| Message ID | 20240730101039.1757198-1-vanusuri@mvista.com |
|---|---|
| State | Accepted |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [scarthgap] orc: upgrade 0.4.38 -> 0.4.39 | expand |
I won't be able to take this patch until it hits master first. Steve On Tue, Jul 30, 2024 at 3:10 AM Vijay Anusuri via lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> wrote: > > From: Vijay Anusuri <vanusuri@mvista.com> > > Changelog: > > - Security: Fix error message printing buffer overflow leading to possible > code executation in orcc with specific input files (CVE-2024-40897). This > only affects developers and CI environments using orcc, not users of liborc > (Sebastian Dröge, L. E. Segovia) > - div255w: fix off-by-one error in the implementations (L. E. Segovia) > - x86: only run AVX detection if xgetbv is available (L. E. Segovia) > - x86: fix AVX detection by implementing the check recommended by Intel (L. E. Segovia) > - Only enable JIT compilation on Apple arm64 if running on macOS, fixes crashes on iOS (Piotr Brzeziński) > - Fix potential crash in emulation mode if logging is enabled (L. E. Segovia) > - Handle undefined TARGET_OS_OSX correctly (Joshua Root) > - orconce: Fix typo in GCC __sync-based implementation (Jakub Vaněk) > - orconce: Fix usage of __STDC_NO_ATOMICS__ (Alexander Slobodeniuk) > - Fix build with MSVC 17.10 + C11 (L. E. Segovia) > - Support stack unwinding on Windows (L. E. Segovia) > - Major opcode and instruction set code clean-ups and refactoring (Jorge Zapata) > - Refactor allocation and chunk initialization of code regions (L. E. Segovia) > - Fall back to emulation on Linux if JIT support is not available, > e.g. because of SELinux sandboxing or noexec mounting) (L. E. Segovia) > > Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE > > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> > --- > meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} (92%) > > diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb b/meta/recipes-devtools/orc/orc_0.4.39.bb > similarity index 92% > rename from meta/recipes-devtools/orc/orc_0.4.38.bb > rename to meta/recipes-devtools/orc/orc_0.4.39.bb > index 5d2296694a..320abf536a 100644 > --- a/meta/recipes-devtools/orc/orc_0.4.38.bb > +++ b/meta/recipes-devtools/orc/orc_0.4.39.bb > @@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" > LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" > > SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" > -SRC_URI[sha256sum] = "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d" > +SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" > > inherit meson pkgconfig gtk-doc > > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#202669): https://lists.openembedded.org/g/openembedded-core/message/202669 > Mute This Topic: https://lists.openembedded.org/mt/107625073/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Ok Steve. Patch for master has already been submitted. https://lists.openembedded.org/g/openembedded-core/message/202585 Thanks & Regards, Vijay On Tue, Jul 30, 2024 at 7:47 PM Steve Sakoman <steve@sakoman.com> wrote: > I won't be able to take this patch until it hits master first. > > Steve > > On Tue, Jul 30, 2024 at 3:10 AM Vijay Anusuri via > lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> > wrote: > > > > From: Vijay Anusuri <vanusuri@mvista.com> > > > > Changelog: > > > > - Security: Fix error message printing buffer overflow leading to > possible > > code executation in orcc with specific input files (CVE-2024-40897). > This > > only affects developers and CI environments using orcc, not users of > liborc > > (Sebastian Dröge, L. E. Segovia) > > - div255w: fix off-by-one error in the implementations (L. E. Segovia) > > - x86: only run AVX detection if xgetbv is available (L. E. Segovia) > > - x86: fix AVX detection by implementing the check recommended by Intel > (L. E. Segovia) > > - Only enable JIT compilation on Apple arm64 if running on macOS, fixes > crashes on iOS (Piotr Brzeziński) > > - Fix potential crash in emulation mode if logging is enabled (L. E. > Segovia) > > - Handle undefined TARGET_OS_OSX correctly (Joshua Root) > > - orconce: Fix typo in GCC __sync-based implementation (Jakub Vaněk) > > - orconce: Fix usage of __STDC_NO_ATOMICS__ (Alexander Slobodeniuk) > > - Fix build with MSVC 17.10 + C11 (L. E. Segovia) > > - Support stack unwinding on Windows (L. E. Segovia) > > - Major opcode and instruction set code clean-ups and refactoring (Jorge > Zapata) > > - Refactor allocation and chunk initialization of code regions (L. E. > Segovia) > > - Fall back to emulation on Linux if JIT support is not available, > > e.g. because of SELinux sandboxing or noexec mounting) (L. E. Segovia) > > > > Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE > > > > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> > > --- > > meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > rename meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} (92%) > > > > diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb > b/meta/recipes-devtools/orc/orc_0.4.39.bb > > similarity index 92% > > rename from meta/recipes-devtools/orc/orc_0.4.38.bb > > rename to meta/recipes-devtools/orc/orc_0.4.39.bb > > index 5d2296694a..320abf536a 100644 > > --- a/meta/recipes-devtools/orc/orc_0.4.38.bb > > +++ b/meta/recipes-devtools/orc/orc_0.4.39.bb > > @@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" > > LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" > > > > SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" > > -SRC_URI[sha256sum] = > "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d" > > +SRC_URI[sha256sum] = > "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" > > > > inherit meson pkgconfig gtk-doc > > > > -- > > 2.25.