipes-core/udev/eudev_3.2.10.bb | 4 -
> ...configure-Pass-LDFLAGS-to-link-tests.patch | 25 +-
> .../zlib/zlib/CVE-2018-25032.patch | 347 ------------------
> meta/recipes-core/zlib/zlib/cc.patch | 27 ++
> .../zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} | 7 +-
> .../apt/{apt_2.4.3.bb => apt_2.4.4.bb} | 2 +-
> .../git/{git_2.35.2.bb => git_2.35.3.bb} | 15 +-
> .../ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} | 2 +-
> meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 -
> .../0001-render-Fix-build-with-gcc-12.patch | 90 +++++
> .../xorg-xserver/xserver-xorg_21.1.3.bb | 1 +
> ...20220310.bb => linux-firmware_20220411.bb} | 4 +-
> .../recipes-kernel/lttng/babeltrace2_2.0.4.bb | 2 +-
> ...ility-re-tweak-for-rhel6-use-functio.patch | 49 +++
> .../recipes-kernel/systemtap/systemtap_git.bb | 3 +-
> ....02.18.bb => wireless-regdb_2022.04.08.bb} | 2 +-
> ...spection.cmake-prefix-variables-obta.patch | 5 +-
> meta/recipes-support/gnupg/gnupg_2.3.4.bb | 3 +
> .../{libgit2_1.4.2.bb => libgit2_1.4.3.bb} | 2 +-
> .../{libsoup_3.0.5.bb => libsoup_3.0.6.bb} | 2 +-
> .../{libusb1_1.0.25.bb => libusb1_1.0.26.bb} | 2 +-
> scripts/postinst-intercepts/update_udev_hwdb | 5 +-
> 33 files changed, 322 insertions(+), 412 deletions(-)
> delete mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
> create mode 100644 meta/recipes-core/zlib/zlib/cc.patch
> rename meta/recipes-core/zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} (83%)
> rename meta/recipes-devtools/apt/{apt_2.4.3.bb => apt_2.4.4.bb} (97%)
> rename meta/recipes-devtools/git/{git_2.35.2.bb => git_2.35.3.bb} (86%)
> rename meta/recipes-devtools/ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} (97%)
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-render-Fix-build-with-gcc-12.patch
> rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220310.bb => linux-firmware_20220411.bb} (99%)
> create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch
> rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.02.18.bb => wireless-regdb_2022.04.08.bb} (94%)
> rename meta/recipes-support/libgit2/{libgit2_1.4.2.bb => libgit2_1.4.3.bb} (91%)
> rename meta/recipes-support/libsoup/{libsoup_3.0.5.bb => libsoup_3.0.6.bb} (94%)
> rename meta/recipes-support/libusb/{libusb1_1.0.25.bb => libusb1_1.0.26.bb} (94%)
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164668): https://lists.openembedded.org/g/openembedded-core/message/164668
> Mute This Topic: https://lists.openembedded.org/mt/90584508/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [OE-core][kirkstone 00/27] Patch review
2022-04-20 14:53 ` Steve Sakoman
@ 2022-04-20 15:05 ` Khem Raj
2022-04-21 5:14 ` Randy MacLeod
1 sibling, 0 replies; 37+ messages in thread
From: Khem Raj @ 2022-04-20 15:05 UTC (permalink / raw)
To: Steve Sakoman; +Cc: Patches and discussions about the oe-core layer
On Wed, Apr 20, 2022 at 7:54 AM Steve Sakoman <steve@sakoman.com> wrote:
>
> On Wed, Apr 20, 2022 at 4:08 AM Steve Sakoman via
> lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
> wrote:
> >
> > Please review this set of patches for kirkstone and have comments back by
> > end of day Friday.
>
> I'd particularly like feedback on the security/bug fix version updates
> at the end of this series.
>
> In the past I took these only on request.
>
> Would people like me to be more proactive on this type of upgrade
> (such as this series), or should I continue to take them only on
> request?
I think being proactive would be fine
>
> Steve
>
> >
> > Passed a-full on autobuilder:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
> >
> > The following changes since commit d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
> >
> > lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
> >
> > are available in the Git repository at:
> >
> > git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
> > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
> >
> > Alexander Kanavin (1):
> > webkitgtk: adjust patch status
> >
> > Davide Gardenal (1):
> > create-spdx: fix error when symlink cannot be created
> >
> > Ferry Toth (2):
> > apt: add apt selftest to test signed package feeds
> > package_manager: fix missing dependency on gnupg when signing deb
> > package feeds
> >
> > Jon Mason (1):
> > qemuarm64: use virtio pci interfaces
> >
> > Kai Kang (1):
> > update_udev_hwdb: fix multilib issue with systemd
> >
> > Khem Raj (5):
> > babeltrace: Disable warnings as errors
> > xserver-xorg: Fix build with gcc12
> > systemtap: Fix build with gcc-12
> > gnupg: Disable FORTIFY_SOURCES on mips
> > mdadm: Drop clang specific cflags
> >
> > Konrad Weihmann (2):
> > git: correct license
> > ncurses: use COPYING file
> >
> > Martin Jansa (1):
> > systemd-boot: remove outdated EFI_LD comment
> >
> > Paulo Neves (1):
> > selftest/lic_checksum: Add test for filename containing space
> >
> > Peter Kjellerstedt (2):
> > u-boot: Correct the SRC_URI
> > u-boot: Inherit pkgconfig
> >
> > Richard Purdie (1):
> > buildtools-tarball: Only add cert envvars if certs are included
> >
> > Ross Burton (1):
> > zlib: upgrade to 1.2.12
> >
> > wangmy (5):
> > linux-firmware: upgrade 20220310 -> 20220411
> > libsoup: upgrade 3.0.5 -> 3.0.6
> > apt: upgrade 2.4.3 -> 2.4.4
> > libusb1: upgrade 1.0.25 -> 1.0.26
> > libgit2: upgrade 1.4.2 -> 1.4.3
> >
> > zhengruoqin (3):
> > wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
> > git: upgrade 2.35.2 -> 2.35.3
> > ruby: upgrade 3.1.1 -> 3.1.2
> >
> > meta/classes/create-spdx.bbclass | 10 +-
> > meta/classes/sign_package_feed.bbclass | 1 +
> > meta/conf/machine/qemuarm64.conf | 8 +-
> > meta/lib/oeqa/runtime/cases/apt.py | 38 +-
> > meta/lib/oeqa/selftest/cases/lic_checksum.py | 18 +
> > meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++
> > meta/recipes-bsp/u-boot/u-boot-common.inc | 6 +-
> > meta/recipes-core/meta/buildtools-tarball.bb | 6 +-
> > meta/recipes-core/ncurses/ncurses.inc | 2 +-
> > .../systemd/systemd-boot_250.4.bb | 1 -
> > meta/recipes-core/systemd/systemd_250.4.bb | 5 -
> > meta/recipes-core/udev/eudev_3.2.10.bb | 4 -
> > ...configure-Pass-LDFLAGS-to-link-tests.patch | 25 +-
> > .../zlib/zlib/CVE-2018-25032.patch | 347 ------------------
> > meta/recipes-core/zlib/zlib/cc.patch | 27 ++
> > .../zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} | 7 +-
> > .../apt/{apt_2.4.3.bb => apt_2.4.4.bb} | 2 +-
> > .../git/{git_2.35.2.bb => git_2.35.3.bb} | 15 +-
> > .../ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} | 2 +-
> > meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 -
> > .../0001-render-Fix-build-with-gcc-12.patch | 90 +++++
> > .../xorg-xserver/xserver-xorg_21.1.3.bb | 1 +
> > ...20220310.bb => linux-firmware_20220411.bb} | 4 +-
> > .../recipes-kernel/lttng/babeltrace2_2.0.4.bb | 2 +-
> > ...ility-re-tweak-for-rhel6-use-functio.patch | 49 +++
> > .../recipes-kernel/systemtap/systemtap_git.bb | 3 +-
> > ....02.18.bb => wireless-regdb_2022.04.08.bb} | 2 +-
> > ...spection.cmake-prefix-variables-obta.patch | 5 +-
> > meta/recipes-support/gnupg/gnupg_2.3.4.bb | 3 +
> > .../{libgit2_1.4.2.bb => libgit2_1.4.3.bb} | 2 +-
> > .../{libsoup_3.0.5.bb => libsoup_3.0.6.bb} | 2 +-
> > .../{libusb1_1.0.25.bb => libusb1_1.0.26.bb} | 2 +-
> > scripts/postinst-intercepts/update_udev_hwdb | 5 +-
> > 33 files changed, 322 insertions(+), 412 deletions(-)
> > delete mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
> > create mode 100644 meta/recipes-core/zlib/zlib/cc.patch
> > rename meta/recipes-core/zlib/{zlib_1.2.11.bb => zlib_1.2.12.bb} (83%)
> > rename meta/recipes-devtools/apt/{apt_2.4.3.bb => apt_2.4.4.bb} (97%)
> > rename meta/recipes-devtools/git/{git_2.35.2.bb => git_2.35.3.bb} (86%)
> > rename meta/recipes-devtools/ruby/{ruby_3.1.1.bb => ruby_3.1.2.bb} (97%)
> > create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-render-Fix-build-with-gcc-12.patch
> > rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220310.bb => linux-firmware_20220411.bb} (99%)
> > create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch
> > rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.02.18.bb => wireless-regdb_2022.04.08.bb} (94%)
> > rename meta/recipes-support/libgit2/{libgit2_1.4.2.bb => libgit2_1.4.3.bb} (91%)
> > rename meta/recipes-support/libsoup/{libsoup_3.0.5.bb => libsoup_3.0.6.bb} (94%)
> > rename meta/recipes-support/libusb/{libusb1_1.0.25.bb => libusb1_1.0.26.bb} (94%)
> >
> > --
> > 2.25.1
> >
> >
> >
> >
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164699): https://lists.openembedded.org/g/openembedded-core/message/164699
> Mute This Topic: https://lists.openembedded.org/mt/90584508/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [OE-core][kirkstone 00/27] Patch review
2022-04-20 14:53 ` Steve Sakoman
2022-04-20 15:05 ` Khem Raj
@ 2022-04-21 5:14 ` Randy MacLeod
2022-04-21 14:00 ` Steve Sakoman
1 sibling, 1 reply; 37+ messages in thread
From: Randy MacLeod @ 2022-04-21 5:14 UTC (permalink / raw)
To: Steve Sakoman; +Cc: Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 3203 bytes --]
On Wed., Apr. 20, 2022, 10:54 Steve Sakoman, <steve@sakoman.com> wrote:
> On Wed, Apr 20, 2022 at 4:08 AM Steve Sakoman via
> lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
> wrote:
> >
> > Please review this set of patches for kirkstone and have comments back by
> > end of day Friday.
>
> I'd particularly like feedback on the security/bug fix version updates
> at the end of this series.
>
> In the past I took these only on request.
>
> Would people like me to be more proactive on this type of upgrade
> (such as this series), or should I continue to take them only on
> request?
>
Proactive but reasonably cautious. ;-)
Some comments below.
> Steve
>
> >
> > Passed a-full on autobuilder:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
> >
> > The following changes since commit
> d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
> >
> > lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
> >
> > are available in the Git repository at:
> >
> > git://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-nut
> >
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
> >
> > Alexander Kanavin (1):
> > webkitgtk: adjust patch status
> >
> > Davide Gardenal (1):
> > create-spdx: fix error when symlink cannot be created
> >
> > Ferry Toth (2):
> > apt: add apt selftest to test signed package feeds
> > package_manager: fix missing dependency on gnupg when signing deb
> > package feeds
> >
> > Jon Mason (1):
> > qemuarm64: use virtio pci interfaces
> >
> > Kai Kang (1):
> > update_udev_hwdb: fix multilib issue with systemd
> >
> > Khem Raj (5):
> > babeltrace: Disable warnings as errors
> > xserver-xorg: Fix build with gcc12
> > systemtap: Fix build with gcc-12
> > gnupg: Disable FORTIFY_SOURCES on mips
> > mdadm: Drop clang specific cflags
> >
> > Konrad Weihmann (2):
> > git: correct license
> > ncurses: use COPYING file
> >
> > Martin Jansa (1):
> > systemd-boot: remove outdated EFI_LD comment
> >
> > Paulo Neves (1):
> > selftest/lic_checksum: Add test for filename containing space
> >
> > Peter Kjellerstedt (2):
> > u-boot: Correct the SRC_URI
> > u-boot: Inherit pkgconfig
> >
> > Richard Purdie (1):
> > buildtools-tarball: Only add cert envvars if certs are included
> >
> > Ross Burton (1):
> > zlib: upgrade to 1.2.12
> >
> > wangmy (5):
> > linux-firmware: upgrade 20220310 -> 20220411
>
It's firmware so it should be fine but I don't know much about such things.
Have firmware updates ever broken older kernels?
Certainly there could be performance degradation. I guess it's a release
note item for others to worry about.
> libsoup: upgrade 3.0.5 -> 3.0.6
> > apt: upgrade 2.4.3 -> 2.4.4
> > libusb1: upgrade 1.0.25 -> 1.0.26
> > libgit2: upgrade 1.4.2 -> 1.4.3
> >
> > zhengruoqin (3):
> > wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
> > git: upgrade 2.35.2 -> 2.35.3
> > ruby: upgrade 3.1.1 -> 3.1.2
>
These all seem like bug fix only updates.
Are you assuming that third number updates don't change API/ABI or looking
at commit summaries, git logs, or using a tool?
Thanks Steve.
Randy
>< snip ><
[-- Attachment #2: Type: text/html, Size: 5639 bytes --]
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [OE-core][kirkstone 00/27] Patch review
2022-04-21 5:14 ` Randy MacLeod
@ 2022-04-21 14:00 ` Steve Sakoman
2022-04-21 14:27 ` Randy MacLeod
0 siblings, 1 reply; 37+ messages in thread
From: Steve Sakoman @ 2022-04-21 14:00 UTC (permalink / raw)
To: Randy MacLeod; +Cc: Patches and discussions about the oe-core layer
On Wed, Apr 20, 2022 at 7:14 PM Randy MacLeod <rwmacleod@gmail.com> wrote:
>
>
>
> On Wed., Apr. 20, 2022, 10:54 Steve Sakoman, <steve@sakoman.com> wrote:
>>
>> On Wed, Apr 20, 2022 at 4:08 AM Steve Sakoman via
>> lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
>> wrote:
>> >
>> > Please review this set of patches for kirkstone and have comments back by
>> > end of day Friday.
>>
>> I'd particularly like feedback on the security/bug fix version updates
>> at the end of this series.
>>
>> In the past I took these only on request.
>>
>> Would people like me to be more proactive on this type of upgrade
>> (such as this series), or should I continue to take them only on
>> request?
>
>
> Proactive but reasonably cautious. ;-)
That's my feeling too.
>> > Passed a-full on autobuilder:
>> >
>> > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
>> >
>> > The following changes since commit d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
>> >
>> > lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
>> >
>> > are available in the Git repository at:
>> >
>> > git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
>> > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>> >
>> > Alexander Kanavin (1):
>> > webkitgtk: adjust patch status
>> >
>> > Davide Gardenal (1):
>> > create-spdx: fix error when symlink cannot be created
>> >
>> > Ferry Toth (2):
>> > apt: add apt selftest to test signed package feeds
>> > package_manager: fix missing dependency on gnupg when signing deb
>> > package feeds
>> >
>> > Jon Mason (1):
>> > qemuarm64: use virtio pci interfaces
>> >
>> > Kai Kang (1):
>> > update_udev_hwdb: fix multilib issue with systemd
>> >
>> > Khem Raj (5):
>> > babeltrace: Disable warnings as errors
>> > xserver-xorg: Fix build with gcc12
>> > systemtap: Fix build with gcc-12
>> > gnupg: Disable FORTIFY_SOURCES on mips
>> > mdadm: Drop clang specific cflags
>> >
>> > Konrad Weihmann (2):
>> > git: correct license
>> > ncurses: use COPYING file
>> >
>> > Martin Jansa (1):
>> > systemd-boot: remove outdated EFI_LD comment
>> >
>> > Paulo Neves (1):
>> > selftest/lic_checksum: Add test for filename containing space
>> >
>> > Peter Kjellerstedt (2):
>> > u-boot: Correct the SRC_URI
>> > u-boot: Inherit pkgconfig
>> >
>> > Richard Purdie (1):
>> > buildtools-tarball: Only add cert envvars if certs are included
>> >
>> > Ross Burton (1):
>> > zlib: upgrade to 1.2.12
>> >
>> > wangmy (5):
>> > linux-firmware: upgrade 20220310 -> 20220411
>
>
>
> It's firmware so it should be fine but I don't know much about such things. Have firmware updates ever broken older kernels?
> Certainly there could be performance degradation. I guess it's a release note item for others to worry about.
I've been doing these regularly for dunfell and it hasn't been an
issue in the past two years.
>> > libsoup: upgrade 3.0.5 -> 3.0.6
>> > apt: upgrade 2.4.3 -> 2.4.4
>> > libusb1: upgrade 1.0.25 -> 1.0.26
>> > libgit2: upgrade 1.4.2 -> 1.4.3
>> >
>> > zhengruoqin (3):
>> > wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
>> > git: upgrade 2.35.2 -> 2.35.3
>> > ruby: upgrade 3.1.1 -> 3.1.2
>
>
> These all seem like bug fix only updates.
> Are you assuming that third number updates don't change API/ABI or looking at commit summaries, git logs, or using a tool?
Yes, my criteria for including is that they are bug/security only updates.
I don't assume anything from the version number, I review the release
notes (if any) and the git logs. In many cases the version updates in
master don't include this info in the commit message. In that case I
add either the release notes or the git log to the commit message when
cherry-picking from master.
So it is a time consuming manual process :-)
BTW, those who include release notes or commit logs in their version
bumps get smiles and brownie points from me!
Steve
^ permalink raw reply [flat|nested] 37+ messages in thread
* Re: [OE-core][kirkstone 00/27] Patch review
2022-04-21 14:00 ` Steve Sakoman
@ 2022-04-21 14:27 ` Randy MacLeod
0 siblings, 0 replies; 37+ messages in thread
From: Randy MacLeod @ 2022-04-21 14:27 UTC (permalink / raw)
To: Steve Sakoman, Randy MacLeod
Cc: Patches and discussions about the oe-core layer
On 2022-04-21 10:00, Steve Sakoman wrote:
> On Wed, Apr 20, 2022 at 7:14 PM Randy MacLeod <rwmacleod@gmail.com> wrote:
>>
>> On Wed., Apr. 20, 2022, 10:54 Steve Sakoman, <steve@sakoman.com> wrote:
>>> On Wed, Apr 20, 2022 at 4:08 AM Steve Sakoman via
>>> lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
>>> wrote:
>>>> Please review this set of patches for kirkstone and have comments back by
>>>> end of day Friday.
>>> I'd particularly like feedback on the security/bug fix version updates
>>> at the end of this series.
>>>
>>> In the past I took these only on request.
>>>
>>> Would people like me to be more proactive on this type of upgrade
>>> (such as this series), or should I continue to take them only on
>>> request?
>> Proactive but reasonably cautious. ;-)
> That's my feeling too.
