From patchwork Mon Sep 23 13:13:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49459 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3F88CF9C73 for ; Mon, 23 Sep 2024 13:14:13 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.36176.1727097245528702974 for ; Mon, 23 Sep 2024 06:14:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nDk3BNMX; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7198cb6bb02so3085797b3a.3 for ; Mon, 23 Sep 2024 06:14:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097245; x=1727702045; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3dNVlxhbiX0eiy+548nLRF0C/OMocquK5wrrTHX2ET4=; b=nDk3BNMXrYAAe4qtpLQuBYXno8xJ8JkfVygP0O2pr7SbimQkUE/lJrL9OKt79PR3Qt apSpjL42EwzeWF8VEBi52w7rsLjHfqFrpoMm+jtQZqd3+PomvsXqHd0NO1OggRxDLhv5 J0TRe6STYEPDaNl+8DhVRrz/HdolM9WPtw/K2qMv5J5bmfRmiQeHmqp+2L/pp8lkmDff 0XR05AhOmLYjYBmis8vl/t/p7lFc9MFQmz/gjbdWxTNh9qMRgcuT6jwoOdDauUZcLcGb cY6alE4HULYhBKSyc6GyAxK5uuHm9s6UZqI1ZxlZudiu8M/zIrfUYFVIKne65a8M7Ml+ Vt7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097245; x=1727702045; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3dNVlxhbiX0eiy+548nLRF0C/OMocquK5wrrTHX2ET4=; b=hBMmma/iaVxVRYmY50IYof6JEQJSxfFLpZkfN9c3iTusNa1wyohvg0hu1chz3c146r fdAoE/eLahwH337Tdo+RT6HBUmXFdUys1pSrR7t3SvZr16hv5KtCSx82K6MpIDLpRDcq 201vbWdTORna0/DdXlvvR092Z+li/VhrvPQJWcmiLZ9MZr/yB33PXkICTDhGL4F6cECl /71juvHu4I5an3kksmo4Cosp3KoJu8JAubGT7a6GmoAqJMZfW3JTOoLmA7P0cv3sTNNM YLBbrLpsKnaHW++AmiPoLIuCRoohdf6yzdtSKT95jUpJ1/XqXjRBcWh3+iI+7FnV+CI3 44Pg== X-Gm-Message-State: AOJu0YzKS8ml/OmOQZoFczs7Dnry47YNVaAKl8/7ifu7Ago5e/6u3JYl 13/U2nGmPN1A/QYYoCoaYyR1rmtWPYHniuNjdvgmVL7Vwuui0j4SI2BnZyk7zTU13NIShOcTiTQ rVn0= X-Google-Smtp-Source: AGHT+IE12vTHt21nbIYdpGaJvL0SHj1obmdbW/n3oTSw56gdptZZI4Z9s71+yYuQgGZ3LwBsgaJEOA== X-Received: by 2002:a05:6a20:d498:b0:1c0:ec1c:f4a5 with SMTP id adf61e73a8af0-1d30ca2102amr17910372637.25.1727097243674; Mon, 23 Sep 2024 06:14:03 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/15] libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006 Date: Mon, 23 Sep 2024 06:13:42 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204807 From: Vijay Anusuri Reference: https://security-tracker.debian.org/tracker/CVE-2023-7256 https://security-tracker.debian.org/tracker/CVE-2024-8006 Upstream commits: https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e https://github.com/the-tcpdump-group/libpcap/commit/f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6 https://github.com/the-tcpdump-group/libpcap/commit/c1ceab8f191031a81996035af20685e6f9b7f1b7 https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../libpcap/libpcap/CVE-2023-7256-pre1.patch | 99 +++++ .../libpcap/libpcap/CVE-2023-7256-pre2.patch | 131 +++++++ .../libpcap/libpcap/CVE-2023-7256-pre3.patch | 67 ++++ .../libpcap/libpcap/CVE-2023-7256-pre4.patch | 37 ++ .../libpcap/libpcap/CVE-2023-7256.patch | 368 ++++++++++++++++++ .../libpcap/libpcap/CVE-2024-8006.patch | 42 ++ .../libpcap/libpcap_1.10.1.bb | 10 +- 7 files changed, 753 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch new file mode 100644 index 0000000000..6965034656 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch @@ -0,0 +1,99 @@ +From f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Wed, 21 Jul 2021 23:50:32 -0700 +Subject: [PATCH] rpcap: don't do pointless integer->string and then + string->integer conversions. + +The string->integer conversion was also broken, as it passed a pointer +to a 16-bit integer to a sscanf() call that used %d rather than %hd. +It'd overwrite 2 bytes past the 16-bit integer; it may set the integer +"correctly" on a little-endian, but wouldn't even do *that* on a +big-endian machine. + +(cherry picked from commit efaddfe8eae4dab252bb2d35e004a40e4b72db24) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/f72f48a26abdd2eb11a4a8fb3596ee67b8f8cbe6] +CVE: CVE-2023-7256 #Dependency Patch1 +Signed-off-by: Vijay Anusuri +--- + pcap-rpcap.c | 34 ++++++++++++++++++++++++---------- + 1 file changed, 24 insertions(+), 10 deletions(-) + +diff --git a/pcap-rpcap.c b/pcap-rpcap.c +index 225b420904..f5c126dbc1 100644 +--- a/pcap-rpcap.c ++++ b/pcap-rpcap.c +@@ -1060,7 +1060,7 @@ static int pcap_startcapture_remote(pcap_t *fp) + struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */ + char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */ + int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */ +- char portdata[PCAP_BUF_SIZE]; /* temp variable needed to keep the network port for the data connection */ ++ uint16 portdata = 0; /* temp variable needed to keep the network port for the data connection */ + uint32 plen; + int active = 0; /* '1' if we're in active mode */ + struct activehosts *temp; /* temp var needed to scan the host list chain, to detect if we're in active mode */ +@@ -1073,6 +1073,8 @@ static int pcap_startcapture_remote(pcap_t *fp) + struct sockaddr_storage saddr; /* temp, needed to retrieve the network data port chosen on the local machine */ + socklen_t saddrlen; /* temp, needed to retrieve the network data port chosen on the local machine */ + int ai_family; /* temp, keeps the address family used by the control connection */ ++ struct sockaddr_in *sin4; ++ struct sockaddr_in6 *sin6; + + /* RPCAP-related variables*/ + struct rpcap_header header; /* header of the RPCAP packet */ +@@ -1171,11 +1173,22 @@ static int pcap_startcapture_remote(pcap_t *fp) + goto error_nodiscard; + } + +- /* Get the local port the system picked up */ +- if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, +- 0, portdata, sizeof(portdata), NI_NUMERICSERV)) +- { +- sock_geterror("getnameinfo()", fp->errbuf, PCAP_ERRBUF_SIZE); ++ switch (saddr.ss_family) { ++ ++ case AF_INET: ++ sin4 = (struct sockaddr_in *)&saddr; ++ portdata = sin4->sin_port; ++ break; ++ ++ case AF_INET6: ++ sin6 = (struct sockaddr_in6 *)&saddr; ++ portdata = sin6->sin6_port; ++ break; ++ ++ default: ++ snprintf(fp->errbuf, PCAP_ERRBUF_SIZE, ++ "Local address has unknown address family %u", ++ saddr.ss_family); + goto error_nodiscard; + } + } +@@ -1208,8 +1221,7 @@ static int pcap_startcapture_remote(pcap_t *fp) + /* portdata on the openreq is meaningful only if we're in active mode */ + if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)) + { +- sscanf(portdata, "%d", (int *)&(startcapreq->portdata)); /* cast to avoid a compiler warning */ +- startcapreq->portdata = htons(startcapreq->portdata); ++ startcapreq->portdata = portdata; + } + + startcapreq->snaplen = htonl(fp->snapshot); +@@ -1258,13 +1270,15 @@ static int pcap_startcapture_remote(pcap_t *fp) + { + if (!active) + { ++ char portstring[PCAP_BUF_SIZE]; ++ + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = ai_family; /* Use the same address family of the control socket */ + hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM; +- snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); ++ snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) + goto error; + + if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch new file mode 100644 index 0000000000..618480f10e --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch @@ -0,0 +1,131 @@ +From ba493d37d418b126d7357df553bd065cbc99384e Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Sun, 31 Jul 2022 11:30:43 -0700 +Subject: [PATCH] rpcap: improve error messages for host and port resolution + errors. + +If we don't want a particular port nuber in a sock_initaddress() call, +pass NULL rather than "0". If the service name parameter passsed to +sock_initaddress() is NULL, pass "0" as the service name parameter to +getaddrinfo(). + +Have get_gai_errstring() precede the host/port name information with an +indication as to whethe it's a host name, port name, or host name and +port name. Don't say "host name" for EAI_NONAME; rely on the +description get_gai_errstring() provides. If there's only a port +number, don't preceded it with ":" in get_gai_errstring(). + +This makes the error message reported if a host and port are provided +not say that the host name couldn't be resolved, because it could be a +problem with the port name (sadly, getaddinfo() doesn't indicate which +is the one with the problem). + +It also makes the error message reported if only a port is provided not +say that it's a problem with the host name or show the "host name" as +":". + +(cherry picked from commit 33cf6fb70a13a982d70f6a5e5e63aa765073c8e8) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e] +CVE: CVE-2023-7256 #Dependency Patch2 +Signed-off-by: Vijay Anusuri +--- + pcap-rpcap.c | 6 +++--- + rpcapd/daemon.c | 4 ++-- + sockutils.c | 19 ++++++++++++++----- + 3 files changed, 19 insertions(+), 10 deletions(-) + +diff --git a/pcap-rpcap.c b/pcap-rpcap.c +index 889ade32f6..b68af65d52 100644 +--- a/pcap-rpcap.c ++++ b/pcap-rpcap.c +@@ -1020,7 +1020,7 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf) + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf, ++ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, + PCAP_ERRBUF_SIZE); + if (retval != 0) + { +@@ -1172,7 +1172,7 @@ static int pcap_startcapture_remote(pcap_t *fp) + hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */ + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) + goto error_nodiscard; + + if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, +@@ -3024,7 +3024,7 @@ int pcap_remoteact_close(const char *host, char *errbuf) + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, "0", &hints, &addrinfo, errbuf, ++ retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, + PCAP_ERRBUF_SIZE); + if (retval != 0) + { +diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c +index 362f4b9bb0..4b91a43242 100644 +--- a/rpcapd/daemon.c ++++ b/rpcapd/daemon.c +@@ -2085,8 +2085,8 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, + { + hints.ai_flags = AI_PASSIVE; + +- // Let's the server socket pick up a free network port for us +- if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) ++ // Make the server socket pick up a free network port for us ++ if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) + goto error; + + if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +diff --git a/sockutils.c b/sockutils.c +index a34f0d1738..ca5b683720 100644 +--- a/sockutils.c ++++ b/sockutils.c +@@ -548,13 +548,13 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err, + char hostport[PCAP_ERRBUF_SIZE]; + + if (hostname != NULL && portname != NULL) +- snprintf(hostport, PCAP_ERRBUF_SIZE, "%s:%s", ++ snprintf(hostport, PCAP_ERRBUF_SIZE, "host and port %s:%s", + hostname, portname); + else if (hostname != NULL) +- snprintf(hostport, PCAP_ERRBUF_SIZE, "%s", ++ snprintf(hostport, PCAP_ERRBUF_SIZE, "host %s", + hostname); + else if (portname != NULL) +- snprintf(hostport, PCAP_ERRBUF_SIZE, ":%s", ++ snprintf(hostport, PCAP_ERRBUF_SIZE, "port %s", + portname); + else + snprintf(hostport, PCAP_ERRBUF_SIZE, ""); +@@ -618,7 +618,7 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err, + + case EAI_NONAME: + snprintf(errbuf, errbuflen, +- "%sThe host name %s couldn't be resolved", ++ "%sThe %s couldn't be resolved", + prefix, hostport); + break; + +@@ -720,7 +720,16 @@ int sock_initaddress(const char *host, const char *port, + { + int retval; + +- retval = getaddrinfo(host, port, hints, addrinfo); ++ /* ++ * We allow both the host and port to be null, but getaddrinfo() ++ * is not guaranteed to do so; to handle that, if port is null, ++ * we provide "0" as the port number. ++ * ++ * This results in better error messages from get_gai_errstring(), ++ * as those messages won't talk about a problem with the port if ++ * no port was specified. ++ */ ++ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo); + if (retval != 0) + { + if (errbuf) diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch new file mode 100644 index 0000000000..12d42fb252 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch @@ -0,0 +1,67 @@ +From c1ceab8f191031a81996035af20685e6f9b7f1b7 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Sun, 31 Jul 2022 11:54:22 -0700 +Subject: [PATCH] rpcap: try to distringuish between host and port errors. + +getaddrinfo() won't do it for us, so do it ourselves. + +(cherry picked from commit a83992a1bec91661b2f0e1a6fc910343793a97f1) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/c1ceab8f191031a81996035af20685e6f9b7f1b7] +CVE: CVE-2023-7256 #Dependency Patch3 +Signed-off-by: Vijay Anusuri +--- + sockutils.c | 40 ++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 2 deletions(-) + +diff --git a/sockutils.c b/sockutils.c +index ca5b683720..84024ac67d 100644 +--- a/sockutils.c ++++ b/sockutils.c +@@ -734,8 +734,44 @@ int sock_initaddress(const char *host, const char *port, + { + if (errbuf) + { +- get_gai_errstring(errbuf, errbuflen, "", retval, +- host, port); ++ if (host != NULL && port != NULL) { ++ /* ++ * Try with just a host, to distinguish ++ * between "host is bad" and "port is ++ * bad". ++ */ ++ int try_retval; ++ ++ try_retval = getaddrinfo(host, NULL, hints, ++ addrinfo); ++ if (try_retval == 0) { ++ /* ++ * Worked with just the host, ++ * so assume the problem is ++ * with the port. ++ * ++ * Free up the addres info first. ++ */ ++ freeaddrinfo(*addrinfo); ++ get_gai_errstring(errbuf, errbuflen, ++ "", retval, NULL, port); ++ } else { ++ /* ++ * Didn't work with just the host, ++ * so assume the problem is ++ * with the host. ++ */ ++ get_gai_errstring(errbuf, errbuflen, ++ "", retval, host, NULL); ++ } ++ } else { ++ /* ++ * Either the host or port was null, so ++ * there's nothing to determine. ++ */ ++ get_gai_errstring(errbuf, errbuflen, "", ++ retval, host, port); ++ } + } + return -1; + } diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch new file mode 100644 index 0000000000..dcf203f754 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch @@ -0,0 +1,37 @@ +From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001 +From: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue, 16 May 2023 12:37:11 -0400 +Subject: [PATCH] Remove unused variable retval in sock_present2network + +This quiets the compiler since it is not even returned anyway, and is a misleading variable name. + +(cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f] +CVE: CVE-2023-7256 #Dependency Patch4 +Signed-off-by: Vijay Anusuri +--- + sockutils.