From patchwork Wed Jul 31 12:02:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 47054 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46FB1C52D6F for ; Wed, 31 Jul 2024 12:02:18 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.41333.1722427333514134831 for ; Wed, 31 Jul 2024 05:02:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qgc9XaqJ; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1fc569440e1so50725745ad.3 for ; Wed, 31 Jul 2024 05:02:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1722427332; x=1723032132; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uMvgkaMicbzf7zFFzP43vfxvnvSfJ/zdDsGTRYq+ofM=; b=qgc9XaqJQXySlbsFKeRrvOSZJxAdfLEFeOD2AChVe78ZqO+n4cTIa/WggX3/oFB3BP V7beeW4krTUpL+w1Jq0OxxfCM5bVD4vDyvYFeHo/2rjdxnI6JRYbpJQa3ANOCjoVi8NX T2ucswc9QuZZHSIJfTF80zXxwuoZQNt+d2MSiWSGJiLgbZoDXDRyG1/YDhRJi17Gglzd upNtIp6afIoCkThfPbKpGDJT+P6PbHps/ytDwSes0b5Wx5mwR0tPYmCUUPLX3E8VZCv6 2BUtZq7F7wVgjGG8kMn+3NGbJK4oZ6k+fF4anaw/psCUXHFr3dAEbRXvnTTCoVGGe+H9 5X6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722427332; x=1723032132; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uMvgkaMicbzf7zFFzP43vfxvnvSfJ/zdDsGTRYq+ofM=; b=NqwgTBUS9/JmDEHoqKr74P+6QTjoyavZfZe7EbOlasUQamsbNdbqyuoZRNFsM46X4w IFKDMLN+0afmixvEeh+Gxl5FYjE5xq61ni4nhtKULTfBgAAxMql2MKBabavyUHkJZPiQ PtAUvja+dQ04lQGuPzOIxV77JLseD6QAhBdmnUV+d6RRO0GQR6RjFn+CvPQzgR1qK/b8 wrott7OKJMfAbW5PJo0TnJpjHyjeMbJaCX/1BRD9AZODf0u4mTUgP0sVRV/JfOqlkyNq JY0FsEWvg3wVBHdvEvF73roinJexCidOy8UN3ewmN9WqwLQqlHsyZ4JaN0ZLPUXtyqNz vw/A== X-Gm-Message-State: AOJu0YwQS5mkzyUx9Aoo7+wZ8GecIdeaW3+Lwt+S1rW9DU/9FxCWlVBL 6Hr9GZ3bvSXJEgXMogaViiseuIEaOSTcWOlWakFDa03Ywi/94FdCHe3sMgXSVWGIUL7PZNul2Lm m64Q= X-Google-Smtp-Source: AGHT+IGOO+pGEBcXBFxf8aOp88yDVFg/p8AQcqzQChZUUTkZ+YuGiG1qo2GsGO5O5i0Ot6es+mSB3w== X-Received: by 2002:a17:902:c943:b0:1fa:a03e:349a with SMTP id d9443c01a7336-1ff048dba35mr166309185ad.52.1722427332425; Wed, 31 Jul 2024 05:02:12 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7d4129asm119048315ad.118.2024.07.31.05.02.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 05:02:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 1/5] wpa-supplicant: Patch CVE-2023-52160 Date: Wed, 31 Jul 2024 05:02:01 -0700 Message-Id: <5e1283f0afeaf0d0aa5e1c96fc571f69897e1ca8.1722427225.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 12:02:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202704 From: Peter Marko PEAP client: Update Phase 2 authentication requirements. Also see https://www.top10vpn.com/research/wifi-vulnerabilities/ Patch is copied from scarthgap, the recipes differ too much for cherry-pick even if they have the same version. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...te-Phase-2-authentication-requiremen.patch | 213 ++++++++++++++++++ .../wpa-supplicant/wpa-supplicant_2.10.bb | 1 + 2 files changed, 214 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 0000000000..bc2db972c3 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch @@ -0,0 +1,213 @@ +From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen + +CVE: CVE-2023-52160 +Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] + +Signed-off-by: Claus Stovgaard +Signed-off-by: Peter Marko +--- + src/eap_peer/eap_config.h | 8 ++++++ + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++--- + src/eap_peer/eap_tls_common.c | 6 +++++ + src/eap_peer/eap_tls_common.h | 5 ++++ + wpa_supplicant/wpa_supplicant.conf | 7 ++++++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 3238f74..047eec2 100644 +--- a/src/eap_peer/eap_config.h ++++ b/src/eap_peer/eap_config.h +@@ -469,6 +469,14 @@ struct eap_peer_config { + * 1 = use cryptobinding if server supports it + * 2 = require cryptobinding + * ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * + * EAP-WSC (WPS) uses following options: pin=Device_Password and + * uuid=Device_UUID + * +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df..6080697 100644 +--- a/src/eap_peer/eap_peap.c ++++ b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Do not require Phase 2 authentication"); ++ } else if (os_strstr(phase1, "phase2_auth=1")) { ++ data->phase2_auth = FOR_INITIAL; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); ++ } else if (os_strstr(phase1, "phase2_auth=2")) { ++ data->phase2_auth = ALWAYS; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); ++ } + #ifdef EAP_TNC + if (os_strstr(phase1, "tnc=soh2")) { + data->soh = 2; +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) + data->force_peap_version = -1; + data->peap_outer_success = 2; + data->crypto_binding = OPTIONAL_BINDING; ++ data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_peap_parse_phase1(data, config->phase1); +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, + } + + ++static bool peap_phase2_sufficient(struct eap_sm *sm, ++ struct eap_peap_data *data) ++{ ++ if ((data->phase2_auth == ALWAYS || ++ (data->phase2_auth == FOR_INITIAL && ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && ++ !data->ssl.client_cert_conf) || ++ data->phase2_eap_started) && ++ !data->phase2_eap_success) ++ return false; ++ return true; ++} ++ ++ + /** + * eap_tlv_process - Process a received EAP-TLV message and generate a response + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, + " - force failed Phase 2"); + resp_status = EAP_TLV_RESULT_FAILURE; + ret->decision = DECISION_FAIL; ++ } else if (!peap_phase2_sufficient(sm, data)) { ++ wpa_printf(MSG_INFO, ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); ++ resp_status = EAP_TLV_RESULT_FAILURE; ++ ret->decision = DECISION_FAIL; + } else { + resp_status = EAP_TLV_RESULT_SUCCESS; + ret->decision = DECISION_UNCOND_SUCC; +@@ -887,8 +921,7 @@ continue_req: + /* EAP-Success within TLS tunnel is used to indicate + * shutdown of the TLS channel. The authentication has + * been completed. */ +- if (data->phase2_eap_started && +- !data->phase2_eap_success) { ++ if (!peap_phase2_sufficient(sm, data)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " + "Success used to indicate success, " + "but Phase 2 EAP was not yet " +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) + { + struct eap_peap_data *data = priv; ++ + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && +- data->phase2_success; ++ data->phase2_success && data->phase2_auth != ALWAYS; + } + + +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index c1837db..a53eeb1 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, + + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); + ++ if (!phase2) ++ data->client_cert_conf = params->client_cert || ++ params->client_cert_blob || ++ params->private_key || ++ params->private_key_blob; ++ + return 0; + } + +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h +index 9ac0012..3348634 100644 +--- a/src/eap_peer/eap_tls_common.h ++++ b/src/eap_peer/eap_tls_common.h +@@ -79,6 +79,11 @@ struct eap_ssl_data { + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; ++ ++ /** ++ * client_cert_conf: Whether client certificate has been configured ++ */ ++ bool client_cert_conf; + }; + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index 6619d6b..d63f73c 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1321,6 +1321,13 @@ fast_reauth=1 + # * 0 = do not use cryptobinding (default) + # * 1 = use cryptobinding if server supports it + # * 2 = require cryptobinding ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS ++# tunnel) behavior for PEAP: ++# * 0 = do not