From patchwork Tue Aug 13 12:16:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47731
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DA801C5320D
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:02 +0000 (UTC)
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
 by mx.groups.io with SMTP id smtpd.web10.70857.1723551414405829541
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=G1XCg/6K;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.52,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f52.google.com with SMTP id
 98e67ed59e1d1-2d37e5b7b02so1201181a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551414;
 x=1724156214; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Hs3pZUqg4XRYY9tEP7ECZQYP0WvnN9U+Ke9ljnALEdY=;
        b=G1XCg/6K/KtoSzcnY/fk2oMp8qIWXEq4NI8pS5MLQ5hrMEN0Yq2XklNtgEv/ZyhCzi
         oLVsdNSSkfFntVWmpui6280oYgsle4zbnjvpDj7hxP6G5+AXlC9UMlRUpiNcYPSWlizX
         bE1aBITHbzueV0L2MFQnbObkBro28YIonsTr585zvOD0SApIfsDJwPV1SSlTiJ8PFkd+
         Gn3yZITvMJBeHOJI//3xxzpuVVa2jYkYOsb+Yo5ZTeDRG9Vw2/1GC3x51cWWv5aFu9/b
         jaz7v90XdXg5BZtu6rbAqbkt9j5FRvd9cmVs5OpPE1NySjfaWhcYeb4Br4N+RVzMzStg
         UV3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551414; x=1724156214;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Hs3pZUqg4XRYY9tEP7ECZQYP0WvnN9U+Ke9ljnALEdY=;
        b=gwiZE1h2Cr/RcFx040JMKghUGFAxylPk6FQuGYTcV01gOe83awkbLASscZwwC669YD
         bIy4eyYgClqGDvo8YFw1UyleMh0mFtFvlVZv/eYIx9y82L2ni1dVhQSJrcs8hfc45eKs
         +OsYX8zO1tFS7NQM7T32J1cE2zuOUPcDp+zrFpKg2uW35zHbvhfokUR64HVx3UvaTUWr
         ks8LsmnFsheM21To5BlL3Ib+jJ7RRh7Eu34dQpTyZkxD2nA9ZdCDVBolRo3vbBZ2JGLL
         hGeXFsW3tu7qMZo36gGfwMtXSTedQBbuwqRgQJHwzB1Vo4DsLf25lf7epvZPEBgQpF3m
         hpZQ==
X-Gm-Message-State: AOJu0YznNfDP9bVHimJgccikqxe1szuIBX+LD0A3LLXXceMrm4hooe9U
	GyO1Et6tvao9SxU+69vBcsNGKctMJ2HA34QQPfcBtJAvPpGAcTg6iqe+7maZWTSg07R1rf19nVj
	XCbU=
X-Google-Smtp-Source: 
 AGHT+IEj3KfZ4ck0wLTENcIaJPCL7Qb5whHOxwo0tGv1tCOUAvWTkniJwx1koeGYbiWCilge+L2/4w==
X-Received: by 2002:a17:90a:a014:b0:2c9:999d:a22d with SMTP id
 98e67ed59e1d1-2d392622f5dmr3552635a91.30.1723551413578;
        Tue, 13 Aug 2024 05:16:53 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.16.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:16:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 01/11] cve_check: Use a local copy of the
 database during builds
Date: Tue, 13 Aug 2024 05:16:38 -0700
Message-Id: 
 <6aeac3949a409156f03830afbf586d5cd43f2537.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203265

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Rtaher than trying to use a sqlite database over NFS from DL_DIR, work from
a local copy in STAGING DIR after fetching.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03596904392d257572a905a182b92c780d636744)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass                 |  7 ++++---
 .../meta/cve-update-nvd2-native.bb             | 18 +++++++++++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index f554150d94..684e75914b 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -25,8 +25,9 @@
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
-CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+CVE_CHECK_DB_FILENAME ?= "nvdcve_2.db"
+CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
 CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -157,7 +158,7 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build
-do_cve_check[depends] = "cve-update-nvd2-native:do_fetch"
+do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
 do_cve_check[nostamp] = "1"
 
 python cve_check_cleanup () {
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 1a3eeba6d0..4f96883beb 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -8,7 +8,6 @@ INHIBIT_DEFAULT_DEPS = "1"
 
 inherit native
 
-deltask do_unpack
 deltask do_patch
 deltask do_configure
 deltask do_compile
@@ -35,7 +34,9 @@ CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000"
 # Number of attempts for each http query to nvd server before giving up
 CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
-CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
+CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK/${CVE_CHECK_DB_FILENAME}"
+CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
+CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp"
 
 python () {
     if not bb.data.inherits_class("cve-check", d):
@@ -52,9 +53,9 @@ python do_fetch() {
 
     bb.utils.export_proxies(d)
 
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
+    db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE")
     db_dir = os.path.dirname(db_file)
-    db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
+    db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE")
 
     cleanup_db_download(db_file, db_tmp_file)
     # By default let's update the whole database (since time 0)
@@ -77,6 +78,7 @@ python do_fetch() {
         pass
 
     bb.utils.mkdirhier(db_dir)
+    bb.utils.mkdirhier(os.path.dirname(db_tmp_file))
     if os.path.exists(db_file):
         shutil.copy2(db_file, db_tmp_file)
 
@@ -89,10 +91,16 @@ python do_fetch() {
         os.remove(db_tmp_file)
 }
 
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}"
 do_fetch[file-checksums] = ""
 do_fetch[vardeps] = ""
 
+python do_unpack() {
+    import shutil
+    shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE"))
+}
+do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}"
+
 def cleanup_db_download(db_file, db_tmp_file):
     """
     Cleanup the download space from possible failed downloads

From patchwork Tue Aug 13 12:16:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47728
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BA942C531DF
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:02 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web10.70858.1723551415823313362
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=RMYYjR2l;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.49,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-2cb576db1c5so3595401a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551415;
 x=1724156215; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kPFvjBcypVcCWSbKgsCCr8EMY/59+zIv1YxAOqlWPJQ=;
        b=RMYYjR2lMXGwZFl+18svurKgWnLHs5pgYAacPTe5tOaoNmGxpt/GogtycMS7unItMj
         EFMMFlfTOwrNVOPKf3raJxvw0E6GLi6NbNUZjCY070E70qcJiFZvgkIUNPgRclgu1kOw
         7/zQIVC4gtF44UZLWkIqRewpX/hdMYxvFRWHhfEv9meSrlnaNUyQ77iIxmOarWGGRUMg
         t+qugeo0FZHGcOALsc3LDGAweQ/Y1f0E4WBmjP01yJDTiwEQ5zzdgfbQbYbnEISaFFRk
         1zyqRjhTlCXstkMOnVJ8LPogj7LcPQIS0AzmjGmAusOysDK7GCMVTqV7HXIijHHhJhJc
         ymxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551415; x=1724156215;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=kPFvjBcypVcCWSbKgsCCr8EMY/59+zIv1YxAOqlWPJQ=;
        b=HzPdPcvLUyvK2r26gw8cuIS1EhRpolXDxQ/Rw+UaiX2NE3Hbp2htmcw8oj1Wy+zD6n
         NWcAtWAwM8gm5GIsveU3Dfb7OXzV+llP4xXNGSeErAcxBb5gYZ0bwQzI9XJS3rIyOCZH
         Z7aSnUgMlVFISI1OXEQoAmQMEjU8uzdr7dy4HRARIQX2qECCVk0h/SMT0r2PplD/5jmP
         D6DF5EfXzohPGM2lq891MpCX2kMLHK8fSlHrD2yNRah4hlEaF7M75+FMF5HC2E2aWXe9
         UGWkHBHKxYBUOW+y3NI2pdMPyIyaotx59V0Cg6rN2bsxPw1dlL2/La8JC++tVdAxBryd
         rptw==
X-Gm-Message-State: AOJu0YxLiAQr10hS55sdk3MXzd+tPcqqofK9sktXoF69XgsjfR5JGSDo
	Y4kAiFu/jivDvxUVI7ZODsCNhwR00MbzPrwhWATWDQJpgnvQ6tMIsfmNkR1TKl6z7SG6FplVidE
	8+38=
X-Google-Smtp-Source: 
 AGHT+IHV4gvwjm1gaCdAg7JpSJxkUU3H5Zsn+duMN1d4uDJ12aXMsEBOUeBBm5Lw1bfM1kPdJ7G0UA==
X-Received: by 2002:a17:90a:cc07:b0:2c9:8c34:9754 with SMTP id
 98e67ed59e1d1-2d392546aabmr3705191a91.21.1723551414971;
        Tue, 13 Aug 2024 05:16:54 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.16.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:16:54 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/11] libyaml: Update status of CVE-2024-35328
Date: Tue, 13 Aug 2024 05:16:39 -0700
Message-Id: 
 <be8c629dcd0aea56d0fe77a82afd21161604e74b.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203266

From: Peter Marko <peter.marko@siemens.com>

This is open yet but seems to be disputed
This has not yet been disputed officially

Based on:
OE-Core rev: 4cba8ad405b1728afda3873f99ac88711ab85644
OE-Core rev: 7ec7384837f3e3fb68b25a6108ed7ec0f261a4aa
OE-Core rev: c66d9a2a0d197498fa21ee8ca51a4afb59f75473
Squashed and converted to CVE_CHECK_IGNORE syntax

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libyaml/libyaml_0.2.5.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index 4cb5717ece..f7c29e7e0f 100644
--- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -18,4 +18,7 @@ inherit autotools
 DISABLE_STATIC:class-nativesdk = ""
 DISABLE_STATIC:class-native = ""
 
+# upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
+CVE_CHECK_IGNORE += "CVE-2024-35328"
+
 BBCLASSEXTEND = "native nativesdk"

From patchwork Tue Aug 13 12:16:40 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47732
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B94C6C531DD
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:02 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web10.70859.1723551418388311335
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=jlxQ+PKl;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.54,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-2d37e5b7b02so1201229a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551418;
 x=1724156218; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HKUVVJ67JNicFiJX+eFys8XL/yicbm7iI2MkA2g6jf4=;
        b=jlxQ+PKlH00TMbe4dFjo3vAs9MrmuJYMS3A8jpmhPkq9vqj5VSCWfU0DbPtBr9QHNW
         cZXIldHmVputN+f6ys1XhLx6FxG9Fjy6SHaIO9SFG/MO0vcm3tXzxXTD78lBb1fKJLEX
         +fil2ENrnR+mCIBVZ3dSP8YFdiTkCmjipD4BB0gDo1Qv/Y8LEEYkv9cYEZkZemrOvyk8
         ZenaXWpLV2m7frL2bK2afUWcv9f+X1B/miawFIKA11zzW1b0r+6ZqrpJ5LuY2B6tdULb
         Ql3NBxHlPlJz/7k8owwhxDJT3Kwhj8DKunclJtSBCGODO/Dtfu8DtuhGxIXWBOPf+P7/
         i2rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551418; x=1724156218;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=HKUVVJ67JNicFiJX+eFys8XL/yicbm7iI2MkA2g6jf4=;
        b=brG+EV2dHeVd8tiMFzc9dBg3ymhigPly+q15rSZ44/bW+hBQqJ2Wr7mtOvy2MwpcFz
         uBQTtWwo0hvC0nFT9acYAGhUROXzzonefaCKZdf1U2bBQ64yX0UsRlGoP54sqxsCbtqc
         25WIr2nS9v7uzoDS+M3+RTIKjfrNNB3jjeWTQTFlpJfpMHCL/sV3nbnKxzwe/FjXjhsn
         Cs02q9UhYjfh799mHYhkUmvPNZPSZ5JJJYn3Z4dY/i8ZHEhA9THJQwsU2QG1d+GnLs6p
         +UhJIrzErg6Uzv1z8QGh8Ey2dPCqkAE4LofX+qUfBANsFKUntD5HoxIFTWIplIRVs0to
         QRNQ==
X-Gm-Message-State: AOJu0YxYQ40jfrC8fRN8ckEIHGbRl5DzbYwkIzyJScYdFJPKMeFcvwAF
	MtBYTV+zG5bOmLLBlitxYjJPtwUjOQmMVt1sqIIazWzWzjRekYYUPFHVObQtKuuZeueef3XS7V0
	9MXg=
X-Google-Smtp-Source: 
 AGHT+IFuAGpOSp4r5IgIQXgj1w8vMAGD8hd0vqvaupp61WcbvWt9JnbLvg++/tfFt9qF8b1hJW/wuA==
X-Received: by 2002:a17:90b:281:b0:2c9:6cf4:8453 with SMTP id
 98e67ed59e1d1-2d39261dd1amr3691259a91.31.1723551417336;
        Tue, 13 Aug 2024 05:16:57 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.16.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:16:56 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 03/11] ghostscript: fix CVE-2024-29511
Date: Tue, 13 Aug 2024 05:16:40 -0700
Message-Id: 
 <76a33cc0e1967c24e760202947e6f4f80bcdb9cf.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203267

