From patchwork Fri Dec 3 18:18:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 607 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA5DFC433F5 for ; Fri, 3 Dec 2021 18:21:27 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web09.15182.1638555687010238847 for ; Fri, 03 Dec 2021 10:21:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=VPzJjJDk; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id i12so3653229pfd.6 for ; Fri, 03 Dec 2021 10:21:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=RrDqPF7dk0YPOV3L/YC5t4VE5k8J84HHH3N/4Hbjub8=; b=VPzJjJDkKYjR+L54p2OLlI5vGEhRqrErnQiLD64nmZNGL/cxGV3u/GvKuTSTGkAJMY 7ZIzr2uF7LovYiA2j7VZL5yRAkNEA416rm7rU/QEUxqHphplp35OJdCNBpXDSBkdCEJU b+UMzO+Qxh66GWt2PyHE+s8JgZbaVIvpRqbH6AHo5pgUMY9vzqgKbJDJXkwmNMxC0U+t 7UGXui1FzJZ4AUyPgYlh++7+qmwNwY6ZwU3A5ur0qiu8Cw5tCI3ybgYt8qbdqRuY0vEC GkzVPdXTxprLj/mxpBCWTiJvUPqjRicD25DESJp2AxlwVQRzpKEmHtdDqCaMv2je++gU ISjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RrDqPF7dk0YPOV3L/YC5t4VE5k8J84HHH3N/4Hbjub8=; b=sXZbYX2IjLy/XBxQ/YVx6Rioo0DS3VNYqelWDAmcXKxxp1ZgvJELgZOFXkB4I/siuB eir8K5kXbwVTow8mDOBPuSelqbmOGq0RoqgeiIGno1OYPTh5ifC0cGGDc/B62ZQg0K12 Vo+2V4JNnQAQ6iQi3KTJdhIi2+aavGcYf5jkZ0pBfrjLNZHMDAHcJNuTYkurcjeYgga5 gMjdJnGjBKgwfoAQupodKAlRUBQuZimdKk+GWZST0I4REUWSFhIbUuKh3h5meynEoBMX s4rnziDVq9YretJ2siPqC0Q30sWNCAVOvv8poBkhkueq0hN5wwThytkzbpOEMeMEKHEy 737A== X-Gm-Message-State: AOAM5316qqAZWhr7rJqyWePgAdbvu5iEW2RDRBUh781/xWrRAnKNSeqb DDgc776UMknhEBNrQredZjqlEvImWg2vvtWHlOE= X-Google-Smtp-Source: ABdhPJyYHK+OIX9ErWhEOUeQpeMchtci7Bs/D6LsN9bM7oz61f4yx2YcHuNq6FzZqGpFsKIWhPEjiw== X-Received: by 2002:a65:4cc7:: with SMTP id n7mr5708100pgt.179.1638555685483; Fri, 03 Dec 2021 10:21:25 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/18] cve-extra-exclusions: add db CVEs to exclusion list Date: Fri, 3 Dec 2021 08:18:48 -1000 Message-Id: <2a157263e5632146b28fb3c0678c18c21f357d34.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159128 Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. Signed-off-by: Steve Sakoman --- meta/conf/distro/include/cve-extra-exclusions.inc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index a6f52b5de7..e02a4d1fde 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -44,7 +44,14 @@ CVE_CHECK_WHITELIST += "CVE-2010-4756" # exposing this interface in an exploitable way CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" - +# db +# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with +# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. +CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ +CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ +CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ +CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ +CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" #### CPE update pending #### From patchwork Fri Dec 3 18:18:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 14106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Steve Sakoman" Subject: [OE-core][dunfell 02/18] glib-2.0: Add security fixes Date: Fri, 3 Dec 2021 08:18:49 -1000 Message-Id: In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Neetika Singh Add patches for below CVE issues: CVE-2021-27218 CVE-2021-27219 CVE-2021-28153 Link: https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz Also, add regression patchs for CVE-2021-27219. CVE-2021-27219-reg1-3.patch is not relevant for glib2.0 v2.64 Signed-off-by: Neetika.Singh Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../glib-2.0/glib-2.0/CVE-2021-27218.patch | 129 ++++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-01.patch | 170 ++++++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-02.patch | 249 +++++++++++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-03.patch | 131 ++++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-04.patch | 298 ++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-05.patch | 54 ++++ .../glib-2.0/glib-2.0/CVE-2021-27219-06.patch | 101 ++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-07.patch | 76 +++++ .../glib-2.0/glib-2.0/CVE-2021-27219-08.patch | 101 ++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-09.patch | 100 ++++++ .../glib-2.0/glib-2.0/CVE-2021-27219-10.patch | 59 ++++ .../glib-2.0/glib-2.0/CVE-2021-27219-11.patch | 63 ++++ .../glib-2.0/CVE-2021-27219-reg1-1.patch | 36 +++ .../glib-2.0/CVE-2021-27219-reg1-2.patch | 38 +++ .../glib-2.0/CVE-2021-27219-reg1-4.patch | 38 +++ .../glib-2.0/CVE-2021-27219-reg1-5.patch | 100 ++++++ .../glib-2.0/CVE-2021-27219-reg2-1.patch | 49 +++ .../glib-2.0/CVE-2021-27219-reg2-2.patch | 43 +++ .../glib-2.0/CVE-2021-27219-reg2-3.patch | 232 ++++++++++++++ .../glib-2.0/glib-2.0/CVE-2021-28153-1.patch | 27 ++ .../glib-2.0/glib-2.0/CVE-2021-28153-2.patch | 42 +++ .../glib-2.0/glib-2.0/CVE-2021-28153-3.patch | 57 ++++ .../glib-2.0/glib-2.0/CVE-2021-28153-4.patch | 265 ++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2021-28153-5.patch | 55 ++++ meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 24 ++ 25 files changed, 2537 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch new file mode 100644 index 0000000000..6257763d8d --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch @@ -0,0 +1,129 @@ +Backport of: + +From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001 +From: Krzesimir Nowak +Date: Wed, 10 Feb 2021 23:51:07 +0100 +Subject: [PATCH] gbytearray: Do not accept too large byte arrays + +GByteArray uses guint for storing the length of the byte array, but it +also has a constructor (g_byte_array_new_take) that takes length as a +gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits +for guint). It is possible to call the function with a value greater +than G_MAXUINT, which will result in silent length truncation. This +may happen as a result of unreffing GBytes into GByteArray, so rather +be loud about it. + +(Test case tweaked by Philip Withnall.) + +(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for +`g_memdup2()`.) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27218 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + glib/garray.c | 6 ++++++ + glib/gbytes.c | 4 ++++ + glib/tests/bytes.c | 35 ++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 1 deletion(-) + +--- a/glib/garray.c ++++ b/glib/garray.c +@@ -2234,6 +2234,10 @@ g_byte_array_steal (GByteArray *array, + * Create byte array containing the data. The data will be owned by the array + * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). + * ++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray ++ * stores the length of its data in #guint, which may be shorter than ++ * #gsize. ++ * + * Since: 2.32 + * + * Returns: (transfer full): a new #GByteArray +@@ -2245,6 +2249,8 @@ g_byte_array_new_take (guint8 *data, + GByteArray *array; + GRealArray *real; + ++ g_return_val_if_fail (len <= G_MAXUINT, NULL); ++ + array = g_byte_array_new (); + real = (GRealArray *)array; + g_assert (real->data == NULL); +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes, + * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all + * other cases the data is copied. + * ++ * Do not use it if @bytes contains more than %G_MAXUINT ++ * bytes. #GByteArray stores the length of its data in #guint, which ++ * may be shorter than #gsize, that @bytes is using. ++ * + * Returns: (transfer full): a new mutable #GByteArray containing the same byte data + * + * Since: 2.32 +--- a/glib/tests/bytes.c ++++ b/glib/tests/bytes.c +@@ -10,12 +10,12 @@ + */ + + #undef G_DISABLE_ASSERT +-#undef G_LOG_DOMAIN + + #include + #include + #include + #include "glib.h" ++#include "glib/gstrfuncsprivate.h" + + /* Keep in sync with glib/gbytes.c */ + struct _GBytes +@@ -334,6 +334,38 @@ test_to_array_transferred (void) + } + + static void ++test_to_array_transferred_oversize (void) ++{ ++ g_test_message ("g_bytes_unref_to_array() can only take GBytes up to " ++ "G_MAXUINT in length; test that longer ones are rejected"); ++ ++ if (sizeof (guint) >= sizeof (gsize)) ++ { ++ g_test_skip ("Skipping test as guint is not smaller than gsize"); ++ } ++ else if (g_test_undefined ()) ++ { ++ GByteArray *array = NULL; ++ GBytes *bytes = NULL; ++ gpointer data = g_memdup2 (NYAN, N_NYAN); ++ gsize len = ((gsize) G_MAXUINT) + 1; ++ ++ bytes = g_bytes_new_take (data, len); ++ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, ++ "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed"); ++ array = g_bytes_unref_to_array (g_steal_pointer (&bytes)); ++ g_test_assert_expected_messages (); ++ g_assert_null (array); ++ ++ g_free (data); ++ } ++ else ++ { ++ g_test_skip ("Skipping test as testing undefined behaviour is disabled"); ++ } ++} ++ ++static void + test_to_array_two_refs (void) + { + gconstpointer memory; +@@ -410,6 +442,7 @@ main (int argc, char *argv[]) + g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred); + g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs); + g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc); ++ g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize); + g_test_add_func ("/bytes/null", test_null); + + return g_test_run (); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch new file mode 100644 index 0000000000..2af9dd6aa4 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch @@ -0,0 +1,170 @@ +Backport of: + +From 5e5f75a77e399c638be66d74e5daa8caeb433e00 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:30:52 +0000 +Subject: [PATCH 01/11] gstrfuncs: Add internal g_memdup2() function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will replace the existing `g_memdup()` function for use within +GLib. It has an unavoidable security flaw of taking its `byte_size` +argument as a `guint` rather than as a `gsize`. Most callers will +expect it to be a `gsize`, and may pass in large values which could +silently be truncated, resulting in an undersize allocation compared +to what the caller expects. + +This could lead to a classic buffer overflow vulnerability for many +callers of `g_memdup()`. + +`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. + +Spotted by Kevin Backhouse of GHSL. + +In GLib 2.68, `g_memdup2()` will be a new public API. In this version +for backport to older stable releases, it’s a new `static inline` API +in a private header, so that use of `g_memdup()` within GLib can be +fixed without adding a new API in a stable release series. + +Signed-off-by: Philip Withnall +Helps: GHSL-2021-045 +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + docs/reference/glib/meson.build | 1 + + glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++ + glib/meson.build | 1 + + glib/tests/strfuncs.c | 23 ++++++++++++++ + 4 files changed, 80 insertions(+) + create mode 100644 glib/gstrfuncsprivate.h + +--- a/docs/reference/glib/meson.build ++++ b/docs/reference/glib/meson.build +@@ -22,6 +22,7 @@ if get_option('gtk_doc') + 'gprintfint.h', + 'gmirroringtable.h', + 'gscripttable.h', ++ 'gstrfuncsprivate.h', + 'glib-mirroring-tab', + 'gnulib', + 'pcre', +--- /dev/null ++++ b/glib/gstrfuncsprivate.h +@@ -0,0 +1,55 @@ ++/* GLIB - Library of useful routines for C programming ++ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, see . ++ */ ++ ++#include ++#include ++ ++/* ++ * g_memdup2: ++ * @mem: (nullable): the memory to copy. ++ * @byte_size: the number of bytes to copy. ++ * ++ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it ++ * from @mem. If @mem is %NULL it returns %NULL. ++ * ++ * This replaces g_memdup(), which was prone to integer overflows when ++ * converting the argument from a #gsize to a #guint. ++ * ++ * This static inline version is a backport of the new public API from ++ * GLib 2.68, kept internal to GLib for backport to older stable releases. ++ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319. ++ * ++ * Returns: (nullable): a pointer to the newly-allocated copy of the memory, ++ * or %NULL if @mem is %NULL. ++ * Since: 2.68 ++ */ ++static inline gpointer ++g_memdup2 (gconstpointer mem, ++ gsize byte_size) ++{ ++ gpointer new_mem; ++ ++ if (mem && byte_size != 0) ++ { ++ new_mem = g_malloc (byte_size); ++ memcpy (new_mem, mem, byte_size); ++ } ++ else ++ new_mem = NULL; ++ ++ return new_mem; ++} +--- a/glib/meson.build ++++ b/glib/meson.build +@@ -268,6 +268,7 @@ glib_sources = files( + 'gslist.c', + 'gstdio.c', + 'gstrfuncs.c', ++ 'gstrfuncsprivate.h', + 'gstring.c', + 'gstringchunk.c', + 'gtestutils.c', +--- a/glib/tests/strfuncs.c ++++ b/glib/tests/strfuncs.c +@@ -32,6 +32,8 @@ + #include + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + #if defined (_MSC_VER) && (_MSC_VER <= 1800) + #define isnan(x) _isnan(x) + +@@ -219,6 +221,26 @@ test_memdup (void) + g_free (str_dup); + } + ++/* Testing g_memdup2() function with various positive and negative cases */ ++static void ++test_memdup2 (void) ++{ ++ gchar *str_dup = NULL; ++ const gchar *str = "The quick brown fox jumps over the lazy dog"; ++ ++ /* Testing negative cases */ ++ g_assert_null (g_memdup2 (NULL, 1024)); ++ g_assert_null (g_memdup2 (str, 0)); ++ g_assert_null (g_memdup2 (NULL, 0)); ++ ++ /* Testing normal usage cases */ ++ str_dup = g_memdup2 (str, strlen (str) + 1); ++ g_assert_nonnull (str_dup); ++ g_assert_cmpstr (str, ==, str_dup); ++ ++ g_free (str_dup); ++} ++ + /* Testing g_strpcpy() function with various positive and negative cases */ + static void + test_stpcpy (void) +@@ -2523,6 +2545,7 @@ main (int argc, + g_test_add_func ("/strfuncs/has-prefix", test_has_prefix); + g_test_add_func ("/strfuncs/has-suffix", test_has_suffix); + g_test_add_func ("/strfuncs/memdup", test_memdup); ++ g_test_add_func ("/strfuncs/memdup2", test_memdup2); + g_test_add_func ("/strfuncs/stpcpy", test_stpcpy); + g_test_add_func ("/strfuncs/str_match_string", test_str_match_string); + g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch new file mode 100644 index 0000000000..20137ea5f3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch @@ -0,0 +1,249 @@ +From be8834340a2d928ece82025463ae23dee2c333d0 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:37:56 +0000 +Subject: [PATCH 02/11] gio: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gdbusconnection.c | 5 +++-- + gio/gdbusinterfaceskeleton.c | 3 ++- + gio/gfile.c | 7 ++++--- + gio/gsettingsschema.c | 5 +++-- + gio/gwin32registrykey.c | 8 +++++--- + gio/tests/async-close-output-stream.c | 6 ++++-- + gio/tests/gdbus-export.c | 5 +++-- + gio/win32/gwinhttpfile.c | 9 +++++---- + 8 files changed, 29 insertions(+), 19 deletions(-) + +--- a/gio/gdbusconnection.c ++++ b/gio/gdbusconnection.c +@@ -110,6 +110,7 @@ + #include "gasyncinitable.h" + #include "giostream.h" + #include "gasyncresult.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gmarshal-internal.h" + +@@ -4007,7 +4008,7 @@ _g_dbus_interface_vtable_copy (const GDB + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusInterfaceVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +@@ -4024,7 +4025,7 @@ _g_dbus_subtree_vtable_copy (const GDBus + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusSubtreeVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +--- a/gio/gdbusinterfaceskeleton.c ++++ b/gio/gdbusinterfaceskeleton.c +@@ -28,6 +28,7 @@ + #include "gdbusmethodinvocation.h" + #include "gdbusconnection.h" + #include "gmarshal-internal.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gioerror.h" + +@@ -701,7 +702,7 @@ add_connection_locked (GDBusInterfaceSke + * properly before building the hooked_vtable, so we create it + * once at the last minute. + */ +- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); ++ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); + interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call; + } + +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -60,6 +60,7 @@ + #include "gasyncresult.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + + /** +@@ -7854,7 +7855,7 @@ measure_disk_usage_progress (gboolean re + g_main_context_invoke_full (g_task_get_context (task), + g_task_get_priority (task), + measure_disk_usage_invoke_progress, +- g_memdup (&progress, sizeof progress), ++ g_memdup2 (&progress, sizeof progress), + g_free); + } + +@@ -7872,7 +7873,7 @@ measure_disk_usage_thread (GTask + data->progress_callback ? measure_disk_usage_progress : NULL, task, + &result.disk_usage, &result.num_dirs, &result.num_files, + &error)) +- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free); ++ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free); + else + g_task_return_error (task, error); + } +@@ -7896,7 +7897,7 @@ g_file_real_measure_disk_usage_async (GF + + task = g_task_new (file, cancellable, callback, user_data); + g_task_set_source_tag (task, g_file_real_measure_disk_usage_async); +- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free); ++ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free); + g_task_set_priority (task, io_priority); + + g_task_run_in_thread (task, measure_disk_usage_thread); +--- a/gio/gsettingsschema.c ++++ b/gio/gsettingsschema.c +@@ -20,6 +20,7 @@ + + #include "gsettingsschema-internal.h" + #include "gsettings.h" ++#include "gstrfuncsprivate.h" + + #include "gvdb/gvdb-reader.h" + #include "strinfo.c" +@@ -1067,9 +1068,9 @@ g_settings_schema_list_children (GSettin + + if (g_str_has_suffix (key, "/")) + { +- gint length = strlen (key); ++ gsize length = strlen (key); + +- strv[j] = g_memdup (key, length); ++ strv[j] = g_memdup2 (key, length); + strv[j][length - 1] = '\0'; + j++; + } +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -28,6 +28,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + #ifndef _WDMDDK_ + typedef enum _KEY_INFORMATION_CLASS { + KeyBasicInformation, +@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const + new_iter->value_name_size = iter->value_name_size; + + if (iter->value_data != NULL) +- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size); ++ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size); + + new_iter->value_data_size = iter->value_data_size; + +@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const + new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize; + + if (iter->value_data_expanded_u8 != NULL) +- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8, +- iter->value_data_expanded_charsize); ++ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8, ++ iter->value_data_expanded_charsize); + + new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize; + +--- a/gio/tests/async-close-output-stream.c ++++ b/gio/tests/async-close-output-stream.c +@@ -24,6 +24,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + #define DATA_TO_WRITE "Hello world\n" + + typedef struct +@@ -147,9 +149,9 @@ prepare_data (SetupData *data, + + data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream)); + +- g_assert_cmpint (data->expected_size, >, 0); ++ g_assert_cmpuint (data->expected_size, >, 0); + +- data->expected_output = g_memdup (written, (guint)data->expected_size); ++ data->expected_output = g_memdup2 (written, data->expected_size); + + /* then recreate the streams and prepare them for the asynchronous close */ + destroy_streams (data); +--- a/gio/tests/gdbus-export.c ++++ b/gio/tests/gdbus-export.c +@@ -23,6 +23,7 @@ + #include + + #include "gdbus-tests.h" ++#include "gstrfuncsprivate.h" + + /* all tests rely on a shared mainloop */ + static GMainLoop *loop = NULL; +@@ -671,7 +672,7 @@ subtree_introspect (GDBusConnection + g_assert_not_reached (); + } + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +@@ -727,7 +728,7 @@ dynamic_subtree_introspect (GDBusConnect + { + const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL }; + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -29,6 +29,7 @@ + #include "gio/gfile.h" + #include "gio/gfileattribute.h" + #include "gio/gfileinfo.h" ++#include "gstrfuncsprivate.h" + #include "gwinhttpfile.h" + #include "gwinhttpfileinputstream.h" + #include "gwinhttpfileoutputstream.h" +@@ -393,10 +394,10 @@ + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch new file mode 100644 index 0000000000..eceff161a6 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch @@ -0,0 +1,131 @@ +From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:39:25 +0000 +Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in + obvious places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gobject/gsignal.c | 3 ++- + gobject/gtype.c | 9 +++++---- + gobject/gtypemodule.c | 3 ++- + gobject/tests/param.c | 4 +++- + 4 files changed, 12 insertions(+), 7 deletions(-) + +--- a/gobject/gsignal.c ++++ b/gobject/gsignal.c +@@ -28,6 +28,7 @@ + #include + + #include "gsignal.h" ++#include "gstrfuncsprivate.h" + #include "gtype-private.h" + #include "gbsearcharray.h" + #include "gvaluecollector.h" +@@ -1809,7 +1810,7 @@ g_signal_newv (const gchar *signal + node->single_va_closure_is_valid = FALSE; + node->flags = signal_flags & G_SIGNAL_FLAGS_MASK; + node->n_params = n_params; +- node->param_types = g_memdup (param_types, sizeof (GType) * n_params); ++ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params); + node->return_type = return_type; + node->class_closure_bsa = NULL; + if (accumulator) +--- a/gobject/gtype.c ++++ b/gobject/gtype.c +@@ -33,6 +33,7 @@ + + #include "glib-private.h" + #include "gconstructor.