>
>>>> Passed a-full on autobuilder:
>>>>
>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3547
>>>>
>>>> The following changes since commit d2ba3b8850d461bc7b773240cdf15b22b31a3f9e:
>>>>
>>>> lua: fix CVE-2022-28805 (2022-04-19 14:02:08 +0100)
>>>>
>>>> are available in the Git repository at:
>>>>
>>>> git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
>>>> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>>>>
>>>> Alexander Kanavin (1):
>>>> webkitgtk: adjust patch status
>>>>
>>>> Davide Gardenal (1):
>>>> create-spdx: fix error when symlink cannot be created
>>>>
>>>> Ferry Toth (2):
>>>> apt: add apt selftest to test signed package feeds
>>>> package_manager: fix missing dependency on gnupg when signing deb
>>>> package feeds
>>>>
>>>> Jon Mason (1):
>>>> qemuarm64: use virtio pci interfaces
>>>>
>>>> Kai Kang (1):
>>>> update_udev_hwdb: fix multilib issue with systemd
>>>>
>>>> Khem Raj (5):
>>>> babeltrace: Disable warnings as errors
>>>> xserver-xorg: Fix build with gcc12
>>>> systemtap: Fix build with gcc-12
>>>> gnupg: Disable FORTIFY_SOURCES on mips
>>>> mdadm: Drop clang specific cflags
>>>>
>>>> Konrad Weihmann (2):
>>>> git: correct license
>>>> ncurses: use COPYING file
>>>>
>>>> Martin Jansa (1):
>>>> systemd-boot: remove outdated EFI_LD comment
>>>>
>>>> Paulo Neves (1):
>>>> selftest/lic_checksum: Add test for filename containing space
>>>>
>>>> Peter Kjellerstedt (2):
>>>> u-boot: Correct the SRC_URI
>>>> u-boot: Inherit pkgconfig
>>>>
>>>> Richard Purdie (1):
>>>> buildtools-tarball: Only add cert envvars if certs are included
>>>>
>>>> Ross Burton (1):
>>>> zlib: upgrade to 1.2.12
>>>>
>>>> wangmy (5):
>>>> linux-firmware: upgrade 20220310 -> 20220411
>>
>> It's firmware so it should be fine but I don't know much about such things. Have firmware updates ever broken older kernels?
>> Certainly there could be performance degradation. I guess it's a release note item for others to worry about.
> I've been doing these regularly for dunfell and it hasn't been an
> issue in the past two years.
As expected but that's good to hear.
>
>>>> libsoup: upgrade 3.0.5 -> 3.0.6
>>>> apt: upgrade 2.4.3 -> 2.4.4
>>>> libusb1: upgrade 1.0.25 -> 1.0.26
>>>> libgit2: upgrade 1.4.2 -> 1.4.3
>>>>
>>>> zhengruoqin (3):
>>>> wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
>>>> git: upgrade 2.35.2 -> 2.35.3
>>>> ruby: upgrade 3.1.1 -> 3.1.2
>> These all seem like bug fix only updates.
>> Are you assuming that third number updates don't change API/ABI or looking at commit summaries, git logs, or using a tool?
> Yes, my criteria for including is that they are bug/security only updates.
>
> I don't assume anything from the version number, I review the release
> notes (if any) and the git logs. In many cases the version updates in
> master don't include this info in the commit message. In that case I
> add either the release notes or the git log to the commit message when
> cherry-picking from master.
That's great. The only better response would be if we could run API/ABI
test.
I'll see if that's something that we can work on for release branches
but no promises
or timeline for that so far.
>
> So it is a time consuming manual process :-)
It is; thanks for the careful work.
>
> BTW, those who include release notes or commit logs in their version
> bumps get smiles and brownie points from me!
+1
../Randy
>
> Steve
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164762): https://lists.openembedded.org/g/openembedded-core/message/164762
> Mute This Topic: https://lists.openembedded.org/mt/90584508/3616765
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 00/27] Patch review
@ 2022-07-14 4:35 Steve Sakoman
0 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2022-07-14 4:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3911
with the exception of an intermittent autobuilder issue on qemumips-alt which
passed on subsequent retest:
https://autobuilder.yoctoproject.org/typhoon/#/builders/102/builds/3279
The following changes since commit 4667abcc925ae0c430cccb480ec530506f6201ae:
dropbear: break dependency on base package for -dev package (2022-07-01 08:35:07 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (6):
openssl: update 3.0.4 -> 3.0.5
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
weston: update 10.0.0 -> 10.0.1
glib-2.0: upgrade 2.72.2 -> 2.72.3
glib-networking: upgrade 2.72.0 -> 2.72.1
libsoup: upgrade 3.0.6 -> 3.0.7
Richard Purdie (2):
qemu: Avoid accidental librdmacm linkage
glibc-tests: Avoid reproducibility issues
Ross Burton (2):
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and
CVE-2022-2058
vim: upgrade to 9.0.0021
Sakib Sajal (1):
u-boot: fix CVE-2022-34835
Steve Sakoman (3):
ruby: add PACKAGECONFIG for capstone
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental libvdeplug linkage
Sundeep KOKKONDA (2):
glibc: stable 2.35 branch updates
binutils : stable 2.38 branch updates
Wentao Zhang (1):
harfbuzz: fix CVE-2022-33068
wangmy (10):
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
...ffer-overflow-vulnerability-in-i2c-m.patch | 126 ++++++++++++
meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 +
.../{openssl_3.0.4.bb => openssl_3.0.5.bb} | 2 +-
.../glib-2.0/glib-2.0/relocate-modules.patch | 2 +-
...{glib-2.0_2.72.2.bb => glib-2.0_2.72.3.bb} | 2 +-
...ng_2.72.0.bb => glib-networking_2.72.1.bb} | 2 +-
meta/recipes-core/glibc/glibc-tests_2.35.bb | 3 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/reproducible-paths.patch | 23 +++
.../binutils/binutils-2.38.inc | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 3 +
meta/recipes-devtools/ruby/ruby_3.1.2.bb | 1 +
.../harfbuzz/harfbuzz/CVE-2022-33068.patch | 35 ++++
.../harfbuzz/harfbuzz_4.0.1.bb | 3 +-
.../{weston_10.0.0.bb => weston_10.0.1.bb} | 4 +-
...tools_1.20.2.bb => gst-devtools_1.20.3.bb} | 2 +-
...1.20.2.bb => gstreamer1.0-libav_1.20.3.bb} | 2 +-
...x_1.20.2.bb => gstreamer1.0-omx_1.20.3.bb} | 2 +-
....bb => gstreamer1.0-plugins-bad_1.20.3.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.20.3.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.20.3.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.20.3.bb} | 2 +-
....20.2.bb => gstreamer1.0-python_1.20.3.bb} | 2 +-
....bb => gstreamer1.0-rtsp-server_1.20.3.bb} | 2 +-
...1.20.2.bb => gstreamer1.0-vaapi_1.20.3.bb} | 2 +-
...er1.0_1.20.2.bb => gstreamer1.0_1.20.3.bb} | 2 +-
...-the-FPE-in-tiffcrop-415-427-and-428.patch | 182 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
.../{libsoup_3.0.6.bb => libsoup_3.0.7.bb} | 2 +-
meta/recipes-support/vim/vim.inc | 4 +-
30 files changed, 399 insertions(+), 23 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.4.bb => openssl_3.0.5.bb} (99%)
rename meta/recipes-core/glib-2.0/{glib-2.0_2.72.2.bb => glib-2.0_2.72.3.bb} (96%)
rename meta/recipes-core/glib-networking/{glib-networking_2.72.0.bb => glib-networking_2.72.1.bb} (93%)
create mode 100644 meta/recipes-core/glibc/glibc/reproducible-paths.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2022-33068.patch
rename meta/recipes-graphics/wayland/{weston_10.0.0.bb => weston_10.0.1.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.2.bb => gst-devtools_1.20.3.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.2.bb => gstreamer1.0-libav_1.20.3.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.2.bb => gstreamer1.0-omx_1.20.3.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.2.bb => gstreamer1.0-plugins-bad_1.20.3.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.2.bb => gstreamer1.0-plugins-base_1.20.3.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.2.bb => gstreamer1.0-plugins-good_1.20.3.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.2.bb => gstreamer1.0-plugins-ugly_1.20.3.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.2.bb => gstreamer1.0-python_1.20.3.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.2.bb => gstreamer1.0-rtsp-server_1.20.3.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.2.bb => gstreamer1.0-vaapi_1.20.3.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.2.bb => gstreamer1.0_1.20.3.bb} (97%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
rename meta/recipes-support/libsoup/{libsoup_3.0.6.bb => libsoup_3.0.7.bb} (94%)
--
2.25.1
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 00/27] Patch review
@ 2023-02-12 21:10 Steve Sakoman
0 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2023-02-12 21:10 UTC (permalink / raw)
To: openembedded-core
Please review these patches for kirkstone and have comments back by end
of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4921
The following changes since commit cb64ace13db85e143d99627c8803fbb13ba18617:
Fix missing leading whitespace with ':append' (2023-02-01 04:16:52 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alejandro Hernandez Samaniego (1):
testimage: Fix error message to reflect new syntax
Alexander Kanavin (3):
vulkan-samples: branch rename master -> main
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building
tests
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with
a signal
Arnout Vandecappelle (1):
python3-pytest: depend on python3-tomli instead of python3-toml
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.89
linux-yocto/5.15: update to v5.15.91
Changqing Li (1):
apt: fix do_package_qa failure
Chee Yang Lee (1):
git: upgrade to 2.35.6
Harald Seiler (1):
bootchart2: Fix usrmerge support
Khem Raj (2):
scons: Pass MAXLINELENGTH to scons invocation
scons.bbclass: Make MAXLINELENGTH overridable
Louis Rannou (1):
oeqa/selftest/locales: Add selftest for locale generation/presence
Martin Jansa (1):
meta: remove True option to getVar and getVarFlag calls (again)
Mikko Rapeli (1):
oeqa context.py: fix --target-ip comment to include ssh port number
Mingli Yu (1):
glslang: branch rename master -> main
Narpat Mali (1):
python3-certifi: fix for CVE-2022-23491
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Richard Purdie (3):
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
make-mod-scripts: Ensure kernel build output is deterministic
libc-locale: Fix on target locale generation
Ross Burton (4):
git: ignore CVE-2022-41953
buildtools-tarball: set pkg-config search path
sdkext/cases/devtool: pass a logger to HTTPService
httpserver: add error handler that write to the logger
Ulrich Ölmann (2):
recipe_sanity: fix old override syntax
lsof: fix old override syntax
meta/classes/fs-uuid.bbclass | 2 +-
meta/classes/image.bbclass | 2 +-
meta/classes/kernel.bbclass | 3 -
meta/classes/libc-package.bbclass | 1 +
meta/classes/license_image.bbclass | 2 +-
meta/classes/linux-kernel-base.bbclass | 4 +
meta/classes/recipe_sanity.bbclass | 2 +-
meta/classes/scons.bbclass | 8 +-
meta/classes/testimage.bbclass | 2 +-
meta/lib/oe/package_manager/deb/__init__.py | 8 +-
meta/lib/oeqa/runtime/context.py | 4 +-
meta/lib/oeqa/sdkext/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/locales.py | 45 ++++
meta/lib/oeqa/utils/httpserver.py | 6 +
meta/lib/oeqa/utils/qemurunner.py | 11 +-
meta/recipes-core/meta/buildtools-tarball.bb | 3 +
meta/recipes-devtools/apt/apt_2.4.5.bb | 1 +
.../0001-bootchart2-support-usrmerge.patch | 37 ---
.../bootchart2/bootchart2_0.14.9.bb | 11 +-
.../git/{git_2.35.5.bb => git_2.35.6.bb} | 4 +-
meta/recipes-devtools/go/go_1.17.13.bb | 4 +-
.../python3-certifi/CVE-2022-23491.patch | 230 ++++++++++++++++++
.../python/python3-certifi_2021.10.8.bb | 2 +
.../python/python3-pytest_7.1.1.bb | 2 +-
meta/recipes-devtools/rust/rust-common.inc | 2 +-
meta/recipes-devtools/rust/rust.inc | 20 +-
meta/recipes-extended/lsof/lsof_4.94.0.bb | 2 +-
.../0001-Add-use_prebuilt_tools-option.patch | 173 -------------
...w-a-subset-of-tests-in-cross-compile.patch | 66 +++++
.../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 17 +-
.../glslang/glslang_1.3.204.1.bb | 2 +-
.../vulkan/vulkan-samples_git.bb | 2 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../make-mod-scripts/make-mod-scripts_1.0.bb | 2 +-
scripts/contrib/image-manifest | 2 +-
scripts/lib/devtool/menuconfig.py | 2 +-
38 files changed, 432 insertions(+), 292 deletions(-)
create mode 100644 meta/lib/oeqa/selftest/cases/locales.py
delete mode 100644 meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch
rename meta/recipes-devtools/git/{git_2.35.5.bb => git_2.35.6.bb} (97%)
create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2022-23491.patch
delete mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
--
2.34.1
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 00/27] Patch review
@ 2023-07-18 14:25 Steve Sakoman
0 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2023-07-18 14:25 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5608
with the exception of a known intermittent issue on oe-selftest-ubuntu involving
a regression introduced in recent kernel stable branch updates:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15138
This will be fixed in an upcoming linux-yocto version bump, see thread below
for details:
https://lists.openembedded.org/g/openembedded-core/topic/99542122#182828
The following changes since commit 200c2783b3f8546f561382fff6bd5268680d403a:
cve-update-nvd2-native: actually use API keys (2023-07-13 06:39:45 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alberto Planas (1):
bitbake.conf: add unzstd in HOSTTOOLS
Alexander Kanavin (5):
serf: upgrade 1.3.9 -> 1.3.10
wget: upgrade 1.21.3 -> 1.21.4
linux-firmware: upgrade 20230404 -> 20230515
wireless-regdb: upgrade 2023.02.13 -> 2023.05.03
sysfsutils: fetch a supported fork from github
Alexander Sverdlin (1):
rust-llvm: backport a fix for build with gcc-13
Chen Qi (4):
sdk.py: error out when moving file fails
sdk.py: fix moving dnf contents
zip: fix configure check by using _Static_assert
unzip: fix configure check for cross compilation
Heiko Thole (1):
wic: Add dependencies for erofs-utils
Hitendra Prajapati (1):
bind : fix CVE-2023-2828 & CVE-2023-2911
Jermain Horsman (1):
logrotate: Do not create logrotate.status file
Jose Quaresma (1):
selftest/reproducible: Allow chose the package manager
Marek Vasut (1):
systemd: Backport nspawn: make sure host root can write to the
uidmapped mounts we prepare for the container payload
Mauro Queiros (1):
pybootchartgui: show elapsed time for each task
Mikko Rapeli (1):
selftest reproducible.py: support different build targets
Nikhil R (1):
libpng: Add ptest for libpng
Poonam Jadhav (1):
libx11: Fix CVE-2023-3138 for kirkstone branch
Ross Burton (1):
tzdata: upgrade to 2023c
Soumya (2):
perl: Fix CVE-2023-31486
libwebp: Fix CVE-2023-1999
Tom Hochstein (1):
cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK
Trevor Gamblin (1):
vim: upgrade 9.0.1527 -> 9.0.1592
Vijay Anusuri (1):
sqlite3: CVE-2023-36191 CLI fault on missing -nonce
Vivek Kumbhar (1):
curl: Added CVE-2023-28320 Follow-up patch
meta/classes/image_types_wic.bbclass | 2 +-
meta/conf/bitbake.conf | 2 +-
.../distro/include/ptest-packagelists.inc | 1 +
meta/lib/oe/package_manager/rpm/sdk.py | 3 +-
meta/lib/oe/sdk.py | 2 +-
meta/lib/oeqa/selftest/cases/reproducible.py | 14 +-
.../bind/bind-9.18.11/CVE-2023-2828.patch | 197 ++++++++++++
.../bind/bind-9.18.11/CVE-2023-2911.patch | 97 ++++++
.../recipes-connectivity/bind/bind_9.18.11.bb | 2 +
meta/recipes-core/meta/wic-tools.bb | 2 +-
.../sysfsutils/sysfsutils_2.1.0.bb | 10 +-
...-host-root-can-write-to-the-uidmappe.patch | 216 +++++++++++++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
.../cmake/cmake/OEToolchainConfig.cmake | 5 +-
.../perl/files/CVE-2023-31486-0001.patch | 215 +++++++++++++
.../perl/files/CVE-2023-31486-0002.patch | 36 +++
meta/recipes-devtools/perl/perl_5.34.1.bb | 2 +
meta/recipes-devtools/rust/rust-llvm.inc | 4 +-
...-missing-cstdint-header-to-Signals.h.patch | 32 ++
.../logrotate/logrotate_3.20.1.bb | 1 -
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../timezone/tzcode-native.bb | 2 -
...0001-Fix-C23-related-conformance-bug.patch | 301 ------------------
...-fix-detection-for-cross-compilation.patch | 103 ++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
meta/recipes-extended/wget/wget.inc | 2 +-
.../wget/{wget_1.21.3.bb => wget_1.21.4.bb} | 2 +-
...se-_Static_assert-to-do-correct-dete.patch | 96 ++++++
meta/recipes-extended/zip/zip_3.0.bb | 1 +
.../xorg-lib/libx11/CVE-2023-3138.patch | 111 +++++++
.../xorg-lib/libx11_1.7.3.1.bb | 1 +
...20230404.bb => linux-firmware_20230515.bb} | 4 +-
....02.13.bb => wireless-regdb_2023.05.03.bb} | 2 +-
.../recipes-multimedia/libpng/files/run-ptest | 29 ++
.../libpng/libpng_1.6.39.bb | 16 +-
.../webp/files/CVE-2023-1999.patch | 60 ++++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 4 +-
.../curl/curl/CVE-2023-28320-fol1.patch | 197 ++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
...print-in-the-scons-file-to-unbreak-b.patch | 29 --
...sl_buckets.c-do-not-use-ERR_GET_FUNC.patch | 28 --
...11083-fix-building-with-scons-3.0.0-.patch | 29 --
...ories.without.sandbox-install.prefix.patch | 2 +-
.../serf/{serf_1.3.9.bb => serf_1.3.10.bb} | 6 +-
.../sqlite/files/CVE-2023-36191.patch | 37 +++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/wic/misc.py | 1 +
scripts/pybootchartgui/pybootchartgui/draw.py | 5 +
49 files changed, 1496 insertions(+), 429 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
create mode 100644 meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch
create mode 100644 meta/recipes-core/systemd/systemd/0001-nspawn-make-sure-host-root-can-write-to-the-uidmappe.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
create mode 100644 meta/recipes-devtools/rust/rust-llvm/0003-Support-Add-missing-cstdint-header-to-Signals.h.patch
delete mode 100644 meta/recipes-extended/timezone/tzcode/0001-Fix-C23-related-conformance-bug.patch
create mode 100644 meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch
rename meta/recipes-extended/wget/{wget_1.21.3.bb => wget_1.21.4.bb} (60%)
create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-3138.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230404.bb => linux-firmware_20230515.bb} (99%)
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.02.13.bb => wireless-regdb_2023.05.03.bb} (94%)
create mode 100644 meta/recipes-multimedia/libpng/files/run-ptest
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
delete mode 100644 meta/recipes-support/serf/serf/0001-Fix-syntax-of-a-print-in-the-scons-file-to-unbreak-b.patch
delete mode 100644 meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch
delete mode 100644 meta/recipes-support/serf/serf/0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch
rename meta/recipes-support/serf/{serf_1.3.9.bb => serf_1.3.10.bb} (78%)
create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-36191.patch
--
2.34.1
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 00/27] Patch review
@ 2025-06-17 21:19 Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802 Steve Sakoman
` (26 more replies)
0 siblings, 27 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:19 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, June 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1828
The following changes since commit 350513959f6800eef6579153c2ae95960ca24ea7:
kernel.bbclass: add original package name to RPROVIDES for -image and -base (2025-06-09 08:44:59 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aditya Tayade (1):
e2fsprogs: removed 'sed -u' option
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.27
Colin Pinnell McAllister (1):
ffmpeg: fix CVE-2025-1373
Guocai He (1):
babeltrace/libatomic-ops: correct the SRC_URI
Jiaying Song (1):
python3-requests: fix CVE-2024-47081
Peter Marko (1):
net-tools: patch CVE-2025-46836
Poonam Jadhav (1):
libpng: Improve ptest
Sunil Dora (9):
Glibc: Fix for CVE-2025-4802
glibc: pthreads NPTL lost wakeup fix 2
glibc: nptl Update comments and indentation for new condvar
implementation
glibc: nptl Remove unnecessary catch-all-wake in condvar group switch
glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait
glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested
loop
glibc: nptl Fix indentation
glibc: nptl rename __condvar_quiesce_and_switch_g1
glibc: nptl Use all of g1_start and g_signals
Vijay Anusuri (9):
libsoup-2.4: Fix CVE-2025-2784
libsoup: Fix CVE-2025-2784
libsoup-2.4: Fix CVE-2025-32050
libsoup: Fix CVE-2025-32050
libsoup-2.4: Fix CVE-2025-32052
libsoup: Fix CVE-2025-32052
libsoup-2.4: Fix CVE-2025-32053
libsoup: Fix CVE-2025-32053
libsoup: Fix CVE-2025-46420
aszh07 (2):
ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
xz: Update LICENSE variable for xz packages
.../distro/include/ptest-packagelists.inc | 2 +-
.../glibc/glibc/0025-CVE-2025-4802.patch | 249 ++++++++++
.../glibc/glibc/0026-PR25847-1.patch | 455 ++++++++++++++++++
.../glibc/glibc/0026-PR25847-2.patch | 144 ++++++
.../glibc/glibc/0026-PR25847-3.patch | 77 +++
.../glibc/glibc/0026-PR25847-4.patch | 117 +++++
.../glibc/glibc/0026-PR25847-5.patch | 105 ++++
.../glibc/glibc/0026-PR25847-6.patch | 169 +++++++
.../glibc/glibc/0026-PR25847-7.patch | 160 ++++++
.../glibc/glibc/0026-PR25847-8.patch | 192 ++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 9 +
.../e2fsprogs/e2fsprogs/run-ptest | 3 +-
.../python3-requests/CVE-2024-47081.patch | 37 ++
.../python/python3-requests_2.27.1.bb | 1 +
.../net-tools/CVE-2025-46836-01.patch | 91 ++++
.../net-tools/CVE-2025-46836-02.patch | 31 ++
.../net-tools/net-tools_2.10.bb | 2 +
meta/recipes-extended/xz/xz_5.2.6.bb | 6 +-
.../recipes-kernel/lttng/babeltrace_1.5.11.bb | 2 +-
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 7 +
.../recipes-multimedia/libpng/files/run-ptest | 26 +-
.../libpng/libpng_1.6.39.bb | 43 +-
.../libatomic-ops/libatomic-ops_7.6.14.bb | 4 +-
.../libsoup/libsoup-2.4/CVE-2025-2784-1.patch | 52 ++
.../libsoup/libsoup-2.4/CVE-2025-2784-2.patch | 135 ++++++
.../libsoup/libsoup-2.4/CVE-2025-32050.patch | 28 ++
.../libsoup/libsoup-2.4/CVE-2025-32052.patch | 30 ++
.../libsoup/libsoup-2.4/CVE-2025-32053.patch | 38 ++
.../libsoup/libsoup-2.4_2.74.2.bb | 5 +
.../libsoup/libsoup/CVE-2025-2784-1.patch | 73 +++
.../libsoup/libsoup/CVE-2025-2784-2.patch | 140 ++++++
.../libsoup/libsoup/CVE-2025-32050.patch | 28 ++
.../libsoup/libsoup/CVE-2025-32052.patch | 30 ++
.../libsoup/libsoup/CVE-2025-32053.patch | 38 ++
.../libsoup/libsoup/CVE-2025-46420.patch | 60 +++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 6 +
scripts/install-buildtools | 4 +-
37 files changed, 2557 insertions(+), 42 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-1.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-2.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-3.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-4.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-5.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-6.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-7.patch
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-8.patch
create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-47081.patch
create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
--
2.43.0
^ permalink raw reply [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
@ 2025-06-17 21:19 ` Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 02/27] python3-requests: fix CVE-2024-47081 Steve Sakoman
` (25 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:19 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
[https://sourceware.org/bugzilla/show_bug.cgi?id=32976]
Upstream-Status: Backport [ https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 &&
https://sourceware.org/cgit/glibc/commit/?id=d8f7a79335b0d861c12c42aec94c04cd5bb181e2 ]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0025-CVE-2025-4802.patch | 249 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 250 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
diff --git a/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch b/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
new file mode 100644
index 0000000000..0298f5a865
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
@@ -0,0 +1,249 @@
+From 32917e7ee972e7a01127a04454f12ef31dc312ed Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Wed, 11 Jun 2025 03:19:10 -0700
+Subject: [PATCH] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for
+ static
+
+It mimics the ld.so behavior.