require Phase 2 authentication ++# * 1 = require Phase 2 authentication when client certificate ++# (private_key/client_cert) is no used and TLS session resumption was ++# not used (default) ++# * 2 = require Phase 2 authentication in all cases + # EAP-WSC (WPS) uses following options: pin= or + # pbc=1. + # diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb index 6e80ac7de3..70f1fd6fc9 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -25,6 +25,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa_supplicant.conf \ file://wpa_supplicant.conf-sane \ file://99_wpa_supplicant \ + file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \ " SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" From patchwork Wed Jul 31 12:02:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 47051 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F833C49EA1 for ; Wed, 31 Jul 2024 12:02:18 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.41068.1722427335113634600 for ; Wed, 31 Jul 2024 05:02:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KUtok+va; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1fc60c3ead4so39003365ad.0 for ; Wed, 31 Jul 2024 05:02:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1722427334; x=1723032134; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=u8ljnfNmnNsTIjhFiO9ymirbCU7aBE+9zj4lUiocmhc=; b=KUtok+vajatzOrkf7bhSXF72mRJXR8lblUxJqy85ueX0xm4Y8LGm2PRmGLUeNs3mjm FgtYnSBEYE/q5o1DLVE4qTT1Hb8W2H0xHxQVJsFNrC7sNHfzhsK0R2QHaM9/rEcau7J+ In0PLaLdeQmtVqcwZDA8ELM4M9Kph3t7DzBW8jbtBuNXMp+1vLpjufscSjTNR96AUflw +32i/91rLUo1EGd3nQClZy61+9NO70yOONdo19rL6erTISgjhYF6ai5zyXNYtNp1Jrxr 8iQe/2kpSCLWuaGHg0j16KMeMAHIh/7/GG93jjB92JeQplrbIoBLmOpv3FcEgev2Op3g EpRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722427334; x=1723032134; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u8ljnfNmnNsTIjhFiO9ymirbCU7aBE+9zj4lUiocmhc=; b=t2QLX9Zh4ZmUuGn824SsCiMu9nl9br/ESdih3qNn+n140ZCVfpNRn88NmMQtRkxOzi U/xCwP8wW+ElaeOSbXzsIwcZM9r9ANfKPqglSBJ6g8f5DvIA8wqgl4aY3/70BaE7uNav u5282+swYUNKHzbjEVGijT14wduqo/AJdhVpfgks/Lg3cKU7KuAfQ9tCWkMwWkmA3v24 2r03sODPLkUZO11SUu5jDCHsnhsR4lvAb9k8Ex+U/KazeCY5zIQp52TsF/v2VCugwvwT MTvNQ8AkWeZWpHly+l+XsUyQQTaRMbsForTI//5Pbns0WfAnUEpfVHJOF+byLKApSFYP 4vIw== X-Gm-Message-State: AOJu0YwuQ5D9eb9uLmy+1gqyyldi3EbPAJcE0ss2BmLU9Lg6ne1aPSda IEA3Qrd3YwjFZfk0WCGWm9hYtSpmg6vBGblfdQv+ItMahLe6J7mao+wJt/YjbegD9IB8xbNBHPG Dty0= X-Google-Smtp-Source: AGHT+IHm35t+j6rdaEN+CAkKZQ0cpoAaMNT8a6luMd2ni8TXhrg3rbLVFK3tduVneEGYsivS1ChS7w== X-Received: by 2002:a17:903:1111:b0:1fd:6529:744c with SMTP id d9443c01a7336-1ff048075b5mr126705075ad.1.1722427334235; Wed, 31 Jul 2024 05:02:14 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7d4129asm119048315ad.118.2024.07.31.05.02.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 05:02:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 2/5] llvm: Fix CVE-2023-46049 Date: Wed, 31 Jul 2024 05:02:02 -0700 Message-Id: <9cc4518226488693942ad325d6264e52006bd061.1722427225.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 12:02:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202705 From: Deepthi Hemraj [Bitcode] Add some missing GetTypeByID failure checks Print an error instead of crashing. Signed-off-by: Deepthi Hemraj Signed-off-by: Steve Sakoman --- .../llvm/llvm/CVE-2023-46049.patch | 34 +++++++++++++++++++ meta/recipes-devtools/llvm/llvm_git.