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + #include +@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode + iholder->next = iface_node_get_holders_L (iface); + iface_node_set_holders_W (iface, iholder); + iholder->instance_type = NODE_TYPE (node); +- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL; ++ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL; + iholder->plugin = plugin; + + /* create an iface entry for this type */ +@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (Type + INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface)); + + check_interface_info_I (iface, instance_type, &tmp_info); +- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info)); ++ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info)); + } + + return iholder; /* we don't modify write lock upon returning NULL */ +@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode + IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface); + + if (pentry) +- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size); + } + if (!vtable) +- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); + entry->vtable = vtable; + vtable->g_type = NODE_TYPE (iface); + vtable->g_instance_type = NODE_TYPE (node); +--- a/gobject/gtypemodule.c ++++ b/gobject/gtypemodule.c +@@ -19,6 +19,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + #include "gtypeplugin.h" + #include "gtypemodule.h" + +@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule + module_type_info->loaded = TRUE; + module_type_info->info = *type_info; + if (type_info->value_table) +- module_type_info->info.value_table = g_memdup (type_info->value_table, ++ module_type_info->info.value_table = g_memdup2 (type_info->value_table, + sizeof (GTypeValueTable)); + + return module_type_info->type; +--- a/gobject/tests/param.c ++++ b/gobject/tests/param.c +@@ -2,6 +2,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + static void + test_param_value (void) + { +@@ -874,7 +876,7 @@ main (int argc, char *argv[]) + test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d", + data.change_this_flag, data.change_this_type, + data.use_this_flag, data.use_this_type); +- test_data = g_memdup (&data, sizeof (TestParamImplementData)); ++ test_data = g_memdup2 (&data, sizeof (TestParamImplementData)); + g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free); + g_free (test_path); + } diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch new file mode 100644 index 0000000000..6a3ac6b552 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch @@ -0,0 +1,298 @@ +Backport of: + +From 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:41:21 +0000 +Subject: [PATCH 04/11] glib: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()` or an existing `gsize` +variable), so that they use `g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it + +In particular, this fixes an overflow within `g_bytes_new()`, identified +as GHSL-2021-045 by GHSL team member Kevin Backhouse. + +Signed-off-by: Philip Withnall +Fixes: GHSL-2021-045 +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + glib/gbytes.c | 6 ++++-- + glib/gdir.c | 3 ++- + glib/ghash.c | 7 ++++--- + glib/giochannel.c | 5 +++-- + glib/gslice.c | 3 ++- + glib/gtestutils.c | 3 ++- + glib/gvariant.c | 7 ++++--- + glib/gvarianttype.c | 3 ++- + glib/tests/array-test.c | 4 +++- + glib/tests/option-context.c | 6 ++++-- + glib/tests/uri.c | 8 +++++--- + 11 files changed, 35 insertions(+), 20 deletions(-) + +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -34,6 +34,8 @@ + + #include + ++#include "gstrfuncsprivate.h" ++ + /** + * GBytes: + * +@@ -95,7 +97,7 @@ g_bytes_new (gconstpointer data, + { + g_return_val_if_fail (data != NULL || size == 0, NULL); + +- return g_bytes_new_take (g_memdup (data, size), size); ++ return g_bytes_new_take (g_memdup2 (data, size), size); + } + + /** +@@ -499,7 +501,7 @@ g_bytes_unref_to_data (GBytes *bytes, + * Copy: Non g_malloc (or compatible) allocator, or static memory, + * so we have to copy, and then unref. + */ +- result = g_memdup (bytes->data, bytes->size); ++ result = g_memdup2 (bytes->data, bytes->size); + *size = bytes->size; + g_bytes_unref (bytes); + } +--- a/glib/gdir.c ++++ b/glib/gdir.c +@@ -37,6 +37,7 @@ + #include "gconvert.h" + #include "gfileutils.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -112,7 +113,7 @@ g_dir_open_with_errno (const gchar *path + return NULL; + #endif + +- return g_memdup (&dir, sizeof dir); ++ return g_memdup2 (&dir, sizeof dir); + } + + /** +--- a/glib/ghash.c ++++ b/glib/ghash.c +@@ -34,6 +34,7 @@ + #include "gmacros.h" + #include "glib-private.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gatomic.h" + #include "gtestutils.h" + #include "gslice.h" +@@ -962,7 +963,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + if (hash_table->have_big_keys) + { + if (key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + /* Keys and values are both big now, so no need for further checks */ + return; + } +@@ -970,7 +971,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + { + if (key != value) + { +- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size); + is_a_set = FALSE; + } + } +@@ -998,7 +999,7 @@ g_hash_table_ensure_keyval_fits (GHashTa + + /* Just split if necessary */ + if (is_a_set && key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + + #endif + } +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -35,7 +35,7 @@ + #include + + #include "giochannel.h" +- ++#include "gstrfuncsprivate.h" + #include "gstrfuncs.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -1673,10 +1674,10 @@ g_io_channel_read_line (GIOChannel *cha + + /* Copy the read bytes (including any embedded nuls) and nul-terminate. + * `USE_BUF (channel)->str` is guaranteed to be nul-terminated as it’s a +- * #GString, so it’s safe to call g_memdup() with +1 length to allocate ++ * #GString, so it’s safe to call g_memdup2() with +1 length to allocate + * a nul-terminator. */ + g_assert (USE_BUF (channel)); +- line = g_memdup (USE_BUF (channel)->str, got_length + 1); ++ line = g_memdup2 (USE_BUF (channel)->str, got_length + 1); + line[got_length] = '\0'; + *str_return = g_steal_pointer (&line); + g_string_erase (USE_BUF (channel), 0, got_length); +--- a/glib/gslice.c ++++ b/glib/gslice.c +@@ -41,6 +41,7 @@ + #include "gmain.h" + #include "gmem.h" /* gslice.h */ + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gutils.h" + #include "gtrashstack.h" + #include "gtestutils.h" +@@ -350,7 +351,7 @@ g_slice_get_config_state (GSliceConfig c + array[i++] = allocator->contention_counters[address]; + array[i++] = allocator_get_magazine_threshold (allocator, address); + *n_values = i; +- return g_memdup (array, sizeof (array[0]) * *n_values); ++ return g_memdup2 (array, sizeof (array[0]) * *n_values); + default: + return NULL; + } +--- a/glib/gtestutils.c ++++ b/glib/gtestutils.c +@@ -49,6 +49,7 @@ + #include "gpattern.h" + #include "grand.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtimer.h" + #include "gslice.h" + #include "gspawn.h" +@@ -3803,7 +3804,7 @@ g_test_log_extract (GTestLogBuffer *tbuf + if (p <= tbuffer->data->str + mlength) + { + g_string_erase (tbuffer->data, 0, mlength); +- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg))); ++ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg))); + return TRUE; + } + +--- a/glib/gvariant.c ++++ b/glib/gvariant.c +@@ -33,6 +33,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvariant +@@ -725,7 +726,7 @@ g_variant_new_variant (GVariant *value) + g_variant_ref_sink (value); + + return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT, +- g_memdup (&value, sizeof value), ++ g_memdup2 (&value, sizeof value), + 1, g_variant_is_trusted (value)); + } + +@@ -1229,7 +1230,7 @@ g_variant_new_fixed_array (const GVarian + return NULL; + } + +- data = g_memdup (elements, n_elements * element_size); ++ data = g_memdup2 (elements, n_elements * element_size); + value = g_variant_new_from_data (array_type, data, + n_elements * element_size, + FALSE, g_free, data); +@@ -1908,7 +1909,7 @@ g_variant_dup_bytestring (GVariant *valu + if (length) + *length = size; + +- return g_memdup (original, size + 1); ++ return g_memdup2 (original, size + 1); + } + + /** +--- a/glib/gvarianttype.c ++++ b/glib/gvarianttype.c +@@ -28,6 +28,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvarianttype +@@ -1181,7 +1182,7 @@ g_variant_type_new_tuple (const GVariant + g_assert (offset < sizeof buffer); + buffer[offset++] = ')'; + +- return (GVariantType *) g_memdup (buffer, offset); ++ return (GVariantType *) g_memdup2 (buffer, offset); + } + + /** +--- a/glib/tests/array-test.c ++++ b/glib/tests/array-test.c +@@ -29,6 +29,8 @@ + #include + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + /* Test data to be passed to any function which calls g_array_new(), providing + * the parameters for that call. Most #GArray tests should be repeated for all + * possible values of #ArrayTestData. */ +@@ -1917,7 +1919,7 @@ byte_array_new_take (void) + GByteArray *gbarray; + guint8 *data; + +- data = g_memdup ("woooweeewow", 11); ++ data = g_memdup2 ("woooweeewow", 11); + gbarray = g_byte_array_new_take (data, 11); + g_assert (gbarray->data == data); + g_assert_cmpuint (gbarray->len, ==, 11); +--- a/glib/tests/option-context.c ++++ b/glib/tests/option-context.c +@@ -27,6 +27,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + static GOptionEntry main_entries[] = { + { "main-switch", 0, 0, + G_OPTION_ARG_NONE, NULL, +@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv) + static char ** + copy_stringv (char **argv, int argc) + { +- return g_memdup (argv, sizeof (char *) * (argc + 1)); ++ return g_memdup2 (argv, sizeof (char *) * (argc + 1)); + } + + static void +@@ -2323,7 +2325,7 @@ test_group_parse (void) + g_option_context_add_group (context, group); + + argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc); +- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *)); ++ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *)); + + retval = g_option_context_parse (context, &argc, &argv, &error); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch new file mode 100644 index 0000000000..4f86522d00 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch @@ -0,0 +1,54 @@ +From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 16:12:24 +0000 +Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when + calculating a size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e. +32-bit unsigned integers. Adding to and multiplying them may cause them +to overflow the unsigned integer bounds, even if the result is passed to +`g_memdup2()` which accepts a `gsize`. + +Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the +arithmetic is done in terms of `gsize`s rather than unsigned integers. + +Spotted by Sebastian Dröge. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/win32/gwinhttpfile.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c +index 3f8fbd838..e0340e247 100644 +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -410,10 +410,10 @@ g_winhttp_file_resolve_relative_path (GFile *file, + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch new file mode 100644 index 0000000000..d8043f5e29 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch @@ -0,0 +1,101 @@ +From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:49:00 +0000 +Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as + gsize + +Previously it was handled as a `gssize`, which meant that if the +`stop_chars` string was longer than `G_MAXSSIZE` there would be an +overflow. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gdatainputstream.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c +index 2e7750cb5..2cdcbda19 100644 +--- a/gio/gdatainputstream.c ++++ b/gio/gdatainputstream.c +@@ -27,6 +27,7 @@ + #include "gioenumtypes.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + #include + +@@ -856,7 +857,7 @@ static gssize + scan_for_chars (GDataInputStream *stream, + gsize *checked_out, + const char *stop_chars, +- gssize stop_chars_len) ++ gsize stop_chars_len) + { + GBufferedInputStream *bstream; + const char *buffer; +@@ -952,7 +953,7 @@ typedef struct + gsize checked; + + gchar *stop_chars; +- gssize stop_chars_len; ++ gsize stop_chars_len; + gsize length; + } GDataInputStreamReadData; + +@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream, + { + GDataInputStreamReadData *data; + GTask *task; ++ gsize stop_chars_len_unsigned; + + data = g_slice_new0 (GDataInputStreamReadData); +- if (stop_chars_len == -1) +- stop_chars_len = strlen (stop_chars); +- data->stop_chars = g_memdup (stop_chars, stop_chars_len); +- data->stop_chars_len = stop_chars_len; ++ ++ if (stop_chars_len < 0) ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; ++ ++ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned); ++ data->stop_chars_len = stop_chars_len_unsigned; + data->last_saw_cr = FALSE; + + task = g_task_new (stream, cancellable, callback, user_data); +@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream, + gssize found_pos; + gssize res; + char *data_until; ++ gsize stop_chars_len_unsigned; + + g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL); + + if (stop_chars_len < 0) +- stop_chars_len = strlen (stop_chars); ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; + + bstream = G_BUFFERED_INPUT_STREAM (stream); + + checked = 0; + +- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1) ++ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1) + { + if (g_buffered_input_stream_get_available (bstream) == + g_buffered_input_stream_get_buffer_size (bstream)) +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch new file mode 100644 index 0000000000..f183939c45 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch @@ -0,0 +1,76 @@ +From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:50:37 +0000 +Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows it to handle strings up to length `G_MAXSIZE` — previously +it would overflow with such strings. + +Update the several copies of it identically. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++-------- + 2 files changed, 38 insertions(+), 16 deletions(-) + +diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c +index 548a94188..2eb67daf8 100644 +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -127,16 +127,34 @@ typedef enum + G_WIN32_REGISTRY_UPDATED_PATH = 1, + } GWin32RegistryKeyUpdateFlag; + ++static gsize ++g_utf16_len (const gunichar2 *str) ++{ ++ gsize result; ++ ++ for (result = 0; str[0] != 0; str++, result++) ++ ; ++ ++ return result; ++} ++ + static gunichar2 * +-g_wcsdup (const gunichar2 *str, +- gssize str_size) ++g_wcsdup (const gunichar2 *str, gssize str_len) + { +- if (str_size == -1) +- { +- str_size = wcslen (str) + 1; +- str_size *= sizeof (gunichar2); +- } +- return g_memdup (str, str_size); ++ gsize str_len_unsigned; ++ gsize str_size; ++ ++ g_return_val_if_fail (str != NULL, NULL); ++ ++ if (str_len < 0) ++ str_len_unsigned = g_utf16_len (str); ++ else ++ str_len_unsigned = (gsize) str_len; ++ ++ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); ++ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); ++ ++ return g_memdup2 (str, str_size); + } + + /** +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch new file mode 100644 index 0000000000..ffafc35c07 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch @@ -0,0 +1,101 @@ +From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:58:32 +0000 +Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when + converting paths + +Previously, the code in `convert_path()` could not handle keys longer +than `G_MAXINT`, and would overflow if that was exceeded. + +Convert the code to use `gsize` and `g_memdup2()` throughout, and +change from identifying the position of the final slash in the string +using a signed offset `i`, to using a pointer to the character (and +`strrchr()`). This allows the slash to be at any position in a +`G_MAXSIZE`-long string, without sacrificing a bit of the offset for +indicating whether a slash was found. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gkeyfilesettingsbackend.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index cd5765afd..25b057672 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -33,6 +33,7 @@ + #include "gfilemonitor.h" + #include "gsimplepermission.h" + #include "gsettingsbackendinternal.h" ++#include "gstrfuncsprivate.h" + #include "giomodule-priv.h" + #include "gportalsupport.h" + +@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb, + gchar **group, + gchar **basename) + { +- gint key_len = strlen (key); +- gint i; ++ gsize key_len = strlen (key); ++ const gchar *last_slash; + + if (key_len < kfsb->prefix_len || + memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0) +@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb, + key_len -= kfsb->prefix_len; + key += kfsb->prefix_len; + +- for (i = key_len; i >= 0; i--) +- if (key[i] == '/') +- break; ++ last_slash = strrchr (key, '/'); + + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given + * a path that ghosts that group name + */ +- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0) ++ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0) + return FALSE; + } + else + { + /* if no root_group was given, ensure that the user gave a path */ +- if (i == -1) ++ if (last_slash == NULL) + return FALSE; + } + + if (group) + { +- if (i >= 0) ++ if (last_slash != NULL) + { +- *group = g_memdup (key, i + 1); +- (*group)[i] = '\0'; ++ *group = g_memdup2 (key, (last_slash - key) + 1); ++ (*group)[(last_slash - key)] = '\0'; + } + else + *group = g_strdup (kfsb->root_group); + } + + if (basename) +- *basename = g_memdup (key + i + 1, key_len - i); ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); + + return TRUE; + } +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch new file mode 100644 index 0000000000..8efb7c720f --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch @@ -0,0 +1,100 @@ +From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:00:53 +0000 +Subject: [PATCH 09/11] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?