+Checked on x86_64-linux-gnu.
+
+[New Test Case]
+elf: Test case for bug 32976
+[https://sourceware.org/bugzilla/show_bug.cgi?id=32976]
+
+Check that LD_LIBRARY_PATH is ignored for AT_SECURE statically
+linked binaries, using support_capture_subprogram_self_sgid.
+
+Upstream-Status: Backport [https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 &&
+ https://sourceware.org/cgit/glibc/commit/?id=d8f7a79335b0d861c12c42aec94c04cd5bb181e2]
+
+CVE: CVE-2025-4802
+
+Co-authored-by: Florian Weimer <fweimer@redhat.com>
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ elf/Makefile | 4 ++
+ elf/dl-support.c | 46 ++++++++---------
+ elf/tst-dlopen-sgid-mod.c | 1 +
+ elf/tst-dlopen-sgid.c | 104 ++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 132 insertions(+), 23 deletions(-)
+ create mode 100644 elf/tst-dlopen-sgid-mod.c
+ create mode 100644 elf/tst-dlopen-sgid.c
+
+diff --git a/elf/Makefile b/elf/Makefile
+index 61c41ea6..3ad66ab6 100644
+--- a/elf/Makefile
++++ b/elf/Makefile
+@@ -274,6 +274,7 @@ tests-static-normal := \
+ tst-array1-static \
+ tst-array5-static \
+ tst-dl-iter-static \
++ tst-dlopen-sgid \
+ tst-dst-static \
+ tst-env-setuid \
+ tst-env-setuid-tunables \
+@@ -807,6 +808,7 @@ modules-names = \
+ tst-dlmopen-gethostbyname-mod \
+ tst-dlmopen-twice-mod1 \
+ tst-dlmopen-twice-mod2 \
++ tst-dlopen-sgid-mod \
+ tst-dlopenfaillinkmod \
+ tst-dlopenfailmod1 \
+ tst-dlopenfailmod2 \
+@@ -2913,3 +2915,5 @@ $(objpfx)tst-recursive-tls.out: \
+ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15)
+ $(objpfx)tst-recursive-tlsmod%.os: tst-recursive-tlsmodN.c
+ $(compile-command.c) -DVAR=thread_$* -DFUNC=get_threadvar_$*
++
++$(objpfx)tst-dlopen-sgid.out: $(objpfx)tst-dlopen-sgid-mod.so
+diff --git a/elf/dl-support.c b/elf/dl-support.c
+index 09079c12..c2baed69 100644
+--- a/elf/dl-support.c
++++ b/elf/dl-support.c
+@@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
+ _dl_main_map.l_phdr = GL(dl_phdr);
+ _dl_main_map.l_phnum = GL(dl_phnum);
+
+- _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
+-
+ /* Set up the data structures for the system-supplied DSO early,
+ so they can influence _dl_init_paths. */
+ setup_vdso (NULL, NULL);
+@@ -281,27 +279,6 @@ _dl_non_dynamic_init (void)
+ /* With vDSO setup we can initialize the function pointers. */
+ setup_vdso_pointers ();
+
+- /* Initialize the data structures for the search paths for shared
+- objects. */
+- _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
+- /* No glibc-hwcaps selection support in statically
+- linked binaries. */
+- NULL, NULL);
+-
+- /* Remember the last search directory added at startup. */
+- _dl_init_all_dirs = GL(dl_all_dirs);
+-
+- _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0';
+-
+- _dl_bind_not = *(getenv ("LD_BIND_NOT") ?: "") != '\0';
+-
+- _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
+-
+- _dl_profile_output = getenv ("LD_PROFILE_OUTPUT");
+- if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0')
+- _dl_profile_output
+- = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
+-
+ if (__libc_enable_secure)
+ {
+ static const char unsecure_envvars[] =
+@@ -324,6 +301,29 @@ _dl_non_dynamic_init (void)
+ #endif
+ }
+
++ _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
++
++ /* Initialize the data structures for the search paths for shared
++ objects. */
++ _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
++ /* No glibc-hwcaps selection support in statically
++ linked binaries. */
++ NULL, NULL);
++
++ /* Remember the last search directory added at startup. */
++ _dl_init_all_dirs = GL(dl_all_dirs);
++
++ _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0';
++
++ _dl_bind_not = *(getenv ("LD_BIND_NOT") ?: "") != '\0';
++
++ _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
++
++ _dl_profile_output = getenv ("LD_PROFILE_OUTPUT");
++ if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0')
++ _dl_profile_output
++ = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
++
+ #ifdef DL_PLATFORM_INIT
+ DL_PLATFORM_INIT;
+ #endif
+diff --git a/elf/tst-dlopen-sgid-mod.c b/elf/tst-dlopen-sgid-mod.c
+new file mode 100644
+index 00000000..5eb79eef
+--- /dev/null
++++ b/elf/tst-dlopen-sgid-mod.c
+@@ -0,0 +1 @@
++/* Opening this object should not succeed. */
+diff --git a/elf/tst-dlopen-sgid.c b/elf/tst-dlopen-sgid.c
+new file mode 100644
+index 00000000..47829a40
+--- /dev/null
++++ b/elf/tst-dlopen-sgid.c
+@@ -0,0 +1,104 @@
++/* Test case for ignored LD_LIBRARY_PATH in static startug (bug 32976).
++ Copyright (C) 2025 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <dlfcn.h>
++#include <gnu/lib-names.h>
++#include <stddef.h>
++#include <stdint.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/capture_subprocess.h>
++#include <support/check.h>
++#include <support/support.h>
++#include <support/temp_file.h>
++#include <unistd.h>
++
++/* This is the name of our test object. Use a custom module for
++ testing, so that this object does not get picked up from the system
++ path. */
++static const char dso_name[] = "tst-dlopen-sgid-mod.so";
++
++/* Used to mark the recursive invocation. */
++static const char magic_argument[] = "run-actual-test";
++
++static int
++do_test (void)
++{
++/* Pathname of the directory that receives the shared objects this
++ test attempts to load. */
++ char *libdir = support_create_temp_directory ("tst-dlopen-sgid-");
++
++ /* This is supposed to be ignored and stripped. */
++ TEST_COMPARE (setenv ("LD_LIBRARY_PATH", libdir, 1), 0);
++
++ /* Copy of libc.so.6. */
++ {
++ char *from = xasprintf ("%s/%s", support_objdir_root, LIBC_SO);
++ char *to = xasprintf ("%s/%s", libdir, LIBC_SO);
++ add_temp_file (to);
++ support_copy_file (from, to);
++ free (to);
++ free (from);
++ }
++
++ /* Copy of the test object. */
++ {
++ char *from = xasprintf ("%s/elf/%s", support_objdir_root, dso_name);
++ char *to = xasprintf ("%s/%s", libdir, dso_name);
++ add_temp_file (to);
++ support_copy_file (from, to);
++ free (to);
++ free (from);
++ }
++
++ TEST_COMPARE (support_capture_subprogram_self_sgid (magic_argument), 0);
++
++ free (libdir);
++
++ return 0;
++}
++
++static void
++alternative_main (int argc, char **argv)
++{
++ if (argc == 2 && strcmp (argv[1], magic_argument) == 0)
++ {
++ if (getgid () == getegid ())
++ /* This can happen if the file system is mounted nosuid. */
++ FAIL_UNSUPPORTED ("SGID failed: GID and EGID match (%jd)\n",
++ (intmax_t) getgid ());
++
++ /* Should be removed due to SGID. */
++ TEST_COMPARE_STRING (getenv ("LD_LIBRARY_PATH"), NULL);
++
++ TEST_VERIFY (dlopen (dso_name, RTLD_NOW) == NULL);
++ {
++ const char *message = dlerror ();
++ TEST_COMPARE_STRING (message,
++ "tst-dlopen-sgid-mod.so:"
++ " cannot open shared object file:"
++ " No such file or directory");
++ }
++
++ support_record_failure_barrier ();
++ exit (EXIT_SUCCESS);
++ }
++}
++
++#define PREPARE alternative_main
++#include <support/test-driver.c>
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 9073e04537..1ea4d5a252 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -61,6 +61,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0022-sysdeps-gnu-configure.ac-Set-libc_cv_rootsbindir-onl.patch \
file://0023-timezone-Make-shell-interpreter-overridable-in-tzsel.patch \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
+ file://0025-CVE-2025-4802.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 02/27] python3-requests: fix CVE-2024-47081
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802 Steve Sakoman
@ 2025-06-17 21:19 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 03/27] net-tools: patch CVE-2025-46836 Steve Sakoman
` (24 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:19 UTC (permalink / raw)
To: openembedded-core
From: Jiaying Song <jiaying.song.cn@windriver.com>
Requests is a HTTP library. Due to a URL parsing issue, Requests
releases prior to 2.32.4 may leak .netrc credentials to third parties
for specific maliciously-crafted URLs. Users should upgrade to version
2.32.4 to receive a fix. For older versions of Requests, use of the
.netrc file can be disabled with `trust_env=False` on one's Requests
Session.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47081
Upstream patch:
https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python3-requests/CVE-2024-47081.patch | 37 +++++++++++++++++++
.../python/python3-requests_2.27.1.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-47081.patch
diff --git a/meta/recipes-devtools/python/python3-requests/CVE-2024-47081.patch b/meta/recipes-devtools/python/python3-requests/CVE-2024-47081.patch
new file mode 100644
index 0000000000..1d465cc594
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-requests/CVE-2024-47081.patch
@@ -0,0 +1,37 @@
+From c664b4415baf1b237a8d74f5e880179e69ee764c Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Wed, 25 Sep 2024 08:03:20 -0700
+Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
+
+CVE: CVE-2024-47081
+
+Upstream-Status: Backport
+[https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef]
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ requests/utils.py | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/requests/utils.py b/requests/utils.py
+index 153776c7..eae72959 100644
+--- a/requests/utils.py
++++ b/requests/utils.py
+@@ -208,13 +208,7 @@ def get_netrc_auth(url, raise_errors=False):
+ return
+
+ ri = urlparse(url)
+-
+- # Strip port numbers from netloc. This weird `if...encode`` dance is
+- # used for Python 3.2, which doesn't support unicode literals.
+- splitstr = b':'
+- if isinstance(url, str):
+- splitstr = splitstr.decode('ascii')
+- host = ri.netloc.split(splitstr)[0]
++ host = ri.hostname
+
+ try:
+ _netrc = netrc(netrc_path).authenticators(host)
+--
+2.34.1
+
diff --git a/meta/recipes-devtools/python/python3-requests_2.27.1.bb b/meta/recipes-devtools/python/python3-requests_2.27.1.bb
index 689a1dffb7..6f7c47abac 100644
--- a/meta/recipes-devtools/python/python3-requests_2.27.1.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.27.1.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
SRC_URI += "file://CVE-2023-32681.patch \
file://CVE-2024-35195.patch \
+ file://CVE-2024-47081.patch \
"
SRC_URI[sha256sum] = "68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 03/27] net-tools: patch CVE-2025-46836
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802 Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 02/27] python3-requests: fix CVE-2024-47081 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 04/27] libsoup-2.4: Fix CVE-2025-2784 Steve Sakoman
` (23 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Backport patch for this CVE and also patch for its regression.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../net-tools/CVE-2025-46836-01.patch | 91 +++++++++++++++++++
.../net-tools/CVE-2025-46836-02.patch | 31 +++++++
.../net-tools/net-tools_2.10.bb | 2 +
3 files changed, 124 insertions(+)
create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
diff --git a/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
new file mode 100644
index 0000000000..0d55512497
--- /dev/null
+++ b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
@@ -0,0 +1,91 @@
+From 7a8f42fb20013a1493d8cae1c43436f85e656f2d Mon Sep 17 00:00:00 2001
+From: Zephkeks <zephyrofficialdiscord@gmail.com>
+Date: Tue, 13 May 2025 11:04:17 +0200
+Subject: [PATCH] CVE-2025-46836: interface.c: Stack-based Buffer Overflow in
+ get_name()
+
+Coordinated as GHSA-pfwf-h6m3-63wf
+
+CVE: CVE-2025-46836
+Upstream-Status: Backport [https://sourceforge.net/p/net-tools/code/ci/7a8f42fb20013a1493d8cae1c43436f85e656f2d/]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/interface.c | 63 ++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 39 insertions(+), 24 deletions(-)
+
+diff --git a/lib/interface.c b/lib/interface.c
+index 71d4163..a054f12 100644
+--- a/lib/interface.c
++++ b/lib/interface.c
+@@ -211,32 +211,47 @@ out:
+ }
+
+ static const char *get_name(char *name, const char *p)
++/* Safe version — guarantees at most IFNAMSIZ‑1 bytes are copied
++ and the destination buffer is always NUL‑terminated. */
+ {
+- while (isspace(*p))
+- p++;
+- while (*p) {
+- if (isspace(*p))
+- break;
+- if (*p == ':') { /* could be an alias */
+- const char *dot = p++;
+- while (*p && isdigit(*p)) p++;
+- if (*p == ':') {
+- /* Yes it is, backup and copy it. */
+- p = dot;
+- *name++ = *p++;
+- while (*p && isdigit(*p)) {
+- *name++ = *p++;
+- }
+- } else {
+- /* No, it isn't */
+- p = dot;
+- }
+- p++;
+- break;
+- }
+- *name++ = *p++;
++ char *dst = name; /* current write ptr */
++ const char *end = name + IFNAMSIZ - 1; /* last byte we may write */
++
++ /* Skip leading white‑space. */
++ while (isspace((unsigned char)*p))
++ ++p;
++
++ /* Copy until white‑space, end of string, or buffer full. */
++ while (*p && !isspace((unsigned char)*p) && dst < end) {
++ if (*p == ':') { /* possible alias veth0:123: */
++ const char *dot = p; /* remember the colon */
++ ++p;
++ while (*p && isdigit((unsigned char)*p))
++ ++p;
++
++ if (*p == ':') { /* confirmed alias */
++ p = dot; /* rewind and copy it all */
++
++ /* copy the colon */
++ if (dst < end)
++ *dst++ = *p++;
++
++ /* copy the digits */
++ while (*p && isdigit((unsigned char)*p) && dst < end)
++ *dst++ = *p++;
++
++ if (*p == ':') /* consume trailing colon */
++ ++p;
++ } else { /* if so treat as normal */
++ p = dot;
++ }
++ break; /* interface name ends here */
++ }
++
++ *dst++ = *p++; /* ordinary character copy */
+ }
+- *name++ = '\0';
++
++ *dst = '\0'; /* always NUL‑terminate */
+ return p;
+ }
+
diff --git a/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
new file mode 100644
index 0000000000..d2c3673a24
--- /dev/null
+++ b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
@@ -0,0 +1,31 @@
+From ddb0e375fb9ca95bb69335540b85bbdaa2714348 Mon Sep 17 00:00:00 2001
+From: Bernd Eckenfels <net-tools@lina.inka.de>
+Date: Sat, 17 May 2025 21:53:23 +0200
+Subject: [PATCH] Interface statistic regression after 7a8f42fb2
+
+CVE: CVE-2025-46836
+Upstream-Status: Backport [https://sourceforge.net/p/net-tools/code/ci/ddb0e375fb9ca95bb69335540b85bbdaa2714348/]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/interface.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/interface.c b/lib/interface.c
+index a054f12..ca4adf1 100644
+--- a/lib/interface.c
++++ b/lib/interface.c
+@@ -239,12 +239,11 @@ static const char *get_name(char *name, const char *p)
+ /* copy the digits */
+ while (*p && isdigit((unsigned char)*p) && dst < end)
+ *dst++ = *p++;
+-
+- if (*p == ':') /* consume trailing colon */
+- ++p;
+ } else { /* if so treat as normal */
+ p = dot;
+ }
++ if (*p == ':') /* consume trailing colon */
++ ++p;
+ break; /* interface name ends here */
+ }
+
diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb
index 33304297ec..c4d298181a 100644
--- a/meta/recipes-extended/net-tools/net-tools_2.10.bb
+++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb
@@ -11,6 +11,8 @@ SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \
file://net-tools-config.h \
file://net-tools-config.make \
file://Add_missing_headers.patch \
+ file://CVE-2025-46836-01.patch \
+ file://CVE-2025-46836-02.patch \
"
S = "${WORKDIR}/git"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 04/27] libsoup-2.4: Fix CVE-2025-2784
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 03/27] net-tools: patch CVE-2025-46836 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 05/27] libsoup: " Steve Sakoman
` (22 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d]
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup-2.4/CVE-2025-2784-1.patch | 52 +++++++
.../libsoup/libsoup-2.4/CVE-2025-2784-2.patch | 135 ++++++++++++++++++
.../libsoup/libsoup-2.4_2.74.2.bb | 2 +
3 files changed, 189 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch
new file mode 100644
index 0000000000..bc2538329f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch
@@ -0,0 +1,52 @@
+From 242a10fbb12dbdc12d254bd8fc8669a0ac055304 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:39:42 -0600
+Subject: [PATCH] sniffer: Fix potential overflow
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2025-2784-1.patch?h=ubuntu/focal-security
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304]
+CVE: CVE-2025-2784
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ tests/meson.build | 4 +++-
+ tests/resources/whitespace.html | Bin 0 -> 512 bytes
+ tests/sniffing-test.c | 5 +++++
+ tests/soup-tests.gresource.xml | 1 +
+ 5 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 tests/resources/whitespace.html
+
+--- libsoup2.4-2.70.0.orig/libsoup/soup-content-sniffer.c
++++ libsoup2.4-2.70.0/libsoup/soup-content-sniffer.c
+@@ -642,7 +642,7 @@ sniff_feed_or_html (SoupContentSniffer *
+ pos = 3;
+
+ look_for_tag:
+- if (pos > resource_length)
++ if (pos >= resource_length)
+ goto text_html;
+
+ if (skip_insignificant_space (resource, &pos, resource_length))
+--- libsoup2.4-2.70.0.orig/tests/sniffing-test.c
++++ libsoup2.4-2.70.0/tests/sniffing-test.c
+@@ -601,6 +601,11 @@ main (int argc, char **argv)
+ "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
+ do_sniffing_test);
+
++ /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
++ g_test_add_data_func ("/sniffing/whitespace",
++ "type/text_html/whitespace.html => text/html",
++ do_sniffing_test);
++
+ /* Test that disabling the sniffer works correctly */
+ g_test_add_data_func ("/sniffing/disabled",
+ "/text_or_binary/home.gif",
+--- libsoup2.4-2.70.0.orig/tests/soup-tests.gresource.xml
++++ libsoup2.4-2.70.0/tests/soup-tests.gresource.xml
+@@ -25,5 +25,6 @@
+ <file>resources/text.txt</file>
+ <file>resources/text_binary.txt</file>
+ <file>resources/tux.webp</file>
++ <file>resources/whitespace.html</file>
+ </gresource>
+ </gresources>
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch
new file mode 100644
index 0000000000..c9d9c04087
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch
@@ -0,0 +1,135 @@
+From c415ad0b6771992e66c70edf373566c6e247089d Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 18 Feb 2025 14:29:50 -0600
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2025-2784-2.patch?h=ubuntu/focal-security
+Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d]
+CVE: CVE-2025-2784
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ .../content-sniffer/soup-content-sniffer.c | 10 ++--
+ tests/resources/whitespace.html | Bin 512 -> 0 bytes
+ tests/sniffing-test.c | 53 ++++++++++++++++--
+ tests/soup-tests.gresource.xml | 1 -
+ 4 files changed, 53 insertions(+), 11 deletions(-)
+ delete mode 100644 tests/resources/whitespace.html
+
+--- libsoup2.4-2.70.0.orig/libsoup/soup-content-sniffer.c
++++ libsoup2.4-2.70.0/libsoup/soup-content-sniffer.c
+@@ -612,8 +612,11 @@ sniff_text_or_binary (SoupContentSniffer
+ }
+
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++ if (*pos >= resource_length)
++ return TRUE;
++
+ while ((resource[*pos] == '\x09') ||
+ (resource[*pos] == '\x20') ||
+ (resource[*pos] == '\x0A') ||
+@@ -632,7 +635,7 @@ sniff_feed_or_html (SoupContentSniffer *
+ {
+ const char *resource = (const char *)buffer->data;
+ int resource_length = MIN (512, buffer->length);
+- int pos = 0;
++ gsize pos = 0;
+
+ if (resource_length < 3)
+ goto text_html;
+@@ -642,9 +645,6 @@ sniff_feed_or_html (SoupContentSniffer *
+ pos = 3;
+
+ look_for_tag:
+- if (pos >= resource_length)
+- goto text_html;
+-
+ if (skip_insignificant_space (resource, &pos, resource_length))
+ goto text_html;
+
+--- libsoup2.4-2.70.0.orig/tests/sniffing-test.c
++++ libsoup2.4-2.70.0/tests/sniffing-test.c
+@@ -432,6 +432,53 @@ test_disabled (gconstpointer data)
+ soup_uri_free (uri);
+ }
+
++static const gsize MARKUP_LENGTH = strlen ("<!--") + strlen ("-->");
++
++static void
++do_skip_whitespace_test (void)
++{
++ SoupContentSniffer *sniffer = soup_content_sniffer_new ();
++ SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org");
++ const char *test_cases[] = {
++ "",
++ "<rdf:RDF",
++ "<rdf:RDFxmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"",
++ "<rdf:RDFxmlns=\"http://purl.org/rss/1.0/\"",
++ };
++
++ soup_message_headers_set_content_type (msg->response_headers, "text/html", NULL);
++
++ guint i;
++ for (i = 0; i < G_N_ELEMENTS (test_cases); i++) {
++ const char *trailing_data = test_cases[i];
++ gsize leading_zeros = 512 - MARKUP_LENGTH - strlen (trailing_data);
++ gsize testsize = MARKUP_LENGTH + leading_zeros + strlen (trailing_data);
