From patchwork Tue Oct 29 18:59:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51501 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FAACD3A681 for ; Tue, 29 Oct 2024 19:00:04 +0000 (UTC) Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) by mx.groups.io with SMTP id smtpd.web10.1929.1730228402759462287 for ; Tue, 29 Oct 2024 12:00:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pgtlhGOr; spf=softfail (domain: sakoman.com, ip: 209.85.215.176, mailfrom: steve@sakoman.com) Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-7db54269325so4345921a12.2 for ; Tue, 29 Oct 2024 12:00:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228402; x=1730833202; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=l76zJq5yOvHdZxXfnNCBSNXp12kska8Ae2hKH4W503c=; b=pgtlhGOrDfgCjR5UovUPswo/Bf4p9W2Fssil4LmOoqfzSD6/+X1HwozaeYqiwX0mP+ xsmE1iQUlZjJNeVbvF4P45h1zxs6n2rAcLJb9TXLwHmUYtmn3uSTPIXirF296OSQt4TN 1kU3eV0iHOWN879neeIawsV7N77NW9G/FhmnL4uJNEbI0bwsHAw1w7XX07sYpbL3Rk4b K/U8GDS3dce75Is1vhinBP8JTvDUlzIQ0bwd7v34gMGQPfc8YrNrAVQB7kPULkLnwiAB FLioXj1cqr99lfVtTiP2INoo42WEj2Uw4Dm66m3mbglC1bxZg+0oXHSRV1HkatJgJmgU YJPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228402; x=1730833202; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l76zJq5yOvHdZxXfnNCBSNXp12kska8Ae2hKH4W503c=; b=ZJbgSEzm2qLzVgnC7pmFjoWNrii6dM5SHqnYWOMpBFiDVcUUOBT3Rmpu04QSYtFlIB qWYwLQzAmRVbUbkTagEIkutHQSuhyKCkyOiWYEweekN2Mklj5H6RpQ56unVekNcT8eXM m6ZbP/w3J77icUGR0/W9Oa/nFnCdI0vQ+NinSPT5QvVfg9IdG0y0lw/B4BsqemJOukjC iSJrGfojJXNQKET6DjMabLSZlG6mhZnyNe8SIp5u5VMqaP2wprlW2ws/1okXC/2zkUEK 9gJFUQWoCzIn8Pt4eUP/n/m0iwiYrkMaJQfkPxGAXLnv63KEf1AqRB+/bUY8wTlgreQU U3ZA== X-Gm-Message-State: AOJu0YyTpnbasXfA9J1SZyUfO22KLc74diV6jjaUgVXyIlS0N5WihPWV 2Okof7PnkajOnh3hYp1KNKdXY5LO7+uqojtDwcPskhdSjxFt3DqRDHtewVrqmMrokqkRWuT6pCz x X-Google-Smtp-Source: AGHT+IGYRprSjbhaF3SFr6oJyCo0nqatrB3mCshLHU9vDdPVL14fywEYgdAFgL22sshgr1Hi0cqSeA== X-Received: by 2002:a05:6a20:e18a:b0:1d9:2bed:c7e7 with SMTP id adf61e73a8af0-1d9a84d785amr16287609637.39.1730228401654; Tue, 29 Oct 2024 12:00:01 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:01 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/19] ghostscript: Backport CVE-2024-29508 Date: Tue, 29 Oct 2024 11:59:34 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206511 From: Ashish Sharma Import patch from ubuntu to fix CVE-2024-29508 Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a] Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a Signed-off-by: Ashish Sharma Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2024-29508-1.patch | 308 ++++++++++++++++++ .../ghostscript/CVE-2024-29508-2.patch | 29 ++ .../ghostscript/ghostscript_9.55.0.bb | 2 + 3 files changed, 339 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch new file mode 100644 index 0000000000..cb3b736289 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch @@ -0,0 +1,308 @@ +Backport of: +Note: updated to fix compiler warning. + +From ff1013a0ab485b66783b70145e342a82c670906a Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Thu, 25 Jan 2024 11:53:44 +0000 +Subject: Bug 707510 - review printing of pointers + +This is for item 4 of the report, which is addressed by the change in +gdevpdtb.c. That change uses a fixed name for fonts which have no name +instead of using the pointer to the address of the font. + +The remaining changes are all due to reviewing the use of PRI_INTPTR. +In general we only use that for debugging purposes but there were a few +places which were printing pointers arbitrarily, even in a release build. + +We really don't want to do that so I've modified the places which were +printing pointer unconditionally so that they only do so if DEBUG is +set at compile time, or a specific debug flag is set. + +CVE: CVE-2024-29508 +Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a] +Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a +Signed-off-by: Ashish Sharma + + base/gsfont.c | 4 ++-- + base/gsicc_cache.c | 8 ++++---- + base/gsmalloc.c | 4 ++-- + base/gxclmem.c | 5 ++--- + base/gxcpath.c | 6 +++++- + base/gxpath.c | 8 +++++++- + base/szlibc.c | 4 +++- + devices/gdevupd.c | 7 ++++++- + devices/vector/gdevpdtb.c | 4 ++-- + psi/ialloc.c | 4 ++-- + psi/igc.c | 6 +++--- + psi/igcstr.c | 6 +++--- + psi/iinit.c | 6 +++++- + psi/imainarg.c | 5 +++-- + psi/isave.c | 4 ++-- + psi/iutil.c | 6 +++++- + 16 files changed, 56 insertions(+), 31 deletions(-) + +--- a/base/gsfont.c ++++ b/base/gsfont.c +@@ -778,7 +778,7 @@ gs_purge_font(gs_font * pfont) + else if (pdir->scaled_fonts == pfont) + pdir->scaled_fonts = next; + else { /* Shouldn't happen! */ +- lprintf1("purged font "PRI_INTPTR" not found\n", (intptr_t)pfont); ++ if_debug1m('u', pfont->memory, "purged font "PRI_INTPTR" not found\n", (intptr_t)pfont); + } + + /* Purge the font from the scaled font cache. */ +--- a/base/gsicc_cache.c ++++ b/base/gsicc_cache.c +@@ -149,7 +149,7 @@ icc_linkcache_finalize(const gs_memory_t + + while (link_cache->head != NULL) { + if (link_cache->head->ref_count != 0) { +- emprintf2(mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", ++ if_debug2m(gs_debug_flag_icc, mem, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", + (intptr_t)link_cache->head, link_cache->head->ref_count); + link_cache->head->ref_count = 0; /* force removal */ + } +@@ -560,7 +560,7 @@ gsicc_findcachelink(gsicc_hashlink_t has + /* that was building it failed to be able to complete building it */ + /* this is probably a fatal error. MV ??? */ + if (curr->valid == false) { +- emprintf1(curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */ ++ if_debug1m(gs_debug_flag_icc, curr->memory, "link "PRI_INTPTR" lock released, but still not valid.\n", (intptr_t)curr); /* Breakpoint here */ + } + gx_monitor_enter(icc_link_cache->lock); /* re-enter to loop and check */ + } +@@ -587,7 +587,7 @@ gsicc_remove_link(gsicc_link_t *link, co + /* NOTE: link->ref_count must be 0: assert ? */ + gx_monitor_enter(icc_link_cache->lock); + if (link->ref_count != 0) { +- emprintf2(memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count); ++ if_debug2m(gs_debug_flag_icc, memory, "link at "PRI_INTPTR" being removed, but has ref_count = %d\n", (intptr_t)link, link->ref_count); + } + curr = icc_link_cache->head; + prev = NULL; +--- a/base/gsmalloc.c ++++ b/base/gsmalloc.c +@@ -419,7 +419,7 @@ gs_heap_resize_string(gs_memory_t * mem, + client_name_t cname) + { + if (gs_heap_object_type(mem, data) != &st_bytes) +- lprintf2("%s: resizing non-string "PRI_INTPTR"!\n", ++ if_debug2m('a', mem, "%s: resizing non-string "PRI_INTPTR"!\n", + client_name_string(cname), (intptr_t)data); + return gs_heap_resize_object(mem, data, new_num, cname); + } +--- a/base/gxclmem.c ++++ b/base/gxclmem.c +@@ -490,8 +490,7 @@ memfile_fclose(clist_file_ptr cf, const + /* leaks if other users of the memfile don't 'fclose with delete=true */ + if (f->openlist != NULL || ((f->base_memfile != NULL) && f->base_memfile->is_open)) { + /* TODO: do the cleanup rather than just giving an error */ +- emprintf1(f->memory, +- "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n", ++ if_debug1(':', "Attempt to delete a memfile still open for read: "PRI_INTPTR"\n", + (intptr_t)f); + return_error(gs_error_invalidfileaccess); + } else { +--- a/base/gxcpath.c ++++ b/base/gxcpath.c +@@ -172,8 +172,10 @@ gx_cpath_init_contained_shared(gx_clip_p + { + if (shared) { + if (shared->path.segments == &shared->path.local_segments) { ++#ifdef DEBUG + lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n", + (intptr_t)shared); ++#endif + return_error(gs_error_Fatal); + } + *pcpath = *shared; +@@ -230,8 +232,10 @@ gx_cpath_init_local_shared_nested(gx_cli + if (shared) { + if ((shared->path.segments == &shared->path.local_segments) && + !safely_nested) { ++#ifdef DEBUG + lprintf1("Attempt to share (local) segments of clip path "PRI_INTPTR"!\n", + (intptr_t)shared); ++#endif + return_error(gs_error_Fatal); + } + pcpath->path = shared->path; +--- a/base/gxpath.c ++++ b/base/gxpath.c +@@ -137,8 +137,10 @@ gx_path_init_contained_shared(gx_path * + { + if (shared) { + if (shared->segments == &shared->local_segments) { ++#ifdef DEBUG + lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", + (intptr_t)shared); ++#endif + return_error(gs_error_Fatal); + } + *ppath = *shared; +@@ -172,8 +174,10 @@ gx_path_alloc_shared(const gx_path * sha + ppath->procs = &default_path_procs; + if (shared) { + if (shared->segments == &shared->local_segments) { ++#ifdef DEBUG + lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", + (intptr_t)shared); ++#endif + gs_free_object(mem, ppath, cname); + return 0; + } +@@ -203,8 +207,10 @@ gx_path_init_local_shared(gx_path * ppat + { + if (shared) { + if (shared->segments == &shared->local_segments) { ++#ifdef DEBUG + lprintf1("Attempt to share (local) segments of path "PRI_INTPTR"!\n", + (intptr_t)shared); ++#endif + return_error(gs_error_Fatal); + } + *ppath = *shared; +--- a/base/szlibc.c ++++ b/base/szlibc.c +@@ -110,7 +110,9 @@ s_zlib_free(void *zmem, void *data) + gs_free_object(mem, data, "s_zlib_free(data)"); + for (; ; block = block->next) { + if (block == 0) { ++#ifdef DEBUG + lprintf1("Freeing unrecorded data "PRI_INTPTR"!\n", (intptr_t)data); ++#endif + return; + } + if (block->data == data) +--- a/devices/gdevupd.c ++++ b/devices/gdevupd.c +@@ -1039,8 +1039,13 @@ upd_print_page(gx_device_printer *pdev, + */ + if(!upd || B_OK4GO != (upd->flags & (B_OK4GO | B_ERROR))) { + #if UPD_MESSAGES & (UPD_M_ERROR | UPD_M_TOPCALLS) ++#ifdef DEBUG + errprintf(pdev->memory, "CALL-REJECTED upd_print_page(" PRI_INTPTR "," PRI_INTPTR ")\n", + (intptr_t)udev,(intptr_t) out); ++#else ++ errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n", ++ (intptr_t)udev,(intptr_t) out); ++#endif + #endif + return_error(gs_error_undefined); + } +--- a/devices/vector/gdevpdtb.c ++++ b/devices/vector/gdevpdtb.c +@@ -371,7 +371,7 @@ pdf_base_font_alloc(gx_device_pdf *pdev, + font_name.size -= SUBSET_PREFIX_SIZE; + } + } else { +- gs_sprintf(fnbuf, ".F" PRI_INTPTR, (intptr_t)copied); ++ gs_snprintf(fnbuf, sizeof(fnbuf), "Anonymous"); + font_name.data = (byte *)fnbuf; + font_name.size = strlen(fnbuf); + } +--- a/psi/ialloc.c ++++ b/psi/ialloc.c +@@ -386,7 +386,7 @@ gs_free_ref_array(gs_ref_memory_t * mem, + size = num_refs * sizeof(ref); + break; + default: +- lprintf3("Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!", ++ if_debug3('A', "Unknown type 0x%x in free_ref_array(%u,"PRI_INTPTR")!", + r_type(parr), num_refs, (intptr_t)obj); + return; + } +--- a/psi/igc.c ++++ b/psi/igc.c +@@ -1061,7 +1061,7 @@ gc_extend_stack(gc_mark_stack * pms, gc_ + + if (cp == 0) { /* We were tracing outside collectible */ + /* storage. This can't happen. */ +- lprintf1("mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n", ++ if_debug1('6', "mark stack overflowed while outside collectible space at "PRI_INTPTR"!\n", + (intptr_t)cptr); + gs_abort(pstate->heap); + } +@@ -1290,7 +1290,7 @@ igc_reloc_struct_ptr(const void /*obj_he + + if (cp != 0 && cp->cbase <= (byte *)obj && (byte *)obj ctop) { + if (back > (cp->ctop - cp->cbase) >> obj_back_shift) { +- lprintf2("Invalid back pointer %u at "PRI_INTPTR"!\n", ++ if_debug2('6', "Invalid back pointer %u at "PRI_INTPTR"!\n", + back, (intptr_t)obj); + gs_abort(NULL); + } +--- a/psi/igcstr.c ++++ b/psi/igcstr.c +@@ -152,7 +152,7 @@ gc_string_mark(const byte * ptr, uint si + return false; + #ifdef DEBUG + if (ptr - HDR_ID_OFFSET < cp->ctop) { +- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", ++ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", + (intptr_t)ptr - HDR_ID_OFFSET, size, (intptr_t)cp->ctop, (intptr_t)cp->climit); + return false; + } else if (ptr + size > cp->climit) { /* +@@ -171,7 +171,7 @@ gc_string_mark(const byte * ptr, uint si + while (ptr - HDR_ID_OFFSET == scp->climit && scp->outer != 0) + scp = scp->outer; + if (ptr - HDR_ID_OFFSET + size > scp->climit) { +- lprintf4("String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", ++ if_debug4('6', "String pointer "PRI_INTPTR"[%u] outside ["PRI_INTPTR".."PRI_INTPTR")\n", + (intptr_t)ptr - HDR_ID_OFFSET, size, + (intptr_t)scp->ctop, (intptr_t)scp->climit); + return false; +--- a/psi/iinit.c ++++ b/psi/iinit.c +@@ -395,8 +395,12 @@ zop_init(i_ctx_t *i_ctx_p) + if (def->proc != 0) { + code = def->proc(i_ctx_p); + if (code < 0) { ++#ifdef DEBUG + lprintf2("op_init proc "PRI_INTPTR" returned error %d!\n", + (intptr_t)def->proc, code); ++#else ++ lprintf("op_init proc returned error !\n"); ++#endif + return code; + } + } +--- a/psi/imainarg.c ++++ b/psi/imainarg.c +@@ -229,7 +229,8 @@ gs_main_init_with_args01(gs_main_instanc + if (gs_debug[':'] && !have_dumped_args) { + int i; + +- dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ", ++ if (gs_debug_c(gs_debug_flag_init_details)) ++ dmprintf1(minst->heap, "%% Args passed to instance "PRI_INTPTR": ", + (intptr_t)minst); + for (i=1; iheap, "%s ", argv[i]); +--- a/psi/isave.c ++++ b/psi/isave.c +@@ -487,7 +487,7 @@ alloc_save_change_in(gs_ref_memory_t *me + else if (r_is_struct(pcont)) + cp->offset = (byte *) where - (byte *) pcont->value.pstruct; + else { +- lprintf3("Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n", ++ if_debug3('u', "Bad type %u for save! pcont = "PRI_INTPTR", where = "PRI_INTPTR"\n", + r_type(pcont), (intptr_t) pcont, (intptr_t) where); + gs_abort((const gs_memory_t *)mem); + } +--- a/psi/iutil.c ++++ b/psi/iutil.c +@@ -537,7 +537,11 @@ other: + break; + } + /* Internal operator, no name. */ +- gs_sprintf(buf, "@"PRI_INTPTR, (intptr_t) op->value.opproc); ++#ifdef DEBUG ++ gs_snprintf(buf, sizeof(buf), "@"PRI_INTPTR, (intptr_t) op->value.opproc); ++#else ++ gs_snprintf(buf, sizeof(buf), "@anonymous_operator", (intptr_t) op->value.opproc); ++#endif + break; + } + case t_real: diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch new file mode 100644 index 0000000000..11f89e0882 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch @@ -0,0 +1,29 @@ +From d084021e06ba1caa1373fbbcf24a8510f43830ab Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Sat, 27 Jan 2024 09:30:30 +0000 +Subject: [PATCH] Coverity IDs 414141 & 414145 + +These are the same problem reported two different ways. I forgot to +remove the arguments to errprintf when I removed the format specifiers +from the string as part of reviewing the pointer printing. + +CVE: CVE-2024-29508 +Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a] +Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a +Signed-off-by: Ashish Sharma + + devices/gdevupd.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/devices/gdevupd.c ++++ b/devices/gdevupd.c +@@ -1043,8 +1043,7 @@ upd_print_page(gx_device_printer *pdev, + errprintf(pdev->memory, "CALL-REJECTED upd_print_page(" PRI_INTPTR "," PRI_INTPTR ")\n", + (intptr_t)udev,(intptr_t) out); + #else +- errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n", +- (intptr_t)udev,(intptr_t) out); ++ errprintf(pdev->memory, "CALL-REJECTED upd_print_page\n"); + #endif + #endif + return_error(gs_error_undefined); diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 525086e2af..969e637f5e 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -54,6 +54,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2024-29511-0002.patch \ file://CVE-2024-29509.patch \ file://CVE-2024-29506.patch \ + file://CVE-2024-29508-1.patch \ + file://CVE-2024-29508-2.