= + =?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Don’t use an `int`, that’s potentially too small. In practical terms, +this is not a problem, since no socket address is going to be that big. + +By making these changes we can use `g_memdup2()` without warnings, +though. Fewer warnings is good. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gsocket.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +--- a/gio/gsocket.c ++++ b/gio/gsocket.c +@@ -75,6 +75,7 @@ + #include "gcredentialsprivate.h" + #include "glibintl.h" + #include "gioprivate.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */ +@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_ba + GError **error); + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); + + static gssize + g_socket_receive_message_with_timeout (GSocket *socket, +@@ -260,7 +261,7 @@ struct _GSocketPrivate + struct { + GSocketAddress *addr; + struct sockaddr *native; +- gint native_len; ++ gsize native_len; + guint64 last_used; + } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; + }; +@@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo + } + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) + { + GSocketAddress *saddr; + gint i; + guint64 oldest_time = G_MAXUINT64; + gint oldest_index = 0; + +- if (native_len <= 0) ++ if (native_len == 0) + return NULL; + + saddr = NULL; +@@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str + { + GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; + gpointer tmp_native = socket->priv->recv_addr_cache[i].native; +- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; ++ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; + + if (!tmp) + continue; +@@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str + g_free (socket->priv->recv_addr_cache[oldest_index].native); + } + +- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); ++ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); + socket->priv->recv_addr_cache[oldest_index].native_len = native_len; + socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); + socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); +@@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G + /* do it */ + while (1) + { ++ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ ++ G_STATIC_ASSERT (sizeof addr <= G_MAXINT); ++ + addrlen = sizeof addr; + if (address) + result = WSARecvFrom (socket->priv->fd, diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch new file mode 100644 index 0000000000..63fda0b600 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch @@ -0,0 +1,59 @@ +From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:07:39 +0000 +Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `g_tls_password_set_value_full()` (and the vfunc it +invokes) can only accept a `gssize` length. Ensure that nul-terminated +strings passed to `g_tls_password_set_value()` can’t exceed that length. +Use `g_memdup2()` to avoid an overflow if they’re longer than +`G_MAXUINT` similarly. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gtlspassword.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index 1e437a7b6..dbcec41a8 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -23,6 +23,7 @@ + #include "glibintl.h" + + #include "gioenumtypes.h" ++#include "gstrfuncsprivate.h" + #include "gtlspassword.h" + + #include +@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password, + g_return_if_fail (G_IS_TLS_PASSWORD (password)); + + if (length < 0) +- length = strlen ((gchar *)value); ++ { ++ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ ++ gsize length_unsigned = strlen ((gchar *) value); ++ g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ length = (gssize) length_unsigned; ++ } + +- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); ++ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); + } + + /** +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch new file mode 100644 index 0000000000..a620a49269 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch @@ -0,0 +1,63 @@ +From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:09:40 +0000 +Subject: [PATCH 11/11] giochannel: Forbid very long line terminator strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that +nul-terminated strings passed to `g_io_channel_set_line_term()` can’t +exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()` +is due to be deprecated), but not to avoid a bug, since it’s also +limited to `G_MAXUINT`. + +Signed-off-by: Philip Withnall +Helps: #2319 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + glib/giochannel.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index c6a89d6e0..4dec20f77 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -887,16 +887,25 @@ g_io_channel_set_line_term (GIOChannel *channel, + const gchar *line_term, + gint length) + { ++ guint length_unsigned; ++ + g_return_if_fail (channel != NULL); + g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ + + if (line_term == NULL) +- length = 0; +- else if (length < 0) +- length = strlen (line_term); ++ length_unsigned = 0; ++ else if (length >= 0) ++ length_unsigned = (guint) length; ++ else ++ { ++ /* FIXME: We’re constrained by line_term_len being a guint here */ ++ gsize length_size = strlen (line_term); ++ g_return_if_fail (length_size > G_MAXUINT); ++ length_unsigned = (guint) length_size; ++ } + + g_free (channel->line_term); +- channel->line_term = line_term ? g_memdup (line_term, length) : NULL; ++ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; + channel->line_term_len = length; + } + +-- +GitLab + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch new file mode 100644 index 0000000000..3047062f54 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch @@ -0,0 +1,36 @@ +From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" +Date: Sun, 7 Feb 2021 23:32:40 +0100 +Subject: [PATCH 1/5] giochannel: Fix length_size bounds check + +The inverted condition is an obvious error introduced by ecdf91400e9a. + +Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323 + +(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 4dec20f77..c3f3102ff 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -896,7 +896,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + { + /* FIXME: We’re constrained by line_term_len being a guint here */ + gsize length_size = strlen (line_term); +- g_return_if_fail (length_size > G_MAXUINT); ++ g_return_if_fail (length_size <= G_MAXUINT); + length_unsigned = (guint) length_size; + } + +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch new file mode 100644 index 0000000000..2ba26075df --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch @@ -0,0 +1,38 @@ +From e069c50467712e6d607822afd6b6c15c2c343dff Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:34:50 +0000 +Subject: [PATCH 2/5] giochannel: Don't store negative line_term_len in + GIOChannel struct + +Adding test coverage indicated that this was another bug in 0cc11f74. + +Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings" +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323 +Signed-off-by: Simon McVittie +(cherry picked from commit 5dc8b0014c03e7491d93b90275ab442e888a9628) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index c3f3102ff..19bb06ba6 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -902,7 +902,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + + g_free (channel->line_term); + channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; +- channel->line_term_len = length; ++ channel->line_term_len = length_unsigned; + } + + /** +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch new file mode 100644 index 0000000000..2c388b4bbb --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch @@ -0,0 +1,38 @@ +From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:04:48 +0000 +Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion + +The intention here was to assert that the length of the password fits +in a gssize. Passwords more than half the size of virtual memory are +probably excessive. + +Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords" +Signed-off-by: Simon McVittie +(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gtlspassword.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index dbcec41a8..bd86a6dfe 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword *password, + { + /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ + gsize length_unsigned = strlen ((gchar *) value); +- g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ g_return_if_fail (length_unsigned <= G_MAXSSIZE); + length = (gssize) length_unsigned; + } + +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch new file mode 100644 index 0000000000..356e986fe0 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch @@ -0,0 +1,100 @@ +From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:22:39 +0000 +Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to + set the password + +Signed-off-by: Simon McVittie +(cherry picked from commit df4501316ca3903072400504a5ea76498db19538) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c +index 4f0737d7e..5661e8e0d 100644 +--- a/gio/tests/tls-interaction.c ++++ b/gio/tests/tls-interaction.c +@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction, + } + + ++/* Return a copy of @str that is allocated in a silly way, to exercise ++ * custom free-functions. The returned pointer points to a copy of @str ++ * in a buffer of the form "BEFORE \0 str \0 AFTER". */ ++static guchar * ++special_dup (const char *str) ++{ ++ GString *buf = g_string_new ("BEFORE"); ++ guchar *ret; ++ ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, str); ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, "AFTER"); ++ ret = (guchar *) g_string_free (buf, FALSE); ++ return ret + strlen ("BEFORE") + 1; ++} ++ ++ ++/* Free a copy of @str that was made with special_dup(), after asserting ++ * that it has not been corrupted. */ ++static void ++special_free (gpointer p) ++{ ++ gchar *s = p; ++ gchar *buf = s - strlen ("BEFORE") - 1; ++ ++ g_assert_cmpstr (buf, ==, "BEFORE"); ++ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER"); ++ g_free (buf); ++} ++ ++ + static GTlsInteractionResult + test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GTlsPassword *password, +@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GError **error) + { + TestInteraction *self; ++ const guchar *value; ++ gsize len; + + g_assert (TEST_IS_INTERACTION (interaction)); + self = TEST_INTERACTION (interaction); +@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + g_assert (error != NULL); + g_assert (*error == NULL); + ++ /* Exercise different ways to set the value */ ++ g_tls_password_set_value (password, (const guchar *) "foo", 4); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "foo", 4); ++ ++ g_tls_password_set_value (password, (const guchar *) "bar", -1); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "bar", 3); ++ ++ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baa", 4); ++ ++ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baz", 3); ++ + /* Don't do this in real life. Include a null terminator for testing */ + g_tls_password_set_value (password, (const guchar *)"the password", 13); + return G_TLS_INTERACTION_HANDLED; +-- +GitLab + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch new file mode 100644 index 0000000000..dd43689aae --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch @@ -0,0 +1,49 @@ +From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:16:39 +0000 +Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group + is unset + +Fix an effective regression in commit +7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when +`convert_path()` is called with a `key` which contains no slashes. In +that case, the `key` is entirely the `basename`. + +Prior to commit 7781a9cb, the code worked through a fluke of `i == -1` +cancelling out with the various additions in the `g_memdup()` call, and +effectively resulting in `g_strdup (key)`. + +Spotted by Guido Berhoerster. + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gkeyfilesettingsbackend.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 25b057672..861c3a661 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb, + } + + if (basename) +- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ { ++ if (last_slash != NULL) ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ else ++ *basename = g_strdup (key); ++ } + + return TRUE; + } +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch new file mode 100644 index 0000000000..04503641c3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch @@ -0,0 +1,43 @@ +From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:19:30 +0000 +Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group + names + +These should never have been allowed; they will result in precondition +failures from the `GKeyFile` later on in the code. + +A test will be added for this shortly. + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + gio/gkeyfilesettingsbackend.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 861c3a661..de216e615 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, + + last_slash = strrchr (key, '/'); + ++ /* Disallow empty group names or key names */ ++ if (key_len == 0 || ++ (last_slash != NULL && ++ (*(last_slash + 1) == '\0' || ++ last_slash == key))) ++ return FALSE; ++ + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given +-- +GitLab + + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch new file mode 100644 index 0000000000..65f59287a8 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch @@ -0,0 +1,232 @@ +Backport of: + +From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:21:36 +0000 +Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile + backend + +This tests the two recent commits. + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod + +--- + gio/tests/gsettings.c | 170 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 169 insertions(+), 1 deletion(-) + +--- a/gio/tests/gsettings.c ++++ b/gio/tests/gsettings.c +@@ -1,3 +1,4 @@ ++#include + #include + #include + #include +@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con + (*b) = TRUE; + } + ++typedef struct ++{ ++ const gchar *path; ++ const gchar *root_group; ++ const gchar *keyfile_group; ++ const gchar *root_path; ++} KeyfileTestData; ++ + /* + * Test that using a keyfile works + */ +@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture, + g_free (str); + + g_settings_set (settings, "farewell", "s", "cheerio"); +- ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ + /* When executing as root, changing the mode of the keyfile will have + * no effect on the writability of the settings. + */ +@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture, + g_free (keyfile_path); + } + ++/* ++ * Test that using a keyfile works with a schema with no path set. ++ */ ++static void ++test_keyfile_no_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ const KeyfileTestData *test_data = user_data; ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ GKeyFile *keyfile; ++ gboolean writable; ++ gchar *key = NULL; ++ GError *error = NULL; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path); ++ g_object_unref (kf_backend); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_assert_true (g_settings_get_boolean (settings, "test-boolean")); ++ ++ writable = g_settings_is_writable (settings, "test-boolean"); ++ g_assert_true (writable); ++ g_settings_set (settings, "test-boolean", "b", FALSE); ++ ++ g_assert_false (g_settings_get_boolean (settings, "test-boolean")); ++ ++ g_settings_delay (settings); ++ g_settings_set (settings, "test-boolean", "b", TRUE); ++ g_settings_apply (settings); ++ ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL)); ++ ++ g_key_file_free (keyfile); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_settings_apply (settings); ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error)); ++ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND); ++ g_clear_error (&error); ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ ++ /* Keys which ghost the root group name are not allowed. This can only be ++ * tested when the path is `/` as otherwise it acts as a prefix and prevents ++ * any ghosting. */ ++ if (g_str_equal (test_data->path, "/")) ++ { ++ key = g_strdup_printf ("%s/%s", test_data->root_group, ""); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "/"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ } ++ ++ g_key_file_free (keyfile); ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. */ ++ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys outside its root path. ++ */ ++static void ++test_keyfile_outside_root_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root"); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys in the root if no root group is set. ++ */ ++static void ++test_keyfile_no_root_group (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ g_assert_true (g_settings_is_writable (settings, "child/test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ + /* Test that getting child schemas works + */ + static void +@@ -2844,6 +3000,14 @@ main (int argc, char *argv[]) + gchar *override_text; + gchar *enums; + gint result; ++ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" }; ++ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" }; ++ const KeyfileTestData keyfile_test_data_long_path = { ++ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/", ++ "root", ++ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch", ++ "/" ++ }; + + /* Meson build sets this */ + #ifdef TEST_LOCALE_PATH +@@ -2967,6 +3131,11 @@ main (int argc, char *argv[]) + } + + g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown); ++ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown); ++ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown); + g_test_add_func ("/gsettings/child-schema", test_child_schema); + g_test_add_func ("/gsettings/strinfo", test_strinfo); + g_test_add_func ("/gsettings/enums", test_enums); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch new file mode 100644 index 0000000000..c89ca20726 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch @@ -0,0 +1,27 @@ +From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 24 Feb 2021 17:33:38 +0000 +Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/glocalfileoutputstream.