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-29511-0001.patch     | 100 ++++++++
 .../ghostscript/CVE-2024-29511-0002.patch     | 219 ++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |   2 +
 3 files changed, 321 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
new file mode 100644
index 0000000000..fa46f3429a
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
@@ -0,0 +1,100 @@
+From 638159c43dbb48425a187d244ec288d252d0ecf4 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 31 Jan 2024 14:08:18 +0000
+Subject: [PATCH 1/2] Bug 707510(5): Reject OCRLanguage changes after SAFER
+ enabled
+
+In the devices that support OCR, OCRLanguage really ought never to be set from
+PostScript, so reject attempts to change it if path_control_active is true.
+
+CVE: CVE-2024-29511
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ devices/gdevocr.c         | 15 ++++++++++-----
+ devices/gdevpdfocr.c      | 15 ++++++++++-----
+ devices/vector/gdevpdfp.c | 15 ++++++++++-----
+ 3 files changed, 30 insertions(+), 15 deletions(-)
+
+diff --git a/devices/gdevocr.c b/devices/gdevocr.c
+index 88c759c..287b74b 100644
+--- a/devices/gdevocr.c
++++ b/devices/gdevocr.c
+@@ -187,11 +187,16 @@ ocr_put_params(gx_device *dev, gs_param_list *plist)
+
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            len = langstr.size;
+-            if (len >= sizeof(pdev->language))
+-                len = sizeof(pdev->language)-1;
+-            memcpy(pdev->language, langstr.data, len);
+-            pdev->language[len] = 0;
++            if (pdev->memory->gs_lib_ctx->core->path_control_active) {
++                return_error(gs_error_invalidaccess);
++            }
++            else {
++                len = langstr.size;
++                if (len >= sizeof(pdev->language))
++                    len = sizeof(pdev->language)-1;
++                memcpy(pdev->language, langstr.data, len);
++                pdev->language[len] = 0;
++            }
+             break;
+         case 1:
+             break;
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index 8dd5a59..4c694e3 100644
+--- a/devices/gdevpdfocr.c
++++ b/devices/gdevpdfocr.c
+@@ -50,11 +50,16 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            len = langstr.size;
+-            if (len >= sizeof(pdf_dev->ocr.language))
+-                len = sizeof(pdf_dev->ocr.language)-1;
+-            memcpy(pdf_dev->ocr.language, langstr.data, len);
+-            pdf_dev->ocr.language[len] = 0;
++            if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
++                return_error(gs_error_invalidaccess);
++            }
++            else {
++                len = langstr.size;
++                if (len >= sizeof(pdf_dev->ocr.language))
++                    len = sizeof(pdf_dev->ocr.language)-1;
++                memcpy(pdf_dev->ocr.language, langstr.data, len);
++                pdf_dev->ocr.language[len] = 0;
++            }
+             break;
+         case 1:
+             break;
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index 42fa1c5..23e9bc8 100644
+--- a/devices/vector/gdevpdfp.c
++++ b/devices/vector/gdevpdfp.c
+@@ -458,11 +458,16 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+         gs_param_string langstr;
+         switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+             case 0:
+-                len = langstr.size;
+-                if (len >= sizeof(pdev->ocr_language))
+-                    len = sizeof(pdev->ocr_language)-1;
+-                memcpy(pdev->ocr_language, langstr.data, len);
+-                pdev->ocr_language[len] = 0;
++                if (pdev->memory->gs_lib_ctx->core->path_control_active) {
++                    return_error(gs_error_invalidaccess);
++                }
++                else {
++                    len = langstr.size;
++                    if (len >= sizeof(pdev->ocr_language))
++                        len = sizeof(pdev->ocr_language)-1;
++                    memcpy(pdev->ocr_language, langstr.data, len);
++                    pdev->ocr_language[len] = 0;
++                }
+                 break;
+             case 1:
+                 break;
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
new file mode 100644
index 0000000000..34f6d23e85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
@@ -0,0 +1,219 @@
+From 360153f3aa63c8fef0d507eccde75f46342c5264 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 31 Jan 2024 14:08:18 +0000
+Subject: [PATCH 2/2] Bug 707510(5)2: The original fix was overly aggressive
+
+The way the default OCRLanguage value was set was for the relevant get_params
+methods to check if the value had been set, and if not return a default value.
+This could result in the first time the put_params seeing that value being after
+path control has been enabled, meaning it would throw an invalidaccess error.
+
+This changes how we set the default: they now uses an init_device method, so
+the string is populated from the device's creation. This works correctly for
+both the default value, and for values set on the command line.
+
+CVE: CVE-2024-29511
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=638159c43dbb48425a187d244ec288d252d0ecf4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ devices/gdevocr.c         | 17 ++++++++++++++++-
+ devices/gdevpdfocr.c      | 28 ++++++++++++++++++++++------
+ devices/vector/gdevpdf.c  | 15 +++++++++++++++
+ devices/vector/gdevpdfp.c |  3 ++-
+ 4 files changed, 55 insertions(+), 8 deletions(-)
+
+diff --git a/devices/gdevocr.c b/devices/gdevocr.c
+index 287b74b..a616ef4 100644
+--- a/devices/gdevocr.c
++++ b/devices/gdevocr.c
+@@ -30,6 +30,7 @@
+ #define X_DPI 72
+ #define Y_DPI 72
+
++static dev_proc_initialize_device(ocr_initialize_device);
+ static dev_proc_print_page(ocr_print_page);
+ static dev_proc_print_page(hocr_print_page);
+ static dev_proc_get_params(ocr_get_params);
+@@ -55,6 +56,7 @@ ocr_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray_bg(dev);
+
++    set_dev_proc(dev, initialize_device, ocr_initialize_device);
+     set_dev_proc(dev, open_device, ocr_open);
+     set_dev_proc(dev, close_device, ocr_close);
+     set_dev_proc(dev, get_params, ocr_get_params);
+@@ -79,6 +81,7 @@ hocr_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray_bg(dev);
+
++    set_dev_proc(dev, initialize_device, ocr_initialize_device);
+     set_dev_proc(dev, open_device, ocr_open);
+     set_dev_proc(dev, close_device, hocr_close);
+     set_dev_proc(dev, get_params, ocr_get_params);
+@@ -102,6 +105,17 @@ const gx_device_ocr gs_hocr_device =
+ #define HOCR_HEADER "<html>\n <body>\n"
+ #define HOCR_TRAILER " </body>\n</html>\n"
+
++static int
++ocr_initialize_device(gx_device *dev)
++{
++    gx_device_ocr *odev = (gx_device_ocr *)dev;
++    const char *default_ocr_lang = "eng";
++
++    odev->language[0] = '\0';
++    strcpy(odev->language, default_ocr_lang);
++    return 0;
++}
++
+ static int
+ ocr_open(gx_device *pdev)
+ {
+@@ -187,7 +201,8 @@ ocr_put_params(gx_device *dev, gs_param_list *plist)
+
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            if (pdev->memory->gs_lib_ctx->core->path_control_active) {
++                if (pdev->memory->gs_lib_ctx->core->path_control_active
++                && (strlen(pdev->language) != langstr.size || memcmp(pdev->language, langstr.data, langstr.size) != 0)) {
+                 return_error(gs_error_invalidaccess);
+             }
+             else {
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index 4c694e3..e4f9862 100644
+--- a/devices/gdevpdfocr.c
++++ b/devices/gdevpdfocr.c
+@@ -33,9 +33,9 @@
+ #include "gdevpdfimg.h"
+ #include "tessocr.h"
+
+-int pdf_ocr_open(gx_device *pdev);
+-int pdf_ocr_close(gx_device *pdev);
+-
++static dev_proc_initialize_device(pdf_ocr_initialize_device);
++static dev_proc_open_device(pdf_ocr_open);
++static dev_proc_close_device(pdf_ocr_close);
+
+ static int
+ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+@@ -50,7 +50,8 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
++                if (pdf_dev->memory->gs_lib_ctx->core->path_control_active
++                && (strlen(pdf_dev->ocr.language) != langstr.size || memcmp(pdf_dev->ocr.language, langstr.data, langstr.size) != 0)) {
+                 return_error(gs_error_invalidaccess);
+             }
+             else {
+@@ -152,6 +153,8 @@ pdfocr8_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray(dev);
+
++    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
++    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -185,6 +188,7 @@ pdfocr24_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_rgb(dev);
+
++    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -216,6 +220,7 @@ pdfocr32_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_cmyk8(dev);
+
++    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -703,7 +708,18 @@ ocr_end_page(gx_device_pdf_image *dev)
+     return 0;
+ }
+
+-int
++static int
++pdf_ocr_initialize_device(gx_device *dev)
++{
++    gx_device_pdf_image *ppdev = (gx_device_pdf_image *)dev;
++    const char *default_ocr_lang = "eng";
++
++    ppdev->ocr.language[0] = '\0';
++    strcpy(ppdev->ocr.language, default_ocr_lang);
++    return 0;
++}
++
++static int
+ pdf_ocr_open(gx_device *pdev)
+ {
+     gx_device_pdf_image *ppdev;
+@@ -726,7 +742,7 @@ pdf_ocr_open(gx_device *pdev)
+     return 0;
+ }
+
+-int
++static int
+ pdf_ocr_close(gx_device *pdev)
+ {
+     gx_device_pdf_image *pdf_dev;
+diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c
+index 9ab562c..5caabb8 100644
+--- a/devices/vector/gdevpdf.c
++++ b/devices/vector/gdevpdf.c
+@@ -206,6 +206,7 @@ device_pdfwrite_finalize(const gs_memory_t *cmem, void *vpdev)
+ }
+
+ /* Driver procedures */
++static dev_proc_initialize_device(pdfwrite_initialize_device);
+ static dev_proc_open_device(pdf_open);
+ static dev_proc_output_page(pdf_output_page);
+ static dev_proc_close_device(pdf_close);
+@@ -223,6 +224,7 @@ static dev_proc_close_device(pdf_close);
+ static void
+ pdfwrite_initialize_device_procs(gx_device *dev)
+ {
++    set_dev_proc(dev, initialize_device, pdfwrite_initialize_device);
+     set_dev_proc(dev, open_device, pdf_open);
+     set_dev_proc(dev, get_initial_matrix, gx_upright_get_initial_matrix);
+     set_dev_proc(dev, output_page, pdf_output_page);
+@@ -766,6 +768,19 @@ pdf_reset_text(gx_device_pdf * pdev)
+     pdf_reset_text_state(pdev->text);
+ }
+
++static int
++pdfwrite_initialize_device(gx_device *dev)
++{
++#if OCR_VERSION > 0
++    gx_device_pdf *pdev = (gx_device_pdf *) dev;
++    const char *default_ocr_lang = "eng";
++    pdev->ocr_language[0] = '\0';
++    strcpy(pdev->ocr_language, default_ocr_lang);
++#endif
++    return 0;
++}
++
++
+ /* Open the device. */
+ static int
+ pdf_open(gx_device * dev)
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index 23e9bc8..42a1794 100644
+--- a/devices/vector/gdevpdfp.c
++++ b/devices/vector/gdevpdfp.c
+@@ -458,7 +458,8 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+         gs_param_string langstr;
+         switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+             case 0:
+-                if (pdev->memory->gs_lib_ctx->core->path_control_active) {
++                if (pdev->memory->gs_lib_ctx->core->path_control_active
++                && (strlen(pdev->ocr_language) != langstr.size || memcmp(pdev->ocr_language, langstr.data, langstr.size) != 0)) {
+                     return_error(gs_error_invalidaccess);
+                 }
+                 else {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 2e332b1589..ab4a2def4c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -50,6 +50,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2024-33871-0002.patch \
                 file://CVE-2024-29510.patch \
                 file://CVE-2023-52722.patch \
+                file://CVE-2024-29511-0001.patch \
+                file://CVE-2024-29511-0002.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \

From patchwork Tue Aug 13 12:16:41 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47729
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B96F9C531DE
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:02 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web10.70860.1723551420032140220
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=A1CrJtSk;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2d396f891c4so467245a91.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:16:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551419;
 x=1724156219; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DFud/QIkiZr2Ry2PSXNM/dIifrzs0NVU25cJDHdIfV8=;
        b=A1CrJtSkraNMgxN0+FZdjI3IBounFBiRos41EUkTBXRRu2niZA/KgSXhrgOhVWqca4
         DGpz4Z4cbhe+hIo6S0brdqzFYqqnTLux3TejignB6b7PK+4vmOpVpvPeV++kmtwhr7pr
         oJYqsu9b1saXi4buO7XADNbN8ToWFUk99r7zDQknE7p27ogmu6YIH0emEvv5+EiNdgYw
         /TdUTeQFubJjmNKmpAMBSjPpkmfUzdG6oUz+yZhvd934uyHX2/5h+RF4dxCcwycRr7Mx
         po3gpIJ/QHmzsOR6FrtzEcaRyNhIq1LDvX3v9C0/7wAOgsVZcYaNN7CC6ACwXFR3JUA2
         w7bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551419; x=1724156219;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=DFud/QIkiZr2Ry2PSXNM/dIifrzs0NVU25cJDHdIfV8=;
        b=cdKROwtNeHsDr+crCpY/ZO90lgejYlEJR/DMgzn7yp1pxoJ4YHhxy15qfHvugYINTh
         Ibbxxh51y9JLKdCSTfRMNkboUFde16DcxHj2PvQPzP0yzGOkamVmPekF+vLeiAyeMszv
         lzZC4dTmo2i8EdElplr2WM/yNz/+Q386sYSbNYD/yRUjE7cYmDUjC8YxHRq+Ta3qTKCj
         GEr0vOApIm48ZjkBM9wNik3ArH1pFGmHu5QTaj80G7SRunk/UeUPmbfhHBJNlzFWIaMf
         KriJHchW39MtUb73g+3/SCh0izPJYClejrdIv5+X4RIGhQ9Ewd6q6VNpQ4dyJRFExp2D
         Hkow==
X-Gm-Message-State: AOJu0YzaAy1KiU7g9O54ZRcANWjxWPnBDa9mUnDAGnGWBEKoIVbpjzrr
	8jk/L2nvAuH0+FS947i4Ns58p0PF8qV3kp8ycYrG3qFTCrphlp6Udvgmk3CiJDqYvr1Q02edyEk
	QLRQ=
X-Google-Smtp-Source: 
 AGHT+IFlCvj3BZX2R8VO5p0hL0iG7NMDjYvInMv0apv5okeTyhg2XyDWJDzcEUjOgU0PhK64QPc1QQ==
X-Received: by 2002:a17:90a:cce:b0:2d1:b36c:6bc1 with SMTP id
 98e67ed59e1d1-2d3924cba8emr3709525a91.2.1723551419092;
        Tue, 13 Aug 2024 05:16:59 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.16.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:16:58 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/11] ofono: fix CVE-2023-2794
Date: Tue, 13 Aug 2024 05:16:41 -0700
Message-Id: 
 <c68497b69b7610a32c43e577420f16676bd35c7a.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203268

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was found in ofono, an Open Source Telephony on Linux.
A stack overflow bug is triggered within the decode_deliver()
function during the SMS decoding. It is assumed that the attack
scenario is accessible from a compromised modem, a malicious
base station, or just SMS. There is a bound check for this
memcpy length in decode_submit(), but it was forgotten in
decode_deliver().

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-2794

Upstream patches:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ofono/ofono/CVE-2023-2794-0001.patch      |  37 +++++
 .../ofono/ofono/CVE-2023-2794-0002.patch      |  32 +++++
 .../ofono/ofono/CVE-2023-2794-0003.patch      |  44 ++++++
 .../ofono/ofono/CVE-2023-2794-0004.patch      | 127 ++++++++++++++++++
 meta/recipes-connectivity/ofono/ofono_1.34.bb |   4 +
 5 files changed, 244 insertions(+)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch
new file mode 100644
index 0000000000..a44633edd9
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch
@@ -0,0 +1,37 @@
+From a90421d8e45d63b304dc010baba24633e7869682 Mon Sep 17 00:00:00 2001
+From: Denis Kenzior <denkenz@gmail.com>
+Date: Mon, 5 Aug 2024 19:50:04 +0800
+Subject: [PATCH] smsutil: ensure the address length in bytes <= 10
+
+If a specially formatted SMS is received, it is conceivable that the
+address length might overflow the structure it is being parsed into.
+Ensure that the length in bytes of the address never exceeds 10.
+
+CVE: CVE-2023-2794
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/smsutil.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 8dd2126..d8170d1 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -643,7 +643,12 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
+	else
+		byte_len = (addr_len + 1) / 2;
+
+-	if ((len - *offset) < byte_len)
++	/*
++	 * 23.040:
++	 * The maximum length of the full address field
++	 * (AddressLength, TypeofAddress and AddressValue) is 12 octets.
++	 */
++	if ((len - *offset) < byte_len || byte_len > 10)
+		return FALSE;
+
+	out->number_type = bit_field(addr_type, 4, 3);
+--
+2.25.1
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch
new file mode 100644
index 0000000000..dfd6edeb7e
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch
@@ -0,0 +1,32 @@
+From 7f2adfa22fbae824f8e2c3ae86a3f51da31ee400 Mon Sep 17 00:00:00 2001
+From: Denis Kenzior <denkenz@gmail.com>
+Date: Mon, 5 Aug 2024 20:06:09 +0800
+Subject: [PATCH] smsutil: Check cbs_dcs_decode return value
+
+It is better to explicitly check the return value of cbs_dcs_decode
+instead of relying on udhi not being changed due to side-effects.
+
+CVE: CVE-2023-2794
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/smsutil.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index d8170d1..7746a71 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1765,7 +1765,8 @@ gboolean sms_udh_iter_init_from_cbs(const struct cbs *cbs,
+	const guint8 *hdr;
+	guint8 max_ud_len;
+
+-	cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL);
++	if (!cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL))
++		return FALSE;
+
+	if (!udhi)
+		return FALSE;
+--
+2.25.1
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch
new file mode 100644
index 0000000000..82b36a0193
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch
@@ -0,0 +1,44 @@
+From 07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e Mon Sep 17 00:00:00 2001
+From: Denis Kenzior <denkenz@gmail.com>
+Date: Mon, 5 Aug 2024 20:23:38 +0800
+Subject: [PATCH] simutil: Make sure set_length on the parent succeeds
+
+CVE: CVE-2023-2794
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/simutil.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/simutil.c b/src/simutil.c
+index 59d8d5d..0e131e8 100644
+--- a/src/simutil.c
++++ b/src/simutil.c
+@@ -588,8 +588,9 @@ gboolean ber_tlv_builder_set_length(struct ber_tlv_builder *builder,
+	if (new_pos > builder->max)
+		return FALSE;
+
+-	if (builder->parent)
+-		ber_tlv_builder_set_length(builder->parent, new_pos);
++	if (builder->parent &&
++			!ber_tlv_builder_set_length(builder->parent, new_pos))
++		return FALSE;
+
+	builder->len = new_len;
+
+@@ -730,9 +731,9 @@ gboolean comprehension_tlv_builder_set_length(
+	if (builder->pos + new_ctlv_len > builder->max)
+		return FALSE;
+
+-	if (builder->parent)
+-		ber_tlv_builder_set_length(builder->parent,
+-						builder->pos + new_ctlv_len);
++	if (builder->parent && !ber_tlv_builder_set_length(builder->parent,
++						builder->pos + new_ctlv_len))
++		return FALSE;
+
+	len = MIN(builder->len, new_len);
+	if (len > 0 && new_len_size != len_size)
+--
+2.25.1
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch
new file mode 100644
index 0000000000..3111b3007d
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch
@@ -0,0 +1,127 @@
+From 8fa1fdfcb54e1edb588c6a5e2688880b065a39c9 Mon Sep 17 00:00:00 2001
+From: Denis Kenzior <denkenz@gmail.com>
+Date: Mon, 5 Aug 2024 20:38:20 +0800
+Subject: [PATCH] smsutil: Use a safer strlcpy
+
+sms_address_from_string is meant as private API, to be used with string
+form addresses that have already been sanitized.  However, to be safe,
+use a safe version of strcpy to avoid overflowing the buffer in case the
+input was not sanitized properly.  While here, add a '__' prefix to the
+function name to help make it clearer that this API is private and
+should be used with more care.
+
+CVE: CVE-2023-2794
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/smsutil.c   | 14 +++++++-------
+ src/smsutil.h   |  2 +-
+ unit/test-sms.c |  6 +++---
+ 3 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 7746a71..e073a06 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1887,15 +1887,15 @@ time_t sms_scts_to_time(const struct sms_scts *scts, struct tm *remote)
+	return ret;
+ }
+
+-void sms_address_from_string(struct sms_address *addr, const char *str)
++void __sms_address_from_string(struct sms_address *addr, const char *str)
+ {
+	addr->numbering_plan = SMS_NUMBERING_PLAN_ISDN;
+	if (str[0] == '+') {
+		addr->number_type = SMS_NUMBER_TYPE_INTERNATIONAL;
+-		strcpy(addr->address, str + 1);
++		l_strlcpy(addr->address, str + 1, sizeof(addr->address));
+	} else {
+		addr->number_type = SMS_NUMBER_TYPE_UNKNOWN;
+-		strcpy(addr->address, str);
++		l_strlcpy(addr->address, str, sizeof(addr->address));
+	}
+ }
+
+@@ -3087,7 +3087,7 @@ gboolean status_report_assembly_report(struct status_report_assembly *assembly,
+		}
+	}
+
+-	sms_address_from_string(&addr, straddr);
++	__sms_address_from_string(&addr, straddr);
+
+	if (pending == TRUE && node->deliverable == TRUE) {
+		/*
+@@ -3180,7 +3180,7 @@ void status_report_assembly_expire(struct status_report_assembly *assembly,
+	while (g_hash_table_iter_next(&iter_addr, (gpointer) &straddr,
+					(gpointer) &id_table)) {
+
+-		sms_address_from_string(&addr, straddr);
++		__sms_address_from_string(&addr, straddr);
+		g_hash_table_iter_init(&iter_node, id_table);
+
+		/* Go through different messages. */
+@@ -3474,7 +3474,7 @@ GSList *sms_datagram_prepare(const char *to,
+	template.submit.vp.relative = 0xA7; /* 24 Hours */
+	template.submit.dcs = 0x04; /* Class Unspecified, 8 Bit */
+	template.submit.udhi = TRUE;
+-	sms_address_from_string(&template.submit.daddr, to);
++	__sms_address_from_string(&template.submit.daddr, to);
+
+	offset = 1;
+
+@@ -3601,7 +3601,7 @@ GSList *sms_text_prepare_with_alphabet(const char *to, const char *utf8,
+	template.submit.srr = use_delivery_reports;
+	template.submit.mr = 0;
+	template.submit.vp.relative = 0xA7; /* 24 Hours */
+-	sms_address_from_string(&template.submit.daddr, to);
++	__sms_address_from_string(&template.submit.daddr, to);
+
+	/* There are two enums for the same thing */
+	dialect = (enum gsm_dialect)alphabet;
+diff --git a/src/smsutil.h b/src/smsutil.h
+index 01487de..bc21504 100644
+--- a/src/smsutil.h
++++ b/src/smsutil.h
+@@ -487,7 +487,7 @@ int sms_udl_in_bytes(guint8 ud_len, guint8 dcs);
+ time_t sms_scts_to_time(const struct sms_scts *scts, struct tm *remote);
+
+ const char *sms_address_to_string(const struct sms_address *addr);
+-void sms_address_from_string(struct sms_address *addr, const char *str);
++void __sms_address_from_string(struct sms_address *addr, const char *str);
+
+ const guint8 *sms_extract_common(const struct sms *sms, gboolean *out_udhi,
+					guint8 *out_dcs, guint8 *out_udl,
+diff --git a/unit/test-sms.c b/unit/test-sms.c
+index 3bc099b..88293d5 100644
+--- a/unit/test-sms.c
++++ b/unit/test-sms.c
+@@ -1603,7 +1603,7 @@ static void test_sr_assembly(void)
+			sr3.status_report.mr);
+	}
+
+-	sms_address_from_string(&addr, "+4915259911630");
++	__sms_address_from_string(&addr, "+4915259911630");
+
+	sra = status_report_assembly_new(NULL);
+
+@@ -1626,7 +1626,7 @@ static void test_sr_assembly(void)
+	 * Send sms-message in the national address-format,
+	 * but receive in the international address-format.
+	 */
+-	sms_address_from_string(&addr, "9911630");
++	__sms_address_from_string(&addr, "9911630");
+	status_report_assembly_add_fragment(sra, sha1, &addr, 4, time(NULL), 2);
+	status_report_assembly_add_fragment(sra, sha1, &addr, 5, time(NULL), 2);
+
+@@ -1641,7 +1641,7 @@ static void test_sr_assembly(void)
+	 * Send sms-message in the international address-format,
+	 * but receive in the national address-format.
+	 */
+-	sms_address_from_string(&addr, "+358123456789");
++	__sms_address_from_string(&addr, "+358123456789");
+	status_report_assembly_add_fragment(sra, sha1, &addr, 6, time(NULL), 1);
+
+	g_assert(status_report_assembly_report(sra, &sr3, id, &delivered));
+--
+2.25.1
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index f4548b8a30..3ffb713472 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -14,6 +14,10 @@ SRC_URI = "\
     file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
     file://CVE-2023-4234.patch \
     file://CVE-2023-4233.patch \
+    file://CVE-2023-2794-0001.patch \
+    file://CVE-2023-2794-0002.patch \
+    file://CVE-2023-2794-0003.patch \
+    file://CVE-2023-2794-0004.patch \
 "
 SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
 