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Oct 29 18:59:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51506 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E254FD3A682 for ; Tue, 29 Oct 2024 19:00:13 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.1961.1730228405879351186 for ; Tue, 29 Oct 2024 12:00:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=mGzmEAu/; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-7cd8803fe0aso4060198a12.0 for ; Tue, 29 Oct 2024 12:00:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228405; x=1730833205; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tG5kWp1DwQ1clEWuYPCeJcViH/D+ClMHG0b/ZFKrqFE=; b=mGzmEAu/P844bXg3pSwFaO7xsBSAL17pivTp+d26H00g+Nfl5jxawsUYFFLFIAPpNM GRgPUlOphl60xnQpgRoV62UIdM12+kpKcpntHYrHepgEqJxd9f8LW+XOo7/tTzfOqMBO ocojUgeY2+7BFq0d4hV6k8LAlMPFxYMBzAdPZ8DX4zn9XjZqHcXNpwkKxmtDEeOeJZjb 5ReCsQ6vQNzaSXyHABeusrFyIV/2L5mRpN3TJ6RppCg5AxxChXVvBprKa1n2Dw7PT2K/ 0trFp18Tv7B49KnK1lGwZ4z72ezpUXwGMKJujzVAGKvSJk6POfBiJ+4Sr2+H06RN23ZZ +Syg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228405; x=1730833205; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tG5kWp1DwQ1clEWuYPCeJcViH/D+ClMHG0b/ZFKrqFE=; b=Yb9T19Qj2BvLf86g1CsSqFbFY+/rD9ydbBe2bDG02PGwONzdVGB/dE4HC9vFWqf339 9YiPryTryQ/C4/4lfyp6Sk9moN2V2c2JeK2TXvY0BkVBIg4WgnbggGYR9+0bGrIWWgQ0 yQ5/YGkIS1h8tBlF2wpxOhpl40fZ7Q9qM2FsOb7J+h4n25ONPSm5+77rcKmajVSXL8dZ Jy2d8qm1BqZ/zrj5x1MC4acU9zc3+XadKYsEP2GJ+aqHVJwguWHaWH6bZVXlrCCupMrs Ap+wwY5G6LlG4wRwX3Vd+CiSFtEeQrEgnR20RekM3kFyzDb/LUOrC2VkiTrnf/jQMIUI Svdw== X-Gm-Message-State: AOJu0YxI8OfWQd2lrc1NGGO+0CxJGBStwInbxjcQXz+VqyJATPvL5Eu3 6OXkHZNlKILYIvzJYVW01WmkafFKhiQG/dO/BTkkManAB0V+TBLetmJ6tyKVT3Jn8lcY6JVeb11 z X-Google-Smtp-Source: AGHT+IHxOxNdaC24gAv2VtASOvI5b6fLyNUzx86UoAsqSPU2Bz1woLkofhiSNgh8V6Cslc2itG293Q== X-Received: by 2002:a05:6a20:2d1f:b0:1d9:78c:dcf2 with SMTP id adf61e73a8af0-1d9eee6385fmr947798637.43.1730228403364; Tue, 29 Oct 2024 12:00:03 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/19] openssl: patch CVE-2024-9143 Date: Tue, 29 Oct 2024 11:59:35 -0700 Message-Id: <75e1dedf85ac093fc43eb88a59bfe980bb363bf9.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206512 From: Peter Marko Pick patch from branch openssl-3.0. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2024-9143.patch | 202 ++++++++++++++++++ .../openssl/openssl_3.0.15.bb | 1 + 2 files changed, 203 insertions(+) create mode 100755 meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch new file mode 100755 index 0000000000..c72a4193c6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch @@ -0,0 +1,202 @@ +From 72ae83ad214d2eef262461365a1975707f862712 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Thu, 19 Sep 2024 01:02:40 +1000 +Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse. + +The BN_GF2m_poly2arr() function converts characteristic-2 field +(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask, +to a compact array with just the exponents of the non-zero terms. + +These polynomials are then used in BN_GF2m_mod_arr() to perform modular +reduction. A precondition of calling BN_GF2m_mod_arr() is that the +polynomial must have a non-zero constant term (i.e. the array has `0` as +its final element). + +Internally, callers of BN_GF2m_poly2arr() did not verify that +precondition, and binary EC curve parameters with an invalid polynomial +could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr(). + +The precondition is always true for polynomials that arise from the +standard form of EC parameters for characteristic-two fields (X9.62). +See the "Finite Field Identification" section of: + + https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html + +The OpenSSL GF(2^m) code supports only the trinomial and pentanomial +basis X9.62 forms. + +This commit updates BN_GF2m_poly2arr() to return `0` (failure) when +the constant term is zero (i.e. the input bitmask BIGNUM is not odd). + +Additionally, the return value is made unambiguous when there is not +enough space to also pad the array with a final `-1` sentinel value. +The return value is now always the number of elements (including the +final `-1`) that would be filled when the output array is sufficiently +large. Previously the same count was returned both when the array has +just enough room for the final `-1` and when it had only enough space +for non-sentinel values. + +Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose +degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against +CPU exhausition attacks via excessively large inputs. + +The above issues do not arise in processing X.509 certificates. These +generally have EC keys from "named curves", and RFC5840 (Section 2.1.1) +disallows explicit EC parameters. The TLS code in OpenSSL enforces this +constraint only after the certificate is decoded, but, even if explicit +parameters are specified, they are in X9.62 form, which cannot represent +problem values as noted above. + +Initially reported as oss-fuzz issue 71623. + +A closely related issue was earlier reported in +. + +Severity: Low, CVE-2024-9143 + +Reviewed-by: Matt Caswell +Reviewed-by: Bernd Edlinger +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/25639) + +(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2) + +CVE: CVE-2024-9143 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712] +Signed-off-by: Peter Marko +--- + crypto/bn/bn_gf2m.c | 28 +++++++++++++++------- + test/ec_internal_test.c | 51 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 71 insertions(+), 8 deletions(-) + +diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c +index c811ae82d6b15..bcc66613cc14d 100644 +--- a/crypto/bn/bn_gf2m.c ++++ b/crypto/bn/bn_gf2m.c +@@ -15,6 +15,7 @@ + #include "bn_local.h" + + #ifndef OPENSSL_NO_EC2M ++# include + + /* + * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should +@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + /* + * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * + * x^i) into an array of integers corresponding to the bits with non-zero +- * coefficient. Array is terminated with -1. Up to max elements of the array +- * will be filled. Return value is total number of array elements that would +- * be filled if array was large enough. ++ * coefficient. The array is intended to be suitable for use with ++ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be ++ * zero. This translates to a requirement that the input BIGNUM `a` is odd. ++ * ++ * Given sufficient room, the array is terminated with -1. Up to max elements ++ * of the array will be filled. ++ * ++ * The return value is total number of array elements that would be filled if ++ * array was large enough, including the terminating `-1`. It is `0` when `a` ++ * is not odd or the constant term is zero contrary to requirement. ++ * ++ * The return value is also `0` when the leading exponent exceeds ++ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks, + */ + int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) + { + int i, j, k = 0; + BN_ULONG mask; + +- if (BN_is_zero(a)) ++ if (!BN_is_odd(a)) + return 0; + + for (i = a->top - 1; i >= 0; i--) { +@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) + } + } + +- if (k < max) { ++ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS) ++ return 0; ++ ++ if (k < max) + p[k] = -1; +- k++; +- } + +- return k; ++ return k + 1; + } + + /* +diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c +index 8c2cd05631696..02cfd4e9d8858 100644 +--- a/test/ec_internal_test.c ++++ b/test/ec_internal_test.c +@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void) + } + + #ifndef OPENSSL_NO_EC2M ++/* Test that decoding of invalid GF2m field parameters fails. */ ++static int ec2m_field_sanity(void) ++{ ++ int ret = 0; ++ BN_CTX *ctx = BN_CTX_new(); ++ BIGNUM *p, *a, *b; ++ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL; ++ ++ TEST_info("Testing GF2m hardening\n"); ++ ++ BN_CTX_start(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ if (!TEST_ptr(b = BN_CTX_get(ctx)) ++ || !TEST_true(BN_one(a)) ++ || !TEST_true(BN_one(b))) ++ goto out; ++ ++ /* Even pentanomial value should be rejected */ ++ if (!TEST_true(BN_set_word(p, 0xf2))) ++ goto out; ++ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("Zero constant term accepted in GF2m polynomial"); ++ ++ /* Odd hexanomial should also be rejected */ ++ if (!TEST_true(BN_set_word(p, 0xf3))) ++ goto out; ++ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("Hexanomial accepted as GF2m polynomial"); ++ ++ /* Excessive polynomial degree should also be rejected */ ++ if (!TEST_true(BN_set_word(p, 0x71)) ++ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1))) ++ goto out; ++ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("GF2m polynomial degree > %d accepted", ++ OPENSSL_ECC_MAX_FIELD_BITS); ++ ++ ret = group1 == NULL && group2 == NULL && group3 == NULL; ++ ++ out: ++ EC_GROUP_free(group1); ++ EC_GROUP_free(group2); ++ EC_GROUP_free(group3); ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ ++ return ret; ++} ++ + /* test EC_GF2m_simple_method directly */ + static int field_tests_ec2_simple(void) + { +@@ -443,6 +493,7 @@ int setup_tests(void) + ADD_TEST(field_tests_ecp_simple); + ADD_TEST(field_tests_ecp_mont); + #ifndef OPENSSL_NO_EC2M ++ ADD_TEST(ec2m_field_sanity); + ADD_TEST(field_tests_ec2_simple); + #endif + ADD_ALL_TESTS(field_tests_default, crv_len); diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.15.bb b/meta/recipes-connectivity/openssl/openssl_3.0.15.bb index b76a763cc3..5f7e7c0000 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.15.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.15.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2024-9143.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Tue Oct 29 18:59:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51507 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C047D3A68B for ; Tue, 29 Oct 2024 19:00:14 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web10.1932.1730228406312107283 for ; Tue, 29 Oct 2024 12:00:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=MQv/9Qo8; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-7c1324be8easo111741a12.1 for ; Tue, 29 Oct 2024 12:00:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228405; x=1730833205; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fEpxjmoW7nLprqlnJsro105U5QoqibPuTsfuyrEzFXU=; b=MQv/9Qo8kEsqK/qCuXREFAmZqQx84Whfn95fwBx+dymyIgfZC6jBhBZwpWhSG3uZR5 k1kwJgDYlSJKbapmyCS9/QdSuiERWmFJ1mglbktZyFzfqZoUse14t6v4YLV9a2yuoKze I4ogdOdVmBqJ9Kz5FFa336dZorFSfCBtIfTZ2SB2ogOhFV9oSzV773iLBG2uX+Q7Go6t EemARKo/ziNLqdGF6DpqtZHLT+GuBZe35Dr//w4YC2655Dl5+WUvEFEiLR+KmmvwkZnk 5osVXKtdUsD87SOrzbyNf1ejosPjjlojwGeTn592CaNzYd+JyCA3NlLIVRQ+dEVO0Jc0 Cmpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228405; x=1730833205; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fEpxjmoW7nLprqlnJsro105U5QoqibPuTsfuyrEzFXU=; b=gXDh9i1DyggUNZgsRYHzMSa8WdgGlqXtTrQF6W4d/MxyFaTTSRotezOQ/sMb7wxXBF TTnI4lcB97CAVkpTeB2QE2vT9AF0UDtzR7Y3bckWqUOCmWRUWPAEztVqEw9mgZFDXpCG L6Qcko+g1vgHwo1Xv3XkXQCzbAyxzOEimUWwoj7MrHpJNFCkPZccRdE6eDnC3GicOazE 92ulJ9RvJGg7a8IYkH2cK9J+Q0IF26od/ILAh2MJKjNaog55CdOumJNNeHKEfnJt5pn0 yKFLq1sj8KAwJr791UVHh5hQEwWFlVuKVuttRA8w1lWC6grAwxHcF/2njx3X6fZY1nF2 4x+Q== X-Gm-Message-State: AOJu0YzWH5nZsetbKxm6lP0PGB/C8hjXTDX5KbgEpnJHkaHbMnMMHQQ/ c/AFpLFCg6AENc4SLt7pGknqHbcdKiWD+TmlucG8onSK/5VjuttKNAo9lbp8EqCtVCSSCQu9bkV t X-Google-Smtp-Source: AGHT+IFvBx0Z9apvo2sI5vWho0E94vfsGXOoxnp1SS+rBIzAFLvVLmvXGr8EOTAzvGUDin8aUCYkmQ== X-Received: by 2002:a05:6a20:baa0:b0:1d9:dc27:e36b with SMTP id adf61e73a8af0-1d9e1a8b4e3mr4158082637.0.1730228405000; Tue, 29 Oct 2024 12:00:05 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:04 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/19] qemu: fix CVE-2023-3019 Date: Tue, 29 Oct 2024 11:59:36 -0700 Message-Id: <3782e1b21882ffc5e4cc466418e066179470241e.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206513 From: Yogita Urade A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. CVE-2023-3019-0002 is the CVE fix and CVE-2023-3019-0001 is dependent CVE fix. fix indent issue in qemu.inc file. CVE-2023-3019 patch required Mem ReenttranceyGuard structure definition, it's defined in commit: https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380 but the patch is causing errors: Failed: qemux86 does not shutdown within timeout(120) so backported only required structure definition. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-3019 Upstream patches: https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66 https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921 Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 18 +- .../qemu/qemu/CVE-2023-3019-0001.patch | 622 ++++++++++++++++++ .../qemu/qemu/CVE-2023-3019-0002.patch | 91 +++ 3 files changed, 723 insertions(+), 8 deletions(-) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 6ff3c2f9bc..1c0e8a93f1 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -97,14 +97,14 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-3301.patch \ file://CVE-2023-3255.patch \ file://CVE-2023-2861.patch \ - file://CVE-2020-14394.patch \ - file://CVE-2023-3354.patch \ - file://CVE-2023-3180.patch \ - file://CVE-2021-3638.patch \ - file://CVE-2023-1544.patch \ - file://CVE-2023-5088.patch \ - file://CVE-2024-24474.patch \ - file://CVE-2023-6693.patch \ + file://CVE-2020-14394.patch \ + file://CVE-2023-3354.patch \ + file://CVE-2023-3180.patch \ + file://CVE-2021-3638.patch \ + file://CVE-2023-1544.patch \ + file://CVE-2023-5088.patch \ + file://CVE-2024-24474.patch \ + file://CVE-2023-6693.patch \ file://scsi-disk-allow-MODE-SELECT-block-desriptor-to-set-the-block-size.patch \ file://scsi-disk-ensure-block-size-is-non-zero-and-changes-limited-to-bits-8-15.patch \ file://CVE-2023-42467.patch \ @@ -118,6 +118,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2024-4467-0003.patch \ file://CVE-2024-4467-0004.patch \ file://CVE-2024-4467-0005.patch \ + file://CVE-2023-3019-0001.patch \ + file://CVE-2023-3019-0002.