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -851,7 +851,7 @@ handle_overwrite_open (const char *fi + mode = mode_from_flags_or_info (flags, reference_info); + + /* We only need read access to the original file if we are creating a backup. +- * We also add O_CREATE to avoid a race if the file was just removed */ ++ * We also add O_CREAT to avoid a race if the file was just removed */ + if (create_backup || readable) + open_flags = O_RDWR | O_CREAT | O_BINARY; + else diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch new file mode 100644 index 0000000000..8a35bab4de --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch @@ -0,0 +1,42 @@ +From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 24 Feb 2021 17:34:32 +0000 +Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since a following commit is going to add a new test which references +Gitlab, so it’s best to move the URI bases inside the test cases. + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/tests/file.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -685,7 +685,7 @@ test_replace_cancel (void) + guint count; + GError *error = NULL; + +- g_test_bug ("629301"); ++ g_test_bug ("https://bugzilla.gnome.org/629301"); + + path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); + g_assert_no_error (error); +@@ -1784,8 +1784,6 @@ main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); + +- g_test_bug_base ("http://bugzilla.gnome.org/"); +- + g_test_add_func ("/file/basic", test_basic); + g_test_add_func ("/file/build-filename", test_build_filename); + g_test_add_func ("/file/parent", test_parent); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch new file mode 100644 index 0000000000..a82febd26e --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch @@ -0,0 +1,57 @@ +Backport of: + +From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Mar 2021 16:05:55 +0000 +Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check + +This clarifies the code a little. It introduces no functional changes. + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/glocalfileoutputstream.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -847,6 +847,7 @@ handle_overwrite_open (const char *fi + int res; + int mode; + int errsv; ++ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); + + mode = mode_from_flags_or_info (flags, reference_info); + +@@ -954,7 +955,7 @@ handle_overwrite_open (const char *fi + * to a backup file and rewrite the contents of the file. + */ + +- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || ++ if (replace_destination_set || + (!(original_stat.st_nlink > 1) && !is_symlink)) + { + char *dirname, *tmp_filename; +@@ -973,7 +974,7 @@ handle_overwrite_open (const char *fi + + /* try to keep permissions (unless replacing) */ + +- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && ++ if (!replace_destination_set && + ( + #ifdef HAVE_FCHOWN + fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 || +@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *fi + } + } + +- if (flags & G_FILE_CREATE_REPLACE_DESTINATION) ++ if (replace_destination_set) + { + g_close (fd, NULL); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch new file mode 100644 index 0000000000..5b106e8474 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch @@ -0,0 +1,265 @@ +Backport of: + +From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 24 Feb 2021 17:36:07 +0000 +Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION + with symlinks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking +the destination file and re-creating it from scratch. That did +previously work, but in the process the code would call `open(O_CREAT)` +on the file. If the file was a dangling symlink, this would create the +destination file (empty). That’s not an intended side-effect, and has +security implications if the symlink is controlled by a lower-privileged +process. + +Fix that by not opening the destination file if it’s a symlink, and +adjusting the rest of the code to cope with + - the fact that `fd == -1` is not an error iff `is_symlink` is true, + - and that `original_stat` will contain the `lstat()` results for the + symlink now, rather than the `stat()` results for its target (again, + iff `is_symlink` is true). + +This means that the target of the dangling symlink is no longer created, +which was the bug. The symlink itself continues to be replaced (as +before) with the new file — this is the intended behaviour of +`g_file_replace()`. + +The behaviour for non-symlink cases, or cases where the symlink was not +dangling, should be unchanged. + +Includes a unit test. + +Signed-off-by: Philip Withnall + +Fixes: #2325 + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/glocalfileoutputstream.c | 77 ++++++++++++++++++------- + gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ + 2 files changed, 163 insertions(+), 22 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -875,16 +875,22 @@ handle_overwrite_open (const char *fi + /* Could be a symlink, or it could be a regular ELOOP error, + * but then the next open will fail too. */ + is_symlink = TRUE; +- fd = g_open (filename, open_flags, mode); ++ if (!replace_destination_set) ++ fd = g_open (filename, open_flags, mode); + } +-#else +- fd = g_open (filename, open_flags, mode); +- errsv = errno; ++#else /* if !O_NOFOLLOW */ + /* This is racy, but we do it as soon as possible to minimize the race */ + is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); ++ ++ if (!is_symlink || !replace_destination_set) ++ { ++ fd = g_open (filename, open_flags, mode); ++ errsv = errno; ++ } + #endif + +- if (fd == -1) ++ if (fd == -1 && ++ (!is_symlink || !replace_destination_set)) + { + char *display_name = g_filename_display_name (filename); + g_set_error (error, G_IO_ERROR, +@@ -898,7 +904,14 @@ handle_overwrite_open (const char *fi + #ifdef G_OS_WIN32 + res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); + #else +- res = fstat (fd, &original_stat); ++ if (!is_symlink) ++ { ++ res = fstat (fd, &original_stat); ++ } ++ else ++ { ++ res = lstat (filename, &original_stat); ++ } + #endif + errsv = errno; + +@@ -917,16 +930,27 @@ handle_overwrite_open (const char *fi + if (!S_ISREG (original_stat.st_mode)) + { + if (S_ISDIR (original_stat.st_mode)) +- g_set_error_literal (error, +- G_IO_ERROR, +- G_IO_ERROR_IS_DIRECTORY, +- _("Target file is a directory")); +- else +- g_set_error_literal (error, ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_IS_DIRECTORY, ++ _("Target file is a directory")); ++ goto err_out; ++ } ++ else if (!is_symlink || ++#ifdef S_ISLNK ++ !S_ISLNK (original_stat.st_mode) ++#else ++ FALSE ++#endif ++ ) ++ { ++ g_set_error_literal (error, + G_IO_ERROR, + G_IO_ERROR_NOT_REGULAR_FILE, + _("Target file is not a regular file")); +- goto err_out; ++ goto err_out; ++ } + } + + if (etag != NULL) +@@ -1007,7 +1031,8 @@ handle_overwrite_open (const char *fi + } + } + +- g_close (fd, NULL); ++ if (fd >= 0) ++ g_close (fd, NULL); + *temp_filename = tmp_filename; + return tmpfd; + } +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -804,6 +804,113 @@ test_replace_cancel (void) + g_object_unref (tmpdir); + } + ++static void ++test_replace_symlink (void) ++{ ++#ifdef G_OS_UNIX ++ gchar *tmpdir_path = NULL; ++ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; ++ GFileOutputStream *stream = NULL; ++ const gchar *new_contents = "this is a test message which should be written to source and not target"; ++ gsize n_written; ++ GFileEnumerator *enumerator = NULL; ++ GFileInfo *info = NULL; ++ gchar *contents = NULL; ++ gsize length = 0; ++ GError *local_error = NULL; ++ ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); ++ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); ++ ++ /* Create a fresh, empty working directory. */ ++ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); ++ g_assert_no_error (local_error); ++ tmpdir = g_file_new_for_path (tmpdir_path); ++ ++ g_test_message ("Using temporary directory %s", tmpdir_path); ++ g_free (tmpdir_path); ++ ++ /* Create symlink `source` which points to `target`. */ ++ source_file = g_file_get_child (tmpdir, "source"); ++ target_file = g_file_get_child (tmpdir, "target"); ++ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ /* Ensure that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Replace the `source` symlink with a regular file using ++ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* ++ * following the symlink */ ++ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, ++ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), ++ &n_written, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpint (n_written, ==, strlen (new_contents)); ++ ++ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&stream); ++ ++ /* At this point, there should still only be one file: `source`. It should ++ * now be a regular file. `target` should not exist. */ ++ enumerator = g_file_enumerate_children (tmpdir, ++ G_FILE_ATTRIBUTE_STANDARD_NAME "," ++ G_FILE_ATTRIBUTE_STANDARD_TYPE, ++ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (info); ++ ++ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); ++ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); ++ ++ g_clear_object (&info); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_null (info); ++ ++ g_file_enumerator_close (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_clear_object (&enumerator); ++ ++ /* Double-check that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Check the content of `source`. */ ++ g_file_load_contents (source_file, ++ NULL, ++ &contents, ++ &length, ++ NULL, ++ &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpstr (contents, ==, new_contents); ++ g_assert_cmpuint (length, ==, strlen (new_contents)); ++ g_free (contents); ++ ++ /* Tidy up. */ ++ g_file_delete (source_file, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_file_delete (tmpdir, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&target_file); ++ g_clear_object (&source_file); ++ g_clear_object (&tmpdir); ++#else /* if !G_OS_UNIX */ ++ g_test_skip ("Symlink replacement tests can only be run on Unix") ++#endif ++} ++ + static void + on_file_deleted (GObject *object, + GAsyncResult *result, +@@ -1752,6 +1859,7 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); + g_test_add_func ("/file/replace-load", test_replace_load); + g_test_add_func ("/file/replace-cancel", test_replace_cancel); ++ g_test_add_func ("/file/replace-symlink", test_replace_symlink); + g_test_add_func ("/file/async-delete", test_async_delete); + #ifdef G_OS_UNIX + g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch new file mode 100644 index 0000000000..2334147f7d --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch @@ -0,0 +1,55 @@ +From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 24 Feb 2021 17:42:24 +0000 +Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to + replace() + +Signed-off-by: Philip Withnall + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-28153 +Signed-off-by: Neetika Singh +Signed-off-by: Ranjitsinh Rathod + +--- + gio/glocalfileoutputstream.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -58,6 +58,12 @@ + #define O_BINARY 0 + #endif + ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#else ++#define HAVE_O_CLOEXEC 1 ++#endif ++ + struct _GLocalFileOutputStreamPrivate { + char *tmp_filename; + char *original_filename; +@@ -1223,7 +1229,7 @@ _g_local_file_output_stream_replace (con + sync_on_close = FALSE; + + /* If the file doesn't exist, create it */ +- open_flags = O_CREAT | O_EXCL | O_BINARY; ++ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; + if (readable) + open_flags |= O_RDWR; + else +@@ -1253,8 +1259,11 @@ _g_local_file_output_stream_replace (con + set_error_from_open_errno (filename, error); + return NULL; + } +- +- ++#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) ++ else ++ fcntl (fd, F_SETFD, FD_CLOEXEC); ++#endif ++ + stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); + stream->priv->fd = fd; + stream->priv->sync_on_close = sync_on_close; diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb index 1a006b9f38..c2145bc6c2 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb @@ -18,6 +18,30 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://tzdata-update.patch \ file://CVE-2020-35457.patch \ + file://CVE-2021-27218.patch \ + file://CVE-2021-27219-01.patch \ + file://CVE-2021-27219-02.patch \ + file://CVE-2021-27219-03.patch \ + file://CVE-2021-27219-04.patch \ + file://CVE-2021-27219-05.patch \ + file://CVE-2021-27219-06.patch \ + file://CVE-2021-27219-07.patch \ + file://CVE-2021-27219-08.patch \ + file://CVE-2021-27219-09.patch \ + file://CVE-2021-27219-10.patch \ + file://CVE-2021-27219-11.patch \ + file://CVE-2021-27219-reg1-1.patch \ + file://CVE-2021-27219-reg1-2.patch \ + file://CVE-2021-27219-reg1-4.patch \ + file://CVE-2021-27219-reg1-5.patch \ + file://CVE-2021-27219-reg2-1.patch \ + file://CVE-2021-27219-reg2-2.patch \ + file://CVE-2021-27219-reg2-3.patch \ + file://CVE-2021-28153-1.patch \ + file://CVE-2021-28153-2.patch \ + file://CVE-2021-28153-3.patch \ + file://CVE-2021-28153-4.patch \ + file://CVE-2021-28153-5.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" From patchwork Fri Dec 3 18:18:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D18B1C433EF for ; Fri, 3 Dec 2021 18:21:32 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.15178.1638555692047496662 for ; Fri, 03 Dec 2021 10:21:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=R78ELOjj; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id v19so2669261plo.7 for ; Fri, 03 Dec 2021 10:21:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sfJy54YJofoYbeotJqViD3hnYvuTAcRDGu9MHiY+FEE=; b=R78ELOjjCBT0MoX8OtaYzh+NXVKiPt/9pOIHuhqAjG0HXsvbdyKScU4nnJR/7yZDdl ICeks2LlxnmAIBtpUOMoOAbT8RHrU4GDbw4zX2yiygR9xurm25BwfiaHNxI9VDV5Apcj KsEq4T5xQ3PRPtuJt42mkJ2RS6hk4rgjHuzwHiChHtSZXdQt/3k2HaGRdNDjPhQLGN5S FfKATnScgyAiHqUHx6HrddJs46dVhCXwyF0o1M69TGF7zsycdI4qXB/yfXa3ETa2IAyY qjxlgFk7pghzoOFUd7EJPvi/6KcHLwCKfGurbMU6vcwd/0FK1/1dxS5Q4jDugUbfq2tr 8JLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sfJy54YJofoYbeotJqViD3hnYvuTAcRDGu9MHiY+FEE=; b=uhXGgydyotWSp8lSo1AARuhn8jfQQP8ErqabA/z7KFwvNWkhXABJGZsIOVYZTCdvZX Hyr/Lo6yEfYNoJU5h0K/TdunB2mqK1RMHgKCqOVyxGnEAwWiAe8OvRgU+I5vGGN3WmIP VmybWcda3G0CjbEuxMIppO+EgYBoDzGXX6fvcuCC7yi7OtH6iXEaLI2Kmw6+wZbwCguV NGQ93lboTAnbWGiYBaWAPc3pVyQtQi0iAmBBMf/6k8+Rnry7dTaGjPISur/o9AuTVt2/ PjDnQ2YVFPjlQ4F4qUjU+a4n6iqLXbMt0t8U3h9Aks3d3op120xsq1i5zwi3j01uIexd /wqg== X-Gm-Message-State: AOAM533wBTCjmyZ9EmBfJWhIXYLRWQPZnugdLSYEt7TG9AH7jeeT1cKE WoPGIBIhaLb6gVbX2pdHux+FS54L2RWe6cky23Y= X-Google-Smtp-Source: ABdhPJwWYBVamBHocot4Z1DeeQIIavdjQzWK1ClQ6uGfJuKq2jfQlcfMMEClTGAyy3AqfDZw8Zh7uQ== X-Received: by 2002:a17:902:8346:b0:142:9e66:2f54 with SMTP id z6-20020a170902834600b001429e662f54mr24246940pln.27.1638555691051; Fri, 03 Dec 2021 10:21:31 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/18] busybox: Fix for CVE-2021-42374 Date: Fri, 3 Dec 2021 08:18:50 -1000 Message-Id: <4faf92eef73c7f1a1940f99e245026a483187910.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159129 From: Pavel Zhukov An out-of-bounds heap read in unlzma leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression. Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42374 Signed-off-by: Pavel Zhukov Signed-off-by: Steve Sakoman --- .../busybox/busybox/CVE-2021-42374.patch | 53 +++++++++++++++++++ meta/recipes-core/busybox/busybox_1.31.1.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42374.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch new file mode 100644 index 0000000000..aef8a3db85 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42374.patch @@ -0,0 +1,53 @@ +From 04f052c56ded5ab6a904e3a264a73dc0412b2e78 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Tue, 15 Jun 2021 15:07:57 +0200 +Subject: [PATCH] unlzma: fix a case where we could read before beginning of + buffer +Cc: pavel@zhukoff.net + +Testcase: + + 21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6 + 00 17 02 10 11 0f ff 00 16 00 00 + +Unfortunately, the bug is not reliably causing a segfault, +the behavior depends on what's in memory before the buffer. + +function old new delta +unpack_lzma_stream 2762 2768 +6 + +Signed-off-by: Denys Vlasenko + +Signed-off-by: Pavel Zhukov + +CVE: CVE-2021-42374 +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?h=1_33_stable&id=d326be2850ea2bd78fe2c22d6c45c3b861d82937] +Comment: testdata dropped because of binary format + +--- + archival/libarchive/decompress_unlzma.c | 5 ++++- + testsuite/unlzma.tests | 17 +++++++++++++---- + testsuite/unlzma_issue_3.lzma | Bin 0 -> 27 bytes + 3 files changed, 17 insertions(+), 5 deletions(-) + create mode 100644 testsuite/unlzma_issue_3.lzma + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index 0744f231a1d64d92676b0cada2342f88f3b39b31..fb5aac8fe9ea0c53e0c2d7a7cbd05a753e39bc9d 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate) + uint32_t pos; + + pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ if ((int32_t)pos < 0) ++ goto bad; ++ } + match_byte = buffer[pos]; + do { + int bit; +-- +2.34.0 + diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb index d9d5f4f96b..55c00eb483 100644 --- a/meta/recipes-core/busybox/busybox_1.31.1.bb +++ b/meta/recipes-core/busybox/busybox_1.31.1.bb @@ -52,6 +52,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-hwclock-make-glibc-2.31-compatible.patch \ file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ file://0001-mktemp-add-tmpdir-option.patch \ + file://CVE-2021-42374.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " From patchwork Fri Dec 3 18:18:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 609 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E58CFC433F5 for ; Fri, 3 Dec 2021 18:21:34 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.15345.1638555694093014505 for ; Fri, 03 Dec 2021 10:21:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=r2GucODK; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id n26so3667740pff.3 for ; Fri, 03 Dec 2021 10:21:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7Y5MFRm2HuLO9rEpW05ADO3gCtjuokcn31XGIFgx82c=; b=r2GucODKAsWUkh6JWC36q/tUX8grF/75peDxKbPfaECvu5D8JFH+aMieeWwOCaHO2j RGv5lgMyETajTRAITzHlkCb+CQsZk9sgBztMGHm5VfczzQpStWJOzvP8srCbhz5QWVDb Ql09LaM4w/DFNJOH/E1PZqIGkUi091QaDKFXlgAh1wZvccFB/bq877VUv00xMdxiZrNL K9BoGUQ7q+sIXv6Sl9TxEUEGRVYtjJoYvEmW2qAol3a3lfre+n45CRBbvIjnmJs9pwrQ dtfZz6L6VNGZ9n7+t5PIrTTc0QWaQmXsI2ZgYP11MffQuo6akCVw7OxbjaoOOrw530LR hzXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7Y5MFRm2HuLO9rEpW05ADO3gCtjuokcn31XGIFgx82c=; b=7YwFkc+SCgVm1ZyWuydgSzCFbW1QdApl+wF63U+jiVA3W/m+pGmjlsSCvdQv5H2euv SxsQwySip3ESAGTe6u35pBAqbWLaC4zKtvpvi8rOb7AF+e+HlSE2udiYQ1y9FT9gvE/X MRx5I/bEm1yscvNn237ImDo14qzinBoZlIyUb3JD8Dtck9ucEZhytE2oS4FZ/kqqJ8LA RElmSk2FID4yL67+rUVvN2SDYU15ij2kDE3hS/zbEH0S8O7GQDbRB49NZ2lNEduqPxix jh48jM8dBVcYuE2n4jVYqdFLcbRXDwa71BRaJQqrpWd40scx11lg1hVQxGQ7pBMndxCc UNSw== X-Gm-Message-State: AOAM530Nle/Cn6A8V6B2dcTo2AiCgx1eQHtMWCCGc9QeZeYdBURax3BK GGz4mAg/iLlP86ZZlbbtjtSugrx4IjTmyZtgw00= X-Google-Smtp-Source: ABdhPJxrVro0w4ZFr7uDI6FcsAf8tb6+EBtoZgYc0wEujYsfEQZeHv8/PJiQLJZl8GWpgQEgEASlUg== X-Received: by 2002:a05:6a00:230d:b0:49f:b8ad:ae23 with SMTP id h13-20020a056a00230d00b0049fb8adae23mr20643165pfh.80.1638555693070; Fri, 03 Dec 2021 10:21:33 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:32 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/18] busybox: Fix for CVE-2021-42376 Date: Fri, 3 Dec 2021 08:18:51 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159131 From: Pavel Zhukov A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376 Signed-off-by: Pavel Zhukov Signed-off-by: Steve Sakoman --- .../busybox/busybox/CVE-2021-42376.patch | 138 ++++++++++++++++++ meta/recipes-core/busybox/busybox_1.31.1.bb | 1 + 2 files changed, 139 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42376.