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch b/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch new file mode 100644 index 0000000000..c34e9ae69c --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch @@ -0,0 +1,34 @@ +commit c2515a8f2be5dd23354c9891f41ad104000f88c4 +Author: Nikita Popov +Date: Tue Sep 26 16:51:40 2023 +0200 + + [Bitcode] Add some missing GetTypeByID failure checks + + Print an error instead of crashing. + + Fixes https://github.com/llvm/llvm-project/issues/67388. + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/c2515a8f2be5dd23354c9891f41ad104000f88c4] +CVE: CVE-2023-46049 +Signed-off-by: Deepthi Hemraj + +--- a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2022-01-20 13:31:59.000000000 -0800 ++++ b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2024-07-28 21:35:31.062992219 -0700 +@@ -1235,7 +1235,7 @@ + } + + Type *Ty = getTypeByID(Record[0]); +- if (Ty->isMetadataTy() || Ty->isVoidTy()) { ++ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) { + dropRecord(); + break; + } +@@ -1277,7 +1277,7 @@ + return error("Invalid record"); + + Type *Ty = getTypeByID(Record[0]); +- if (Ty->isMetadataTy() || Ty->isVoidTy()) ++ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) + return error("Invalid record"); + + MetadataList.assignValue( diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index cedbfb138e..dbf1ff45d4 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \ + file://CVE-2023-46049.patch;striplevel=2 \ " UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P\d+(\.\d+)+)" From patchwork Wed Jul 31 12:02:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 47053 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46F7FC3DA7F for ; Wed, 31 Jul 2024 12:02:18 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.41334.1722427337245047776 for ; Wed, 31 Jul 2024 05:02:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Wz9ig5i2; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1fc4fcbb131so50237825ad.3 for ; Wed, 31 Jul 2024 05:02:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1722427336; x=1723032136; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bVoUA9e7zgM4THRlTKl2cZ1n4XXkHadvSTzCDTpsYsY=; b=Wz9ig5i2vCN3WaoD1t1IZF1PaCINRgbQ0AoUSfGI+MUakSFt3PSKrwtDA1zvh3zsfr L0T58cATEjCKdacN8QLSsRLxihC6ulx7BA3m9WNSm+/y0CZF5VkDaFBY1WWptbklYYrQ +iq6tTIJ7gtlgPTxQvYtZAVxihz/8ZaJoqwF6CS6SPWkw4rGyll3+mQPxGsqhxaKo3pa dYpTEQzLlf9eRjAmV7Cg+NPM4JOt6f8okv0cuGMS+RTKZ5eXc0p20PUC7oTdktRN5nCt dyXwjrWFMCfeJ8xVGjic0d9mTvrUgtjSxlq6DBmCUP4yerNh5qWsbNqsH4W/SAcNhurp BypA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722427336; x=1723032136; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bVoUA9e7zgM4THRlTKl2cZ1n4XXkHadvSTzCDTpsYsY=; b=Sr0ItCPHqNEKSHe9AM0XHTKww9c1Snehiq819zrXHIMr++n+bd0dVuwmY+q6cd4ubh iVGbmnkchZWnJIo215jPMc0WfLPS870TPzmCeN8EhpNmWVKDPzyspmWrJN+/49ZhDQy/ XO9Rh3wVtmifz9oSt69iFa6a6W+kplDEY5otoAT1i+myfqd9k8Ri60jNb7jrzO05GAia ruT0NrUeD6SXkRxAoeXm8IjNgkTLDFxqIxxoQOCBNuIE/SQJz69mkcQjsEjvJOcuoflS 3ttXI5UtsTHQ7CJU8/yuM5MQe7fC0CXaBUWrCVV2GRPTp0eR4XwruoyZ+xhoOjiOUmz9 dVMQ== X-Gm-Message-State: AOJu0YxqHuAofw96UIBZJYCcNJHeSZcgR8NLYzDunSMxqw/1+CKCANtF h74IdYIkuz3xMdNWWxvJtDpCvwEoVKpmEtk/VnEdaG377+pibbG41cIgOpQx/ZcnxiL5N+ccljY 3cQE= X-Google-Smtp-Source: AGHT+IHu3suKLr4C2K/E7/mv9ABn/ZCs8YhTsA7bCDF6y4nb92BxCkGQFqQ65sfOuDkSbrRHbZVWuw== X-Received: by 2002:a17:902:c40e:b0:1fd:69e0:a8e5 with SMTP id d9443c01a7336-1ff048d4cb2mr168836835ad.41.1722427336014; Wed, 31 Jul 2024 05:02:16 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7d4129asm119048315ad.118.2024.07.31.05.02.