++ guint8 *data = g_malloc0 (testsize);
++ guint8 *p = data;
++ char *content_type;
++ GBytes *buffer;
++
++ /* Format of <!--[0x00 * $leading_zeros]-->$trailing_data */
++ memcpy (p, "<!--", strlen ("<!--"));
++ p += strlen ("<!--");
++ p += leading_zeros;
++ memcpy (p, "-->", strlen ("-->"));
++ p += strlen ("-->");
++ if (strlen (trailing_data))
++ memcpy (p, trailing_data, strlen (trailing_data));
++ /* Purposefully not NUL terminated. */
++
++ buffer = g_bytes_new_take (g_steal_pointer (&data), testsize);
++ content_type = soup_content_sniffer_sniff (sniffer, msg, (SoupBuffer *) buffer, NULL);
++
++ g_free (content_type);
++ g_bytes_unref (buffer);
++ }
++
++ g_object_unref (msg);
++ g_object_unref (sniffer);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -601,16 +648,13 @@ main (int argc, char **argv)
+ "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
+ do_sniffing_test);
+
+- /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
+- g_test_add_data_func ("/sniffing/whitespace",
+- "type/text_html/whitespace.html => text/html",
+- do_sniffing_test);
+-
+ /* Test that disabling the sniffer works correctly */
+ g_test_add_data_func ("/sniffing/disabled",
+ "/text_or_binary/home.gif",
+ test_disabled);
+
++ g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test);
++
+ ret = g_test_run ();
+
+ soup_uri_free (base_uri);
+--- libsoup2.4-2.70.0.orig/tests/soup-tests.gresource.xml
++++ libsoup2.4-2.70.0/tests/soup-tests.gresource.xml
+@@ -25,6 +25,5 @@
+ <file>resources/text.txt</file>
+ <file>resources/text_binary.txt</file>
+ <file>resources/tux.webp</file>
+- <file>resources/whitespace.html</file>
+ </gresource>
+ </gresources>
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index bb15e8b926..5e8a141dc5 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -32,6 +32,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32912-1.patch \
file://CVE-2025-32912-2.patch \
file://CVE-2025-32914.patch \
+ file://CVE-2025-2784-1.patch \
+ file://CVE-2025-2784-2.patch \
"
SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 05/27] libsoup: Fix CVE-2025-2784
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 04/27] libsoup-2.4: Fix CVE-2025-2784 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 06/27] libsoup-2.4: Fix CVE-2025-32050 Steve Sakoman
` (21 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d]
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-2784-1.patch | 73 +++++++++
.../libsoup/libsoup/CVE-2025-2784-2.patch | 140 ++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 2 +
3 files changed, 215 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch
new file mode 100644
index 0000000000..d46886c57f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch
@@ -0,0 +1,73 @@
+From 242a10fbb12dbdc12d254bd8fc8669a0ac055304 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:39:42 -0600
+Subject: [PATCH] sniffer: Fix potential overflow
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304]
+CVE: CVE-2025-2784
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ tests/meson.build | 4 +++-
+ tests/sniffing-test.c | 5 +++++
+ tests/soup-tests.gresource.xml | 1 +
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index d7c46c8..648ea04 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -666,7 +666,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ pos = 3;
+
+ look_for_tag:
+- if (pos > resource_length)
++ if (pos >= resource_length)
+ goto text_html;
+
+ if (skip_insignificant_space (resource, &pos, resource_length))
+diff --git a/tests/meson.build b/tests/meson.build
+index 7851e57..450becb 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -92,7 +92,9 @@ tests = [
+ {'name': 'session'},
+ {'name': 'server-auth'},
+ {'name': 'server'},
+- {'name': 'sniffing'},
++ {'name': 'sniffing',
++ 'depends': [test_resources],
++ },
+ {'name': 'socket'},
+ {'name': 'ssl',
+ 'dependencies': [gnutls_dep],
+diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
+index 6116719..b542817 100644
+--- a/tests/sniffing-test.c
++++ b/tests/sniffing-test.c
+@@ -512,6 +512,11 @@ main (int argc, char **argv)
+ "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
+ do_sniffing_test);
+
++ /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
++ g_test_add_data_func ("/sniffing/whitespace",
++ "type/text_html/whitespace.html => text/html",
++ do_sniffing_test);
++
+ /* Test that disabling the sniffer works correctly */
+ g_test_add_data_func ("/sniffing/disabled",
+ "/text_or_binary/home.gif",
+diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml
+index 9c08d17..cbef1d4 100644
+--- a/tests/soup-tests.gresource.xml
++++ b/tests/soup-tests.gresource.xml
+@@ -25,5 +25,6 @@
+ <file>resources/text.txt</file>
+ <file>resources/text_binary.txt</file>
+ <file>resources/tux.webp</file>
++ <file>resources/whitespace.html</file>
+ </gresource>
+ </gresources>
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch
new file mode 100644
index 0000000000..5ac837f9b8
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch
@@ -0,0 +1,140 @@
+From c415ad0b6771992e66c70edf373566c6e247089d Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 18 Feb 2025 14:29:50 -0600
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d]
+CVE: CVE-2025-2784
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ .../content-sniffer/soup-content-sniffer.c | 10 ++--
+ tests/sniffing-test.c | 53 +++++++++++++++++--
+ tests/soup-tests.gresource.xml | 1 -
+ 3 files changed, 53 insertions(+), 11 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 648ea04..ebe8f6d 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -635,8 +635,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, GBytes *buffer)
+ }
+
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++ if (*pos >= resource_length)
++ return TRUE;
++
+ while ((resource[*pos] == '\x09') ||
+ (resource[*pos] == '\x20') ||
+ (resource[*pos] == '\x0A') ||
+@@ -656,7 +659,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ gsize resource_length;
+ const char *resource = g_bytes_get_data (buffer, &resource_length);
+ resource_length = MIN (512, resource_length);
+- int pos = 0;
++ gsize pos = 0;
+
+ if (resource_length < 3)
+ goto text_html;
+@@ -666,9 +669,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ pos = 3;
+
+ look_for_tag:
+- if (pos >= resource_length)
+- goto text_html;
+-
+ if (skip_insignificant_space (resource, &pos, resource_length))
+ goto text_html;
+
+diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
+index b542817..7857732 100644
+--- a/tests/sniffing-test.c
++++ b/tests/sniffing-test.c
+@@ -342,6 +342,52 @@ test_disabled (gconstpointer data)
+ g_uri_unref (uri);
+ }
+
++static const gsize MARKUP_LENGTH = strlen ("<!--") + strlen ("-->");
++
++static void
++do_skip_whitespace_test (void)
++{
++ SoupContentSniffer *sniffer = soup_content_sniffer_new ();
++ SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org");
++ const char *test_cases[] = {
++ "",
++ "<rdf:RDF",
++ "<rdf:RDFxmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"",
++ "<rdf:RDFxmlns=\"http://purl.org/rss/1.0/\"",
++ };
++
++ soup_message_headers_set_content_type (soup_message_get_response_headers (msg), "text/html", NULL);
++
++ for (guint i = 0; i < G_N_ELEMENTS (test_cases); i++) {
++ const char *trailing_data = test_cases[i];
++ gsize leading_zeros = 512 - MARKUP_LENGTH - strlen (trailing_data);
++ gsize testsize = MARKUP_LENGTH + leading_zeros + strlen (trailing_data);
++ guint8 *data = g_malloc0 (testsize);
++ guint8 *p = data;
++ char *content_type;
++ GBytes *buffer;
++
++ // Format of <!--[0x00 * $leading_zeros]-->$trailing_data
++ memcpy (p, "<!--", strlen ("<!--"));
++ p += strlen ("<!--");
++ p += leading_zeros;
++ memcpy (p, "-->", strlen ("-->"));
++ p += strlen ("-->");
++ if (strlen (trailing_data))
++ memcpy (p, trailing_data, strlen (trailing_data));
++ // Purposefully not NUL terminated.
++
++ buffer = g_bytes_new_take (g_steal_pointer (&data), testsize);
++ content_type = soup_content_sniffer_sniff (sniffer, msg, buffer, NULL);
++
++ g_free (content_type);
++ g_bytes_unref (buffer);
++ }
++
++ g_object_unref (msg);
++ g_object_unref (sniffer);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -512,16 +558,13 @@ main (int argc, char **argv)
+ "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
+ do_sniffing_test);
+
+- /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
+- g_test_add_data_func ("/sniffing/whitespace",
+- "type/text_html/whitespace.html => text/html",
+- do_sniffing_test);
+-
+ /* Test that disabling the sniffer works correctly */
+ g_test_add_data_func ("/sniffing/disabled",
+ "/text_or_binary/home.gif",
+ test_disabled);
+
++ g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test);
++
+ ret = g_test_run ();
+
+ g_uri_unref (base_uri);
+diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml
+index cbef1d4..9c08d17 100644
+--- a/tests/soup-tests.gresource.xml
++++ b/tests/soup-tests.gresource.xml
+@@ -25,6 +25,5 @@
+ <file>resources/text.txt</file>
+ <file>resources/text_binary.txt</file>
+ <file>resources/tux.webp</file>
+- <file>resources/whitespace.html</file>
+ </gresource>
+ </gresources>
+--
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 87ffb34f7d..74110b21c3 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -30,6 +30,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32912-1.patch \
file://CVE-2025-32912-2.patch \
file://CVE-2025-32914.patch \
+ file://CVE-2025-2784-1.patch \
+ file://CVE-2025-2784-2.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 06/27] libsoup-2.4: Fix CVE-2025-32050
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 05/27] libsoup: " Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 07/27] libsoup: " Steve Sakoman
` (20 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup-2.4/CVE-2025-32050.patch | 28 +++++++++++++++++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
new file mode 100644
index 0000000000..474eb465a6
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
@@ -0,0 +1,28 @@
+From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH] Fix using int instead of size_t for strcspn return
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
+CVE: CVE-2025-32050
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 613e1905..a5f7a7f6 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -907,7 +907,7 @@ append_param_quoted (GString *string,
+ const char *name,
+ const char *value)
+ {
+- int len;
++ gsize len;
+
+ g_string_append (string, name);
+ g_string_append (string, "=\"");
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index 5e8a141dc5..6b227b0503 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32914.patch \
file://CVE-2025-2784-1.patch \
file://CVE-2025-2784-2.patch \
+ file://CVE-2025-32050.patch \
"
SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 07/27] libsoup: Fix CVE-2025-32050
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 06/27] libsoup-2.4: Fix CVE-2025-32050 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 08/27] libsoup-2.4: Fix CVE-2025-32052 Steve Sakoman
` (19 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-32050.patch | 28 +++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
new file mode 100644
index 0000000000..474eb465a6
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
@@ -0,0 +1,28 @@
+From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH] Fix using int instead of size_t for strcspn return
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
+CVE: CVE-2025-32050
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 613e1905..a5f7a7f6 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -907,7 +907,7 @@ append_param_quoted (GString *string,
+ const char *name,
+ const char *value)
+ {
+- int len;
++ gsize len;
+
+ g_string_append (string, name);
+ g_string_append (string, "=\"");
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 74110b21c3..27aab1468f 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -32,6 +32,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32914.patch \
file://CVE-2025-2784-1.patch \
file://CVE-2025-2784-2.patch \
+ file://CVE-2025-32050.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 08/27] libsoup-2.4: Fix CVE-2025-32052
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 07/27] libsoup: " Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 09/27] libsoup: " Steve Sakoman
` (18 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup-2.4/CVE-2025-32052.patch | 30 +++++++++++++++++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
new file mode 100644
index 0000000000..152b70fd9d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
@@ -0,0 +1,30 @@
+From f182429e5b1fc034050510da20c93256c4fa9652 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun <pkillarjun@protonmail.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652]
+CVE: CVE-2025-32052
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index de0985eac..b62e48889 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -524,7 +524,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
+ guint index_pattern = 0;
+ gboolean skip_row = FALSE;
+
+- while ((index_stream < resource_length) &&
++ while ((index_stream < resource_length - 1) &&
+ (index_pattern <= type_row->pattern_length)) {
+ /* Skip insignificant white space ("WS" in the spec) */
+ if (type_row->pattern[index_pattern] == ' ') {
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index 6b227b0503..f9358773e4 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-2784-1.patch \
file://CVE-2025-2784-2.patch \
file://CVE-2025-32050.patch \
+ file://CVE-2025-32052.patch \
"
SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 09/27] libsoup: Fix CVE-2025-32052
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 08/27] libsoup-2.4: Fix CVE-2025-32052 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 10/27] libsoup-2.4: Fix CVE-2025-32053 Steve Sakoman
` (17 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-32052.patch | 30 +++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
new file mode 100644
index 0000000000..fca43e24ac
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
@@ -0,0 +1,30 @@
+From f182429e5b1fc034050510da20c93256c4fa9652 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun <pkillarjun@protonmail.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652]
+CVE: CVE-2025-32052
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index de0985eac..b62e48889 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -524,7 +524,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
+ guint index_pattern = 0;
+ gboolean skip_row = FALSE;
+
+- while ((index_stream < resource_length) &&
++ while ((index_stream < resource_length - 1) &&
+ (index_pattern <= type_row->pattern_length)) {
+ /* Skip insignificant white space ("WS" in the spec) */
+ if (type_row->pattern[index_pattern] == ' ') {
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 27aab1468f..26fe52937b 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-2784-1.patch \
file://CVE-2025-2784-2.patch \
file://CVE-2025-32050.patch \
+ file://CVE-2025-32052.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 10/27] libsoup-2.4: Fix CVE-2025-32053
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 09/27] libsoup: " Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 11/27] libsoup: " Steve Sakoman
` (16 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup-2.4/CVE-2025-32053.patch | 38 +++++++++++++++++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..139e8936a0
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
@@ -0,0 +1,38 @@
+From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001
+From: Ar Jun <pkillarjun@protonmail.com>
+Date: Mon, 18 Nov 2024 14:59:51 -0600
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+CVE: CVE-2025-32053
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index b62e4888..5a181ff1 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ (resource[*pos] == '\x0D')) {
+ *pos = *pos + 1;
+
+- if (*pos > resource_length)
++ if (*pos >= resource_length)
+ return TRUE;
+ }
+
+@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ do {
+ pos++;
+
+- if (pos > resource_length)
++ if ((pos + 1) > resource_length)
+ goto text_html;
+ } while (resource[pos] != '>');
+
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index f9358773e4..61ebebeacd 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -36,6 +36,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-2784-2.patch \
file://CVE-2025-32050.patch \
file://CVE-2025-32052.patch \
+ file://CVE-2025-32053.patch \
"
SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 11/27] libsoup: Fix CVE-2025-32053
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 10/27] libsoup-2.4: Fix CVE-2025-32053 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 12/27] libsoup: Fix CVE-2025-46420 Steve Sakoman
` (15 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-32053.patch | 38 +++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
new file mode 100644
index 0000000000..7860526620
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
@@ -0,0 +1,38 @@
+From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001
+From: Ar Jun <pkillarjun@protonmail.com>
+Date: Mon, 18 Nov 2024 14:59:51 -0600
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+CVE: CVE-2025-32053
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index b62e4888..5a181ff1 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ (resource[*pos] == '\x0D')) {
+ *pos = *pos + 1;
+
+- if (*pos > resource_length)
++ if (*pos >= resource_length)
+ return TRUE;
+ }
+
+@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ do {
+ pos++;
+
+- if (pos > resource_length)
++ if ((pos + 1) > resource_length)
+ goto text_html;
+ } while (resource[pos] != '>');
+
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 26fe52937b..a90f683cb8 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-2784-2.patch \
file://CVE-2025-32050.patch \
file://CVE-2025-32052.patch \
+ file://CVE-2025-32053.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 12/27] libsoup: Fix CVE-2025-46420
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 11/27] libsoup: " Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373 Steve Sakoman
` (14 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libsoup/libsoup/CVE-2025-46420.patch | 60 +++++++++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
new file mode 100644
index 0000000000..dbaec12f7d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch
@@ -0,0 +1,60 @@
+From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e]
+CVE: CVE-2025-46420
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a5f7a7f6..85385cea 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ GSList *unsorted;
+ QualityItem *array;
+ GSList *sorted, *iter;
+- char *item, *semi;
++ char *semi;
+ const char *param, *equal, *value;
+ double qval;
+ int n;
+@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ unsorted = soup_header_parse_list (header);
+ array = g_new0 (QualityItem, g_slist_length (unsorted));
+ for (iter = unsorted, n = 0; iter; iter = iter->next) {
+- item = iter->data;
+ qval = 1.0;
+- for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++ for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+ param = skip_lws (semi + 1);
+ if (*param != 'q')
+ continue;
+@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ if (qval == 0.0) {
+ if (unacceptable) {
+ *unacceptable = g_slist_prepend (*unacceptable,
+- item);
++ g_steal_pointer (&iter->data));
+ }
+ } else {
+- array[n].item = item;
++ array[n].item = g_steal_pointer (&iter->data);
+ array[n].qval = qval;
+ n++;
+ }
+ }
+- g_slist_free (unsorted);
++ g_slist_free_full (unsorted, g_free);
+
+ qsort (array, n, sizeof (QualityItem), sort_by_qval);
+ sorted = NULL;
+--
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index a90f683cb8..67aa180612 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
file://CVE-2025-32050.patch \
file://CVE-2025-32052.patch \
file://CVE-2025-32053.patch \
+ file://CVE-2025-46420.patch \
"
SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 12/27] libsoup: Fix CVE-2025-46420 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT Steve Sakoman
` (13 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Colin Pinnell McAllister <colin.mcallister@garmin.com>
CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been
added to the ignore list.