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch new file mode 100644 index 0000000000..c913eaee9c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch @@ -0,0 +1,138 @@ +From 56a335378ac100d51c30b21eee499a2effa37fba Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Tue, 15 Jun 2021 16:05:57 +0200 +Subject: hush: fix handling of \^C and "^C" + +function old new delta +parse_stream 2238 2252 +14 +encode_string 243 256 +13 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes + +Signed-off-by: Denys Vlasenko +(cherry picked from commit 1b7a9b68d0e9aa19147d7fda16eb9a6b54156985) + +Signed-off-by: Pavel Zhukov + +CVE: CVE-2021-42376 +Upstream-Status: Backport [https://git.busybox.net/busybox/patch/?id=56a335378ac100d51c30b21eee499a2effa37fba] +Comment: No changes in any hunk +--- + shell/ash_test/ash-misc/control_char3.right | 1 + + shell/ash_test/ash-misc/control_char3.tests | 2 ++ + shell/ash_test/ash-misc/control_char4.right | 1 + + shell/ash_test/ash-misc/control_char4.tests | 2 ++ + shell/hush.c | 11 +++++++++++ + shell/hush_test/hush-misc/control_char3.right | 1 + + shell/hush_test/hush-misc/control_char3.tests | 2 ++ + shell/hush_test/hush-misc/control_char4.right | 1 + + shell/hush_test/hush-misc/control_char4.tests | 2 ++ + 9 files changed, 23 insertions(+) + create mode 100644 shell/ash_test/ash-misc/control_char3.right + create mode 100755 shell/ash_test/ash-misc/control_char3.tests + create mode 100644 shell/ash_test/ash-misc/control_char4.right + create mode 100755 shell/ash_test/ash-misc/control_char4.tests + create mode 100644 shell/hush_test/hush-misc/control_char3.right + create mode 100755 shell/hush_test/hush-misc/control_char3.tests + create mode 100644 shell/hush_test/hush-misc/control_char4.right + create mode 100755 shell/hush_test/hush-misc/control_char4.tests + +diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right +new file mode 100644 +index 000000000..283e02cbb +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char3.right +@@ -0,0 +1 @@ ++SHELL: line 1: : not found +diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests +new file mode 100755 +index 000000000..4359db3f3 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char3.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '\' SHELL +diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right +new file mode 100644 +index 000000000..2bf18e684 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char4.right +@@ -0,0 +1 @@ ++SHELL: line 1: -: not found +diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests +new file mode 100755 +index 000000000..48010f154 +--- /dev/null ++++ b/shell/ash_test/ash-misc/control_char4.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '"-"' SHELL +diff --git a/shell/hush.c b/shell/hush.c +index 9fead37da..249728b9d 100644 +--- a/shell/hush.c ++++ b/shell/hush.c +@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string, + } + #endif + o_addQchr(dest, ch); ++ if (ch == SPECIAL_VAR_SYMBOL) { ++ /* Convert "^C" to corresponding special variable reference */ ++ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS); ++ o_addchr(dest, SPECIAL_VAR_SYMBOL); ++ } + goto again; + #undef as_string + } +@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring, + if (ch == '\n') + continue; /* drop \, get next char */ + nommu_addchr(&ctx.as_string, '\\'); ++ if (ch == SPECIAL_VAR_SYMBOL) { ++ nommu_addchr(&ctx.as_string, ch); ++ /* Convert \^C to corresponding special variable reference */ ++ goto case_SPECIAL_VAR_SYMBOL; ++ } + o_addchr(&ctx.word, '\\'); + if (ch == EOF) { + /* Testcase: eval 'echo Ok\' */ +@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring, + /* Note: nommu_addchr(&ctx.as_string, ch) is already done */ + + switch (ch) { ++ case_SPECIAL_VAR_SYMBOL: + case SPECIAL_VAR_SYMBOL: + /* Convert raw ^C to corresponding special variable reference */ + o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL); +diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right +new file mode 100644 +index 000000000..94b4f8699 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char3.right +@@ -0,0 +1 @@ ++hush: can't execute '': No such file or directory +diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests +new file mode 100755 +index 000000000..4359db3f3 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char3.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '\' SHELL +diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right +new file mode 100644 +index 000000000..698e21427 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char4.right +@@ -0,0 +1 @@ ++hush: can't execute '-': No such file or directory +diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests +new file mode 100755 +index 000000000..48010f154 +--- /dev/null ++++ b/shell/hush_test/hush-misc/control_char4.tests +@@ -0,0 +1,2 @@ ++# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) ++$THIS_SH -c '"-"' SHELL +-- +cgit v1.2.3 + diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb index 55c00eb483..14ac710f3b 100644 --- a/meta/recipes-core/busybox/busybox_1.31.1.bb +++ b/meta/recipes-core/busybox/busybox_1.31.1.bb @@ -53,6 +53,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \ file://0001-mktemp-add-tmpdir-option.patch \ file://CVE-2021-42374.patch \ + file://CVE-2021-42376.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " From patchwork Fri Dec 3 18:18:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 610 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0AD9C433F5 for ; Fri, 3 Dec 2021 18:21:37 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web12.15493.1638555696641164154 for ; Fri, 03 Dec 2021 10:21:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=gOLHm4st; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id b68so3624171pfg.11 for ; Fri, 03 Dec 2021 10:21:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=RPnwAvei5783RECdAdRuYvas8h5Zz8CdQvXt6vK/D4E=; b=gOLHm4stR4xmkfEAr8zbTAHtrDHxTZ9mgkVfRHSMGh5XA0mH9mySWDTXmOuCrirDhZ 4p7Nnv6KK77EA5TdX93r3fVfLtYyoGm6uCtJMa/TxWhA/ok/vgMKefbSfMIfpvRx4wBH uKIsK6ugGfCRqxih/gcQAfkiPPbrGDm7uMIyOiCFhC/BvpsKZBif+h++JzDQb/RSnPrB 4zXa4myB5aVjK00H4YiiZPqoe1bofwAfpL0QpCvg2eV0v4IHm26Wa3CnQWL4ywbPpMax IMdaF1ob9z+mZQ+HB3lnhBYHWtRifIV/L3V89p+KPoOCQy5h9Lt9xWY6bMliUdbVhdvu B/RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RPnwAvei5783RECdAdRuYvas8h5Zz8CdQvXt6vK/D4E=; b=SXhikM9CM4Nbf+tnCUrS4RZzB3H6K+vy7QH06qcQ2UjZJJL44pQSE3obLkKgc18o2I mFL9eSObl9N5863MyXMkuzw9+SY3HH0WDrjiJGlbJS1QcNu7ZCq3wLyp9Zc1r8rokVj7 SWVzKY948Jd20r/BYzO3yY0YSVJ5Bijs82ZL/Okql6uDnPViZn/TdeaR2/ZeVsQrIT35 lIJL88+QQ0YGmDU9fqwTiXy6CkVuGfJkGDk4j+Yog+Yt4tDGTiU4psZp3vGnOjAJkx8y I0qXG63XVAhxg8YisKcJlVuSUMgkG8930nypVRub0gCMphYvcHI5c/O3wJOtjZ0xVTco bt4w== X-Gm-Message-State: AOAM533/+8+9Z4++vQPQS6i1+mhf08o4ol28mCXd+UvLDDRwWXHMx2SM snnZlVTl4YVV/y8cibPC769qMYfDtM9pNMACRZs= X-Google-Smtp-Source: ABdhPJyXmtbfr1i/wfx187MMNTUy4qVWWJbfs2wrGg7CQqy7Rs4QSM30rYpk49AdcOlSz8H2ksFQMw== X-Received: by 2002:a63:4963:: with SMTP id y35mr5677859pgk.279.1638555695590; Fri, 03 Dec 2021 10:21:35 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/18] vim: fix CVE-2021-3968 and CVE-2021-3973 Date: Fri, 3 Dec 2021 08:18:52 -1000 Message-Id: <74e34f9551c2d9811da045b3957aabba5a9a4e2f.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159132 From: Ross Burton Backport a fix for -3972, and whitelist -3968: it isn't valid as it fixes a bug which was introduced after 8.2. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27) Signed-off-by: Steve Sakoman --- ...rash-when-using-CTRL-W-f-without-fin.patch | 92 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 4 + 2 files changed, 96 insertions(+) create mode 100644 meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch diff --git a/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch b/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch new file mode 100644 index 0000000000..58d3442677 --- /dev/null +++ b/meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch @@ -0,0 +1,92 @@ +CVE: CVE-2021-3973 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From b6154e9f530544ddc3130d981caae0dabc053757 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Wed, 17 Nov 2021 18:00:31 +0000 +Subject: [PATCH] patch 8.2.3611: crash when using CTRL-W f without finding a + file name Problem: Crash when using CTRL-W f without finding + a file name. Solution: Bail out when the file name length is zero. + +--- + src/findfile.c | 8 ++++++++ + src/normal.c | 6 ++++-- + src/testdir/test_visual.vim | 8 ++++++++ + src/version.c | 2 ++ + 4 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/src/findfile.c b/src/findfile.c +index dba547da1..5764fd7b8 100644 +--- a/src/findfile.c ++++ b/src/findfile.c +@@ -1727,6 +1727,9 @@ find_file_in_path_option( + proc->pr_WindowPtr = (APTR)-1L; + # endif + ++ if (len == 0) ++ return NULL; ++ + if (first == TRUE) + { + // copy file name into NameBuff, expanding environment variables +@@ -2094,7 +2097,12 @@ find_file_name_in_path( + int c; + # if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) + char_u *tofree = NULL; ++# endif + ++ if (len == 0) ++ return NULL; ++ ++# if defined(FEAT_FIND_ID) && defined(FEAT_EVAL) + if ((options & FNAME_INCL) && *curbuf->b_p_inex != NUL) + { + tofree = eval_includeexpr(ptr, len); +diff --git a/src/normal.c b/src/normal.c +index 7cb959257..f0084f2ac 100644 +--- a/src/normal.c ++++ b/src/normal.c +@@ -3778,8 +3778,10 @@ get_visual_text( + *pp = ml_get_pos(&VIsual); + *lenp = curwin->w_cursor.col - VIsual.col + 1; + } +- if (has_mbyte) +- // Correct the length to include the whole last character. ++ if (**pp == NUL) ++ *lenp = 0; ++ if (has_mbyte && *lenp > 0) ++ // Correct the length to include all bytes of the last character. + *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1; + } + reset_VIsual_and_resel(); +diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim +index ae281238e..0705fdb57 100644 +--- a/src/testdir/test_visual.vim ++++ b/src/testdir/test_visual.vim +@@ -894,4 +894,12 @@ func Test_block_insert_replace_tabs() + bwipe! + endfunc + ++func Test_visual_block_ctrl_w_f() ++ " Emtpy block selected in new buffer should not result in an error. ++ au! BufNew foo sil norm f ++ edit foo ++ ++ au! BufNew ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 52be3c39d..59a314b3a 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -742,6 +742,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 3611, + /**/ + 3582, + /**/ diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index bd8aeba2fd..11fed67527 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch \ file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \ file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \ + file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \ " SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" @@ -32,6 +33,9 @@ SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" +# CVE-2021-3968 is related to an issue which was introduced after 8.2, this can be removed after 8.3. +CVE_CHECK_WHITELIST += "CVE-2021-3968" + S = "${WORKDIR}/git" VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}" From patchwork Fri Dec 3 18:18:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 611 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1A2DC433EF for ; Fri, 3 Dec 2021 18:21:39 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web10.15347.1638555699295334696 for ; Fri, 03 Dec 2021 10:21:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=z51o1mrq; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id v23so2933547pjr.5 for ; Fri, 03 Dec 2021 10:21:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Y/z5QW80ogehnJCoTbnGvL/K5S8inCvVLAB5jHg9+qo=; b=z51o1mrqhZj33Jb2ByfY3oF87XZD1Qx8cvLVQJu3RstmqeYyLHszpI24jxQ2K9RpQd TfsWXolYm1MuMy7fB3I9PN27gEZbMwz3+eAC6VqrZvZnjf0zVUXZMzdILRqRrgPyaZVD /nzV8jxEVAXKk9Lm3TuYbXXUOLCrU0sSEQljdxmHlu+JyoBq5Xy7fL+WX8DaMIP7uSZL EjT4Z0DqeomE8Wd38cQ+72F5AgTSoaXiD4pEhT0EO3/ytdjt3ElSiuheUbgS7AAAdIhC 8K47hm7F7awx7qGDtQyaH533DcPnlZd6EifHGrf/7K1AP8UZaPAU5Zm1VNx46ttQKs2r pOyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Y/z5QW80ogehnJCoTbnGvL/K5S8inCvVLAB5jHg9+qo=; b=vxj6UIJLgGLm/U5OEi7gI0vMzgPHzsnEPxyBn/rZiGx2dd27KPsLIGiNjgHxcZgRBv UdCMf7QOZDVtwF3saYvYXIUB2MGGDtERf8k5pHc0PYRx/W4wIjpY+LY1uMyDV9LCL69Y Dr0U3XRgn5lredtfwBPSOutAGJUQvXjDzOFyJ8DNEZYvfYj0u2mmt02Po8hYCz5KtUzt U/j2IJE4oXyEqWRmYKrG35mcj0qXKMhnkJ9E80kbZw7wSbvLi/K72CAxpZT/GOsQNl0/ rn3PQOSHWKpzHihdp254CAzNc5EyPfXfMCkygDOsZtTgyUDWGrharw7GAC2UJWFs3ZtY oD8A== X-Gm-Message-State: AOAM531vkt6uOnrBhVrR0wrmhk7FGG76e31WxbxKoYkYepRR34sWEu3E hxNd62EMHY2EAZB0tDJCbHKrddYyUFyU17Raerw= X-Google-Smtp-Source: ABdhPJwlcYWKSntEbvEoSr3DFgvmbKsgYHA/tUFzycqLmeXKfQBsGrnxIOkGjCEqmhX7+uurjZQn/w== X-Received: by 2002:a17:90b:4a52:: with SMTP id lb18mr15924101pjb.84.1638555698271; Fri, 03 Dec 2021 10:21:38 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/18] ncurses: Fix for CVE-2021-39537 Date: Fri, 3 Dec 2021 08:18:53 -1000 Message-Id: <443d0e5403422862d52c5710772cde0b1a363741.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159133 From: Ranjitsinh Rathod Add patch to fix CVE-2021-39537 Link: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../ncurses/files/CVE-2021-39537.patch | 30 +++++++++++++++++++ meta/recipes-core/ncurses/ncurses_6.2.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2021-39537.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch new file mode 100644 index 0000000000..7655200350 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch @@ -0,0 +1,30 @@ +$NetBSD: patch-ncurses_tinfo_captoinfo.c,v 1.1 2021/10/09 07:52:36 wiz Exp $ + +Fix for CVE-2021-39537 from upstream: +https://github.com/ThomasDickey/ncurses-snapshots/commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 + +CVE: CVE-2021-39537 +Upstream-Status: Backport [http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup] +Signed-off-by: Ranjitsinh Rathod + +--- a/ncurses/tinfo/captoinfo.c 2020-02-02 23:34:34.000000000 +0000 ++++ b/ncurses/tinfo/captoinfo.c +@@ -216,12 +216,15 @@ cvtchar(register const char *sp) + } + break; + case '^': ++ len = 2; + c = UChar(*++sp); +- if (c == '?') ++ if (c == '?') { + c = 127; +- else ++ } else if (c == '\0') { ++ len = 1; ++ } else { + c &= 0x1f; +- len = 2; ++ } + break; + default: + c = UChar(*sp); diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index 76f0cf97f4..700464f70b 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb @@ -3,6 +3,7 @@ require ncurses.inc SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ + file://CVE-2021-39537.patch \ " # commit id corresponds to the revision in package version SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" From patchwork Fri Dec 3 18:18:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 613 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCDD9C433F5 for ; Fri, 3 Dec 2021 18:21:42 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web09.15191.1638555702386028803 for ; Fri, 03 Dec 2021 10:21:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ujIo0av2; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id gt5so2959658pjb.1 for ; Fri, 03 Dec 2021 10:21:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pYSL6foOLxoS0cmi2AWAcg//B1P1HXbuxQVd/RE5L/U=; b=ujIo0av24mbpnSI3FhcczA94T5RS+5r/2GsNkucPJZWHcKRhg28Jf8AmoImqHXSGLF 9zMkBEP/sGf87ok46ojKTtFXLq4lfNYdq13Bhudd1WXex2bXesFvMVutkFwsrkn+nlie UPQBtt61Zu3QAORmGm9QHtnOkMoOvu2c75JpPz/cLc+hcAuRJq5kWLZWBWdlAGXAPRrE 4FMT/mDC7Zf0uqX/Z2j16CqLAeG5rP25+g1TrSvJlGAUYiqrKge3lzU8EbGZETpYvaF9 WO5MeOSZovwGUAx9D6eAEtciR5rwtn+5YWtoI34rsI3EsYmGnnOa2WzZymP34HdlWRue zpDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pYSL6foOLxoS0cmi2AWAcg//B1P1HXbuxQVd/RE5L/U=; b=SuZqd7mzrovnmkUp3+Vx/+EPbt9pSarMVAyJG10QOPy4T9XtYNzZpdqZeOP686UC9S 5g3dSWcLAFRXjtDJbVI6KR87QuYUFW5auqEsBDeGnNgiJcTbiXFOK1qxT6/mLMl4jo+A 1IKvD5JfEwxA0y2Wo7tD/MPHHKdtcxDkNYpe74IDXx+li3XD3/66mRXb/NKVwpA0UZxV Kcph/BmJYCWtCfS53sI15A0GrKCqE3HjOvvsBkq3GAp0J7tARIrkl9fXMYU6orrcOSLk LWjhFsyt4kpKE03C8xeszHwZCTTlx7zs1zU2YOIFvZWPeV9Jbsn8kGYlZg4gl6MpopnH 1EXw== X-Gm-Message-State: AOAM530OuqdbwwRKQQ5VSjHkK01sDYRGcUA8dVpTfDyeYePIjze20pxH bdpl+uM8/e/1hJdQnyJIIYvxYD3nUpc3T4Xbg8E= X-Google-Smtp-Source: ABdhPJxSaW4MLWSK6v91yaRwLm7ueBeMfamU1jgXxlPqnAUJj0+ZPn7sACYL2UQPJffo08F3XNhszw== X-Received: by 2002:a17:90a:c297:: with SMTP id f23mr15993523pjt.138.1638555700672; Fri, 03 Dec 2021 10:21:40 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/18] libsolv: update tag for missing CVEs Date: Fri, 3 Dec 2021 08:18:54 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159134 From: Ranjitsinh Rathod It seems like CVE-2021-33928, CVE-2021-33929, CVE-2021-33930 and CVE-2021-33938 are pointing to same patch as CVE-2021-3200 So add CVE tag inside the patch file which is the remedy for CVE-2021-33928, CVE-2021-33929, CVE-2021-33930 and CVE-2021-33938 Link: https://ubuntu.com/security/CVE-2021-3200 https://ubuntu.com/security/CVE-2021-33928 https://ubuntu.com/security/CVE-2021-33929 https://ubuntu.com/security/CVE-2021-33930 https://ubuntu.com/security/CVE-2021-33938 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- meta/recipes-extended/libsolv/files/CVE-2021-3200.patch | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch index 74164ab495..cc8f53cefd 100644 --- a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch +++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch @@ -11,9 +11,14 @@ been added. (Jobs may point inside the whatproviedes array, so we must not invalidate this area.) -Upstream-Status: Backport -https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec +Upstream-Status: Backport [https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec] CVE: CVE-2021-3200 +CVE: CVE-2021-33928 +CVE: CVE-2021-33929 +CVE: CVE-2021-33930 +CVE: CVE-2021-33938 +Signed-off-by: Ranjitsinh Rathod + Signed-off-by: Chee Yang Lee --- ext/testcase.c | 21 +++++++++++++++++++++ From patchwork Fri Dec 3 18:18:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 612 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD45CC433EF for ; Fri, 3 Dec 2021 18:21:45 +0000 (UTC) Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by mx.groups.io with SMTP id smtpd.web09.15193.1638555704659196812 for ; Fri, 03 Dec 2021 10:21:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=uAnBtnbw; spf=softfail (domain: sakoman.com, ip: 209.85.215.169, mailfrom: steve@sakoman.com) Received: by mail-pg1-f169.google.com with SMTP id f125so3934574pgc.0 for ; Fri, 03 Dec 2021 10:21:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=A5obEuKwshNqzdDVagNWFjPScVatytDfgPUaM8XbUyU=; b=uAnBtnbwVgK+0JcMzicTlkM3RjUxH0xYfRslHFnBcMQobAbfqMcg/AYyOZRxiQgwB7 AtaVRoUiRiBlm6lOmZYHK6Kwc9lBd2hmyvkXMqLpkUzlrqiO+/RVe1NWElGxsIzWEySh Nw7P/Y30D1dSYVb3QhW2VUJnYmGpfqyob9EK8x263IDXSJ1nQtcW86SdMQhrb85+oP3s gCHpnCUMDWvmDMBOYkHDBMlHJOVIb8rF5L4UJVcaS7iaiyd9IqWuAJJSrR9JdylIlcQp Ei+qlDZv5G1U+XrJdJ875D/F+liVnS+HTyM42+hUNhXvEGWBUOu901YXfEuDyUOTNUU6 OZzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A5obEuKwshNqzdDVagNWFjPScVatytDfgPUaM8XbUyU=; b=YMJniAgBxbDBaKsrYaUrTNOVNXskC+oliYZ2UM15TXASE77cK854VqF9xh7o7CvYEW 6gJcDFj8d2XOMEYRlzbzVDkhmnyegKUVBlxiqFBEuX7nQMLltuTKjeqMvLFEqJR87Nou +fxQrWQAktvhaXhvFfZbkyIlXDYAHXPLX+OAyvRjeOaGRqqtN09+IQ5udsYXbm7SKXOM ZYKulK8VwXzv4nIDf/A82SIxpS+F0+TRHU6DY4cOMKkEuKq18h50z5yzbaABU8Chdzs9 I0WZCm3ZHheL+cjbmuLNDKFIB3DScikId5KgJZKSIUJQJRr6vAj4yJ0F/6q8eHi+hLdu fqgQ== X-Gm-Message-State: AOAM532MpguWz7pY0pg78y7SfDGH29IDU2M36DPmZ8yE3uv9c81/3403 z1V6i9QeOWTZi4OplatRTL1A0B5oJgHInuU1Kns= X-Google-Smtp-Source: ABdhPJziLu/dSctpe7gTmv0//o1ExFVfa+2R2B+nh2Qr7BEhmRi2VwShP6LXPbGUuhsE03rdQ7nvKg== X-Received: by 2002:a63:2cce:: with SMTP id s197mr5784015pgs.334.1638555703670; Fri, 03 Dec 2021 10:21:43 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/18] bind: update to 9.11.33 Date: Fri, 3 Dec 2021 08:18:55 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159135 Notes for BIND 9.11.33 This maintenance release of BIND 9.11 contains no significant changes, although some minor updates have been made (for example, to eliminate compiler warnings emitted by GCC 11). Signed-off-by: Steve Sakoman --- .../bind/{bind_9.11.32.bb => bind_9.11.33.