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 05:02:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 3/5] llvm: Fix CVE-2024-31852 Date: Wed, 31 Jul 2024 05:02:03 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 12:02:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202706 From: Deepthi Hemraj Signed-off-by: Deepthi Hemraj Signed-off-by: Steve Sakoman --- .../llvm/llvm/CVE-2024-31852-1.patch | 85 +++++++++++++ .../llvm/llvm/CVE-2024-31852-2.patch | 117 ++++++++++++++++++ meta/recipes-devtools/llvm/llvm_git.bb | 2 + 3 files changed, 204 insertions(+) create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch new file mode 100644 index 0000000000..7cf4a52715 --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch @@ -0,0 +1,85 @@ +commit b1a5ee1febd8a903cec3dfdad61d57900dc3823e +Author: Florian Hahn +Date: Wed Dec 20 16:56:15 2023 +0100 + + [ARM] Check all terms in emitPopInst when clearing Restored for LR. (#75527) + + emitPopInst checks a single function exit MBB. If other paths also exit + the function and any of there terminators uses LR implicitly, it is not + save to clear the Restored bit. + + Check all terminators for the function before clearing Restored. + + This fixes a mis-compile in outlined-fn-may-clobber-lr-in-caller.ll + where the machine-outliner previously introduced BLs that clobbered LR + which in turn is used by the tail call return. + + Alternative to #73553 + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/b1a5ee1febd8a903cec3dfdad61d57900dc3823e] +CVE: CVE-2024-31852 +Signed-off-by: Deepthi Hemraj +--- +diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp +index 025e43444f9c..a9acf338ebf5 100644 +--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp ++++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp +@@ -1236,9 +1236,6 @@ void ARMFrameLowering::emitPopInst(MachineBasicBlock &MBB, + // Fold the return instruction into the LDM. + DeleteRet = true; + LdmOpc = AFI->isThumbFunction() ? ARM::t2LDMIA_RET : ARM::LDMIA_RET; +- // We 'restore' LR into PC so it is not live out of the return block: +- // Clear Restored bit. +- Info.setRestored(false); + } + + // If NoGap is true, pop consecutive registers and then leave the rest +@@ -2292,6 +2289,33 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF, + AFI->setLRIsSpilled(SavedRegs.test(ARM::LR)); + } + ++void ARMFrameLowering::processFunctionBeforeFrameFinalized( ++ MachineFunction &MF, RegScavenger *RS) const { ++ TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS); ++ ++ MachineFrameInfo &MFI = MF.getFrameInfo(); ++ if (!MFI.isCalleeSavedInfoValid()) ++ return; ++ ++ // Check if all terminators do not implicitly use LR. Then we can 'restore' LR ++ // into PC so it is not live out of the return block: Clear the Restored bit ++ // in that case. ++ for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) { ++ if (Info.getReg() != ARM::LR) ++ continue; ++ if (all_of(MF, [](const MachineBasicBlock &MBB) { ++ return all_of(MBB.terminators(), [](const MachineInstr &Term) { ++ return !Term.isReturn() || Term.getOpcode() == ARM::LDMIA_RET || ++ Term.getOpcode() == ARM::t2LDMIA_RET || ++ Term.getOpcode() == ARM::tPOP_RET; ++ }); ++ })) { ++ Info.setRestored(false); ++ break; ++ } ++ } ++} ++ + void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF, + BitVector &SavedRegs) const { + TargetFrameLowering::getCalleeSaves(MF, SavedRegs); +diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h +index 9822e2321bb4..266d642bb97b 100644 +--- a/llvm/lib/Target/ARM/ARMFrameLowering.h ++++ b/llvm/lib/Target/ARM/ARMFrameLowering.h +@@ -58,6 +58,9 @@ public: + void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs, + RegScavenger *RS) const override; + ++ void processFunctionBeforeFrameFinalized( ++ MachineFunction &MF, RegScavenger *RS = nullptr) const override; ++ + void adjustForSegmentedStacks(MachineFunction &MF, + MachineBasicBlock &MBB) const override; + + diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch new file mode 100644 index 0000000000..b6082b0ef3 --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch @@ -0,0 +1,117 @@ +commit 0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2 +Author: ostannard +Date: Mon Feb 26 12:23:25 2024 +0000 + + [ARM] Update IsRestored for LR based on all returns (#82745) + + PR #75527 fixed ARMFrameLowering to set the IsRestored flag for LR based + on all of the return instructions in the function, not just one. + However, there is also code in ARMLoadStoreOptimizer which changes + return instructions, but it set IsRestored based on the one instruction + it changed, not the whole function. + + The fix is to factor out the code added in #75527, and also call it from + ARMLoadStoreOptimizer if it made a change to return instructions. + + Fixes #80287. + + (cherry picked from commit 749384c08e042739342c88b521c8ba5dac1b9276) + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2] +CVE: CVE-2024-31852 +Signed-off-by: Deepthi Hemraj +--- +diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp +index a9acf338ebf5..13d3cbf650ed 100644 +--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp ++++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp +@@ -2289,10 +2289,7 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF, + AFI->setLRIsSpilled(SavedRegs.test(ARM::LR)); + } + +-void ARMFrameLowering::processFunctionBeforeFrameFinalized( +- MachineFunction &MF, RegScavenger *RS) const { +- TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS); +- ++void ARMFrameLowering::updateLRRestored(MachineFunction &MF) { + MachineFrameInfo &MFI = MF.getFrameInfo(); + if (!MFI.isCalleeSavedInfoValid()) + return; +@@ -2316,6 +2313,12 @@ void ARMFrameLowering::processFunctionBeforeFrameFinalized( + } + } + ++void ARMFrameLowering::processFunctionBeforeFrameFinalized( ++ MachineFunction &MF, RegScavenger *RS) const { ++ TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS); ++ updateLRRestored(MF); ++} ++ + void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF, + BitVector &SavedRegs) const { + TargetFrameLowering::getCalleeSaves(MF, SavedRegs); +diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h +index 67505b61a5e1..b13b76d7086c 100644 +--- a/llvm/lib/Target/ARM/ARMFrameLowering.h ++++ b/llvm/lib/Target/ARM/ARMFrameLowering.h +@@ -58,6 +58,10 @@ public: + void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs, + RegScavenger *RS) const override; + ++ /// Update the IsRestored flag on LR if it is spilled, based on the return ++ /// instructions. ++ static void updateLRRestored(MachineFunction &MF); ++ + void processFunctionBeforeFrameFinalized( + MachineFunction &MF, RegScavenger *RS = nullptr) const override; + +diff --git a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp +index fd06bfdf352c..561c1396190d 100644 +--- a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp ++++ b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp +@@ -2060,17 +2060,6 @@ bool ARMLoadStoreOpt::MergeReturnIntoLDM(MachineBasicBlock &MBB) { + MO.setReg(ARM::PC); + PrevMI.copyImplicitOps(*MBB.getParent(), *MBBI); + MBB.erase(MBBI); +- // We now restore LR into PC so it is not live-out of the return block +- // anymore: Clear the CSI Restored bit. +- MachineFrameInfo &MFI = MBB.getParent()->getFrameInfo(); +- // CSI should be fixed after PrologEpilog Insertion +- assert(MFI.isCalleeSavedInfoValid() && "CSI should be valid"); +- for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) { +- if (Info.getReg() == ARM::LR) { +- Info.setRestored(false); +- break; +- } +- } + return true; + } + } +@@ -2118,16 +2107,24 @@ bool ARMLoadStoreOpt::runOnMachineFunction(MachineFunction &Fn) { + isThumb2 = AFI->isThumb2Function(); + isThumb1 = AFI->isThumbFunction() && !isThumb2; + +- bool Modified = false; ++ bool Modified = false, ModifiedLDMReturn = false; + for (MachineFunction::iterator MFI = Fn.begin(), E = Fn.end(); MFI != E; + ++MFI) { + MachineBasicBlock &MBB = *MFI; + Modified |= LoadStoreMultipleOpti(MBB); + if (STI->hasV5TOps()) +- Modified |= MergeReturnIntoLDM(MBB); ++ ModifiedLDMReturn |= MergeReturnIntoLDM(MBB); + if (isThumb1) + Modified |= CombineMovBx(MBB); + } ++ Modified |= ModifiedLDMReturn; ++ ++ // If we merged a BX instruction into an LDM, we need to re-calculate whether ++ // LR is restored. This check needs to consider the whole function, not just ++ // the instruction(s) we changed, because there may be other BX returns which ++ // still need LR to be restored. ++ if (ModifiedLDMReturn) ++ ARMFrameLowering::updateLRRestored(Fn); + + Allocator.DestroyAll(); + return Modified; + diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index dbf1ff45d4..6c2e8a5570 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb @@ -34,6 +34,8 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \ file://CVE-2023-46049.patch;striplevel=2 \ + file://CVE-2024-31852-1.patch;striplevel=2 \ + file://CVE-2024-31852-2.patch;striplevel=2 \ " UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P\d+(\.\d+)+)" From patchwork Wed Jul 31 12:02:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 47056 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39209C3DA64 for ; Wed, 31 Jul 2024 12:02:28 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.41070.1722427338570013952 for ; Wed, 31 Jul 2024 05:02:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aFFueCBF; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1fd66cddd07so39814695ad.2 for ; Wed, 31 Jul 2024 05:02:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1722427338; x=1723032138; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2EBt4YytGAz51W/PSo+eDIJkl9S6pEC76+M7l1jyK48=; b=aFFueCBFby/FIP1PKz2po3sMF9TK9cmRiwDDeyXc/+pgXfUYFQfyno4RqA5vGAM+f0 HFd2lWiJ2vurORAydmOwIhXFZMd02/tByXmYSNSa5giM1d18eMw2tCO/5ynSIk6/6bpX u/peqf/Ewt9BRZGbOUlWjZI5wPvSs+GMRl9H4kkZ8g2auzo/2eGwYT1b5hV+ihgRNk2u /u3DJvjrwc7lMCRZuPOE1wZIDB/dCkMSDjDnTEPDlJ+53+mxATeL8PHLTza1XqURIU50 EZDVX5sJdud2uMw24jL4+5wLHTE5RQSZ2wpJwJ2SE3SAejWT6Co/rTA1TeTzrjl+SdKw fJfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722427338; x=1723032138; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2EBt4YytGAz51W/PSo+eDIJkl9S6pEC76+M7l1jyK48=; b=voGsCojn3BW1MR94m+bBuJSXD3wVRtVyCsnFCTG4BlxSskZeNwq7EEhN5FTrrjvlkL 8O8+TkfLO74Z4Tzkl14Ctjx5b3lcxUKVqpIGDtb3iGgHNaimOCB4vzKu7Q9qh+KxwGG1 Z0bb2V7GABGMLQEvRuL3vbzYb2W6svEcQW7MGDTIroXLBOM8rxB2qR2wGNmx7yjgi75W vXFrYtcHzeUIwtlC9Gnlv3DSasUhcySx8pttXS2pvqDUaeU7/EvIIdgr0bXEJ7p8bokv AxwCkG4qowLVommJ2kroQZD/7d0IWuAPOjOait8T7DTPfS3m7oBEPEkN1BVNSBd/U1dr Tw6g== X-Gm-Message-State: AOJu0YwIcbIdZxo+4+ybWeicTnAGL6Gci4rOtNLAkpeJIGmnlUTme7U7 Y4gXY7b3P0oJ+rZZFBjlSdUmFKF2b3L6fqfp+PFz/GobkTNFMiWvu0kgJaftZwkxr0wvbC7akEW sOeA= X-Google-Smtp-Source: AGHT+IFxb5MoNRZE8p+vcBJcw+mYbM7TWvCVJPFekMokQ+bgFgVSTU8RSDvrbqt+7XRx1CA7/16Fkw== X-Received: by 2002:a17:902:e552:b0:1fd:93d2:fb9b with SMTP id d9443c01a7336-1ff0493165cmr152499935ad.58.1722427337740; Wed, 31 Jul 2024 05:02:17 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7d4129asm119048315ad.118.2024.07.31.05.02.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 05:02:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 4/5] wireless-regdb: upgrade 2024.01.23 -> 2024.05.08 Date: Wed, 31 Jul 2024 05:02:04 -0700 Message-Id: <0f9dae1adabb4fc22e8c4849eb2d52aecf21c19f.1722427225.