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index 4ae444258f..ae257a3926 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -81,6 +81,11 @@ CVE_CHECK_IGNORE += "CVE-2024-22862"
# bugfix: https://github.com/FFmpeg/FFmpeg/commit/9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6
CVE_CHECK_IGNORE += "CVE-2024-7272"
+# Vulnerable code not present in any release
+# introduced: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19f7dae81ab2c19643b97da7556383ee3f721e78
+# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
+CVE_CHECK_IGNORE += "CVE-2025-1373"
+
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 15/27] scripts/install-buildtools: Update to 4.0.27 Steve Sakoman
` (12 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: aszh07 <mail2szahir@gmail.com>
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
(From OE-Core rev: 9684eba5c543de229108008e29afd1dd021a9799)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Naman Jain <namanj1@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index ae257a3926..dcdb65d2eb 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -233,3 +233,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel"
INSANE_SKIP:${MLPREFIX}libswscale = "textrel"
INSANE_SKIP:${MLPREFIX}libswresample = "textrel"
INSANE_SKIP:${MLPREFIX}libpostproc = "textrel"
+
+CVE_PRODUCT = "ffmpeg libswresample libavcodec"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 15/27] scripts/install-buildtools: Update to 4.0.27
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 16/27] babeltrace/libatomic-ops: correct the SRC_URI Steve Sakoman
` (11 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Update to the 4.0.27 release of the 4.0.27 series for buildtools
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 8e55bd69c8..cf75d84630 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-4.0.26'
-DEFAULT_INSTALLER_VERSION = '4.0.26'
+DEFAULT_RELEASE = 'yocto-4.0.27'
+DEFAULT_INSTALLER_VERSION = '4.0.27'
DEFAULT_BUILDDATE = '202110XX'
# Python version sanity check
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 16/27] babeltrace/libatomic-ops: correct the SRC_URI
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 15/27] scripts/install-buildtools: Update to 4.0.27 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 17/27] libpng: Improve ptest Steve Sakoman
` (10 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
The old SRC_URIs are not available and need to update.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/lttng/babeltrace_1.5.11.bb | 2 +-
meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 8e2fe4164d..0e93207139 100644
--- a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
+++ b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=76ba15dd76a248e1dd526bca0e2125fa"
DEPENDS = "glib-2.0 util-linux popt bison-native flex-native"
-SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \
+SRC_URI = "git://git.efficios.com/babeltrace.git;protocol=https;branch=stable-1.5 \
file://run-ptest \
"
SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d"
diff --git a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
index fad92df507..69d8a266f6 100644
--- a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
+++ b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://doc/LICENSING.txt;md5=dfc50c7cea7b66935844587a0f7389e7 \
"
-SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz"
-UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases"
+SRC_URI = "https://github.com/bdwgc/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz"
+UPSTREAM_CHECK_URI = "https://github.com/bdwgc/libatomic_ops/releases"
SRC_URI[sha256sum] = "390f244d424714735b7050d056567615b3b8f29008a663c262fb548f1802d292"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 17/27] libpng: Improve ptest
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (15 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 16/27] babeltrace/libatomic-ops: correct the SRC_URI Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 18/27] xz: Update LICENSE variable for xz packages Steve Sakoman
` (9 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Poonam Jadhav <ppjadhav456@gmail.com>
Install libpng test-suite to run it as a ptest.
As the test-suite takes more than 30 seconds to run,
add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../distro/include/ptest-packagelists.inc | 2 +-
.../recipes-multimedia/libpng/files/run-ptest | 26 +----------
.../libpng/libpng_1.6.39.bb | 43 +++++++++++++++----
3 files changed, 38 insertions(+), 33 deletions(-)
diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc
index 5c6a30635f..53c023bb81 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -29,7 +29,6 @@ PTESTS_FAST = "\
libnl-ptest \
libmodule-build-perl-ptest \
libpcre-ptest \
- libpng-ptest \
libssh2-ptest \
libtimedate-perl-ptest \
libtest-needs-perl-ptest \
@@ -88,6 +87,7 @@ PTESTS_SLOW = "\
glib-2.0-ptest \
gstreamer1.0-ptest \
libevent-ptest \
+ libpng-ptest \
lttng-tools-ptest \
openssh-ptest \
openssl-ptest \
diff --git a/meta/recipes-multimedia/libpng/files/run-ptest b/meta/recipes-multimedia/libpng/files/run-ptest
index 9ab5d0c1f4..85051a59f5 100644
--- a/meta/recipes-multimedia/libpng/files/run-ptest
+++ b/meta/recipes-multimedia/libpng/files/run-ptest
@@ -2,28 +2,6 @@
set -eux
-./pngfix pngtest.png &> log.txt 2>&1
+cd src
-if grep -i "OK" log.txt 2>&1 ; then
- echo "PASS: pngfix passed"
-else
- echo "FAIL: pngfix failed"
-fi
-rm -f log.txt
-
-./pngtest pngtest.png &> log.txt 2>&1
-
-if grep -i "PASS" log.txt 2>&1 ; then
- echo "PASS: pngtest passed"
-else
- echo "FAIL: pngtest failed"
-fi
-rm -f log.txt
-
-for i in pngstest timepng; do
- if "./${i}" pngtest.png 2>&1; then
- echo "PASS: $i"
- else
- echo "FAIL: $i"
- fi
-done
+make check-TESTS
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
index 94db1d3f6b..011eec94a2 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
@@ -13,7 +13,7 @@ LIBV = "16"
SRC_URI = "\
${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
file://run-ptest \
- "
+"
SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
@@ -32,15 +32,42 @@ PACKAGES =+ "${PN}-tools"
FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
-BBCLASSEXTEND = "native nativesdk"
-
# CVE-2019-17371 is actually a memory leak in gif2png 2.x
CVE_CHECK_IGNORE += "CVE-2019-17371"
+RDEPENDS:${PN}-ptest += "make bash gawk"
+
do_install_ptest() {
- install -m644 "${S}/pngtest.png" "${D}${PTEST_PATH}"
- install -m755 "${B}/.libs/pngfix" "${D}${PTEST_PATH}"
- install -m755 "${B}/.libs/pngtest" "${D}${PTEST_PATH}"
- install -m755 "${B}/.libs/pngstest" "${D}${PTEST_PATH}"
- install -m755 "${B}/.libs/timepng" "${D}${PTEST_PATH}"
+ # Install test scripts to ptest path
+ install -d ${D}${PTEST_PATH}/src/tests
+ install -m 755 ${S}/tests/* ${D}${PTEST_PATH}/src/tests
+ install -m 755 ${S}/test-driver ${D}${PTEST_PATH}/src
+ install -d ${D}${PTEST_PATH}/src/tests/scripts
+ install -m 755 ${S}/scripts/*.awk ${D}${PTEST_PATH}/src/tests/scripts
+ install -m 644 ${S}/scripts/pnglib* ${S}/scripts/*.c ${S}/scripts/*.def ${S}/scripts/macro.lst ${D}${PTEST_PATH}/src/tests/scripts
+ install -m 644 ${S}/scripts/pnglibconf.h.prebuilt ${D}${PTEST_PATH}/src/tests/scripts/pnglibconf.h
+ install -d ${D}${PTEST_PATH}/src/contrib/tools
+ install -m 755 ${S}/contrib/tools/*.sh ${D}${PTEST_PATH}/src/contrib/tools
+ install -m 644 ${S}/contrib/tools/*.c ${S}/contrib/tools/*.h ${D}${PTEST_PATH}/src/contrib/tools
+
+ # Install .libs directory binaries to ptest path
+ install -m 755 ${B}/.libs/pngtest ${B}/.libs/pngstest ${B}/.libs/pngimage ${B}/.libs/pngunknown ${B}/.libs/pngvalid ${D}${PTEST_PATH}/src
+
+ # Copy png files to ptest path
+ cd ${S} && find contrib -name '*.png' | cpio -pd ${D}${PTEST_PATH}/src
+
+ # Install Makefile and png files
+ install -m 644 ${S}/pngtest.png ${D}${PTEST_PATH}/src
+ install -m 644 ${S}/*.png ${S}/*.h ${S}/*.c ${S}/*.dfa ${B}/pnglibconf.out ${S}/Makefile.am ${S}/Makefile.in ${D}${PTEST_PATH}/src/tests
+
+ sed -e 's/^abs_srcdir = ..*/abs_srcdir = \.\./' \
+ -e 's/^top_srcdir = ..*/top_srcdir = \.\./' \
+ -e 's/^srcdir = ..*/srcdir = \./' \
+ -e 's/^Makefile: ..*/Makefile: /' \
+ -e 's/check-TESTS: $(check_PROGRAMS)/check-TESTS:/g' \
+ ${B}/Makefile > ${D}${PTEST_PATH}/src/Makefile
+
+ sed -e 's|#!/bin/awk|#!/usr/bin/awk|g' -i ${D}${PTEST_PATH}/src/tests/scripts/*.awk
}
+
+BBCLASSEXTEND = "native nativesdk"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 18/27] xz: Update LICENSE variable for xz packages
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (16 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 17/27] libpng: Improve ptest Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 19/27] e2fsprogs: removed 'sed -u' option Steve Sakoman
` (8 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: aszh07 <mail2szahir@gmail.com>
Update LICENSE defined for xz packages to match the license
information provided in the xz COPYING file.
The License information from PACKAGERS file of xz mentions
packages with lzma files are in public domain.They ask to
use GPLv2+, if only it's not possible to mention "PD and GPLv2+".
Include PD license with GPLv2 to packages with lzma content:
xz-dev package contains lzma header
xz-doc package contains lzma man pages
xz packages contains lzma binaries
Links: https://github.com/tukaani-project/xz/blob/v5.4.6/COPYING
https://github.com/tukaani-project/xz/blob/v5.4.6/PACKAGERS
(From OE-Core rev: d511c41dac048fbdd93a54136e93b0623a18a83d)
Signed-off-by: Bhabu Bindu <bindu.bhabu@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e5b955def5d9f305f5aba2c68b73287c03fd163)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/xz/xz_5.2.6.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/xz/xz_5.2.6.bb b/meta/recipes-extended/xz/xz_5.2.6.bb
index 7f889e4367..938c659008 100644
--- a/meta/recipes-extended/xz/xz_5.2.6.bb
+++ b/meta/recipes-extended/xz/xz_5.2.6.bb
@@ -9,10 +9,10 @@ SECTION = "base"
# libgnu, which appears to be used for DOS builds. So we're left with
# GPL-2.0-or-later and PD.
LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD"
-LICENSE:${PN} = "GPL-2.0-or-later"
-LICENSE:${PN}-dev = "GPL-2.0-or-later"
+LICENSE:${PN} = "PD & GPL-2.0-or-later"
+LICENSE:${PN}-dev = "PD & GPL-2.0-or-later"
LICENSE:${PN}-staticdev = "GPL-2.0-or-later"
-LICENSE:${PN}-doc = "GPL-2.0-or-later"
+LICENSE:${PN}-doc = "PD & GPL-2.0-or-later"
LICENSE:${PN}-dbg = "GPL-2.0-or-later"
LICENSE:${PN}-locale = "GPL-2.0-or-later"
LICENSE:liblzma = "PD"
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 19/27] e2fsprogs: removed 'sed -u' option
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (17 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 18/27] xz: Update LICENSE variable for xz packages Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 20/27] glibc: pthreads NPTL lost wakeup fix 2 Steve Sakoman
` (7 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Aditya Tayade <Aditya.Tayade@kpit.com>
In embedded box, sed might be provided another providers like Busybox,
hence use generic options whenever possible.
/bin/sed -> /etc/alternatives/sed
/etc/alternatives/sed -> /bin/busybox.nosuid
Here used 'sed -u' option is not necessary, hence removed it.
Fixes below error:
sed: invalid option -- 'u'
Also added 'set -eux' option which halts execution of the script
on any failures.
(From OE-Core rev: 5b3b290baa0a83f493b7ca25d5ffa5ff279bcc69)
Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com>
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d2da6b5c5668dbc84b905ba2fe4c9b57b580fd82)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
index 279923db8e..1857a17189 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
@@ -1,7 +1,8 @@
#!/bin/sh
+set -eux
cd ./test
-SKIP_SLOW_TESTS=yes ./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
+SKIP_SLOW_TESTS=yes ./test_script | sed -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
rm -rf /var/volatile/tmp/*e2fsprogs*
rm -f tmp-*
rm -f *.tmp
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 20/27] glibc: pthreads NPTL lost wakeup fix 2
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (18 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 19/27] e2fsprogs: removed 'sed -u' option Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 21/27] glibc: nptl Update comments and indentation for new condvar implementation Steve Sakoman
` (6 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=1db84775f831a1494993ce9c118deaf9537cc50a]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-1.patch | 455 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 456 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-1.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-1.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-1.patch
new file mode 100644
index 0000000000..44a2b6772c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-1.patch
@@ -0,0 +1,455 @@
+From 31d9848830e496f57d4182b518467c4c63bfd4bd Mon Sep 17 00:00:00 2001
+From: Frank Barrus <frankbarrus_sw@shaggy.cc>
+Date: Mon, 16 Jun 2025 22:37:54 -0700
+Subject: [PATCH] pthreads NPTL: lost wakeup fix 2
+
+This fixes the lost wakeup (from a bug in signal stealing) with a change
+in the usage of g_signals[] in the condition variable internal state.
+It also completely eliminates the concept and handling of signal stealing,
+as well as the need for signalers to block to wait for waiters to wake
+up every time there is a G1/G2 switch. This greatly reduces the average
+and maximum latency for pthread_cond_signal.
+
+The g_signals[] field now contains a signal count that is relative to
+the current g1_start value. Since it is a 32-bit field, and the LSB is
+still reserved (though not currently used anymore), it has a 31-bit value
+that corresponds to the low 31 bits of the sequence number in g1_start.
+(since g1_start also has an LSB flag, this means bits 31:1 in g_signals
+correspond to bits 31:1 in g1_start, plus the current signal count)
+
+By making the signal count relative to g1_start, there is no longer
+any ambiguity or A/B/A issue, and thus any checks before blocking,
+including the futex call itself, are guaranteed not to block if the G1/G2
+switch occurs, even if the signal count remains the same. This allows
+initially safely blocking in G2 until the switch to G1 occurs, and
+then transitioning from G1 to a new G1 or G2, and always being able to
+distinguish the state change. This removes the race condition and A/B/A
+problems that otherwise ocurred if a late (pre-empted) waiter were to
+resume just as the futex call attempted to block on g_signal since
+otherwise there was no last opportunity to re-check things like whether
+the current G1 group was already closed.
+
+By fixing these issues, the signal stealing code can be eliminated,
+since there is no concept of signal stealing anymore. The code to block
+for all waiters to exit g_refs can also be removed, since any waiters
+that are still in the g_refs region can be guaranteed to safely wake
+up and exit. If there are still any left at this time, they are all
+sent one final futex wakeup to ensure that they are not blocked any
+longer, but there is no need for the signaller to block and wait for
+them to wake up and exit the g_refs region.
+
+The signal count is then effectively "zeroed" but since it is now
+relative to g1_start, this is done by advancing it to a new value that
+can be observed by any pending blocking waiters. Any late waiters can
+always tell the difference, and can thus just cleanly exit if they are
+in a stale G1 or G2. They can never steal a signal from the current
+G1 if they are not in the current G1, since the signal value that has
+to match in the cmpxchg has the low 31 bits of the g1_start value
+contained in it, and that's first checked, and then it won't match if
+there's a G1/G2 change.
+
+Note: the 31-bit sequence number used in g_signals is designed to
+handle wrap-around when checking the signal count, but if the entire
+31-bit wraparound (2 billion signals) occurs while there is still a
+late waiter that has not yet resumed, and it happens to then match
+the current g1_start low bits, and the pre-emption occurs after the
+normal "closed group" checks (which are 64-bit) but then hits the
+futex syscall and signal consuming code, then an A/B/A issue could
+still result and cause an incorrect assumption about whether it
+should block. This particular scenario seems unlikely in practice.
+Note that once awake from the futex, the waiter would notice the
+closed group before consuming the signal (since that's still a 64-bit
+check that would not be aliased in the wrap-around in g_signals),
+so the biggest impact would be blocking on the futex until the next
+full wakeup from a G1/G2 switch.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=1db84775f831a1494993ce9c118deaf9537cc50a]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_common.c | 106 +++++++++------------------
+ nptl/pthread_cond_wait.c | 144 ++++++++++++-------------------------
+ 2 files changed, 81 insertions(+), 169 deletions(-)
+
+diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
+index fb035f72c3..8dd7037923 100644
+--- a/nptl/pthread_cond_common.c
++++ b/nptl/pthread_cond_common.c
+@@ -201,7 +201,6 @@ static bool __attribute__ ((unused))
+ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ unsigned int *g1index, int private)
+ {
+- const unsigned int maxspin = 0;
+ unsigned int g1 = *g1index;
+
+ /* If there is no waiter in G2, we don't do anything. The expression may
+@@ -222,85 +221,46 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ * New waiters arriving concurrently with the group switching will all go
+ into G2 until we atomically make the switch. Waiters existing in G2
+ are not affected.