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.11.32.bb => bind_9.11.33.bb} (98%) diff --git a/meta/recipes-connectivity/bind/bind_9.11.32.bb b/meta/recipes-connectivity/bind/bind_9.11.33.bb similarity index 98% rename from meta/recipes-connectivity/bind/bind_9.11.32.bb rename to meta/recipes-connectivity/bind/bind_9.11.33.bb index 9feebe5ae2..8ef8a76ce2 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.32.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.33.bb @@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342" +SRC_URI[sha256sum] = "293e767e96ac8ef17163e9f9cba52a6d27163807c29c88d36fe6e18d89083a3e" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 From patchwork Fri Dec 3 18:18:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 614 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE76CC433F5 for ; Fri, 3 Dec 2021 18:21:47 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web08.15310.1638555707090905147 for ; Fri, 03 Dec 2021 10:21:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=PoDFlQqB; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id b68so3624515pfg.11 for ; Fri, 03 Dec 2021 10:21:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=hngGtrHmpKIpXr9+5qW3gaxH5iBvMs5nMJuRI87FIeg=; b=PoDFlQqBomqRc+iOTAsxRSuYX3QGnRsO7AMkGslRh8/+0iqgqf85C0sC7+wQdtOeaD nHMpB4qqhO5zbpqerRdZNhwdBY+dTYEXlto1oWefsl+AorYjL+3Yl6jXrH8PmDkQcWeD 48URIm1jze/4h68zj/bvAqRlHQGt55UznHk5ziQFPR8QfG03PFTJinQHYzyjPh9Wcg87 kaoDR4l1h8QyVfiUvOV/jL4BtYp7erT+oXIDEtA19v38mM9WLKB/gD2wKH55Sip42jkA GAwgqbBku0BeqdJozLygLuW9Dv/A60wQhURunDhaMd/YAY/lyGhUqk+UrAsTi0tAG+KC lWCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hngGtrHmpKIpXr9+5qW3gaxH5iBvMs5nMJuRI87FIeg=; b=3poaGn2ZT5WAyoFHbDVJl3dbsNS1+6FfsPgtmg3M9oza7jMOm6qMKce4abdJfsj9Fm 9QRLpJN9YUbv7vOfAVUbc6ORfwaLUWCnO6a511a2U4+EPgzlo7FyxwaVNyPq61ikOf0j fjtsAyzSx5TubGV8ayaAi5zjZpxZci+sMRsIHX7jRW98EPeAnahgKgimq4FZVyX9EJnf MLwAbyrkhmZJSh89V8xVXmVMmW3+T5fGzACsaBrjfygckHYmHkY+XDQSd/s2gmnLPhIr Srca1C3GGxftzmcmLdXO1kC4a+YBfJvs9QHMyrp1+//JT9BVanAz9yc6mMzSZaSrqf2M ZaeA== X-Gm-Message-State: AOAM533T3bPqURgLq2pjWQjWXkSMjH2jK40NfnamPEAJ8RM/i8lmuxAP VIxQwnCocGGRzXzYYrz3g2EHuJLbsdj3jZV0qWY= X-Google-Smtp-Source: ABdhPJzrxByAkPn3Wy9baz4r8gxpZcaybrXJH6VmkMlPYP67jUTxhgWgMzkXIZEcE2hb2NEjFp5ARQ== X-Received: by 2002:a63:41c6:: with SMTP id o189mr5764167pga.625.1638555706148; Fri, 03 Dec 2021 10:21:46 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:45 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/18] bind: update to 9.11.34 Date: Fri, 3 Dec 2021 08:18:56 -1000 Message-Id: <599893d0fdc55dd6dee0a7fcb2fa7b065ffbb781.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159136 Notes for BIND 9.11.34 This maintenance release of BIND 9.11 contains no significant changes, although some minor updates have been made (for example, to fix build issues on Solaris 11). Signed-off-by: Steve Sakoman --- .../bind/{bind_9.11.33.bb => bind_9.11.34.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.11.33.bb => bind_9.11.34.bb} (98%) diff --git a/meta/recipes-connectivity/bind/bind_9.11.33.bb b/meta/recipes-connectivity/bind/bind_9.11.34.bb similarity index 98% rename from meta/recipes-connectivity/bind/bind_9.11.33.bb rename to meta/recipes-connectivity/bind/bind_9.11.34.bb index 8ef8a76ce2..dbb2f83876 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.33.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.34.bb @@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "293e767e96ac8ef17163e9f9cba52a6d27163807c29c88d36fe6e18d89083a3e" +SRC_URI[sha256sum] = "aa031775a73d30d951451034c84c4a716a10e6625acc4eb4bb878ed4c61b7271" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 From patchwork Fri Dec 3 18:18:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 615 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF189C433EF for ; Fri, 3 Dec 2021 18:21:49 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web08.15311.1638555709284929467 for ; Fri, 03 Dec 2021 10:21:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=OCndUu0n; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id b13so2687953plg.2 for ; Fri, 03 Dec 2021 10:21:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=qVWmR54C7+sQJ+xwz2b5h6Javq1YAnnVJT5IEE+qR0I=; b=OCndUu0np+QztaSHYo/Hdp+fx8kc8MQX92oGOEFXawhpBYph2GCLqiVJUnMMdMNcmS BNvP2MvPqLOkCIeb+psG9wVOk+FJFV1NqtzHp7xlvmza16kr+YayC1N01DVEHXdMWmGw ecxf3JuEVow2HHX891FkHp2D4CbIsutqfKm476EvIdwnsKZlB7jecXb+Vx7aZS32voTr JUwKHJzrlb1znYENkZ17vdg47kLpNHpV/lb+rq55aIlXFMDyl6D1T+tekpDeiyfGkqvJ rgIcixDGQ1UMLuW+VkYOyWJLZ+v7TDGrHDgH0UKW6kwRpZUVFv/c8wUMmgsjpOagCSMZ MaCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qVWmR54C7+sQJ+xwz2b5h6Javq1YAnnVJT5IEE+qR0I=; b=KCMNbO8LJgAKCIlXZqPHfhe94KipvzIAgz4dKDLKaXDyfizQqfQOpN3vTgq9S9sh8H 0KinaZGWsz1l8rT96K35x/nXUDzlEOTontOxb2SvHKHr4aYjQnpdkeY74e9WEPXjtQxf I7ikJxkkWjIgyfN6YXKU2cXu6Pe/pknbylH/VIAY/xdrjO47WfD1aHfhgsPDLNICvts5 JybUog1F2bPtMJXSjntw89j1k6N9jS+FhW9Zce1DMHim/Jm/0Wr09DAfWxx/6Krr8vmL 7RaUqzGg5rKuA69Er20+GuWaEatHMNAMSoWYLjqdBJwMy32OSeu4VzoE/cE+ObpdXTdY mlWA== X-Gm-Message-State: AOAM533QTsdA1FB0e7VUEJF8BjF0XyvdmzgJkQKAiyLxIC0LBnmHWNsv lC5dL1+wAfdv4brhY/dFXXrz1Pk6GJ6kRmGL6XM= X-Google-Smtp-Source: ABdhPJysBW96m6qwMYzlhmpzEz/7oOaKTsq9+6Iq0mbHNdy7VquMGvjsdcmIY4BoiGapHIbd2CwYqg== X-Received: by 2002:a17:90b:1d03:: with SMTP id on3mr2474268pjb.68.1638555708260; Fri, 03 Dec 2021 10:21:48 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/18] bind: update to 9.11.35 Date: Fri, 3 Dec 2021 08:18:57 -1000 Message-Id: <00ff122ef6dba8beda273152976884dd60128a6a.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159137 Notes for BIND 9.11.35 Security Fixes named failed to check the opcode of responses when performing zone refreshes, stub zone updates, and UPDATE forwarding. This could lead to an assertion failure under certain conditions and has been addressed by rejecting responses whose opcode does not match the expected value. [GL #2762] Signed-off-by: Steve Sakoman --- .../bind/{bind_9.11.34.bb => bind_9.11.35.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.11.34.bb => bind_9.11.35.bb} (98%) diff --git a/meta/recipes-connectivity/bind/bind_9.11.34.bb b/meta/recipes-connectivity/bind/bind_9.11.35.bb similarity index 98% rename from meta/recipes-connectivity/bind/bind_9.11.34.bb rename to meta/recipes-connectivity/bind/bind_9.11.35.bb index dbb2f83876..4652529623 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.34.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.35.bb @@ -21,7 +21,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "aa031775a73d30d951451034c84c4a716a10e6625acc4eb4bb878ed4c61b7271" +SRC_URI[sha256sum] = "1c882705827b6aafa45d917ae3b20eccccc8d5df3c4477df44b04382e6c47562" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 From patchwork Fri Dec 3 18:18:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 616 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4EB5C433F5 for ; Fri, 3 Dec 2021 18:21:53 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.15351.1638555712667709351 for ; Fri, 03 Dec 2021 10:21:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=kBhODLhE; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id 200so3893580pga.1 for ; Fri, 03 Dec 2021 10:21:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=w/gdB5JDMHLf8crVSfbvyO7O846ecd/Xx0VlbKdSJo0=; b=kBhODLhE4XP7KHWS/Ixd5Ic1Q/7dTQ9hSsh5t8rF7MYdurs2aqZ9FgR+HOG9dcxnkV iggFXTwTgJRswU5tK0n4mmumWHl5B7hIjiJHAwXukee84NDmdkeUmeMjj4rHaKUE0say 67jNEyM2DlrmUTIvaz2z4AlUG7g+GggK1tv5BdOwcNAQvXMJOBReGVwvCu3fTk967fxJ +CkSyVFU+eWYmdY2gtQfFZH4m/fZv50KnMjCHum1mm4hmagahIO21VRHRCKWhTDP/h4C pCExsvU3PbE0O5vVEbL5kanIKv42U0Kz1+++Egu/+rSRe2XFHjjaE+pKEjzVDrW27W4e 0SZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w/gdB5JDMHLf8crVSfbvyO7O846ecd/Xx0VlbKdSJo0=; b=VzGNrZrnbUgYWKGQYi1SyV9DNKiMFUsrvpaFzkzGQ7fkfc7+Y24HXIVqu3h1Mpd3Ew k6Q6hrD34PTnHiS/htjEoLc+KzPWJ41Sx75c1O6Pz9/7ogrJEF/qg73c2VsMQwTZaHXc VBslBPEnGqdFiAQ04oLk/hr26kD4UMk3b3d97Tb6n4DKR3hKLXcDXskZchPgOY3e7JpR bdEIFGs2nCZtOSvL3p7OVSE4HN1nJkukVs1+QubjSedpEVtsf4S+BdxC99vo/4f2XLp7 XcitQrgXO2ERZYOhZp+GBMGp7+xo5iLFHNv9qc05ads1ehkGCpuRTxjvN6MBwjFNTt+v APfg== X-Gm-Message-State: AOAM530hpEax7Lmz6pxUj2uUIL7wOsDyjJ63BySrOPO/j8rbj640MKgp v4YtLzH60anc60RzL5YIRp4Pu2Gi318Z/MuDR0U= X-Google-Smtp-Source: ABdhPJyxy0hXni7l+1FJvYwaAHl/Uxh8cJyh0sDgQ9btmcovpztOCyaJFsJ7cUdY7Czz6LzRYvC6dA== X-Received: by 2002:a05:6a00:cd0:b0:49f:b198:97a5 with SMTP id b16-20020a056a000cd000b0049fb19897a5mr20960451pfv.80.1638555711669; Fri, 03 Dec 2021 10:21:51 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/18] libdnf: Backport bugfix for upgrade calc Date: Fri, 3 Dec 2021 08:18:58 -1000 Message-Id: <19b86d1569bb56facecc03e2694d5ad1f54b5db4.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159138 From: Jate Sujjavanich Mark goal.upgrade with sltr as targeted This allows a bugfix in dnf to work Signed-off-by: Jate Sujjavanich Signed-off-by: Steve Sakoman --- ...job-goal.upgrade-with-sltr-as-target.patch | 58 +++++++++++++++++++ meta/recipes-devtools/libdnf/libdnf_0.28.1.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch diff --git a/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch b/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch new file mode 100644 index 0000000000..61d255581b --- /dev/null +++ b/meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch @@ -0,0 +1,58 @@ +From b4c5a3312287f31a2075a235db846ff611586d2c Mon Sep 17 00:00:00 2001 +From: Jaroslav Mracek +Date: Tue, 3 Sep 2019 11:01:23 +0200 +Subject: [PATCH] Mark job goal.upgrade with sltr as targeted + +It allows to keep installed packages in upgrade set. + +It also prevents from reinstalling of modified packages with same NEVRA. + + +Backport commit b4c5a3312287f31a2075a235db846ff611586d2c from +https://github.com/rpm-software-management/libdnf + +This bug is present in oe-core's dnf + +Remove changes to spec file from upstream + +Upstream-Status: Backport +Signed-off-by: Jate Sujjavanich +--- + libdnf.spec | 4 ++-- + libdnf/goal/Goal.cpp | 2 +- + libdnf/goal/Goal.hpp | 6 ++++-- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/libdnf/goal/Goal.cpp b/libdnf/goal/Goal.cpp +index b69be19..a38cbb4 100644 +--- a/libdnf/goal/Goal.cpp ++++ b/libdnf/goal/Goal.cpp +@@ -767,7 +767,7 @@ void + Goal::upgrade(HySelector sltr) + { + pImpl->actions = static_cast(pImpl->actions | DNF_UPGRADE); +- sltrToJob(sltr, &pImpl->staging, SOLVER_UPDATE); ++ sltrToJob(sltr, &pImpl->staging, SOLVER_UPDATE|SOLVER_TARGETED); + } + + void +diff --git a/libdnf/goal/Goal.hpp b/libdnf/goal/Goal.hpp +index f33dfa2..d701317 100644 +--- a/libdnf/goal/Goal.hpp ++++ b/libdnf/goal/Goal.hpp +@@ -86,8 +86,10 @@ public: + /** + * @brief If selector ill formed, it rises std::runtime_error() + * +- * @param sltr p_sltr: It should contain only upgrades with obsoletes otherwise it can try to +- * reinstall installonly packages. ++ * @param sltr p_sltr: It contains upgrade-to packages and obsoletes. The presence of installed ++ * packages prevents reinstalling packages with the same NEVRA but changed contant. To honor repo ++ * priority all relevant packages must be present. To upgrade package foo from priority repo, all ++ * installed and available packages of the foo must be in selector plus obsoletes of foo. + */ + void upgrade(HySelector sltr); + void userInstalled(DnfPackage *pkg); +-- +2.7.4 + diff --git a/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb b/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb index fb7fc80758..39858ad401 100644 --- a/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb +++ b/meta/recipes-devtools/libdnf/libdnf_0.28.1.bb @@ -11,6 +11,7 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=master;protoco file://0001-Add-WITH_TESTS-option.patch \ file://0001-include-stdexcept-for-runtime_error.patch \ file://fix-deprecation-warning.patch \ + file://0040-Mark-job-goal.upgrade-with-sltr-as-target.patch \ " SRCREV = "751f89045b80d58c0d05800f74357cf78cdf7e77" From patchwork Fri Dec 3 18:18:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 617 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2EE9C433F5 for ; Fri, 3 Dec 2021 18:21:55 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web08.15313.1638555714991697981 for ; Fri, 03 Dec 2021 10:21:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=wlXs6Fdm; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id x131so3622024pfc.12 for ; Fri, 03 Dec 2021 10:21:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=M4N6wr0HwoJ7LfRz9WPdDnkS+sID3pzfnf1/uP1YZLQ=; b=wlXs6Fdm4Yb5O7blcjHhSJ/tRB7zxPJiWKs9Ugk6onMc4crp6g7elzMrNCXmM9i3c3 iQhSbJAL21hvnuyckkAi3AiQxYku6KBDJdPU2oLyeAKrIyL3rm0ctZrzXeUNyhIFA3VP PDkECOpTTukcndHNHJnW6Z/Fxiht/Jo5JrimwhDoqN1AF+ZAcKATe7mcn3SQWHd6LN4t 0iRef4ZcUdu5W8vAleQ0LE0iVP7D1KbsxV9lxP9GY5z2Zn/0oTnyGWb7k5pRdOP3z2mU t9w5eDHDIrFJglyBhN8o0is1vSYj2FinAZKTeM/PBc1A1ry41hUTVwOaHOv9TED3S1Eg TrwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=M4N6wr0HwoJ7LfRz9WPdDnkS+sID3pzfnf1/uP1YZLQ=; b=7vX94GJ+0GdeIapTOHSDGXUHpgMMG8ha25Fc5fOc8EMvnXrzENlHANK67YYV98+XHf P/nHKs3Cbx1GeJm5dvGAeSY27UgKSPAVZ4O1BM6b/VYsDqSxMxG17ipSO7BYNzv03TIT 73U9OU4IDiJ31IzMew4PgNNMdx/uWLmzusv6IyLRm051mOjbvIjqJMrWOrhydAWDwXh2 UUJc1a99W6OzZw+J1ZZ+lI2XiJXTaNv55HIYWDns37YUISSN3RJ3vqbpnPyD04RV8+rA 4XHMb57PZjujyxZo9mma0kq6UNPxXDxTRkF+ZQyqjHC/H1LZIn3sGl7COdJUrN/86b8A Ap2w== X-Gm-Message-State: AOAM533VkBii1ureeEKeA9qPnjcq7qdvaHCODOqCEXi1iYJS4s/hKufI e046aNvjqJYNScTD5DPihX4dE30XpyXhzbwyaNY= X-Google-Smtp-Source: ABdhPJwhr1392jPgaUd1QQPtwnCYTz6mKCkSfCjKDTZ4ZhiaaPIne2HVLjL7bHVvOHRTONJYeW/aJg== X-Received: by 2002:a05:6a00:2496:b0:49f:eba0:6575 with SMTP id c22-20020a056a00249600b0049feba06575mr20652957pfv.78.1638555713979; Fri, 03 Dec 2021 10:21:53 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:53 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/18] dnf: Backport bugfix for upgrade Date: Fri, 3 Dec 2021 08:18:59 -1000 Message-Id: <2ead580a981e5d4f72d5bba22db4ae718815bc42.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159139 From: Jate Sujjavanich Keep installed packages in upgrade job This prevents duplicate identical packages from being reinstalled with each upgrade Signed-off-by: Jate Sujjavanich Signed-off-by: Steve Sakoman --- ...ackages-in-upgrade-job-RhBug-1728252.patch | 60 +++++++++++++++++++ meta/recipes-devtools/dnf/dnf_4.2.2.bb | 1 + 2 files changed, 61 insertions(+) create mode 100644 meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch diff --git a/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch b/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch new file mode 100644 index 0000000000..57c2375a54 --- /dev/null +++ b/meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch @@ -0,0 +1,60 @@ +From c88a77198c0156e425c2725f30e481207de5162f Mon Sep 17 00:00:00 2001 +From: Jaroslav Mracek +Date: Tue, 3 Sep 2019 11:01:51 +0200 +Subject: [PATCH] Keep installed packages in upgrade job + (RhBug:1728252,1644241,1741381) + +In combination with marking of job as TARGETED it prevents from +reinstalling of modified packages with same NEVRA. + +https://bugzilla.redhat.com/show_bug.cgi?id=1728252 +https://bugzilla.redhat.com/show_bug.cgi?id=1644241 +https://bugzilla.redhat.com/show_bug.cgi?id=1741381 + +Closes: #1474 +Approved by: m-blaha + + +Backport to fix bug in dnf in oe-core +from https://github.com/rpm-software-management/dnf + +Removed spec file portion of patch + +Upstream-Status: Backport +Signed-off-by: Jate Sujjavanich +--- + dnf.spec | 4 ++-- + dnf/base.py | 3 --- + dnf/module/module_base.py | 2 +- + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/dnf/base.py b/dnf/base.py +index b2ced61..628c154 100644 +--- a/dnf/base.py ++++ b/dnf/base.py +@@ -1968,9 +1968,6 @@ class Base(object): + obsoletes=q.installed().union(q.upgrades())) + # add obsoletes into transaction + q = q.union(obsoletes) +- # provide only available packages to solver otherwise selection of available +- # possibilities will be ignored +- q = q.available() + if reponame is not None: + q.filterm(reponame=reponame) + q = self._merge_update_filters(q, pkg_spec=pkg_spec) +diff --git a/dnf/module/module_base.py b/dnf/module/module_base.py +index 976d730..ce70f63 100644 +--- a/dnf/module/module_base.py ++++ b/dnf/module/module_base.py +@@ -214,7 +214,7 @@ class ModuleBase(object): + + if not upgrade_package_set: + logger.error(_("Unable to match profile in argument {}").format(spec)) +- query = self.base.sack.query().available().filterm(name=upgrade_package_set) ++ query = self.base.sack.query().filterm(name=upgrade_package_set) + if query: + sltr = dnf.selector.Selector(self.base.sack) + sltr.set(pkg=query) +-- +2.7.4 + diff --git a/meta/recipes-devtools/dnf/dnf_4.2.2.bb b/meta/recipes-devtools/dnf/dnf_4.2.2.bb index 1b00ae945e..6b6b233d6d 100644 --- a/meta/recipes-devtools/dnf/dnf_4.2.2.bb +++ b/meta/recipes-devtools/dnf/dnf_4.2.2.