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/sockutils.c b/sockutils.c +index 1c07f76fd1..6752f296af 100644 +--- a/sockutils.c ++++ b/sockutils.c +@@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres + */ + int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen) + { +- int retval; + struct addrinfo *addrinfo; + struct addrinfo hints; + +@@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, + + hints.ai_family = addr_family; + +- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1) ++ if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1) + return 0; + + if (addrinfo->ai_family == PF_INET) diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch new file mode 100644 index 0000000000..2b6c6476a9 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch @@ -0,0 +1,368 @@ +From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Thu, 28 Sep 2023 00:37:57 -0700 +Subject: [PATCH] Have sock_initaddress() return the list of addrinfo + structures or NULL. + +Its return address is currently 0 for success and -1 for failure, with a +pointer to the first element of the list of struct addrinfos returned +through a pointer on success; change it to return that pointer on +success and NULL on failure. + +That way, we don't have to worry about what happens to the pointer +pointeed to by the argument in question on failure; we know that we got +NULL back if no struct addrinfos were found because getaddrinfo() +failed. Thus, we know that we have something to free iff +sock_initaddress() returned a pointer to that something rather than +returning NULL. + +This avoids a double-free in some cases. + +This is apparently CVE-2023-40400. + +(backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d] +CVE: CVE-2023-7256 +Signed-off-by: Vijay Anusuri +--- + pcap-rpcap.c | 48 ++++++++++++++++++++-------------------- + rpcapd/daemon.c | 8 +++++-- + rpcapd/rpcapd.c | 8 +++++-- + sockutils.c | 58 ++++++++++++++++++++++++++++--------------------- + sockutils.h | 5 ++--- + 5 files changed, 72 insertions(+), 55 deletions(-) + +diff --git a/pcap-rpcap.c b/pcap-rpcap.c +index 91f8557..733077b 100644 +--- a/pcap-rpcap.c ++++ b/pcap-rpcap.c +@@ -995,7 +995,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf) + { + struct activehosts *temp; /* temp var needed to scan the host list chain */ + struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ +- int retval; + + /* retrieve the network address corresponding to 'host' */ + addrinfo = NULL; +@@ -1003,9 +1002,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf) + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, ++ addrinfo = sock_initaddress(host, NULL, &hints, errbuf, + PCAP_ERRBUF_SIZE); +- if (retval != 0) ++ if (addrinfo == NULL) + { + *error = 1; + return NULL; +@@ -1153,7 +1152,9 @@ static int pcap_startcapture_remote(pcap_t *fp) + hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */ + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf, ++ PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error_nodiscard; + + if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, +@@ -1277,7 +1278,9 @@ static int pcap_startcapture_remote(pcap_t *fp) + snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(host, portstring, &hints, ++ fp->errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2220,16 +2223,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth, + if (port[0] == 0) + { + /* the user chose not to specify the port */ +- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, +- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- return -1; ++ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT, ++ &hints, errbuf, PCAP_ERRBUF_SIZE); + } + else + { +- if (sock_initaddress(host, port, &hints, &addrinfo, +- errbuf, PCAP_ERRBUF_SIZE) == -1) +- return -1; ++ addrinfo = sock_initaddress(host, port, &hints, ++ errbuf, PCAP_ERRBUF_SIZE); + } ++ if (addrinfo == NULL) ++ return -1; + + if ((*sockctrlp = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, + errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2825,19 +2828,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const cha + /* Do the work */ + if ((port == NULL) || (port[0] == 0)) + { +- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- { +- return (SOCKET)-2; +- } ++ addrinfo = sock_initaddress(address, ++ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf, ++ PCAP_ERRBUF_SIZE); + } + else + { +- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- { +- return (SOCKET)-2; +- } ++ addrinfo = sock_initaddress(address, port, &hints, errbuf, ++ PCAP_ERRBUF_SIZE); ++ } ++ if (addrinfo == NULL) ++ { ++ return (SOCKET)-2; + } +- + + if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) + { +@@ -2994,7 +2997,6 @@ int pcap_remoteact_close(const char *host, char *errbuf) + { + struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */ + struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ +- int retval; + + temp = activeHosts; + prev = NULL; +@@ -3005,9 +3007,9 @@ int pcap_remoteact_close(const char *host, char *errbuf) + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, ++ addrinfo = sock_initaddress(host, NULL, &hints, errbuf, + PCAP_ERRBUF_SIZE); +- if (retval != 0) ++ if (addrinfo == NULL) + { + return -1; + } +diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c +index 8f50899..925d381 100644 +--- a/rpcapd/daemon.c ++++ b/rpcapd/daemon.c +@@ -2065,7 +2065,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, + goto error; + } + +- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(peerhost, portdata, &hints, ++ errmsgbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2076,7 +2078,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, + hints.ai_flags = AI_PASSIVE; + + // Make the server socket pick up a free network port for us +- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf, ++ PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c +index b91a401..74c138b 100644 +--- a/rpcapd/rpcapd.c ++++ b/rpcapd/rpcapd.c +@@ -610,7 +610,9 @@ void main_startup(void) + // + // Get a list of sockets on which to listen. + // +- if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress((address[0]) ? address : NULL, ++ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + { + rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); + return; +@@ -1347,7 +1349,9 @@ main_active(void *ptr) + memset(errbuf, 0, sizeof(errbuf)); + + // Do the work +- if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(activepars->address, activepars->port, ++ &hints, errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + { + rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); + return 0; +diff --git a/sockutils.c b/sockutils.c +index 0b0bcee..4d02d96 100644 +--- a/sockutils.c ++++ b/sockutils.c +@@ -704,20 +704,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err, + * \param errbuflen: length of the buffer that will contains the error. The error message cannot be + * larger than 'errbuflen - 1' because the last char is reserved for the string terminator. + * +- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned +- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is +- * returned into the addrinfo parameter. ++ * \return a pointer to the first element in a list of addrinfo structures ++ * if everything is fine, NULL if some errors occurred. The error message ++ * is returned in the 'errbuf' variable. + * +- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when +- * it is no longer needed. ++ * \warning The list of addrinfo structures returned has to be deleted by ++ * the programmer by calling freeaddrinfo() when it is no longer needed. + * + * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same + * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest + * the programmer to look at that function in order to set the 'hints' variable appropriately. + */ +-int sock_initaddress(const char *host, const char *port, +- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen) ++struct addrinfo *sock_initaddress(const char *host, const char *port, ++ struct addrinfo *hints, char *errbuf, int errbuflen) + { ++ struct addrinfo *addrinfo; + int retval; + + /* +@@ -729,9 +730,13 @@ int sock_initaddress(const char *host, const char *port, + * as those messages won't talk about a problem with the port if + * no port was specified. + */ +- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo); ++ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo); + if (retval != 0) + { ++ /* ++ * That call failed. ++ * Determine whether the problem is that the host is bad. ++ */ + if (errbuf) + { + if (host != NULL && port != NULL) { +@@ -743,7 +748,7 @@ int sock_initaddress(const char *host, const char *port, + int try_retval; + + try_retval = getaddrinfo(host, NULL, hints, +- addrinfo); ++ &addrinfo); + if (try_retval == 0) { + /* + * Worked with just the host, +@@ -752,14 +757,16 @@ int sock_initaddress(const char *host, const char *port, + * + * Free up the addres info first. + */ +- freeaddrinfo(*addrinfo); ++ freeaddrinfo(addrinfo); + get_gai_errstring(errbuf, errbuflen, + "", retval, NULL, port); + } else { + /* + * Didn't work with just the host, + * so assume the problem is +- * with the host. ++ * with the host; we assume ++ * the original error indicates ++ * the underlying problem. + */ + get_gai_errstring(errbuf, errbuflen, + "", retval, host, NULL); +@@ -767,13 +774,14 @@ int sock_initaddress(const char *host, const char *port, + } else { + /* + * Either the host or port was null, so +- * there's nothing to determine. ++ * there's nothing to determine; report ++ * the error from the original call. + */ + get_gai_errstring(errbuf, errbuflen, "", + retval, host, port); + } + } +- return -1; ++ return NULL; + } + /* + * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case +@@ -788,30 +796,28 @@ int sock_initaddress(const char *host, const char *port, + * ignore all addresses that are neither? (What, no IPX + * support? :-)) + */ +- if (((*addrinfo)->ai_family != PF_INET) && +- ((*addrinfo)->ai_family != PF_INET6)) ++ if ((addrinfo->ai_family != PF_INET) && ++ (addrinfo->ai_family != PF_INET6)) + { + if (errbuf) + snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported"); +- freeaddrinfo(*addrinfo); +- *addrinfo = NULL; +- return -1; ++ freeaddrinfo(addrinfo); ++ return NULL; + } + + /* + * You can't do multicast (or broadcast) TCP. + */ +- if (((*addrinfo)->ai_socktype == SOCK_STREAM) && +- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0)) ++ if ((addrinfo->ai_socktype == SOCK_STREAM) && ++ (sock_ismcastaddr(addrinfo->ai_addr) == 0)) + { + if (errbuf) + snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams"); +- freeaddrinfo(*addrinfo); +- *addrinfo = NULL; +- return -1; ++ freeaddrinfo(addrinfo); ++ return NULL; + } + +- return 0; ++ return addrinfo; + } + + /* +@@ -1720,7 +1726,9 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, + + hints.ai_family = addr_family; + +- if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1) ++ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints, ++ errbuf, errbuflen); ++ if (addrinfo == NULL) + return 0; + + if (addrinfo->ai_family == PF_INET) +diff --git a/sockutils.h b/sockutils.h +index e748662..ede86a1 100644 +--- a/sockutils.h ++++ b/sockutils.h +@@ -129,9 +129,8 @@ int sock_init(char *errbuf, int errbuflen); + void sock_cleanup(void); + void sock_fmterror(const char *caller, int errcode, char *errbuf, int errbuflen); + void sock_geterror(const char *caller, char *errbuf, int errbufsize); +-int sock_initaddress(const char *address, const char *port, +- struct addrinfo *hints, struct addrinfo **addrinfo, +- char *errbuf, int errbuflen); ++struct addrinfo *sock_initaddress(const char *address, const char *port, ++ struct addrinfo *hints, char *errbuf, int errbuflen); + int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall, + char *errbuf, int errbuflen); + int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size, +-- +2.25.1 + diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch new file mode 100644 index 0000000000..987d6d51b3 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch @@ -0,0 +1,42 @@ +From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001 +From: Nicolas Badoux +Date: Mon, 19 Aug 2024 12:31:53 +0200 +Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does + not exist + +(backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29) + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6] +CVE: CVE-2024-8006 +Signed-off-by: Vijay Anusuri +--- + pcap-new.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pcap-new.c b/pcap-new.c +index 7c00659..ac88065 100644 +--- a/pcap-new.c ++++ b/pcap-new.c +@@ -231,13 +231,18 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t + #else + /* opening the folder */ + unixdir= opendir(path); ++ if (unixdir == NULL) { ++ snprintf(errbuf, PCAP_ERRBUF_SIZE, ++ "Error when listing files: does folder '%s' exist?", path); ++ return -1; ++ } + + /* get the first file into it */ + filedata= readdir(unixdir); + + if (filedata == NULL) + { +- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path); ++ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path); + return -1; + } + #endif +-- +2.25.1 + diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index dbe2fd8157..584e98c76d 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -10,7 +10,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ + file://CVE-2023-7256-pre1.patch \ + file://CVE-2023-7256-pre2.patch \ + file://CVE-2023-7256-pre3.patch \ + file://CVE-2023-7256-pre4.patch \ + file://CVE-2023-7256.patch \ + file://CVE-2024-8006.patch \ + " + SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" inherit autotools binconfig-disabled pkgconfig From patchwork Mon Sep 23 13:13:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49458 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2DD6CF9C69 for ; Mon, 23 Sep 2024 13:14:13 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.36264.1727097246302494591 for ; Mon, 23 Sep 2024 06:14:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=h5GKRnIH; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-71957eb256bso3798423b3a.3 for ; Mon, 23 Sep 2024 06:14:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097245; x=1727702045; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xIVk66brkN50XebiMYM5tvfmsSp/0GgJ7aYIiBs3GiA=; b=h5GKRnIHztZ2jbWrwXLOwPgO2KGri8L+y7ocRNf1whEAOI/JV15Qzhcj1NzZVnBxpi 8ttY2eX8lON7RLpoIyUOyt3uvRrzTsfVOQs8z4coaRLZk0UOLBIU9bnNR1qkJuQJErAs 3WBBnlwNjQdshNYDsVuA0xUaw7BXmslGDno21aoLoF/+GF3RaHs8vsS+oJTJGYqMSzgI C4oD2WWbCWPD8QHNm138oiSMZbkCVojLdCVciXQUf9h99uteKSENvzEc+xlZqSQtEKPN 3zAPj+GrMnbkcC+ia1m0oTSe9Pr3cTyYN3/Fp6LQqC5xEuSQo5XieynxdEpstPEHiRyN CdIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097245; x=1727702045; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xIVk66brkN50XebiMYM5tvfmsSp/0GgJ7aYIiBs3GiA=; b=A+mxXA3WQ+81aYC5MOutebzixze64RTQrveU8QJvLqrgVOvO+V0+1qR5puom0eN/eJ flDBa6mz0wP24QaRJvHjGXK1Q9SSpSMq6U9NB+wC709TBv/W/QAyIluUW49OxwZ7YCYY KqU7p/sbsur3TL3ZO4yAgsKzFiXplvI3/F2g+Ap0m5tydjFzZas+wwZc8Kho8jj1UPV6 jNS4laesrTf2IzAMbkGY45j0xGXAcEfJQOIUCjRe+sMhBHgzHPDBIzVZXmxVfXugthil EVTeBiBsZxxDwnpvwBCxUs6oRR/dxQxMXFmIl30McEvrAmgiRTX270boF41ucsFlxUto Vfvg== X-Gm-Message-State: AOJu0YxzysJjAPWdyDNzZSisyrzd2Vdeyzq7dHvm4zQmWQXXTT7MOxtv 7286EFznB7Ay/F3Lm4/MDAeHdYIWcDMSSdJXFJ9NYshDrAFU5XnWuI8D8HyT44IicaHPwV80JSD UwzI= X-Google-Smtp-Source: AGHT+IHrvrFfSqqY2v9kJiIngmtGl+Wl0oQOGjh9ibx98AxJhbScDUX1ScBve+daAqmNr35IkP87Gw== X-Received: by 2002:a05:6a21:1798:b0:1d2:eadb:bb2e with SMTP id adf61e73a8af0-1d30a987f4cmr16988670637.33.1727097245520; Mon, 23 Sep 2024 06:14:05 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:05 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/15] webkitgtk: Security fix CVE-2024-40779 Date: Mon, 23 Sep 2024 06:13:43 -0700 Message-Id: <2afeb07fc459014bf269c7b6ee1d62c19694977f.