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch new file mode 100644 index 0000000000..fccfe7d114 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch @@ -0,0 +1,622 @@ +From 7d0fefdf81f5973334c344f6b8e1896c309dff66 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Thu, 1 Jun 2023 12:18:58 +0900 +Subject: [PATCH] net: Provide MemReentrancyGuard * to qemu_new_nic() + +Recently MemReentrancyGuard was added to DeviceState to record that the +device is engaging in I/O. The network device backend needs to update it +when delivering a packet to a device. + +In preparation for such a change, add MemReentrancyGuard * as a +parameter of qemu_new_nic(). + +Signed-off-by: Akihiko Odaki +Reviewed-by: Alexander Bulekov +Signed-off-by: Jason Wang + +CVE: CVE-2023-3019 +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66] + +Signed-off-by: Yogita Urade +--- + hw/arm/musicpal.c | 3 ++- + hw/net/allwinner-sun8i-emac.c | 3 ++- + hw/net/allwinner_emac.c | 3 ++- + hw/net/cadence_gem.c | 3 ++- + hw/net/dp8393x.c | 3 ++- + hw/net/e1000.c | 3 ++- + hw/net/e1000e.c | 2 +- + hw/net/eepro100.c | 4 +++- + hw/net/etraxfs_eth.c | 3 ++- + hw/net/fsl_etsec/etsec.c | 3 ++- + hw/net/ftgmac100.c | 3 ++- + hw/net/imx_fec.c | 2 +- + hw/net/lan9118.c | 3 ++- + hw/net/mcf_fec.c | 3 ++- + hw/net/mipsnet.c | 3 ++- + hw/net/msf2-emac.c | 3 ++- + hw/net/ne2000-isa.c | 3 ++- + hw/net/ne2000-pci.c | 3 ++- + hw/net/npcm7xx_emc.c | 3 ++- + hw/net/opencores_eth.c | 3 ++- + hw/net/pcnet.c | 3 ++- + hw/net/rocker/rocker_fp.c | 4 ++-- + hw/net/rtl8139.c | 3 ++- + hw/net/smc91c111.c | 3 ++- + hw/net/spapr_llan.c | 3 ++- + hw/net/stellaris_enet.c | 3 ++- + hw/net/sungem.c | 2 +- + hw/net/sunhme.c | 3 ++- + hw/net/tulip.c | 3 ++- + hw/net/virtio-net.c | 6 ++++-- + hw/net/vmxnet3.c | 2 +- + hw/net/xen_nic.c | 4 +++- + hw/net/xgmac.c | 3 ++- + hw/net/xilinx_axienet.c | 3 ++- + hw/net/xilinx_ethlite.c | 3 ++- + hw/usb/dev-network.c | 3 ++- + include/hw/qdev-core.h | 7 +++++++ + include/net/net.h | 1 + + net/net.c | 1 + + 39 files changed, 81 insertions(+), 38 deletions(-) + +diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c +index 2680ec55b..15fc7fee4 100644 +--- a/hw/arm/musicpal.c ++++ b/hw/arm/musicpal.c +@@ -418,7 +418,8 @@ static void mv88w8618_eth_realize(DeviceState *dev, Error **errp) + + address_space_init(&s->dma_as, s->dma_mr, "emac-dma"); + s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + } + + static const VMStateDescription mv88w8618_eth_vmsd = { +diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c +index ecc0245fe..cf93b2fda 100644 +--- a/hw/net/allwinner-sun8i-emac.c ++++ b/hw/net/allwinner-sun8i-emac.c +@@ -816,7 +816,8 @@ static void allwinner_sun8i_emac_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_allwinner_sun8i_emac_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c +index ddddf35c4..b3d73143b 100644 +--- a/hw/net/allwinner_emac.c ++++ b/hw/net/allwinner_emac.c +@@ -453,7 +453,8 @@ static void aw_emac_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + fifo8_create(&s->rx_fifo, RX_FIFO_SIZE); +diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c +index 24b3a0ff6..cb61a7641 100644 +--- a/hw/net/cadence_gem.c ++++ b/hw/net/cadence_gem.c +@@ -1633,7 +1633,8 @@ static void gem_realize(DeviceState *dev, Error **errp) + qemu_macaddr_default_if_unset(&s->conf.macaddr); + + s->nic = qemu_new_nic(&net_gem_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + + if (s->jumbo_max_len > MAX_FRAME_SIZE) { + error_setg(errp, "jumbo-max-len is greater than %d", +diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c +index 45b954e46..abfcc6f69 100644 +--- a/hw/net/dp8393x.c ++++ b/hw/net/dp8393x.c +@@ -943,7 +943,8 @@ static void dp8393x_realize(DeviceState *dev, Error **errp) + "dp8393x-regs", SONIC_REG_COUNT << s->it_shift); + + s->nic = qemu_new_nic(&net_dp83932_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s); +diff --git a/hw/net/e1000.c b/hw/net/e1000.c +index f5bc81296..0857c2e7d 100644 +--- a/hw/net/e1000.c ++++ b/hw/net/e1000.c +@@ -1733,7 +1733,8 @@ static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp) + macaddr); + + d->nic = qemu_new_nic(&net_e1000_info, &d->conf, +- object_get_typename(OBJECT(d)), dev->id, d); ++ object_get_typename(OBJECT(d)), dev->id, ++ &dev->mem_reentrancy_guard, d); + + qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr); + +diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c +index ac96f7665..b6e9b0e17 100644 +--- a/hw/net/e1000e.c ++++ b/hw/net/e1000e.c +@@ -328,7 +328,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr) + int i; + + s->nic = qemu_new_nic(&net_e1000e_info, &s->conf, +- object_get_typename(OBJECT(s)), dev->id, s); ++ object_get_typename(OBJECT(s)), dev->id, &dev->mem_reentrancy_guard, s); + + s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0; + +diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c +index 679f52f80..871d9a095 100644 +--- a/hw/net/eepro100.c ++++ b/hw/net/eepro100.c +@@ -1874,7 +1874,9 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp) + nic_reset(s); + + s->nic = qemu_new_nic(&net_eepro100_info, &s->conf, +- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s); ++ object_get_typename(OBJECT(pci_dev)), ++ pci_dev->qdev.id, ++ &pci_dev->qdev.mem_reentrancy_guard, s); + + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str)); +diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c +index 1b82aec79..ba57a978d 100644 +--- a/hw/net/etraxfs_eth.c ++++ b/hw/net/etraxfs_eth.c +@@ -618,7 +618,8 @@ static void etraxfs_eth_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf, +- object_get_typename(OBJECT(s)), dev->id, s); ++ object_get_typename(OBJECT(s)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + s->phy.read = tdk_read; +diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c +index bd9d62b55..f790613b5 100644 +--- a/hw/net/fsl_etsec/etsec.c ++++ b/hw/net/fsl_etsec/etsec.c +@@ -391,7 +391,8 @@ static void etsec_realize(DeviceState *dev, Error **errp) + eTSEC *etsec = ETSEC_COMMON(dev); + + etsec->nic = qemu_new_nic(&net_etsec_info, &etsec->conf, +- object_get_typename(OBJECT(dev)), dev->id, etsec); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, etsec); + qemu_format_nic_info_str(qemu_get_queue(etsec->nic), etsec->conf.macaddr.a); + + etsec->ptimer = ptimer_init(etsec_timer_hit, etsec, PTIMER_POLICY_DEFAULT); +diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c +index 83ef0a783..346485ab4 100644 +--- a/hw/net/ftgmac100.c ++++ b/hw/net/ftgmac100.c +@@ -1118,7 +1118,8 @@ static void ftgmac100_realize(DeviceState *dev, Error **errp) + qemu_macaddr_default_if_unset(&s->conf.macaddr); + + s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c +index 0db9aaf76..74e7e0d12 100644 +--- a/hw/net/imx_fec.c ++++ b/hw/net/imx_fec.c +@@ -1318,7 +1318,7 @@ static void imx_eth_realize(DeviceState *dev, Error **errp) + + s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf, + object_get_typename(OBJECT(dev)), +- dev->id, s); ++ dev->id, &dev->mem_reentrancy_guard, s); + + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } +diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c +index 6aff424cb..942bce9ae 100644 +--- a/hw/net/lan9118.c ++++ b/hw/net/lan9118.c +@@ -1354,7 +1354,8 @@ static void lan9118_realize(DeviceState *dev, Error **errp) + qemu_macaddr_default_if_unset(&s->conf.macaddr); + + s->nic = qemu_new_nic(&net_lan9118_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + s->eeprom[0] = 0xa5; + for (i = 0; i < 6; i++) { +diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c +index 25e3e453a..a6be7bf41 100644 +--- a/hw/net/mcf_fec.c ++++ b/hw/net/mcf_fec.c +@@ -643,7 +643,8 @@ static void mcf_fec_realize(DeviceState *dev, Error **errp) + mcf_fec_state *s = MCF_FEC_NET(dev); + + s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c +index 2ade72dea..8e925de86 100644 +--- a/hw/net/mipsnet.c ++++ b/hw/net/mipsnet.c +@@ -255,7 +255,8 @@ static void mipsnet_realize(DeviceState *dev, Error **errp) + sysbus_init_irq(sbd, &s->irq); + + s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c +index 9278fdce0..1efa3dbf0 100644 +--- a/hw/net/msf2-emac.c ++++ b/hw/net/msf2-emac.c +@@ -527,7 +527,8 @@ static void msf2_emac_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_msf2_emac_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c +index dd6f6e34d..30bd20c29 100644 +--- a/hw/net/ne2000-isa.c ++++ b/hw/net/ne2000-isa.c +@@ -74,7 +74,8 @@ static void isa_ne2000_realizefn(DeviceState *dev, Error **errp) + ne2000_reset(s); + + s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); + } + +diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c +index 9e5d10859..4f8a69908 100644 +--- a/hw/net/ne2000-pci.c ++++ b/hw/net/ne2000-pci.c +@@ -71,7 +71,8 @@ static void pci_ne2000_realize(PCIDevice *pci_dev, Error **errp) + + s->nic = qemu_new_nic(&net_ne2000_info, &s->c, + object_get_typename(OBJECT(pci_dev)), +- pci_dev->qdev.id, s); ++ pci_dev->qdev.id, ++ &pci_dev->qdev.mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); + } + +diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c +index df2efe1bf..82e063ae9 100644 +--- a/hw/net/npcm7xx_emc.c ++++ b/hw/net/npcm7xx_emc.c +@@ -806,7 +806,8 @@ static void npcm7xx_emc_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&emc->conf.macaddr); + emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf, +- object_get_typename(OBJECT(dev)), dev->id, emc); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, emc); + qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a); + } + +diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c +index 0b3dc3146..f96d6ea2c 100644 +--- a/hw/net/opencores_eth.c ++++ b/hw/net/opencores_eth.c +@@ -732,7 +732,8 @@ static void sysbus_open_eth_realize(DeviceState *dev, Error **errp) + sysbus_init_irq(sbd, &s->irq); + + s->nic = qemu_new_nic(&net_open_eth_info, &s->conf, +- object_get_typename(OBJECT(s)), dev->id, s); ++ object_get_typename(OBJECT(s)), dev->id, ++ &dev->mem_reentrancy_guard, s); + } + + static void qdev_open_eth_reset(DeviceState *dev) +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index dcd3fc494..da910a70b 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1718,7 +1718,8 @@ void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info) + s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s); + + qemu_macaddr_default_if_unset(&s->conf.macaddr); +- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s); ++ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), ++ dev->id, &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + /* Initialize the PROM */ +diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c +index cbeed65bd..0d21948ad 100644 +--- a/hw/net/rocker/rocker_fp.c ++++ b/hw/net/rocker/rocker_fp.c +@@ -241,8 +241,8 @@ FpPort *fp_port_alloc(Rocker *r, char *sw_name, + port->conf.bootindex = -1; + port->conf.peers = *peers; + +- port->nic = qemu_new_nic(&fp_port_info, &port->conf, +- sw_name, NULL, port); ++ port->nic = qemu_new_nic(&fp_port_info, &port->conf, sw_name, NULL, ++ &DEVICE(r)->mem_reentrancy_guard, port); + qemu_format_nic_info_str(qemu_get_queue(port->nic), + port->conf.macaddr.a); + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 90b4fc63c..43d65d725 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -3398,7 +3398,8 @@ static void pci_rtl8139_realize(PCIDevice *dev, Error **errp) + s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8; + + s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf, +- object_get_typename(OBJECT(dev)), d->id, s); ++ object_get_typename(OBJECT(dev)), d->id, ++ &d->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + s->cplus_txbuffer = NULL; +diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c +index ad778cd8f..4eda971ef 100644 +--- a/hw/net/smc91c111.c ++++ b/hw/net/smc91c111.c +@@ -783,7 +783,8 @@ static void smc91c111_realize(DeviceState *dev, Error **errp) + sysbus_init_irq(sbd, &s->irq); + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + /* ??? Save/restore. */ + } +diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c +index a6876a936..475d5f3a3 100644 +--- a/hw/net/spapr_llan.c ++++ b/hw/net/spapr_llan.c +@@ -325,7 +325,8 @@ static void spapr_vlan_realize(SpaprVioDevice *sdev, Error **errp) + memcpy(&dev->perm_mac.a, &dev->nicconf.macaddr.a, sizeof(dev->perm_mac.a)); + + dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf, +- object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev); ++ object_get_typename(OBJECT(sdev)), sdev->qdev.id, ++ &sdev->qdev.mem_reentrancy_guard, dev); + qemu_format_nic_info_str(qemu_get_queue(dev->nic), dev->nicconf.macaddr.a); + + dev->rxp_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, spapr_vlan_flush_rx_queue, +diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c +index 8dd60783d..6768a6912 100644 +--- a/hw/net/stellaris_enet.c ++++ b/hw/net/stellaris_enet.c +@@ -492,7 +492,8 @@ static void stellaris_enet_realize(DeviceState *dev, Error **errp) + qemu_macaddr_default_if_unset(&s->conf.macaddr); + + s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/sungem.c b/hw/net/sungem.c +index 3684a4d73..c12d44e9d 100644 +--- a/hw/net/sungem.c ++++ b/hw/net/sungem.c +@@ -1361,7 +1361,7 @@ static void sungem_realize(PCIDevice *pci_dev, Error **errp) + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_sungem_info, &s->conf, + object_get_typename(OBJECT(dev)), +- dev->id, s); ++ dev->id, &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), + s->conf.macaddr.a); + } +diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c +index fc34905f8..fa98528d7 100644 +--- a/hw/net/sunhme.c ++++ b/hw/net/sunhme.c +@@ -892,7 +892,8 @@ static void sunhme_realize(PCIDevice *pci_dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_sunhme_info, &s->conf, +- object_get_typename(OBJECT(d)), d->id, s); ++ object_get_typename(OBJECT(d)), d->id, ++ &d->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/net/tulip.c b/hw/net/tulip.c +index 5f8badefc..ccaa26fd8 100644 +--- a/hw/net/tulip.c ++++ b/hw/net/tulip.c +@@ -985,7 +985,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp) + + s->nic = qemu_new_nic(&net_tulip_info, &s->c, + object_get_typename(OBJECT(pci_dev)), +- pci_dev->qdev.id, s); ++ pci_dev->qdev.id, ++ &pci_dev->qdev.mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); + } + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index 42e66697f..f916813bc 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -3473,10 +3473,12 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) + * Happen when virtio_net_set_netclient_name has been called. + */ + n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf, +- n->netclient_type, n->netclient_name, n); ++ n->netclient_type, n->netclient_name, ++ &dev->mem_reentrancy_guard, n); + } else { + n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf, +- object_get_typename(OBJECT(dev)), dev->id, n); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, n); + } + + for (i = 0; i < n->max_queue_pairs; i++) { +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c +index f65af4e9e..d4df039c5 100644 +--- a/hw/net/vmxnet3.c ++++ b/hw/net/vmxnet3.c +@@ -2078,7 +2078,7 @@ static void vmxnet3_net_init(VMXNET3State *s) + + s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf, + object_get_typename(OBJECT(s)), +- d->id, s); ++ d->id, &d->mem_reentrancy_guard, s); + + s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s); + s->tx_sop = true; +diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c +index 5c815b4f0..0472ed81b 100644 +--- a/hw/net/xen_nic.c ++++ b/hw/net/xen_nic.c +@@ -294,7 +294,9 @@ static int net_init(struct XenLegacyDevice *xendev) + } + + netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf, +- "xen", NULL, netdev); ++ "xen", ++ DEVICE(xendev)->id, ++ &xendev->qdev.mem_reentrancy_guard, netdev); + + snprintf(qemu_get_queue(netdev->nic)->info_str, + sizeof(qemu_get_queue(netdev->nic)->info_str), +diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c +index 0ab6ae91a..1f4f277d8 100644 +--- a/hw/net/xgmac.c ++++ b/hw/net/xgmac.c +@@ -402,7 +402,8 @@ static void xgmac_enet_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) | +diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c +index 990ff3a1c..8a3424380 100644 +--- a/hw/net/xilinx_axienet.c ++++ b/hw/net/xilinx_axienet.c +@@ -968,7 +968,8 @@ static void xilinx_enet_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + + tdk_init(&s->TEMAC.phy); +diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c +index 6e09f7e42..80cb869e2 100644 +--- a/hw/net/xilinx_ethlite.c ++++ b/hw/net/xilinx_ethlite.c +@@ -235,7 +235,8 @@ static void xilinx_ethlite_realize(DeviceState *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf, +- object_get_typename(OBJECT(dev)), dev->id, s); ++ object_get_typename(OBJECT(dev)), dev->id, ++ &dev->mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + } + +diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c +index 6c49c1601..ae447a8bc 100644 +--- a/hw/usb/dev-network.c ++++ b/hw/usb/dev-network.c +@@ -1362,7 +1362,8 @@ static void usb_net_realize(USBDevice *dev, Error **errp) + + qemu_macaddr_default_if_unset(&s->conf.macaddr); + s->nic = qemu_new_nic(&net_usbnet_info, &s->conf, +- object_get_typename(OBJECT(s)), s->dev.qdev.id, s); ++ object_get_typename(OBJECT(s)), s->dev.qdev.id, ++ &s->dev.qdev.mem_reentrancy_guard, s); + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); + snprintf(s->usbstring_mac, sizeof(s->usbstring_mac), + "%02x%02x%02x%02x%02x%02x", +diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h +index 20d306659..77c0455d8 100644 +--- a/include/hw/qdev-core.h ++++ b/include/hw/qdev-core.h +@@ -162,6 +162,10 @@ struct NamedClockList { + QLIST_ENTRY(NamedClockList) node; + }; + ++typedef struct { ++ bool engaged_in_io; ++} MemReentrancyGuard; ++ + /** + * DeviceState: + * @realized: Indicates whether the device has been fully constructed. +@@ -193,6 +197,9 @@ struct DeviceState { + int instance_id_alias; + int alias_required_for_version; + ResettableState reset; ++ ++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */ ++ MemReentrancyGuard mem_reentrancy_guard; + }; + + struct DeviceListener { +diff --git a/include/net/net.h b/include/net/net.h +index 523136c7a..1457b6c01 100644 +--- a/include/net/net.h ++++ b/include/net/net.h +@@ -145,6 +145,7 @@ NICState *qemu_new_nic(NetClientInfo *info, + NICConf *conf, + const char *model, + const char *name, ++ MemReentrancyGuard *reentrancy_guard, + void *opaque); + void qemu_del_nic(NICState *nic); + NetClientState *qemu_get_subqueue(NICState *nic, int queue_index); +diff --git a/net/net.c b/net/net.c +index f0d14dbfc..669e194c4 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -299,6 +299,7 @@ NICState *qemu_new_nic(NetClientInfo *info, + NICConf *conf, + const char *model, + const char *name, ++ MemReentrancyGuard *reentrancy_guard, + void *opaque) + { + NetClientState **peers = conf->peers.ncs; +-- +2.40.0 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch new file mode 100644 index 0000000000..0f1d201c31 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch @@ -0,0 +1,91 @@ +From 3c0463a650008aec7de29cf84540652730510921 Mon Sep 17 00:00:00 2001 +From: Akihiko Odaki +Date: Thu, 1 Jun 2023 12:18:59 +0900 +Subject: [PATCH] net: Update MemReentrancyGuard for NIC + +Recently MemReentrancyGuard was added to DeviceState to record that the +device is engaging in I/O. The network device backend needs to update it +when delivering a packet to a device. + +This implementation follows what bottom half does, but it does not add +a tracepoint for the case that the network device backend started +delivering a packet to a device which is already engaging in I/O. This +is because such reentrancy frequently happens for +qemu_flush_queued_packets() and is insignificant. + +Fixes: CVE-2023-3019 +Reported-by: Alexander Bulekov +Signed-off-by: Akihiko Odaki +Acked-by: Alexander Bulekov +Signed-off-by: Jason Wang +(cherry picked from commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc) +Signed-off-by: Michael Tokarev + +CVE: CVE-2023-3019 +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921] + +Signed-off-by: Yogita Urade +--- + include/net/net.h | 1 + + net/net.c | 14 ++++++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/include/net/net.h b/include/net/net.h +index 1457b6c01..11d4564ea 100644 +--- a/include/net/net.h ++++ b/include/net/net.h +@@ -112,6 +112,7 @@ struct NetClientState { + typedef struct NICState { + NetClientState *ncs; + NICConf *conf; ++ MemReentrancyGuard *reentrancy_guard; + void *opaque; + bool peer_deleted; + } NICState; +diff --git a/net/net.c b/net/net.c +index 669e194c4..b3008a52b 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -312,6 +312,7 @@ NICState *qemu_new_nic(NetClientInfo *info, + nic = g_malloc0(info->size + sizeof(NetClientState) * queues); + nic->ncs = (void *)nic + info->size; + nic->conf = conf; ++ nic->reentrancy_guard = reentrancy_guard, + nic->opaque = opaque; + + for (i = 0; i < queues; i++) { +@@ -767,6 +768,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender, + int iovcnt, + void *opaque) + { ++ MemReentrancyGuard *owned_reentrancy_guard; + NetClientState *nc = opaque; + int ret; + +@@ -779,12 +781,24 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender, + return 0; + } + ++ if (nc->info->type != NET_CLIENT_DRIVER_NIC || ++ qemu_get_nic(nc)->reentrancy_guard->engaged_in_io) { ++ owned_reentrancy_guard = NULL; ++ } else { ++ owned_reentrancy_guard = qemu_get_nic(nc)->reentrancy_guard; ++ owned_reentrancy_guard->engaged_in_io = true; ++ } ++ + if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) { + ret = nc->info->receive_iov(nc, iov, iovcnt); + } else { + ret = nc_sendv_compat(nc, iov, iovcnt, flags); + } + ++ if (owned_reentrancy_guard) { ++ owned_reentrancy_guard->engaged_in_io = false; ++ } ++ + if (ret == 0) { + nc->receive_disabled = 1; + } +-- +2.40.0 From patchwork Tue Oct 29 18:59:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51502 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B676D3A68A for ; Tue, 29 Oct 2024 19:00:14 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web10.1935.1730228407180739202 for ; Tue, 29 Oct 2024 12:00:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OP/8Q3mq; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-7ea7ad1e01fso134128a12.0 for ; Tue, 29 Oct 2024 12:00:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228406; x=1730833206; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Mwd/w882Sdr3qMFECof4kEIVvr2DMGLbbYTuw7zwNIw=; b=OP/8Q3mqSXh31Ujg57Dqd8/PbfIep/NaI8+wEtbttme1Kao+rcq9Ygbnw3uA+6z+59 EyltSSMVU7LgzE4amMON+zZjWejAVKoTyMaCdisarCSDzZSRK/BfFC65Airxg6N12usR JhKYiidxzA/VMrCeWQXxIE5URm90W/VWKq8hbaynkye6wRnuEkGo35PyxP1nt2/ZhLJP QkLrMOB12dBLh18jR06qllpYTKf3ReiKyiboqCDBt5Mxqp1KvA+EB0DsmQUek54ntvmU fUeguYVOr5l2QRLohZbchYRvXuLx0uOGqvKafFW+8iCj/gE95JmjLjERYSdjgqShCPVQ b9kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228406; x=1730833206; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mwd/w882Sdr3qMFECof4kEIVvr2DMGLbbYTuw7zwNIw=; b=nEL7zEmD8R+af0z2xT4XCXbvjrsv8YMbqFzFjIODg5X9L1xcneHK4awdFFR8Cyzp1x 41HPNA7G/NDj04LoK6mHOufNtf0RA2h8WnoouyzGg9gTBW1ug4pYEIld+1Ik07GmOAAo 6erx1bhb7/44LPLU6JJyziL22Yu3kTr1SxohNSBis0iH6to0ieiuj8lhsCnnhdQar5Fi 5dkflgycXOKlsPKEtvbxi4Vh1zDF51SdN/kNDrmeJVytwIPPiIYl8QzZFskmSxl0mi3P 6hxnw/DK6UBmjG4JqEfrNHmymC458TTOSI2EGpqVnLhgAEabeSK6OYcGQog2OTdcLc59 Dbow== X-Gm-Message-State: AOJu0YxL70R12nO+z5440iD5WbDOJt8iaOJZNL7dqiUpKuvVJzJwU+7l FDGvBHesIlBB4mSVoKeikbMEPGOzj/FDRrH+qH2isDRq+LJ+8Tl+rAuCIzmcat+XVwU3uKEu0eT n X-Google-Smtp-Source: AGHT+IG0lrz2t7PpNdtaesWRs3xnn+KKXDBhKXX8XPqseQY5RvypFARea1tiiyKflOQQv199b2gFig== X-Received: by 2002:a05:6a20:6f01:b0:1d9:1098:fab4 with SMTP id adf61e73a8af0-1d9e1ede29emr5223854637.5.1730228406390; Tue, 29 Oct 2024 12:00:06 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/19] python3: ignore fixed CVEs Date: Tue, 29 Oct 2024 11:59:37 -0700 Message-Id: <2cf10084c56c83da3deff4e65e619afab80e08e1.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206514 From: Peter Marko These CVEs were fixed in 3.10.15 Commit 487e8cdf1df6feba6d88fa29e11791f4ebaaa362 removed patches in favor of version upgrade, which caused the CVEs to re-appear in reports. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3_3.10.15.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3_3.10.15.bb b/meta/recipes-devtools/python/python3_3.10.15.bb index 4157b8cb83..0eb619dfa2 100644 --- a/meta/recipes-devtools/python/python3_3.10.15.bb +++ b/meta/recipes-devtools/python/python3_3.10.15.bb @@ -63,6 +63,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488" CVE_CHECK_IGNORE += "CVE-2015-20107" # Not an issue, in fact expected behaviour CVE_CHECK_IGNORE += "CVE-2023-36632" +# Fixes are included in 3.10.15 +CVE_CHECK_IGNORE += "CVE-2023-27043 CVE-2024-6232 CVE-2024-7592" PYTHON_MAJMIN = "3.10" From patchwork Tue Oct 29 18:59:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51505 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E266CD3A683 for ; Tue, 29 Oct 2024 19:00:13 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.1965.1730228409366399576 for ; Tue, 29 Oct 2024 12:00:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oMrYta6n; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-7ea68af2f62so4636951a12.3 for ; Tue, 29 Oct 2024 12:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228409; x=1730833209; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bOAOgGXG7NqPuQanQddpeTfdCnjGzhTmCAD1sMztCA4=; b=oMrYta6nERLWYWewaE63qsBdAPYPjxBCz5lLiWxLoHYMM3kJeRZyQyfrpl2FgGnqRK D2pLi+FGSdXUOZaHuzJ0TdspkEhOApvTM5Kfke/CtpEZQdJlpsto/lYgMSabSecQ+YSj QJwdD3z0/QBSRvxgqTiK+zJhirCzJHH56Fc2iNf4yC6hY0niWZTqVXF2VnLWLk5lofBD 36kXgJBdBkb/nWZ+hGDb0dxBnm4pzUH/GlnF8kN/xTKXnR5vVy0cGk+cIJgoaMUEecdi RbokyICWAIaTfGaNbjcQyMY2LgEC1LFsZ8yA5Eyt48f1i0UU0XsDtJxHd99mRi2iMHC+ lAKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228409; x=1730833209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bOAOgGXG7NqPuQanQddpeTfdCnjGzhTmCAD1sMztCA4=; b=b/EOWXoNFmd3+doWjri7lgj15vXPk+MaQAHr8dOPGUL5YzN/zpv6JlXjgf2sbF6mCa 3AzmlTM9URqCEi25aIeopWWBln/Ccex7HgrwgSy624pc0wG2YIuDTolt+ZFvLkTNUxwO osiX+lXACGH7Mc6FAiPxseN4gEK6tnnw8TULvB7iulwWS1qHUzMq4xb0mdSU4qDGH7l/ /lJIVpFTeO7GYNLsoQt8f78vhj5RDoss365BotWc0fCMjUnE0Sq8oc2ADgzNw2kRvGAM ZxJHUsAgxx6/IRzuIfckUkBMCfZXEMQySXRGht+3e3Xxabh634lAmFdkiY97i4vlYC2C kC7A== X-Gm-Message-State: AOJu0YzajaWeG5K1uJ5JggSrNODGufEydhIuhFwrmReHCpeQc7j/E2oo Fl5z87W92xctvftEXxmeDNss3l/genQvl8DgKo8oti1FY+3gnwNmB/1qrrryb8IBRTwwFkz0hSa 9 X-Google-Smtp-Source: AGHT+IHsCTDa/v68FlfVQ2E9A0TEK+fF9FBebAgtjCwKeA/dM13oUu/uVzUWcdJ7NaP1C9+mdxG0hg== X-Received: by 2002:a05:6a20:e18a:b0:1d9:2bed:c7e7 with SMTP id adf61e73a8af0-1d9a84d785amr16288111637.39.1730228408524; Tue, 29 Oct 2024 12:00:08 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/19] cve-check: add CVSS vector string to CVE database and reports Date: Tue, 29 Oct 2024 11:59:38 -0700 Message-Id: <3e47644d24d97c2541ccb70d91c144cf6530d5b0.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206515 From: Antoine Lubineau This allows building detailed vulnerability analysis tools without relying on external resources. (From OE-Core rev: 048ff0ad927f4d37cc5547ebeba9e0c221687ea6) Signed-off-by: Antoine Lubineau Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 5 ++++- meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 ++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index f554150d94..b47c61da63 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" CVE_CHECK_LOG ?= "${T}/cve.log" @@ -399,6 +399,7 @@ def get_cve_info(d, cves): cve_data[row[0]]["scorev3"] = row[3] cve_data[row[0]]["modified"] = row[4] cve_data[row[0]]["vector"] = row[5] + cve_data[row[0]]["vectorString"] = row[6] cursor.close() conn.close() return cve_data @@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] + write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": @@ -569,6 +571,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): "scorev2" : cve_data[cve]["scorev2"], "scorev3" : cve_data[cve]["scorev3"], "vector" : cve_data[cve]["vector"], + "vectorString" : cve_data[cve]["vectorString"], "status" : status, "link": issue_link } diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 1a3eeba6d0..060545b1e3 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -247,7 +247,7 @@ def initialize_db(conn): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ @@ -321,6 +321,7 @@ def update_db(conn, elt): """ accessVector = None + vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": c = conn.cursor() @@ -335,25 +336,29 @@ def update_db(conn, elt): date = elt['cve']['lastModified'] try: accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector'] + vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString'] cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] except KeyError: cvssv2 = 0.0 cvssv3 = None try: accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] + vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString'] cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] except KeyError: pass try: accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] + vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString'] cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] except KeyError: pass accessVector = accessVector or "UNKNOWN" + vectorString = vectorString or "UNKNOWN" cvssv3 = cvssv3 or 0.0 - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() + conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", + [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() try: # Remove any pre-existing CVE configuration. Even for partial database From patchwork Tue Oct 29 18:59:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51503 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E86C0D3A681 for ; Tue, 29 Oct 2024 19:00:13 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.1938.1730228411414553827 for ; Tue, 29 Oct 2024 12:00:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=eQe1ZcIv; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-71e4244fdc6so4214352b3a.0 for ; Tue, 29 Oct 2024 12:00:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228410; x=1730833210; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RvyCG01TDWTyMCW5iCqgbWukzPVGYL/5ORCcUYzxxs4=; b=eQe1ZcIvS4kc9G/dicfeuJyB9CAZb6iZT0sMAawJyv8bU2vG7kPtMZp4wkNbbnAvnH isxoZZsSY8xnfKA7VyHT7KWwJcr9ovTnkD4WresoYJcK9NK7KN8X+uIjneMYSgQ9lOgg ou7odNG1qsrRHTqG2c8ijNKeS+efRdpEGtV4EA0OoH37N6zXWWifn+ot0dq9manGTzas CtQekiZAGGZpAx03EEphqDDTfRx0DyZmfoe3XMXUjRK9zKZsWyITpXPg23C/AGtHVT13 ufVz1Lu0nRjvuPLBiQllF383KaXD0omF29f5/0ar32VEv2jJ/CuaRmc8rQuIrAYp3Ip8 L0Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228410; x=1730833210; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RvyCG01TDWTyMCW5iCqgbWukzPVGYL/5ORCcUYzxxs4=; b=pr4GFbiPrDfNaS+x3Mz9BkqayZ63cPAdwT8+sR45ZqCaOCYEfImY2lo7QWU/F7/lFX Eok/vFbqb2M9mzgb500SAqW+n3KlTCxZLQP7hKW9PaNvopunlJC9SwqsszCnw5czsfcJ DeNcKs1gZjlsQGRCyeWGEWb7iCDyE8784CRJX/Rqu9pYnKL5Vm4h+QKo7P2RdQJCKGfN re9d30VyuFiRJ30jo7F6AgGE3b51J/50GEnLL1737XTP77p913qqFAsdNuIDo0N0WHSL rFEBFTfsCsdBRTWM+OVDeDUhIH8xDfcZDJMi6ny0QM9Gm/bfR2a20bG2q42WH1F5CtZX 1hJQ== X-Gm-Message-State: AOJu0YyiRvY5iGtti2YIP6lJqcKarVsGzr2FNJ9yIVRt2j8y2cqb2+9Q 9VL6MZoU/LkPZnAonNTl8UzRfAxv6QHfzMI4HQut/UQGk0aZEY5WgYliTf/jXGjW9b69K2NYWGf / X-Google-Smtp-Source: AGHT+IHnrfCzbVv3wN4Ku5rRo9IpEiyBO9HjO+7C1OrFV0T0IIiqOntlDF+3BTsJ4+F8O+oopXDoGQ== X-Received: by 2002:a05:6a00:2308:b0:71e:374c:b9aa with SMTP id d2e1a72fcca58-72063099337mr16464500b3a.27.1730228410377; Tue, 29 Oct 2024 12:00:10 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:10 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/19] cve-check: add support for cvss v4.0 Date: Tue, 29 Oct 2024 11:59:39 -0700 Message-Id: <8c20a7badb6e5d6c6c90176e45e90f776df25298.