+- * Waiters in G1 will be closed out immediately by setting a flag in
+- __g_signals, which will prevent waiters from blocking using a futex on
+- __g_signals and also notifies them that the group is closed. As a
+- result, they will eventually remove their group reference, allowing us
+- to close switch group roles. */
+-
+- /* First, set the closed flag on __g_signals. This tells waiters that are
+- about to wait that they shouldn't do that anymore. This basically
+- serves as an advance notificaton of the upcoming change to __g1_start;
+- waiters interpret it as if __g1_start was larger than their waiter
+- sequence position. This allows us to change __g1_start after waiting
+- for all existing waiters with group references to leave, which in turn
+- makes recovery after stealing a signal simpler because it then can be
+- skipped if __g1_start indicates that the group is closed (otherwise,
+- we would have to recover always because waiters don't know how big their
+- groups are). Relaxed MO is fine. */
+- atomic_fetch_or_relaxed (cond->__data.__g_signals + g1, 1);
+-
+- /* Wait until there are no group references anymore. The fetch-or operation
+- injects us into the modification order of __g_refs; release MO ensures
+- that waiters incrementing __g_refs after our fetch-or see the previous
+- changes to __g_signals and to __g1_start that had to happen before we can
+- switch this G1 and alias with an older group (we have two groups, so
+- aliasing requires switching group roles twice). Note that nobody else
+- can have set the wake-request flag, so we do not have to act upon it.
+-
+- Also note that it is harmless if older waiters or waiters from this G1
+- get a group reference after we have quiesced the group because it will
+- remain closed for them either because of the closed flag in __g_signals
+- or the later update to __g1_start. New waiters will never arrive here
+- but instead continue to go into the still current G2. */
+- unsigned r = atomic_fetch_or_release (cond->__data.__g_refs + g1, 0);
+- while ((r >> 1) > 0)
+- {
+- for (unsigned int spin = maxspin; ((r >> 1) > 0) && (spin > 0); spin--)
+- {
+- /* TODO Back off. */
+- r = atomic_load_relaxed (cond->__data.__g_refs + g1);
+- }
+- if ((r >> 1) > 0)
+- {
+- /* There is still a waiter after spinning. Set the wake-request
+- flag and block. Relaxed MO is fine because this is just about
+- this futex word.
+-
+- Update r to include the set wake-request flag so that the upcoming
+- futex_wait only blocks if the flag is still set (otherwise, we'd
+- violate the basic client-side futex protocol). */
+- r = atomic_fetch_or_relaxed (cond->__data.__g_refs + g1, 1) | 1;
+-
+- if ((r >> 1) > 0)
+- futex_wait_simple (cond->__data.__g_refs + g1, r, private);
+- /* Reload here so we eventually see the most recent value even if we
+- do not spin. */
+- r = atomic_load_relaxed (cond->__data.__g_refs + g1);
+- }
+- }
+- /* Acquire MO so that we synchronize with the release operation that waiters
+- use to decrement __g_refs and thus happen after the waiters we waited
+- for. */
+- atomic_thread_fence_acquire ();
++ * Waiters in G1 will be closed out immediately by the advancing of
++ __g_signals to the next "lowseq" (low 31 bits of the new g1_start),
++ which will prevent waiters from blocking using a futex on
++ __g_signals since it provides enough signals for all possible
++ remaining waiters. As a result, they can each consume a signal
++ and they will eventually remove their group reference. */
+
+ /* Update __g1_start, which finishes closing this group. The value we add
+ will never be negative because old_orig_size can only be zero when we
+ switch groups the first time after a condvar was initialized, in which
+- case G1 will be at index 1 and we will add a value of 1. See above for
+- why this takes place after waiting for quiescence of the group.
++ case G1 will be at index 1 and we will add a value of 1.
+ Relaxed MO is fine because the change comes with no additional
+ constraints that others would have to observe. */
+ __condvar_add_g1_start_relaxed (cond,
+ (old_orig_size << 1) + (g1 == 1 ? 1 : - 1));
+
+- /* Now reopen the group, thus enabling waiters to again block using the
+- futex controlled by __g_signals. Release MO so that observers that see
+- no signals (and thus can block) also see the write __g1_start and thus
+- that this is now a new group (see __pthread_cond_wait_common for the
+- matching acquire MO loads). */
+- atomic_store_release (cond->__data.__g_signals + g1, 0);
+-
++ unsigned int lowseq = ((old_g1_start + old_orig_size) << 1) & ~1U;
++
++ /* If any waiters still hold group references (and thus could be blocked),
++ then wake them all up now and prevent any running ones from blocking.
++ This is effectively a catch-all for any possible current or future
++ bugs that can allow the group size to reach 0 before all G1 waiters
++ have been awakened or at least given signals to consume, or any
++ other case that can leave blocked (or about to block) older waiters.. */
++ if ((atomic_fetch_or_release (cond->__data.__g_refs + g1, 0) >> 1) > 0)
++ {
++ /* First advance signals to the end of the group (i.e. enough signals
++ for the entire G1 group) to ensure that waiters which have not
++ yet blocked in the futex will not block.
++ Note that in the vast majority of cases, this should never
++ actually be necessary, since __g_signals will have enough
++ signals for the remaining g_refs waiters. As an optimization,
++ we could check this first before proceeding, although that
++ could still leave the potential for futex lost wakeup bugs
++ if the signal count was non-zero but the futex wakeup
++ was somehow lost. */
++ atomic_store_release (cond->__data.__g_signals + g1, lowseq);
++
++ futex_wake (cond->__data.__g_signals + g1, INT_MAX, private);
++ }
+ /* At this point, the old G1 is now a valid new G2 (but not in use yet).
+ No old waiter can neither grab a signal nor acquire a reference without
+ noticing that __g1_start is larger.
+@@ -311,6 +271,10 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ g1 ^= 1;
+ *g1index ^= 1;
+
++ /* Now advance the new G1 g_signals to the new lowseq, giving it
++ an effective signal count of 0 to start. */
++ atomic_store_release (cond->__data.__g_signals + g1, lowseq);
++
+ /* These values are just observed by signalers, and thus protected by the
+ lock. */
+ unsigned int orig_size = wseq - (old_g1_start + old_orig_size);
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index 20c348a503..1cb3dbf7b0 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -238,9 +238,7 @@ __condvar_cleanup_waiting (void *arg)
+ signaled), and a reference count.
+
+ The group reference count is used to maintain the number of waiters that
+- are using the group's futex. Before a group can change its role, the
+- reference count must show that no waiters are using the futex anymore; this
+- prevents ABA issues on the futex word.
++ are using the group's futex.
+
+ To represent which intervals in the waiter sequence the groups cover (and
+ thus also which group slot contains G1 or G2), we use a 64b counter to
+@@ -300,11 +298,12 @@ __condvar_cleanup_waiting (void *arg)
+ last reference.
+ * Reference count used by waiters concurrently with signalers that have
+ acquired the condvar-internal lock.
+- __g_signals: The number of signals that can still be consumed.
++ __g_signals: The number of signals that can still be consumed, relative to
++ the current g1_start. (i.e. bits 31 to 1 of __g_signals are bits
++ 31 to 1 of g1_start with the signal count added)
+ * Used as a futex word by waiters. Used concurrently by waiters and
+ signalers.
+- * LSB is true iff this group has been completely signaled (i.e., it is
+- closed).
++ * LSB is currently reserved and 0.
+ __g_size: Waiters remaining in this group (i.e., which have not been
+ signaled yet.
+ * Accessed by signalers and waiters that cancel waiting (both do so only
+@@ -328,18 +327,6 @@ __condvar_cleanup_waiting (void *arg)
+ sufficient because if a waiter can see a sufficiently large value, it could
+ have also consume a signal in the waiters group.
+
+- Waiters try to grab a signal from __g_signals without holding a reference
+- count, which can lead to stealing a signal from a more recent group after
+- their own group was already closed. They cannot always detect whether they
+- in fact did because they do not know when they stole, but they can
+- conservatively add a signal back to the group they stole from; if they
+- did so unnecessarily, all that happens is a spurious wake-up. To make this
+- even less likely, __g1_start contains the index of the current g2 too,
+- which allows waiters to check if there aliasing on the group slots; if
+- there wasn't, they didn't steal from the current G1, which means that the
+- G1 they stole from must have been already closed and they do not need to
+- fix anything.
+-
+ It is essential that the last field in pthread_cond_t is __g_signals[1]:
+ The previous condvar used a pointer-sized field in pthread_cond_t, so a
+ PTHREAD_COND_INITIALIZER from that condvar implementation might only
+@@ -435,6 +422,9 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ {
+ while (1)
+ {
++ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
++ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++
+ /* Spin-wait first.
+ Note that spinning first without checking whether a timeout
+ passed might lead to what looks like a spurious wake-up even
+@@ -446,35 +436,45 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ having to compare against the current time seems to be the right
+ choice from a performance perspective for most use cases. */
+ unsigned int spin = maxspin;
+- while (signals == 0 && spin > 0)
++ while (spin > 0 && ((int)(signals - lowseq) < 2))
+ {
+ /* Check that we are not spinning on a group that's already
+ closed. */
+- if (seq < (__condvar_load_g1_start_relaxed (cond) >> 1))
+- goto done;
++ if (seq < (g1_start >> 1))
++ break;
+
+ /* TODO Back off. */
+
+ /* Reload signals. See above for MO. */
+ signals = atomic_load_acquire (cond->__data.__g_signals + g);
++ g1_start = __condvar_load_g1_start_relaxed (cond);
++ lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+ spin--;
+ }
+
+- /* If our group will be closed as indicated by the flag on signals,
+- don't bother grabbing a signal. */
+- if (signals & 1)
+- goto done;
+-
+- /* If there is an available signal, don't block. */
+- if (signals != 0)
++ if (seq < (g1_start >> 1))
++ {
++ /* If the group is closed already,
++ then this waiter originally had enough extra signals to
++ consume, up until the time its group was closed. */
++ goto done;
++ }
++
++ /* If there is an available signal, don't block.
++ If __g1_start has advanced at all, then we must be in G1
++ by now, perhaps in the process of switching back to an older
++ G2, but in either case we're allowed to consume the available
++ signal and should not block anymore. */
++ if ((int)(signals - lowseq) >= 2)
+ break;
+
+ /* No signals available after spinning, so prepare to block.
+ We first acquire a group reference and use acquire MO for that so
+ that we synchronize with the dummy read-modify-write in
+ __condvar_quiesce_and_switch_g1 if we read from that. In turn,
+- in this case this will make us see the closed flag on __g_signals
+- that designates a concurrent attempt to reuse the group's slot.
++ in this case this will make us see the advancement of __g_signals
++ to the upcoming new g1_start that occurs with a concurrent
++ attempt to reuse the group's slot.
+ We use acquire MO for the __g_signals check to make the
+ __g1_start check work (see spinning above).
+ Note that the group reference acquisition will not mask the
+@@ -482,15 +482,24 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ an atomic read-modify-write operation and thus extend the release
+ sequence. */
+ atomic_fetch_add_acquire (cond->__data.__g_refs + g, 2);
+- if (((atomic_load_acquire (cond->__data.__g_signals + g) & 1) != 0)
+- || (seq < (__condvar_load_g1_start_relaxed (cond) >> 1)))
++ signals = atomic_load_acquire (cond->__data.__g_signals + g);
++ g1_start = __condvar_load_g1_start_relaxed (cond);
++ lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++
++ if (seq < (g1_start >> 1))
+ {
+- /* Our group is closed. Wake up any signalers that might be
+- waiting. */
++ /* group is closed already, so don't block */
+ __condvar_dec_grefs (cond, g, private);
+ goto done;
+ }
+
++ if ((int)(signals - lowseq) >= 2)
++ {
++ /* a signal showed up or G1/G2 switched after we grabbed the refcount */
++ __condvar_dec_grefs (cond, g, private);
++ break;
++ }
++
+ // Now block.
+ struct _pthread_cleanup_buffer buffer;
+ struct _condvar_cleanup_buffer cbuffer;
+@@ -501,7 +510,7 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ __pthread_cleanup_push (&buffer, __condvar_cleanup_waiting, &cbuffer);
+
+ err = __futex_abstimed_wait_cancelable64 (
+- cond->__data.__g_signals + g, 0, clockid, abstime, private);
++ cond->__data.__g_signals + g, signals, clockid, abstime, private);
+
+ __pthread_cleanup_pop (&buffer, 0);
+
+@@ -524,6 +533,8 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ }
+
++ if (seq < (__condvar_load_g1_start_relaxed (cond) >> 1))
++ goto done;
+ }
+ /* Try to grab a signal. Use acquire MO so that we see an up-to-date value
+ of __g1_start below (see spinning above for a similar case). In
+@@ -532,69 +543,6 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ while (!atomic_compare_exchange_weak_acquire (cond->__data.__g_signals + g,
+ &signals, signals - 2));
+
+- /* We consumed a signal but we could have consumed from a more recent group
+- that aliased with ours due to being in the same group slot. If this
+- might be the case our group must be closed as visible through
+- __g1_start. */
+- uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+- if (seq < (g1_start >> 1))
+- {
+- /* We potentially stole a signal from a more recent group but we do not
+- know which group we really consumed from.
+- We do not care about groups older than current G1 because they are
+- closed; we could have stolen from these, but then we just add a
+- spurious wake-up for the current groups.
+- We will never steal a signal from current G2 that was really intended
+- for G2 because G2 never receives signals (until it becomes G1). We
+- could have stolen a signal from G2 that was conservatively added by a
+- previous waiter that also thought it stole a signal -- but given that
+- that signal was added unnecessarily, it's not a problem if we steal
+- it.
+- Thus, the remaining case is that we could have stolen from the current
+- G1, where "current" means the __g1_start value we observed. However,
+- if the current G1 does not have the same slot index as we do, we did
+- not steal from it and do not need to undo that. This is the reason
+- for putting a bit with G2's index into__g1_start as well. */
+- if (((g1_start & 1) ^ 1) == g)
+- {
+- /* We have to conservatively undo our potential mistake of stealing
+- a signal. We can stop trying to do that when the current G1
+- changes because other spinning waiters will notice this too and
+- __condvar_quiesce_and_switch_g1 has checked that there are no
+- futex waiters anymore before switching G1.
+- Relaxed MO is fine for the __g1_start load because we need to
+- merely be able to observe this fact and not have to observe
+- something else as well.
+- ??? Would it help to spin for a little while to see whether the
+- current G1 gets closed? This might be worthwhile if the group is
+- small or close to being closed. */
+- unsigned int s = atomic_load_relaxed (cond->__data.__g_signals + g);
+- while (__condvar_load_g1_start_relaxed (cond) == g1_start)
+- {
+- /* Try to add a signal. We don't need to acquire the lock
+- because at worst we can cause a spurious wake-up. If the
+- group is in the process of being closed (LSB is true), this
+- has an effect similar to us adding a signal. */
+- if (((s & 1) != 0)
+- || atomic_compare_exchange_weak_relaxed
+- (cond->__data.__g_signals + g, &s, s + 2))
+- {
+- /* If we added a signal, we also need to add a wake-up on
+- the futex. We also need to do that if we skipped adding
+- a signal because the group is being closed because
+- while __condvar_quiesce_and_switch_g1 could have closed
+- the group, it might stil be waiting for futex waiters to
+- leave (and one of those waiters might be the one we stole
+- the signal from, which cause it to block using the
+- futex). */
+- futex_wake (cond->__data.__g_signals + g, 1, private);
+- break;
+- }
+- /* TODO Back off. */
+- }
+- }
+- }
+-
+ done:
+
+ /* Confirm that we have been woken. We do that before acquiring the mutex
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 1ea4d5a252..f15e031971 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -62,6 +62,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0023-timezone-Make-shell-interpreter-overridable-in-tzsel.patch \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
file://0025-CVE-2025-4802.patch \
+ file://0026-PR25847-1.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 21/27] glibc: nptl Update comments and indentation for new condvar implementation
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (19 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 20/27] glibc: pthreads NPTL lost wakeup fix 2 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch Steve Sakoman
` (5 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=0cc973160c23bb67f895bc887dd6942d29f8fee3]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-2.patch | 144 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 145 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-2.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-2.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-2.patch
new file mode 100644
index 0000000000..cb89431769
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-2.patch
@@ -0,0 +1,144 @@
+From 6aab1191e35a3da66e8c49d95178a9d77c119a1f Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Mon, 16 Jun 2025 23:17:53 -0700
+Subject: [PATCH] nptl: Update comments and indentation for new condvar
+ implementation
+
+Some comments were wrong after the most recent commit. This fixes that.
+Also fixing indentation where it was using spaces instead of tabs.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=0cc973160c23bb67f895bc887dd6942d29f8fee3]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_common.c | 5 +++--
+ nptl/pthread_cond_wait.c | 39 +++++++++++++++++++-------------------
+ 2 files changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
+index 8dd7037923..306a207dd6 100644
+--- a/nptl/pthread_cond_common.c
++++ b/nptl/pthread_cond_common.c
+@@ -221,8 +221,9 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ * New waiters arriving concurrently with the group switching will all go
+ into G2 until we atomically make the switch. Waiters existing in G2
+ are not affected.
+- * Waiters in G1 will be closed out immediately by the advancing of
+- __g_signals to the next "lowseq" (low 31 bits of the new g1_start),
++ * Waiters in G1 have already received a signal and been woken. If they
++ haven't woken yet, they will be closed out immediately by the advancing
++ of __g_signals to the next "lowseq" (low 31 bits of the new g1_start),
+ which will prevent waiters from blocking using a futex on
+ __g_signals since it provides enough signals for all possible
+ remaining waiters. As a result, they can each consume a signal
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index 1cb3dbf7b0..cee1968756 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -249,7 +249,7 @@ __condvar_cleanup_waiting (void *arg)
+ figure out whether they are in a group that has already been completely
+ signaled (i.e., if the current G1 starts at a later position that the
+ waiter's position). Waiters cannot determine whether they are currently
+- in G2 or G1 -- but they do not have too because all they are interested in
++ in G2 or G1 -- but they do not have to because all they are interested in
+ is whether there are available signals, and they always start in G2 (whose
+ group slot they know because of the bit in the waiter sequence. Signalers
+ will simply fill the right group until it is completely signaled and can
+@@ -412,7 +412,7 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ }
+
+ /* Now wait until a signal is available in our group or it is closed.
+- Acquire MO so that if we observe a value of zero written after group
++ Acquire MO so that if we observe (signals == lowseq) after group
+ switching in __condvar_quiesce_and_switch_g1, we synchronize with that
+ store and will see the prior update of __g1_start done while switching
+ groups too. */
+@@ -422,8 +422,8 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ {
+ while (1)
+ {
+- uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+- unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
++ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+
+ /* Spin-wait first.
+ Note that spinning first without checking whether a timeout
+@@ -447,21 +447,21 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+
+ /* Reload signals. See above for MO. */
+ signals = atomic_load_acquire (cond->__data.__g_signals + g);
+- g1_start = __condvar_load_g1_start_relaxed (cond);
+- lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++ g1_start = __condvar_load_g1_start_relaxed (cond);
++ lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+ spin--;
+ }
+
+- if (seq < (g1_start >> 1))
++ if (seq < (g1_start >> 1))
+ {
+- /* If the group is closed already,
++ /* If the group is closed already,
+ then this waiter originally had enough extra signals to
+ consume, up until the time its group was closed. */
+ goto done;
+- }
++ }
+
+ /* If there is an available signal, don't block.
+- If __g1_start has advanced at all, then we must be in G1
++ If __g1_start has advanced at all, then we must be in G1
+ by now, perhaps in the process of switching back to an older
+ G2, but in either case we're allowed to consume the available
+ signal and should not block anymore. */
+@@ -483,22 +483,23 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ sequence. */
+ atomic_fetch_add_acquire (cond->__data.__g_refs + g, 2);
+ signals = atomic_load_acquire (cond->__data.__g_signals + g);
+- g1_start = __condvar_load_g1_start_relaxed (cond);
+- lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++ g1_start = __condvar_load_g1_start_relaxed (cond);
++ lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+
+- if (seq < (g1_start >> 1))
++ if (seq < (g1_start >> 1))
+ {
+- /* group is closed already, so don't block */
++ /* group is closed already, so don't block */
+ __condvar_dec_grefs (cond, g, private);
+ goto done;
+ }
+
+ if ((int)(signals - lowseq) >= 2)
+ {
+- /* a signal showed up or G1/G2 switched after we grabbed the refcount */
++ /* a signal showed up or G1/G2 switched after we grabbed the
++ refcount */
+ __condvar_dec_grefs (cond, g, private);
+ break;
+- }
++ }
+
+ // Now block.