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 12:02:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202707 From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 0823e8ea83ac907b37bc9eb0ec7dc32862997eff) Signed-off-by: Steve Sakoman --- ...ireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} (94%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb similarity index 94% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb index 8fde236ab4..95e33d9fb1 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55" +SRC_URI[sha256sum] = "9aee1d86ebebb363b714bec941b2820f31e3b7f1a485ddc9fcbd9985c7d3e7c4" inherit bin_package allarch From patchwork Wed Jul 31 12:02:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 47055 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45DCAC49EA1 for ; Wed, 31 Jul 2024 12:02:28 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.41335.1722427340420811965 for ; Wed, 31 Jul 2024 05:02:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=0YAG3ZzA; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-7a264a24ea7so3776945a12.3 for ; Wed, 31 Jul 2024 05:02:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1722427340; x=1723032140; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eA8FME1q7PaRqTy8XfOKeDV/GN3KsbghlFIbyTUlRTw=; b=0YAG3ZzAq2TAWMLF6IIaTJ23IjlS6BVNVYPSEcsyUREWOskPpGOD/71rDmnC6BvlAU DZmtWpfKG2AYKofYPPvdWjQi6cjhnB/fUJQTkLspRcCfElC/Q3VIG70xVE9KwSyqahTG L/P5ON3ljxWULm5fs/jrcNEjz2YhMEVyH4CyI+ShCZ/W00+k6JdTDOH4vg+54LWIOobD 2qkAvV5aZpoyvb8MPrO4msJ3R8KF3X1Y3d86hxTjYUBawWFdjHaOosHGwRfiOuiJI3nV HscDR7OR+blNfph2cRVQVReFoImapD176JggtYtVoULJinekvC4Jenpf0hDUdrGgJEH5 abRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722427340; x=1723032140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eA8FME1q7PaRqTy8XfOKeDV/GN3KsbghlFIbyTUlRTw=; b=ZqzvQbtNB9cv6XL6OGO7EOoySA4oYNLevWQUKCHmVx7iY5MFiSSkQuwzCX/W05qsV6 eyaG1T4t83cDow4NFEzntITCONkmegvkrM7bQiV6+CJdEwVmZjcRH01DRQ1B/X70MpUi l3nkQ/II4VLVKJUFDMjCBhJENVqghdrBDEkD0gyjvULqCpjU7ulDbSBhiYi27/6O9rZg ff7ynXejxqYRi9cki6lzuu9Wdl8T5mF/t+Cr1WwPkaiwukF/uvUCf2xwa7vHB+gsNyxB tpQzPfjcAHwtg4rVfrgEM022FgZ3X4Ut+PFK8JWbrdARABnIKFw3VQ41EDu6fZH7AWuF cceQ== X-Gm-Message-State: AOJu0YweTk3Mw4w7rMRHk0dHtGrQi0BZtaS7kuFPLF0Pygy7pgm29uGI wNhExZgVPhoTiCePOH6ElGmKwne8nX3tA9DA3eW+Axr7mvWWsEyDtAE09sZkm68zLGpblzGJKbb iq7Y= X-Google-Smtp-Source: AGHT+IHND6CEZkZ285hIE5uO6XBaKkqSLVqdCcaV85DWrXfnWR2L6KndRfQfUFZwOd7p6jlP76rsPw== X-Received: by 2002:a17:902:ec8c:b0:1f8:67e4:3985 with SMTP id d9443c01a7336-1ff048a04c3mr174650455ad.49.1722427339679; Wed, 31 Jul 2024 05:02:19 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7d4129asm119048315ad.118.2024.07.31.05.02.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 05:02:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 5/5] gcc-runtime: remove bashism Date: Wed, 31 Jul 2024 05:02:05 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 12:02:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202708 From: Peter Marko Debian 12 no longer supports replacing dash with bash as default shell. Therefore to achieve compatibility with Debian 12, all bashisms need to be removed. Shell comparison via == gives an error with dash and thus the condition is always false. (From OE-Core rev: 3723b26f82219ff71823335d550dbf29086d63d4) Signed-off-by: Peter Marko Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-runtime.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc index d019b0790b..3aa8fe4045 100644 --- a/meta/recipes-devtools/gcc/gcc-runtime.inc +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc @@ -145,7 +145,7 @@ do_install:append:class-target () { ln -s ../${TARGET_SYS}/ext ${D}${includedir}/c++/${BINV}/${TARGET_ARCH}${TARGET_VENDOR_MULTILIB_ORIGINAL}-${TARGET_OS}/ext fi - if [ "${TARGET_ARCH}" == "x86_64" -a "${MULTILIB_VARIANTS}" != "" ];then + if [ "${TARGET_ARCH}" = "x86_64" -a "${MULTILIB_VARIANTS}" != "" ];then ln -sf ../${X86ARCH32}${TARGET_VENDOR}-${TARGET_OS} ${D}${includedir}/c++/${BINV}/${TARGET_ARCH}${TARGET_VENDOR}-${TARGET_OS}/32 fi