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204808 From: Vivek Kumbhar Upstream-Status: Backport from [https://github.com/WebKit/WebKit/commit/2fe5ae29a5f6434ef456afe9673a4f400ec63848] Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- .../webkit/webkitgtk/CVE-2024-40779.patch | 91 +++++++++++++++++++ meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 + 2 files changed, 92 insertions(+) create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch new file mode 100644 index 0000000000..6fac907256 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch @@ -0,0 +1,91 @@ +From 2fe5ae29a5f6434ef456afe9673a4f400ec63848 Mon Sep 17 00:00:00 2001 +From: Jean-Yves Avenard +Date: Fri, 14 Jun 2024 16:08:19 -0700 +Subject: [PATCH] Cherry-pick 272448.1085@safari-7618.3.10-branch + (ff52ff7cb64e). https://bugs.webkit.org/show_bug.cgi?id=275431 + +HeapBufferOverflow in computeSampleUsingLinearInterpolation +https://bugs.webkit.org/show_bug.cgi?id=275431 +rdar://125617812 + +Reviewed by Youenn Fablet. + +Add boundary check. +This is a copy of blink code for that same function. +https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/webaudio/audio_buffer_source_handler.cc;l=336-341 + +* LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash-expected.txt: Added. +* LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash.html: Added. +* Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp: +(WebCore::AudioBufferSourceNode::renderFromBuffer): + +Canonical link: https://commits.webkit.org/274313.347@webkitglib/2.44 + +Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/2fe5ae29a5f6434ef456afe9673a4f400ec63848] +CVE: CVE-2024-40779 +Signed-off-by: Vivek Kumbhar +--- + ...er-sourcenode-resampler-crash-expected.txt | 1 + + ...udiobuffer-sourcenode-resampler-crash.html | 25 +++++++++++++++++++ + .../webaudio/AudioBufferSourceNode.cpp | 6 +++++ + 3 files changed, 32 insertions(+) + create mode 100644 LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash-expected.txt + create mode 100644 LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash.html + +diff --git a/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash-expected.txt b/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash-expected.txt +new file mode 100644 +index 00000000..654ddf7f +--- /dev/null ++++ b/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash-expected.txt +@@ -0,0 +1 @@ ++This test passes if it does not crash. +diff --git a/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash.html b/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash.html +new file mode 100644 +index 00000000..5fb2dd8c +--- /dev/null ++++ b/LayoutTests/webaudio/crashtest/audiobuffer-sourcenode-resampler-crash.html +@@ -0,0 +1,25 @@ ++ ++ ++ ++ ++ ++

This test passes if it does not crash.

++ ++ ++ +diff --git a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp +index 35b8c818..689d37a1 100644 +--- a/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp ++++ b/Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp +@@ -342,6 +342,12 @@ bool AudioBufferSourceNode::renderFromBuffer(AudioBus* bus, unsigned destination + if (readIndex2 >= maxFrame) + readIndex2 = m_isLooping ? minFrame : readIndex; + ++ // Final sanity check on buffer access. ++ // FIXME: as an optimization, try to get rid of this inner-loop check and ++ // put assertions and guards before the loop. ++ if (readIndex >= bufferLength || readIndex2 >= bufferLength) ++ break; ++ + // Linear interpolation. + for (unsigned i = 0; i < numberOfChannels; ++i) { + float* destination = destinationChannels[i]; +-- +2.34.1 diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb index f4b8456749..a2d455ab92 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb @@ -24,6 +24,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \ file://CVE-2023-23529.patch \ file://CVE-2022-48503.patch \ file://CVE-2023-32439.patch \ + file://CVE-2024-40779.patch \ " SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" From patchwork Mon Sep 23 13:13:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49462 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9C3BCF9C72 for ; Mon, 23 Sep 2024 13:14:13 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.36266.1727097248039959626 for ; Mon, 23 Sep 2024 06:14:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=eZy+DOT9; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-719b17b2da1so1086145b3a.0 for ; Mon, 23 Sep 2024 06:14:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097247; x=1727702047; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=khzv1veR7rGRbdKzDCf5s6R1/MLD1NsePs3aXIBIvqI=; b=eZy+DOT9mA5afE5n7DoP+S2QMTeO1F/zqtcceihiyy3kx1tWq2gZ7YsAU8bThOFYVi HWEE61NYDgWAT74k65UNT78UccFupuhqx6jkwYXkRweCaHcOD4WEYo1QAg/EAr2FwUbQ 7eoE5tz+KW9y2KxlscYmMVc1sYS7kn8gpiE5jknn20iz58AD9GFsOoe6YJFb/5Hm6SwZ Wm9jF6q6x8sFBk2uGvjIqAG+7lgkZuw9YRCLr3fBfMPTS6wQhBgEvXXYO9+v2fPLcaYE JJD4AhpuFD4KlOB1z53nvNGdSUB25Pi3AyHNJB++ezGKIYrmGIm2tcveM6KsUcs5BH5Q Mvqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097247; x=1727702047; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=khzv1veR7rGRbdKzDCf5s6R1/MLD1NsePs3aXIBIvqI=; b=A7mgZi7QuQGJWfWNS1+j+l3HC+2Ik5QUVEp7Kxi5A6hhpZguQrSdDXDjsZ2JrAHSGs TrvL3bSKqP+yLMvOxY5DEnrrjZpvE2soSVp3Q/MziJ7NThDbYEyAFQaVgrefi8lWijfz ESREZyCsn0iQqBlx82+oz+jKiGvmODIClKo1WvA5AGN0NDK/ECQfamDGdQTzO3AGXVeK fKFnK4tQHqkuvgzsKLeU5rW0XGLmVz8DUnXJb8lctI8oqte92ZHuhm1jQgfaX0b37/iK I1pFU/SCJfB+sf+EBHw7hv1tBo3AWhHFKi0+yh542n5CHdQOBpGEldkPgFZMQVjgRiHw p9Mg== X-Gm-Message-State: AOJu0YzkAQQJrWVBT9yi/3+d0kBRHQNOhCgz2ZivN4yf0+bpDlnox5Nm UyjJEYv9y6Y/cIMprDqG3PHq/569j3n/K60mAK64HnTF8w7yuixwyKlx8BxQl9r9RF2xyNvWKUJ rM6I= X-Google-Smtp-Source: AGHT+IFhiaH78rosVEVm+06qdEaPbxqwi4f7cAtNVMegjg+Ywh8AgAcpccb2E//GA0/e0kijIvGeJA== X-Received: by 2002:a05:6a00:1823:b0:718:d5f4:6e95 with SMTP id d2e1a72fcca58-7199c97ce0dmr15867376b3a.3.1727097247075; Mon, 23 Sep 2024 06:14:07 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/15] cups: Security fix for CVE-2024-35235 Date: Mon, 23 Sep 2024 06:13:44 -0700 Message-Id: <7fadda8f9605f826744438cefc35658047bbdb01.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204809 From: Rohini Sangam CVE fixed: - CVE-2024-35235: cups: Cupsd Listen arbitrary chmod 0140777 Upstream-Status: Backport from https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2, https://github.com/OpenPrinting/cups/commit/e3952d3ecd231588bb382529281a294124db9348#diff-6fc0a5ba57f83c8177d28f44729276fe35fcaaceae8b774481e6973fcbdf733d Signed-off-by: Rohini Sangam Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2024-35235.patch | 121 ++++++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-35235.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 047ab33898..6d5cf3b588 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -19,6 +19,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://CVE-2023-34241.patch \ file://CVE-2023-32360.patch \ file://CVE-2023-4504.patch \ + file://CVE-2024-35235.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2024-35235.patch b/meta/recipes-extended/cups/cups/CVE-2024-35235.patch new file mode 100644 index 0000000000..d7a2d426af --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-35235.patch @@ -0,0 +1,121 @@ +From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Mon, 3 Jun 2024 18:53:58 +0200 +Subject: [PATCH] CVE-2024-35235: Fix domain socket handling + +- Check status of unlink and bind system calls. +- Don't allow extra domain sockets when running from launchd/systemd. +- Validate length of domain socket path (< sizeof(sun_path)) + +Upstream-Status: Backport from https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2, https://github.com/OpenPrinting/cups/commit/e3952d3ecd231588bb382529281a294124db9348#diff-6fc0a5ba57f83c8177d28f44729276fe35fcaaceae8b774481e6973fcbdf733d +CVE: CVE-2024-35235 + +Signed-off-by: Rohini Sangam +--- + cups/debug-internal.h | 4 +-- + cups/http-addr.c | 36 ++++++++++--------- + scheduler/conf.c | 20 +++++++++++ + 3 files changed, 41 insertions(+), 19 deletions(-) + +diff --git a/cups/debug-internal.h b/cups/debug-internal.h +index 2b57854..2e1a56a 100644 +--- a/cups/debug-internal.h ++++ b/cups/debug-internal.h +@@ -59,10 +59,10 @@ extern "C" { + + # ifdef DEBUG + # define DEBUG_puts(x) _cups_debug_puts(x) +-# define DEBUG_printf(x) _cups_debug_printf x ++# define DEBUG_printf(...) _cups_debug_printf(__VA_ARGS__) + # else + # define DEBUG_puts(x) +-# define DEBUG_printf(x) ++# define DEBUG_printf(...) + # endif /* DEBUG */ + + +diff --git a/cups/http-addr.c b/cups/http-addr.c +index 114a644..610e9db 100644 +--- a/cups/http-addr.c ++++ b/cups/http-addr.c +@@ -206,27 +206,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + * Remove any existing domain socket file... + */ + +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)); + +- /* +- * Bind the domain socket... +- */ ++ if (errno == ENOENT) ++ status = 0; ++ } + +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); + +- /* +- * Restore the umask and fix permissions... +- */ ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)); ++ } + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 535d40f..3a2eec2 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -3074,6 +3074,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + cupsd_listener_t *lis; /* New listeners array */ + + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } ++ + /* + * Get the address list... + */ +-- +2.35.7 + From patchwork Mon Sep 23 13:13:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49461 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9C81CF9C77 for ; Mon, 23 Sep 2024 13:14:13 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.36268.1727097249508826355 for ; Mon, 23 Sep 2024 06:14:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TtOYLHKW; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-718d704704aso3769441b3a.3 for ; Mon, 23 Sep 2024 06:14:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097249; x=1727702049; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7okafwD+4Reob3oeJ5DUXS/6Ngpjbkcs5SArx6m6VMU=; b=TtOYLHKWTsnMj823VVwQ86QC4kDk00NbyS6EdjmdaQdjidk1YYTbCtVZhcTF3YX6o8 a0CxtwNLPgi2O+VWlncMGnbbQgsx8XG5GYYNlptEXOFJV3gN9gM48kNQ7LewgMbH7lvs o9fmp+jgnv2PXuIY9ldVpizZuE96afGZy2Foij56q0ZaA9PrCihVw8V0TGD45rw0DKH9 gGOStUP7uer2l0oIWbLvA9hlmBgq42F+bgGHFYLQTX6Fw5U4F4q3mQ2B4bhzowbjHT1d imc7rLMTYi6rwC0DJA6VqyEPiHSRNUOCCLFG3045Og4XR2LaIwMef/N9kknRtCO/zFkl 8GiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097249; x=1727702049; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7okafwD+4Reob3oeJ5DUXS/6Ngpjbkcs5SArx6m6VMU=; b=R65NLoeY5c9biWtQV7ZJKjbXGC0umUhK0RgPgwn9TGIzdxeFr2p50QiBDSGbIVhilp +vrRDqOe5yF/J/jrdch3vT9QG31FK83g1Nm6SDQIjh4HIeFNwxmhSiEImvTPlBtn0Hb5 UHw+1fCy8qe1bxzcg38SLXUjdRrN/s6j0jqU4ECiN7vIgnuCiA0rBFZ9mqduO6w6Hkdr N0aPPeLcSjhAFiuBKJ18tkLmZ6DT94IiBrBCe6WTpjES12t/UdtOqXvYG8aT4lvx/bO6 Z029Lpa/DjUBYNe7H0NzbTF6ZnWlUeWsV0qxCCdiPElxXubDTTfO8MTB+cBLaLUp5QVZ iAVQ== X-Gm-Message-State: AOJu0YwrPt3HJUrogE5mfyI54jcIEb7PUt0GwkrK9ka4fin7pdPpZrRa HiyLMqrz2e7xvjkaq+DdQVSBPx58Kq+F50v0CUyUR3aNEmNKmedafn3FJEHXNAPwArroCUoeGnF 9hag= X-Google-Smtp-Source: AGHT+IHawOSf5vfgKJ8mJBMbnxI9E4W8BOgThrpALeUuD8CVdT4M32GoRc1fIfRhSg0hWgF0bm+lzg== X-Received: by 2002:a05:6a20:b40b:b0:1cf:5155:cb5c with SMTP id adf61e73a8af0-1d30a9be637mr18595480637.34.1727097248715; Mon, 23 Sep 2024 06:14:08 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/15] yocto-uninative: Update to 4.5 for gcc 14 Date: Mon, 23 Sep 2024 06:13:45 -0700 Message-Id: <082848466e5b78691a0bec983048bc1eee167b7b.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204810 From: Michael Halstead Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie (cherry picked from commit f5638681cef7e250ac64832dbe791418d97f05ba) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/yocto-uninative.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index 4ac66fd506..657c1032f9 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -7,9 +7,9 @@ # UNINATIVE_MAXGLIBCVERSION = "2.39" -UNINATIVE_VERSION = "4.4" +UNINATIVE_VERSION = "4.5" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" -UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" -UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302" +UNINATIVE_CHECKSUM[aarch64] ?= "df2e29e2e6feb187a3499abf3b1322a3b251da819c77a7b19d4fe952351365ab" +UNINATIVE_CHECKSUM[i686] ?= "8ef3eda53428b484c20157f6ec3c130b03080b3d4b3889067e0e184e05102d35" +UNINATIVE_CHECKSUM[x86_64] ?= "43ee6a25bcf5fce16ea87076d6a96e79ead6ced90690a058d07432f902773473" From patchwork Mon Sep 23 13:13:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49460 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E595DCF9C74 for ; Mon, 23 Sep 2024 13:14:13 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.36269.1727097250942611594 for ; Mon, 23 Sep 2024 06:14:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2QbP3mGw; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-719b17b2da1so1086224b3a.0 for ; Mon, 23 Sep 2024 06:14:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097250; x=1727702050; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KfU1ATu8YF/XeYDsAmlN1vIrMqYMHOtO44r1vZeZtaY=; b=2QbP3mGwZp4vrwM2lRWq/lvnf+9tAj9K5cACUydQ0MHfaZUU3+IrOh9t3rUErObqUh YUWgVL6/Ahs4xz+U9Kf9SONZLYio3feHNeHOE1ZYNN1KR8eA4MR+InWoQYHEOYj+am34 kC3WhdnsqinM4kzWa9Ue/VR69tcCYvd+R88Ic77giZ1M4WNrbDWPAFCiptZg8Ew/cS8P 3Njot+4zyTezYaC9HYvglkh9bpAmchnoLas65AvJAEW+DpkIoAP63RGMRmbstqFNixWD N2uBg2Ganp4/Dn4ZKWDa9gK70qajXKGBuKiTPxFd3IOkVEFfamYihsriEiX11rtCyk50 tvOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097250; x=1727702050; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KfU1ATu8YF/XeYDsAmlN1vIrMqYMHOtO44r1vZeZtaY=; b=P/FhQaVs96YW/WY/CIjGKjTyOZAJbfbDhBkj/+ix6AwhKvEhmxKZQhS1Ya8op+GOFc ETNgcgBPAYW5GvltF1vhYVDJkdcryPTQ6/EBgxakTGgC8PyiflHFGHoRx3bi1kZvFyD8 l9kalfcpDExButvFzjXdGhL5H9tSUyqeo3yoN5O8IFJBOzEVdEyGvfgh1T65TjyU4+rv AOwtbHM3AL61+iGb7AdDTuEzy8ACgVdwvbcgHKQV7E/CWGWpAXPUajrUeQ8hf8F2tchq vPCHXPNpjL/0CL4CNDZAHw+PN4uSwppHRiR1z1Bnk7JC5MdJ27C0gWnCJbNpAgeF9dd1 MPhg== X-Gm-Message-State: AOJu0YzBcOTIh+aUetqxsmAngq6hCO0SC/1P8sLZxkxTga2LOvW9/dQk d9cnTh/xqYAwSJCZ5R0nJ1/wJdirw/WSeNwFPzzfZr1d84pWa6s+2znaunX2NVyEyEIqXYMr+6R NOJ4= X-Google-Smtp-Source: AGHT+IFHwOKn3LDwJCR/f40T6IjZOcCRy5z4jBXn6zSX4ezSagRAxOS86+46Y1Ft7nCR2O0oJnAOjQ== X-Received: by 2002:a05:6a21:178a:b0:1cf:37bd:b548 with SMTP id adf61e73a8af0-1d30a9b1af3mr15582101637.37.1727097250133; Mon, 23 Sep 2024 06:14:10 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:09 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/15] yocto-uninative: Update to 4.6 for glibc 2.40 Date: Mon, 23 Sep 2024 06:13:46 -0700 Message-Id: <81b225f27ee22c2533e9698fe27163d7c7fe295f.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204811 From: Michael Halstead Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie (cherry picked from commit b29bfd333dffe635ab67475dcd8d22ad8b114c84) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/yocto-uninative.