+ struct _pthread_cleanup_buffer buffer;
+@@ -536,10 +537,8 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ if (seq < (__condvar_load_g1_start_relaxed (cond) >> 1))
+ goto done;
+ }
+- /* Try to grab a signal. Use acquire MO so that we see an up-to-date value
+- of __g1_start below (see spinning above for a similar case). In
+- particular, if we steal from a more recent group, we will also see a
+- more recent __g1_start below. */
++ /* Try to grab a signal. See above for MO. (if we do another loop
++ iteration we need to see the correct value of g1_start) */
+ while (!atomic_compare_exchange_weak_acquire (cond->__data.__g_signals + g,
+ &signals, signals - 2));
+
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index f15e031971..92c4dad023 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -63,6 +63,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
file://0025-CVE-2025-4802.patch \
file://0026-PR25847-1.patch \
+ file://0026-PR25847-2.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (20 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 21/27] glibc: nptl Update comments and indentation for new condvar implementation Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait Steve Sakoman
` (4 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=b42cc6af11062c260c7dfa91f1c89891366fed3e]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-3.patch | 77 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 78 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-3.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-3.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-3.patch
new file mode 100644
index 0000000000..4cfcca846c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-3.patch
@@ -0,0 +1,77 @@
+From 28a5082045429fdc5a4744d45fdc5b5202528eaa Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Mon, 16 Jun 2025 23:29:49 -0700
+Subject: [PATCH] nptl: Remove unnecessary catch-all-wake in condvar group
+ switch
+
+This wake is unnecessary. We only switch groups after every sleeper in a group
+has been woken. Sure, they may take a while to actually wake up and may still
+hold a reference, but waking them a second time doesn't speed that up. Instead
+this just makes the code more complicated and may hide problems.
+
+In particular this safety wake wouldn't even have helped with the bug that was
+fixed by Barrus' patch: The bug there was that pthread_cond_signal would not
+switch g1 when it should, so we wouldn't even have entered this code path.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=b42cc6af11062c260c7dfa91f1c89891366fed3e]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_common.c | 30 +-----------------------------
+ 1 file changed, 1 insertion(+), 29 deletions(-)
+
+diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
+index 306a207dd6..f976a533a1 100644
+--- a/nptl/pthread_cond_common.c
++++ b/nptl/pthread_cond_common.c
+@@ -221,13 +221,7 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ * New waiters arriving concurrently with the group switching will all go
+ into G2 until we atomically make the switch. Waiters existing in G2
+ are not affected.
+- * Waiters in G1 have already received a signal and been woken. If they
+- haven't woken yet, they will be closed out immediately by the advancing
+- of __g_signals to the next "lowseq" (low 31 bits of the new g1_start),
+- which will prevent waiters from blocking using a futex on
+- __g_signals since it provides enough signals for all possible
+- remaining waiters. As a result, they can each consume a signal
+- and they will eventually remove their group reference. */
++ * Waiters in G1 have already received a signal and been woken. */
+
+ /* Update __g1_start, which finishes closing this group. The value we add
+ will never be negative because old_orig_size can only be zero when we
+@@ -240,28 +234,6 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+
+ unsigned int lowseq = ((old_g1_start + old_orig_size) << 1) & ~1U;
+
+- /* If any waiters still hold group references (and thus could be blocked),
+- then wake them all up now and prevent any running ones from blocking.
+- This is effectively a catch-all for any possible current or future
+- bugs that can allow the group size to reach 0 before all G1 waiters
+- have been awakened or at least given signals to consume, or any
+- other case that can leave blocked (or about to block) older waiters.. */
+- if ((atomic_fetch_or_release (cond->__data.__g_refs + g1, 0) >> 1) > 0)
+- {
+- /* First advance signals to the end of the group (i.e. enough signals
+- for the entire G1 group) to ensure that waiters which have not
+- yet blocked in the futex will not block.
+- Note that in the vast majority of cases, this should never
+- actually be necessary, since __g_signals will have enough
+- signals for the remaining g_refs waiters. As an optimization,
+- we could check this first before proceeding, although that
+- could still leave the potential for futex lost wakeup bugs
+- if the signal count was non-zero but the futex wakeup
+- was somehow lost. */
+- atomic_store_release (cond->__data.__g_signals + g1, lowseq);
+-
+- futex_wake (cond->__data.__g_signals + g1, INT_MAX, private);
+- }
+ /* At this point, the old G1 is now a valid new G2 (but not in use yet).
+ No old waiter can neither grab a signal nor acquire a reference without
+ noticing that __g1_start is larger.
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 92c4dad023..5e1f45608e 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -64,6 +64,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0025-CVE-2025-4802.patch \
file://0026-PR25847-1.patch \
file://0026-PR25847-2.patch \
+ file://0026-PR25847-3.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (21 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop Steve Sakoman
` (3 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=4f7b051f8ee3feff1b53b27a906f245afaa9cee1]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-4.patch | 117 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 118 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-4.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-4.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-4.patch
new file mode 100644
index 0000000000..f8674d62ae
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-4.patch
@@ -0,0 +1,117 @@
+From 16b9af737c77b153fca4f36cbdbe94f7416c0b42 Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Mon, 16 Jun 2025 23:38:40 -0700
+Subject: [PATCH] nptl: Remove unnecessary quadruple check in pthread_cond_wait
+
+pthread_cond_wait was checking whether it was in a closed group no less than
+four times. Checking once is enough. Here are the four checks:
+
+1. While spin-waiting. This was dead code: maxspin is set to 0 and has been
+ for years.
+2. Before deciding to go to sleep, and before incrementing grefs: I kept this
+3. After incrementing grefs. There is no reason to think that the group would
+ close while we do an atomic increment. Obviously it could close at any
+ point, but that doesn't mean we have to recheck after every step. This
+ check was equally good as check 2, except it has to do more work.
+4. When we find ourselves in a group that has a signal. We only get here after
+ we check that we're not in a closed group. There is no need to check again.
+ The check would only have helped in cases where the compare_exchange in the
+ next line would also have failed. Relying on the compare_exchange is fine.
+
+Removing the duplicate checks clarifies the code.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=4f7b051f8ee3feff1b53b27a906f245afaa9cee1]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_wait.c | 49 ----------------------------------------
+ 1 file changed, 49 deletions(-)
+
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index cee1968756..47e834cade 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -366,7 +366,6 @@ static __always_inline int
+ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ clockid_t clockid, const struct __timespec64 *abstime)
+ {
+- const int maxspin = 0;
+ int err;
+ int result = 0;
+
+@@ -425,33 +424,6 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+
+- /* Spin-wait first.
+- Note that spinning first without checking whether a timeout
+- passed might lead to what looks like a spurious wake-up even
+- though we should return ETIMEDOUT (e.g., if the caller provides
+- an absolute timeout that is clearly in the past). However,
+- (1) spurious wake-ups are allowed, (2) it seems unlikely that a
+- user will (ab)use pthread_cond_wait as a check for whether a
+- point in time is in the past, and (3) spinning first without
+- having to compare against the current time seems to be the right
+- choice from a performance perspective for most use cases. */
+- unsigned int spin = maxspin;
+- while (spin > 0 && ((int)(signals - lowseq) < 2))
+- {
+- /* Check that we are not spinning on a group that's already
+- closed. */
+- if (seq < (g1_start >> 1))
+- break;
+-
+- /* TODO Back off. */
+-
+- /* Reload signals. See above for MO. */
+- signals = atomic_load_acquire (cond->__data.__g_signals + g);
+- g1_start = __condvar_load_g1_start_relaxed (cond);
+- lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+- spin--;
+- }
+-
+ if (seq < (g1_start >> 1))
+ {
+ /* If the group is closed already,
+@@ -482,24 +454,6 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ an atomic read-modify-write operation and thus extend the release
+ sequence. */
+ atomic_fetch_add_acquire (cond->__data.__g_refs + g, 2);
+- signals = atomic_load_acquire (cond->__data.__g_signals + g);
+- g1_start = __condvar_load_g1_start_relaxed (cond);
+- lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+-
+- if (seq < (g1_start >> 1))
+- {
+- /* group is closed already, so don't block */
+- __condvar_dec_grefs (cond, g, private);
+- goto done;
+- }
+-
+- if ((int)(signals - lowseq) >= 2)
+- {
+- /* a signal showed up or G1/G2 switched after we grabbed the
+- refcount */
+- __condvar_dec_grefs (cond, g, private);
+- break;
+- }
+
+ // Now block.
+ struct _pthread_cleanup_buffer buffer;
+@@ -533,9 +487,6 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ /* Reload signals. See above for MO. */
+ signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ }
+-
+- if (seq < (__condvar_load_g1_start_relaxed (cond) >> 1))
+- goto done;
+ }
+ /* Try to grab a signal. See above for MO. (if we do another loop
+ iteration we need to see the correct value of g1_start) */
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 5e1f45608e..bb5d22cfe8 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -65,6 +65,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-PR25847-1.patch \
file://0026-PR25847-2.patch \
file://0026-PR25847-3.patch \
+ file://0026-PR25847-4.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (22 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 25/27] glibc: nptl Fix indentation Steve Sakoman
` (2 subsequent siblings)
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=929a4764ac90382616b6a21f099192b2475da674]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-5.patch | 105 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 106 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-5.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-5.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-5.patch
new file mode 100644
index 0000000000..16fe6f8460
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-5.patch
@@ -0,0 +1,105 @@
+From d9ffb50dc55f77e584a5d0275eea758c7a6b04e3 Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Mon, 16 Jun 2025 23:53:35 -0700
+Subject: [PATCH] nptl: Use a single loop in pthread_cond_wait instaed of a
+ nested loop
+
+The loop was a little more complicated than necessary. There was only one
+break statement out of the inner loop, and the outer loop was nearly empty.
+So just remove the outer loop, moving its code to the one break statement in
+the inner loop. This allows us to replace all gotos with break statements.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=929a4764ac90382616b6a21f099192b2475da674]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_wait.c | 41 +++++++++++++++++++---------------------
+ 1 file changed, 19 insertions(+), 22 deletions(-)
+
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index 47e834cade..5c86880105 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -410,17 +410,15 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ return err;
+ }
+
+- /* Now wait until a signal is available in our group or it is closed.
+- Acquire MO so that if we observe (signals == lowseq) after group
+- switching in __condvar_quiesce_and_switch_g1, we synchronize with that
+- store and will see the prior update of __g1_start done while switching
+- groups too. */
+- unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
+-
+- do
+- {
++
+ while (1)
+ {
++ /* Now wait until a signal is available in our group or it is closed.
++ Acquire MO so that if we observe (signals == lowseq) after group
++ switching in __condvar_quiesce_and_switch_g1, we synchronize with that
++ store and will see the prior update of __g1_start done while switching
++ groups too. */
++ unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+
+@@ -429,7 +427,7 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ /* If the group is closed already,
+ then this waiter originally had enough extra signals to
+ consume, up until the time its group was closed. */
+- goto done;
++ break;
+ }
+
+ /* If there is an available signal, don't block.
+@@ -438,8 +436,16 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ G2, but in either case we're allowed to consume the available
+ signal and should not block anymore. */
+ if ((int)(signals - lowseq) >= 2)
+- break;
+-
++ {
++ /* Try to grab a signal. See above for MO. (if we do another loop
++ iteration we need to see the correct value of g1_start) */
++ if (atomic_compare_exchange_weak_acquire (
++ cond->__data.__g_signals + g,
++ &signals, signals - 2))
++ break;
++ else
++ continue;
++ }
+ /* No signals available after spinning, so prepare to block.
+ We first acquire a group reference and use acquire MO for that so
+ that we synchronize with the dummy read-modify-write in
+@@ -479,21 +485,12 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ the lock during cancellation is not possible. */
+ __condvar_cancel_waiting (cond, seq, g, private);
+ result = err;
+- goto done;
++ break;
+ }
+ else
+ __condvar_dec_grefs (cond, g, private);
+
+- /* Reload signals. See above for MO. */
+- signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ }
+- }
+- /* Try to grab a signal. See above for MO. (if we do another loop
+- iteration we need to see the correct value of g1_start) */
+- while (!atomic_compare_exchange_weak_acquire (cond->__data.__g_signals + g,
+- &signals, signals - 2));
+-
+- done:
+
+ /* Confirm that we have been woken. We do that before acquiring the mutex
+ to allow for execution of pthread_cond_destroy while having acquired the
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index bb5d22cfe8..04dcb22c3d 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -66,6 +66,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-PR25847-2.patch \
file://0026-PR25847-3.patch \
file://0026-PR25847-4.patch \
+ file://0026-PR25847-5.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 25/27] glibc: nptl Fix indentation
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (23 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 27/27] glibc: nptl Use all of g1_start and g_signals Steve Sakoman
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=ee6c14ed59d480720721aaacc5fb03213dc153da]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-6.patch | 169 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 170 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-6.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-6.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-6.patch
new file mode 100644
index 0000000000..cf87e21ddd
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-6.patch
@@ -0,0 +1,169 @@
+From a2faee6d0dac6e5232255da9afda4d9ed6cfb6e5 Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Tue, 17 Jun 2025 01:37:12 -0700
+Subject: [PATCH] nptl: Fix indentation
+
+In my previous change I turned a nested loop into a simple loop. I'm doing
+the resulting indentation changes in a separate commit to make the diff on
+the previous commit easier to review.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=ee6c14ed59d480720721aaacc5fb03213dc153da]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_wait.c | 132 ++++++++++++++++-----------------------
+ 1 file changed, 54 insertions(+), 78 deletions(-)
+
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index 5c86880105..104ebd48ca 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -410,87 +410,63 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ return err;
+ }
+
+-
+- while (1)
+- {
+- /* Now wait until a signal is available in our group or it is closed.
+- Acquire MO so that if we observe (signals == lowseq) after group
+- switching in __condvar_quiesce_and_switch_g1, we synchronize with that
+- store and will see the prior update of __g1_start done while switching
+- groups too. */
+- unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
+- uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+- unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+-
+- if (seq < (g1_start >> 1))
+- {
+- /* If the group is closed already,
+- then this waiter originally had enough extra signals to
+- consume, up until the time its group was closed. */
+- break;
+- }
+-
+- /* If there is an available signal, don't block.
+- If __g1_start has advanced at all, then we must be in G1
+- by now, perhaps in the process of switching back to an older
+- G2, but in either case we're allowed to consume the available
+- signal and should not block anymore. */
+- if ((int)(signals - lowseq) >= 2)
+- {
+- /* Try to grab a signal. See above for MO. (if we do another loop
+- iteration we need to see the correct value of g1_start) */
+- if (atomic_compare_exchange_weak_acquire (
+- cond->__data.__g_signals + g,
++ while (1)
++ {
++ /* Now wait until a signal is available in our group or it is closed.
++ Acquire MO so that if we observe (signals == lowseq) after group
++ switching in __condvar_quiesce_and_switch_g1, we synchronize with that
++ store and will see the prior update of __g1_start done while switching
++ groups too. */
++ unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
++ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
++ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
++
++ if (seq < (g1_start >> 1))
++ {
++ /* If the group is closed already,
++ then this waiter originally had enough extra signals to
++ consume, up until the time its group was closed. */
++ break;
++ }
++
++ /* If there is an available signal, don't block.
++ If __g1_start has advanced at all, then we must be in G1
++ by now, perhaps in the process of switching back to an older
++ G2, but in either case we're allowed to consume the available
++ signal and should not block anymore. */
++ if ((int)(signals - lowseq) >= 2)
++ {
++ /* Try to grab a signal. See above for MO. (if we do another loop
++ iteration we need to see the correct value of g1_start) */
++ if (atomic_compare_exchange_weak_acquire (
++ cond->__data.__g_signals + g,
+ &signals, signals - 2))
+- break;
+- else
+- continue;
+- }
+- /* No signals available after spinning, so prepare to block.
+- We first acquire a group reference and use acquire MO for that so
+- that we synchronize with the dummy read-modify-write in
+- __condvar_quiesce_and_switch_g1 if we read from that. In turn,
+- in this case this will make us see the advancement of __g_signals
+- to the upcoming new g1_start that occurs with a concurrent
+- attempt to reuse the group's slot.
+- We use acquire MO for the __g_signals check to make the
+- __g1_start check work (see spinning above).
+- Note that the group reference acquisition will not mask the
+- release MO when decrementing the reference count because we use
+- an atomic read-modify-write operation and thus extend the release
+- sequence. */
+- atomic_fetch_add_acquire (cond->__data.__g_refs + g, 2);
+-
+- // Now block.
+- struct _pthread_cleanup_buffer buffer;
+- struct _condvar_cleanup_buffer cbuffer;
+- cbuffer.wseq = wseq;
+- cbuffer.cond = cond;
+- cbuffer.mutex = mutex;
+- cbuffer.private = private;
+- __pthread_cleanup_push (&buffer, __condvar_cleanup_waiting, &cbuffer);
+-
+- err = __futex_abstimed_wait_cancelable64 (
+- cond->__data.__g_signals + g, signals, clockid, abstime, private);
+-
+- __pthread_cleanup_pop (&buffer, 0);
+-
+- if (__glibc_unlikely (err == ETIMEDOUT || err == EOVERFLOW))
+- {
+- __condvar_dec_grefs (cond, g, private);
+- /* If we timed out, we effectively cancel waiting. Note that
+- we have decremented __g_refs before cancellation, so that a
+- deadlock between waiting for quiescence of our group in
+- __condvar_quiesce_and_switch_g1 and us trying to acquire
+- the lock during cancellation is not possible. */
+- __condvar_cancel_waiting (cond, seq, g, private);
+- result = err;
+ break;
+- }
+- else
+- __condvar_dec_grefs (cond, g, private);
+-
++ else
++ continue;
+ }
++ // Now block.
++ struct _pthread_cleanup_buffer buffer;
++ struct _condvar_cleanup_buffer cbuffer;
++ cbuffer.wseq = wseq;
++ cbuffer.cond = cond;
++ cbuffer.mutex = mutex;
++ cbuffer.private = private;
++ __pthread_cleanup_push (&buffer, __condvar_cleanup_waiting, &cbuffer);
++
++ err = __futex_abstimed_wait_cancelable64 (
++ cond->__data.__g_signals + g, signals, clockid, abstime, private);
++
++ __pthread_cleanup_pop (&buffer, 0);
++
++ if (__glibc_unlikely (err == ETIMEDOUT || err == EOVERFLOW))
++ {
++ /* If we timed out, we effectively cancel waiting. */
++ __condvar_cancel_waiting (cond, seq, g, private);
++ result = err;
++ break;
++ }
++ }
+
+ /* Confirm that we have been woken. We do that before acquiring the mutex
+ to allow for execution of pthread_cond_destroy while having acquired the
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 04dcb22c3d..d3c0cbd703 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -67,6 +67,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-PR25847-3.patch \
file://0026-PR25847-4.patch \
file://0026-PR25847-5.patch \
+ file://0026-PR25847-6.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (24 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 25/27] glibc: nptl Fix indentation Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 27/27] glibc: nptl Use all of g1_start and g_signals Steve Sakoman
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=4b79e27a5073c02f6bff9aa8f4791230a0ab1867]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-7.patch | 160 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 161 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-7.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-7.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-7.patch
new file mode 100644
index 0000000000..a9e9cc7c48
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-7.patch
@@ -0,0 +1,160 @@
+From 2a601ac9041e2ca645acad2c174b1c545cfceafe Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Tue, 17 Jun 2025 01:53:25 -0700
+Subject: [PATCH] nptl: rename __condvar_quiesce_and_switch_g1
+
+This function no longer waits for threads to leave g1, so rename it to
+__condvar_switch_g1
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=4b79e27a5073c02f6bff9aa8f4791230a0ab1867]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_broadcast.c | 4 ++--
+ nptl/pthread_cond_common.c | 26 ++++++++++++--------------
+ nptl/pthread_cond_signal.c | 17 ++++++++---------
+ nptl/pthread_cond_wait.c | 9 ++++-----
+ 4 files changed, 26 insertions(+), 30 deletions(-)
+
+diff --git a/nptl/pthread_cond_broadcast.c b/nptl/pthread_cond_broadcast.c
+index 5ae141ac81..a07435589a 100644
+--- a/nptl/pthread_cond_broadcast.c
++++ b/nptl/pthread_cond_broadcast.c
+@@ -60,7 +60,7 @@ ___pthread_cond_broadcast (pthread_cond_t *cond)
+ cond->__data.__g_size[g1] << 1);
+ cond->__data.__g_size[g1] = 0;
+
+- /* We need to wake G1 waiters before we quiesce G1 below. */
++ /* We need to wake G1 waiters before we switch G1 below. */
+ /* TODO Only set it if there are indeed futex waiters. We could
+ also try to move this out of the critical section in cases when
+ G2 is empty (and we don't need to quiesce). */
+@@ -69,7 +69,7 @@ ___pthread_cond_broadcast (pthread_cond_t *cond)
+
+ /* G1 is complete. Step (2) is next unless there are no waiters in G2, in
+ which case we can stop. */
+- if (__condvar_quiesce_and_switch_g1 (cond, wseq, &g1, private))
++ if (__condvar_switch_g1 (cond, wseq, &g1, private))
+ {
+ /* Step (3): Send signals to all waiters in the old G2 / new G1. */
+ atomic_fetch_add_relaxed (cond->__data.__g_signals + g1,
+diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
+index f976a533a1..3baac4dabc 100644
+--- a/nptl/pthread_cond_common.c
++++ b/nptl/pthread_cond_common.c
+@@ -189,16 +189,15 @@ __condvar_get_private (int flags)
+ return FUTEX_SHARED;
+ }
+
+-/* This closes G1 (whose index is in G1INDEX), waits for all futex waiters to
+- leave G1, converts G1 into a fresh G2, and then switches group roles so that
+- the former G2 becomes the new G1 ending at the current __wseq value when we
+- eventually make the switch (WSEQ is just an observation of __wseq by the
+- signaler).