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#202669): > https://lists.openembedded.org/g/openembedded-core/message/202669 > > Mute This Topic: https://lists.openembedded.org/mt/107625073/3620601 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > steve@sakoman.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
Hi Steve, As patch hits the master, could you please sync / merge this patch to scarthgap. https://git.openembedded.org/openembedded-core/commit/?id=bcbaaa9f7d88686915c354fb66682cbe9b1d0536 Thanks & Regards, Vijay On Wed, Jul 31, 2024 at 10:05 AM Vijay Anusuri via lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> wrote: > Ok Steve. > > Patch for master has already been submitted. > > https://lists.openembedded.org/g/openembedded-core/message/202585 > > Thanks & Regards, > Vijay > > On Tue, Jul 30, 2024 at 7:47 PM Steve Sakoman <steve@sakoman.com> wrote: > >> I won't be able to take this patch until it hits master first. >> >> Steve >> >> On Tue, Jul 30, 2024 at 3:10 AM Vijay Anusuri via >> lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> >> wrote: >> > >> > From: Vijay Anusuri <vanusuri@mvista.com> >> > >> > Changelog: >> > >> > - Security: Fix error message printing buffer overflow leading to >> possible >> > code executation in orcc with specific input files (CVE-2024-40897). >> This >> > only affects developers and CI environments using orcc, not users of >> liborc >> > (Sebastian Dröge, L. E. Segovia) >> > - div255w: fix off-by-one error in the implementations (L. E. Segovia) >> > - x86: only run AVX detection if xgetbv is available (L. E. Segovia) >> > - x86: fix AVX detection by implementing the check recommended by Intel >> (L. E. Segovia) >> > - Only enable JIT compilation on Apple arm64 if running on macOS, fixes >> crashes on iOS (Piotr Brzeziński) >> > - Fix potential crash in emulation mode if logging is enabled (L. E. >> Segovia) >> > - Handle undefined TARGET_OS_OSX correctly (Joshua Root) >> > - orconce: Fix typo in GCC __sync-based implementation (Jakub Vaněk) >> > - orconce: Fix usage of __STDC_NO_ATOMICS__ (Alexander Slobodeniuk) >> > - Fix build with MSVC 17.10 + C11 (L. E. Segovia) >> > - Support stack unwinding on Windows (L. E. Segovia) >> > - Major opcode and instruction set code clean-ups and refactoring >> (Jorge Zapata) >> > - Refactor allocation and chunk initialization of code regions (L. E. >> Segovia) >> > - Fall back to emulation on Linux if JIT support is not available, >> > e.g. because of SELinux sandboxing or noexec mounting) (L. E. Segovia) >> > >> > Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE >> > >> > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> >> > --- >> > meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > rename meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} >> (92%) >> > >> > diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb >> b/meta/recipes-devtools/orc/orc_0.4.39.bb >> > similarity index 92% >> > rename from meta/recipes-devtools/orc/orc_0.4.38.bb >> > rename to meta/recipes-devtools/orc/orc_0.4.39.bb >> > index 5d2296694a..320abf536a 100644 >> > --- a/meta/recipes-devtools/orc/orc_0.4.38.bb >> > +++ b/meta/recipes-devtools/orc/orc_0.4.39.bb >> > @@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" >> > LIC_FILES_CHKSUM = >> "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" >> > >> > SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" >> > -SRC_URI[sha256sum] = >> "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d" >> > +SRC_URI[sha256sum] = >> "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" >> > >> > inherit meson pkgconfig gtk-doc >> > >> > -- >> > 2.25.1 >> > >> > >> > >> > >> > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#202689): > https://lists.openembedded.org/g/openembedded-core/message/202689 > Mute This Topic: https://lists.openembedded.org/mt/107625073/7301997 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > vanusuri@mvista.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb b/meta/recipes-devtools/orc/orc_0.4.39.bb similarity index 92% rename from meta/recipes-devtools/orc/orc_0.4.38.bb rename to meta/recipes-devtools/orc/orc_0.4.39.bb index 5d2296694a..320abf536a 100644 --- a/meta/recipes-devtools/orc/orc_0.4.38.bb +++ b/meta/recipes-devtools/orc/orc_0.4.39.bb @@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" -SRC_URI[sha256sum] = "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d" +SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" inherit meson pkgconfig gtk-doc