From patchwork Tue Aug 13 12:16:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47727
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A7E21C531DC
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:02 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web11.70597.1723551421964458765
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:02 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=poNi7ISq;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2cd48ad7f0dso4202145a91.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551421;
 x=1724156221; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Jpt3ur/JHBbrOhMAKL498vRc5RfvQp8jtdkvuxcMsmQ=;
        b=poNi7ISqBmYhgpmYY+v0bIJP57sg8f6vl5ps3NlW5JPsx8jwKN3YyEjBXhogIVVQ+R
         MCF6QmVjvhvFl5tyaXQNeUfd+BB3/+FPVz8Fz3Z+eZNB9to0gpKGjhqIMRXNR5jRUXK0
         adANQFnd7ClQA/VXMOO4upv5nBYdhfjMQoaVQrIqd9mzvf/OOghjcb8mtWfKTGW/Dssv
         NMGIuD80OTmfdWlFadSdnWzh/gACINDKNWsPf0GBCqgmj/FxIV0ZnDWjX0QY3OHKehHQ
         R2oWT3Hy1YOr21oC8sF8TvBiYfgBfKJiVSocLsup5dYgx1fiHZ/cXDf7FHJg4pz7vIOo
         E1hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551421; x=1724156221;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Jpt3ur/JHBbrOhMAKL498vRc5RfvQp8jtdkvuxcMsmQ=;
        b=aZkbbYBXHQPbXh5K6AXmafTJxR9G0fgK5pIkskaGvjcAIq3TYBRT/YhMKzX0jveg2O
         DACDjNGILdFSryXWBgY4AODXZDLu1MdteMazBPHBXLt1BOhuqnz4tT+Kk518Bqf5HPfX
         0n/fRYF/Urng2d2vnriR7YVJvoIKXxwQqgbtOVXJdUMzpzgq1Un9FgtRHi5vYKXlFGtY
         ttolygMfs329WiOfzpqLrTQr4mebh/UBYa+kMFnvqh8occ7Op9hwjKsAxTbUCewJNJpC
         HYwWGwltm/Tf5j19GKp6Hd1Z07w5700I3s35ooSSByi2dkvR0Zop75ltA6Hn2935i6Gh
         Us0Q==
X-Gm-Message-State: AOJu0YwpJxMV/vqI1LZR8HnTIZs/+VfymfX2+wpJvjPi4nX6lBQTpSUg
	GeYoeqTCcXTDvewklW7EjcnIS2B+RYdaCmvqunRLolOh5v4T7RkiwtAdGIDO8DS7uZV0kwDNgns
	L/+k=
X-Google-Smtp-Source: 
 AGHT+IExbIvm9bcupqdT3zku9MT5F1U9+k6etqawIZTvRQc/S0St6iRR4bgUjxkvFz2THvVW8eU9BA==
X-Received: by 2002:a17:90b:4c4c:b0:2c9:7f3d:6aea with SMTP id
 98e67ed59e1d1-2d3926547b0mr3566565a91.32.1723551421002;
        Tue, 13 Aug 2024 05:17:01 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:00 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/11] ghostscript: fix CVE-2024-29509
Date: Tue, 13 Aug 2024 05:16:42 -0700
Message-Id: 
 <545c6d11ddd707099d40c947934addbdcbd20e8f.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203269

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-29509.patch          | 45 +++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch
new file mode 100644
index 0000000000..8de97f91a0
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch
@@ -0,0 +1,45 @@
+From 917b3a71fb20748965254631199ad98210d6c2fb Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 25 Jan 2024 11:58:22 +0000
+Subject: [PATCH] Bug 707510 - don't use strlen on passwords
+
+Item #1 of the report. This looks like an oversight when first coding
+the routine. We should use the PostScript string length, because
+PostScript strings may not be NULL terminated (and as here may contain
+internal NULL characters).
+
+Fix the R6 handler which has the same problem too.
+
+CVE: CVE-2024-29509
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=917b3a71fb20748965254631199ad98210d6c2fb]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ pdf/pdf_sec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c
+index ff60805..2bb59e1 100644
+--- a/pdf/pdf_sec.c
++++ b/pdf/pdf_sec.c
+@@ -1250,7 +1250,7 @@ static int check_password_R5(pdf_context *ctx, char *Password, int PasswordLen,
+         if (code < 0) {
+             pdf_string *P = NULL, *P_UTF8 = NULL;
+
+-            code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
++	    code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
+             if (code < 0) {
+                 return code;
+             }
+@@ -1300,7 +1300,7 @@ static int check_password_R6(pdf_context *ctx, char *Password, int PasswordLen,
+         if (code < 0) {
+             pdf_string *P = NULL, *P_UTF8 = NULL;
+
+-            code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
++	    code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
+             if (code < 0)
+                 return code;
+             memcpy(P->data, Password, PasswordLen);
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index ab4a2def4c..f738b0133f 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -52,6 +52,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2023-52722.patch \
                 file://CVE-2024-29511-0001.patch \
                 file://CVE-2024-29511-0002.patch \
+                file://CVE-2024-29509.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \

From patchwork Tue Aug 13 12:16:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47735
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CD80EC52D7C
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:12 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web10.70863.1723551423565589739
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=m8ZKHAUt;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-2cb6662ba3aso3635414a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551423;
 x=1724156223; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/WoQNQwb6yJcaU/aDZTovrQh3AlbWu3JPGhP+z0AQuQ=;
        b=m8ZKHAUtF3tLn0SzsWf1H6UCVQmPXC1fOLf9bMXcs7ehvCh/iN1Y86BDq8JtvYL19S
         aHFt6LCuvBV7zO8rnqj38cAI03kGfIY9Bz6BPLEL9NuGAh7crEbespBXEzN2dcgE4efF
         Qa8Bub7y+PbpBD0U5vgdaU2rXP16JJ9kPPcDlnlM+9h0+HXbuvYNyL/qQnYNtsP9tQtN
         1rsHwGNefYsQbYWIMGKay1nxF/l71r8c+xMDXq4ypdZRk2jEVBUtsat14RshPHbNeQiK
         VsJ0YID9kzlL+QqzS/lJF4cJBHg78Okbd/jbKMTmBdemxHuXH1kYGVZJtx24VbyJmnGQ
         qs2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551423; x=1724156223;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/WoQNQwb6yJcaU/aDZTovrQh3AlbWu3JPGhP+z0AQuQ=;
        b=fViJPlQnTrC8+/YvDNNbnFdWEcFQAyO5rumT7GMy5KglIxw7oXtIYTGrsGy7LG3YN3
         RRJDL8ROZSRd67tzP4JVIo0Gn+SiuOdcHpqp87RIbNwTq+HZ06ZTMEo3WXDZbgamKyuL
         1rNPJZnLdEy02sSngvyYaX7GDh2tN5d6yZmgSO8Q0mH2wczTqcrMp+NM0bLGYk5P02PS
         mI05tBS0Ve20wCh96S2MYIEAHo8Gy7y1YWH+Pn4TY+cxnNobhqxQ9khbRdljr1VOh681
         EslrwnhmeV2MhRzb24Fnjz5v2IzY4Kjbm7MOIZRfhHIr/HnDfbOp0rARD6wNtfPqRPKZ
         9tYA==
X-Gm-Message-State: AOJu0Yxx1FdHXZjEMQjEJOtPNrfQcj3j6jsKTO+WtXeFLadxfK9hPHbT
	h5E63XgAAWVtc9JJfS6MTTaqxBshvoaqgsNvr4ThHtiRhJ1VAWOUwR8GdHS4p2b4ZJHX6M6+wbY
	Cjow=
X-Google-Smtp-Source: 
 AGHT+IEOAfY7Qyr6TabS/8k6sgkkJgHdgu7tPC4B3biy5MX4oTGDIIXSsUFLF9j/0R4s+13r5RGEPQ==
X-Received: by 2002:a17:90b:3b44:b0:2c8:4250:66a7 with SMTP id
 98e67ed59e1d1-2d394228aa3mr4103350a91.1.1723551422744;
        Tue, 13 Aug 2024 05:17:02 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/11] ghostscript: fix CVE-2024-29506
Date: Tue, 13 Aug 2024 05:16:43 -0700
Message-Id: 
 <fe38420cf065788befeef25a1cb127e95c3cc729.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:12 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203270

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-29506.patch          | 45 +++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch
new file mode 100644
index 0000000000..9f3f3e5da2
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch
@@ -0,0 +1,45 @@
+From 77dc7f699beba606937b7ea23b50cf5974fa64b1 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 25 Jan 2024 11:55:49 +0000
+Subject: [PATCH] Bug 707510 - don't allow PDF files with bad Filters to
+ overflow the debug buffer
+
+Item #2 of the report.
+
+Allocate a buffer to hold the filter name, instead of assuming it will
+fit in a fixed buffer.
+
+Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like
+this.
+
+CVE: CVE-2024-29506
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=77dc7f699beba606937b7ea23b50cf5974fa64b1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ pdf/pdf_file.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c
+index 214d448..93c2402 100644
+--- a/pdf/pdf_file.c
++++ b/pdf/pdf_file.c
+@@ -767,10 +767,14 @@ static int pdfi_apply_filter(pdf_context *ctx, pdf_dict *dict, pdf_name *n, pdf_
+
+     if (ctx->args.pdfdebug)
+     {
+-        char str[100];
++	char *str;
++        str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug");
++        if (str == NULL)
++            return_error(gs_error_VMerror);
+         memcpy(str, (const char *)n->data, n->length);
+         str[n->length] = '\0';
+         dmprintf1(ctx->memory, "FILTER NAME:%s\n", str);
++	gs_free_object(ctx->memory, str, "temp string for debug");
+     }
+
+     if (pdfi_name_is(n, "RunLengthDecode")) {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index f738b0133f..525086e2af 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -53,6 +53,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2024-29511-0001.patch \
                 file://CVE-2024-29511-0002.patch \
                 file://CVE-2024-29509.patch \
+                file://CVE-2024-29506.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \

From patchwork Tue Aug 13 12:16:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47737
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 07EC2C5320D
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:13 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web10.70865.1723551425715681775
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bxzplCYE;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-2cd48ad7f0dso4202292a91.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551425;
 x=1724156225; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=M8xqe5IKBAbLnrGT0fdRiTTuYeU8u90yXFvEKdENOBY=;
        b=bxzplCYEvV2dVNi8YuDqbEw6By9k8Y+z535U6o0SreQdx11jTnwCoPh8F0zF8KBSo/
         rSOi9ri40PPSjvUfGFd1WN76/qQL2yOFYnH4mJWMHq5rYu1+btI3F6aBmugWVIP+G4fi
         iCWGF/vqKoC9j4qqHqj2UIpJDL7TCic1hfRdZ/8QAcBHMkcP+9hmbYT7yIj/piSeqfX/
         xrtDXGRdqWI9vDKCtE6JOuglQEgcOpwf4tV0R1fY60NZcFfXl9g/+XGgNnLY1f8R8A7p
         kx6wU+xUCxQKGzKLgRecMEqqdSMwjnG6ZJgXeyalE/uDgVQVSW8mq0OgylEox43KDrDq
         wTdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551425; x=1724156225;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=M8xqe5IKBAbLnrGT0fdRiTTuYeU8u90yXFvEKdENOBY=;
        b=XtlcDez1VM2S0mYImnw3E5rpSSBm6Mh3BC+FJhHn9VC6GzgTZiSL9jYPcB94TyxIzx
         ibNBaZEMCAXbzMzJ+lwXHzfwklCQ6mzzq3HzM+Cc8klG9sn4P9J07UChKIFLHmZDSYaS
         wkO/Nb6pxGB5qdhrOH94SpD9W68NJznwevjz7SosQLubGEqdeoJPWzVt0C11E/zfa/aP
         xoRTnlE0HK6R5HxnQIdkxJe76hbR9UdQoAJMfqFlDt8v8a5SGyQmTCPo8+G2eyL/TDQa
         3cmH52+UmfLY2pBwy0HWVqCNgRgBj5E87luYYmzf4TPHCTPzI8xA8UylrL4jbhpD6VzL
         Yy9w==
X-Gm-Message-State: AOJu0YxeWQirCpUSU1QgGErkUo1n+23XqCl7EU5rndGKwQPt+Mvh7r+1
	dpcMDWC3ul3pWqCyb+mebLu79kyh13NRa6jHQg/+2Fz5+HMzV8ELydCOVEfhS1qPpburXmbaFYj
	7Fpw=
X-Google-Smtp-Source: 
 AGHT+IEAaZqDw6jyaKFVKL9VFHp4orE4t+1Gj5ZQTwz8do8cUCEvzWNfbx3/WXY9lE8dw1dWILsrsw==
X-Received: by 2002:a17:90a:cf95:b0:2c1:c648:1c50 with SMTP id
 98e67ed59e1d1-2d3925048a1mr3772048a91.17.1723551424665;
        Tue, 13 Aug 2024 05:17:04 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.03
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:04 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/11] go: fix CVE-2024-24791
Date: Tue, 13 Aug 2024 05:16:44 -0700
Message-Id: 
 <4f7ef33e4b22bae288a11ce4f0b6e913f142d2be.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203271

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.21/CVE-2024-24791.patch           | 359 ++++++++++++++++++
 2 files changed, 360 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24791.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index e83c4dfa80..349b0be6be 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -57,6 +57,7 @@ SRC_URI += "\
     file://CVE-2024-24785.patch \
     file://CVE-2023-45288.patch \
     file://CVE-2024-24789.patch \
+    file://CVE-2024-24791.patch \
 "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
 
diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2024-24791.patch b/meta/recipes-devtools/go/go-1.21/CVE-2024-24791.patch
new file mode 100644
index 0000000000..9f6a969cf6
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-24791.patch
@@ -0,0 +1,359 @@
+From c9be6ae748b7679b644a38182d456cb5a6ac06ee Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Thu, 6 Jun 2024 12:50:46 -0700
+Subject: [PATCH] [release-branch.go1.21] net/http: send body or close
+ connection on expect-100-continue requests
+
+When sending a request with an "Expect: 100-continue" header,
+we must send the request body before sending any further requests
+on the connection.
+
+When receiving a non-1xx response to an "Expect: 100-continue" request,
+send the request body if the connection isn't being closed after
+processing the response. In other words, if either the request
+or response contains a "Connection: close" header, then skip sending
+the request body (because the connection will not be used for
+further requests), but otherwise send it.
+
+Correct a comment on the server-side Expect: 100-continue handling
+that implied sending the request body is optional. It isn't.
+
+For #67555
+Fixes #68199
+
+Change-Id: Ia2f12091bee697771087f32ac347509ec5922d54
+Reviewed-on: https://go-review.googlesource.com/c/go/+/591255
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Reviewed-by: Jonathan Amsterdam <jba@google.com>
+(cherry picked from commit cf501e05e138e6911f759a5db786e90b295499b9)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/595096
+Reviewed-by: Joedian Reid <joedian@google.com>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+CVE: CVE-2024-24791
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/c9be6ae748b7679b644a38182d456cb5a6ac06ee ]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/net/http/server.go         |  25 ++--
+ src/net/http/transport.go      |  34 ++++--
+ src/net/http/transport_test.go | 203 ++++++++++++++++++++-------------
+ 3 files changed, 164 insertions(+), 98 deletions(-)
+
+diff --git a/src/net/http/server.go b/src/net/http/server.go
+index 4fc8fed..1648f1c 100644
+--- a/src/net/http/server.go
++++ b/src/net/http/server.go
+@@ -1297,16 +1297,21 @@ func (cw *chunkWriter) writeHeader(p []byte) {
+
+	// If the client wanted a 100-continue but we never sent it to
+	// them (or, more strictly: we never finished reading their
+-	// request body), don't reuse this connection because it's now
+-	// in an unknown state: we might be sending this response at
+-	// the same time the client is now sending its request body
+-	// after a timeout.  (Some HTTP clients send Expect:
+-	// 100-continue but knowing that some servers don't support
+-	// it, the clients set a timer and send the body later anyway)
+-	// If we haven't seen EOF, we can't skip over the unread body
+-	// because we don't know if the next bytes on the wire will be
+-	// the body-following-the-timer or the subsequent request.
+-	// See Issue 11549.
++	// request body), don't reuse this connection.
++	//
++	// This behavior was first added on the theory that we don't know
++	// if the next bytes on the wire are going to be the remainder of
++	// the request body or the subsequent request (see issue 11549),
++	// but that's not correct: If we keep using the connection,
++	// the client is required to send the request body whether we
++	// asked for it or not.
++	//
++	// We probably do want to skip reusing the connection in most cases,
++	// however. If the client is offering a large request body that we
++	// don't intend to use, then it's better to close the connection
++	// than to read the body. For now, assume that if we're sending
++	// headers, the handler is done reading the body and we should
++	// drop the connection if we haven't seen EOF.
+	if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() {
+		w.closeAfterReply = true
+	}
+diff --git a/src/net/http/transport.go b/src/net/http/transport.go
+index 309194e..e46ddef 100644
+--- a/src/net/http/transport.go
++++ b/src/net/http/transport.go
+@@ -2282,17 +2282,12 @@ func (pc *persistConn) readResponse(rc requestAndChan, trace *httptrace.ClientTr
+			return
+		}
+		resCode := resp.StatusCode
+-		if continueCh != nil {
+-			if resCode == 100 {
+-				if trace != nil && trace.Got100Continue != nil {
+-					trace.Got100Continue()
+-				}
+-				continueCh <- struct{}{}
+-				continueCh = nil
+-			} else if resCode >= 200 {
+-				close(continueCh)
+-				continueCh = nil
++		if continueCh != nil && resCode == StatusContinue {
++			if trace != nil && trace.Got100Continue != nil {
++				trace.Got100Continue()
+			}
++			continueCh <- struct{}{}
++			continueCh = nil
+		}
+		is1xx := 100 <= resCode && resCode <= 199
+		// treat 101 as a terminal status, see issue 26161
+@@ -2315,6 +2310,25 @@ func (pc *persistConn) readResponse(rc requestAndChan, trace *httptrace.ClientTr
+	if resp.isProtocolSwitch() {
+		resp.Body = newReadWriteCloserBody(pc.br, pc.conn)
+	}
++	if continueCh != nil {
++		// We send an "Expect: 100-continue" header, but the server
++		// responded with a terminal status and no 100 Continue.
++		//
++		// If we're going to keep using the connection, we need to send the request body.
++		// Tell writeLoop to skip sending the body if we're going to close the connection,
++		// or to send it otherwise.
++		//
++		// The case where we receive a 101 Switching Protocols response is a bit
++		// ambiguous, since we don't know what protocol we're switching to.
++		// Conceivably, it's one that doesn't need us to send the body.
++		// Given that we'll send the body if ExpectContinueTimeout expires,
++		// be consistent and always send it if we aren't closing the connection.
++		if resp.Close || rc.req.Close {
++			close(continueCh) // don't send the body; the connection will close
++		} else {
++			continueCh <- struct{}{} // send the body
++		}
++	}
+
+	resp.TLS = pc.tlsState
+	return
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index 58f12af..8000ecc 100644
+--- a/src/net/http/transport_test.go
++++ b/src/net/http/transport_test.go
+@@ -1130,95 +1130,142 @@ func TestTransportGzip(t *testing.T) {
+	}
+ }
+
+-// If a request has Expect:100-continue header, the request blocks sending body until the first response.
+-// Premature consumption of the request body should not be occurred.
+-func TestTransportExpect100Continue(t *testing.T) {
+-	setParallel(t)
+-	defer afterTest(t)
++// A transport100Continue test exercises Transport behaviors when sending a
++// request with an Expect: 100-continue header.
++type transport100ContinueTest struct {
++	t *testing.T
+
+-	ts := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) {
+-		switch req.URL.Path {
+-		case "/100":
+-			// This endpoint implicitly responds 100 Continue and reads body.
+-			if _, err := io.Copy(io.Discard, req.Body); err != nil {
+-				t.Error("Failed to read Body", err)
+-			}
+-			rw.WriteHeader(StatusOK)
+-		case "/200":
+-			// Go 1.5 adds Connection: close header if the client expect
+-			// continue but not entire request body is consumed.
+-			rw.WriteHeader(StatusOK)
+-		case "/500":
+-			rw.WriteHeader(StatusInternalServerError)
+-		case "/keepalive":
+-			// This hijacked endpoint responds error without Connection:close.
+-			_, bufrw, err := rw.(Hijacker).Hijack()
+-			if err != nil {
+-				log.Fatal(err)
+-			}
+-			bufrw.WriteString("HTTP/1.1 500 Internal Server Error\r\n")
+-			bufrw.WriteString("Content-Length: 0\r\n\r\n")
+-			bufrw.Flush()
+-		case "/timeout":
+-			// This endpoint tries to read body without 100 (Continue) response.
+-			// After ExpectContinueTimeout, the reading will be started.
+-			conn, bufrw, err := rw.(Hijacker).Hijack()
+-			if err != nil {
+-				log.Fatal(err)
+-			}
+-			if _, err := io.CopyN(io.Discard, bufrw, req.ContentLength); err != nil {
+-				t.Error("Failed to read Body", err)
+-			}
+-			bufrw.WriteString("HTTP/1.1 200 OK\r\n\r\n")
+-			bufrw.Flush()
+-			conn.Close()
+-		}
++	reqdone chan struct{}
++	resp    *Response
++	respErr error
+
+-	}))
+-	defer ts.Close()
++	conn   net.Conn
++	reader *bufio.Reader
++}
+
+-	tests := []struct {
+-		path   string
+-		body   []byte
+-		sent   int
+-		status int
+-	}{
+-		{path: "/100", body: []byte("hello"), sent: 5, status: 200},       // Got 100 followed by 200, entire body is sent.
+-		{path: "/200", body: []byte("hello"), sent: 0, status: 200},       // Got 200 without 100. body isn't sent.
+-		{path: "/500", body: []byte("hello"), sent: 0, status: 500},       // Got 500 without 100. body isn't sent.
+-		{path: "/keepalive", body: []byte("hello"), sent: 0, status: 500}, // Although without Connection:close, body isn't sent.
+-		{path: "/timeout", body: []byte("hello"), sent: 5, status: 200},   // Timeout exceeded and entire body is sent.
++const transport100ContinueTestBody = "request body"
++
++// newTransport100ContinueTest creates a Transport and sends an Expect: 100-continue
++// request on it.
++func newTransport100ContinueTest(t *testing.T, timeout time.Duration) *transport100ContinueTest {
++	ln := newLocalListener(t)
++	defer ln.Close()
++
++	test := &transport100ContinueTest{
++		t:       t,
++		reqdone: make(chan struct{}),
+	}
+
+-	c := ts.Client()
+-	for i, v := range tests {
+-		tr := &Transport{
+-			ExpectContinueTimeout: 2 * time.Second,
+-		}
+-		defer tr.CloseIdleConnections()
+-		c.Transport = tr
+-		body := bytes.NewReader(v.body)
+-		req, err := NewRequest("PUT", ts.URL+v.path, body)
+-		if err != nil {
+-			t.Fatal(err)
+-		}
++	tr := &Transport{
++		ExpectContinueTimeout: timeout,
++	}
++	go func() {
++		defer close(test.reqdone)
++		body := strings.NewReader(transport100ContinueTestBody)
++		req, _ := NewRequest("PUT", "http://"+ln.Addr().String(), body)
+		req.Header.Set("Expect", "100-continue")
+-		req.ContentLength = int64(len(v.body))
++		req.ContentLength = int64(len(transport100ContinueTestBody))
++		test.resp, test.respErr = tr.RoundTrip(req)
++		test.resp.Body.Close()
++	}()
+
+-		resp, err := c.Do(req)
+-		if err != nil {
+-			t.Fatal(err)
++	c, err := ln.Accept()
++	if err != nil {
++		t.Fatalf("Accept: %v", err)
++	}
++	t.Cleanup(func() {
++		c.Close()
++	})
++	br := bufio.NewReader(c)
++	_, err = ReadRequest(br)
++	if err != nil {
++		t.Fatalf("ReadRequest: %v", err)
++	}
++	test.conn = c
++	test.reader = br
++	t.Cleanup(func() {
++		<-test.reqdone
++		tr.CloseIdleConnections()
++		got, _ := io.ReadAll(test.reader)
++		if len(got) > 0 {
++			t.Fatalf("Transport sent unexpected bytes: %q", got)
+		}
+-		resp.Body.Close()
++	})
+
+-		sent := len(v.body) - body.Len()
+-		if v.status != resp.StatusCode {
+-			t.Errorf("test %d: status code should be %d but got %d. (%s)", i, v.status, resp.StatusCode, v.path)
+-		}
+-		if v.sent != sent {
+-			t.Errorf("test %d: sent body should be %d but sent %d. (%s)", i, v.sent, sent, v.path)
++	return test
++}
++
++// respond sends response lines from the server to the transport.
++func (test *transport100ContinueTest) respond(lines ...string) {
++	for _, line := range lines {
++		if _, err := test.conn.Write([]byte(line + "\r\n")); err != nil {
++			test.t.Fatalf("Write: %v", err)
+		}
+	}
++	if _, err := test.conn.Write([]byte("\r\n")); err != nil {
++		test.t.Fatalf("Write: %v", err)
++	}
++}
++
++// wantBodySent ensures the transport has sent the request body to the server.
++func (test *transport100ContinueTest) wantBodySent() {
++	got, err := io.ReadAll(io.LimitReader(test.reader, int64(len(transport100ContinueTestBody))))
++	if err != nil {
++		test.t.Fatalf("unexpected error reading body: %v", err)
++	}
++	if got, want := string(got), transport100ContinueTestBody; got != want {
++		test.t.Fatalf("unexpected body: got %q, want %q", got, want)
++	}
++}
++
++// wantRequestDone ensures the Transport.RoundTrip has completed with the expected status.
++func (test *transport100ContinueTest) wantRequestDone(want int) {
++	<-test.reqdone
++	if test.respErr != nil {
++		test.t.Fatalf("unexpected RoundTrip error: %v", test.respErr)
++	}
++	if got := test.resp.StatusCode; got != want {
++		test.t.Fatalf("unexpected response code: got %v, want %v", got, want)
++	}
++}
++
++func TestTransportExpect100ContinueSent(t *testing.T) {
++	test := newTransport100ContinueTest(t, 1*time.Hour)
++	// Server sends a 100 Continue response, and the client sends the request body.
++	test.respond("HTTP/1.1 100 Continue")
++	test.wantBodySent()
++	test.respond("HTTP/1.1 200", "Content-Length: 0")
++	test.wantRequestDone(200)
++}
++
++func TestTransportExpect100Continue200ResponseNoConnClose(t *testing.T) {
++	test := newTransport100ContinueTest(t, 1*time.Hour)
++	// No 100 Continue response, no Connection: close header.
++	test.respond("HTTP/1.1 200", "Content-Length: 0")
++	test.wantBodySent()
++	test.wantRequestDone(200)
++}
++
++func TestTransportExpect100Continue200ResponseWithConnClose(t *testing.T) {
++	test := newTransport100ContinueTest(t, 1*time.Hour)
++	// No 100 Continue response, Connection: close header set.
++	test.respond("HTTP/1.1 200", "Connection: close", "Content-Length: 0")
++	test.wantRequestDone(200)
++}
++
++func TestTransportExpect100Continue500ResponseNoConnClose(t *testing.T) {
++	test := newTransport100ContinueTest(t, 1*time.Hour)
++	// No 100 Continue response, no Connection: close header.
++	test.respond("HTTP/1.1 500", "Content-Length: 0")
++	test.wantBodySent()
++	test.wantRequestDone(500)
++}
++
++func TestTransportExpect100Continue500ResponseTimeout(t *testing.T) {
++	test := newTransport100ContinueTest(t, 5*time.Millisecond) // short timeout
++	test.wantBodySent()                                        // after timeout
++	test.respond("HTTP/1.1 200", "Content-Length: 0")
++	test.wantRequestDone(200)
+ }
+
+ func TestSOCKS5Proxy(t *testing.T) {
+--
+2.40.0