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0030-Run-python-scripts-using-env.patch \ file://Fix-SyntaxWarning.patch \ file://0001-set-python-path-for-completion_helper.patch \ + file://0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch \ " SRCREV = "9947306a55271b8b7c9e2b6e3b7d582885b6045d" From patchwork Fri Dec 3 18:19:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 618 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6871C433EF for ; Fri, 3 Dec 2021 18:21:59 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web12.15503.1638555718859768039 for ; Fri, 03 Dec 2021 10:21:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ONe+d2lT; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id nh10-20020a17090b364a00b001a69adad5ebso3189523pjb.2 for ; Fri, 03 Dec 2021 10:21:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=K1fvdgEoV/KtAjQ3/YSAxkxO/s1tN7wDcl/n6zAvRrk=; b=ONe+d2lT3BaJV5Avuzv2MWBWgmIXu5r+WTfDBsnNhD5uv0omckYbO4sXSj1SQYdcrQ Hc7iMAUT9lWXYbVQW04/o/hAtM/eAy26nXKBum4xQGjrHjlsYZ04cMwtWBL72r2TEbeI RUUOI3JAYJIzelo4xzh2cb0TJjlzz7rjYnQJGh5aMFVS0UHYQJoxaZTr9QH+yvpzEka3 rJLnT6HEP0kQL2yPOJ/Mk6PcvQCwAD6vNzBe7svS4CxYDHuJ0zX6pfLEDpDnRY8bsuFo XMboVIdU0kOZK1ZhMOLXFMw3z7rqnu7KbF12Wlup798d87PDlAaWBekTL5H/8/P9eiXk ZqTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=K1fvdgEoV/KtAjQ3/YSAxkxO/s1tN7wDcl/n6zAvRrk=; b=KEHlZDlvYeKIPgKM+siPCTxHfDJX/V5va7oaBrWfwj6j6aUkwGGMCdcy2Y2n79MNh2 xiTSNy0paME7NAzHJWcAiVByU3gF9Gdg8gn6PpPyXMnlCfnTV9UhKKe8ToB0uL6LD0sB qDmf8UecOpJJlujyHcimarc9oTtlCmm0pEVnYaOWnjIHAK6D/3Km0YY7QrDfUtIPo1Wo 3lA4AojEXm2p7+NLShID53euCUPss1b8l0NTlL6qOPm7VNw10wcLfhCWxUpYgjzlBJt0 cIaOrT2p//5DMXJGFyDmddtx2EFomyegL6g7Z3T3EcB4isIF6ZtiH0Gjx6YzopW32Biq idAg== X-Gm-Message-State: AOAM530xsk5suWcMKl/K2tSgwYz8SOiJ0UWQ8caepqKYoJB9Xy7NXYbs yWARu99pSjgiUfl+Xc7vLxLHPOBbHBJBqZCNDX0= X-Google-Smtp-Source: ABdhPJzaHZvwfoVK8NsiySzGvXAERzdSqhY3mDg3JLpWRi6gQ72V79Xz3kINpemktwOcjx6VW1M6yg== X-Received: by 2002:a17:902:c206:b0:142:631:5ffc with SMTP id 6-20020a170902c20600b0014206315ffcmr24907120pll.38.1638555717658; Fri, 03 Dec 2021 10:21:57 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:21:57 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/18] libunwind: Backport a fix for -fno-common option to compile Date: Fri, 3 Dec 2021 08:19:00 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:21:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159140 From: Khem Raj [Khem Raj] defaults for gcc is to use -fno-common this ensures that it keeps building with gcc -fno-common Fixes src/arm/Ginit.c:60: multiple definition of `_U_dyn_info_list'; mi/.libs/dyn-info-list.o:/usr/src/debug/libunwind/1.4.0-r0/build/src/../../libunwind-1.4.0/src/mi/dyn-info-list.c:28: first defined here [Philippe Coval] Change and related patch ported to dunfell branch on 1.3.1 version Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Origin: https://github.com/openembedded/openembedded-core/commit/6cd2cf6525bcb241b3a2538e559fcef2a2084a7e Signed-off-by: Philippe Coval Signed-off-by: Steve Sakoman --- ...0001-Fix-compilation-with-fno-common.patch | 420 ++++++++++++++++++ .../libunwind/libunwind_1.3.1.bb | 1 + 2 files changed, 421 insertions(+) create mode 100644 meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch diff --git a/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch b/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch new file mode 100644 index 0000000000..34a1f46b0f --- /dev/null +++ b/meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch @@ -0,0 +1,420 @@ +From 51112447b316813ad1ae50ea66feca4eb755a424 Mon Sep 17 00:00:00 2001 +From: Yichao Yu +Date: Tue, 31 Mar 2020 00:43:32 -0400 +Subject: [PATCH] Fix compilation with -fno-common. + +[Khem Raj] +Making all other archs consistent with IA64 which should not have this problem. +Also move the FIXME to the correct place. + +Also add some minimum comments about this... + +[Philippe Coval] + +Patch ported to v1.3-stable branch, +patch to be used used in openembedded-core dunfell branch (on v1.3.1) +for oniro project. + +Upstream-Status: Backport [https://github.com/libunwind/libunwind/pull/166] +Signed-off-by: Khem Raj +Thanks-to: Yichao Yu +Origin: https://github.com/libunwind/libunwind/commit/29e17d8d2ccbca07c423e3089a6d5ae8a1c9cb6e +Relate-to: https://booting.oniroproject.org/distro/oniro/-/issues/191 +Forwarded: https://github.com/libunwind/libunwind/pull/312 +Last-Update: 2021-11-25 +Signed-off-by: Philippe Coval +--- + src/aarch64/Ginit.c | 15 +++++++-------- + src/arm/Ginit.c | 15 +++++++-------- + src/coredump/_UPT_get_dyn_info_list_addr.c | 5 +++++ + src/hppa/Ginit.c | 15 +++++++-------- + src/ia64/Ginit.c | 1 + + src/mi/Gfind_dynamic_proc_info.c | 1 + + src/mips/Ginit.c | 15 +++++++-------- + src/ppc32/Ginit.c | 11 +++++++---- + src/ppc64/Ginit.c | 11 +++++++---- + src/ptrace/_UPT_get_dyn_info_list_addr.c | 5 +++++ + src/sh/Ginit.c | 15 +++++++-------- + src/tilegx/Ginit.c | 15 +++++++-------- + src/x86/Ginit.c | 15 +++++++-------- + src/x86_64/Ginit.c | 15 +++++++-------- + 14 files changed, 82 insertions(+), 72 deletions(-) + +diff --git a/src/aarch64/Ginit.c b/src/aarch64/Ginit.c +index 9c4eae82..cb954b15 100644 +--- a/src/aarch64/Ginit.c ++++ b/src/aarch64/Ginit.c +@@ -61,13 +61,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -78,7 +71,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/arm/Ginit.c b/src/arm/Ginit.c +index 2720d063..0bac0d72 100644 +--- a/src/arm/Ginit.c ++++ b/src/arm/Ginit.c +@@ -57,18 +57,17 @@ tdep_uc_addr (unw_tdep_context_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/coredump/_UPT_get_dyn_info_list_addr.c b/src/coredump/_UPT_get_dyn_info_list_addr.c +index 0d119055..739ed056 100644 +--- a/src/coredump/_UPT_get_dyn_info_list_addr.c ++++ b/src/coredump/_UPT_get_dyn_info_list_addr.c +@@ -74,6 +74,11 @@ get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + + #else + ++/* XXX fix me: there is currently no way to locate the dyn-info list ++ by a remote unwinder. On ia64, this is done via a special ++ unwind-table entry. Perhaps something similar can be done with ++ DWARF2 unwind info. */ ++ + static inline int + get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + int *countp) +diff --git a/src/hppa/Ginit.c b/src/hppa/Ginit.c +index 461e4b93..265455a6 100644 +--- a/src/hppa/Ginit.c ++++ b/src/hppa/Ginit.c +@@ -64,13 +64,6 @@ _Uhppa_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -81,7 +74,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ia64/Ginit.c b/src/ia64/Ginit.c +index b09a2ad5..8601bb3c 100644 +--- a/src/ia64/Ginit.c ++++ b/src/ia64/Ginit.c +@@ -68,6 +68,7 @@ get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + if (!_U_dyn_info_list_addr) + return -UNW_ENOINFO; + #endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. + *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } +diff --git a/src/mi/Gfind_dynamic_proc_info.c b/src/mi/Gfind_dynamic_proc_info.c +index 98d35012..2e7c62e5 100644 +--- a/src/mi/Gfind_dynamic_proc_info.c ++++ b/src/mi/Gfind_dynamic_proc_info.c +@@ -49,6 +49,7 @@ local_find_proc_info (unw_addr_space_t as, unw_word_t ip, unw_proc_info_t *pi, + return -UNW_ENOINFO; + #endif + ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. + list = (unw_dyn_info_list_t *) (uintptr_t) _U_dyn_info_list_addr (); + for (di = list->first; di; di = di->next) + if (ip >= di->start_ip && ip < di->end_ip) +diff --git a/src/mips/Ginit.c b/src/mips/Ginit.c +index 3df170c7..bf7a8f5a 100644 +--- a/src/mips/Ginit.c ++++ b/src/mips/Ginit.c +@@ -69,13 +69,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -86,7 +79,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) (intptr_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ppc32/Ginit.c b/src/ppc32/Ginit.c +index ba302448..7b454558 100644 +--- a/src/ppc32/Ginit.c ++++ b/src/ppc32/Ginit.c +@@ -91,9 +91,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -104,7 +101,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ppc64/Ginit.c b/src/ppc64/Ginit.c +index 4c88cd6e..7bfb395a 100644 +--- a/src/ppc64/Ginit.c ++++ b/src/ppc64/Ginit.c +@@ -95,9 +95,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -108,7 +105,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/ptrace/_UPT_get_dyn_info_list_addr.c b/src/ptrace/_UPT_get_dyn_info_list_addr.c +index cc5ed044..16671d45 100644 +--- a/src/ptrace/_UPT_get_dyn_info_list_addr.c ++++ b/src/ptrace/_UPT_get_dyn_info_list_addr.c +@@ -71,6 +71,11 @@ get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + + #else + ++/* XXX fix me: there is currently no way to locate the dyn-info list ++ by a remote unwinder. On ia64, this is done via a special ++ unwind-table entry. Perhaps something similar can be done with ++ DWARF2 unwind info. */ ++ + static inline int + get_list_addr (unw_addr_space_t as, unw_word_t *dil_addr, void *arg, + int *countp) +diff --git a/src/sh/Ginit.c b/src/sh/Ginit.c +index 52988a72..9fe96d2b 100644 +--- a/src/sh/Ginit.c ++++ b/src/sh/Ginit.c +@@ -58,13 +58,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -75,7 +68,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/tilegx/Ginit.c b/src/tilegx/Ginit.c +index 7564a558..925e6413 100644 +--- a/src/tilegx/Ginit.c ++++ b/src/tilegx/Ginit.c +@@ -64,13 +64,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -81,7 +74,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) (intptr_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/x86/Ginit.c b/src/x86/Ginit.c +index f6b8dc27..3cec74a2 100644 +--- a/src/x86/Ginit.c ++++ b/src/x86/Ginit.c +@@ -54,13 +54,6 @@ tdep_uc_addr (ucontext_t *uc, int reg) + + # endif /* UNW_LOCAL_ONLY */ + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -71,7 +64,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +diff --git a/src/x86_64/Ginit.c b/src/x86_64/Ginit.c +index b7e8e462..fe6bcc33 100644 +--- a/src/x86_64/Ginit.c ++++ b/src/x86_64/Ginit.c +@@ -49,13 +49,6 @@ static struct unw_addr_space local_addr_space; + + unw_addr_space_t unw_local_addr_space = &local_addr_space; + +-HIDDEN unw_dyn_info_list_t _U_dyn_info_list; +- +-/* XXX fix me: there is currently no way to locate the dyn-info list +- by a remote unwinder. On ia64, this is done via a special +- unwind-table entry. Perhaps something similar can be done with +- DWARF2 unwind info. */ +- + static void + put_unwind_info (unw_addr_space_t as, unw_proc_info_t *proc_info, void *arg) + { +@@ -66,7 +59,13 @@ static int + get_dyn_info_list_addr (unw_addr_space_t as, unw_word_t *dyn_info_list_addr, + void *arg) + { +- *dyn_info_list_addr = (unw_word_t) &_U_dyn_info_list; ++#ifndef UNW_LOCAL_ONLY ++# pragma weak _U_dyn_info_list_addr ++ if (!_U_dyn_info_list_addr) ++ return -UNW_ENOINFO; ++#endif ++ // Access the `_U_dyn_info_list` from `LOCAL_ONLY` library, i.e. libunwind.so. ++ *dyn_info_list_addr = _U_dyn_info_list_addr (); + return 0; + } + +-- +2.32.0 + diff --git a/meta/recipes-support/libunwind/libunwind_1.3.1.bb b/meta/recipes-support/libunwind/libunwind_1.3.1.bb index 037e04c3c0..8ae94a834c 100644 --- a/meta/recipes-support/libunwind/libunwind_1.3.1.bb +++ b/meta/recipes-support/libunwind/libunwind_1.3.1.bb @@ -7,6 +7,7 @@ SRC_URI = "http://download.savannah.nongnu.org/releases/libunwind/libunwind-${PV file://0004-Fix-build-on-mips-musl.patch \ file://0005-ppc32-Consider-ucontext-mismatches-between-glibc-and.patch \ file://0006-Fix-for-X32.patch \ + file://0001-Fix-compilation-with-fno-common.patch \ " SRC_URI_append_libc-musl = " file://musl-header-conflict.patch" From patchwork Fri Dec 3 18:19:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 619 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5F15C433EF for ; Fri, 3 Dec 2021 18:22:02 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.web08.15317.1638555721638349485 for ; Fri, 03 Dec 2021 10:22:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=SuAW1962; spf=softfail (domain: sakoman.com, ip: 209.85.216.50, mailfrom: steve@sakoman.com) Received: by mail-pj1-f50.google.com with SMTP id w33-20020a17090a6ba400b001a722a06212so5684224pjj.0 for ; Fri, 03 Dec 2021 10:22:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=KUvcxIFtP8tBswF2ovTT5pkwiyTI8wrFJlrWTpUhAHY=; b=SuAW1962U7YX2J6olcIE+QWJBEeZZ7hmjqEMsviN5M38xVl18l8lntSzGLTGi8ln3E OX+EmSblOSmjY1jf9a8gupDvTkht0X5MjtSV1dHJFxj1un8cdBFmn3VR9BaP76ic4QAg 3OHy7t85mPVJCdz8a0r2p2GdSW2GdSU/5zN0tNU0VpXBF2rM00TViImRFTZS2D7kXKc8 DjpokYBUCxs4MlH3IDhVa6QQM+KnDFuecC9FQq7zo7VBkXqk/BPg7jUkZ6Uk0E3XurCM JSK5n/IIYYq0XWLMkoA5i8ADK2SDrTLtobTt9qRs8MvO6m/dZVqPD/bgzJr8R0/sRY8k /PxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KUvcxIFtP8tBswF2ovTT5pkwiyTI8wrFJlrWTpUhAHY=; b=Zi5n3xH14t8JgkO6H807EZYqH9cAVXqUKl3fcVi96160XnVWEv4DjKjR9d0sG9Ek2C yKt+Cu0aklY02qTLrs4DbFCrmQZfCoUX9OJajkBpuwcxQa/+aNfCMsTSHLSsmEEsCdN9 4tDX0io0F8D1y/w6T3Py+j1ocxc5YYFDEywWjXMhGJ750SlcjaMRz/0Bu7tbotYHCdO6 BZ+jtNBmHrF1qmVRx4+r+S89F1/uG3iXrTRsBLdrsl23GoV0i+NlJFeNI5J2q3RXLONF QfvSf9Pmi1k3Jp2aTBo4UFoCBdin6+CcjZIeCd7Deeken6oi8hYGCQAYy2qQwOZYkfM2 f7XA== X-Gm-Message-State: AOAM532JXWK8LI8tXxfnTkqikFOP/HJhgOK8EKHVLN1l9BzH6wZjGHBE tHO9KNV1ZjrXfBi2xMxbZsYGTWRoCdDxEtrGmbU= X-Google-Smtp-Source: ABdhPJy7pfgPfPsV7rDlM0fftsBye75w8yA/YuGzHJ8wcr5w4VlQ8p3WM+LETHvnXJEi5zIk2sUe4w== X-Received: by 2002:a17:90b:1650:: with SMTP id il16mr16229060pjb.83.1638555720701; Fri, 03 Dec 2021 10:22:00 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.21.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:22:00 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/18] buildhistory: Fix srcrevs output Date: Fri, 3 Dec 2021 08:19:01 -1000 Message-Id: <7f959f53675c1d943a76e466b63f32aaec34c9c8.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:22:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159141 From: Richard Purdie The code was assuming that the a recipe with only one srcrev wouldn't "name" it. This isn't the case as the glibc or bzip2 recipes show, you can have a single srcrev which is named. We can pull the data from the fetcher and in fact we already have it, we just need to handle the "default" case and make that code the default for all srcrev regardless of length. [YOCTO #14017] Signed-off-by: Richard Purdie (cherry picked from commit 45ae567932ba52b758eb41754453e9828d9533a1) Signed-off-by: Steve Sakoman --- meta/classes/buildhistory.bbclass | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 44a66df962..2746996cbb 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -953,23 +953,19 @@ def write_latest_srcrev(d, pkghistdir): value = value.replace('"', '').strip() old_tag_srcrevs[key] = value with open(srcrevfile, 'w') as f: - orig_srcrev = d.getVar('SRCREV', False) or 'INVALID' - if orig_srcrev != 'INVALID': - f.write('# SRCREV = "%s"\n' % orig_srcrev) - if len(srcrevs) > 1: - for name, srcrev in sorted(srcrevs.items()): - orig_srcrev = d.getVar('SRCREV_%s' % name, False) - if orig_srcrev: - f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev)) - f.write('SRCREV_%s = "%s"\n' % (name, srcrev)) - else: - f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values()))) - if len(tag_srcrevs) > 0: - for name, srcrev in sorted(tag_srcrevs.items()): - f.write('# tag_%s = "%s"\n' % (name, srcrev)) - if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev: - pkg = d.getVar('PN') - bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev)) + for name, srcrev in sorted(srcrevs.items()): + suffix = "_" + name + if name == "default": + suffix = "" + orig_srcrev = d.getVar('SRCREV%s' % suffix, False) + if orig_srcrev: + f.write('# SRCREV%s = "%s"\n' % (suffix, orig_srcrev)) + f.write('SRCREV%s = "%s"\n' % (suffix, srcrev)) + for name, srcrev in sorted(tag_srcrevs.items()): + f.write('# tag_%s = "%s"\n' % (name, srcrev)) + if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev: + pkg = d.getVar('PN') + bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev)) else: if os.path.exists(srcrevfile): From patchwork Fri Dec 3 18:19:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 620 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0C53C433F5 for ; Fri, 3 Dec 2021 18:22:11 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web12.15507.1638555728887434561 for ; Fri, 03 Dec 2021 10:22:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=eoklDn3e; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id np3so2933969pjb.4 for ; Fri, 03 Dec 2021 10:22:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=XNGbgba0EGy3IJuF3bmPdzZfUEhA7e4Gbvi83ibeis4=; b=eoklDn3et36fJf0S6ADNi8jp2NmM7tZtABQ4P50XGxHJoyH3YLNjYORIc7nst7i07u RGCu7Ee429EtFFYY09Fk/Bo4ixWfjlMxWQLmGlq3P783PPFg8U0dc6BTwHC2oc5Tr2CK SfPPwMMPhc0l1klbseXX8T8otIlbI4Z6cbFLRr175gMzOVrkCVupwDvDpFUZmxZP6Jex IPK2haksTGM2bDhTwSatt0S0dejb3EDAcXLqsEcKOYdfdJO588EWbCXCrl6L6mIY4eYz W8SvUu1BGNyK7Diw0CUYLlI9HkYs6no1nha5t70siu9Aau+uciB3H5WE2cuRBX6CI7sV g3Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XNGbgba0EGy3IJuF3bmPdzZfUEhA7e4Gbvi83ibeis4=; b=f6P7+AhXvY7ah8iqBUsugdYS/JVWMvSx0cg2INOHYB0tvaY8ueeecnwLmveA5sxFMu CCz1i1B7tDW3gFahOzF42vzMj0xtFVNd9obRh39/sSpz5HnGvYOedukRDwAjxdCeYHQI eDGb41JF1zSOGHKN0n4PPtDtIvCZX7PMj0QxY+Lfo5YsjDZCRtGacSvzAvVzkRt0+kFl SYUStpRDoXgp60ZvR+Nu+y+CHaYsftkvHPLloM8MBjF6k7RZHACw4pkySyl1ctJkTUQ4 XgNxbH6NliXbnGRptPNo/pzH1kU3KWyuViBvumP5147U1hC3Y+SHLREded9QE+phLmfK zYKQ== X-Gm-Message-State: AOAM531sLLeQge8S+KiM3Z6JVJnGZNsKjnlFxY5YHknzigF2kv4b6Qwz s1qixJuSdWqLiXS6ibDZ1vkznPPJKzCrvRc1swk= X-Google-Smtp-Source: ABdhPJzH554QZBwElDYqdaBMNn0e29ZrWdt9RIwkSDm9MiprBTSBqeGwDrP56NhVl8lZ3kVUT9KkFA== X-Received: by 2002:a17:90a:e7c2:: with SMTP id kb2mr16095822pjb.200.1638555727951; Fri, 03 Dec 2021 10:22:07 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.22.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:22:07 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/18] oeqa/parselogs: Fix quoting Date: Fri, 3 Dec 2021 08:19:02 -1000 Message-Id: <224c2674b101ab9ed90784ba421cdf3805b42435.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:22:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159142 From: Richard Purdie Fix deprecation warnings about invalid escape sequences. Signed-off-by: Richard Purdie (cherry picked from commit 43542614395150e8fa34133ba0fc7ee90f215bcb) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/runtime/cases/parselogs.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/parselogs.py b/meta/lib/oeqa/runtime/cases/parselogs.py index 30e42ed9d5..cc40ee1ac0 100644 --- a/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/meta/lib/oeqa/runtime/cases/parselogs.py @@ -296,7 +296,7 @@ class ParseLogsTest(OERuntimeTestCase): grepcmd = 'grep ' grepcmd += '-Ei "' for error in errors: - grepcmd += '\<' + error + '\>' + '|' + grepcmd += r'\<' + error + r'\>' + '|' grepcmd = grepcmd[:-1] grepcmd += '" ' + str(log) + " | grep -Eiv \'" @@ -307,13 +307,13 @@ class ParseLogsTest(OERuntimeTestCase): errorlist = ignore_errors['default'] for ignore_error in errorlist: - ignore_error = ignore_error.replace('(', '\(') - ignore_error = ignore_error.replace(')', '\)') + ignore_error = ignore_error.replace('(', r'\(') + ignore_error = ignore_error.replace(')', r'\)') ignore_error = ignore_error.replace("'", '.') - ignore_error = ignore_error.replace('?', '\?') - ignore_error = ignore_error.replace('[', '\[') - ignore_error = ignore_error.replace(']', '\]') - ignore_error = ignore_error.replace('*', '\*') + ignore_error = ignore_error.replace('?', r'\?') + ignore_error = ignore_error.replace('[', r'\[') + ignore_error = ignore_error.replace(']', r'\]') + ignore_error = ignore_error.replace('*', r'\*') ignore_error = ignore_error.replace('0-9', '[0-9]') grepcmd += ignore_error + '|' grepcmd = grepcmd[:-1] From patchwork Fri Dec 3 18:19:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 621 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D868EC433EF for ; Fri, 3 Dec 2021 18:22:14 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web12.15509.1638555734442693419 for ; Fri, 03 Dec 2021 10:22:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=svH9FeCv; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id j11so3887845pgs.2 for ; Fri, 03 Dec 2021 10:22:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=B5SL1vmQbfFDO3JxImrjqt7EKuzaGyQZh60tA1A7DJw=; b=svH9FeCviQkdpy0xjiCmBSJXmtgbwNnIw2vQ5kEGo7aYERMLH/A/DDfT/83rl0mJdM 2WW/McJCqS15mJG7Rpdd1IJrYFMEFqfsoAwF8Wql6aEpZUfOI4Zw18BjgF2otKFBUN+N 63xICdmm138Zz3A8ZvSDAUWtEJxhaCUA0KlkzsoJgPwjLoyBtmALab7Schsz7GIoM3DN B+gLu6WXIRSOlJVYhCc7a1EatcMVKW6rgDI/Hfk0RPGl7VvzeBHl1lk6ZY7PnGW1u6Oy sCx3fH+ZGn3zxEpZGfe7gF5VOfnHw98fATTOFco4a7D8FqpMk/GCWmWv/OQmnred+DL4 x8iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=B5SL1vmQbfFDO3JxImrjqt7EKuzaGyQZh60tA1A7DJw=; b=LQQBA/RRrAvaK4UKY7rwjsqJgkZAK8Lc+uuwvKLj+uX0tjVCA9fl7rKBiw1vXTPCCg zb9Vm/sZAFRePRSZKfc6IQ4fvHHSIbfBuFXWVRzGVttBzdaYro9/aWPVZYe9lItaTL+T 0/ooVOMMZRk1aDyztvCVvgySD9cWxbFW2+SPWjK0QQw6Krd5/k81/AGR86EFIwxsztat pHKEshPkS6CVGUIb2tko3wQI5gXuHWxCeo/3Yv1xiZhd6L0Oy7DdDaycCoNpX0YTjDVB mIuN2qK/5yfyyb0E9qiqEjaskLe2emHldy/QwbKXOsmqYIngYmKjXWsQzwzCEsxapnAI FOVw== X-Gm-Message-State: AOAM531rahZ7lcWyePo7tm0v960BJ1GP0YMF84ASPkVEp7Wnoh0Oj6RO pr8NTPW7uspoF9L2ly3HZtdd7+mOQCq4DS6Y7sw= X-Google-Smtp-Source: ABdhPJzcK/A2rVBgdHksxivPEqxEi78xol51xmvie9+RTEoqM1jX9zTxIswMa6w+yiKC9gUOAyxhDQ== X-Received: by 2002:a62:924e:0:b0:4a2:82d7:1244 with SMTP id o75-20020a62924e000000b004a282d71244mr20541084pfd.50.1638555733233; Fri, 03 Dec 2021 10:22:13 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.22.