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index 657c1032f9..a6f7107dfe 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.39" -UNINATIVE_VERSION = "4.5" +UNINATIVE_MAXGLIBCVERSION = "2.40" +UNINATIVE_VERSION = "4.6" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "df2e29e2e6feb187a3499abf3b1322a3b251da819c77a7b19d4fe952351365ab" -UNINATIVE_CHECKSUM[i686] ?= "8ef3eda53428b484c20157f6ec3c130b03080b3d4b3889067e0e184e05102d35" -UNINATIVE_CHECKSUM[x86_64] ?= "43ee6a25bcf5fce16ea87076d6a96e79ead6ced90690a058d07432f902773473" +UNINATIVE_CHECKSUM[aarch64] ?= "c2d36338272eba101580f648dd8dff5352cdb4c1809db7dedf8fc4d7e7df716c" +UNINATIVE_CHECKSUM[i686] ?= "0041584678109c18deca48fb59eaf14cf725cf024a170ab537b354b63240c504" +UNINATIVE_CHECKSUM[x86_64] ?= "6bf00154c5a7bc48adbf63fd17684bb87eb07f4814fbb482a3fbd817c1ccf4c5" From patchwork Mon Sep 23 13:13:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49468 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF889CF9C73 for ; Mon, 23 Sep 2024 13:14:23 +0000 (UTC) Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com [209.85.160.45]) by mx.groups.io with SMTP id smtpd.web11.36181.1727097253816892876 for ; Mon, 23 Sep 2024 06:14:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uU+++s+6; spf=softfail (domain: sakoman.com, ip: 209.85.160.45, mailfrom: steve@sakoman.com) Received: by mail-oa1-f45.google.com with SMTP id 586e51a60fabf-27d045a73easo2325873fac.0 for ; Mon, 23 Sep 2024 06:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097253; x=1727702053; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ulhwF09YPhjiNXIyLprhpwk/bBSqC0jfC2+LrfhS0+0=; b=uU+++s+6dRyfQVdUqbejGLhgo++tvl3/88BoynvHYq63dbmyDXNd875gmhW+u+xELO eKeBf9xpBJBaf5HFM1Hgh+5BbitTStj1Z08H9jrdpqua7ddDtJ08e6OVWD2oJa8NRF8R 2hH/Skuj8cdp7fGMxHboQ/+lt+mIvDj+gNCNopSBDc/PdljIkyLZXLWYbjIEmhcK7ywQ 2SxdFB58YrMIAzy12iV/imkQy3dM8Tn/a4Iqyx/N2M3WyowEuyElVvlN7Fly1kj6CVzA Z6hpWzpQlGWhSGeoVpegROMWJdiibPjymE13+v0lqzgWEmcqHdoh3lU49WwXkMaef2hl G25A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097253; x=1727702053; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ulhwF09YPhjiNXIyLprhpwk/bBSqC0jfC2+LrfhS0+0=; b=P5BUtl6FiUXwGs7PW/swScU6v0fOFpY7e1fZn8CnVBI/Yk/mG5/h+oCiycRxl9uPtn 6g/CBgUVn21JwZB8e40mlRn+lDcRqKBiF20d+71zOclmmhB/A5+t2QfnbMQYy+aMDkhQ X3+QaswRFsdMLUTFqmq9c5pUapSEtbiQ8A1Id1+A2P+iUZbCBrlkoekBxA+vaK3RAEBj OxqRX7YSe+krl7nVXVEskUMlNxqG38z2OFXrrADtejeeeiqtWETk00BUczHC5KkkpM61 FQjOu9x1Uq7eTJsabHcNA++7cfCC0y5kCJe0Qey+iPtYECgc7i0kF9uruIXDRdwqOA+L vChg== X-Gm-Message-State: AOJu0Yxsg10l3tmqL2s0dtGQnriVY303IsAtwWZTkRN5Vn77iFIa43pu qM+p0HJeBhSpXzJs1PkNjb/yf0WBOs8FeJoAacnoOoXd6AGbvuLdNFYup8mf78WDbo4UFVkOUGX EYYQ= X-Google-Smtp-Source: AGHT+IFVd7k/zgX9WFi0m+3lE8hSKJevx6kDMDU9bZ5/CP0c0QMD4+9iSLp1miMo1sa4BH4bFbp34w== X-Received: by 2002:a05:6870:f112:b0:254:7f9f:3f21 with SMTP id 586e51a60fabf-2803cf8a094mr6656320fac.27.1727097251939; Mon, 23 Sep 2024 06:14:11 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/15] python3: Upgrade 3.10.14 -> 3.10.15 Date: Mon, 23 Sep 2024 06:13:47 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204812 From: Divya Chellam Includes security fixes for CVE-2024-4030, CVE-2024-7592, CVE-2024-4032, CVE-2024-8088 CVE-2024-6232, CVE-2024-6923, CVE-2023-27043 and other bug fixes. Removed below patches, as the fixes included in 3.10.15 upgrade: 1. CVE-2023-27043.patch 2. CVE-2024-6232.patch 3. CVE-2024-7592.patch 4. CVE-2024-8088.patch Release Notes: https://www.python.org/downloads/release/python-31015/ Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../python/python3/CVE-2023-27043.patch | 510 ------------------ .../python/python3/CVE-2024-6232.patch | 251 --------- .../python/python3/CVE-2024-7592.patch | 140 ----- .../python/python3/CVE-2024-8088.patch | 124 ----- ...{python3_3.10.14.bb => python3_3.10.15.bb} | 6 +- 5 files changed, 1 insertion(+), 1030 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3/CVE-2023-27043.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-6232.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch rename meta/recipes-devtools/python/{python3_3.10.14.bb => python3_3.10.15.bb} (98%) diff --git a/meta/recipes-devtools/python/python3/CVE-2023-27043.patch b/meta/recipes-devtools/python/python3/CVE-2023-27043.patch deleted file mode 100644 index d27afc41a9..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2023-27043.patch +++ /dev/null @@ -1,510 +0,0 @@ -From 2a9273a0e4466e2f057f9ce6fe98cd8ce570331b Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Fri, 6 Sep 2024 13:14:22 +0200 -Subject: [PATCH] [3.10] [CVE-2023-27043] gh-102988: Reject malformed addresses - in email.parseaddr() (GH-111116) (#123768) - -Detect email address parsing errors and return empty tuple to -indicate the parsing error (old API). Add an optional 'strict' -parameter to getaddresses() and parseaddr() functions. Patch by -Thomas Dwyer. - -(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) - -Co-authored-by: Victor Stinner -Co-Authored-By: Thomas Dwyer - -Upstream-Status: Backport [https://github.com/python/cpython/commit/2a9273a0e4466e2f057f9ce6fe98cd8ce570331b] -CVE: CVE-2023-27043 -Signed-off-by: Hitendra Prajapati ---- - Doc/library/email.utils.rst | 19 +- - Lib/email/utils.py | 151 ++++++++++++- - Lib/test/test_email/test_email.py | 204 +++++++++++++++++- - ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + - 4 files changed, 361 insertions(+), 21 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst - -diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst -index 0e266b6..65948fb 100644 ---- a/Doc/library/email.utils.rst -+++ b/Doc/library/email.utils.rst -@@ -60,13 +60,18 @@ of the new API. - begins with angle brackets, they are stripped off. - - --.. function:: parseaddr(address) -+.. function:: parseaddr(address, *, strict=True) - - Parse address -- which should be the value of some address-containing field such - as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and - *email address* parts. Returns a tuple of that information, unless the parse - fails, in which case a 2-tuple of ``('', '')`` is returned. - -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ .. versionchanged:: 3.10.15 -+ Add *strict* optional parameter and reject malformed inputs by default. -+ - - .. function:: formataddr(pair, charset='utf-8') - -@@ -84,12 +89,15 @@ of the new API. - Added the *charset* option. - - --.. function:: getaddresses(fieldvalues) -+.. function:: getaddresses(fieldvalues, *, strict=True) - - This method returns a list of 2-tuples of the form returned by ``parseaddr()``. - *fieldvalues* is a sequence of header field values as might be returned by -- :meth:`Message.get_all `. Here's a simple -- example that gets all the recipients of a message:: -+ :meth:`Message.get_all `. -+ -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ Here's a simple example that gets all the recipients of a message:: - - from email.utils import getaddresses - -@@ -99,6 +107,9 @@ of the new API. - resent_ccs = msg.get_all('resent-cc', []) - all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) - -+ .. versionchanged:: 3.10.15 -+ Add *strict* optional parameter and reject malformed inputs by default. -+ - - .. function:: parsedate(date) - -diff --git a/Lib/email/utils.py b/Lib/email/utils.py -index cfdfeb3..9522341 100644 ---- a/Lib/email/utils.py -+++ b/Lib/email/utils.py -@@ -48,6 +48,7 @@ TICK = "'" - specialsre = re.compile(r'[][\\()<>@,:;".]') - escapesre = re.compile(r'[\\"]') - -+ - def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" - # This check is based on the fact that unless there are surrogates, utf8 -@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): - return address - - -+def _iter_escaped_chars(addr): -+ pos = 0 -+ escape = False -+ for pos, ch in enumerate(addr): -+ if escape: -+ yield (pos, '\\' + ch) -+ escape = False -+ elif ch == '\\': -+ escape = True -+ else: -+ yield (pos, ch) -+ if escape: -+ yield (pos, '\\') -+ -+ -+def _strip_quoted_realnames(addr): -+ """Strip real names between quotes.""" -+ if '"' not in addr: -+ # Fast path -+ return addr -+ -+ start = 0 -+ open_pos = None -+ result = [] -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '"': -+ if open_pos is None: -+ open_pos = pos -+ else: -+ if start != open_pos: -+ result.append(addr[start:open_pos]) -+ start = pos + 1 -+ open_pos = None -+ -+ if start < len(addr): -+ result.append(addr[start:]) -+ -+ return ''.join(result) - --def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -- a = _AddressList(all) -- return a.addresslist -+ -+supports_strict_parsing = True -+ -+def getaddresses(fieldvalues, *, strict=True): -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If strict is true, use a strict parser which rejects malformed inputs. -+ """ -+ -+ # If strict is true, if the resulting list of parsed addresses is greater -+ # than the number of fieldvalues in the input list, a parsing error has -+ # occurred and consequently a list containing a single empty 2-tuple [('', -+ # '')] is returned in its place. This is done to avoid invalid output. -+ # -+ # Malformed input: getaddresses(['alice@example.com ']) -+ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] -+ # Safe output: [('', '')] -+ -+ if not strict: -+ all = COMMASPACE.join(str(v) for v in fieldvalues) -+ a = _AddressList(all) -+ return a.addresslist -+ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ addr = COMMASPACE.join(fieldvalues) -+ a = _AddressList(addr) -+ result = _post_parse_validation(a.addresslist) -+ -+ # Treat output as invalid if the number of addresses is not equal to the -+ # expected number of addresses. -+ n = 0 -+ for v in fieldvalues: -+ # When a comma is used in the Real Name part it is not a deliminator. -+ # So strip those out before counting the commas. -+ v = _strip_quoted_realnames(v) -+ # Expected number of addresses: 1 + number of commas -+ n += 1 + v.count(',') -+ if len(result) != n: -+ return [('', '')] -+ -+ return result -+ -+ -+def _check_parenthesis(addr): -+ # Ignore parenthesis in quoted real names. -+ addr = _strip_quoted_realnames(addr) -+ -+ opens = 0 -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '(': -+ opens += 1 -+ elif ch == ')': -+ opens -= 1 -+ if opens < 0: -+ return False -+ return (opens == 0) -+ -+ -+def _pre_parse_validation(email_header_fields): -+ accepted_values = [] -+ for v in email_header_fields: -+ if not _check_parenthesis(v): -+ v = "('', '')" -+ accepted_values.append(v) -+ -+ return accepted_values -+ -+ -+def _post_parse_validation(parsed_email_header_tuples): -+ accepted_values = [] -+ # The parser would have parsed a correctly formatted domain-literal -+ # The existence of an [ after parsing indicates a parsing failure -+ for v in parsed_email_header_tuples: -+ if '[' in v[1]: -+ v = ('', '') -+ accepted_values.append(v) -+ -+ return accepted_values - - - def _format_timetuple_and_zone(timetuple, zone): -@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): - tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) - - --def parseaddr(addr): -+def parseaddr(addr, *, strict=True): - """ - Parse addr into its constituent realname and email address parts. - - Return a tuple of realname and email address, unless the parse fails, in - which case return a 2-tuple of ('', ''). -+ -+ If strict is True, use a strict parser which rejects malformed inputs. - """ -- addrs = _AddressList(addr).addresslist -- if not addrs: -- return '', '' -+ if not strict: -+ addrs = _AddressList(addr).addresslist -+ if not addrs: -+ return ('', '') -+ return addrs[0] -+ -+ if isinstance(addr, list): -+ addr = addr[0] -+ -+ if not isinstance(addr, str): -+ return ('', '') -+ -+ addr = _pre_parse_validation([addr])[0] -+ addrs = _post_parse_validation(_AddressList(addr).addresslist) -+ -+ if not addrs or len(addrs) > 1: -+ return ('', '') -+ - return addrs[0] - - -diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py -index 8b16cca..5b19bb3 100644 ---- a/Lib/test/test_email/test_email.py -+++ b/Lib/test/test_email/test_email.py -@@ -16,6 +16,7 @@ from unittest.mock import patch - - import email - import email.policy -+import email.utils - - from email.charset import Charset - from email.generator import Generator, DecodedGenerator, BytesGenerator -@@ -3288,15 +3289,154 @@ Foo - [('Al Person', 'aperson@dom.ain'), - ('Bud Person', 'bperson@dom.ain')]) - -+ def test_getaddresses_comma_in_name(self): -+ """GH-106669 regression test.""" -+ self.assertEqual( -+ utils.getaddresses( -+ [ -+ '"Bud, Person" ', -+ 'aperson@dom.ain (Al Person)', -+ '"Mariusz Felisiak" ', -+ ] -+ ), -+ [ -+ ('Bud, Person', 'bperson@dom.ain'), -+ ('Al Person', 'aperson@dom.ain'), -+ ('Mariusz Felisiak', 'to@example.com'), -+ ], -+ ) -+ -+ def test_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" -+ alice = 'alice@example.org' -+ bob = 'bob@example.com' -+ empty = ('', '') -+ -+ # Test utils.getaddresses() and utils.parseaddr() on malformed email -+ # addresses: default behavior (strict=True) rejects malformed address, -+ # and strict=False which tolerates malformed address. -+ for invalid_separator, expected_non_strict in ( -+ ('(', [(f'<{bob}>', alice)]), -+ (')', [('', alice), empty, ('', bob)]), -+ ('<', [('', alice), empty, ('', bob), empty]), -+ ('>', [('', alice), empty, ('', bob)]), -+ ('[', [('', f'{alice}[<{bob}>]')]), -+ (']', [('', alice), empty, ('', bob)]), -+ ('@', [empty, empty, ('', bob)]), -+ (';', [('', alice), empty, ('', bob)]), -+ (':', [('', alice), ('', bob)]), -+ ('.', [('', alice + '.'), ('', bob)]), -+ ('"', [('', alice), ('', f'<{bob}>')]), -+ ): -+ address = f'{alice}{invalid_separator}<{bob}>' -+ with self.subTest(address=address): -+ self.assertEqual(utils.getaddresses([address]), -+ [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ expected_non_strict) -+ -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Comma (',') is treated differently depending on strict parameter. -+ # Comma without quotes. -+ address = f'{alice},<{bob}>' -+ self.assertEqual(utils.getaddresses([address]), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Real name between quotes containing comma. -+ address = '"Alice, alice@example.org" ' -+ expected_strict = ('Alice, alice@example.org', 'bob@example.com') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Valid parenthesis in comments. -+ address = 'alice@example.org (Alice)' -+ expected_strict = ('Alice', 'alice@example.org') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Invalid parenthesis in comments. -+ address = 'alice@example.org )Alice(' -+ self.assertEqual(utils.getaddresses([address]), [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Two addresses with quotes separated by comma. -+ address = '"Jane Doe" , "John Doe" ' -+ self.assertEqual(utils.getaddresses([address]), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Test email.utils.supports_strict_parsing attribute -+ self.assertEqual(email.utils.supports_strict_parsing, True) -+ - def test_getaddresses_nasty(self): -- eq = self.assertEqual -- eq(utils.getaddresses(['foo: ;']), [('', '')]) -- eq(utils.getaddresses( -- ['[]*-- =~$']), -- [('', ''), ('', ''), ('', '*--')]) -- eq(utils.getaddresses( -- ['foo: ;', '"Jason R. Mastaler" ']), -- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ for addresses, expected in ( -+ (['"Sürname, Firstname" '], -+ [('Sürname, Firstname', 'to@example.com')]), -+ -+ (['foo: ;'], -+ [('', '')]), -+ -+ (['foo: ;', '"Jason R. Mastaler" '], -+ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), -+ -+ ([r'Pete(A nice \) chap) '], -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), -+ -+ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], -+ [('', '')]), -+ -+ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), -+ -+ (['John Doe '], -+ [('John Doe (comment)', 'jdoe@machine.example')]), -+ -+ (['"Mary Smith: Personal Account" '], -+ [('Mary Smith: Personal Account', 'smith@home.example')]), -+ -+ (['Undisclosed recipients:;'], -+ [('', '')]), -+ -+ ([r', "Giant; \"Big\" Box" '], -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), -+ ): -+ with self.subTest(addresses=addresses): -+ self.assertEqual(utils.getaddresses(addresses), -+ expected) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ expected) -+ -+ addresses = ['[]*-- =~$'] -+ self.assertEqual(utils.getaddresses(addresses), -+ [('', '')]) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ [('', ''), ('', ''), ('', '*--')]) - - def test_getaddresses_embedded_comment(self): - """Test proper handling of a nested comment""" -@@ -3485,6 +3625,54 @@ multipart/report - m = cls(*constructor, policy=email.policy.default) - self.assertIs(m.policy, email.policy.default) - -+ def test_iter_escaped_chars(self): -+ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), -+ [(0, 'a'), -+ (2, '\\\\'), -+ (3, 'b'), -+ (5, '\\"'), -+ (6, 'c'), -+ (8, '\\\\'), -+ (9, '"'), -+ (10, 'd')]) -+ self.assertEqual(list(utils._iter_escaped_chars('a\\')), -+ [(0, 'a'), (1, '\\')]) -+ -+ def test_strip_quoted_realnames(self): -+ def check(addr, expected): -+ self.assertEqual(utils._strip_quoted_realnames(addr), expected) -+ -+ check('"Jane Doe" , "John Doe" ', -+ ' , ') -+ check(r'"Jane \"Doe\"." ', -+ ' ') -+ -+ # special cases -+ check(r'before"name"after', 'beforeafter') -+ check(r'before"name"', 'before') -+ check(r'b"name"', 'b') # single char -+ check(r'"name"after', 'after') -+ check(r'"name"a', 'a') # single char -+ check(r'"name"', '') -+ -+ # no change -+ for addr in ( -+ 'Jane Doe , John Doe ', -+ 'lone " quote', -+ ): -+ self.assertEqual(utils._strip_quoted_realnames(addr), addr) -+ -+ -+ def test_check_parenthesis(self): -+ addr = 'alice@example.net' -+ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) -+ -+ # Ignore real name between quotes -+ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) -+ - - # Test the iterator/generators - class TestIterators(TestEmailBase): -diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -new file mode 100644 -index 0000000..3d0e9e4 ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -@@ -0,0 +1,8 @@ -+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now -+return ``('', '')`` 2-tuples in more situations where invalid email -+addresses are encountered instead of potentially inaccurate values. Add -+optional *strict* parameter to these two functions: use ``strict=False`` to -+get the old behavior, accept malformed inputs. -+``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check -+if the *strict* paramater is available. Patch by Thomas Dwyer and Victor -+Stinner to improve the CVE-2023-27043 fix. --- -2.25.1 - diff --git a/meta/recipes-devtools/python/python3/CVE-2024-6232.patch b/meta/recipes-devtools/python/python3/CVE-2024-6232.patch deleted file mode 100644 index 874cbfe40c..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2024-6232.patch +++ /dev/null @@ -1,251 +0,0 @@ -From 3a22dc1079be5a75750d24dc6992956e7b84b5a0 Mon Sep 17 00:00:00 2001 -From: Seth Michael Larson -Date: Tue, 3 Sep 2024 10:07:53 -0500 -Subject: [PATCH 2/2] [3.10] gh-121285: Remove backtracking when parsing - tarfile headers (GH-121286) (#123640) - -* Remove backtracking when parsing tarfile headers -* Rewrite PAX header parsing to be stricter -* Optimize parsing of GNU extended sparse headers v0.0 - -(cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4) - -Upstream-Status: Backport from https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 -CVE: CVE-2024-6232 - -Co-authored-by: Kirill Podoprigora -Co-authored-by: Gregory P. Smith -Signed-off-by: Hugo SIMELIERE ---- - Lib/tarfile.py | 105 +++++++++++------- - Lib/test/test_tarfile.py | 42 +++++++ - ...-07-02-13-39-20.gh-issue-121285.hrl-yI.rst | 2 + - 3 files changed, 111 insertions(+), 38 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst - -diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index 495349f08f9..3ab6811d633 100755 ---- a/Lib/tarfile.py -+++ b/Lib/tarfile.py -@@ -841,6 +841,9 @@ def data_filter(member, dest_path): - # Sentinel for replace() defaults, meaning "don't change the attribute" - _KEEP = object() - -+# Header length is digits followed by a space. -+_header_length_prefix_re = re.compile(br"([0-9]{1,20}) ") -+ - class TarInfo(object): - """Informational class which holds the details about an - archive member given by a tar header block. -@@ -1410,41 +1413,59 @@ def _proc_pax(self, tarfile): - else: - pax_headers = tarfile.pax_headers.copy() - -- # Check if the pax header contains a hdrcharset field. This tells us -- # the encoding of the path, linkpath, uname and gname fields. Normally, -- # these fields are UTF-8 encoded but since POSIX.1-2008 tar -- # implementations are allowed to store them as raw binary strings if -- # the translation to UTF-8 fails. -- match = re.search(br"\d+ hdrcharset=([^\n]+)\n", buf) -- if match is not None: -- pax_headers["hdrcharset"] = match.group(1).decode("utf-8") -- -- # For the time being, we don't care about anything other than "BINARY". -- # The only other value that is currently allowed by the standard is -- # "ISO-IR 10646 2000 UTF-8" in other words UTF-8. -- hdrcharset = pax_headers.get("hdrcharset") -- if hdrcharset == "BINARY": -- encoding = tarfile.encoding -- else: -- encoding = "utf-8" -- - # Parse pax header information. A record looks like that: - # "%d %s=%s\n" % (length, keyword, value). length is the size - # of the complete record including the length field itself and -- # the newline. keyword and value are both UTF-8 encoded strings. -- regex = re.compile(br"(\d+) ([^=]+)=") -+ # the newline. - pos = 0 -- while True: -- match = regex.match(buf, pos) -- if not match: -- break -+ encoding = None -+ raw_headers = [] -+ while len(buf) > pos and buf[pos] != 0x00: -+ if not (match := _header_length_prefix_re.match(buf, pos)): -+ raise InvalidHeaderError("invalid header") -+ try: -+ length = int(match.group(1)) -+ except ValueError: -+ raise InvalidHeaderError("invalid header") -+ # Headers must be at least 5 bytes, shortest being '5 x=\n'. -+ # Value is allowed to be empty. -+ if length < 5: -+ raise InvalidHeaderError("invalid header") -+ if pos + length > len(buf): -+ raise InvalidHeaderError("invalid header") - -- length, keyword = match.groups() -- length = int(length) -- if length == 0: -+ header_value_end_offset = match.start(1) + length - 1 # Last byte of the header -+ keyword_and_value = buf[match.end(1) + 1:header_value_end_offset] -+ raw_keyword, equals, raw_value = keyword_and_value.partition(b"=") -+ -+ # Check the framing of the header. The last character must be '\n' (0x0A) -+ if not raw_keyword or equals != b"=" or buf[header_value_end_offset] != 0x0A: - raise InvalidHeaderError("invalid header") -- value = buf[match.end(2) + 1:match.start(1) + length - 1] -+ raw_headers.append((length, raw_keyword, raw_value)) -+ -+ # Check if the pax header contains a hdrcharset field. This tells us -+ # the encoding of the path, linkpath, uname and gname fields. Normally, -+ # these fields are UTF-8 encoded but since POSIX.1-2008 tar -+ # implementations are allowed to store them as raw binary strings if -+ # the translation to UTF-8 fails. For the time being, we don't care about -+ # anything other than "BINARY". The only other value that is currently -+ # allowed by the standard is "ISO-IR 10646 2000 UTF-8" in other words UTF-8. -+ # Note that we only follow the initial 'hdrcharset' setting to preserve -+ # the initial behavior of the 'tarfile' module. -+ if raw_keyword == b"hdrcharset" and encoding is None: -+ if raw_value == b"BINARY": -+ encoding = tarfile.encoding -+ else: # This branch ensures only the first 'hdrcharset' header is used. -+ encoding = "utf-8" -+ -+ pos += length - -+ # If no explicit hdrcharset is set, we use UTF-8 as a default. -+ if encoding is None: -+ encoding = "utf-8" -+ -+ # After parsing the raw headers we can decode them to text. -+ for length, raw_keyword, raw_value in raw_headers: - # Normally, we could just use "utf-8" as the encoding and "strict" - # as the error handler, but we better not take the risk. For - # example, GNU tar <= 1.23 is known to store filenames it cannot -@@ -1452,17 +1473,16 @@ def _proc_pax(self, tarfile): - # hdrcharset=BINARY header). - # We first try the strict standard encoding, and if that fails we - # fall back on the user's encoding and error handler. -- keyword = self._decode_pax_field(keyword, "utf-8", "utf-8", -+ keyword = self._decode_pax_field(raw_keyword, "utf-8", "utf-8", - tarfile.errors) - if keyword in PAX_NAME_FIELDS: -- value = self._decode_pax_field(value, encoding, tarfile.encoding, -+ value = self._decode_pax_field(raw_value, encoding, tarfile.encoding, - tarfile.errors) - else: -- value = self._decode_pax_field(value, "utf-8", "utf-8", -+ value = self._decode_pax_field(raw_value, "utf-8", "utf-8", - tarfile.errors) - - pax_headers[keyword] = value -- pos += length - - # Fetch the next header. - try: -@@ -1477,7 +1497,7 @@ def _proc_pax(self, tarfile): - - elif "GNU.sparse.size" in pax_headers: - # GNU extended sparse format version 0.0. -- self._proc_gnusparse_00(next, pax_headers, buf) -+ self._proc_gnusparse_00(next, raw_headers) - - elif pax_headers.get("GNU.sparse.major") == "1" and pax_headers.get("GNU.sparse.minor") == "0": - # GNU extended sparse format version 1.0. -@@ -1499,15 +1519,24 @@ def _proc_pax(self, tarfile): - - return next - -- def _proc_gnusparse_00(self, next, pax_headers, buf): -+ def _proc_gnusparse_00(self, next, raw_headers): - """Process a GNU tar extended sparse header, version 0.0. - """ - offsets = [] -- for match in re.finditer(br"\d+ GNU.sparse.offset=(\d+)\n", buf): -- offsets.append(int(match.group(1))) - numbytes = [] -- for match in re.finditer(br"\d+ GNU.sparse.numbytes=(\d+)\n", buf): -- numbytes.append(int(match.group(1))) -+ for _, keyword, value in raw_headers: -+ if keyword == b"GNU.sparse.offset": -+ try: -+ offsets.append(int(value.decode())) -+ except ValueError: -+ raise InvalidHeaderError("invalid header") -+ -+ elif keyword == b"GNU.sparse.numbytes": -+ try: -+ numbytes.append(int(value.decode())) -+ except ValueError: -+ raise InvalidHeaderError("invalid header") -+ - next.sparse = list(zip(offsets, numbytes)) - - def _proc_gnusparse_01(self, next, pax_headers): -diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py -index cfc13bccb20..007c3e94acb 100644 ---- a/Lib/test/test_tarfile.py -+++ b/Lib/test/test_tarfile.py -@@ -1139,6 +1139,48 @@ def test_pax_number_fields(self): - finally: - tar.close() - -+ def test_pax_header_bad_formats(self): -+ # The fields from the pax header have priority over the -+ # TarInfo. -+ pax_header_replacements = ( -+ b" foo=bar\n", -+ b"0 \n", -+ b"1 \n", -+ b"2 \n", -+ b"3 =\n", -+ b"4 =a\n", -+ b"1000000 foo=bar\n", -+ b"0 foo=bar\n", -+ b"-12 foo=bar\n", -+ b"000000000000000000000000036 foo=bar\n", -+ ) -+ pax_headers = {"foo": "bar"} -+ -+ for replacement in pax_header_replacements: -+ with self.subTest(header=replacement): -+ tar = tarfile.open(tmpname, "w", format=tarfile.PAX_FORMAT, -+ encoding="iso8859-1") -+ try: -+ t = tarfile.TarInfo() -+ t.name = "pax" # non-ASCII -+ t.uid = 1 -+ t.pax_headers = pax_headers -+ tar.addfile(t) -+ finally: -+ tar.close() -+ -+ with open(tmpname, "rb") as f: -+ data = f.read() -+ self.assertIn(b"11 foo=bar\n", data) -+ data = data.replace(b"11 foo=bar\n", replacement) -+ -+ with open(tmpname, "wb") as f: -+ f.truncate() -+ f.write(data) -+ -+ with self.assertRaisesRegex(tarfile.ReadError, r"method tar: ReadError\('invalid header'\)"): -+ tarfile.open(tmpname, encoding="iso8859-1") -+ - - class WriteTestBase(TarTest): - # Put all write tests in here that are supposed to be tested -diff --git a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst -new file mode 100644 -index 00000000000..81f918bfe2b ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst -@@ -0,0 +1,2 @@ -+Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and -+GNU sparse headers. --- -2.46.0 - diff --git a/meta/recipes-devtools/python/python3/CVE-2024-7592.patch b/meta/recipes-devtools/python/python3/CVE-2024-7592.patch deleted file mode 100644 index 7303a41e20..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2024-7592.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 3c15b8437f57fe1027171b34af88bf791cf1868c Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Wed, 4 Sep 2024 17:50:36 +0200 -Subject: [PATCH 1/2] [3.10] gh-123067: Fix quadratic complexity in parsing - "-quoted cookie values with backslashes (GH-123075) (#123106) - -This fixes CVE-2024-7592. -(cherry picked from commit 44e458357fca05ca0ae2658d62c8c595b048b5ef) - -Upstream-Status: Backport from https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a -CVE: CVE-2024-7592 - -Co-authored-by: Serhiy Storchaka -Signed-off-by: Hugo SIMELIERE ---- - Lib/http/cookies.py | 34 ++++------------- - Lib/test/test_http_cookies.py | 38 +++++++++++++++++++ - ...