From patchwork Tue Aug 13 12:16:45 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47738
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EC10BC531DE
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:12 +0000 (UTC)
Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com
 [209.85.215.173])
 by mx.groups.io with SMTP id smtpd.web10.70867.1723551427775827531
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=1rI3TzFD;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f173.google.com with SMTP id
 41be03b00d2f7-7c1f480593bso3401507a12.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551427;
 x=1724156227; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zs0Q9FoHuC3oMgdST2cdZLiCxDHHF12uYvcRy51CSY4=;
        b=1rI3TzFDu3NV9UqGC6oWUVZWY77ffqHeY09CEm9qcToMoZHzVYgM9CwLszSHDVSEQp
         3c/YKphxgcNhT1YrFHW7YtVCHmbkvaptwi/k/wBhKVsvARAJdQvhVxwwnNG2+yPgRX4p
         JRYm2qhTB9IoE4QfUjpR16gvu+192NeWLYstEwq2WBqiXFel68llxTv0zR4vjgejT4sE
         P2Cq9ccIhe1haXFrmBGgHpl1PjKmQ5akfrsEBnt+/Z5rhhbS5Esks/I+IDhIs4NRlPL8
         bPdI8UIWeCvKvBmOctimLXfAVxnR1YzHko2Aqho6ZHX/tLuBLDnYgkCzvctKObexuUK2
         Bxww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551427; x=1724156227;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=zs0Q9FoHuC3oMgdST2cdZLiCxDHHF12uYvcRy51CSY4=;
        b=TA3iiKNOp3bk+DvHSXbijyGPrbTDwrvrLTcMgsTWgiGyHq2Du7O6MAFaGiExtW0Ggy
         /PFsUYWo9MxUNcZ7Gf+8wEbMJD0e7tvJT3rCEks7hjsWywRHKhEWvFyJIgVosI6rD0aD
         NdVsYbd6PfUdshuJs0BC9fLS2ZtXBuVUeLSdfqHF8zV4CZlGZfto5CRcOuKY8AbC+aTq
         k9KanSfRyz7VYazRWQcE9bJfed6TAi4nM1tmmEQl5FSWDmpOENPtDgzvpvraV6ZDLXJ+
         HqvLM31Bno3r/loS2MD2qSJZlvECxP4rkH9mW5/JFX27YXi9ScLTP8xC6rpG0bL6NoF2
         9uow==
X-Gm-Message-State: AOJu0Yy/G/2YYZ2+M7F+Vjrm8r/iob2xYGS1WDD80nDLMIZJOtmZ3DuA
	HMG3aljmYBEhRQxulKlaZgYo8taSUYA5MWIKBi17ny0RPL5dI2pFOlBluEN6ug8ITwIjTzLQ4Lr
	l/Y4=
X-Google-Smtp-Source: 
 AGHT+IEm+rewujwiK0zD+c+g0rFj3WjS01mjw+zAQIKXiJy7VYfAuhR13/O+Wwo8UZhZArl0QFTikA==
X-Received: by 2002:a17:90a:6289:b0:2c9:6b02:15ca with SMTP id
 98e67ed59e1d1-2d39268a699mr3661770a91.39.1723551426559;
        Tue, 13 Aug 2024 05:17:06 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:06 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/11] busybox: CVE-2023-42364, CVE-2023-42365,
 CVE-2023-42366 fixes
Date: Tue, 13 Aug 2024 05:16:45 -0700
Message-Id: 
 <0a79a466f2818fe367f1d0498712a0a59cd8c77f.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:12 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203272

From: Hitendra Prajapati <hprajapati@mvista.com>

backport upstream fix for CVEs and fix the regression that introduced [1]