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:22:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/18] cmake: FindGTest: Add target for gmock library Date: Fri, 3 Dec 2021 08:19:03 -1000 Message-Id: <80ab29b962cea17a4f2486ad25577bc830cdd8d9.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:22:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159143 From: Eero Aaltonen `googlemock` has been absorbed into the [googletest](https://github.com/google/googletest) project and is built and installed from the same source tree. `googletest` has provided a CMake Config-file Package starting with GTest 1.8.1. `find_package(GTest ...)` by default dispatches first to CMake Find Module. Starting with CMake commit 2327b4330cce157d616ff8b611b3e77568d00351 in CMake v3.20.0 the module dispatches onward to the Config-file Package so that the same targets are available. In pre v3.20.0 versions of CMake however the Find Module masks the targets provided by the upstream `GTest` package. Update `Modules/FindGTest.cmake` to provide the same targets as the CMake Config-file Package and backwards compatible targets and result variables. Signed-off-by: Eero Aaltonen Signed-off-by: Steve Sakoman --- .../cmake/cmake-native_3.16.5.bb | 1 + ...ndGTest-Add-target-for-gmock-library.patch | 255 ++++++++++++++++++ 2 files changed, 256 insertions(+) create mode 100644 meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch diff --git a/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb b/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb index b2952ee5f5..96a7be6770 100644 --- a/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb +++ b/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb @@ -7,6 +7,7 @@ SRC_URI += "file://OEToolchainConfig.cmake \ file://environment.d-cmake.sh \ file://0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch \ file://0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch \ + file://0006-cmake-FindGTest-Add-target-for-gmock-library.patch \ " diff --git a/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch b/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch new file mode 100644 index 0000000000..267f586a71 --- /dev/null +++ b/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch @@ -0,0 +1,255 @@ +From 39eae0d6c1b398f18761abac7f55944f0290f8a1 Mon Sep 17 00:00:00 2001 +From: Eero Aaltonen +Date: Sun, 17 Oct 2021 17:13:07 +0300 +Subject: [PATCH] FindGTest: Add target for gmock library + +`googlemock` has been absorbed into the +[googletest](https://github.com/google/googletest) project and is built +and installed from the same source tree. + +As GTest may be built with or without GMock, skip GMock if it is not +present. + +Do not provide result variables for GMock. They are not provided by +upstream GTest's CMake Package Configuration File. + +Also update the test case to cover linking to `GTest::gmock`. + +The patch was imported from the Kitware git server +(git@gitlab.kitware.com:cmake/cmake.git) as of commit id +50bf457a0dd857cf976b22c5be7d333493233d1e + +Patch was modified to support upper case variable `GTEST_FOUND`. + +Upstream-Status: Accepted [https://gitlab.kitware.com/cmake/cmake/-/merge_requests/6632] +Milestone: 3.23.0 + +Signed-off-by: Eero Aaltonen +--- + .../dev/FindGTest-target-for-gmock.rst | 4 + + Modules/FindGTest.cmake | 133 +++++++++++++++--- + Tests/FindGTest/Test/CMakeLists.txt | 4 + + 3 files changed, 121 insertions(+), 20 deletions(-) + create mode 100644 Help/release/dev/FindGTest-target-for-gmock.rst + +diff --git a/Help/release/dev/FindGTest-target-for-gmock.rst b/Help/release/dev/FindGTest-target-for-gmock.rst +new file mode 100644 +index 0000000000..f78242c80e +--- /dev/null ++++ b/Help/release/dev/FindGTest-target-for-gmock.rst +@@ -0,0 +1,4 @@ ++FindGTest-target-for-gmock ++-------------------------- ++ ++* The :module:`FindGTest` module now provides a target for GMock, if found. +diff --git a/Modules/FindGTest.cmake b/Modules/FindGTest.cmake +index e015a9840f..0331049594 100644 +--- a/Modules/FindGTest.cmake ++++ b/Modules/FindGTest.cmake +@@ -7,10 +7,23 @@ FindGTest + + Locate the Google C++ Testing Framework. + ++.. versionadded:: 3.20 ++ Upstream ``GTestConfig.cmake`` is used if possible. ++ + Imported targets + ^^^^^^^^^^^^^^^^ + +-This module defines the following :prop_tgt:`IMPORTED` targets: ++ This module defines the following :prop_tgt:`IMPORTED` targets: ++ ++``GTest::gtest`` ++ The Google Test ``gtest`` library, if found; adds Thread::Thread ++ automatically ++``GTest::gtest_main`` ++ The Google Test ``gtest_main`` library, if found ++ ++.. deprecated:: 3.20 ++ For backwards compatibility, this module defines additionally the ++ following deprecated :prop_tgt:`IMPORTED` targets (available since 3.5): + + ``GTest::GTest`` + The Google Test ``gtest`` library, if found; adds Thread::Thread +@@ -18,7 +31,6 @@ This module defines the following :prop_tgt:`IMPORTED` targets: + ``GTest::Main`` + The Google Test ``gtest_main`` library, if found + +- + Result variables + ^^^^^^^^^^^^^^^^ + +@@ -146,8 +158,42 @@ function(__gtest_import_library _target _var _config) + endif() + endfunction() + ++function(__gtest_define_backwards_compatible_library_targets) ++ set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES} PARENT_SCOPE) ++ ++ # Add targets mapping the same library names as defined in ++ # older versions of CMake's FindGTest ++ if(NOT TARGET GTest::GTest) ++ add_library(GTest::GTest INTERFACE IMPORTED) ++ target_link_libraries(GTest::GTest INTERFACE GTest::gtest) ++ endif() ++ if(NOT TARGET GTest::Main) ++ add_library(GTest::Main INTERFACE IMPORTED) ++ target_link_libraries(GTest::Main INTERFACE GTest::gtest_main) ++ endif() ++endfunction() ++ + # + ++include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) ++ ++# first specifically look for the CMake version of GTest ++find_package(GTest QUIET NO_MODULE) ++ ++# if we found the GTest cmake package then we are done, and ++# can print what we found and return. ++if(GTest_FOUND) ++ set(GTEST_FOUND ${GTest_FOUND}) ++ FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest HANDLE_COMPONENTS CONFIG_MODE) ++ ++ set(GTEST_LIBRARIES GTest::gtest) ++ set(GTEST_MAIN_LIBRARIES GTest::gtest_main) ++ ++ __gtest_define_backwards_compatible_library_targets() ++ ++ return() ++endif() ++ + if(NOT DEFINED GTEST_MSVC_SEARCH) + set(GTEST_MSVC_SEARCH MD) + endif() +@@ -194,50 +240,97 @@ if(MSVC AND GTEST_MSVC_SEARCH STREQUAL "MD") + __gtest_find_library(GTEST_LIBRARY_DEBUG gtest-mdd gtestd) + __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main-md gtest_main) + __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_main-mdd gtest_maind) ++ __gtest_find_library(GMOCK_LIBRARY gmock-md gmock) ++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmock-mdd gmockd) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main-md gmock_main) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_main-mdd gmock_maind) + else() + __gtest_find_library(GTEST_LIBRARY gtest) + __gtest_find_library(GTEST_LIBRARY_DEBUG gtestd) + __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main) + __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_maind) ++ __gtest_find_library(GMOCK_LIBRARY gmock) ++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmockd) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main) ++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_maind) + endif() + +-include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) + FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest DEFAULT_MSG GTEST_LIBRARY GTEST_INCLUDE_DIR GTEST_MAIN_LIBRARY) + +-if(GTEST_FOUND) ++if(GMOCK_LIBRARY AND GMOCK_MAIN_LIBRARY) ++ set(GMock_FOUND True) ++else() ++ set(GMock_FOUND False) ++endif() ++ ++if(GTest_FOUND) + set(GTEST_INCLUDE_DIRS ${GTEST_INCLUDE_DIR}) + __gtest_append_debugs(GTEST_LIBRARIES GTEST_LIBRARY) + __gtest_append_debugs(GTEST_MAIN_LIBRARIES GTEST_MAIN_LIBRARY) +- set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES}) + + find_package(Threads QUIET) + +- if(NOT TARGET GTest::GTest) ++ if(NOT TARGET GTest::gtest) + __gtest_determine_library_type(GTEST_LIBRARY) +- add_library(GTest::GTest ${GTEST_LIBRARY_TYPE} IMPORTED) ++ add_library(GTest::gtest ${GTEST_LIBRARY_TYPE} IMPORTED) + if(TARGET Threads::Threads) +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_LINK_LIBRARIES Threads::Threads) + endif() + if(GTEST_LIBRARY_TYPE STREQUAL "SHARED") +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1") + endif() + if(GTEST_INCLUDE_DIRS) +- set_target_properties(GTest::GTest PROPERTIES ++ set_target_properties(GTest::gtest PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}") + endif() +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "") +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "RELEASE") +- __gtest_import_library(GTest::GTest GTEST_LIBRARY "DEBUG") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "DEBUG") + endif() +- if(NOT TARGET GTest::Main) ++ if(NOT TARGET GTest::gtest_main) + __gtest_determine_library_type(GTEST_MAIN_LIBRARY) +- add_library(GTest::Main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED) +- set_target_properties(GTest::Main PROPERTIES +- INTERFACE_LINK_LIBRARIES "GTest::GTest") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "RELEASE") +- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "DEBUG") ++ add_library(GTest::gtest_main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED) ++ set_target_properties(GTest::gtest_main PROPERTIES ++ INTERFACE_LINK_LIBRARIES "GTest::gtest") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "DEBUG") ++ endif() ++ ++ __gtest_define_backwards_compatible_library_targets() ++endif() ++ ++if(GMock_FOUND) ++ if(NOT TARGET GTest::gmock) ++ __gtest_determine_library_type(GMOCK_LIBRARY) ++ add_library(GTest::gmock ${GMOCK_LIBRARY_TYPE} IMPORTED) ++ set(_gmock_link_libraries "GTest::gtest") ++ if(TARGET Threads::Threads) ++ list(APPEND _gmock_link_libraries Threads::Threads) ++ endif() ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_LINK_LIBRARIES "${_gmock_link_libraries}") ++ if(GMOCK_LIBRARY_TYPE STREQUAL "SHARED") ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_COMPILE_DEFINITIONS "GMOCK_LINKED_AS_SHARED_LIBRARY=1") ++ endif() ++ if(GTEST_INCLUDE_DIRS) ++ set_target_properties(GTest::gmock PROPERTIES ++ INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}") ++ endif() ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "") ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "DEBUG") ++ endif() ++ if(NOT TARGET GTest::gmock_main) ++ __gtest_determine_library_type(GMOCK_MAIN_LIBRARY) ++ add_library(GTest::gmock_main ${GMOCK_MAIN_LIBRARY_TYPE} IMPORTED) ++ set_target_properties(GTest::gmock_main PROPERTIES ++ INTERFACE_LINK_LIBRARIES "GTest::gmock") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "RELEASE") ++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "DEBUG") + endif() + endif() +diff --git a/Tests/FindGTest/Test/CMakeLists.txt b/Tests/FindGTest/Test/CMakeLists.txt +index b65b9d28f6..7d3a378a65 100644 +--- a/Tests/FindGTest/Test/CMakeLists.txt ++++ b/Tests/FindGTest/Test/CMakeLists.txt +@@ -12,3 +12,7 @@ add_executable(test_gtest_var main.cxx) + target_include_directories(test_gtest_var PRIVATE ${GTEST_INCLUDE_DIRS}) + target_link_libraries(test_gtest_var PRIVATE ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT}) + add_test(NAME test_gtest_var COMMAND test_gtest_var) ++ ++add_executable(test_gmock_tgt main.cxx) ++target_link_libraries(test_gmock_tgt GTest::gmock_main) ++add_test(NAME test_gmock_tgt COMMAND test_gmock_tgt) +-- +2.17.1 + From patchwork Fri Dec 3 18:19:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 622 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2ECCC433F5 for ; Fri, 3 Dec 2021 18:22:22 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web12.15513.1638555741935595123 for ; Fri, 03 Dec 2021 10:22:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=RJgEF7O3; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id m15so3840897pgu.11 for ; Fri, 03 Dec 2021 10:22:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xKdf1qKrUWWgVsU2dJkofvgJbv4exlQDD3n3Sh/BAEk=; b=RJgEF7O3wposuMB71jNJhJ1yh8poAnydD5eBFPuK6y2TbvPz9Q3QHSI2mXMNQatSsQ M6RqW56uST8PF1wNJ2vr9wirmajL/fgx4qdLJ0Q7brdAH8bzoztQO4PUqqydpjgVFzk1 3opuYgmUFOJwDuFLZclm1REzPrd+wwEb9u6f4hOm9cXo/odXtRt7XpkQQlnSxjkHXzgd h2Ij/jaYfTodJOk3Q+NZG4Nw3SsNyqPYgjMxLVpT1zjM28hH4MPrYvhmjzFufef6gSXd Azi3mgdZRCaCUzxRISnQE7FTrlE/5WF2NP2jFj0bHF6tMX8PDwjmXJh+6U9u8rQqwnKS mOlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xKdf1qKrUWWgVsU2dJkofvgJbv4exlQDD3n3Sh/BAEk=; b=yIf5HXB6dBBBmae5GLKQenUF4hid4Mt3ZnvusyG2wFDjmIZdpQ1xrvFv4K1D/7rnt4 6pwvuMOVHySqBXt1LB0XpLq577vgJrvc6CTHEsOPmueSHudhpkVMGR1jRO6/rVZvCS90 iWyjn9+3m5oPZ6LVB8seKOQA+NOrTgUVqIeVbDXPEvz1OeXYAHk60/F3nOmy4o5tldQj dzszHp6Ucf/l8zbT9quf/DMl3ca//NiB7gNuj03yayUa09dxJrX9VdQ+2rQe5boQEK4D HXuCVlco8a3zuFG8mnna6GQl23W1P/vwQ9qnFp1a7wQtrm9PubAicLofNXp1vHag/3oY Ysjg== X-Gm-Message-State: AOAM531rKelD8PTR+C3D0NnlNp8NPXe6YlHgVzoDnDR1MhQJopliuQ3m UZR3qfaOXk2K0i6ok1Zp8lshPzw/ZLVDOkMpW3I= X-Google-Smtp-Source: ABdhPJzB25stM33wf7toN7cr7WefqPzaRWEQTt3/wuOpZa1wWDLlMTN5HXU9pDqiExNmsvHsreJ57g== X-Received: by 2002:a62:7c4b:0:b0:494:66ab:ae0a with SMTP id x72-20020a627c4b000000b0049466abae0amr20575199pfc.18.1638555737752; Fri, 03 Dec 2021 10:22:17 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.22.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:22:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 17/18] scripts/checklayer/common.py: Fixed a minor grammatical error Date: Fri, 3 Dec 2021 08:19:04 -1000 Message-Id: <28ffff38a00b50f299154b4a5a42e7135ba91397.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:22:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159144 From: Dhruva Gole Signed-off-by: Dhruva Gole Signed-off-by: Richard Purdie (cherry picked from commit 8ea17456ae5318ed7a3b4c8f75c8441456d8b979) Signed-off-by: Steve Sakoman --- scripts/lib/checklayer/cases/common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py index b82304e361..4495f71b24 100644 --- a/scripts/lib/checklayer/cases/common.py +++ b/scripts/lib/checklayer/cases/common.py @@ -14,7 +14,7 @@ class CommonCheckLayer(OECheckLayerTestCase): # The top-level README file may have a suffix (like README.rst or README.txt). readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*')) self.assertTrue(len(readme_files) > 0, - msg="Layer doesn't contains README file.") + msg="Layer doesn't contain a README file.") # There might be more than one file matching the file pattern above # (for example, README.rst and README-COPYING.rst). The one with the shortest From patchwork Fri Dec 3 18:19:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 623 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D511AC433EF for ; Fri, 3 Dec 2021 18:22:26 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web12.15514.1638555745818391665 for ; Fri, 03 Dec 2021 10:22:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=I+AVv42Q; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id i12so3655374pfd.6 for ; Fri, 03 Dec 2021 10:22:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BFj/Fo3QQ9lSV8fr1Ki6jfue0YJi0KwaWWkmE0xUF7E=; b=I+AVv42Qfw5pePVjVppoaf6AV6SoIxjzl4RiRSrA6uyZpZH8mxsNM+0nLXlJdyCS6B +7RMzgPhteLsOj5Iv9wyifezn3HXOugypR2Fwdl8Ld4h0cYyhYtCF9ZR53XLAQdw5vI4 frYsU8I9N3piHLPrmDWcdIcUDGb+pDNrBQG4Ozf2BwUXr/eIkfDrJuLXhYL+ds6cbnb3 9voxaBDPG9UKmqVpUwEQ0d7KqoLtmfDlbZjcKASPukDVsKayrUsdXV618bo2OlD1d3gi 5gZckWb2iiIsvi5Zo/O60lboAVBt7u3q4jnoExiq1Nzg8trv12AiTxeP/xtLGe2aTT5n WrFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BFj/Fo3QQ9lSV8fr1Ki6jfue0YJi0KwaWWkmE0xUF7E=; b=ULgQRpaWC+NKKwv1joYoAcIAxhngkRyvd9/VdQl6FPqo/9/9IKL+U9cwNe8BORD63z pGBwza0oVvutQjR3TH8H/kuybdl6GPI87j5OheUSQUEBta7sMzp5xOEvzDBiun/6Qq1k rTVwHPC3cbxP+j0CIAXhdigVTbupyfubHigHk+V7ib+fB9jb5ahjTQVLYCdYHG2XLYiN vxIjWiO6nRsY+YF5jwTESbKyAgtGEkv5CyHY7hYH7HUJZhFm52x+RwBiOB0gqtq0+KQm O3rJK9rJ293p7nkmQXUfwNuBg3rjaIBc6BPDLeB5TY+QS4gRNqUhcHPilo/ALBfF1Miq 4nkA== X-Gm-Message-State: AOAM533odeF5Hv+MyPxiue2jGRxhq8W1Zm7j7vaeiP4f92ofRJaqeB1P FU1ycUfHLSUMFwh/3dDD3DY8klUMQKJVUF2ATvg= X-Google-Smtp-Source: ABdhPJwpZg8YI3dOIIsrIE4s6cq/VTKI/qr9nI/CMsdnnGXqxRK65nKtpYS2jqTOCXmI7zUsJj4JZw== X-Received: by 2002:a05:6a00:2405:b0:4a8:3294:743e with SMTP id z5-20020a056a00240500b004a83294743emr20349567pfh.61.1638555744897; Fri, 03 Dec 2021 10:22:24 -0800 (PST) Received: from localhost.localdomain (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id 130sm3959753pfu.13.2021.12.03.10.22.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 10:22:24 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 18/18] README.OE-Core.md: update URLs Date: Fri, 3 Dec 2021 08:19:05 -1000 Message-Id: <220e17952ac42a9be5a8c807a5507b04c86317d1.1638555254.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Dec 2021 18:22:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159145 From: Quentin Schulz Update URLs to what they actually redirect to. Cc: Quentin Schulz Signed-off-by: Quentin Schulz Signed-off-by: Richard Purdie (cherry picked from commit ec2131070cae6c3933e5b08986e8245fcd9deb99) Signed-off-by: Steve Sakoman --- README.OE-Core | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.OE-Core b/README.OE-Core index 521916cd4f..2f2127fb03 100644 --- a/README.OE-Core +++ b/README.OE-Core @@ -6,24 +6,24 @@ of OpenEmbedded. It is distro-less (can build a functional image with DISTRO = "nodistro") and contains only emulated machine support. For information about OpenEmbedded, see the OpenEmbedded website: - http://www.openembedded.org/ + https://www.openembedded.org/ The Yocto Project has extensive documentation about OE including a reference manual which can be found at: - http://yoctoproject.org/documentation + https://docs.yoctoproject.org/ Contributing ------------ Please refer to -http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded +https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded for guidelines on how to submit patches. Mailing list: - http://lists.openembedded.org/mailman/listinfo/openembedded-core + https://lists.openembedded.org/g/openembedded-core Source code: - http://git.openembedded.org/openembedded-core/ + https://git.openembedded.org/openembedded-core/