-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst | 1 + - 3 files changed, 47 insertions(+), 26 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst - -diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py -index 35ac2dc6ae2..2c1f021d0ab 100644 ---- a/Lib/http/cookies.py -+++ b/Lib/http/cookies.py -@@ -184,8 +184,13 @@ def _quote(str): - return '"' + str.translate(_Translator) + '"' - - --_OctalPatt = re.compile(r"\\[0-3][0-7][0-7]") --_QuotePatt = re.compile(r"[\\].") -+_unquote_sub = re.compile(r'\\(?:([0-3][0-7][0-7])|(.))').sub -+ -+def _unquote_replace(m): -+ if m[1]: -+ return chr(int(m[1], 8)) -+ else: -+ return m[2] - - def _unquote(str): - # If there aren't any doublequotes, -@@ -205,30 +210,7 @@ def _unquote(str): - # \012 --> \n - # \" --> " - # -- i = 0 -- n = len(str) -- res = [] -- while 0 <= i < n: -- o_match = _OctalPatt.search(str, i) -- q_match = _QuotePatt.search(str, i) -- if not o_match and not q_match: # Neither matched -- res.append(str[i:]) -- break -- # else: -- j = k = -1 -- if o_match: -- j = o_match.start(0) -- if q_match: -- k = q_match.start(0) -- if q_match and (not o_match or k < j): # QuotePatt matched -- res.append(str[i:k]) -- res.append(str[k+1]) -- i = k + 2 -- else: # OctalPatt matched -- res.append(str[i:j]) -- res.append(chr(int(str[j+1:j+4], 8))) -- i = j + 4 -- return _nulljoin(res) -+ return _unquote_sub(_unquote_replace, str) - - # The _getdate() routine is used to set the expiration time in the cookie's HTTP - # header. By default, _getdate() returns the current time in the appropriate -diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py -index 6072c7e15e9..644e75cd5b7 100644 ---- a/Lib/test/test_http_cookies.py -+++ b/Lib/test/test_http_cookies.py -@@ -5,6 +5,7 @@ - import unittest - from http import cookies - import pickle -+from test import support - - - class CookieTests(unittest.TestCase): -@@ -58,6 +59,43 @@ def test_basic(self): - for k, v in sorted(case['dict'].items()): - self.assertEqual(C[k].value, v) - -+ def test_unquote(self): -+ cases = [ -+ (r'a="b=\""', 'b="'), -+ (r'a="b=\\"', 'b=\\'), -+ (r'a="b=\="', 'b=='), -+ (r'a="b=\n"', 'b=n'), -+ (r'a="b=\042"', 'b="'), -+ (r'a="b=\134"', 'b=\\'), -+ (r'a="b=\377"', 'b=\xff'), -+ (r'a="b=\400"', 'b=400'), -+ (r'a="b=\42"', 'b=42'), -+ (r'a="b=\\042"', 'b=\\042'), -+ (r'a="b=\\134"', 'b=\\134'), -+ (r'a="b=\\\""', 'b=\\"'), -+ (r'a="b=\\\042"', 'b=\\"'), -+ (r'a="b=\134\""', 'b=\\"'), -+ (r'a="b=\134\042"', 'b=\\"'), -+ ] -+ for encoded, decoded in cases: -+ with self.subTest(encoded): -+ C = cookies.SimpleCookie() -+ C.load(encoded) -+ self.assertEqual(C['a'].value, decoded) -+ -+ @support.requires_resource('cpu') -+ def test_unquote_large(self): -+ n = 10**6 -+ for encoded in r'\\', r'\134': -+ with self.subTest(encoded): -+ data = 'a="b=' + encoded*n + ';"' -+ C = cookies.SimpleCookie() -+ C.load(data) -+ value = C['a'].value -+ self.assertEqual(value[:3], 'b=\\') -+ self.assertEqual(value[-2:], '\\;') -+ self.assertEqual(len(value), n + 3) -+ - def test_load(self): - C = cookies.SimpleCookie() - C.load('Customer="WILE_E_COYOTE"; Version=1; Path=/acme') -diff --git a/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst b/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst -new file mode 100644 -index 00000000000..6a234561fe3 ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst -@@ -0,0 +1 @@ -+Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`. --- -2.46.0 - diff --git a/meta/recipes-devtools/python/python3/CVE-2024-8088.patch b/meta/recipes-devtools/python/python3/CVE-2024-8088.patch deleted file mode 100644 index 10d28a9e65..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2024-8088.patch +++ /dev/null @@ -1,124 +0,0 @@ -From e0264a61119d551658d9445af38323ba94fc16db Mon Sep 17 00:00:00 2001 -From: "Jason R. Coombs" -Date: Thu, 22 Aug 2024 19:24:33 -0400 -Subject: [PATCH] CVE-2024-8088: Sanitize names in zipfile.Path. (GH-122906) - -Upstream-Status: Backport from https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db -CVE: CVE-2024-8088 - -Signed-off-by: Rohini Sangam ---- - Lib/test/test_zipfile.py | 17 ++++++ - Lib/zipfile.py | 61 ++++++++++++++++++- - 2 files changed, 77 insertions(+), 1 deletion(-) - -diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py -index 32c0170..a60dc11 100644 ---- a/Lib/test/test_zipfile.py -+++ b/Lib/test/test_zipfile.py -@@ -3280,6 +3280,23 @@ with zipfile.ZipFile(io.BytesIO(), "w") as zf: - zipfile.Path(zf) - zf.extractall(source_path.parent) - -+ def test_malformed_paths(self): -+ """ -+ Path should handle malformed paths. -+ """ -+ data = io.BytesIO() -+ zf = zipfile.ZipFile(data, "w") -+ zf.writestr("/one-slash.txt", b"content") -+ zf.writestr("//two-slash.txt", b"content") -+ zf.writestr("../parent.txt", b"content") -+ zf.filename = '' -+ root = zipfile.Path(zf) -+ assert list(map(str, root.iterdir())) == [ -+ 'one-slash.txt', -+ 'two-slash.txt', -+ 'parent.txt', -+ ] -+ - - class StripExtraTests(unittest.TestCase): - # Note: all of the "z" characters are technically invalid, but up -diff --git a/Lib/zipfile.py b/Lib/zipfile.py -index 7d18bc2..cbac8d9 100644 ---- a/Lib/zipfile.py -+++ b/Lib/zipfile.py -@@ -9,6 +9,7 @@ import io - import itertools - import os - import posixpath -+import re - import shutil - import stat - import struct -@@ -2182,7 +2183,65 @@ def _difference(minuend, subtrahend): - return itertools.filterfalse(set(subtrahend).__contains__, minuend) - - --class CompleteDirs(ZipFile): -+class SanitizedNames: -+ """ -+ ZipFile mix-in to ensure names are sanitized. -+ """ -+ -+ def namelist(self): -+ return list(map(self._sanitize, super().namelist())) -+ -+ @staticmethod -+ def _sanitize(name): -+ r""" -+ Ensure a relative path with posix separators and no dot names. -+ Modeled after -+ https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813 -+ but provides consistent cross-platform behavior. -+ >>> san = SanitizedNames._sanitize -+ >>> san('/foo/bar') -+ 'foo/bar' -+ >>> san('//foo.txt') -+ 'foo.txt' -+ >>> san('foo/.././bar.txt') -+ 'foo/bar.txt' -+ >>> san('foo../.bar.txt') -+ 'foo../.bar.txt' -+ >>> san('\\foo\\bar.txt') -+ 'foo/bar.txt' -+ >>> san('D:\\foo.txt') -+ 'D/foo.txt' -+ >>> san('\\\\server\\share\\file.txt') -+ 'server/share/file.txt' -+ >>> san('\\\\?\\GLOBALROOT\\Volume3') -+ '?/GLOBALROOT/Volume3' -+ >>> san('\\\\.\\PhysicalDrive1\\root') -+ 'PhysicalDrive1/root' -+ Retain any trailing slash. -+ >>> san('abc/') -+ 'abc/' -+ Raises a ValueError if the result is empty. -+ >>> san('../..') -+ Traceback (most recent call last): -+ ... -+ ValueError: Empty filename -+ """ -+ -+ def allowed(part): -+ return part and part not in {'..', '.'} -+ -+ # Remove the drive letter. -+ # Don't use ntpath.splitdrive, because that also strips UNC paths -+ bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE) -+ clean = bare.replace('\\', '/') -+ parts = clean.split('/') -+ joined = '/'.join(filter(allowed, parts)) -+ if not joined: -+ raise ValueError("Empty filename") -+ return joined + '/' * name.endswith('/') -+ -+ -+class CompleteDirs(SanitizedNames, ZipFile): - """ - A ZipFile subclass that ensures that implied directories - are always included in the namelist. --- -2.35.7 - diff --git a/meta/recipes-devtools/python/python3_3.10.14.bb b/meta/recipes-devtools/python/python3_3.10.15.bb similarity index 98% rename from meta/recipes-devtools/python/python3_3.10.14.bb rename to meta/recipes-devtools/python/python3_3.10.15.bb index 8f6a15701f..4157b8cb83 100644 --- a/meta/recipes-devtools/python/python3_3.10.14.bb +++ b/meta/recipes-devtools/python/python3_3.10.15.bb @@ -36,10 +36,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://deterministic_imports.patch \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ file://0001-test_storlines-skip-due-to-load-variability.patch \ - file://CVE-2024-8088.patch \ - file://CVE-2024-7592.patch \ - file://CVE-2024-6232.patch \ - file://CVE-2023-27043.patch \ " SRC_URI:append:class-native = " \ @@ -48,7 +44,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "9c50481faa8c2832329ba0fc8868d0a606a680fc4f60ec48d26ce8e076751fda" +SRC_URI[sha256sum] = "aab0950817735172601879872d937c1e4928a57c409ae02369ec3d91dccebe79" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Mon Sep 23 13:13:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49463 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF859CF9C72 for ; Mon, 23 Sep 2024 13:14:23 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.36270.1727097254672392798 for ; Mon, 23 Sep 2024 06:14:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DObmfqod; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-71923d87be4so3196287b3a.0 for ; Mon, 23 Sep 2024 06:14:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097254; x=1727702054; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sG4PzEnQF5zWWKWOGpz26B0dPjef/ZvUoq9o7FW4IoQ=; b=DObmfqod6nyiym82RZqeZYwkrf+DYmLHSyuy7Tk3NmUUaQoZo2jOmxnexOPktvedab JcVVwFF9bW32fLfnBkZYCHtTztcN2ZZlBlCfHz+ZvCdZzgSQq5Mwg3NYOOuDQyLNdNRw iTqjfR26aMGycWiztDmN4yhcw5bDp+XaKdG/wEuEqdalsrfUQjpJAXZeLa2KG7zTy8lL t5uGolMzjA5itb352yEGD3bjfG8pPIuJaxYoBxn87ukSZmHcltl0AWnpFzTCM/w6mi8o sRpOvK0FkcHbNtIiMGLAZSrNiNAlHY55xVs4Mn0G4NrotcyRTLqx+ges0TkDqPG8j4Wk rE8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097254; x=1727702054; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sG4PzEnQF5zWWKWOGpz26B0dPjef/ZvUoq9o7FW4IoQ=; b=Q8O//JOlhOQ1pK12mw/Bv8kqZv6ahLg5N6j4QmVDotejB79GCCLNnRWCbbRTHEZ4M+ XrKYPk0Zjzw0Sj3Ltsi3WmkbHDAFMLmKePXtBzv1+MSGjV346IRucEwytVngm8UEcG+u 7LJA5OEuGMQeJzpvABr6DLed3WVXHL98PM0/h/kMg+tWJn/NFFccoC4jTmyr1Q2/DHd7 pXeq1FohQsaACckAnbBAnCYcHgQTHa78IYhB5xC2nUvAQQ+XlFc71XCWljQhZLW8+0eO 05VzZddcJN8P//51tEjwXPN+mXApAwoUW79/0XNOLSoznl+h1LrV9U5P92MivgDnYIDZ OzKA== X-Gm-Message-State: AOJu0Yy400m4UBVSoJ3oB8ahDBeFex/t54OVSlMcPciMSJLjOqZt8sPb ++8PGTr5uatD6ZW26W2wNApp61KYUhQL3eN8xsOclD1MgdiBJA+QX58WSXV7mEfADPaMjKAhVzz mndE= X-Google-Smtp-Source: AGHT+IHEeYq/2QZJBNIlhOP5Df2JowdDGl9ZqmJqT3Z5/frZFW7OcUSE4O5WevYUR1G1/2amZksQjA== X-Received: by 2002:a05:6a00:124f:b0:717:869c:2c60 with SMTP id d2e1a72fcca58-7199ca3445dmr16537401b3a.26.1727097253789; Mon, 23 Sep 2024 06:14:13 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/15] busybox: Fix cut with "-s" flag Date: Mon, 23 Sep 2024 06:13:48 -0700 Message-Id: <5576ff6e7676a09649fdbf0042f5f64a1ec1023b.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204813 From: Colin McAllister This fixes and issue that allows blank lines to be incorrectly output when the "-s" flag is included. This issue propogates into the populate-volatile.sh script in initscripts. If a volatiles drop file contains blank lines, a blank line will be included in combined users, which will incorrectly result in a difference in the number of combined users versus defined users. If this happens, the volatiles file will not be executed. (From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473) Signed-off-by: Colin McAllister Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- ...1-cut-Fix-s-flag-to-omit-blank-lines.patch | 66 +++++++++++++++++++ meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + 2 files changed, 67 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch diff --git a/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch new file mode 100644 index 0000000000..a0a8607b23 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch @@ -0,0 +1,66 @@ +From 199606e960942c29fd8085be812edd3d3697825c Mon Sep 17 00:00:00 2001 +From: Colin McAllister +Date: Wed, 17 Jul 2024 07:58:52 -0500 +Subject: [PATCH 1/1] cut: Fix "-s" flag to omit blank lines + +Using cut with the delimiter flag ("-d") with the "-s" flag to only +output lines containing the delimiter will print blank lines. This is +deviant behavior from cut provided by GNU Coreutils. Blank lines should +be omitted if "-s" is used with "-d". + +This change introduces a somewhat naiive, yet efficient solution, where +line length is checked before looping though bytes. If line length is +zero and the "-s" flag is used, the code will jump to parsing the next +line to avoid printing a newline character. + +In addition, a test to cut.tests has been added to ensure that this +regression is fixed and will not happen again in the future. + +Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-July/090834.html] + +Signed-off-by: Colin McAllister +--- + coreutils/cut.c | 6 ++++++ + testsuite/cut.tests | 9 +++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/coreutils/cut.c b/coreutils/cut.c +index 55bdd9386..b7f986f26 100644 +--- a/coreutils/cut.c ++++ b/coreutils/cut.c +@@ -152,6 +152,12 @@ static void cut_file(FILE *file, const char *delim, const char *odelim, + unsigned uu = 0, start = 0, end = 0, out = 0; + int dcount = 0; + ++ /* Blank line? */ ++ if (!linelen) { ++ if (option_mask32 & CUT_OPT_SUPPRESS_FLGS) ++ goto next_line; ++ } ++ + /* Loop through bytes, finding next delimiter */ + for (;;) { + /* End of current range? */ +diff --git a/testsuite/cut.tests b/testsuite/cut.tests +index 2458c019c..0b401bc00 100755 +--- a/testsuite/cut.tests ++++ b/testsuite/cut.tests +@@ -65,6 +65,15 @@ testing "cut with -d -f( ) -s" "cut -d' ' -f3 -s input && echo yes" "yes\n" "$in + testing "cut with -d -f(a) -s" "cut -da -f3 -s input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" + testing "cut with -d -f(a) -s -n" "cut -da -f3 -s -n input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" + ++input="\ ++ ++foo bar baz ++ ++bing bong boop ++ ++" ++testing "cut with -d -s omits blank lines" "cut -d' ' -f2 -s input" "bar\nbong\n" "$input" "" ++ + # substitute for awk + optional FEATURE_CUT_REGEX + testing "cut -DF" "cut -DF 2,7,5" \ +-- +2.43.0 + diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb index dbcefbb274..6bffbbb5a8 100644 --- a/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/meta/recipes-core/busybox/busybox_1.35.0.bb @@ -57,6 +57,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://CVE-2023-42364_42365-1.patch \ file://CVE-2023-42364_42365-2.patch \ file://CVE-2023-42366.patch \ + file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \ " SRC_URI:append:libc-musl = " file://musl.cfg " From patchwork Mon Sep 23 13:13:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49464 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0540BCF9C69 for ; Mon, 23 Sep 2024 13:14:24 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.36271.1727097256462135861 for ; Mon, 23 Sep 2024 06:14:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=jLtxtxvK; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-71781f42f75so4125641b3a.1 for ; Mon, 23 Sep 2024 06:14:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097256; x=1727702056; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qDR6f8b9NVJ57/+zxVSD0+AlyXktCS2W4HrwApcUfMQ=; b=jLtxtxvK2SzApGQZIXYOLLgf8qSFdgnq3nyhPnX3mqgib7gCV0KZe2l5umDLXTlUfy 2XvrRueylpT/lyVT8+DExLsMBIE0xU8RVnM13ZhPgFzpOlNt4yri/l6GhpSQfyfw+orA 1EF2aRs11v0faMEMj0AZPukma5FbQ8mdBOndiE3/U3Zdku9SeA5nzAUWvI17s3+8u+MH zWje/k439QkaM9nye/cTip6OEXybD5BttieR43gKUJAD5mu8W/Ldx2VTHghPvmyXdSr4 zuREREqSUcRiJzWgFdNpAJ/xbbLCxpGRkGnkfuTxTYaNspXXk2IeZ6Z9EB4pH7xzGC14 bqrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097256; x=1727702056; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qDR6f8b9NVJ57/+zxVSD0+AlyXktCS2W4HrwApcUfMQ=; b=xO8oiM25vHfM0TpikpvTGzS4jZydk0zF7ibHUrpkwXj0SZzlc54Gz9SPUgZhrBrSFg rXAaGNYgBhNIDPKS4ZaOtIssxcJqgcLScJq0iwwP/NAJ1pzhdW0ftNupLOOj47r4br1U INqFkyadbDIW1ENgURN5QFwMqUbfu9ACj15ICx0rZp1pNm90veM6jMTiYN7NZicgPIQJ /8sXez8WMcfDdYCciFIvsRVMyjNhF/gzG7H0cm0ES3j4Kjb0zCzu5xO4EhGRnHN0I1v7 rW6hq2cRNRMj9N36qbIcpB9O+pbyW22JPM5dzKkq6TTJ6Ux7P0NSi2ZZeG5ZV8T9ea9b bFxQ== X-Gm-Message-State: AOJu0Yxrz2zRxAphC7z1le6XkjqHF8knvkCitaAi8535k9jutuT4t+fp 78Z5XKzqULHKxCN4cN+08nVp+20H9KccUpU4eGPDYBZqpDdv1UO4IlCcNiGpbEd6H+DbODPDJTA r+EI= X-Google-Smtp-Source: AGHT+IEjBRb9SMPIJU2tQn7EPJapABy2/RAFf8ayMYYtUkjS0TYYKZXBtMpyCHBSgcMxnfxI0PYArw== X-Received: by 2002:a05:6a20:d494:b0:1d3:420d:791f with SMTP id adf61e73a8af0-1d3420d7d26mr52157637.36.1727097255779; Mon, 23 Sep 2024 06:14:15 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/15] udev-extraconf: Add collect flag to mount Date: Mon, 23 Sep 2024 06:13:49 -0700 Message-Id: <5dbc923acdab11eada37a4f7bba19e6d133ac931.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204814 From: Colin McAllister Adds extra "--collect" flag to the mount command within automount_systemd. This is intended to fix an observed deadlock after rapidly inserting and removing external media. This is because if the mount command fails, the transient mount will enter a failed state. The next time the media is inserted, automount_systemd bails because the first consition finds that the file path for the failed transient mount still exists. This leaves the external media unmounted and cannot be mounted until the mount is fixed via systemctl or the device is rebooted. Adding "--collect" ensures that the transient mount is cleaned up after entering a failed state, which ensures that the media can still be mounted when it's re-inserted. (From OE-Core rev: f0cda74d73eb8c14cd6f695f514108f1e94984a6) Signed-off-by: Colin McAllister Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-core/udev/udev-extraconf/mount.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/udev/udev-extraconf/mount.sh b/meta/recipes-core/udev/udev-extraconf/mount.sh index b7e86dbc0e..a87619b181 100644 --- a/meta/recipes-core/udev/udev-extraconf/mount.sh +++ b/meta/recipes-core/udev/udev-extraconf/mount.sh @@ -83,7 +83,7 @@ automount_systemd() { ;; esac - if ! $MOUNT --no-block -t auto $DEVNAME "$MOUNT_BASE/$name" + if ! $MOUNT --collect --no-block -t auto $DEVNAME "$MOUNT_BASE/$name" then #logger "mount.sh/automount" "$MOUNT -t auto $DEVNAME \"$MOUNT_BASE/$name\" failed!" rm_dir "$MOUNT_BASE/$name" From patchwork Mon Sep 23 13:13:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49466 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08940CF9C74 for ; Mon, 23 Sep 2024 13:14:24 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.36183.1727097258301680647 for ; Mon, 23 Sep 2024 06:14:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DZLyIw8U; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-718e3c98b5aso3055417b3a.0 for ; Mon, 23 Sep 2024 06:14:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097257; x=1727702057; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Xb8yH61NZSlmOeqS+35drLBxNO8F9B/RRTRuqRMdRw0=; b=DZLyIw8UJBI/VoThce2fhkdI0RpzJGcj7MBxzoHcpAafsfkhxFQQYH6CiNkkVJ+Pjr EhgLEKrT1Sm4V0KHgsk4kzKxYJRNY69mmhd5aRiuEPhhMvqJVfUeBW8whxFmKgHyQnMY 6bFTUSGipHqz4lsjut1TWNVEq/oAHje3TG81v6MwG5eGf5t9kjWqdqOrKTcRyRW/7Gic rmhQyQb4BCVJLdWOKCj7aXpIEqFUnrdKEre3iVY2GHNYZmVv63JWMr7OJ8P/VDN7FwHA wai0A0Xrxkt7HXvw0L/5FRtHU3pkHjE7QVNlRxgaqEweqtwGYfaoyz3VeFZexEBVJrP3 XRJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097257; x=1727702057; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xb8yH61NZSlmOeqS+35drLBxNO8F9B/RRTRuqRMdRw0=; b=N+kjSv4tEW9uPUO31tBF1Ilv3O/nDeLDAhJC3lrbHjuV+KINLNDAjrY4RVdmW47Snz cQqR39dQOVXip3p9kPqhhEbThZ20/BMERqrr0L0PVjCa8Jyg2GZatSeEe/BDPhqPx7b3 CR18PD1jjcQysDT4ie7zvBLQLCqJal3XHYshRW/+qn36dU9LXAjm812NGj6hPXHxGupo t47q6jjQfKGQD8VgoBAxZq8BHhDBohcpUXhIYCdxRCNmlozavTCTNorE9eMtnWsGSKkA DBggJ3PaWp6vRrgT7cV6IVZD239bIUB/J04/E98nazCapwouG7NTien9WoFX8TSTSv7B dm/w== X-Gm-Message-State: AOJu0YzGEUx95fS/iz0Nl50GBfTd5bzaTi0VwGYXv3eqyYfe7rNq1GLa y1la5YswRhd/sDO/qKDCa9+h343R4/KtOwNwrQviJa785QnZyad6O9rgZgSSdZc7CsQyYIhcFyW th5g= X-Google-Smtp-Source: AGHT+IEE4QDmzFoLWU+usKyDd8ZEVj/46CuyBjjO4wnAO/sqZUi9bsABfWof7OO4tJdvvPpmriZ7wA== X-Received: by 2002:a05:6a00:3e11:b0:710:5825:5ba0 with SMTP id d2e1a72fcca58-7199cd62d21mr16528352b3a.3.1727097257482; Mon, 23 Sep 2024 06:14:17 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/15] buildhistory: Fix intermittent package file list creation Date: Mon, 23 Sep 2024 06:13:50 -0700 Message-Id: <6817b012763fc32cdcffe30163a304da3ed59ae1.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204815 From: Pedro Ferreira The directory that buildhistory_list_pkg_files writes to during do_package is created by do_packagedata so a clean buildhistory doesn't have files-in-package written during the first build since packagedata happens after do_package. Ensure the output package folder is created to avoid missing files-in-package.txt files. Also it ensures that in case of `find` fails we leave with a hard error instead of hiding the error on the for loop. Signed-off-by: Pedro Silva Ferreira Signed-off-by: Richard Purdie (cherry picked from commit 8de9b8c1e199896b9a7bc5ed64967c6bfbf84bea) Signed-off-by: Steve Sakoman --- meta/classes/buildhistory.bbclass | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 4345ffc693..b35508db27 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -597,15 +597,12 @@ buildhistory_list_files_no_owners() { buildhistory_list_pkg_files() { # Create individual files-in-package for each recipe's package - for pkgdir in $(find ${PKGDEST}/* -maxdepth 0 -type d); do + pkgdirlist=$(find ${PKGDEST}/* -maxdepth 0 -type d) + for pkgdir in $pkgdirlist; do pkgname=$(basename $pkgdir) outfolder="${BUILDHISTORY_DIR_PACKAGE}/$pkgname" outfile="$outfolder/files-in-package.txt" - # Make sure the output folder exists so we can create the file - if [ ! -d $outfolder ] ; then - bbdebug 2 "Folder $outfolder does not exist, file $outfile not created" - continue - fi + mkdir -p $outfolder buildhistory_list_files $pkgdir $outfile fakeroot done } From patchwork Mon Sep 23 13:13:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49465 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12B0FCF9C77 for ; Mon, 23 Sep 2024 13:14:24 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.36185.1727097259781820843 for ; Mon, 23 Sep 2024 06:14:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=X4wWpWlo; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-718d8d6af8fso3098687b3a.3 for ; Mon, 23 Sep 2024 06:14:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097259; x=1727702059; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iB+VVySbJEYXokuwXAbAYt7DSDzGCW6pG4L1U4073Cc=; b=X4wWpWloVZ4CDLAIdsBmeterEAF/YSHug9iYYxRC+JME81pOMv8THFMrMbipRp4Mww AEuaqnsJXg/cp66fEI5k5WwsqgHbWN3+Z4z3GUnS2naokr/gH7j+ApUyXpVg61nT3V88 ndFjFfx+cZObuUdKB99NlFyqj6CnOP+Of4FAkfJ/z0BVN9eknOSHqCEH5rQt8/7T9Yv0 Pk7jjmnErwGz8dQvmjz2lmen8KPmclVmQRKSlZMPPEsT/mC9T7LN+ftyiw7Z4eAZ3xMR oNj1pT4Cmtf5whlA7lKpvHFZkzuwaS65zbSnXZsVuKdt3OYv4dDAuKyKIB+HAZch/OIl hj6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097259; x=1727702059; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iB+VVySbJEYXokuwXAbAYt7DSDzGCW6pG4L1U4073Cc=; b=plG4CtJM+rfr76TSaV9zvC8gB7QHWaVIxR99u3oKkn0xFLExjH33N0ZC/ERHRpWQkC 1lUxjM4ix/xOitjU5jIFjCZ5eEFEWgyI5IHeIYqRN74pHZiSNOXYnQ6D2PsgstiUY8ji RwNU3jOAt7nL9xNrc5yjV0GFP30vjCjzbf7hhFk/lfpB/V3FwmEmMkVSam4QdMhvt/4v ckfWZF8En5+o4c6VD+A2CbAg6KvN2qv8whsGdyddBZWmELIHZDJRXtbcQjmcLFJwJDpL fNBOKMrZ1lk6VH8cTbBDteMJpBnWrmTYly05UkC1MeHFeN0MRTkiGg4izycys/ULb8j3 ++hg== X-Gm-Message-State: AOJu0Yzn76QlVYRU6Feg/7OUmFJQ1AIt5m4zoNwX+5WHPNRH9F5t/oqO 7N5xxWMKrYkFI8Tq+DKFeGPtnn5/FgqOQtrCTvQtH2OzyNd7wp0XwMp3eFaT6YF2WFx/55qMlq2 2YhY= X-Google-Smtp-Source: AGHT+IFJ3GtoLARuVqAZ3GrkFBS/gFERfMlpaWzWy+rttanF+HhZt0VrIOizM7vdtjDC5DZuSJQtTA== X-Received: by 2002:a05:6a00:14d0:b0:719:8f48:ff00 with SMTP id d2e1a72fcca58-7199c9c0aafmr15756381b3a.15.1727097259021; Mon, 23 Sep 2024 06:14:19 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/15] buildhistory: Restoring files from preserve list Date: Mon, 23 Sep 2024 06:13:51 -0700 Message-Id: <8160fd3c042283a47a2601e1797847c303e1e7e5.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204816 From: Pedro Ferreira This fix will ensure that, when we activate feature `BUILDHISTORY_RESET`, files marked to keep on feature `BUILDHISTORY_PRESERVE` will indeed exist is buildhistory final path since they are moved to buildhistory/old but not restored at any point. Signed-off-by: Pedro Ferreira Signed-off-by: Richard Purdie (cherry picked from commit 9f68a45aa238ae5fcdfaca71ba0e7015e9cb720e) Signed-off-by: Steve Sakoman --- meta/classes/buildhistory.bbclass | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index b35508db27..8adb44eba5 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -108,6 +108,7 @@ python buildhistory_emit_pkghistory() { import json import shlex import errno + import shutil pkghistdir = d.getVar('BUILDHISTORY_DIR_PACKAGE') oldpkghistdir = d.getVar('BUILDHISTORY_OLD_DIR_PACKAGE') @@ -221,6 +222,20 @@ python buildhistory_emit_pkghistory() { items.sort() return ' '.join(items) + def preservebuildhistoryfiles(pkg, preserve): + if os.path.exists(os.path.join(oldpkghistdir, pkg)): + listofobjs = os.listdir(os.path.join(oldpkghistdir, pkg)) + for obj in listofobjs: + if obj not in preserve: + continue + try: + bb.utils.mkdirhier(os.path.join(pkghistdir, pkg)) + shutil.copyfile(os.path.join(oldpkghistdir, pkg, obj), os.path.join(pkghistdir, pkg, obj)) + except IOError as e: + bb.note("Unable to copy file. %s" % e) + except EnvironmentError as e: + bb.note("Unable to copy file. %s" % e) + pn = d.getVar('PN') pe = d.getVar('PE') or "0" pv = d.getVar('PV') @@ -248,6 +263,14 @@ python buildhistory_emit_pkghistory() { if not os.path.exists(pkghistdir): bb.utils.mkdirhier(pkghistdir) else: + # We need to make sure that all files kept in + # buildhistory/old are restored successfully + # otherwise next block of code wont have files to + # check and purge + if d.getVar("BUILDHISTORY_RESET"): + for pkg in packagelist: + preservebuildhistoryfiles(pkg, preserve) + # Remove files for packages that no longer exist for item in os.listdir(pkghistdir): if item not in preserve: From patchwork Mon Sep 23 13:13:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49467 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1685ACF9C7A for ; Mon, 23 Sep 2024 13:14:24 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web11.36186.1727097261652709643 for ; Mon, 23 Sep 2024 06:14:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=GUVB8DPK; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-71798661a52so3178011b3a.0 for ; Mon, 23 Sep 2024 06:14:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097261; x=1727702061; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=j4s6TJGXaq5aHV7P0kBjnaXyXHOgWtWdlOyV/EjQ0SE=; b=GUVB8DPKjp65K4/hZro94XY10o1E/YDw0PumnSwhVnUuujdztQWogI8+Nw2rW+9m0K V2tkXHiTEvXLppqlEJ+sE0xLyLLw5uZNisdWPmbZX8VD2xNOL7V5VNuu5S773Rk33XHf QsllHr1yoRmab6G/uwlmbfj3uR70eJzoSSVG7U+zr7roX4HeYHVaV74wqgN8/2ym1jSX 5eXE0otGyjWzyhGzjwxDuC7+fVv+h5JEYgrplS622xZgKMYf6h7ZUXY13px9AV/u/NtN F9oPfnsJ3WOVy4vFsiJVeV+s8c1yyXNJq+nd1+mxE9kTBMPm3Lh8tMqbBDNaO8PvA3qH zQNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097261; x=1727702061; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j4s6TJGXaq5aHV7P0kBjnaXyXHOgWtWdlOyV/EjQ0SE=; b=ozqk+c7HkmkPGoGgyax8OSVybm4kN0bePfnkVbFd2P9MobTeGpVQgA6/dMpZRkiLxw rPgEBFi7QcjcaG+pAg3TZpmC+hRIJQdc5dYOoP/ERmkLR4Dp++fkQjgL4QB3Xg+j6mMF 3zIGCvMnK/NFZqqucCuhv9KvBdnzs5Tca2E4Rdnij/+lfFRxSvBTZ3LSA+mLAxjeiAiW S5XOCDQzowKudqCDQldvl1ChGsxaova56p/xmr0CB+k7cmopMfWsdx9YIrlOjtQ87+oo jInTKrQAoi0aQSNm5v0r/KFvcPJ2HVDE8kxoovBIELtVj5kOVmu+lN76cTaDMVSg+kny P6PQ== X-Gm-Message-State: AOJu0YyXluiOyqp49Hnyl+LjgOAQAEaC6WQcOi65/kO68wbj0Mc+UnG2 3IPvw+AayBOLcM2XJM99yNA8/K4w469CKKSjxN80ailXwAXE2aphZuZ7huktAwJVD7cSNIahdJl W8UM= X-Google-Smtp-Source: AGHT+IEyAZuGCstfJq6fvRreY+15dqtz05VDqK+d0FjhomoLm8QGbKLQlT1lf3UjWftHPV1573PDzQ== X-Received: by 2002:a05:6a00:9292:b0:707:fa61:1c6a with SMTP id d2e1a72fcca58-7199b12a28amr18142947b3a.10.1727097260814; Mon, 23 Sep 2024 06:14:20 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:20 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/15] buildhistory: Simplify intercept call sites and drop SSTATEPOSTINSTFUNC usage Date: Mon, 23 Sep 2024 06:13:52 -0700 Message-Id: <78ca086441b21dedd9c471a3d3200c24fd9ec8d2.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204817 From: Richard Purdie We planned to drop SSTATEPOSTINSTFUNC some time ago with the introduction of postfuncs. Finally get around to doing that which should make the buildhistory code a little more readable. Unfortunately ordering the buildhistory function calls after the sstate ones is difficult without coding that into the sstate class. This patch does that to ensure everything functions as expected until we can find a better way. This is still likely preferable than the generic sstate postfuncs support since the function flow is much more readable. Signed-off-by: Richard Purdie (cherry picked from commit c9e2a8fa2f0305ef1247ec405555612326f798f8) Signed-off-by: Steve Sakoman --- meta/classes/buildhistory.bbclass | 39 +++++++++++++++---------------- meta/classes/sstate.bbclass | 5 +++- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 8adb44eba5..83993f5752 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -45,11 +45,18 @@ BUILDHISTORY_PUSH_REPO ?= "" BUILDHISTORY_TAG ?= "build" BUILDHISTORY_PATH_PREFIX_STRIP ?= "" -SSTATEPOSTINSTFUNCS:append = " buildhistory_emit_pkghistory" -# We want to avoid influencing the signatures of sstate tasks - first the function itself: -sstate_install[vardepsexclude] += "buildhistory_emit_pkghistory" -# then the value added to SSTATEPOSTINSTFUNCS: -SSTATEPOSTINSTFUNCS[vardepvalueexclude] .= "| buildhistory_emit_pkghistory" +# We want to avoid influencing the signatures of the task so use vardepsexclude +do_populate_sysroot[postfuncs] += "buildhistory_emit_sysroot" +do_populate_sysroot_setscene[postfuncs] += "buildhistory_emit_sysroot" +do_populate_sysroot[vardepsexclude] += "buildhistory_emit_sysroot" + +do_package[postfuncs] += "buildhistory_list_pkg_files" +do_package_setscene[postfuncs] += "buildhistory_list_pkg_files" +do_package[vardepsexclude] += "buildhistory_list_pkg_files" + +do_packagedata[postfuncs] += "buildhistory_emit_pkghistory" +do_packagedata_setscene[postfuncs] += "buildhistory_emit_pkghistory" +do_packagedata[vardepsexclude] += "buildhistory_emit_pkghistory" # Similarly for our function that gets the output signatures SSTATEPOSTUNPACKFUNCS:append = " buildhistory_emit_outputsigs" @@ -89,27 +96,15 @@ buildhistory_emit_sysroot() { # Write out metadata about this package for comparison when writing future packages # python buildhistory_emit_pkghistory() { - if d.getVar('BB_CURRENTTASK') in ['populate_sysroot', 'populate_sysroot_setscene']: - bb.build.exec_func("buildhistory_emit_sysroot", d) - return 0 - - if not "package" in (d.getVar('BUILDHISTORY_FEATURES') or "").split(): - return 0 - - if d.getVar('BB_CURRENTTASK') in ['package', 'package_setscene']: - # Create files-in-.txt files containing a list of files of each recipe's package - bb.build.exec_func("buildhistory_list_pkg_files", d) - return 0 - - if not d.getVar('BB_CURRENTTASK') in ['packagedata', 'packagedata_setscene']: - return 0 - import re import json import shlex import errno import shutil + if not "package" in (d.getVar('BUILDHISTORY_FEATURES') or "").split(): + return 0 + pkghistdir = d.getVar('BUILDHISTORY_DIR_PACKAGE') oldpkghistdir = d.getVar('BUILDHISTORY_OLD_DIR_PACKAGE') @@ -619,6 +614,10 @@ buildhistory_list_files_no_owners() { } buildhistory_list_pkg_files() { + if [ "${@bb.utils.contains('BUILDHISTORY_FEATURES', 'package', '1', '0', d)}" = "0" ] ; then + return + fi + # Create individual files-in-package for each recipe's package pkgdirlist=$(find ${PKGDEST}/* -maxdepth 0 -type d) for pkgdir in $pkgdirlist; do diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index dd6cf12920..91d42665c1 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -156,7 +156,10 @@ python () { d.setVar('SSTATETASKS', " ".join(unique_tasks)) for task in unique_tasks: d.prependVarFlag(task, 'prefuncs', "sstate_task_prefunc ") - d.appendVarFlag(task, 'postfuncs', " sstate_task_postfunc") + # Generally sstate should be last, execpt for buildhistory functions + postfuncs = (d.getVarFlag(task, 'postfuncs') or "").split() + newpostfuncs = [p for p in postfuncs if "buildhistory" not in p] + ["sstate_task_postfunc"] + [p for p in postfuncs if "buildhistory" in p] + d.setVarFlag(task, 'postfuncs', " ".join(newpostfuncs)) d.setVarFlag(task, 'network', '1') d.setVarFlag(task + "_setscene", 'network', '1') } From patchwork Mon Sep 23 13:13:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49469 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22A85CF9C79 for ; Mon, 23 Sep 2024 13:14:24 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.36187.1727097263096424236 for ; Mon, 23 Sep 2024 06:14:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nnIn1BRH; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7198a7a1c01so3877914b3a.1 for ; Mon, 23 Sep 2024 06:14:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097262; x=1727702062; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=o1l+gcRysDaYLO6ri5mZ3AX7FCx7Gfj83tSWVqFriqc=; b=nnIn1BRHlBPsx3to+7SzT3HjbsFOnVu7uu8vMg0hZXlRkjXcyNDNLq/bagdjPCIIml H28gjLKSBRO3mARLnux7dMmix66u6v+m0p1CXBtOEV5gFXg9EwKIttSjTu6RpZUnLOgB rgpcnjAJcyefNcbqXFLKm73U5fcX6k/pCcrgMdVjhRLjR1YQm9wPz6yGRVC+xYIJrPly 7kzvP1bMFgYOpySPMOhmEcOyHF5gU3Xu1lRRy/LWgS0wGYkb7hcdOufWribCqt1SgeZV vuDWN4sFe6b7nT2zeE4tbJlCTlprtaz1BXydGr3kS6IKQ1i6flBBc5ezwbjr51H/Ap3v t8wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097262; x=1727702062; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=o1l+gcRysDaYLO6ri5mZ3AX7FCx7Gfj83tSWVqFriqc=; b=Rgo8cNX5jcCpgWfMMX822VTJo0daK9OYziuTRI84t3WhuM13hwRHBpY93f0YmlVRmR U92AWHO5m0KAXiQAgwL66cRbWkMcqQaCmz+LRzHSHMmoOS0XdeqObpbjjPQVRRS2gceL /5EcES6JfBt3F8Aqz2x9/a/aPDIY9KpJHREqcJ5DnMqy46tceiBbXfU35wiV7ePjPsJg 22w9JVkjqPpdx7D2tPuXzDoFEG+d1DB5rNYi6b744RDONfvs0g4fKUMN6JKcQwQPyKyq LQOhUgqPY9EgKnzXeODI3lj0Eilqwln+gRlHeyzQ9puqP9tDeciYWdw2Hf16kzXO0TeV Om8A== X-Gm-Message-State: AOJu0Yz7ZivoeYrNW2FXGgF9JYjKk2Z1wPD6ppw0dS/jpA+/+09AMoEv QSPatIAkM89dkgHuhcaw+lmNo467rhxfA8tylempVPdQqN6EjQRGYuIKzVA0lcXBo3affbcouAn 4yfE= X-Google-Smtp-Source: AGHT+IFXHTraDGgsAqjgNa4ZBT7etkwYtBjA1Ii8zGHoRt5r8pHLGs2Qbv9kos8KRaM6+5Wb6ll3qA== X-Received: by 2002:a05:6a00:a90:b0:718:dd80:c2bc with SMTP id d2e1a72fcca58-7199c9df5c5mr18393309b3a.19.1727097262226; Mon, 23 Sep 2024 06:14:22 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/15] runqemu: keep generating tap devices Date: Mon, 23 Sep 2024 06:13:53 -0700 Message-Id: <5215635442949a62f502e839ddf1f12e790e5e37.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204818 From: Konrad Weihmann in case there is no tap device the script tries to generate a new one. The new device is then unguarded for a moment, so the newly generated device could be acquired by a different instance or user, before it is locked to the instance with acquire_taplock. To fix that keep generating new tap devices in case the lock can't be acquired up to 5 times. If no tap device can be locked it fails in the existing error handling (From OE-Core rev: 23876576d054ebbab9b02c0012782aa56feda123) Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- scripts/runqemu | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/scripts/runqemu b/scripts/runqemu index ba7c1b2461..8a417a7c24 100755 --- a/scripts/runqemu +++ b/scripts/runqemu @@ -1150,16 +1150,20 @@ to your build configuration. uid = os.getuid() logger.info("Setting up tap interface under sudo") cmd = ('sudo', self.qemuifup, str(uid), str(gid), self.bindir_native) - try: - tap = subprocess.check_output(cmd).decode('utf-8').strip() - except subprocess.CalledProcessError as e: - logger.error('Setting up tap device failed:\n%s\nRun runqemu-gen-tapdevs to manually create one.' % str(e)) - sys.exit(1) - lockfile = os.path.join(lockdir, tap) - self.taplock = lockfile + '.lock' - self.acquire_taplock() - self.cleantap = True - logger.debug('Created tap: %s' % tap) + for _ in range(5): + try: + tap = subprocess.check_output(cmd).decode('utf-8').strip() + except subprocess.CalledProcessError as e: + logger.error('Setting up tap device failed:\n%s\nRun runqemu-gen-tapdevs to manually create one.' % str(e)) + sys.exit(1) + lockfile = os.path.join(lockdir, tap) + self.taplock = lockfile + '.lock' + if self.acquire_taplock(): + self.cleantap = True + logger.debug('Created tap: %s' % tap) + break + else: + tap = None if not tap: logger.error("Failed to setup tap device. Run runqemu-gen-tapdevs to manually create.") From patchwork Mon Sep 23 13:13:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49470 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17033CF9C72 for ; Mon, 23 Sep 2024 13:14:34 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.36190.1727097264754613641 for ; Mon, 23 Sep 2024 06:14:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=F0rHq1Zh; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-71971d20a95so2930455b3a.3 for ; Mon, 23 Sep 2024 06:14:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097264; x=1727702064; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kiifeqi2iA5evzFTZ4RpLuvd10JpWaqwikORa1nXA7Y=; b=F0rHq1ZhltV0XDeOoKSUR7RJ01wPa8jfpXN4ev9iE3Pjk7i//QwUzupj2nJZ0REQbH L0IJumsP7X2z7aTpv3n/oQ5Sri+rH3LQSiIAMVvhWnYuEMS6jHexOQq6Ee8+py2n492H c2j8fPjqt6hdq2WRwNzs1rLXfApJrop3KupJZaNpSa/fgtusAde1SPHM7OLv9v5qCszm Ph0fdkC6VHhxdh1ghRwsUFQbP3iOOlVL8cXlq+rmrIlXrpMDdRPF1PXLpa/rLEWa9/0a LGi5uCyGuRsWsgMdQIxfwFjg0JF/WZY3gMpkoX4GkvWsa5gJYhEe3tmsH2u1tRr70wvs inGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097264; x=1727702064; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kiifeqi2iA5evzFTZ4RpLuvd10JpWaqwikORa1nXA7Y=; b=RGnUB/Guq1te/3MIGYjwa7sydmj9YEXXH+m1GOcNftvzdWSO9UvVOHg0srRveZWmMR miGCoC5LzhOKs/92bdpYhAYMAdkW7dgW9WWanFfyRmrSoxhOKxaZ7hogBsAD5CBu7JiG xlnHvSv4USqQWdmlj/2ENKzPOxt5IQ9a6Ud7YLREhnaqimq/a6yBtQOZwKn6yEQLpSnZ ZPbgZaVO8PCXhoihMN/O0qXbGUclNhYW+JTwsUsnLeMqDU421EhvXgys+b8mKOYPBuXH 02kQ86GAIVtKF9d9f7+g4FBBzhTJ9wBegaj+GObcqYxJ/Kry6qDEG0ugBtyzJt8uRuR4 8bvQ== X-Gm-Message-State: AOJu0YxV8B4xwXsbIG6hf4dDfbHPOu/5KO7JHif4r8s2x30ytwjtmPzi d2agBBGY5EbXzBvYTF8558biasfSjGxPa55n8HeQXEaMaCxiRTVZm1ivH3sOlnmBsFnXd9Ua8kV 8Zag= X-Google-Smtp-Source: AGHT+IEr+evnZJdkIRSqn/RVfeT1lEYLXluP4RMxEHU4KQ1f2stATUb1E2RBzmu9pJHFN+vXpIhvZA== X-Received: by 2002:a05:6a00:1388:b0:714:1bd8:35f7 with SMTP id d2e1a72fcca58-7199c973753mr15103376b3a.15.1727097263820; Mon, 23 Sep 2024 06:14:23 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/15] testimage: fallback for empty IMAGE_LINK_NAME Date: Mon, 23 Sep 2024 06:13:54 -0700 Message-Id: <5b4c7a39f7a99d5c98eab3aaf693f4d3000c7ac1.1726971209.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204819 From: Konrad Weihmann if IMAGE_LINK_NAME is set empty to disable the symlinking for image artifacts in deploy, testimage fails, as the path assembly is incorrect. In that case fallback to IMAGE_NAME (From OE-Core rev: c7a4e7e294992acc589c62adcaf6cd32659f2f9b) Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/classes/testimage.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 0241f29dfb..a91cdb9a1f 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -98,7 +98,7 @@ TESTIMAGELOCK:qemuall = "" TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" -TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR" +TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR IMAGE_LINK_NAME" testimage_dump_target () { } @@ -209,7 +209,7 @@ def testimage_main(d): bb.utils.mkdirhier(d.getVar("TEST_LOG_DIR")) image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), - d.getVar('IMAGE_LINK_NAME'))) + d.getVar('IMAGE_LINK_NAME') or d.getVar('IMAGE_NAME'))) tdname = "%s.testdata.json" % image_name try: From patchwork Mon Sep 23 13:13:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49471 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BCBECF9C69 for ; Mon, 23 Sep 2024 13:14:34 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.36192.1727097266153282734 for ; Mon, 23 Sep 2024 06:14:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RauB2oB1; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-7191fb54147so3191597b3a.2 for ; Mon, 23 Sep 2024 06:14:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097265; x=1727702065; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vPjCl8W+KDlOVbGGxQXN22aUziAB2mFfuC2bdAkTiZg=; b=RauB2oB1tYqs4iSxl5mx28Sqln+FQNV/X/RI8d743pX3iZmambpGVETwOOPVJdQkOK b8sDxHB+W/hjQSoMxgzPYT6MOcf6JaBXakk+W2G7VBLurqZgQ+DXAQPxIKT+Iz+VFg2f yHCmcvPJ+OOHzOC7tLSnCAyAD35fGhDwbSW5tUeQ65M4UTksR0ya0kogNqU5ex8eAzBl cgV9EuCJ6j6+ncpDu2vJLGGeL39jAh3CN8dXlUbOtDw3UM6f9kCEWxZGNf6Pp9YQjA3k qVzmtnu8cyotzpyglGIRPM03UbYQ9PKNNrJPGYPgFXn+PkmMFyGZI+RW5gAo+LR+0Zdy lhVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097265; x=1727702065; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vPjCl8W+KDlOVbGGxQXN22aUziAB2mFfuC2bdAkTiZg=; b=qMMRYGAHfWiUOhKwN1Sey1+eOjTZrNJaeadP0r0NLJHScUXWw0yMaRi8hj27O6HBqW bOZAJEhxRGP3J0SCoLC7EN0mydp9wY18vkG/rw9u6OGblRSuXhfYuT5qQNsii8KVjzzz OlWvwfCI//Ub6Zo0ChX78cdV3ebUzDAbeNb4efYZ+sI+8EKvsHfjHwJ+3C+4FgRNE7oo m0SfRaWbP/UNL5lbYVbV71siJkRVXbiFGjMI42y62yILVf7hKMsw0+67NhC/afjqxT+i 1kkCQEv3BKtrAjBT/R1HZoY94P0aoNhg2MIrg3GHzKz51yZolqJeCWrFPo9e70LDt3Pn KXmQ== X-Gm-Message-State: AOJu0YyCqtf7l/k4saGH9EKoYPqV23Zkp9DTgZvI8RPRExc1/dV0w5x6 IngzswWPT3ldqH8LXnNErD/uqcSHw9m9p8VScdaXTTxIWq8jgO6ADsRbKsqDx6VNppmoXxEn/4T 4+kw= X-Google-Smtp-Source: AGHT+IEbrWwbbHlQ5ZwfJ21lxeZqzbVGdyKVMU80f1E477whLGlgbCZH9iu2vreZsRdtf3x+wW2piA== X-Received: by 2002:a05:6a00:3d4c:b0:70e:9907:ef75 with SMTP id d2e1a72fcca58-7199cc457bemr20801814b3a.4.1727097265339; Mon, 23 Sep 2024 06:14:25 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/15] testexport: fallback for empty IMAGE_LINK_NAME Date: Mon, 23 Sep 2024 06:13:55 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204820 From: Konrad Weihmann if IMAGE_LINK_NAME is set empty to disable the symlinking for image artifacts in deploy, testexport fails, as the path assembly is incorrect. In that case fallback to IMAGE_NAME (From OE-Core rev: 0c1d098e6dd08fa3a5aafca656457ac6badcef89) Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/classes/testexport.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/testexport.bbclass b/meta/classes/testexport.bbclass index 1b0fb44a4a..deb68ec6ce 100644 --- a/meta/classes/testexport.bbclass +++ b/meta/classes/testexport.bbclass @@ -50,7 +50,7 @@ def testexport_main(d): from oeqa.runtime.context import OERuntimeTestContextExecutor image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), - d.getVar('IMAGE_LINK_NAME'))) + d.getVar('IMAGE_LINK_NAME') or d.getVar('IMAGE_NAME'))) tdname = "%s.testdata.json" % image_name td = json.load(open(tdname, "r")) From patchwork Mon Sep 23 13:13:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 49472 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 251F7CF9C74 for ; Mon, 23 Sep 2024 13:14:34 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.36196.1727097267766500869 for ; Mon, 23 Sep 2024 06:14:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iLPxAy27; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-71798a15ce5so3704252b3a.0 for ; Mon, 23 Sep 2024 06:14:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1727097267; x=1727702067; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=79R+1EzgvbK1DclnajXzGa8w9hHbpAEmk9amOLvvnQY=; b=iLPxAy27F8BYQtBTNeD9kuUkOyK1//sJmwdHDweneScdqbMYG6ksl4NhSZaTTNRXOa DDAi+esxzsbqbjWi9y4CMJlSFENFz+GjdtmI7R18/sIrPFSDfx/pd6ZZ5JhkjmHEIBAU 4VxLRS/hbQnkSil3RZ08CN1I/B9M7IhNnscbvO1gJCjb+PksDtqa9EY2QI8ULh1rQKTu wYVQ1vpWQDOQ5PsUgaKSDNO7oYkQ8+rj7a8XP+a0NM4aZxb/nnXZ0i38e8yYGa9HThcf GVzo20Rq+HFyMFuj6MvtlhwZMoOdDca1uN1LcW3jW5Mf7JUwULRw974ADS5Q20BM+ank V7hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727097267; x=1727702067; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=79R+1EzgvbK1DclnajXzGa8w9hHbpAEmk9amOLvvnQY=; b=hdGWxn8xaUwMJ2+Sup7tAtiE1HPFkCBe2Ncan+L2FLZzp8rJ/QKG+NXnGuXStOxzU2 CkRkWdMbb3fynP4acNeBHVhEx8WP0x4awLFx6OUsRQkY7zOcDno0T7bRvkajtLzcJsO5 VsW3fR9lEC3j5hJk9nlMve1fZPqQZakbsDYCSC3IggyE+1UWs3eNV0KTRrCBSyKOzeiR 7+HxWR/P/6DEeVMvofiELjbeWMIiqR/2jnmm2U0QfRb6QD14oVp+o2BD5Uv0aVj+Lf/j VofeQyrq81Oc5R/KZlS3xlOkOBId177mMlO3mg/xU8yToOSoRqUAkwOrQ1iILX5m07aP 8ERg== X-Gm-Message-State: AOJu0YxFw+hOPKTDCf/Xhx7RwZkcwH4lrAEUMKYQNrPuBsfJ5qxzrRLb 3nu7QkCprKDSEccbVYZChnL63PHRDHJvolNdWAWigMJeK+r87R2PurAXxX5NCfosJksDvR4ZFmB Zp+4= X-Google-Smtp-Source: AGHT+IE/T4RoV7DeoXXXZsshdBiPa5V9jSejau4YDPWehhO580QshecJmY69kerTIXhv1rDwozARpg== X-Received: by 2002:a05:6a20:c6c2:b0:1d2:fad2:a537 with SMTP id adf61e73a8af0-1d30a9ad0a8mr13487123637.18.1727097266897; Mon, 23 Sep 2024 06:14:26 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944b7ee58sm13831391b3a.127.2024.09.23.06.14.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Sep 2024 06:14:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/15] lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex Date: Mon, 23 Sep 2024 06:13:56 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 23 Sep 2024 13:14:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/204821 From: Ross Burton TestCase.assertRaisesRegexp was renamed to assertRaisesRegex in Python 3.2, so rename to fix a warning during test execution. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 6df44a4b29487bf8ef51bb5ba6467a4056b749cc) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/runcmd.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/runcmd.py b/meta/lib/oeqa/selftest/cases/runcmd.py index e9612389fe..e423fe3d3e 100644 --- a/meta/lib/oeqa/selftest/cases/runcmd.py +++ b/meta/lib/oeqa/selftest/cases/runcmd.py @@ -56,11 +56,11 @@ class RunCmdTests(OESelftestTestCase): self.assertEqual(result.status, 0) def test_result_assertion(self): - self.assertRaisesRegexp(AssertionError, "Command 'echo .* false' returned non-zero exit status 1:\nfoobar", + self.assertRaisesRegex(AssertionError, "Command 'echo .* false' returned non-zero exit status 1:\nfoobar", runCmd, "echo foobar >&2; false", shell=True) def test_result_exception(self): - self.assertRaisesRegexp(CommandError, "Command 'echo .* false' returned non-zero exit status 1 with output: foobar", + self.assertRaisesRegex(CommandError, "Command 'echo .* false' returned non-zero exit status 1 with output: foobar", runCmd, "echo foobar >&2; false", shell=True, assert_error=False) def test_output(self):