[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/CVE-2023-42364_42365-1.patch      | 197 ++++++++++++++++++
 .../busybox/CVE-2023-42364_42365-2.patch      |  96 +++++++++
 .../busybox/busybox/CVE-2023-42366.patch      |  36 ++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   3 +
 4 files changed, 332 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-1.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-2.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42366.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-1.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-1.patch
new file mode 100644
index 0000000000..4f6aa69650
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-1.patch
@@ -0,0 +1,197 @@
+From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 30 May 2023 16:42:18 +0200
+Subject: [PATCH 1/2] awk: fix precedence of = relative to ==
+
+Discovered while adding code to disallow assignments to non-lvalues
+
+function                                             old     new   delta
+parse_expr                                           936     991     +55
+.rodata                                           105243  105247      +4
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0)               Total: 59 bytes
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4]
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4)
+
+CVE: CVE-2023-42364 CVE-2023-42365
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ editors/awk.c       | 66 ++++++++++++++++++++++++++++++---------------
+ testsuite/awk.tests |  5 ++++
+ 2 files changed, 50 insertions(+), 21 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index ec9301e..aff86fe 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n)
+ #undef P
+ #undef PRIMASK
+ #undef PRIMASK2
+-#define P(x)      (x << 24)
++/* Smaller 'x' means _higher_ operator precedence */
++#define PRECEDENCE(x) (x << 24)
++#define P(x)      PRECEDENCE(x)
+ #define PRIMASK   0x7F000000
+ #define PRIMASK2  0x7E000000
+ 
+@@ -360,7 +362,7 @@ enum {
+ 	OC_MOVE = 0x1f00,       OC_PGETLINE = 0x2000,   OC_REGEXP = 0x2100,
+ 	OC_REPLACE = 0x2200,    OC_RETURN = 0x2300,     OC_SPRINTF = 0x2400,
+ 	OC_TERNARY = 0x2500,    OC_UNARY = 0x2600,      OC_VAR = 0x2700,
+-	OC_DONE = 0x2800,
++	OC_CONST = 0x2800,      OC_DONE = 0x2900,
+ 
+ 	ST_IF = 0x3000,         ST_DO = 0x3100,         ST_FOR = 0x3200,
+ 	ST_WHILE = 0x3300
+@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+ 	TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(74),        OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+-	OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+-	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
++	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
++	OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
++	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
+ 	OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+ 	OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected)
+ 			save_tclass = tc;
+ 			save_info = t_info;
+ 			tc = TC_BINOPX;
+-			t_info = OC_CONCAT | SS | P(35);
++			t_info = OC_CONCAT | SS | PRECEDENCE(35);
+ 		}
+ 
+ 		t_tclass = tc;
+@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc)
+ {
+ 	node sn;
+ 	node *cn = &sn;
+-	node *vn, *glptr;
++	node *glptr;
+ 	uint32_t tc, expected_tc;
+-	var *v;
+ 
+ 	debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
+ 	debug_parse_print_tc(term_tc);
+@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc)
+ 	expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
+ 
+ 	while (!((tc = next_token(expected_tc)) & term_tc)) {
++		node *vn;
+ 
+ 		if (glptr && (t_info == TI_LESS)) {
+ 			/* input redirection (<) attached to glptr node */
+ 			debug_printf_parse("%s: input redir\n", __func__);
+-			cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
++			cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37));
+ 			cn->a.n = glptr;
+ 			expected_tc = TS_OPERAND | TS_UOPPRE;
+ 			glptr = NULL;
+@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc)
+ 			 * previous operators with higher priority */
+ 			vn = cn;
+ 			while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+-			    || ((t_info == vn->info) && t_info == TI_COLON)
++			    || (t_info == vn->info && t_info == TI_COLON)
+ 			) {
+ 				vn = vn->a.n;
+ 				if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
+ 			}
+ 			if (t_info == TI_TERNARY)
+ //TODO: why?
+-				t_info += P(6);
++				t_info += PRECEDENCE(6);
+ 			cn = vn->a.n->r.n = new_node(t_info);
+ 			cn->a.n = vn->a.n;
+ 			if (tc & TS_BINOP) {
+ 				cn->l.n = vn;
+-//FIXME: this is the place to detect and reject assignments to non-lvalues.
+-//Currently we allow "assignments" to consts and temporaries, nonsense like this:
+-// awk 'BEGIN { "qwe" = 1 }'
+-// awk 'BEGIN { 7 *= 7 }'
+-// awk 'BEGIN { length("qwe") = 1 }'
+-// awk 'BEGIN { (1+1) += 3 }'
++
++				/* Prevent:
++				 * awk 'BEGIN { "qwe" = 1 }'
++				 * awk 'BEGIN { 7 *= 7 }'
++				 * awk 'BEGIN { length("qwe") = 1 }'
++				 * awk 'BEGIN { (1+1) += 3 }'
++				 */
++				/* Assignment? (including *= and friends) */
++				if (((t_info & OPCLSMASK) == OC_MOVE)
++				 || ((t_info & OPCLSMASK) == OC_REPLACE)
++				) {
++					debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info);
++					/* Left side is a (variable or array element)
++					 * or function argument
++					 * or $FIELD ?
++					 */
++					if ((vn->info & OPCLSMASK) != OC_VAR
++					 && (vn->info & OPCLSMASK) != OC_FNARG
++					 && (vn->info & OPCLSMASK) != OC_FIELD
++					) {
++						syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
++					}
++				}
++
+ 				expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
+ 				if (t_info == TI_PGETLINE) {
+ 					/* it's a pipe */
+@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc)
+ 		/* one should be very careful with switch on tclass -
+ 		 * only simple tclasses should be used (TC_xyz, not TS_xyz) */
+ 		switch (tc) {
++			var *v;
++
+ 		case TC_VARIABLE:
+ 		case TC_ARRAY:
+ 			debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
+@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc)
+ 		case TC_NUMBER:
+ 		case TC_STRING:
+ 			debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
+-			cn->info = OC_VAR;
++			cn->info = OC_CONST;
+ 			v = cn->l.v = xzalloc(sizeof(var));
+-			if (tc & TC_NUMBER)
++			if (tc & TC_NUMBER) {
+ 				setvar_i(v, t_double);
+-			else {
++			 } else {
+ 				setvar_s(v, t_string);
+-				expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
+ 			}
++			expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */
+ 			break;
+ 
+ 		case TC_REGEXP:
+@@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res)
+ 
+ 		/* -- recursive node type -- */
+ 
++		case XC( OC_CONST ):
++			debug_printf_eval("CONST ");
+ 		case XC( OC_VAR ):
+ 			debug_printf_eval("VAR\n");
+ 			L.v = op->l.v;
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index ddc5104..a78fdcd 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -540,4 +540,9 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
++testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
++	"awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
++	'0\n1\n2\n1\n3\n' \
++	'' ''
++
+ exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-2.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-2.patch
new file mode 100644
index 0000000000..95f507d4d7
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-2.patch
@@ -0,0 +1,96 @@
+From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 21 May 2024 14:46:08 +0200
+Subject: [PATCH 2/2] awk: fix ternary operator and precedence of =
+
+Adjust the = precedence test to match behavior of gawk, mawk and
+FreeBSD.  awk 'BEGIN {print v=3==3; print v}' should print two '1'.
+
+To fix this, and to unbreak the ternary conditional operator, we restore
+the precedence of = in the token list, but override this with a lower
+priority when the assignment is on the right side of a compare.
+
+This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1]
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
+
+[1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95)
+
+CVE: CVE-2023-42364  CVE-2023-42365
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ editors/awk.c       | 18 ++++++++++++++----
+ testsuite/awk.tests |  9 +++++++--
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index aff86fe..f320d8c 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+ 	TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
+-	OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
+-	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
++#define TI_ASSIGN (OC_MOVE|VV|P(74))
++	OC_COMPARE|VV|P(39)|5,   TI_ASSIGN,               OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
++	OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
++	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+ 	OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+ 	OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc)
+ 			continue;
+ 		}
+ 		if (tc & (TS_BINOP | TC_UOPPOST)) {
++			int prio;
+ 			debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+ 			/* for binary and postfix-unary operators, jump back over
+ 			 * previous operators with higher priority */
+ 			vn = cn;
+-			while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
++			/* Let assignment get higher priority when used on right
++			 * side in compare. i.e: 2==v=3 */
++			if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) {
++				prio = PRECEDENCE(38);
++			} else {
++				prio = (t_info & PRIMASK);
++			}
++			while ((prio > (vn->a.n->info & PRIMASK2))
+ 			    || (t_info == vn->info && t_info == TI_COLON)
+ 			) {
+ 				vn = vn->a.n;
+@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc)
+ 					if ((vn->info & OPCLSMASK) != OC_VAR
+ 					 && (vn->info & OPCLSMASK) != OC_FNARG
+ 					 && (vn->info & OPCLSMASK) != OC_FIELD
++					 && (vn->info & OPCLSMASK) != OC_COMPARE
+ 					) {
+ 						syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
+ 					}
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index a78fdcd..d2706de 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -540,9 +540,14 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
+-testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
++testing "awk = has higher precedence than == on right side" \
+ 	"awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
+-	'0\n1\n2\n1\n3\n' \
++	'0\n1\n2\n1\n1\n' \
++	'' ''
++
++testing 'awk ternary precedence' \
++	"awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \
++	'no\n' \
+ 	'' ''
+ 
+ exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42366.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42366.patch
new file mode 100644
index 0000000000..d660768e2f
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-42366.patch
@@ -0,0 +1,36 @@
+From 8542236894a8d5f7393327117bc7f64787444efc Mon Sep 17 00:00:00 2001
+From: Valery Ushakov <uwe@stderr.spb.ru>
+Date: Wed, 24 Jan 2024 22:24:41 +0300
+Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874)
+
+Make sure we don't read past the end of the string in next_token()
+when backslash is the last character in an (invalid) regexp.
+a fix and issue reported in bugzilla
+
+https://bugs.busybox.net/show_bug.cgi?id=15874
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
+CVE: CVE-2023-42366
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ editors/awk.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index f320d8c..a53b193 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected)
+ 					s[-1] = bb_process_escape_sequence((const char **)&pp);
+ 					if (*p == '\\')
+ 						*s++ = '\\';
+-					if (pp == p)
++					if (pp == p) {
++						if (*p == '\0')
++							syntax_error(EMSG_UNEXP_EOS);
+ 						*s++ = *p++;
+-					else
++					} else
+ 						p = pp;
+ 				}
+ 			}
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index 1c7fe2f43e..dbcefbb274 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -54,6 +54,9 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
 	   file://CVE-2022-48174.patch \
            file://CVE-2021-42380.patch \
            file://CVE-2023-42363.patch \
+           file://CVE-2023-42364_42365-1.patch \
+           file://CVE-2023-42364_42365-2.patch \
+           file://CVE-2023-42366.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 

From patchwork Tue Aug 13 12:16:46 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47736
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E9D67C531DC
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:12 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web10.70868.1723551429182650496
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=u9G9RG87;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-2cd34c8c588so3605979a91.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551428;
 x=1724156228; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Hqt2u1tR0JQl9UfAN0hlrAlxYxk+OkIpB6yGQ9hBVcw=;
        b=u9G9RG87uth0iB1Pt23pqZtokcD9iwiRngkIdJ+V9CVVowo3OeHDqggw12UGtL6SZ7
         toJPyvghdKZ4LFb6CUc7Avo+Rmp2VOYoPcTFwhZWB1YBDa8ONfdxRZTObJAPNEBmNWNm
         5OfuZFYZuXrSeFqnPTIJNpCA9I5MHnacYqU7OkcowTgEW0RlOX9JUZiTxvI4SZ5zGbqn
         FLqgDU+08131VxveBk6NXq5z7WoHNrg42tBrESDG0Vs5UWISy36soAzWww0++AZBYfSY
         MHJFrppOqda6h6JS5mzG2Y5wPcpFS6tRCral2MdJx+N3weVOyIHQWVdgET7xULV7xuHt
         xgNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551428; x=1724156228;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Hqt2u1tR0JQl9UfAN0hlrAlxYxk+OkIpB6yGQ9hBVcw=;
        b=j9yHfyJYy6QgcjJwfEkORWvdeHU7Pi7V7RICPML3iz5fpxI9FVO46oqa1/jTbIhvgP
         0UKrjqARVKV9bqmuZT5Z7gIEWufN3HT2aExg41oiIZ44hU0/wT+z0GExWYh06Y4jrCYb
         +WWzNBlq77xRMLP3qFnQQKW15gMoSmjYBKrNrS3Ic2hhD8EQHLLIaZAPipwca4irc8G9
         9PynqHQfsQP7Gldgnj2NUwvSzt8UQkgSxpOcc2/fqctV1Wg7yzPKjGRQndfb6e7LYoR0
         VT8rOVMPeDm3XpMkESt4l2G2enrwSI8dU46XQ1ag3+zl67CRjXW8avyPyuUKzRAMtbBh
         umWA==
X-Gm-Message-State: AOJu0YzctCsarYpHhV2L840Qkns0NqgMPT0gr59aFRs0HOpJT4fiRaPM
	sdYymO+kuD5k9rfvvRnJCTNufL4f6EqpteTfF0brnJ1xr+0E4YMmiQLOC8dSfB2FNIDDlXxlUOr
	TzlA=
X-Google-Smtp-Source: 
 AGHT+IGa2VZlXlWbrAPYZRY2AVqdMKLz/cBeegegWLlPmNrtpnQHj3I+wYjWCXxfpqHLi1Q4otlRpA==
X-Received: by 2002:a17:90b:3504:b0:2c9:57a4:a8c4 with SMTP id
 98e67ed59e1d1-2d3926ac0c1mr3383782a91.42.1723551428282;
        Tue, 13 Aug 2024 05:17:08 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:08 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/11] python3-certifi: Fix CVE-2024-39689
Date: Tue, 13 Aug 2024 05:16:46 -0700
Message-Id: 
 <d16143fc8481b68b1253eddbd7c565c490e55a9c.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:12 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203273

From: Soumya Sambu <soumya.sambu@windriver.com>

Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized
root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root
certificates from `GLOBALTRUST` from the root store. These are in the
process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root
certificates are being removed pursuant to an investigation which
identified "long-running and unresolved compliance issues."Certifi is a
curated collection of Root Certificates for validating the trustworthiness
of SSL certificates while verifying the identity of TLS hosts. Certifi
starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates
from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from
`GLOBALTRUST` from the root store. These are in the process of being removed
from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being
removed pursuant to an investigation which identified "long-running and
unresolved compliance issues."

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-39689

Upstream-patch:
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../python3-certifi/CVE-2024-39689.patch      | 69 +++++++++++++++++++
 .../python/python3-certifi_2021.10.8.bb       |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch

diff --git a/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch b/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch
new file mode 100644
index 0000000000..a2ecc15d2c
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch
@@ -0,0 +1,69 @@
+From bd8153872e9c6fc98f4023df9c2deaffea2fa463 Mon Sep 17 00:00:00 2001
+From: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
+Date: Wed, 3 Jul 2024 21:34:29 -0400
+Subject: [PATCH] 2024.07.04 (#295)
+
+Co-authored-by: alex <772+alex@users.noreply.github.com>
+
+CVE: CVE-2024-39689
+
+Upstream-Status: Backport [https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ certifi/cacert.pem | 40 ----------------------------------------
+ 1 file changed, 40 deletions(-)
+
+diff --git a/certifi/cacert.pem b/certifi/cacert.pem
+index 1bec256..6bb8cf8 100644
+--- a/certifi/cacert.pem
++++ b/certifi/cacert.pem
+@@ -3857,46 +3857,6 @@ DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ
+ +RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=
+ -----END CERTIFICATE-----
+
+-# Issuer: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
+-# Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
+-# Label: "GLOBALTRUST 2020"
+-# Serial: 109160994242082918454945253
+-# MD5 Fingerprint: 8a:c7:6f:cb:6d:e3:cc:a2:f1:7c:83:fa:0e:78:d7:e8
+-# SHA1 Fingerprint: d0:67:c1:13:51:01:0c:aa:d0:c7:6a:65:37:31:16:26:4f:53:71:a2
+-# SHA256 Fingerprint: 9a:29:6a:51:82:d1:d4:51:a2:e3:7f:43:9b:74:da:af:a2:67:52:33:29:f9:0f:9a:0d:20:07:c3:34:e2:3c:9a
+------BEGIN CERTIFICATE-----
+-MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG
+-A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw
+-FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx
+-MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u
+-aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq
+-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b
+-RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z
+-YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3
+-QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw
+-yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+
+-BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ
+-SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH
+-r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0
+-4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me
+-dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw
+-q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2
+-nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+-AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu
+-H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
+-VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC
+-XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd
+-6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf
+-+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi
+-kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7
+-wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB
+-TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C
+-MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn
+-4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I
+-aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy
+-qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
+------END CERTIFICATE-----
+-
+ # Issuer: CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz
+ # Subject: CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz
+ # Label: "ANF Secure Server Root CA"
+--
+2.40.0
diff --git a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
index eb1574adf6..0d45041184 100644
--- a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
+++ b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"
 
 SRC_URI += "file://CVE-2022-23491.patch \
             file://CVE-2023-37920.patch \
+            file://CVE-2024-39689.patch \
            "
 
 SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"

From patchwork Tue Aug 13 12:16:47 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47733
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DB006C531DD
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:12 +0000 (UTC)
Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com
 [209.85.215.172])
 by mx.groups.io with SMTP id smtpd.web11.70601.1723551430849348328
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Yo4Boxao;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f172.google.com with SMTP id
 41be03b00d2f7-76cb5b6b3e4so3505497a12.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551430;
 x=1724156230; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uZOXkFcltwl+/HXHeS2TKh9SemYcS29+6L1xA+d8XFo=;
        b=Yo4BoxaonqqFErl5owmwlxsPlsBoBf9zpIlhJBUXhj1z+4HGkQ1N9pDXcsCQQjVO8K
         gaxSbALFkDuuoBikgWGe8t8iLcCgtrGySzsHG2wScD0r+brbq04VlxsXhBpuaPIKHTUO
         RI/aYCyr8+XBynAA1Dg6pPxf7e341CT81AF2iQ+FxgQLy91ARXe+XNXskTZjGL5iJWPQ
         rEzTMFAjQ1oILMrBE6BJTJYFc4O1jNgDuN1C4SybBcvaJpNJxfPPFgZkFtxl8XDcQv9u
         P+0GzBJez2xz3yuS3LcTF7PfJGHwEg5FDz0lNvMJ10mdEAhz1rYtLtGppeysTjY9w1kO
         LvDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551430; x=1724156230;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=uZOXkFcltwl+/HXHeS2TKh9SemYcS29+6L1xA+d8XFo=;
        b=Q+/GRecNInuQdaO69ieOM1iNowNO4VD2o2+K2dgfdl8cIY3gK+gG+3FZ4ldTqgnW4d
         lT+pmQbGFo2DGWX5NNMdXovUq1pUnQze6Y4Zjl7nzF1L1EPtkzzG5TFisP6o3j+aTZpK
         VVyMhuNNN6/e1/CBoM+Ju/0ZglJMG+qk/QpUF91hBYjBjQpxRWgojihCBpGtwYtFBFay
         SovICPBUh7ypErE+W0cTcL64uDLdRkrHWEfYoOg52NamuWu6OIkmXTSoXljPqFLAq3vl
         ywG38PB0W9URxwKOZOfB4JPnyN0DqjpMso+TWB4yeXN02x53GDS42EkekC6TC5YTzbLw
         Em6Q==
X-Gm-Message-State: AOJu0Yxa5yojEUarAXC9+J9q5llYUv8zArDTJMnssozH689y8RYGkAAC
	EGdQ8Towygye2HNHwTjUhDhnDFTmkcua3/vZ5IoDMBMd5kkuH69YQOqp4T4zdpmn2nMHQ3ZDiyX
	ziC4=
X-Google-Smtp-Source: 
 AGHT+IE1ki3/4N+UEwARWZVpSx0yxji/9CmAO7in46Qa6tXsgwTv9XiPnX0q/krsKeTp9YLJh7X2xw==
X-Received: by 2002:a17:90a:9ef:b0:2c9:b72:7a1f with SMTP id
 98e67ed59e1d1-2d39264f73amr3424935a91.28.1723551429890;
        Tue, 13 Aug 2024 05:17:09 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:09 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 10/11] orc: upgrade 0.4.32 -> 0.4.39
Date: Tue, 13 Aug 2024 05:16:47 -0700
Message-Id: 
 <092d2a6df6eae6f93a35a0429d2cdfc9b246cecf.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:12 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203274

From: Vijay Anusuri <vanusuri@mvista.com>

Include security fix CVE-2024-40897

Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/orc/{orc_0.4.32.bb => orc_0.4.39.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/orc/{orc_0.4.32.bb => orc_0.4.39.bb} (92%)

diff --git a/meta/recipes-devtools/orc/orc_0.4.32.bb b/meta/recipes-devtools/orc/orc_0.4.39.bb
similarity index 92%
rename from meta/recipes-devtools/orc/orc_0.4.32.bb
rename to meta/recipes-devtools/orc/orc_0.4.39.bb
index 829255f110..320abf536a 100644
--- a/meta/recipes-devtools/orc/orc_0.4.32.bb
+++ b/meta/recipes-devtools/orc/orc_0.4.39.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e"
 
 SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a66e3d8f2b7e65178d786a01ef61f2a0a0b4d0b8370de7ce134ba73da4af18f0"
+SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0"
 
 inherit meson pkgconfig gtk-doc
 

From patchwork Tue Aug 13 12:16:48 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 47734
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA6B7C531DF
	for <webhook@archiver.kernel.org>; Tue, 13 Aug 2024 12:17:12 +0000 (UTC)
Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com
 [209.85.215.176])
 by mx.groups.io with SMTP id smtpd.web11.70602.1723551432484912793
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:12 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bDt/obJp;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f176.google.com with SMTP id
 41be03b00d2f7-7c3d9a5e050so1914265a12.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 Aug 2024 05:17:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1723551432;
 x=1724156232; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=O/xPi4U7jK0JjC587Y8vsp4dPfMTPaWLwXZ7Z43Ty5s=;
        b=bDt/obJps6n9YoSHvBAocS88SUAgUC+JaadZ0kIHCeUOTwgctzjLaI0xOlIa7T4hyr
         7kzIRT6K4nCCdSwx2cpZTIFFTJ+tETKOwdibPPlxuFRQEgjDE1dR0CVlelE5EEOmKVnQ
         7wIAsX0VBeQv5NcBLSuLAuAY+YGYj7SF8mA6THrV7g1tCc/DFY5Vo6lImkAw/XQGShnB
         MIdBKRHru1R8RyipHg/i95l7vJlb83VmT9sHCz7SFgsbhEpe2rceoCzyZnnXSMfaCKCv
         6ikApUM414CSrog8OvJL0NRh5J4ChwtnlikMmVVEhxAYCSw/KIrelH2uR6/FZk1ssWRg
         KdEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723551432; x=1724156232;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=O/xPi4U7jK0JjC587Y8vsp4dPfMTPaWLwXZ7Z43Ty5s=;
        b=b8+oZsJ/2Z3yj0zqS4lXilSikRNS3rlLF5s/bQ2hB1hYJHDm5QUhXX22wWCJa8SNQx
         bWdEn9RZxMh0bbViiIKs9mA7XeqfT4EuNbIvmOpYy6RpFGeppQp28k9G9wT160KgZV3r
         83Uj4SUXEA6SLXAngK+jS6c9kAXZPx00Jjkz6iso41EaMjgm2ka9VltUsUmBDRhMM8Sk
         tO3hx9tNZQfkaJHqmZapwbmtHCG3Gp//UffTtMuS4H+9W4zGsheJM36mCwlmS/b+GMdk
         alP8QHTuaWqvqKoBD0IyedPf9vgxW/4rRwK9ZnAGEvifQzDoIkotPSGgQPnIwV75zdRK
         qxaQ==
X-Gm-Message-State: AOJu0YwFEnQc1352BJTbbYtHxQYSa+j+IvJpwpYZDlL9DDhifTeQse//
	7pBVjWFiqh4NxAICErQoldg0JsUKDVs7m5ZH1NxCHG5iAOFOyfDu1z4U+lTY9e4q7OA8fLA7tMo
	8K9E=
X-Google-Smtp-Source: 
 AGHT+IHaBOSRu937l9ePtSXy4JCoGI2WAGbOE6exkQijaostFJjVoT2uWf5oyglXMWDTdC2kD6qP7w==
X-Received: by 2002:a17:90a:540d:b0:2cd:2c4d:9345 with SMTP id
 98e67ed59e1d1-2d3924cb70dmr3592968a91.6.1723551431610;
        Tue, 13 Aug 2024 05:17:11 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2d1fced1838sm7148998a91.23.2024.08.13.05.17.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Aug 2024 05:17:11 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 11/11] python3-pycryptodome(x): use
 python_setuptools_build_meta build class
Date: Tue, 13 Aug 2024 05:16:48 -0700
Message-Id: 
 <037652806f786658f3dd091704befbc67dd2786d.1723551231.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1723551231.git.steve@sakoman.com>
References: <cover.1723551231.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 Aug 2024 12:17:12 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/203275

From: Ross Burton <ross.burton@arm.com>

This package can be built using pep517 classes now.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a32fa3e64d1daf5846c29403e9f258aea42212d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb  | 2 +-
 meta/recipes-devtools/python/python3-pycryptodomex_3.14.1.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb b/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb
index 1e6c514224..fef9d2c96e 100644
--- a/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb
+++ b/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb
@@ -1,5 +1,5 @@
 require python-pycryptodome.inc
-inherit setuptools3
+inherit python_setuptools_build_meta
 
 SRC_URI[sha256sum] = "e04e40a7f8c1669195536a37979dd87da2c32dbdc73d6fe35f0077b0c17c803b"
 
diff --git a/meta/recipes-devtools/python/python3-pycryptodomex_3.14.1.bb b/meta/recipes-devtools/python/python3-pycryptodomex_3.14.1.bb
index 31ad3fda5e..c981e53815 100644
--- a/meta/recipes-devtools/python/python3-pycryptodomex_3.14.1.bb
+++ b/meta/recipes-devtools/python/python3-pycryptodomex_3.14.1.bb
@@ -1,5 +1,5 @@
 require python-pycryptodome.inc
-inherit setuptools3
+inherit python_setuptools_build_meta
 
 SRC_URI[sha256sum] = "2ce76ed0081fd6ac8c74edc75b9d14eca2064173af79843c24fa62573263c1f2"