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206516 From: Peter Marko https://nvd.nist.gov/general/news/cvss-v4-0-official-support CVSS v4.0 was released in November 2023 NVD announced support for it in June 2024 Current stats are: * cvss v4 provided, but also v3, so cve-check showed a value sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0; 2069 * only cvss v4 provided, so cve-check did not show any sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0; 260 (From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0) Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 11 +++++++---- meta/recipes-core/meta/cve-update-nvd2-native.bb | 14 ++++++++++---- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index b47c61da63..dd9847f366 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db" +CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-2.db" CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" CVE_CHECK_LOG ?= "${T}/cve.log" @@ -397,9 +397,10 @@ def get_cve_info(d, cves): cve_data[row[0]]["summary"] = row[1] cve_data[row[0]]["scorev2"] = row[2] cve_data[row[0]]["scorev3"] = row[3] - cve_data[row[0]]["modified"] = row[4] - cve_data[row[0]]["vector"] = row[5] - cve_data[row[0]]["vectorString"] = row[6] + cve_data[row[0]]["scorev4"] = row[4] + cve_data[row[0]]["modified"] = row[5] + cve_data[row[0]]["vector"] = row[6] + cve_data[row[0]]["vectorString"] = row[7] cursor.close() conn.close() return cve_data @@ -455,6 +456,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"] write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] + write_string += "CVSS v4 BASE SCORE: %s\n" % cve_data[cve]["scorev4"] write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) @@ -570,6 +572,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): "summary" : cve_data[cve]["summary"], "scorev2" : cve_data[cve]["scorev2"], "scorev3" : cve_data[cve]["scorev3"], + "scorev4" : cve_data[cve]["scorev4"], "vector" : cve_data[cve]["vector"], "vectorString" : cve_data[cve]["vectorString"], "status" : status, diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 060545b1e3..b4c46ef756 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -247,7 +247,7 @@ def initialize_db(conn): c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") + SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ @@ -353,12 +353,18 @@ def update_db(conn, elt): cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] except KeyError: pass + cvssv3 = cvssv3 or 0.0 + try: + accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector'] + vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString'] + cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore'] + except KeyError: + cvssv4 = 0.0 accessVector = accessVector or "UNKNOWN" vectorString = vectorString or "UNKNOWN" - cvssv3 = cvssv3 or 0.0 - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() + conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)", + [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close() try: # Remove any pre-existing CVE configuration. Even for partial database From patchwork Tue Oct 29 18:59:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51504 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE430D3A685 for ; Tue, 29 Oct 2024 19:00:13 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.1939.1730228412722265624 for ; Tue, 29 Oct 2024 12:00:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=XM+B0hWP; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-71ea2643545so4774010b3a.3 for ; Tue, 29 Oct 2024 12:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228412; x=1730833212; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pSYA5pBCqsLh2NjTC95ALLFTrafOVixZ39m1U67v5Q8=; b=XM+B0hWPVqssqHnyrcEoc0rB8ubj8WfzT0JiRbsNAd/Rv7O60cW4Xr6DzPfCk2IhdB 1zdy+m5FhYlY2eNwQOYLdWe4t5uUtxGlLc9Yqp7grOvsVh02pDk2Mi/1ni1SIYZahU/K St7P7R6eRH4TcHt3iLYOlh0i0kIBZ/IC0OgCuQ7k24mnYv4MpZCF7Kj+D9wbSSaCVSKX IGf5xhGAGR8OEXOMsnS43rJZd3XhcejgWevpjp9vkHXso6FRW8iqL789fLQQC1AN25vg 3fLRzVQMgelUQnd952mHCtE8XqHfAI2cmT3owknOOgElPM+j4soDC2DlFEhJRi/KJvps VD0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228412; x=1730833212; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pSYA5pBCqsLh2NjTC95ALLFTrafOVixZ39m1U67v5Q8=; b=gNpOHocjW6HpnfcuWZn6c1aTsydsWYo13UV3tgG13+1FDdPBG7iarSQAbZP1tFOr3H 4WP2yaYmeoAJklcRXL3eyy7MIt3zz6smtUnlUNH3BL3GAVgK7hkaO5IlXZVESWTWDdMq fRCDcftOCMIwRB6EpQhChkvtPb9T30wRBL+ZL+pkg5noOvde77zfkR/DZ7VL9XTDvV6M FaWP0AG0BpC9tUmLDQHvo7KDgYfRiDrdNn73/mGNWMV0nE4OlMDvwOAKDbX40TS7zFBq tXxv3f1jGDi7Y74PchLX9D9xtmBm9/AgWQJyBQHCwmQZjTCWN/h3ds8RbIclVQRvY19+ 1dbw== X-Gm-Message-State: AOJu0YyBRymTpeZsdsNTs+k/wuW2ha7hoaA/JRmCbXhI1Iuy0ADvV7jJ HfWZdzuSoCk12JieAeTCGGOFiZyGodCWvtV31/OnMCSCUeM7UqNn8kpztfOkjSMpn0sctVd5Vs1 8 X-Google-Smtp-Source: AGHT+IGt517hy3uIatRQ340WWLzAjokitccaO6Yxmy8DY5FFFvRL3UxIoEOqVHxBJ0zX0mQDLtzB3A== X-Received: by 2002:a05:6a00:810:b0:71e:7af9:2d0f with SMTP id d2e1a72fcca58-7206306dff5mr19624382b3a.18.1730228411845; Tue, 29 Oct 2024 12:00:11 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/19] vim: Upgrade 9.1.0682 -> 9.1.0698 Date: Tue, 29 Oct 2024 11:59:40 -0700 Message-Id: <45ef5c80b1085d88d08679025bab13161c1f1fb2.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206517 From: Siddharth Doshi This includes CVE-fix for CVE-2024-43790 and CVE-2024-43802 Changes between 9.1.0682 -> 9.1.0698 ==================================== https://github.com/vim/vim/compare/v9.1.0682...v9.1.0698 Signed-off-by: Siddharth Doshi Signed-off-by: Richard Purdie (cherry picked from commit e530265415d93e3f49ec7874cf720aad18ab2e22) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index f8ba37156a..11daa900d2 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0682" -SRCREV = "cb90ea9cba6f033fe141db0e466fb4117f28402b" +PV .= ".0698" +SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" From patchwork Tue Oct 29 18:59:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51511 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E278D3A689 for ; Tue, 29 Oct 2024 19:00:24 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.1966.1730228414235597848 for ; Tue, 29 Oct 2024 12:00:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=EswJufQw; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-72097a5ca74so811378b3a.3 for ; Tue, 29 Oct 2024 12:00:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228413; x=1730833213; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LwK2XXsicaxTY6vptF8BB6/I0DgC3YmgtXRheo9ANrY=; b=EswJufQwEcz+YPPxjR4EzVpBs3FevwCsEcOozFl1wTiBouX22HY/1YT11cPCVR7Apg AfvUalPW+kXBEsv7cRLhMmfldKLgxQHQoBhNSay/+cH4gFfpRDOGIe6ijKjgx2ihQuxZ PzC/edvT7X19mXn1EC/g/KxHWnUCTe4ZAL+kDpcy9JbQanuGUHey61CU+58CaCK1QhsB ujHfRY3xM8SoEKXm/WSeTJ/Z6Yq2E2Aza4hpKtM7drPM1s0+GkWXEekGzRbOhl5OICX6 yE+rtRpRF29ZbihyaxNGkOvlSeFmH603GWXuSVRY7Llw6gncuEWxsZDDl122iaGmfgAO jBeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228413; x=1730833213; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LwK2XXsicaxTY6vptF8BB6/I0DgC3YmgtXRheo9ANrY=; b=YIGIzH9fnJ5JKj4EC6cy2NyE15RMp6GAj+Ff2XWAgGLmH5Sz1rtnCeZ/xsG5VurlmG LR4DSUpTOfDbuEJLsEr7QZUxqcrZ193murKPUomMuwkdmnV4rnh8WHBke4czPmNLDV5x PsetaLGs8AP40i/tPMxIOAE/tCPLT4tnI0zSmQ3LY+mNw7yGBxuWZo/uvShnYUVD2xZV XOc7I83v8eT4pgps8WmxZVPCeg3LxUhu3o3+v1t4ZDmUvkuz53yiHJVQ9pfLkR+iOVjU 8WqmNa320v4ffQ+dBcW/PHm5OV6M3C7ABPxDDepRiPg/6k3OMsWvjKI57N2fvICwG646 o3uA== X-Gm-Message-State: AOJu0Yx38MfOlK5csroSOfPPxhfWQb1XjE03Z1RmcBHVxdcMoWgR4wbs DOAAelK6vuZfwT+jdrxEvkOQjVWYrhLsBSxqIpf2GB68mp9HRu3GI6J8nciYqAkMDNBKPK6ifOa S X-Google-Smtp-Source: AGHT+IFaPyWDa6uQ/ipk2CWsF/d2BFjDZbL03GZ7UzhCwByHxbH3hUyFVpfRlgEbOTZC9A4VC1yeAw== X-Received: by 2002:a05:6a00:98b:b0:71e:c0c:5996 with SMTP id d2e1a72fcca58-72062f84e28mr17913942b3a.7.1730228413430; Tue, 29 Oct 2024 12:00:13 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/19] vim: Upgrade 9.1.0698 -> 9.1.0764 Date: Tue, 29 Oct 2024 11:59:41 -0700 Message-Id: <774fae9cb522683f722f3075531075be9fa36770.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206518 From: Rohini Sangam This includes CVE-fix for CVE-2024-45306 and CVE-2024-47814 Changes between 9.1.0698 -> 9.1.0764 ==================================== https://github.com/vim/vim/compare/v9.1.0698...v9.1.0764 Signed-off-by: Rohini Sangam Signed-off-by: Siddharth Doshi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 2f0e5e63399e544063c79b0b1f9555c820b0604c) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 11daa900d2..582eddcb9d 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -18,8 +18,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0698" -SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c" +PV .= ".0764" +SRCREV = "51b62387be93c65fa56bbabe1c3c1ea5df187641" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" From patchwork Tue Oct 29 18:59:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51510 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AE12D3A68A for ; Tue, 29 Oct 2024 19:00:24 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.1941.1730228416265370390 for ; Tue, 29 Oct 2024 12:00:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QtXH2Ud7; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-71e953f4e7cso4293203b3a.3 for ; Tue, 29 Oct 2024 12:00:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228415; x=1730833215; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1xz+r4bSp8QpgHxQ+StkRLRrzq4zLF8AWZWqTL5kWTI=; b=QtXH2Ud7M8g0uRFNw0wDBaAZstOKTIEN1AUHJvny4kVX+MXmLAbCAaU09sY0+HIwqq S4UHF6BE74Mhi3DT8xfyYJEP0eb9UwZWhwdsk1sKyFxAJapTwixG/5TMDlpuYXevdqDD AypkHpDIUwM0LUkXwnOuOUrUuWJMZ9LEg9YaO6SQMv55fwYQm7z7J/l5TD22Nsz2cJej Xh8EcIKpvWM9FxllkO7iCgVo+qRS6/8RQW3Y7F1Bb/qWLcDHutDOzj35xYYFd/uZxa3P LnvXaqqzonfwh/nFwyYEJvwmdY/ungz6XgAyZZDIMste8Ich+XtIDZDGX9Spmb26oVEw v6qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228415; x=1730833215; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1xz+r4bSp8QpgHxQ+StkRLRrzq4zLF8AWZWqTL5kWTI=; b=m4buXsZBj90T4I7ydbDK/ALimKvnBzYcd5Le4bdkdIu0cYIspX9LluvKXViWw8RMAq /4RIynp0cDXH+tDnKfwbFcYMtENdjOaR2KMmaHd/EkXFA4UVrY88LCogVPi754Rn2mU/ 7lf0i59Bc0OFSaVzCW8gIque68LVSeVDn3ESkgVErRBchSrFyeJLqr2hsyzLc+SQO5/a p5cC27pFsuxL+vw5Q6pmcGnNRLay6JFR8xMe3EKTyCH5a029GMzIfvrNE0tTS9AGiYQ9 bS5ic3M+UKKz+pHAnDMLW9BeXbPfsAjfhfzThpYf+PRY7vTrNDGo4U8c8CL7ef5VmqMb csnA== X-Gm-Message-State: AOJu0YwiOf3xp0zJL+772lge3TlGY3KwBkz5sn3BDIbdPgsQKZA6aHsw +qTn9PAPzLgIEkHnoMoi8apqUiP+MuzNd3Ax46a/m5evBfkUNoAKGt8vBMk2nTEVsc+CWIx+DFw F X-Google-Smtp-Source: AGHT+IGAhZYnn2QI/b4gN5Fd863w106SBflC2qFQPYMBsvbh2ycl0Na6jLVrjivRAPIlAz86M2b4BA== X-Received: by 2002:a05:6a20:d98:b0:1d9:1858:2f75 with SMTP id adf61e73a8af0-1d9a84b8ca8mr16295749637.38.1730228415336; Tue, 29 Oct 2024 12:00:15 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/19] orc: upgrade 0.4.39 -> 0.4.40 Date: Tue, 29 Oct 2024 11:59:42 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206519 From: Wang Mingyu Changelog: =========== - Security: Minor follow-up fixes for CVE-2024-40897 - powerpc: fix div255w which still used the inexact substitution - x86: work around old GCC versions (pre 9.0) having broken xgetbv implementations - x86: consider MSYS2/Cygwin as Windows for ABI purposes only - x86: handle unnatural and misaligned array pointers - orccodemem: Assorted memory mapping fixes - Fix include header use from C++ - Some compatibility fixes for Musl - ppc: Disable VSX and ISA 2.07 for Apple targets - ppc: Allow detection of ppc64 in Mac OS - x86: Fix non-C11 typedefs - meson: Fix detecting XSAVE on older AppleClang - x86: try fixing AVX detection again by adding check for XSAVE - Check return values of malloc() and realloc() Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} (92%) diff --git a/meta/recipes-devtools/orc/orc_0.4.39.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb similarity index 92% rename from meta/recipes-devtools/orc/orc_0.4.39.bb rename to meta/recipes-devtools/orc/orc_0.4.40.bb index 320abf536a..e437831cd7 100644 --- a/meta/recipes-devtools/orc/orc_0.4.39.bb +++ b/meta/recipes-devtools/orc/orc_0.4.40.bb @@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" -SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" +SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bacef74ab" inherit meson pkgconfig gtk-doc From patchwork Tue Oct 29 18:59:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51509 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27D62D3A68F for ; Tue, 29 Oct 2024 19:00:24 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.1970.1730228417928678401 for ; Tue, 29 Oct 2024 12:00:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tv0mmLvA; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-71e5a62031aso4271881b3a.1 for ; Tue, 29 Oct 2024 12:00:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228417; x=1730833217; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=n6Nqnu2l5zGVdp7uF2PpUbGF6V/Lpwepe5k7o8UjKaI=; b=tv0mmLvACAcFsCnBCSjiCyA+EoElgndHo3KE61piDd9yF8ypXOX17mxcQxFshM/LAl rGXtxCCXGPoNPBRO12VjN0/TgvjFk/sLx1aXyzVPU1zRuWGIoO328l9Xwg+x4X1uloQ+ xQn6pdkYS1yYcP+Yimk76Y5fJnDccpLJvrOeM3fNT4T+FEOjhnX27x0QyhXXmMUx/h3K hPGlodWbkrRk/0WcRb8e3QiFL/sUQCWfOElzaoqSzmOL8Efpy4qp4d2vNToZ98tD4PSP O0jrj5CjCDJCvfh1OHkExnUGmDuonp3EJFU84WunxZbUkY1riCyyqk+Hw1tXrXrz4kqB VQuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228417; x=1730833217; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n6Nqnu2l5zGVdp7uF2PpUbGF6V/Lpwepe5k7o8UjKaI=; b=nAmLpoC8gd8I2Eq6ZiVfX4j1Dh/LUqed3ttS27t3/+q19TRgburNbc2RA6JfpNi04O jscULJTyne1X4iHI8vCAm0A0qFiAheiCtsYKWIrj9dYvdbAxqCVp6NFumowWV0I2jDZN ngZMSwnmmq34NcI1YDhJK+D86lIumPqCmlQkXBxmFBc90x4KVSdwbvlg6gwXpd0SuVdk 7nSgEu37UHeLITFbET7nVVFZMYh68XZirTp9JaCKKKUQJFpX31voS0cbNxCWFNnxyvdZ uCH8m7SZiAhv4C1BpmUQ3PigSLBWcNEWfMMWQ/pbaqCWWhTNB14fJogX3XIglUBkziEb uCgg== X-Gm-Message-State: AOJu0Ywxi6kv5NwHLyfcLfAnLutjpLa8qraoJQ2yfJLXdDsaT6pqfs0k oXVpZ4omCHRRLPLt1lnG5feMkw+Vz6rpcaPLiUzhoaTzvf2IFL7sqy8EndX3FcsxibIrNHbz3uu X X-Google-Smtp-Source: AGHT+IHgfYdPvYbLSjAh6cJLN4HmwG+2PJNkp57MBkAIVGpbnJSIpOVGG2uuSw5RErCPzWPfY8M8uw== X-Received: by 2002:a05:6a00:3a1a:b0:71e:2a0:b0b8 with SMTP id d2e1a72fcca58-72062f4becbmr17129384b3a.1.1730228417196; Tue, 29 Oct 2024 12:00:17 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/19] overlayfs-etc: add option to skip creation of mount dirs Date: Tue, 29 Oct 2024 11:59:43 -0700 Message-Id: <302dd4a63f97e23631a62a0b902cc253f6843ab0.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206520 From: "baruch@tkos.co.il" The 'preinit' script can't create mount directories when rootfs is read-only. Add an option to skip this step. The user must make sure that all required directories are already in the rootfs directory layout. Cc: Vyacheslav Yurkov Signed-off-by: Baruch Siach Signed-off-by: Alexandre Belloni (cherry picked from commit 3d433d8559467d255bd19af2d0999c65ea24a48d) Signed-off-by: Steve Sakoman --- meta/classes/overlayfs-etc.bbclass | 5 ++++- meta/files/overlayfs-etc-preinit.sh.in | 16 +++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/meta/classes/overlayfs-etc.bbclass b/meta/classes/overlayfs-etc.bbclass index 40116e4c6e..7096aae1a8 100644 --- a/meta/classes/overlayfs-etc.bbclass +++ b/meta/classes/overlayfs-etc.bbclass @@ -35,6 +35,7 @@ OVERLAYFS_ETC_USE_ORIG_INIT_NAME ??= "1" OVERLAYFS_ETC_MOUNT_OPTIONS ??= "defaults" OVERLAYFS_ETC_INIT_TEMPLATE ??= "${COREBASE}/meta/files/overlayfs-etc-preinit.sh.in" OVERLAYFS_ETC_EXPOSE_LOWER ??= "0" +OVERLAYFS_ETC_CREATE_MOUNT_DIRS ??= "1" python create_overlayfs_etc_preinit() { overlayEtcMountPoint = d.getVar("OVERLAYFS_ETC_MOUNT_POINT") @@ -56,6 +57,7 @@ python create_overlayfs_etc_preinit() { initBaseName = oe.path.join(d.getVar("base_sbindir"), "init") origInitNameSuffix = ".orig" exposeLower = oe.types.boolean(d.getVar('OVERLAYFS_ETC_EXPOSE_LOWER')) + createMoundDirs = oe.types.boolean(d.getVar('OVERLAYFS_ETC_CREATE_MOUNT_DIRS')) args = { 'OVERLAYFS_ETC_MOUNT_POINT': overlayEtcMountPoint, @@ -63,7 +65,8 @@ python create_overlayfs_etc_preinit() { 'OVERLAYFS_ETC_FSTYPE': overlayEtcFsType, 'OVERLAYFS_ETC_DEVICE': overlayEtcDevice, 'SBIN_INIT_NAME': initBaseName + origInitNameSuffix if useOrigInit else initBaseName, - 'OVERLAYFS_ETC_EXPOSE_LOWER': "true" if exposeLower else "false" + 'OVERLAYFS_ETC_EXPOSE_LOWER': "true" if exposeLower else "false", + 'CREATE_MOUNT_DIRS': "true" if createMoundDirs else "false" } if useOrigInit: diff --git a/meta/files/overlayfs-etc-preinit.sh.in b/meta/files/overlayfs-etc-preinit.sh.in index 8db076f4ba..b05e3957a3 100644 --- a/meta/files/overlayfs-etc-preinit.sh.in +++ b/meta/files/overlayfs-etc-preinit.sh.in @@ -3,12 +3,15 @@ echo "PREINIT: Start" PATH=/sbin:/bin:/usr/sbin:/usr/bin -mount -o remount,rw / - -mkdir -p /proc -mkdir -p /sys -mkdir -p /run -mkdir -p /var/run +if {CREATE_MOUNT_DIRS}; then + mount -o remount,rw / + + mkdir -p /proc + mkdir -p /sys + mkdir -p /run + mkdir -p /var/run + mkdir -p {OVERLAYFS_ETC_MOUNT_POINT} +fi mount -t proc proc /proc mount -t sysfs sysfs /sys @@ -20,7 +23,6 @@ UPPER_DIR=$BASE_OVERLAY_ETC_DIR/upper WORK_DIR=$BASE_OVERLAY_ETC_DIR/work LOWER_DIR=$BASE_OVERLAY_ETC_DIR/lower -mkdir -p {OVERLAYFS_ETC_MOUNT_POINT} if mount -n -t {OVERLAYFS_ETC_FSTYPE} \ -o {OVERLAYFS_ETC_MOUNT_OPTIONS} \ {OVERLAYFS_ETC_DEVICE} {OVERLAYFS_ETC_MOUNT_POINT} From patchwork Tue Oct 29 18:59:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51508 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E24AD3A685 for ; Tue, 29 Oct 2024 19:00:24 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.1946.1730228419483634192 for ; Tue, 29 Oct 2024 12:00:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vQaqz7SU; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-71e5130832aso4137689b3a.0 for ; Tue, 29 Oct 2024 12:00:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228419; x=1730833219; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E2GTGmLsA/0rW30b51PRHUnB8EejP5A4sVq75A5yGtI=; b=vQaqz7SUjCsAUSABBSlouZMJ7Seifn3tz2RNg3KuKdVM5uZwDwQn8EadhOQr8t6ul6 ToMEGDT01CSm+v/L4iPB2hiFj585AZCNG9IFiEJTzWFx4HPVTOfJsAJm6JgwKAwGtp9O G2zwtvNhSa8rnl69hAQ7VrF/gWiwC13qDqQg04KlmxT8mV9CvzL+gY5N6JQcV+Zxd+Pc +iQkpeJROOgJ/ALrBv3Vd868/inGsbXcIMWIpAPgba0olWbKtW9fKXWcloNJlm1Vr7lx HyHgLSeSg/xhLtXfKEI4RCpQCb+5/Vl3bt4izwgQp58zpuzQZcmHrYtdgxi0psiWntNk lg9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228419; x=1730833219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E2GTGmLsA/0rW30b51PRHUnB8EejP5A4sVq75A5yGtI=; b=ejN6NTgk0ozKTtjhIbp85RAIDEzKrwXOC3oXpqBfyQBZtlM1tbb5rYy/uG0inL+ej5 RcjDmlwqdfu+AzL1dGHcezdJnUgb/DcZey/hVntLlVkm0WMzFw8uQfH8P9sdZXdLK7QP M8QsxU1aYAHflXN12+P9ah9973UOw925XUmhehgdnsGB6EmBLqfPEG/GAOzPIo2Ijrep XOHJk0wWcIxDRFv77JFbSvdVaolV0bW671imfUelxwYDhok1zbHZjrZTNdkXvS9FUL60 P5lA38HfyPQb4B75ReajkuTRgu1t3fwzImW6UxXBttb8Dsn2xpfb7mVzY097q/rMb2tb 7uQw== X-Gm-Message-State: AOJu0YwBsApMZV1kqRS1nQcMzXLLXfat10dJbvLR4sHM10qNidJETqDJ 3oSvj8VW31qOXzm75PU0rWIpTugONqrZXJhtDrldA/+grTNu4tA0rKyS6FtQeAhZYCNxJ/ahWv5 s X-Google-Smtp-Source: AGHT+IE8uGlE9TRf2EhTk4jpUQpeCFEzhAv2FeLUBfAHLqJKSRV/ZzobQ2amUoy0/TjBznJv0/qqug== X-Received: by 2002:a05:6a21:394b:b0:1d8:abc6:71a4 with SMTP id adf61e73a8af0-1d9a83a65f7mr18400491637.6.1730228418705; Tue, 29 Oct 2024 12:00:18 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/19] bmap-tools: update HOMEPAGE and SRC_URI Date: Tue, 29 Oct 2024 11:59:44 -0700 Message-Id: <7678ae7fc255621d91271599b5f4491520387279.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206521 The bmaptool (previously: bmap-tools, bmap-tool, bmaptool) has been moved to be under the Yocto Project umbrella and is now hosted at: github.com/yoctoproject/bmaptool Signed-off-by: Steve Sakoman --- meta/recipes-support/bmap-tools/bmap-tools_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/meta/recipes-support/bmap-tools/bmap-tools_git.bb index 89b7bf2b93..f8b382ca48 100644 --- a/meta/recipes-support/bmap-tools/bmap-tools_git.bb +++ b/meta/recipes-support/bmap-tools/bmap-tools_git.bb @@ -4,12 +4,12 @@ bmap. Bmaptool is a generic tool for creating the block map (bmap) for a file, \ and copying files using the block map. The idea is that large file containing \ unused blocks, like raw system image files, can be copied or flashed a lot \ faster with bmaptool than with traditional tools like "dd" or "cp"." -HOMEPAGE = "https://github.com/01org/bmap-tools" +HOMEPAGE = "https://github.com/yoctoproject/bmaptool" SECTION = "console/utils" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https" +SRC_URI = "git://github.com/yoctoproject/bmaptool.git;branch=main;protocol=https" SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a" S = "${WORKDIR}/git" From patchwork Tue Oct 29 18:59:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51512 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21A24D3A68D for ; Tue, 29 Oct 2024 19:00:24 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.1973.1730228422008082951 for ; Tue, 29 Oct 2024 12:00:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=U9EIGwfn; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-71e4c2e36daso120349b3a.0 for ; Tue, 29 Oct 2024 12:00:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228421; x=1730833221; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VQPnmP12rzNfvQ3AZ6gVlcyc4dn8GQjqnmmcr55xZKo=; b=U9EIGwfnMw/ejCjKVwP9LA29JvfiMpEXWFZf6Ek9evq88LgFDFPs6lMCkNoZz8gHUw 84OK20qbkCrr+gdT1G41iaknJxddWZQ9eMVooMUeTbI8wpjC4Ap7PVTC23ZgjV7UjvZL x7XEhUWuNUPTgG92gvdurF6RSz0zu/0bgiCs9THeVeJ+YybmMzgs/EgGtxtEkkig7X9Y rd7MhfeufM2wp/b0bnz289nSRRk7r6Zqzh5O30vWch5SOlbTjAVjCldqcGaIABDdbBd4 r4VzvhMz5hViEc91SDW4OYwrPN+ovHTJMxFEWLJcy4EMYG145hUrL6c6JWAWBxbWZjTx nVMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228421; x=1730833221; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VQPnmP12rzNfvQ3AZ6gVlcyc4dn8GQjqnmmcr55xZKo=; b=taRmTUkUhgtOZXvGD3b6c4EF49JYgqmz/lGirHz8wRxXeFJ8g2ZHVbLa9BBb+rtJYi rePMxM+9obEIB/R9/W4y1TBl+d44BTFVViwn0I/TkYAdzO3iyc5TZazehnIfPQUvKTri Tfc5G4uH6ZDXvHgG7S6IA1PvsyqWS/VAKJK3qcWJemK659v+WtszLtUESJlXTOnPqcwa fWM8sfaYVshfXOtsqG7/mH5FzRMlRmqQ/N4/hV4XK56pz++EGe+0IQ6aiZZkm2spkPJq 4d57wCCrUqpU48thaItLEZSnoMN7YETe30GiEOiXumzBng+qoLqbKaItHYX3U8K9SpTc 5/MA== X-Gm-Message-State: AOJu0YxPmwU7I/8vqOJfw31Vepg2kR3agM/QV1JkMUxrT7eHA7mVVGAa 9DOrbQnz0lmivSeaxl4pS1OklomPZDeA3NjEmiY4OpHum9GPweLGsaj5cnsKxsQzc4p12TAGlFr + X-Google-Smtp-Source: AGHT+IGfJ41F3p0HcF/3tetjhU+EmVzZWfLIS1561erTxwGQDlEWqZ9LMnnRkdZWwb5LTp5PG4oH1w== X-Received: by 2002:a05:6a20:9f96:b0:1c8:de01:e7e5 with SMTP id adf61e73a8af0-1d9e1f46f1emr4231326637.15.1730228420514; Tue, 29 Oct 2024 12:00:20 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:20 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/19] nativesdk-intercept: Fix bad intercept chgrp/chown logic Date: Tue, 29 Oct 2024 11:59:45 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206522 From: Eilís 'pidge' Ní Fhlannagáin Running either of these ends up corrupting the os.execv args. If we run: ./scripts/nativesdk-intercept/chown -R foo:foo bar The loop here ends up missing the conversion of foo:foo to root:root because it sees sys.argv[0] and assumes that it's the user:group argument and that we should convert that. We end up a os.execv(path, args) that have the following args: ['root:root', '-R', 'foo:foo', 'bar'] As os.execv ignores args[0], we can just populate it with sys.argv[0] and then loop through sys.argv[1:]. As both chgrp and chown would have either flags and USER[:GROUP] next, this fixes the issue. (Backported from OE-Core rev: 2a75f647ec7696d353f4b09099d777ba53f34d36) Signed-off-by: Eilís 'pidge' Ní Fhlannagáin Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- scripts/nativesdk-intercept/chgrp | 5 ++++- scripts/nativesdk-intercept/chown | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/nativesdk-intercept/chgrp b/scripts/nativesdk-intercept/chgrp index 30cc417d3a..f8ae84b8b3 100755 --- a/scripts/nativesdk-intercept/chgrp +++ b/scripts/nativesdk-intercept/chgrp @@ -14,7 +14,10 @@ real_chgrp = shutil.which('chgrp', path=path) args = list() found = False -for i in sys.argv: + +args.append(real_chgrp) + +for i in sys.argv[1:]: if i.startswith("-"): args.append(i) continue diff --git a/scripts/nativesdk-intercept/chown b/scripts/nativesdk-intercept/chown index 3914b3e384..0805ceb70a 100755 --- a/scripts/nativesdk-intercept/chown +++ b/scripts/nativesdk-intercept/chown @@ -14,7 +14,10 @@ real_chown = shutil.which('chown', path=path) args = list() found = False -for i in sys.argv: + +args.append(real_chown) + +for i in sys.argv[1:]: if i.startswith("-"): args.append(i) continue From patchwork Tue Oct 29 18:59:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51513 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21C71D3A68D for ; Tue, 29 Oct 2024 19:00:34 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.1980.1730228427857577705 for ; Tue, 29 Oct 2024 12:00:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2aq66UYP; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-7ea7e250c54so4360696a12.0 for ; Tue, 29 Oct 2024 12:00:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228427; x=1730833227; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7JDPfFY5PglOxXiWujcaA1eSKC7jqokqzkFhaE9mSA0=; b=2aq66UYPIb1Wczu/G7AcsMKZV4gs3Wwm+isH2iWhgsSZQIyenJXsiNraYX2JK1b+Az jA737NzO4B1ldOIHzWkOPcWiuyUq25RVbc54WPb5Ic+V8m5K5pEnzMWirV3xVr8cBYKs dtgrMZpATC80S1P+NTf2cRbyZHVDWAP1Osagdty3W4EO2NdQ1qW/ZBU6JYHvMSUGuou2 X90sBBiWozitJwyWH7kO7s7IMXQxWWuK5X+kJWBYMoycv91gyMlkB9P4cqOzVSLf8f1E yzZTqwDlhfFMCLXndNqWKBhN2l07Zn2ShEi/cG/0kIqvBXJWMS94PY6EOqFpB0QL+4Gk C1nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228427; x=1730833227; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7JDPfFY5PglOxXiWujcaA1eSKC7jqokqzkFhaE9mSA0=; b=SC65ROCrPyT8TyYEhS5eG052Sx6+g1VFsBQME9YNBplKhu8ok6ck8hIeWBj1Fi2/fl db6+bYbHQTq+LUeXb2ncivdfw4anL4UBrxiCBA5V84xyyGYxW35WWYrnos+tuRZBNN+3 p8sP99yN+O4FifwkzywQchDeB5a0mb8kGStz+2ctigeipRALrDyDark5gEWy2d8/bQMt wOAE/S9i8Mp1wK1ioV6QE7QvG1xFtS4c4tdgkwklf2UgKcuxDRMux05bzYMI5GCHM8wF I43WW2VQB8DHxzwZ72P4G0ScQxcojFIJa55kt6QC5Nc8IpjU6Em6Z74dYeIcYZmh1+rA ujYg== X-Gm-Message-State: AOJu0YyEWJQ+4+k64YpMGDc0VWx25e0t8a6MPNTYd0EiEQw5hKGX9K7s JlgRs71+r6F+4r4vl3PkG14tfj0xx24C8hqM2WgYR43wRmAKreL9F1dYj8BVlRBprckNBXyO1PG n X-Google-Smtp-Source: AGHT+IFMKbGEr2QbzWrCUZaTQLh86yAeEVZF9/FLr5sQQgwA9G/eJNineCATV2HJXhVsTr4VtejcVg== X-Received: by 2002:a05:6a21:3947:b0:1d9:3456:b71e with SMTP id adf61e73a8af0-1d9a83c1926mr16746182637.12.1730228426825; Tue, 29 Oct 2024 12:00:26 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/19] zip: Make configure checks to be more robust Date: Tue, 29 Oct 2024 11:59:46 -0700 Message-Id: <03b7a44e2ff4364cb85758f91d78efa0cf85682d.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206523 From: Khem Raj Newer compilers are strict and have turned some warnings into hard errors which results in subtle configure check failures. Therefore fix these tests and also enable largefile support via cflags when its desired Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...y-correct-function-signatures-and-de.patch | 134 ++++++++++++++++++ ...2-unix.c-Do-not-redefine-DIR-as-FILE.patch | 35 +++++ meta/recipes-extended/zip/zip_3.0.bb | 2 + 3 files changed, 171 insertions(+) create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch create mode 100644 meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch new file mode 100644 index 0000000000..a4f8382625 --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch @@ -0,0 +1,134 @@ +From 8810f2643c9372a8083272dc1fc157427646d961 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 10 Aug 2022 17:16:23 -0700 +Subject: [PATCH 1/2] configure: Specify correct function signatures and + declarations + +Include needed system headers in configure tests, this is needed because +newer compilers are getting stricter about the C99 specs and turning +-Wimplicit-function-declaration into hard error e.g. clang-15+ + +Upstream-Status: Inactive-Upstream +Signed-off-by: Khem Raj +--- + unix/configure | 79 +++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 66 insertions(+), 13 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 1d9a9bb..f2b3d02 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -513,21 +513,70 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null + # Check for missing functions + # add NO_'function_name' to flags if missing + +-for func in rmdir strchr strrchr rename mktemp mktime mkstemp +-do +- echo Check for $func +- echo "int main(){ $func(); return 0; }" > conftest.c +- $CC $CFLAGS $LDFLAGS $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null +- [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`" +-done ++echo Check for rmdir ++cat > conftest.c << _EOF_ ++#include ++int main(){ rmdir(NULL); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_RMDIR" ++ ++echo Check for strchr ++cat > conftest.c << _EOF_ ++#include ++int main(){ strchr(NULL,0); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_STRCHR" + ++echo Check for strrchr ++cat > conftest.c << _EOF_ ++#include ++int main(){ strrchr(NULL,0); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_STRRCHR" ++ ++echo Check for rename ++cat > conftest.c << _EOF_ ++#include ++int main(){ rename(NULL,NULL); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_RENAME" ++ ++echo Check for mktemp ++cat > conftest.c << _EOF_ ++#include ++int main(){ mktemp(NULL); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKTEMP" ++ ++echo Check for mktime ++cat > conftest.c << _EOF_ ++#include ++int main(){ mktime(NULL); return 0; } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKTIME" ++ ++echo Check for mkstemp ++cat > conftest.c << _EOF_ ++#include ++int main(){ return mkstemp(NULL); } ++_EOF_ ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_MKSTEMP" + + echo Check for memset +-echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c ++cat > conftest.c << _EOF_ ++#include ++int main(){ char k; memset(&k,0,0); return 0; } ++_EOF_ + $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DZMEM" + +- + echo Check for memmove + cat > conftest.c << _EOF_ + #include +@@ -548,7 +597,7 @@ $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + echo Check for errno declaration + cat > conftest.c << _EOF_ + #include +-main() ++int main() + { + errno = 0; + return 0; +@@ -625,14 +674,18 @@ CFLAGS="${CFLAGS} ${OPT}" + + echo Check for valloc + cat > conftest.c << _EOF_ +-main() ++#include ++int main() + { + #ifdef MMAP +- valloc(); ++ valloc(0); + #endif ++ return 0; + } + _EOF_ +-$CC ${CFLAGS} -c conftest.c > /dev/null 2>/dev/null ++#$CC ${CFLAGS} -c conftest.c > /dev/null 2>/dev/null ++$CC ${CFLAGS} -c conftest.c ++echo "===========================================" + [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_VALLOC" + + +-- +2.37.1 + diff --git a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch new file mode 100644 index 0000000000..a86e03e620 --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch @@ -0,0 +1,35 @@ +From 76f5bf3546d826dcbc03acbefcf0b10b972bf136 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 10 Aug 2022 17:19:38 -0700 +Subject: [PATCH 2/2] unix.c: Do not redefine DIR as FILE + +DIR is already provided on Linux via +/usr/include/dirent.h system header + +Upstream-Status: Inactive-Upstream +Signed-off-by: Khem Raj +--- + unix/unix.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/unix/unix.c b/unix/unix.c +index ba87614..6e6f4d2 100644 +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -61,13 +61,11 @@ local time_t label_utim = 0; + /* Local functions */ + local char *readd OF((DIR *)); + +- + #ifdef NO_DIR /* for AT&T 3B1 */ + #include + #ifndef dirent + # define dirent direct + #endif +-typedef FILE DIR; + /* + ** Apparently originally by Rich Salz. + ** Cleaned up and modified by James W. Birdsall. +-- +2.37.1 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index e1e6be6225..b6ec3cd9ad 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -17,6 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://0001-configure-use-correct-CPP.patch \ file://0002-configure-support-PIC-code-build.patch \ file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \ + file://0001-configure-Specify-correct-function-signatures-and-de.patch \ + file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \ file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Tue Oct 29 18:59:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51516 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29160D3A689 for ; Tue, 29 Oct 2024 19:00:34 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.1982.1730228429552156508 for ; Tue, 29 Oct 2024 12:00:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qgZ12bGs; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-71e74900866so4412648b3a.1 for ; Tue, 29 Oct 2024 12:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228429; x=1730833229; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qNWrLayrp+TxUJAJp9MasF8BGxxABVWfGNfXYcPyOmo=; b=qgZ12bGsAJwNUxPAH8KBWjUQdxfkiQV7v/0LYCw4DN6yF3KJQThIWfhqM+/u8aVSfK GaO0NaXpjH1xt4T+4Ea7ujVYYxiPm7ypG5dvoNSptNerFmwWhA+UCfA3MaFckA2/DpB8 NjCeEqcVnFDKBdWD2vE0K9bmH2SbyEpl+31obp/rcxnoQZru8jIkjfo8KBz8N7Wj4Xht TBBjRma1MMZU6tDfleokOFgJd/sXGkZGPHovoMeu7IHETMJcHhulM1+0UcNr+LGmjiTD LmK8LOunY/BNWETBLjWaRzpmWW5KtJzU3MkOHzQbqD46tqaQNp+r7HvwoS4kGpEaLUxr FD1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228429; x=1730833229; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qNWrLayrp+TxUJAJp9MasF8BGxxABVWfGNfXYcPyOmo=; b=BMkb6pedYj4fFy0Aqy0bgAZBICMIu6+FgmsBsekisog5kNevvyMU48s/QGQXfKDGRu E3s0QwISRnn/Oei1iwJEyVTor75KY36Ic8v/hfdo3FIrYaJRpGLVCU3HHPKC3pk3sIQo nUIAvhVxEGQ3nctvB+KnU6CG2VJLLMbSsS0ybGpQGASNwp73inG1j87rUwO3xetieZTQ YbdEJwzuiuUhUem7aFdKI3h9qXUjhfVszgizeF8XYiaT2bYKnKlRtHRrBeYBGwDZw5nK cNVYp8vi6yAtpErFk74Az3XhsbyLU2qYmJWuiJQ6YlX7oy1aPxIMNbHu2AOGdF0yqNEl s5Mg== X-Gm-Message-State: AOJu0Yyu3cWsDq4et4mIa/fU7GtVjkqsOVZYam0EDuc3Rxz3lP+1fTZY H2BFBGXVXtooSd0rYW5GSHz7bLZiBMqDhuEeuHYmNvRif049jX+uxKVD+2fOsm68Y0nTPOlJAGO e X-Google-Smtp-Source: AGHT+IHgEBx6c+CuRtClWc3jFc39o6Oz69FlTYHR4MBvXMxOVeHR8+/f7tE+xh6Lbio8KM3I5cGurA== X-Received: by 2002:a05:6a00:b55:b0:71e:52cd:9cd4 with SMTP id d2e1a72fcca58-72063028d8emr16678075b3a.20.1730228428356; Tue, 29 Oct 2024 12:00:28 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:28 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/19] zip: Fix build with gcc-14 Date: Tue, 29 Oct 2024 11:59:47 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206524 From: Khem Raj zip's configure fails to link this piece of test code: int main() { return closedir(opendir(".")); } with GCC-14 because it now treats implicit declaration of function as error, unline older GCC version where it was just a warning and this test would build fine. Remove 0002-unix.c-Do-not-redefine-DIR-as-FILE.patch which is now unnecessary (MJ: this part wasn't applicable for kirkstone). Signed-off-by: Zoltán Böszörményi Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 3422411eb750c7e960b81676637cfb321dbadefb) Signed-off-by: Steve Sakoman Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...e-dirent.h-for-closedir-opendir-APIs.patch | 45 +++++++++++++++++++ ...2-unix.c-Do-not-redefine-DIR-as-FILE.patch | 35 --------------- meta/recipes-extended/zip/zip_3.0.bb | 2 +- 3 files changed, 46 insertions(+), 36 deletions(-) create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch delete mode 100644 meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch new file mode 100644 index 0000000000..0d3af37ded --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch @@ -0,0 +1,45 @@ +From 9db2f8cdbbc0dfb359d3b4e5dfe48c18652ce531 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 8 May 2024 19:02:46 -0700 +Subject: [PATCH] configure: Include dirent.h for closedir/opendir APIs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC-14 is strict about function prototypes and since the +testcase tries to compile/link opendir/closedir functions +without including signatures, it fails to build the test +due to missing signatures which come from dirent.h + +Therefore include the needed system header and make it more +robust. + +Fixes +a.c:2:21: error: implicit declaration of function ‘closedir’ [-Wimplicit-function-declaration] + 2 | int main() { return closedir(opendir(".")); } + | ^~~~~~~~ +a.c:2:30: error: implicit declaration of function ‘opendir’ [-Wimplicit-function-declaration] + 2 | int main() { return closedir(opendir(".")); } + | ^~~~~~~ + +Upstream-Status: Inactive-Upstream +Signed-off-by: Khem Raj +--- + unix/configure | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/configure b/unix/configure +index f917086..1dd98c6 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -591,6 +591,7 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null + + echo Check for directory libraries + cat > conftest.c << _EOF_ ++#include + int main() { return closedir(opendir(".")); } + _EOF_ + +-- +2.45.0 + diff --git a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch b/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch deleted file mode 100644 index a86e03e620..0000000000 --- a/meta/recipes-extended/zip/zip-3.0/0002-unix.c-Do-not-redefine-DIR-as-FILE.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 76f5bf3546d826dcbc03acbefcf0b10b972bf136 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 10 Aug 2022 17:19:38 -0700 -Subject: [PATCH 2/2] unix.c: Do not redefine DIR as FILE - -DIR is already provided on Linux via -/usr/include/dirent.h system header - -Upstream-Status: Inactive-Upstream -Signed-off-by: Khem Raj ---- - unix/unix.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/unix/unix.c b/unix/unix.c -index ba87614..6e6f4d2 100644 ---- a/unix/unix.c -+++ b/unix/unix.c -@@ -61,13 +61,11 @@ local time_t label_utim = 0; - /* Local functions */ - local char *readd OF((DIR *)); - -- - #ifdef NO_DIR /* for AT&T 3B1 */ - #include - #ifndef dirent - # define dirent direct - #endif --typedef FILE DIR; - /* - ** Apparently originally by Rich Salz. - ** Cleaned up and modified by James W. Birdsall. --- -2.37.1 - diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index b6ec3cd9ad..94de3715d2 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -18,8 +18,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://0002-configure-support-PIC-code-build.patch \ file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \ file://0001-configure-Specify-correct-function-signatures-and-de.patch \ - file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \ file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \ + file://0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Tue Oct 29 18:59:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51515 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3309BD3A690 for ; Tue, 29 Oct 2024 19:00:34 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.1955.1730228430996604366 for ; Tue, 29 Oct 2024 12:00:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RDXCko5z; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-71e52582cf8so4336575b3a.2 for ; Tue, 29 Oct 2024 12:00:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228430; x=1730833230; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TACd1+35dp7Jh5cx3IukJoNIMvR/iGJ5NbkhVKR0EiE=; b=RDXCko5znw9nfvSnh1sKtmRDUwReOLZY8AzbEPNHsPWJQZqw48YS4iMEyMJlMr4Lyf n4BAiIz1J4XTiDjqNOPpqPbEmSg5xVJfkSIAm4/4uBaeFdC2m+RoJ9cTIb/gikAa+3CF 9tcguFSjB1HmIV7OvGE9hnYvQR9O//uLSMt65QRDMXEyoPu2OJcSwe59CNKd7NeLuR7+ 0FXuHbseL+/hA0x3mWNRTcrRGiCgT9RO7R7oNLWe7E2mTv6O4g2vCwHaomhXqVspVoFL nOcHdYMmVOMO1493M3jzUnNLDlaZ8JEaD0YinaLt0HKHG/zmvDNrc27UKpg1cJHDDuy0 uTjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228430; x=1730833230; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TACd1+35dp7Jh5cx3IukJoNIMvR/iGJ5NbkhVKR0EiE=; b=jTTL0wNove6l2k4S+Zp6Hjk76SxrKdz7A0X/DoxtmIso/cF0CwEWveYYvGGCHeRQs5 wu4uxmeHP4db1/sosZx+BSbGLFiV6RVjK0sQFFVqhD8h3njCaHI3FFwmXneB7T0tjfru GiXfkf89ajv3x1fs1EsBlPRqSpHBKGBNbsobi3f32mpZxPhmwzCT3yen6hwZfyVHx+zI CqlXIfXFytq49Gmj0JV7QJ9LBZaQttz03I2rGosQcNXFralofOZnXHh+cbo2H36voA9K vUqTi2e30AOE7+P2p+E6240ay6nT71n6YARC+guZXy+W7P4F6cLRCczGMwMJ+cOHwIVG nG4Q== X-Gm-Message-State: AOJu0YwSjL5pHo/7jiPVr8H743/D5iyB9SHVmS5OWSAhDq6gbdyf0Rx6 jjaTj0u1l/gKa0nCqQwN5mrfn5mHbDv3K57UUSJsP7mtuzy3tSRfA+VbsgZjQEExSh0ayPK6g1Z C X-Google-Smtp-Source: AGHT+IH6ind4lzkcFiK/Exw4flYUS5HsR8pHaKLzzVdZSllp/cD1Z7PBvgn4OtSGktd7HusQ2NMx8w== X-Received: by 2002:a05:6a00:3929:b0:71d:ee1b:c854 with SMTP id d2e1a72fcca58-72062f83c34mr18857340b3a.9.1730228429906; Tue, 29 Oct 2024 12:00:29 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/19] vala: add -Wno-error=incompatible-pointer-types work around Date: Tue, 29 Oct 2024 11:59:48 -0700 Message-Id: <0f850f213071d4bc3a7065334debabd32c7bd9a1.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206525 From: Martin Jansa * to allow building vala-native on hosts with gcc-14 * we could backport: https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79 which is already included in scarthgap, but that's big patch doing almost the same Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/recipes-devtools/vala/vala.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/vala/vala.inc b/meta/recipes-devtools/vala/vala.inc index 162e99bb03..87d8fedc3f 100644 --- a/meta/recipes-devtools/vala/vala.inc +++ b/meta/recipes-devtools/vala/vala.inc @@ -39,6 +39,10 @@ EOF EXTRA_OECONF += " --disable-valadoc" +# work around for vala-native build with gcc-14 instead of backporting +# https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79 +BUILD_CFLAGS += "-Wno-error=incompatible-pointer-types" + # Vapigen wrapper needs to be available system-wide, because it will be used # to build vapi files from all other packages with vala support do_install:append:class-target() { From patchwork Tue Oct 29 18:59:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51514 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21D31D3A68E for ; Tue, 29 Oct 2024 19:00:34 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.1956.1730228433041934971 for ; Tue, 29 Oct 2024 12:00:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=w2OY3PZO; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-7ed9c16f687so4658884a12.0 for ; Tue, 29 Oct 2024 12:00:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228432; x=1730833232; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LDthNxrrcVZvXcTxLkP+/ELe0qNOmUuCvIwcqjPfwIY=; b=w2OY3PZOxnBMfo/QPfj9C/tNcEc4e4WCE4TaPozTyADI06KDvNtLjk/TkBNDI/84Vo MLeMdw+rMxluoGavOMxx4hpXXB3YNWfxHr9BIbilpLcy4qH9Tx5cptHoTYzgNaBba/Dd ELVEyPbpfsFwDHEP6SbflpJg05uyoRalrVfcX7SpaLDsVF3PQs/3fpPglZ+0mK3Yphjx gAODQvUKgbNjPhMVk2PAYg4m2cZ8rjSgb4C4knu06NuoxrKldXlLga3TZqUU45CNNTqc erYHgHCpe4Z1tXjvzWxDUxpynjtsvCtyiHukVi7DjKzhejJ89nXYpZNOEuMxVQCYGFym uUUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228432; x=1730833232; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LDthNxrrcVZvXcTxLkP+/ELe0qNOmUuCvIwcqjPfwIY=; b=Hwv7vRWPpewNJwNtLcpQU/h9xmqL2y731KK4+L5GpIM/0KzWL+RNYnzsGxy8jNncur iTjTf5+4N82USuJUUHAtuDS+BTCPCNKuBUb8ch2AYbpXbhqqCF+2Y2tsh8+peNV7trzx mVLqo1ptWviBvh4GLsJPaJfLkhTEM4xn/dcsDWpOXZ1/ATxMkRY4XyoCIvAu3h+d5GFV iiACnBkO0SW76k8TBuu6U6OFbVTK/TA/3ZR1jkUlq2R1cYfC8MzoIhi2rf8AZVD9BDGs Pe4VsHiUNA4nWg5V9Cst222sa5tkvnC5ZAWibDuqkWiKuDrCL2pzbWoYW04GyQf40ryY pv1Q== X-Gm-Message-State: AOJu0Yxqhi03tljZr3qK9N6fAKX1hXdzc6pbML7CvIT4PSW8p/AiGjTV NLaJUvikbVa6SFaW6/oNG8gQHwU87rV4KsctmyFy/J/c0Sin4VkncL0zbafs2d+IGD3ULaU+Z/f 5 X-Google-Smtp-Source: AGHT+IGP24/DjF7W5NfGMw6k69CMhd0jGTe4nyFEp0xzo8sqR//JtyRlqiKu5gFHqAPoW+UpvwYbFw== X-Received: by 2002:a05:6a20:c891:b0:1d9:2723:64a6 with SMTP id adf61e73a8af0-1d9a84016e1mr14275410637.21.1730228432027; Tue, 29 Oct 2024 12:00:32 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/19] cracklib: Modify patch to compile with GCC 14 Date: Tue, 29 Oct 2024 11:59:49 -0700 Message-Id: <7cca344feaa16cfabbaa2f34e4aab91cc1af39ee.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206526 From: Zoltan Boszormenyi GCC 14 implicitly turns a warning into a compiler error: | ../../git/src/lib/packlib.c: In function ‘PWClose’: | ../../git/src/lib/packlib.c:554:40: error: passing argument 1 of ‘HwmsHostToBigEndian’ from incompatible pointer type [-Wincompatible-pointer-types] | 554 | HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); | | ~~~~~~~^~~~~ | | | | | uint32_t * {aka unsigned int *} | ../../git/src/lib/packlib.c:142:27: note: expected ‘char *’ but argument is of type ‘uint32_t *’ {aka ‘unsigned int *’} | 142 | HwmsHostToBigEndian(char *pHwms, int nLen,int nBitType) | | ~~~~~~^~~~~ Add the cast to (char *) to silence it. Signed-off-by: Zoltán Böszörményi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- ...0001-packlib.c-support-dictionary-byte-order-dependent.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch index 8fb512a224..cf7a0857e0 100644 --- a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch +++ b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch @@ -303,7 +303,7 @@ index 8acb7be..a9d8750 100644 + PWDICT tmp_pwp; + + memcpy(&tmp_pwp, pwp, sizeof(PWDICT)); -+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); ++ HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); + fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp); } } From patchwork Tue Oct 29 18:59:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51519 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 258A3D3A690 for ; Tue, 29 Oct 2024 19:00:44 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.1985.1730228434544670106 for ; Tue, 29 Oct 2024 12:00:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OplFdWNS; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-71e592d7f6eso4040566b3a.3 for ; Tue, 29 Oct 2024 12:00:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228434; x=1730833234; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gK6plURsivoTAivG3RWY+w0ODRbLQWHXWUuAvmfABiU=; b=OplFdWNSp3zxMVqhMBNm3qcknqG1fg1+tGp50xrI70w37lQUv/g2y2TeNW+mW1hIZg if9Kr38CcmjKYFfiqZg/3ijoHMfM9KbSMur9ZM0aeXtt96DBgoOv2k6nrSsj+NouPxtw F/CwmJjphmlPi4U//+qeVYKUAxS3B5HUL63MnJeOhDk/FrJzTXMZ0XT5w/ZNjlE5aiOL fLXsrUZuwCgwDhBZRgrzYje+oPgTzFbf+eKpsiohxkdK26LATe3285pLZ/sxHCq5QR/1 2bfFSb2PW5AaP7rgdbUJAUXBbdOdGjJWVsKLRuWfbohC1Og6LDeRMw8rcQUL86JtYC8l dJTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228434; x=1730833234; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gK6plURsivoTAivG3RWY+w0ODRbLQWHXWUuAvmfABiU=; b=b2wUCB60s8LUu3GbiNWzXP9rtc3KZDZXeYHAiaEi1noYGCacSEZrc78BwAs4X2U+fj hPuoU3hqIVBqeoQUtW65JqPIY9U7oJ8N+qx2tMzy89u17/Ph/VrfhTYKmkb96BOeYoHX OMuIwaEBFdOc3QnR73DLIpyz91tVvhVzivvg60CiAU3iRWNRNrXR7R7KvBIXvGITf95s LSXVd5GsDMalX+JrcrgGMF+y0uD+zNStveE7wBlnNSy8YWSQhesG+hE9EonNvhfOY9Xt CCzG0ZclAK1Zu5ul6xIisA9KEcynzOvPoMXJwjiSiRFsHVyCIzHNLtVtdf/UT4TNHCVj SPpQ== X-Gm-Message-State: AOJu0YzmZd+NEkY+aZw9i+bIJSWcNJsqxSHudCkvRmxDTjeLLci/njOU HGot8H5GHnBxVEiag32rklnNwWt94C8j73/OtNvTM+vPW4OYJeFUkApq+/idHL8YVK1LYyTW2yL z X-Google-Smtp-Source: AGHT+IEQz1DOFyECYhIHzHVmRS4KdzAPitMX0SHRNJHv6cgIbC0ZhIb1RvZLNS9H1h35BMbDMV2f9Q== X-Received: by 2002:a05:6a00:1393:b0:71e:16b3:e5dc with SMTP id d2e1a72fcca58-7206306de34mr18408672b3a.19.1730228433702; Tue, 29 Oct 2024 12:00:33 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 17/19] libffi: backport a fix to build libffi-native with gcc-14 Date: Tue, 29 Oct 2024 11:59:50 -0700 Message-Id: <1054417a217417ab192dc4aee8307133451fb0e4.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206527 From: Martin Jansa Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...ward-declare-open_temp_exec_file-764.patch | 47 +++++++++++++++++++ meta/recipes-support/libffi/libffi_3.4.4.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch diff --git a/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch b/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch new file mode 100644 index 0000000000..4b135961fd --- /dev/null +++ b/meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch @@ -0,0 +1,47 @@ +From 216bf8daeb30880957e0c888efbed1f0a7478c32 Mon Sep 17 00:00:00 2001 +From: serge-sans-paille +Date: Thu, 2 Feb 2023 14:46:29 +0000 +Subject: [PATCH] Forward declare open_temp_exec_file (#764) + +It's defined in closures.c and used in tramp.c. +Also declare it as an hidden symbol, as it should be. + +Co-authored-by: serge-sans-paille +Signed-off-by: Martin Jansa + +Upstream-Status: Backport [v3.4.5 https://github.com/libffi/libffi/commit/ce077e5565366171aa1b4438749b0922fce887a4] +--- + include/ffi_common.h | 4 ++++ + src/tramp.c | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/include/ffi_common.h b/include/ffi_common.h +index 2bd31b0..c53a794 100644 +--- a/include/ffi_common.h ++++ b/include/ffi_common.h +@@ -128,6 +128,10 @@ void *ffi_data_to_code_pointer (void *data) FFI_HIDDEN; + static trampoline. */ + int ffi_tramp_is_present (void *closure) FFI_HIDDEN; + ++/* Return a file descriptor of a temporary zero-sized file in a ++ writable and executable filesystem. */ ++int open_temp_exec_file(void) FFI_HIDDEN; ++ + /* Extended cif, used in callback from assembly routine */ + typedef struct + { +diff --git a/src/tramp.c b/src/tramp.c +index b9d273a..c3f4c99 100644 +--- a/src/tramp.c ++++ b/src/tramp.c +@@ -39,6 +39,10 @@ + #ifdef __linux__ + #define _GNU_SOURCE 1 + #endif ++ ++#include ++#include ++ + #include + #include + #include diff --git a/meta/recipes-support/libffi/libffi_3.4.4.bb b/meta/recipes-support/libffi/libffi_3.4.4.bb index 4ceee6f3cc..f727e91345 100644 --- a/meta/recipes-support/libffi/libffi_3.4.4.bb +++ b/meta/recipes-support/libffi/libffi_3.4.4.bb @@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8" SRC_URI = "https://github.com/libffi/libffi/releases/download/v${PV}/${BPN}-${PV}.tar.gz \ file://not-win32.patch \ file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \ + file://0001-Forward-declare-open_temp_exec_file-764.patch \ " SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676" UPSTREAM_CHECK_URI = "https://github.com/libffi/libffi/releases/" From patchwork Tue Oct 29 18:59:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51517 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 259C3D3A692 for ; Tue, 29 Oct 2024 19:00:44 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.1960.1730228436544866111 for ; Tue, 29 Oct 2024 12:00:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DrQ/V5Z/; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-71e3fce4a60so4199849b3a.0 for ; Tue, 29 Oct 2024 12:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228436; x=1730833236; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bQpEM8rMnNfdZI/0nqnxwRCKKTWYBO8kb2SF1zz2zNM=; b=DrQ/V5Z/jDzmx3DnKZGCQNGifFrB5twH2VyX/8Hripqcgbs4ieQAP0qmj19i3R9QBY PDfzHUuwy1os+PrL00c9kAQG+fL+15NotUgAHQuEbGp+oTYcSv5mbKtYDrSdnlGQumAJ pDX1pNR/Y+L5goa+cFol8kD63QAc4IMPC9vFUz/MgYNZulN+9a0Ik7CP04JborcaXA3+ J0Ss3SrMHK3xNr47SHPryXQFeD/d0tXhRpSyuk8raelME6SqcdD0CImhMNN1vgTt3Nd2 00HAhISTgyftTO+CuwUrwZYS5AYkJdduV2ZjZ5bAr9i69EPrL09ndz3Qbr9PjPQJFVH9 ceJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228436; x=1730833236; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bQpEM8rMnNfdZI/0nqnxwRCKKTWYBO8kb2SF1zz2zNM=; b=a+KRWSSLykCpJijO1Y1IWrXclb1mSplJF+abs8TLeT7kK0K9hi6KVDSI10sURfhUDH cbvg3QPmiTmM7mgZALTAykEeSTHCDkl40E6tJLXdWRu1z0vEKnymH+7fTttkR7NP28z/ 8kjlp8cuqu6KJCldMQPJBF7dfIZsbyuGXA+Z9+LVEoK5uHtEoYaHDHm+zg8v/gAtF4HR T9l0RKBc9+WBiFF/F/CsjPexPhQPweGfg62iuv6ZVApf4Py0mGSmgvUOtgDIPiYz5M5k /K1zAXDm64fd9uQbTOZyKoa3wWAHgwrRM/Kn2oDmQhc5a25mx5MmVgmrLfNxki7F6iNX 1rTw== X-Gm-Message-State: AOJu0YziR0uuc1HAsGQ4fpd/7Bvhg00qQqcSK9pCjXwGXTPbPFCsEDeI G6oTiUD4apumY+ixBpSsJ9gwr8Iaa/raH6QfTMQMi+1l/DuMwRy8KTavM3zqS761wbt9N4bneeq t X-Google-Smtp-Source: AGHT+IG8miW9no1Ih1Qti05Vvz6zX0k4Bvvm3awfWLIw9C6TWG3hHtq+RIo8QRKTH7u562anHCm9+A== X-Received: by 2002:a05:6a00:84c:b0:71e:4e2a:38bf with SMTP id d2e1a72fcca58-72063028f7bmr18839846b3a.18.1730228435605; Tue, 29 Oct 2024 12:00:35 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:35 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 18/19] at-spi2-core: backport a patch to fix build with gcc-14 on host Date: Tue, 29 Oct 2024 11:59:51 -0700 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206528 From: Martin Jansa * fixes: | ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c: In function ?atspi_device_listener_new_simple?: | ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:252:37: error: passing argument 1 of ?atspi_device_listener_new? from incompatible pointer type [-Wincompatible-pointer-types] | 252 | return atspi_device_listener_new (device_remove_datum, callback, callback_destroyed); | | ^~~~~~~~~~~~~~~~~~~ | | | | | gboolean (*)(const AtspiDeviceEvent *, void *) {aka int (*)(const struct _AtspiDeviceEvent *, void *)} | ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:222:50: note: expected ?AtspiDeviceListenerCB? {aka ?int (*)(struct _AtspiDeviceEvent *, void *)?} but argument is of type ?gboolean (*)(const AtspiDeviceEvent *, void *)? {aka ?int (*)(const struct _AtspiDeviceEvent *, void *)?} | 222 | atspi_device_listener_new (AtspiDeviceListenerCB callback, | | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~ Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- .../0001-Fix-function-prototype.patch | 27 +++++++++++++++++++ .../atk/at-spi2-core_2.42.0.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch diff --git a/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch b/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch new file mode 100644 index 0000000000..4fe7866ff7 --- /dev/null +++ b/meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch @@ -0,0 +1,27 @@ +From b29826379068a05cdd42ba6e956d17e4d6681c7b Mon Sep 17 00:00:00 2001 +From: Federico Mena Quintero +Date: Tue, 23 Nov 2021 11:18:51 -0600 +Subject: [PATCH] Fix function prototype + +device_remove_datum already implicitly casts its cb to a +AtspiDeviceListenerSimpleCB, which takes a const *event. + +Signed-off-by: Martin Jansa +Upstream-Status: Backport [v2.43.92 https://github.com/GNOME/at-spi2-core/commit/1e91fc4cff2080696be914e26f4cdf0bf32d1550] +--- + atspi/atspi-device-listener.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/atspi/atspi-device-listener.c b/atspi/atspi-device-listener.c +index 69f77d1..9776ebd 100644 +--- a/atspi/atspi-device-listener.c ++++ b/atspi/atspi-device-listener.c +@@ -53,7 +53,7 @@ device_event_handler_new (AtspiDeviceListenerCB callback, + } + + static gboolean +-device_remove_datum (const AtspiDeviceEvent *event, void *user_data) ++device_remove_datum (AtspiDeviceEvent *event, void *user_data) + { + AtspiDeviceListenerSimpleCB cb = user_data; + return cb (event); diff --git a/meta/recipes-support/atk/at-spi2-core_2.42.0.bb b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb index 9ca969cbb8..97e09202fd 100644 --- a/meta/recipes-support/atk/at-spi2-core_2.42.0.bb +++ b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb @@ -11,6 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://0001-Ensure-x11_dep-is-defined.patch \ + file://0001-Fix-function-prototype.patch \ " SRC_URI[sha256sum] = "4b5da10e94fa3c6195f95222438f63a0234b99ef9df772c7640e82baeaa6e386" From patchwork Tue Oct 29 18:59:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 51518 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C0DBD3A68D for ; Tue, 29 Oct 2024 19:00:44 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.1992.1730228438403637286 for ; Tue, 29 Oct 2024 12:00:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zRy5cwhO; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-7ee020ec76dso1792703a12.3 for ; Tue, 29 Oct 2024 12:00:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1730228437; x=1730833237; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yJPC8++IT23r98Gpbv+kP3J//ev9QH9fF48cQ39jIy0=; b=zRy5cwhOz9mzy9GmYPCznB9BwczG5w7w+KwsiNNXwaJQpItYR0nnpneMTSbBw8VtZC pWiUtzSQ+9/iQ5LWb5U9BNrg9r4U5MM7EY0ucp1kE1p7AngYOA9xKsbP42lHpNNIcJ+I vqzJePO3WJzwDbcs2QF1/tjFl+signcsAS3KG8WBpQGsvDq+sQ9i7uJFRYRSr5Sc6hbA VzA46Ss/nqO9kczZVk535u9DorCRwEWAvnyy6i//ZdTAWwYoctSNWby3ij9haxNFoVa/ GjXBJgDc/KtPIc/HEAtO0ARnjBl1oj+wxC1uoFAIoYfRNjtyXUMJ+DKLfIxD7qcijcU6 h2gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730228437; x=1730833237; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yJPC8++IT23r98Gpbv+kP3J//ev9QH9fF48cQ39jIy0=; b=X2yqAmGjipJQm5P38Hk7I/rxyT1S1s2umbe6HIihrEnnZRlAyVtIb6OgM7k9KYGtX6 3gM/p41xelpss8AAnzApeibINFn6fiEUyCU2l2qCIpTVOAtt+7sxiDMNM+yup1M70mQm NCI0vuvLvl/uHX4vGClVUR3CJJVKsE8/kVVmUNJrK2zqXJk6t7RIAAu9LOsSdNbQRRbH 0z0AxyHRrnGH7zPmc+7bCJRCWlz5ZIG2XVteqyc8WgfZMEn6tdmMs7bsNXVPujKd7j/T qQ8j69u7QPc+hiApWip5Ns41kFJnxF03tVCizjjUu4VguFUJg8MDfNRFcslqyoBLO0HP zXng== X-Gm-Message-State: AOJu0YwOb3A4Mj4gMoqlbjDWkbsX8OCtnt2DylTDBY4L6Ni/Jse3pHVh 1n7miAW9NPt6CgKu9UjQO+fTuxrfSE3o2NFbJSLOlqKaWjfCKnY0ve6fzy508/VFVhnDt8QF/V+ K X-Google-Smtp-Source: AGHT+IEC3ln+FoyaIf4KtOKJGkc+VxcEYv68/cSV+qpevS4/tjjze925y1Lj6dsE9t183yyBlH351A== X-Received: by 2002:a05:6a20:d8b:b0:1cf:3d14:6921 with SMTP id adf61e73a8af0-1d9a84d168emr18451782637.35.1730228437387; Tue, 29 Oct 2024 12:00:37 -0700 (PDT) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7205793273csm7835439b3a.74.2024.10.29.12.00.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 12:00:37 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 19/19] util-linux: Define pidfd_* function signatures Date: Tue, 29 Oct 2024 11:59:52 -0700 Message-Id: <2c913a7b66ea756ebc65a573e1b5bb5dba6834d2.1730228268.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Oct 2024 19:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/206529 From: Khem Raj glibc 2.36 has added sys/pidfd.h and APIs for pidfd_send_signal and pidfd_open, therefore check for this header and include it if it exists Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/recipes-core/util-linux/util-linux.inc | 1 + .../0001-check-for-sys-pidfd.h.patch | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index f8841e6be0..b9172230e7 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -35,6 +35,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin file://run-ptest \ file://display_testname_for_subtest.patch \ file://avoid_parallel_tests.patch \ + file://0001-check-for-sys-pidfd.h.patch \ file://CVE-2024-28085-0001.patch \ file://CVE-2024-28085-0002.patch \ file://CVE-2024-28085-0003.patch \ diff --git a/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch b/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch new file mode 100644 index 0000000000..f2073eba02 --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch @@ -0,0 +1,50 @@ +From a77af2e46ea233d9e5d3b16396d41a252a5a3172 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 7 Aug 2022 14:39:19 -0700 +Subject: [PATCH] check for sys/pidfd.h + +This header in newer glibc defines the signatures of functions +pidfd_send_signal() and pidfd_open() and when these functions are +defined by libc then we need to include the relevant header to get +the definitions. Clang 15+ has started to error out when function +signatures are missing. + +Fixes errors like +misc-utils/kill.c:402:6: error: call to undeclared function 'pidfd_send_signal'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] + if (pidfd_send_signal(pfd, ctl->numsig, &info, 0) < 0) + +Upstream-Status: Submitted [https://github.com/util-linux/util-linux/pull/1769] +Signed-off-by: Khem Raj +--- + configure.ac | 1 + + include/pidfd-utils.h | 4 +++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index c38d871..72e893f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -339,6 +339,7 @@ AC_CHECK_HEADERS([ \ + sys/mkdev.h \ + sys/mount.h \ + sys/param.h \ ++ sys/pidfd.h \ + sys/prctl.h \ + sys/resource.h \ + sys/sendfile.h \ +diff --git a/include/pidfd-utils.h b/include/pidfd-utils.h +index 4a6c3a6..7c0c061 100644 +--- a/include/pidfd-utils.h ++++ b/include/pidfd-utils.h +@@ -4,8 +4,10 @@ + #if defined(__linux__) + # include + # if defined(SYS_pidfd_send_signal) && defined(SYS_pidfd_open) ++# ifdef HAVE_SYS_PIDFD_H ++# include ++# endif + # include +- + # ifndef HAVE_PIDFD_SEND_SIGNAL + static inline int pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + unsigned int flags)