++/* This closes G1 (whose index is in G1INDEX), converts G1 into a fresh G2,
++ and then switches group roles so that the former G2 becomes the new G1
++ ending at the current __wseq value when we eventually make the switch
++ (WSEQ is just an observation of __wseq by the signaler).
+ If G2 is empty, it will not switch groups because then it would create an
+ empty G1 which would require switching groups again on the next signal.
+ Returns false iff groups were not switched because G2 was empty. */
+ static bool __attribute__ ((unused))
+-__condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
++__condvar_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ unsigned int *g1index, int private)
+ {
+ unsigned int g1 = *g1index;
+@@ -214,8 +213,7 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ + cond->__data.__g_size[g1 ^ 1]) == 0)
+ return false;
+
+- /* Now try to close and quiesce G1. We have to consider the following kinds
+- of waiters:
++ /* We have to consider the following kinds of waiters:
+ * Waiters from less recent groups than G1 are not affected because
+ nothing will change for them apart from __g1_start getting larger.
+ * New waiters arriving concurrently with the group switching will all go
+@@ -223,12 +221,12 @@ __condvar_quiesce_and_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ are not affected.
+ * Waiters in G1 have already received a signal and been woken. */
+
+- /* Update __g1_start, which finishes closing this group. The value we add
+- will never be negative because old_orig_size can only be zero when we
+- switch groups the first time after a condvar was initialized, in which
+- case G1 will be at index 1 and we will add a value of 1.
+- Relaxed MO is fine because the change comes with no additional
+- constraints that others would have to observe. */
++ /* Update __g1_start, which closes this group. The value we add will never
++ be negative because old_orig_size can only be zero when we switch groups
++ the first time after a condvar was initialized, in which case G1 will be
++ at index 1 and we will add a value of 1. Relaxed MO is fine because the
++ change comes with no additional constraints that others would have to
++ observe. */
+ __condvar_add_g1_start_relaxed (cond,
+ (old_orig_size << 1) + (g1 == 1 ? 1 : - 1));
+
+diff --git a/nptl/pthread_cond_signal.c b/nptl/pthread_cond_signal.c
+index 14800ba00b..a9bc10dcca 100644
+--- a/nptl/pthread_cond_signal.c
++++ b/nptl/pthread_cond_signal.c
+@@ -69,18 +69,17 @@ ___pthread_cond_signal (pthread_cond_t *cond)
+ bool do_futex_wake = false;
+
+ /* If G1 is still receiving signals, we put the signal there. If not, we
+- check if G2 has waiters, and if so, quiesce and switch G1 to the former
+- G2; if this results in a new G1 with waiters (G2 might have cancellations
+- already, see __condvar_quiesce_and_switch_g1), we put the signal in the
+- new G1. */
++ check if G2 has waiters, and if so, switch G1 to the former G2; if this
++ results in a new G1 with waiters (G2 might have cancellations already,
++ see __condvar_switch_g1), we put the signal in the new G1. */
+ if ((cond->__data.__g_size[g1] != 0)
+- || __condvar_quiesce_and_switch_g1 (cond, wseq, &g1, private))
++ || __condvar_switch_g1 (cond, wseq, &g1, private))
+ {
+ /* Add a signal. Relaxed MO is fine because signaling does not need to
+- establish a happens-before relation (see above). We do not mask the
+- release-MO store when initializing a group in
+- __condvar_quiesce_and_switch_g1 because we use an atomic
+- read-modify-write and thus extend that store's release sequence. */
++ establish a happens-before relation (see above). We do not mask the
++ release-MO store when initializing a group in __condvar_switch_g1
++ because we use an atomic read-modify-write and thus extend that
++ store's release sequence. */
+ atomic_fetch_add_relaxed (cond->__data.__g_signals + g1, 2);
+ cond->__data.__g_size[g1]--;
+ /* TODO Only set it if there are indeed futex waiters. */
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index 104ebd48ca..bb46f3605d 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -382,8 +382,7 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ because we do not need to establish any happens-before relation with
+ signalers (see __pthread_cond_signal); modification order alone
+ establishes a total order of waiters/signals. We do need acquire MO
+- to synchronize with group reinitialization in
+- __condvar_quiesce_and_switch_g1. */
++ to synchronize with group reinitialization in __condvar_switch_g1. */
+ uint64_t wseq = __condvar_fetch_add_wseq_acquire (cond, 2);
+ /* Find our group's index. We always go into what was G2 when we acquired
+ our position. */
+@@ -414,9 +413,9 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ {
+ /* Now wait until a signal is available in our group or it is closed.
+ Acquire MO so that if we observe (signals == lowseq) after group
+- switching in __condvar_quiesce_and_switch_g1, we synchronize with that
+- store and will see the prior update of __g1_start done while switching
+- groups too. */
++ switching in __condvar_switch_g1, we synchronize with that store and
++ will see the prior update of __g1_start done while switching groups
++ too. */
+ unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+ unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index d3c0cbd703..af122f00fb 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -68,6 +68,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-PR25847-4.patch \
file://0026-PR25847-5.patch \
file://0026-PR25847-6.patch \
+ file://0026-PR25847-7.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
* [OE-core][kirkstone 27/27] glibc: nptl Use all of g1_start and g_signals
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
` (25 preceding siblings ...)
2025-06-17 21:20 ` [OE-core][kirkstone 26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1 Steve Sakoman
@ 2025-06-17 21:20 ` Steve Sakoman
26 siblings, 0 replies; 37+ messages in thread
From: Steve Sakoman @ 2025-06-17 21:20 UTC (permalink / raw)
To: openembedded-core
From: Sunil Dora <sunilkumar.dora@windriver.com>
The following commits have been cherry-picked from Glibc master branch:
Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=91bb902f58264a2fd50fbce8f39a9a290dd23706]
Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/0026-PR25847-8.patch | 192 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 193 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-8.patch
diff --git a/meta/recipes-core/glibc/glibc/0026-PR25847-8.patch b/meta/recipes-core/glibc/glibc/0026-PR25847-8.patch
new file mode 100644
index 0000000000..8ea0c784ef
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0026-PR25847-8.patch
@@ -0,0 +1,192 @@
+From fc074de88796eb2036fbe9bade638e00adfd5cb2 Mon Sep 17 00:00:00 2001
+From: Malte Skarupke <malteskarupke@fastmail.fm>
+Date: Tue, 17 Jun 2025 02:08:36 -0700
+Subject: [PATCH] nptl: Use all of g1_start and g_signals
+
+The LSB of g_signals was unused. The LSB of g1_start was used to indicate
+which group is G2. This was used to always go to sleep in pthread_cond_wait
+if a waiter is in G2. A comment earlier in the file says that this is not
+correct to do:
+
+ "Waiters cannot determine whether they are currently in G2 or G1 -- but they
+ do not have to because all they are interested in is whether there are
+ available signals"
+
+I either would have had to update the comment, or get rid of the check. I
+chose to get rid of the check. In fact I don't quite know why it was there.
+There will never be available signals for group G2, so we didn't need the
+special case. Even if there were, this would just be a spurious wake. This
+might have caught some cases where the count has wrapped around, but it
+wouldn't reliably do that, (and even if it did, why would you want to force a
+sleep in that case?) and we don't support that many concurrent waiters
+anyway. Getting rid of it allows us to use one more bit, making us more
+robust to wraparound.
+
+The following commits have been cherry-picked from Glibc master branch:
+Bug : https://sourceware.org/bugzilla/show_bug.cgi?id=25847
+
+Upstream-Status: Backport
+[https://sourceware.org/git/?p=glibc.git;a=commit;h=91bb902f58264a2fd50fbce8f39a9a290dd23706]
+
+Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
+---
+ nptl/pthread_cond_broadcast.c | 4 ++--
+ nptl/pthread_cond_common.c | 26 ++++++++++----------------
+ nptl/pthread_cond_signal.c | 2 +-
+ nptl/pthread_cond_wait.c | 14 +++++---------
+ 4 files changed, 18 insertions(+), 28 deletions(-)
+
+diff --git a/nptl/pthread_cond_broadcast.c b/nptl/pthread_cond_broadcast.c
+index a07435589a..ef0943cdc5 100644
+--- a/nptl/pthread_cond_broadcast.c
++++ b/nptl/pthread_cond_broadcast.c
+@@ -57,7 +57,7 @@ ___pthread_cond_broadcast (pthread_cond_t *cond)
+ {
+ /* Add as many signals as the remaining size of the group. */
+ atomic_fetch_add_relaxed (cond->__data.__g_signals + g1,
+- cond->__data.__g_size[g1] << 1);
++ cond->__data.__g_size[g1]);
+ cond->__data.__g_size[g1] = 0;
+
+ /* We need to wake G1 waiters before we switch G1 below. */
+@@ -73,7 +73,7 @@ ___pthread_cond_broadcast (pthread_cond_t *cond)
+ {
+ /* Step (3): Send signals to all waiters in the old G2 / new G1. */
+ atomic_fetch_add_relaxed (cond->__data.__g_signals + g1,
+- cond->__data.__g_size[g1] << 1);
++ cond->__data.__g_size[g1]);
+ cond->__data.__g_size[g1] = 0;
+ /* TODO Only set it if there are indeed futex waiters. */
+ do_futex_wake = true;
+diff --git a/nptl/pthread_cond_common.c b/nptl/pthread_cond_common.c
+index 3baac4dabc..e48f914321 100644
+--- a/nptl/pthread_cond_common.c
++++ b/nptl/pthread_cond_common.c
+@@ -208,9 +208,9 @@ __condvar_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ behavior.
+ Note that this works correctly for a zero-initialized condvar too. */
+ unsigned int old_orig_size = __condvar_get_orig_size (cond);
+- uint64_t old_g1_start = __condvar_load_g1_start_relaxed (cond) >> 1;
+- if (((unsigned) (wseq - old_g1_start - old_orig_size)
+- + cond->__data.__g_size[g1 ^ 1]) == 0)
++ uint64_t old_g1_start = __condvar_load_g1_start_relaxed (cond);
++ uint64_t new_g1_start = old_g1_start + old_orig_size;
++ if (((unsigned) (wseq - new_g1_start) + cond->__data.__g_size[g1 ^ 1]) == 0)
+ return false;
+
+ /* We have to consider the following kinds of waiters:
+@@ -221,16 +221,10 @@ __condvar_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ are not affected.
+ * Waiters in G1 have already received a signal and been woken. */
+
+- /* Update __g1_start, which closes this group. The value we add will never
+- be negative because old_orig_size can only be zero when we switch groups
+- the first time after a condvar was initialized, in which case G1 will be
+- at index 1 and we will add a value of 1. Relaxed MO is fine because the
+- change comes with no additional constraints that others would have to
+- observe. */
+- __condvar_add_g1_start_relaxed (cond,
+- (old_orig_size << 1) + (g1 == 1 ? 1 : - 1));
+-
+- unsigned int lowseq = ((old_g1_start + old_orig_size) << 1) & ~1U;
++ /* Update __g1_start, which closes this group. Relaxed MO is fine because
++ the change comes with no additional constraints that others would have
++ to observe. */
++ __condvar_add_g1_start_relaxed (cond, old_orig_size);
+
+ /* At this point, the old G1 is now a valid new G2 (but not in use yet).
+ No old waiter can neither grab a signal nor acquire a reference without
+@@ -242,13 +236,13 @@ __condvar_switch_g1 (pthread_cond_t *cond, uint64_t wseq,
+ g1 ^= 1;
+ *g1index ^= 1;
+
+- /* Now advance the new G1 g_signals to the new lowseq, giving it
++ /* Now advance the new G1 g_signals to the new g1_start, giving it
+ an effective signal count of 0 to start. */
+- atomic_store_release (cond->__data.__g_signals + g1, lowseq);
++ atomic_store_release (cond->__data.__g_signals + g1, (unsigned)new_g1_start);
+
+ /* These values are just observed by signalers, and thus protected by the
+ lock. */
+- unsigned int orig_size = wseq - (old_g1_start + old_orig_size);
++ unsigned int orig_size = wseq - new_g1_start;
+ __condvar_set_orig_size (cond, orig_size);
+ /* Use and addition to not loose track of cancellations in what was
+ previously G2. */
+diff --git a/nptl/pthread_cond_signal.c b/nptl/pthread_cond_signal.c
+index a9bc10dcca..07427369aa 100644
+--- a/nptl/pthread_cond_signal.c
++++ b/nptl/pthread_cond_signal.c
+@@ -80,7 +80,7 @@ ___pthread_cond_signal (pthread_cond_t *cond)
+ release-MO store when initializing a group in __condvar_switch_g1
+ because we use an atomic read-modify-write and thus extend that
+ store's release sequence. */
+- atomic_fetch_add_relaxed (cond->__data.__g_signals + g1, 2);
++ atomic_fetch_add_relaxed (cond->__data.__g_signals + g1, 1);
+ cond->__data.__g_size[g1]--;
+ /* TODO Only set it if there are indeed futex waiters. */
+ do_futex_wake = true;
+diff --git a/nptl/pthread_cond_wait.c b/nptl/pthread_cond_wait.c
+index bb46f3605d..430cbe8a35 100644
+--- a/nptl/pthread_cond_wait.c
++++ b/nptl/pthread_cond_wait.c
+@@ -84,7 +84,7 @@ __condvar_cancel_waiting (pthread_cond_t *cond, uint64_t seq, unsigned int g,
+ not hold a reference on the group. */
+ __condvar_acquire_lock (cond, private);
+
+- uint64_t g1_start = __condvar_load_g1_start_relaxed (cond) >> 1;
++ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+ if (g1_start > seq)
+ {
+ /* Our group is closed, so someone provided enough signals for it.
+@@ -278,7 +278,6 @@ __condvar_cleanup_waiting (void *arg)
+ * Waiters fetch-add while having acquire the mutex associated with the
+ condvar. Signalers load it and fetch-xor it concurrently.
+ __g1_start: Starting position of G1 (inclusive)
+- * LSB is index of current G2.
+ * Modified by signalers while having acquired the condvar-internal lock
+ and observed concurrently by waiters.
+ __g1_orig_size: Initial size of G1
+@@ -299,11 +298,9 @@ __condvar_cleanup_waiting (void *arg)
+ * Reference count used by waiters concurrently with signalers that have
+ acquired the condvar-internal lock.
+ __g_signals: The number of signals that can still be consumed, relative to
+- the current g1_start. (i.e. bits 31 to 1 of __g_signals are bits
+- 31 to 1 of g1_start with the signal count added)
++ the current g1_start. (i.e. g1_start with the signal count added)
+ * Used as a futex word by waiters. Used concurrently by waiters and
+ signalers.
+- * LSB is currently reserved and 0.
+ __g_size: Waiters remaining in this group (i.e., which have not been
+ signaled yet.
+ * Accessed by signalers and waiters that cancel waiting (both do so only
+@@ -418,9 +415,8 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ too. */
+ unsigned int signals = atomic_load_acquire (cond->__data.__g_signals + g);
+ uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
+- unsigned int lowseq = (g1_start & 1) == g ? signals : g1_start & ~1U;
+
+- if (seq < (g1_start >> 1))
++ if (seq < g1_start)
+ {
+ /* If the group is closed already,
+ then this waiter originally had enough extra signals to
+@@ -433,13 +429,13 @@ __pthread_cond_wait_common (pthread_cond_t *cond, pthread_mutex_t *mutex,
+ by now, perhaps in the process of switching back to an older
+ G2, but in either case we're allowed to consume the available
+ signal and should not block anymore. */
+- if ((int)(signals - lowseq) >= 2)
++ if ((int)(signals - (unsigned int)g1_start) > 0)
+ {
+ /* Try to grab a signal. See above for MO. (if we do another loop
+ iteration we need to see the correct value of g1_start) */
+ if (atomic_compare_exchange_weak_acquire (
+ cond->__data.__g_signals + g,
+- &signals, signals - 2))
++ &signals, signals - 1))
+ break;
+ else
+ continue;
+--
+2.49.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index af122f00fb..3023e9c1ed 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -69,6 +69,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-PR25847-5.patch \
file://0026-PR25847-6.patch \
file://0026-PR25847-7.patch \
+ file://0026-PR25847-8.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 37+ messages in thread
end of thread, other threads:[~2025-06-17 21:21 UTC | newest]
Thread overview: 37+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-17 21:19 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 01/27] Glibc: Fix for CVE-2025-4802 Steve Sakoman
2025-06-17 21:19 ` [OE-core][kirkstone 02/27] python3-requests: fix CVE-2024-47081 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 03/27] net-tools: patch CVE-2025-46836 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 04/27] libsoup-2.4: Fix CVE-2025-2784 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 05/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 06/27] libsoup-2.4: Fix CVE-2025-32050 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 07/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 08/27] libsoup-2.4: Fix CVE-2025-32052 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 09/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 10/27] libsoup-2.4: Fix CVE-2025-32053 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 11/27] libsoup: " Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 12/27] libsoup: Fix CVE-2025-46420 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 15/27] scripts/install-buildtools: Update to 4.0.27 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 16/27] babeltrace/libatomic-ops: correct the SRC_URI Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 17/27] libpng: Improve ptest Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 18/27] xz: Update LICENSE variable for xz packages Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 19/27] e2fsprogs: removed 'sed -u' option Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 20/27] glibc: pthreads NPTL lost wakeup fix 2 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 21/27] glibc: nptl Update comments and indentation for new condvar implementation Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 25/27] glibc: nptl Fix indentation Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1 Steve Sakoman
2025-06-17 21:20 ` [OE-core][kirkstone 27/27] glibc: nptl Use all of g1_start and g_signals Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-07-18 14:25 [OE-core][kirkstone 00/27] Patch review Steve Sakoman
2023-02-12 21:10 Steve Sakoman
2022-07-14 4:35 Steve Sakoman
[not found] <16E7A00050A35F84.23874@lists.openembedded.org>
2022-04-20 14:53 ` Steve Sakoman
2022-04-20 15:05 ` Khem Raj
2022-04-21 5:14 ` Randy MacLeod
2022-04-21 14:00 ` Steve Sakoman
2022-04-21 14:27 ` Randy MacLeod
2022-04-20 14:07 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox