From patchwork Wed Nov 27 18:49:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53311 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4E9ED6D221 for ; Wed, 27 Nov 2024 18:50:21 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.79043.1732733413575275983 for ; Wed, 27 Nov 2024 10:50:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=lZ4JjxBN; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-724d23df764so103944b3a.1 for ; Wed, 27 Nov 2024 10:50:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733413; x=1733338213; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cSIK5jpwpMDWv2Y6LShrZtrxBaoWOfT5QXYtaGzLr+U=; b=lZ4JjxBNOQWm6/by1oHdvb+uyuB02ble09K0jha6QaGNPQCBRPk4yQOnbcCCVl1RLm F410aIp3JRNH6i9Eg11AGeK1i0CBu0xwqHmL35PEp92nSl71eZgaFE/dDdLoepHdY+SL JDB7WZrPljmXrx7JFuuiwL4Lynf9TradrtJ6Cm05DpTW/cJnHXVnt25VAafix53RGcyn MqKOqNNjO+GCjzayCOhWY4ly/4b4W/3ZQ+bowoUWbO62qlZQJBkIYP28YNY6wd5xkFNt VT2XS/kZ/5n7BUs/LbxWC85SaPrbw2LOElYZmJ/S84ccAaXHw1VVJyBLydWU60KlGdmt tndw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733413; x=1733338213; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cSIK5jpwpMDWv2Y6LShrZtrxBaoWOfT5QXYtaGzLr+U=; b=DwWFE+0hjlxidnhm5TsktgTkcWokmEdApit9n8x91DA5miP0It0JrjSBZr+47xdTW2 FzF8VCsxUQyz1C0nhbvPCF50oSNR66Dz3L32xRb2G4L1hIBtZ2K37/bz5Lsp1EWmIY18 Z4PC3cyF7g38DydGun5ozl+FJC+UICdG0agAqqq1J7XemoUfL+0GOeOiGWUbSnzntW4a sKvllLCSTni6DUhrHXjEF5bKS2HEYhnKBf70tf6Qi0o0qZHiTxPGI/WSNElz6HOWiUSZ LBf9QDYE/YsB/8hWT1e5rEerpA/VgCNPUweBRzW5Piu8/1UgyQTNEZDCPy+Z5QSa4RcS MOhg== X-Gm-Message-State: AOJu0Yw8RdAMY1pYzvhLy2V3KChNEHE7xorSG0BNTDtV6LBDSZbpibLO P/rcxaeb9QRCQLU4zHURffFfhp2PAOUrOEMcATq6Tk4zBpZo1Pkk3wFIaByLGZ9omWebzBwJtMJ t X-Gm-Gg: ASbGncuOhLtSBiLNEwwhXDonX/3TellHSlbodqRBfGnafFOi007xt0OewQ+X1fFKRd5 MnwHomH6AlXloL6kbKnmVHzX8lz1uFktqwv4oT+P/4bnr6IzPzLBJTmVVNefGN5u8AnGYFfM4CG Oz80kNFN7wbkFFmpIz3oHsUfQ7MARTYJR91QaSP6jxbBYMFG8i+jKqTpYTrijkRIHpyW9PVGCX8 C1N4z8A5shVfwHOT3NZmH8PFwYOro61dJj3w8M= X-Google-Smtp-Source: AGHT+IGp1I4vq6eNTn9eZFcedMEYeOyi60ccEjkraomiFZqRpLt6sC6NvrUFX+NrYSIriX9T5Scu6Q== X-Received: by 2002:a05:6a00:3d0c:b0:71e:6ef2:6c11 with SMTP id d2e1a72fcca58-72530045bd6mr4968411b3a.9.1732733412654; Wed, 27 Nov 2024 10:50:12 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/14] python3-pip: fix CVE-2023-5752 Date: Wed, 27 Nov 2024 10:49:54 -0800 Message-Id: <862c0338fba06077a26c775b49f993eac63762c9.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207943 From: Jiaying Song When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. References: https://nvd.nist.gov/vuln/detail/CVE-2023-5752 Upstream patches: https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4 Signed-off-by: Jiaying Song Signed-off-by: Steve Sakoman --- .../python/python3-pip/CVE-2023-5752.patch | 34 +++++++++++++++++++ .../python/python3-pip_22.0.3.bb | 8 +++-- 2 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch diff --git a/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch b/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch new file mode 100644 index 0000000000..ef66a59021 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pip/CVE-2023-5752.patch @@ -0,0 +1,34 @@ +From b16dd80c50deaa4753045d93ed281d348509293f Mon Sep 17 00:00:00 2001 +From: Pradyun Gedam +Date: Sun, 1 Oct 2023 14:10:25 +0100 +Subject: [PATCH] Use `-r=...` instead of `-r ...` for hg + +This ensures that the resulting revision can not be misinterpreted as an +option. + +Upstream-Status: Backport +[https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4] + +CVE: CVE-2023-5752 + +Signed-off-by: Jiaying Song +--- + src/pip/_internal/vcs/mercurial.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pip/_internal/vcs/mercurial.py b/src/pip/_internal/vcs/mercurial.py +index 2a005e0..e440c12 100644 +--- a/src/pip/_internal/vcs/mercurial.py ++++ b/src/pip/_internal/vcs/mercurial.py +@@ -31,7 +31,7 @@ class Mercurial(VersionControl): + + @staticmethod + def get_base_rev_args(rev: str) -> List[str]: +- return [rev] ++ return [f"-r={rev}"] + + def fetch_new( + self, dest: str, url: HiddenText, rev_options: RevOptions, verbosity: int +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pip_22.0.3.bb b/meta/recipes-devtools/python/python3-pip_22.0.3.bb index 6e28b87ba3..28eab9c3de 100644 --- a/meta/recipes-devtools/python/python3-pip_22.0.3.bb +++ b/meta/recipes-devtools/python/python3-pip_22.0.3.bb @@ -34,9 +34,11 @@ LIC_FILES_CHKSUM = "\ inherit pypi python_setuptools_build_meta -SRC_URI += "file://0001-change-shebang-to-python3.patch" -SRC_URI += "file://no_shebang_mangling.patch" -SRC_URI += "file://reproducible.patch" +SRC_URI += "file://0001-change-shebang-to-python3.patch \ + file://no_shebang_mangling.patch \ + file://reproducible.patch \ + file://CVE-2023-5752.patch \ + " SRC_URI[sha256sum] = "f29d589df8c8ab99c060e68ad294c4a9ed896624f6368c5349d70aa581b333d0" From patchwork Wed Nov 27 18:49:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53314 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 092E5D6D226 for ; Wed, 27 Nov 2024 18:50:22 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.78781.1732733414809613072 for ; Wed, 27 Nov 2024 10:50:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ffRo+vEg; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-7251abe0e69so111641b3a.0 for ; Wed, 27 Nov 2024 10:50:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733414; x=1733338214; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fozTslo/T0djC5yNMUvXWVW671uUVLvFF+VeY5u2+Pc=; b=ffRo+vEg6DFDGbc66M2F7ibNuQQXHnH/wnOi0msLrSMFAnBh/E4qh9mkJsWqfSv+IH VsGLMRQeXLh85iGufmLl/Z2ANcNVATbEkRCcd+gi9QhxP9l04CnEfboV6n3XFGwnTKzj 4esLI4EHuysI/s6j+YGb7mPpQ3j59FkZwCsOEmPJ3oDz32Jrt5LxC2nOa9BkuYfAZ5tq z+05nozeMcEqU/wLgOFQarZssSyA9HKh6i+MdFDOCsrmf0G2xwPnk+KmsJAv6RHtxC4R Xnmq/llN+pFKThruLhWsc3NXnv73EAdvlCGqmhRuRg5aMzcard3XrpTCVFHaR6hKsR46 WNJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733414; x=1733338214; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fozTslo/T0djC5yNMUvXWVW671uUVLvFF+VeY5u2+Pc=; b=LCFYnkUIqeI4yvPUBl9qUedoVfO7RvoXwO/euCaXf57x1MaLF8RUM6M81Ll9FkqVeW Cwml7P3BsCGX4dmbMdcvAlwev9ysuC4eNphjHsrhhxyMeNZDT8lY01veRxHb5MwrsF0n zwuCiGeuVl1eHejE18VMbnNX/P8/KHSoN+rNvAhaXnsM02h5ssEt2WJq8UFtgNAyMiKp GkCsQ7Rq+fOjADm7t4M68LV19IWDuoRX3MibOQ535XooUUmez6LtOByMYAZNaZ5eIbrK ZXoVgq2dz8gexAN+eVQr3l6TUwB6CxBat5N1e7Exxd2MjBlEsCGAQPSIJ1zNSB2MrE8D eQbg== X-Gm-Message-State: AOJu0YwwkKhKteaoTvYR1Koc2941fGUJt1/WZkaipYw8j41HvL+5Rli7 vS1bdIJw06OrpI/1M1jxibteQOl4OWHRwWEZKEwTmWcLFT3QNA2D2tlKFeOpN8lJjtIUHyEXypl c X-Gm-Gg: ASbGncsi8PK4ySWgAFTSzI3DrIwoE4WHMjwSCeWe/mcelNsFb6SAwo0wXwcB4YhhqGc Ai1iw893kaI1UF+irYlPkKy/3NG/aurTq3E2EyzyZEUQqvCyOk9365LSo/S/ZZY5edcSEdd/7dZ nzeVfHLAA+vItl3p3QEKaZ61Ixukn0Dxohtame/t+Wcq1Wg1SQl3EbS8QqZhVYlCIFNH0UVh56z kwewYsCi1Kef/Gm01ZDRdpBDPk2nBtrOHpiJGk= X-Google-Smtp-Source: AGHT+IHChOtlGZfeOWi5n2zXm9GgahKKum4AsHIj+/NF1YowxWlZ5gbJPGr4JUy7u+QnFfEHi3jcFA== X-Received: by 2002:a05:6a00:230b:b0:724:5d26:d904 with SMTP id d2e1a72fcca58-7253014341cmr5041116b3a.18.1732733414082; Wed, 27 Nov 2024 10:50:14 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT Date: Wed, 27 Nov 2024 10:49:55 -0800 Message-Id: <941a645b3b18418e020ada9ebdd19f425f03dfc8.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207944 From: Peter Marko Builder is a common word and there are many other builder components which makes us to ignore CVEs for all of them. There is already 1 ignored and currently 3 new ones. Instead, set product to yocto to filter them. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-graphics/builder/builder_0.1.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb index 39be3bd63f..719db90530 100644 --- a/meta/recipes-graphics/builder/builder_0.1.bb +++ b/meta/recipes-graphics/builder/builder_0.1.bb @@ -29,5 +29,5 @@ do_install () { chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh } -# -4178 is an unrelated 'builder' -CVE_CHECK_IGNORE = "CVE-2008-4178" +# do not report CVEs for other builder apps +CVE_PRODUCT = "yoctoproject:builder" From patchwork Wed Nov 27 18:49:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53310 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E52CAD6D223 for ; Wed, 27 Nov 2024 18:50:21 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.79044.1732733416319456097 for ; Wed, 27 Nov 2024 10:50:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oPt7RrAC; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-724e7d5d5b2so101020b3a.2 for ; Wed, 27 Nov 2024 10:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733415; x=1733338215; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CY0T1I6lYqMksIMQyUkKGu2Ghv1V9ibQI1n+7EC7h4M=; b=oPt7RrACGkmKoe9JG+YhVwhcuQPhPZqFoqz2p170BbMbFR9+wAbMwsKatWiDz1WOII C3CnTctnIr/sxy6nDpfn5pqMOQ1NqmmVT51MC0dNucuopF7xMi71o9fgMJzFKIcHJynx 49rqfNQjRpVxF9dBlwoOzgmc4WU1XDu3iqjkJR1Kuy40mjxQW5dGgMSL0Nid4hgQDjU2 DRVwPRs2TKnAmqIEVfyOJcBVOjDfg9yqoptZ1f7FX6//cWZnDag542QlvCZACNy5hPKP 2vo1JjUBlhyWHkgy6ALOIrCCSY67GdsI0NViD+UG7UK1wUnbJ2g6c47km3KUrdpodIQJ JaaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733415; x=1733338215; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CY0T1I6lYqMksIMQyUkKGu2Ghv1V9ibQI1n+7EC7h4M=; b=KX7r39hypl1B1EsDQ/KTVScuYP44LQmClF1H4wLuxVH5KryPEng6SOF1xt5NsacVB9 kRRWmY4PEIu+GFjkW8h0fcOQzIr+sGQKyP/UxnIKmhYV4trEC0JORSWuhFZIar9Sgz82 l9Uok1UeuTuTGO6M9kyZGi9KL8hlJlwDSuDd5dta7+LOZ2+nJGYO4OKA2FpbqaGJndVq EWhwlo1OW52jOOvlgpBbsE+WyWqgYJPnOYVO4JThR0NIPwoRsl96qd2n+NVhDwIWEzJl 1GRdtRX4q1XV2uHRp09iaIx1CiWYSUotz4KYb7QeJFM6o+XZFmaLMRTlPHEMA78mtnoP br6A== X-Gm-Message-State: AOJu0YwLS0JgM3aSI3W3i6R1SozLBo3L33h7XDBa9XpmpR3pddLNO3pu upthgDhMOQ4TQAtd0Ww3kMdIZ8vNFkV5hcMoEkql67Yn/r1jtI5u7Iq0zIEwkigPFCoIClbyXlI u X-Gm-Gg: ASbGncsgol3at+ObMj3QiNm9E8XCy9k6eW710uYdjOPhuZt24drJjcIn3hGwcxzZTt3 9b6XRKuk6ZNXWV0ROfW3Fd5R9xpkUiE+bicPNz99Tmk9ucc2siXkOJwetGN7I6lFI8KpNVquVy4 UHHG0mGX0YowPE8yAXrXNQryBBcPz/uxJdP/UFVM8QPWGyr3OAfs910rQb4MLBlFq/HMPtRmMxc 9E8B2r4U92GHsFa4siFA110no+McMHp0cGRjD0= X-Google-Smtp-Source: AGHT+IE6+Ue8dzCNNg8d1LQak2mPIXm67OKVRzKYSG/yYCv/4Lulxikt6t/4AezUMRBZIFHGPeKdIw== X-Received: by 2002:a05:6a00:c8b:b0:71e:744a:3fbc with SMTP id d2e1a72fcca58-725301411b9mr5461649b3a.21.1732733415498; Wed, 27 Nov 2024 10:50:15 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/14] coreutils: fix CVE-2024-0684 Date: Wed, 27 Nov 2024 10:49:56 -0800 Message-Id: <3d9a4cacd5f051134f190afcab2c71b3286cf9e5.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207945 From: Chen Qi Backport patch with tweaks for the current version to fix CVE-2024-0684. Signed-off-by: Chen Qi Signed-off-by: Steve Sakoman --- ...0001-split-do-not-shrink-hold-buffer.patch | 42 +++++++++++++++++++ meta/recipes-core/coreutils/coreutils_9.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch diff --git a/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch new file mode 100644 index 0000000000..3eab65dcf1 --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch @@ -0,0 +1,42 @@ +From 80dca40bbb36b7b1630bb5a43d62b3ff21b4e064 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Nov 2024 23:43:49 -0800 +Subject: [PATCH] split: do not shrink hold buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/split.c (line_bytes_split): Do not shrink hold buffer. +If it’s large for this batch it’s likely to be large for the next +batch, and for ‘split’ it’s not worth the complexity/CPU hassle to +shrink it. Do not assume hold_size can be bufsize. + +CVE: CVE-2024-0684 + +Upstream-Status: Backport [c4c5ed8f4e9cd55a12966d4f520e3a13101637d9] + +The original patch is tweaked to fit the current version. + +Signed-off-by: Chen Qi +--- + src/split.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/split.c b/src/split.c +index 4b1b144..e44e867 100644 +--- a/src/split.c ++++ b/src/split.c +@@ -785,10 +785,7 @@ line_bytes_split (uintmax_t n_bytes, char *buf, size_t bufsize) + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xrealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */ +-- +2.25.1 + diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb index 8a2fbeca32..1cce9192ec 100644 --- a/meta/recipes-core/coreutils/coreutils_9.0.bb +++ b/meta/recipes-core/coreutils/coreutils_9.0.bb @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://0001-local.mk-fix-cross-compiling-problem.patch \ file://e8b56ebd536e82b15542a00c888109471936bfda.patch \ file://run-ptest \ + file://0001-split-do-not-shrink-hold-buffer.patch \ " SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce" From patchwork Wed Nov 27 18:49:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53309 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6692D65553 for ; Wed, 27 Nov 2024 18:50:21 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web10.78786.1732733418170706886 for ; Wed, 27 Nov 2024 10:50:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PNQ+btbg; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-7ea9739647bso586a12.0 for ; Wed, 27 Nov 2024 10:50:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733417; x=1733338217; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HqhrjOp6YI9FsW3yhePgrn991nl4TO27eyYERhI/lok=; b=PNQ+btbg7DLm4SpUN0bLyWSQz/TcmnuI9Xqp8ZypRpaFL+Uo7/Q7NF5McdXROvcp6J M5LWKAcANtlpP8hhSPiFf+tHUk6CDVpyYqIYYYPSAWgEYcNbENFqHqnUx5s+10TxkLyx Iro7rMcQ9ZxgXWNMCXxcVe7/kh61FIW8AZfmcAFYo0Xbvu3XYj/F9vrs061n9SUqrEBk n4IxzvWznUHZbACbXmBvf1QotXJHZl9QfWZ1FL5bCQB3G8iEonkKi1m/FUB8mrB2ZqG3 Oujc0I6l7vTzzQy4WrMi3Vf7HLgG15CAlDznFhhMn+jqBnCPdcle2JOiPewvl9PaXNyB 8Q6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733417; x=1733338217; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HqhrjOp6YI9FsW3yhePgrn991nl4TO27eyYERhI/lok=; b=MmWPretS23a62YScdy0JT2iAUEka5qDS68gjUk67gD64H2P5bdpO8+yAB7agTx6udb unbsmZ+01vZabfoHZdofY7RikuLoFsDEHWSD+7bCD2AX5/uMizAby0Gt1RS06Zaur/PT yqe2UEnTAXvtrZvvZSRLB/N7EDGRbEgMqsMC0SrK3h85pZeupphTIorPLZY4qCam7Q3x ilwwlnJiUWUGdk90UoQJgVL+fe/c1dXXev0haDw+mRX9JaSStKpaGQ5sNs8JvGFyfIoE uaoqVSUdT9qYIU610SHKZsXE9opK24klCwadDobzel/FWFPNkzdO6iMZw86S1if20W9C gBXg== X-Gm-Message-State: AOJu0Yyv13T6BYEentmKBmgjWYw6sVJl7qISWM0Bkgkv7ry1EaIkgGy1 pCV7g0D0wfPeKdqS/TScy7KQ1jdwZfS2jMxdEJUn2lTvi1IY0S9f1d2jeW5kdTsm7y/Ws1UlfxR H X-Gm-Gg: ASbGncvZ5der7eUq2hYJPDsUm4sNB7rx+8PikxZWEKw/5B/dArWftLwVRfAbC1kMSRW p2mFZTs1RpW62b9xhXux1It3cc+mHaWXewGpLZn4KOmK5HMXwBDjc0qboEJhJTFox9CQ00J5HWy +PHp9Tp/aBiJQL7Aa7PWODRDUBb0vkAbq0vuQGAZ7j6x1+4ankcKn7QdzW+WEAaYiiwL6cyRpkC KvuOUDipAR61xbZvXOUHXdn3+FXixd7Puc51fQ= X-Google-Smtp-Source: AGHT+IEPk0S7KgGdLQkOTN01+BkoyK/vRus8xmIAKKPDFiT1Wlh8hEgPCL07CySo/5UiaVCTDZfnfw== X-Received: by 2002:a05:6a20:12c3:b0:1d9:2694:44df with SMTP id adf61e73a8af0-1e0e0b7fc67mr6107542637.43.1732733417231; Wed, 27 Nov 2024 10:50:17 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:16 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/14] libsndfile: fix CVE-2024-50612 Date: Wed, 27 Nov 2024 10:49:57 -0800 Message-Id: <5462005cf3feef383e4212529a8c7af827bdf0d1.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207946 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libsndfile1/CVE-2024-50612.patch | 402 ++++++++++++++++++ .../libsndfile/libsndfile1_1.0.31.bb | 1 + 2 files changed, 403 insertions(+) create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch new file mode 100644 index 0000000000..9e4b5f8ce0 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch @@ -0,0 +1,402 @@ +From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001 +From: Arthur Taylor +Date: Fri, 15 Nov 2024 19:46:53 -0800 +Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035 + +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba] +CVE: CVE-2024-50612 +Signed-off-by: Hitendra Prajapati +--- + src/ogg.c | 12 ++-- + src/ogg_opus.c | 17 +++-- + src/ogg_vorbis.c | 167 +++++++++++++++++++++++++++-------------------- + 3 files changed, 114 insertions(+), 82 deletions(-) + +diff --git a/src/ogg.c b/src/ogg.c +index 7a4a167..c6e76e3 100644 +--- a/src/ogg.c ++++ b/src/ogg.c +@@ -209,12 +209,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata) + + int + ogg_write_page (SF_PRIVATE *psf, ogg_page *page) +-{ int bytes ; ++{ int n ; + +- bytes = psf_fwrite (page->header, 1, page->header_len, psf) ; +- bytes += psf_fwrite (page->body, 1, page->body_len, psf) ; ++ n = psf_fwrite (page->header, 1, page->header_len, psf) ; ++ if (n == page->header_len) ++ n += psf_fwrite (page->body, 1, page->body_len, psf) ; + +- return bytes == page->header_len + page->body_len ; ++ if (n != page->body_len + page->header_len) ++ return -1 ; ++ ++ return n ; + } /* ogg_write_page */ + + sf_count_t +diff --git a/src/ogg_opus.c b/src/ogg_opus.c +index d937ada..5ad53ac 100644 +--- a/src/ogg_opus.c ++++ b/src/ogg_opus.c +@@ -815,15 +815,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + + /* The first page MUST only contain the header, so flush it out now */ + ogg_stream_packetin (&odata->ostream, &op) ; +- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; ) +- { if (! (nn = ogg_write_page (psf, &odata->opage))) ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ { nn = ogg_write_page (psf, &odata->opage) ; ++ if (nn < 0) + { psf_log_printf (psf, "Opus : Failed to write header!\n") ; + if (psf->error) + return psf->error ; + return SFE_INTERNAL ; + } ; + psf->dataoffset += nn ; +- } ++ } ; + + /* + ** Metadata Tags (manditory) +@@ -838,15 +839,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ; + op.packetno = 2 ; + ogg_stream_packetin (&odata->ostream, &op) ; +- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; ) +- { if (! (nn = ogg_write_page (psf, &odata->opage))) ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ { nn = ogg_write_page (psf, &odata->opage) ; ++ if (nn < 0) + { psf_log_printf (psf, "Opus : Failed to write comments!\n") ; + if (psf->error) + return psf->error ; + return SFE_INTERNAL ; + } ; + psf->dataoffset += nn ; +- } ++ } ; + + return 0 ; + } /* ogg_opus_write_header */ +@@ -1124,7 +1126,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus) + */ + oopus->u.encode.last_segments -= odata->opage.header [26] ; + oopus->pg_pos = oopus->pkt_pos ; +- ogg_write_page (psf, &odata->opage) ; ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + } + else + break ; +diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c +index 5f53651..fa5709f 100644 +--- a/src/ogg_vorbis.c ++++ b/src/ogg_vorbis.c +@@ -78,26 +78,6 @@ + + #include "ogg.h" + +-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; +- +-static int vorbis_read_header (SF_PRIVATE *psf) ; +-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; +-static int vorbis_close (SF_PRIVATE *psf) ; +-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; +-static int vorbis_byterate (SF_PRIVATE *psf) ; +-static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ; +-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; +-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; +-static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ; +- + typedef struct + { int id ; + const char *name ; +@@ -143,6 +123,46 @@ typedef struct + sf_count_t last_page ; + } VORBIS_PRIVATE ; + ++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; ++ ++static int vorbis_read_header (SF_PRIVATE *psf) ; ++static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; ++static int vorbis_close (SF_PRIVATE *psf) ; ++static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; ++static int vorbis_byterate (SF_PRIVATE *psf) ; ++static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ; ++static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ; ++static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ; ++static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ; ++static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; ++static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; ++static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ; ++static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ; ++static void vorbis_log_error (SF_PRIVATE *psf, int error) ; ++ ++ ++static void ++vorbis_log_error(SF_PRIVATE *psf, int error) { ++ switch (error) ++ { case 0: return; ++ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ; ++ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ; ++ case OV_EFAULT: ++ case OV_EINVAL: ++ default: psf->error = SFE_INTERNAL ; ++ } ; ++} ; ++ + static int + vorbis_read_header (SF_PRIVATE *psf) + { OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; +@@ -386,7 +406,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + { ogg_packet header ; + ogg_packet header_comm ; + ogg_packet header_code ; +- int result ; + + vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ; + ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */ +@@ -396,9 +415,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + /* This ensures the actual + * audio data will start on a new page, as per spec + */ +- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0) +- { ogg_write_page (psf, &odata->opage) ; +- } ; ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + } + + return 0 ; +@@ -408,6 +427,7 @@ static int + vorbis_close (SF_PRIVATE *psf) + { OGG_PRIVATE* odata = psf->container_data ; + VORBIS_PRIVATE *vdata = psf->codec_data ; ++ int ret = 0 ; + + if (odata == NULL || vdata == NULL) + return 0 ; +@@ -418,34 +438,14 @@ vorbis_close (SF_PRIVATE *psf) + if (psf->file.mode == SFM_WRITE) + { + if (psf->write_current <= 0) +- vorbis_write_header (psf, 0) ; +- +- vorbis_analysis_wrote (&vdata->vdsp, 0) ; +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) +- { ++ ret = vorbis_write_header (psf, 0) ; + +- /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; +- +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) +- { /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; +- +- /* write out pages (if any) */ +- while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) break ; +- ogg_write_page (psf, &odata->opage) ; +- +- /* this could be set above, but for illustrative purposes, I do +- it here (to show that vorbis does know where the stream ends) */ +- +- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ; +- } +- } +- } +- } ++ if (ret == 0) ++ { /* A write of zero samples tells Vorbis the stream is done and to ++ flush. */ ++ ret = vorbis_write_samples (psf, odata, vdata, 0) ; ++ } ; ++ } ; + + /* ogg_page and ogg_packet structs always point to storage in + libvorbis. They are never freed or manipulated directly */ +@@ -455,7 +455,7 @@ vorbis_close (SF_PRIVATE *psf) + vorbis_comment_clear (&vdata->vcomment) ; + vorbis_info_clear (&vdata->vinfo) ; + +- return 0 ; ++ return ret ; + } /* vorbis_close */ + + int +@@ -686,33 +686,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens) + /*============================================================================== + */ + +-static void ++static int + vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) +-{ +- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ; ++{ int ret ; ++ ++ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0) ++ return ret ; + + /* + ** Vorbis does some data preanalysis, then divvies up blocks for + ** more involved (potentially parallel) processing. Get a single + ** block for encoding now. + */ +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) ++ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1) + { + /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; ++ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0) ++ return ret ; ++ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0) ++ return ret ; + +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) ++ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1) + { + /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; ++ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0) ++ return ret ; + + /* write out pages (if any) */ + while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) ++ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ; ++ if (ret == 0) + break ; +- ogg_write_page (psf, &odata->opage) ; ++ ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + + /* This could be set above, but for illustrative purposes, I do + ** it here (to show that vorbis does know where the stream ends) */ +@@ -720,16 +727,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata + odata->eos = 1 ; + } ; + } ; ++ if (ret != 0) ++ return ret ; + } ; ++ if (ret != 0) ++ return ret ; + + vdata->loc += in_frames ; ++ ++ return 0 ; + } /* vorbis_write_data */ + + + static sf_count_t + vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) + { +- int i, m, j = 0 ; ++ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -738,14 +751,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 32767.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_s */ + + static sf_count_t + vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -754,14 +770,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_i */ + + static sf_count_t + vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -770,14 +789,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_f */ + + static sf_count_t + vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -786,7 +808,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_d */ +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb index 0c654fd853..20240635f7 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/libsndfile/libsndfile/releases/download/${PV}/libs file://noopus.patch \ file://0001-flac-Fix-improper-buffer-reusing-732.patch \ file://CVE-2022-33065.patch \ + file://CVE-2024-50612.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libsndfile/libsndfile/releases/" From patchwork Wed Nov 27 18:49:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53312 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5BDAD6D224 for ; Wed, 27 Nov 2024 18:50:21 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.79047.1732733419436883398 for ; Wed, 27 Nov 2024 10:50:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Kb334IUq; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-723f37dd76cso103333b3a.0 for ; Wed, 27 Nov 2024 10:50:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733419; x=1733338219; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XWWaUv2S0ZFtwcxnhN4KxEwoAgYmfiuky8uvvv0AJwk=; b=Kb334IUq3ztsoG9VaUGgT1SzIhMZ8pRH/Yt75RHyG7i6qn9Hv4s3YcQBSt1+HqhNIP 7UpzC9W9AahshVPW9dtfPQ1fkkidMln2aWFckGRlObaHwmeX3Kxa0wzoQVh/P78L0ci9 kro+sVHhoR0Zpt2qd37Fb8W9tHZuyb2pBB3gryslMwQ893f8QoRSOYY8T7M80aG7sFhr sJrKXjntlJNigbceLbCiWdQj+lJrjIP47psSNNL5Owqp5qSKqiOa4csmWV7a+5NStKJk oGVOIK4yeposWz6iyzP61/eqE3ffIIQ+/8PDDC21naQpzsiyD/tkDc6FbgmitIrZJJxa nzAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733419; x=1733338219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XWWaUv2S0ZFtwcxnhN4KxEwoAgYmfiuky8uvvv0AJwk=; b=aBKCCoNLjm7nLlOfq8jqcJaG7kfScBwOBvaE2TvN/CcHbrCG+3poP7S+6Gn/PH+9s0 IKUIzC+B4SmqwjoJPcyDkCbusHeYZ+MlG+ZascerBWCDpLE7RtqlhH7zIZ/slMQwHEA6 uMYpZOv9muH0y7btArPmTMfqWg8Wsbe/uFWc68sr/nqSK3mxgiRJEAi82ZLWOYlcnhti B807iWuzAF7fb7wW4tTfHfQBhJ6LsSq6PgEVNs2mc6dYJ9hlXf/ouSqR9qrHXD93Li+z 9s7BcSbj09PpApf2z3R+zBmfvXlSQ6ZxvwFZnEa2Sngpauynj0tk+TbemGZ9qhkmEyHs PPDQ== X-Gm-Message-State: AOJu0YxPJpUcw+5NeQIRBe4NqHLNheRysKQblqo2PiQOuz+/v2aVJgN8 cuRPpS1/7MZrT41aM1Bb/w75embW+NXm4+JOOaDY7v1M5F7PxgBhkDEbp43O1TxZNt8oVP7e13x y X-Gm-Gg: ASbGncvN1v1iD2WMvoVS18X607ffBRvOsc/VmR5VArVkVgphJPC0xyyooStkXiHV+b8 FNm/Xhb2zjmBYcDLi2DSq3yGVf0vClWA2JBaRkhmMvb+dRu13gBnJx5lR9i+wl9Nb+IbrH5hqrP rnR2WptjiXmi+eYPwro6mVgOgajhdcSNrrd/4x/tEVJz+tL/WSRTXs9fMSQ3FbBConP872gM/CD 2kpEpbEB1MC83mgNrCGVK6HXxFUf1icnC3pGKU= X-Google-Smtp-Source: AGHT+IELRJBKcsRXLftfkfPN6//V2rlVRP+WPcvf3mCRv3IFn7QJi/4u8FA9aomAOvR6oYES6yM+fw== X-Received: by 2002:a05:6a00:b47:b0:725:99f:9732 with SMTP id d2e1a72fcca58-72530041cd1mr5547516b3a.13.1732733418634; Wed, 27 Nov 2024 10:50:18 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/14] ffmpeg: fix CVE-2023-51798 Date: Wed, 27 Nov 2024 10:49:58 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207947 From: Archana Polampalli Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-51798.patch | 45 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch new file mode 100644 index 0000000000..6250486c05 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51798.patch @@ -0,0 +1,45 @@ +From c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Sat, 30 Dec 2023 02:51:32 +0100 +Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division + +Fixes: FPE +Fixes: tickets/10758/poc20ffmpeg + +Discovered by Zeng Yunxiang + +Signed-off-by: Michael Niedermayer +(cherry picked from commit 68146f06f852078866b3ef1564556e3a272920c7) +Signed-off-by: Michael Niedermayer + +CVE: CVE-2023-51798 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/c9e6162554cc7d04a56e2edd1f6f1479c6f8b62f] + +Signed-off-by: Archana Polampalli +--- + libavfilter/vf_minterpolate.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c +index 97d0e96..9296e67 100644 +--- a/libavfilter/vf_minterpolate.c ++++ b/libavfilter/vf_minterpolate.c +@@ -1078,8 +1078,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out) + pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den, + (int64_t) outlink->time_base.den * inlink->time_base.num); + +- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); +- alpha = av_clip(alpha, 0, ALPHA_MAX); ++ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) { ++ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); ++ alpha = av_clip(alpha, 0, ALPHA_MAX); ++ } else { ++ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n"); ++ alpha = 0; ++ } + + if (alpha == 0 || alpha == ALPHA_MAX) { + av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf); +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 80a4e5b96f..b8bd77972b 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -35,6 +35,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2024-31582.patch \ file://CVE-2024-31578.patch \ file://CVE-2023-51794.patch \ + file://CVE-2023-51798.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Wed Nov 27 18:49:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53313 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4F81D6ACFD for ; Wed, 27 Nov 2024 18:50:21 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.78789.1732733420808302975 for ; Wed, 27 Nov 2024 10:50:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=I7yQXEq2; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-724fee568aaso104052b3a.1 for ; Wed, 27 Nov 2024 10:50:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733420; x=1733338220; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N5Wz4AGgxyc3wk+5At+uEiz2UXLYqRA7C4G+RG4VKnE=; b=I7yQXEq28PTDjwqLb7RIVoUFRkNetEO8tZby891aXwUyjbmp3upCNzLoJzdI3KF5Eb yY82Z5xjeeX60pZ0JKFl5pHjNZ+f6z1D2f6lLJzG270evweJhhxa1h38Fwh1eMPGP0E6 Wq/NYx1Y2gINIAsjOpSK2P+Il/FalhWnc9RVmOQj37r3bqFO5/c7nTGlu0jkX1wIE0/0 tv3l3hmK/LrnglfWIrSL5rzfuFoPMhGu3nNOGJhEgmshfBrKRiiGK6Y/NHlV5Lz+p8kl BmGYCWeCcT3mEJXG94viWNs3Xzm9SMPCTu9lk1Yhb8FU6w5KfTCtF3WgFxmZhAWwIs3v TIWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733420; x=1733338220; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N5Wz4AGgxyc3wk+5At+uEiz2UXLYqRA7C4G+RG4VKnE=; b=bgFxsbXRKZxCijdoWvJRmN9o9f76oLFiBpI5D7XtI8H1bC96IZZJf1/r12cCiTrbEV OofX9DHgLQ3NtY6vknNECYxUXZpzGZKr0REMXqD6IFK2SOZoUn7IBg7TJIz6mDUNSY9p YYnSVYV8Fpkca6Vs9D3RaEJNmD+eXVhBRemtsu7mioYgFWJ1mYsynrvbWEql03hozYyu pZwajRiqiR3WDyYI9UFG1VsrSfxrUKvWZ++yL8S9HDnsJJebxUsMiGG8hnosoEZ9kh8g 4mQ9a6sTun/Yqaw0aH7bITJ+xno5jyr5DTrRjA83iV4MtcdSgtzp8xpcKhnExxJy1wj7 N00g== X-Gm-Message-State: AOJu0YzjxocZDORAENh4bKOZFVsu6o6mBJU7EyUd2RxXW0yLVfU2VjCZ o13i2K7u6PJ+/rQxqa//ud8gatJftxUui5iUXo3UPlhz4NEsK2t9d3eqxEzw876gJ7GtYRYSjkU Y X-Gm-Gg: ASbGncsBoKW0K9Bp1leUZ8zOetZe+nmJGMHh7nCYpHE1nUnOSbgjqgBI2qUAJdkCmMi A6uKv0mODQgMBLT54i3bCDiPDc0G9MDvMDOwBL3Ux8lq0KmJkWEXADV2neCsOjWgPvfXwMmhXN1 e10t81dIv9x9gwFe05jenG1HwypJ+j5D+C0DUzk4tmEXLX/VUufmZyh+I0kMl5MxkUUYvzYXHnm tJ2xq173aJsfJOANeyMweAxhUcBF2mxhk2DvX0= X-Google-Smtp-Source: AGHT+IHo7eo/0WoaFVeiv+Oq3/yoQZ9f1nW09u9CFFNEsNEnqpCABiX7/f0iY1DuxCSmgMJr3YL4MA== X-Received: by 2002:a05:6a00:410b:b0:725:31f2:5d0f with SMTP id d2e1a72fcca58-72531f25d78mr5415856b3a.8.1732733419988; Wed, 27 Nov 2024 10:50:19 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:19 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/14] ffmpeg: fix CVE-2023-47342 Date: Wed, 27 Nov 2024 10:49:59 -0800 Message-Id: <725fe951917606fe141aab4d2f1c14617b280943.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207948 From: Archana Polampalli Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-47342.patch | 39 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch new file mode 100644 index 0000000000..39842229c1 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-47342.patch @@ -0,0 +1,39 @@ +From e4d5ac8d7d2a08658b3db7dd821246fe6b35381f Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Thu, 19 Oct 2023 22:07:36 +0200 +Subject: [PATCH] avformat/rtsp: Use rtsp_st->stream_index +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: out of array access +Fixes: rtpdec_h264.c149/poc + +Found-by: Hardik Shah of Vehere +Reviewed-by: Martin Storsjö +Signed-off-by: Michael Niedermayer + +CVE: CVE-2023-47342 + +Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/e4d5ac8d7d2a08658b3db7dd821246fe6b35381f] + +Signed-off-by: Archana Polampalli +--- + libavformat/rtsp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c +index 70c1894..d435bd0 100644 +--- a/libavformat/rtsp.c ++++ b/libavformat/rtsp.c +@@ -406,7 +406,7 @@ static void parse_fmtp(AVFormatContext *s, RTSPState *rt, + if (rtsp_st->sdp_payload_type == payload_type && + rtsp_st->dynamic_handler && + rtsp_st->dynamic_handler->parse_sdp_a_line) { +- rtsp_st->dynamic_handler->parse_sdp_a_line(s, i, ++ rtsp_st->dynamic_handler->parse_sdp_a_line(s, rtsp_st->stream_index, + rtsp_st->dynamic_protocol_context, line); + } + } +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index b8bd77972b..d233ced662 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -36,6 +36,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2024-31578.patch \ file://CVE-2023-51794.patch \ file://CVE-2023-51798.patch \ + file://CVE-2023-47342.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Wed Nov 27 18:50:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53315 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 066E7D6D226 for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.78790.1732733422080438291 for ; Wed, 27 Nov 2024 10:50:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LnPYOSyC; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-724f1004c79so71095b3a.2 for ; Wed, 27 Nov 2024 10:50:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733421; x=1733338221; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1UpDQbVOcjVqEe1BZSnCHsE9JKI74E8LLqSTbLjbo1w=; b=LnPYOSyC1ge18j17i5NbgRQcT9GnKmJGkHQVjJtQUKWILx0FYnqD7nhIBzGiNkTNHq EYDhRx5aFWDjX1dGFbOd+HfXxdJ5HcJ+FVMs3R4G3EUFy3uEvPdc3uNFD2AeS8KDskMb krWs0egMTtJQywB7o1hHo21lM+B1MMkoYz6tAmufLk1tJLoSt8vFVClf0+UP5I944NwG wH9GyBvBvXhOsxrj8jBMIVnpTGin8JUAliY+oiPo7532p5P9uUeHMaztVdcE4SNI0YSV w5y09jI1sepUw0bMSftqXPy6j2RLo75s78ekRztGeM1YVravD3xx7lq4P4nZTx01IGRB OpBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733421; x=1733338221; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1UpDQbVOcjVqEe1BZSnCHsE9JKI74E8LLqSTbLjbo1w=; b=Aln2kqCWBV1PTLXsajopgVimoX8rASeGWv/zu9Fh6f81w+rs0P/0QIeUYvYupLhjI5 z6HpebL+3+BgT+rXNGZpm8/Bw/gNQUmi0sSzlFaJFmhKF2KXLJqGTLAac7vYr9p9Lkyi rG9thNdHMmvyzI8laFHw50plsFvnGrQm941ZMcCC7Nuvih1/jJqljFLEi5q7CwbO5nRP HcL7YP04LBnlZ823qISBYYy9D9B1ywjxKFCosKzBxm1n8xLpY9VpV5nBMOn/tsIGaMOQ hxCjTxZ38AAgKXCLvmJoJc7OTBvOyn/AqcLsNBPWxjO3QLUug7TM7yQxtKIyxtm9tQSX 5Ovg== X-Gm-Message-State: AOJu0YzSbArb7P2VSBzn/c/0V4B+yeCfoH0/YId2Ae7sLlzNCqpK8Axp r90gGt8o4gNrGoT2m2xNpsAKkasZzfd3AoyvKvh4nLg7LUAL0/m3P5Z4RyunwXK/RMwnpIK7Av4 Y X-Gm-Gg: ASbGncsbTey/1v4z+h9a1e6SvsBRH0t9R/1yWC+o8ldbJYWh9PCOO5ej67asadMzbYl /tI7chUGhlqlSyIT31L3cE9epCrj4CiGCdJLzjoMSTXiRoaX5NeSkuHObxzdS3N9ddSn3LMTUB6 iTBzqYBwwhQ5gk8muZhjOcOmTWT8ZRsmHuqO3+DbFiM85DELuknHo3RZeRR99dfAHvGzbDwBkpU W9NpZKUkbpwLdExVyQw8jFSRdyDZeyowpOQ37U= X-Google-Smtp-Source: AGHT+IEofE1YPJQApqIIw0ZkkulCeJBvMlDZ7d2fOg6fePfSZEgq2HCR5FkOwt9a4W0a9NwU6V4QVQ== X-Received: by 2002:a05:6a00:230a:b0:71e:f14:869c with SMTP id d2e1a72fcca58-72530030396mr5765680b3a.6.1732733421392; Wed, 27 Nov 2024 10:50:21 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/14] ffmpeg: fix CVE-2023-50007 Date: Wed, 27 Nov 2024 10:50:00 -0800 Message-Id: <88a1fc5a6445e72e6cc78c39a6feff3aa96beea6.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207949 From: Archana Polampalli Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in the libavutil/samplefmt.c:260:9 component. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch new file mode 100644 index 0000000000..fd4dc486ee --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch @@ -0,0 +1,78 @@ +From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Mon, 27 Nov 2023 11:45:34 +0100 +Subject: [PATCH 2/4] avfilter/af_afwtdn: fix crash with EOF handling + +CVE: CVE-2023-50007 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47] + +Signed-off-by: Archana Polampalli +--- + libavfilter/af_afwtdn.c | 34 +++++++++++++++++++--------------- + 1 file changed, 19 insertions(+), 15 deletions(-) + +diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c +index 09b504d..1839190 100644 +--- a/libavfilter/af_afwtdn.c ++++ b/libavfilter/af_afwtdn.c +@@ -410,6 +410,7 @@ typedef struct AudioFWTDNContext { + + uint64_t sn; + int64_t eof_pts; ++ int eof; + + int wavelet_type; + int channels; +@@ -1071,7 +1072,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) + s->drop_samples = 0; + } else { + if (s->padd_samples < 0 && eof) { +- out->nb_samples += s->padd_samples; ++ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples); + s->padd_samples = 0; + } + if (!eof) +@@ -1210,23 +1211,26 @@ static int activate(AVFilterContext *ctx) + + FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink); + +- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); +- if (ret < 0) +- return ret; +- if (ret > 0) +- return filter_frame(inlink, in); ++ if (!s->eof) { ++ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); ++ if (ret < 0) ++ return ret; ++ if (ret > 0) ++ return filter_frame(inlink, in); ++ } + + if (ff_inlink_acknowledge_status(inlink, &status, &pts)) { +- if (status == AVERROR_EOF) { +- while (s->padd_samples != 0) { +- ret = filter_frame(inlink, NULL); +- if (ret < 0) +- return ret; +- } +- ff_outlink_set_status(outlink, status, pts); +- return ret; +- } ++ if (status == AVERROR_EOF) ++ s->eof = 1; + } ++ ++ if (s->eof && s->padd_samples != 0) { ++ return filter_frame(inlink, NULL); ++ } else if (s->eof) { ++ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts); ++ return 0; ++ } ++ + FF_FILTER_FORWARD_WANTED(outlink, inlink); + + return FFERROR_NOT_READY; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index d233ced662..ee13081e4d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -37,6 +37,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2023-51794.patch \ file://CVE-2023-51798.patch \ file://CVE-2023-47342.patch \ + file://CVE-2023-50007.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Wed Nov 27 18:50:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53317 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 195E1D6D22D for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.79050.1732733423642839846 for ; Wed, 27 Nov 2024 10:50:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rPLBC7Di; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7250906bc63so69323b3a.1 for ; Wed, 27 Nov 2024 10:50:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733423; x=1733338223; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RYWpOG9M+x/cv2ZdooKwsIX3JcCfRs24UM9FmSuHCNI=; b=rPLBC7Dikoocs/0WQssQJVP2fYpgqvK1i8Hjafe2wyxVLb3FlSPi+yQPfpRObqEu09 FpebJwn7psSTjUKzSrWZ73oxRagnvKa9pQo0pBTsfCv47E6dQCP5eyOIr1lsaX0K+W5I pcXlFtvJvIjThCyn/XYk8ZKLJwxParoaqAUmPLWSo4zpfGgjhkE55e0jKNvHrIG/aWCc ETJMACJQHZqMEDv9oiIJkVnjHRDkNr8mYBjjBm5p8N08xgurybbmWejftx5nw6lkYq3O psUOMjrBjRVzYjwliTm4vbHmnrOm/Y6JUaRMLGOdsgMjmYKfd6VECI3vylPtkzljRgnD n7Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733423; x=1733338223; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RYWpOG9M+x/cv2ZdooKwsIX3JcCfRs24UM9FmSuHCNI=; b=sNEWcywfYMQfRj+AFflW/jTguqAa9bcNg93w4xRWiibyxJxqUHdKGCWaDB+nH1MEKC 61mSZ1iZeEvDNP6EJKnXq9EElpzbs8BanbiI7suhgLeiX3aP88aRhLuAxIvIieYvs82g jKcZv7ugw6nGQHPc9Jt0dVirZNnHOVchC+dU8MpzSriDdv5qNWpNrqJ3nT4WGi6P+i4J DXthqa/Ck7GIAwAAacHThBs4Udx/6YdchjDkJZUlwonQsDfkYZ+mvQZc+qogp/hG6hiK RDvPMFTJpZvv60nGMe43RDLiPHO3DonLTNc7zKIfuOVWPYjXy52dtt2UxTYwH2yuu3Fh 6ZaQ== X-Gm-Message-State: AOJu0YzTqiKMfvDbz0FDB9oSAH6sFaS2NtAo1IwxrtTFML6SowwguLg1 3csPVQN2G9TccVUHg0NKr9NvdtaCngYzSi7u/vNrt2tJVGHR7/Q0yNAF9Dpqa13mZe+dPNNeIOb F X-Gm-Gg: ASbGnctKaW1Q/edVLDtbgK0hKkWf7HRScfJ9HGRPA2exYp5E1X8FkWPxc7TB5Uf8wsO bTmy0GSF4zhJLWFCk6Vwz9WECtpXyxnMYavY3OVrBtyJsWFkO6naJ3Pj7vsNg2g3468Rxl+8hur sPUDRBYXbqiC+uOEotEqKeounH3P2JHW4G3nyrWZC5tBVDilK9AsPCHawlEdtPzyFXbs/Yap+8g IgPUW/TisLl/QJDV1XMXgua7mEeiuDY36TXaXw= X-Google-Smtp-Source: AGHT+IH2lbMbll0b/3fbtDApEgJhmeLwy/qObPKp0/ZL5dszBnfCYk6tX693Ha+FzUDXrhvGo/SKXA== X-Received: by 2002:a05:6a00:3029:b0:724:f4bd:13c0 with SMTP id d2e1a72fcca58-7253effba74mr699490b3a.0.1732733422826; Wed, 27 Nov 2024 10:50:22 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:22 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/14] ffmpeg: fix CVE-2023-51796 Date: Wed, 27 Nov 2024 10:50:01 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207950 From: Archana Polampalli Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-51796.patch | 39 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch new file mode 100644 index 0000000000..4ec0aa5aee --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51796.patch @@ -0,0 +1,39 @@ +From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Sat, 23 Dec 2023 18:04:32 +0100 +Subject: [PATCH 3/4] avfilter/f_reverse: Apply PTS compensation only when pts + is available + +Fixes: out of array access +Fixes: tickets/10753/poc16ffmpeg + +Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1 +Found-by: Zeng Yunxiang +Signed-off-by: Michael Niedermayer + +CVE: CVE-2023-51796 + +Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19] + +Signed-off-by: Archana Polampalli +--- + libavfilter/f_reverse.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libavfilter/f_reverse.c b/libavfilter/f_reverse.c +index f7a7e71..7b919d6 100644 +--- a/libavfilter/f_reverse.c ++++ b/libavfilter/f_reverse.c +@@ -251,7 +251,9 @@ static int areverse_request_frame(AVFilterLink *outlink) + if (ret == AVERROR_EOF && s->nb_frames > 0) { + AVFrame *out = s->frames[s->nb_frames - 1]; + out->pts = s->pts[s->flush_idx++] - s->nb_samples; +- s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples; ++ if (s->nb_frames > 1) ++ s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples; ++ + + if (av_sample_fmt_is_planar(out->format)) + reverse_samples_planar(out); +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index ee13081e4d..8e0fc090ac 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -38,6 +38,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2023-51798.patch \ file://CVE-2023-47342.patch \ file://CVE-2023-50007.patch \ + file://CVE-2023-51796.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Wed Nov 27 18:50:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53321 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32280D6D230 for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.78793.1732733425147656202 for ; Wed, 27 Nov 2024 10:50:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vSVF/ZXS; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-724f42c1c38so103434b3a.1 for ; Wed, 27 Nov 2024 10:50:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733424; x=1733338224; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=q5Dd9p51M0E2yKpFRdYZUwVWqEBzpUri6gH1ksS6eLI=; b=vSVF/ZXSUgSopmrCdY6FzJeNKG2FuqxHrNyX/WVv/RDlAAfVwPu+qw7+8a/67k8R3m m0Bo9XZqSoUxoiHNvdgnphOmQ8UUyUZwI0ozF3NzYNk7SrUAFhBhtSL1ZBgvT5B79w+M txlBQo50gxYUdcocidU2pHS4VzW7l4wti2KP31b3DeADbPQnngIzjQ5+NYG8EB/ozQlx ex0ol2VDymli5lK4ITrtg04u7gzHKNJ+9HmTnBjx21JQZXDVtRscOyw2vh/VRs1Pv8+B 7n4LIYjO5fsO78r/qmOPHHJKciO2lmcCTg1QVj2uBMGJ/jbJYchpNwmL0haFGrjYwtBb Qf8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733424; x=1733338224; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q5Dd9p51M0E2yKpFRdYZUwVWqEBzpUri6gH1ksS6eLI=; b=JpFPu8QuZeQHws74imIBVL5aCWAFOTXylXsbmsWBnBTGMhKuIRekZ45I95eC28hakQ gwXEiRDHj/XDBD7xxAR8IafFtEOW/tOgZ8vcfeQrVwDK1XaUMe6cZ9VXRlqUz2gzoSzM 4/045piv87HZQPNA5LtbYYQTSl0rNbtNddJPze2aw1ToCV+eeNpA1Sk4VtwOyXhG+VcD FW1SWfqDqkcvPlMTj9rr4MF7jV3e9s7xFl5YhOBxOnl7My6yXiHslTdzKswqr/YwP701 36xBVjLrJB6Cr++dU+6+AhnhhXauaaGp1mGfXGEgMST6LjZKu9HMt9HtiqgAx/qIWQRL zYKQ== X-Gm-Message-State: AOJu0Yz8bzg8S+AkycBId7ISZ9EmGKJpqRbedGKvJMR40t7SKOSyXdC8 K/gIConSU0sEM/ybRrrThI2mEA5hA+GfoFrXdyBvG7Cw5j8KAViiCuMaW9p3UloAj6D/xijnvcX V X-Gm-Gg: ASbGncvytsW66eBbxpgh1kTUK3Zjf/ArrSqsJeua+kzqQBhk1q4v/Mc9Qx2wtobLq15 PA/DS5hkOvXBVS2XuAUTz7pVFCKAFqJpSM9UpW7H+2/c21YYMB/RgtJQBw4ytp2OAwAwaC4/t6x 5J4MmsY+F9Q8uzLW3zfUXhaI1BiLU6jRZMRqixxShBKQeMXhmFn0JyYfRTSws75NKXlDmQPnvRZ KOZypmGLm0+4dfYJVAa9LZVpUm6TosqnacSAnY= X-Google-Smtp-Source: AGHT+IF7T+mq0oNiJM/SkljsFx1ZJmzLcPzgr+yaWuMIgYjlZeIrkX8rMC9hO3HTZ+D5AqWhWJ8mxA== X-Received: by 2002:a05:6a00:809:b0:724:680d:d12c with SMTP id d2e1a72fcca58-72530060ccamr5329473b3a.12.1732733424303; Wed, 27 Nov 2024 10:50:24 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/14] ffmpeg: fix CVE-2024-7055 Date: Wed, 27 Nov 2024 10:50:02 -0800 Message-Id: <7335a81112673616240f010d4930b4982b10c355.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207951 From: Archana Polampalli A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-7055.patch | 38 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch new file mode 100644 index 0000000000..0a573330a2 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch @@ -0,0 +1,38 @@ +From 5372bfe01e4a04357ab4465c1426cf8c6412dfd5 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Thu, 18 Jul 2024 21:12:54 +0200 +Subject: [PATCH 4/4] avcodec/pnmdec: Use 64bit for input size check + +Fixes: out of array read +Fixes: poc3 + +Reported-by: VulDB CNA Team +Found-by: CookedMelon +Signed-off-by: Michael Niedermayer +(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8) +Signed-off-by: Michael Niedermayer + +CVE: CVE-2024-7055 + +Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5372bfe01e4a04357ab4465c1426cf8c6412dfd5] + +Signed-off-by: Archana Polampalli +--- + libavcodec/pnmdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c +index 01f9dad..1b3f20a 100644 +--- a/libavcodec/pnmdec.c ++++ b/libavcodec/pnmdec.c +@@ -256,7 +256,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, void *data, + } + break; + case AV_PIX_FMT_GBRPF32: +- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream) ++ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream) + return AVERROR_INVALIDDATA; + scale = 1.f / s->scale; + if (s->endian) { +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 8e0fc090ac..7b03b7cbc0 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -39,6 +39,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2023-47342.patch \ file://CVE-2023-50007.patch \ file://CVE-2023-51796.patch \ + file://CVE-2024-7055.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Wed Nov 27 18:50:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53320 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CBF3D6D22E for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.79052.1732733426882045562 for ; Wed, 27 Nov 2024 10:50:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wHznWKvC; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-7251d20e7f2so124322b3a.0 for ; Wed, 27 Nov 2024 10:50:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733426; x=1733338226; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=y0QOBbIz9WxpqCMonlmO6Q1oUjzOnpTj8JDd+wY4k6s=; b=wHznWKvCU8LwOfavIiJiDut0YdPzqbVEmDWeyW00Ilf+sHydhIvv92+Lvxcw0gjm9E VqyEtuE8rOMiAcoeCHV/+VRWVO09J9iWqpRov5mav0GS1V4I/lTyUa2oNdWN+o62PVla 3noSsxkmCVD5FaULSauGi8m114vggkiuELtwPAuoeUXg6Uc9LGDF3vFg2efok7BgAR8f yETCplAKJx+z/55xyb/xUlp3SIy4OhBCDBDKnInzL3qggcfZZoGNb76CdvYinUOoiWPQ hQ9rHe+zRn72pkH9EQ7X8LQ28Ss2P2U3bnM9X5bWaoHLmtmw/9NFDeZUbgYscJYrK2LB mE0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733426; x=1733338226; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y0QOBbIz9WxpqCMonlmO6Q1oUjzOnpTj8JDd+wY4k6s=; b=tTKKHgVWNFufRCFzS8pwhfCSb8o1ptqugUYwSiO2tdwMm8H2o/f4M/OwamI+yCuGUh ooQmM0NZ5/mhZY6Gu0xdWhU3h4rNQc0t4EhXTah0Ttvy4O2l9ayz82U77CaMPpb76yxe Taq4JvGAVWE+L4Ciwfautj3Un2wYaNg2UAKQaSJI+8iLl0cwsAC1EglwX00XqcNDp3Gd xQSFnFCivOu1jWUZxuauW/UqDHa7hjD0rXz+fg74UN0LXyx/EDDrdiH1YHpLmNzcMcUe QCXqHIBpqWuDCQuKWlO1TDpvgAhiPtqafqfpl4eY6mZWnbVlrFY+u4Gy1fnJXGbOHBK2 xlxw== X-Gm-Message-State: AOJu0YxrAes2JcJEWelThm9nhqCWouzF6brKm2W/uO6aZOJB4eWOu9Wn xUEb0sCqi53wQ3ywfkC1LrQ0Zys1yAImBd9ejLczNxeWGBHrTmPSR/+7c1NSFRY10n6i0Uar72b F X-Gm-Gg: ASbGncubI6Ga8vIfLzvEemFsLhhdMBWVvkRZVaHos6T8dmygg6268x7vGmUVSPjsTRk CNQg2gnH8YfZGHWBJ/U6pW4VVo98YaeqtH1psSggvfNkypqqRlmfespCpvhPGsQXWXmXbJFarrt IM88kNJ1X0LPlMU7aCBEz0iLKJZADmvSf8j9U4KrhWTgqfErqHlUWlCY57X7LY0qu0/eosKRBZ0 fNgwzn5KXKsJvA/ZL6u1RiM/h2e1vBFsiE0EBw= X-Google-Smtp-Source: AGHT+IF8N3x9GM9j6oYVCZFXv1uc37gte/eDS29j7odbfPJwmHCrThRl69r1ML74RIS4SgOhL+9Seg== X-Received: by 2002:a05:6a00:4654:b0:724:e77f:ffa6 with SMTP id d2e1a72fcca58-7253012f899mr5198297b3a.16.1732733425862; Wed, 27 Nov 2024 10:50:25 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b Date: Wed, 27 Nov 2024 10:50:03 -0800 Message-Id: <5aa73ec35a3c65df62f17bc8196a35f28fd3522e.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207952 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman (cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22) Signed-off-by: Steve Sakoman --- .../glib-2.0/gdatetime-test-fail-0001.patch | 72 +++++++++++++++++++ .../glib-2.0/gdatetime-test-fail-0002.patch | 65 +++++++++++++++++ .../glib-2.0/gdatetime-test-fail-0003.patch | 63 ++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 + meta/recipes-extended/timezone/timezone.inc | 6 +- 5 files changed, 206 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch new file mode 100644 index 0000000000..1997f88f12 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch @@ -0,0 +1,72 @@ +From 39af934b11ec7bb8f943ba963919816266a3316e Mon Sep 17 00:00:00 2001 +From: "Rebecca N. Palmer" +Date: Fri, 11 Oct 2024 09:38:52 +0100 +Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly + -8/-7 + +In newer tzdata, it is an alias for America/Los_Angeles, which has a +slightly different meaning: DST did not exist there before 1883. As a +result, we can no longer hard-code the knowledge that interval 0 is +standard time and interval 1 is summer time, and instead we need to look +up the correct intervals from known timestamps. + +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502 +Bug-Debian: https://bugs.debian.org/1084190 +[smcv: expand commit message, fix whitespace] +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 141263b66..cfe00906d 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2625,6 +2625,7 @@ test_posix_parse (void) + { + GTimeZone *tz; + GDateTime *gdt1, *gdt2; ++ gint i1, i2; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2648,16 +2649,25 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. ++ * ++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in ++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, ++ * and hence be aware that DST has not always existed. ++ * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600); +- g_assert (!g_time_zone_is_dst (tz, 0)); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600); +- g_assert (g_time_zone_is_dst (tz, 1)); ++ /* a date in winter = non-DST */ ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); ++ /* approximately 6 months in seconds, i.e. a date in summer = DST */ ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); ++ g_assert (!g_time_zone_is_dst (tz, i1)); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); ++ g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch new file mode 100644 index 0000000000..b3d11b5076 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch @@ -0,0 +1,65 @@ +From 27eb6eb01d5752c201dd2ec02f656463d12ebee0 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:03:19 +0100 +Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously + correct + +Instead of using timestamp 0 as a magic number (in this case interpreted +as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent +year/month/day in winter, in this case 2024-01-01T00:00:00-08:00. + +Similarly, instead of using a timestamp 15 million seconds later +(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent +year/month/day in summer, in this case 2024-07-01T00:00:00-07:00. + +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index cfe00906d..22aa5112a 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2649,19 +2649,16 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. +- * +- * Intervals i1 and i2 (rather than 0 and 1) are needed because in +- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, +- * and hence be aware that DST has not always existed. +- * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); + /* a date in winter = non-DST */ +- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); +- /* approximately 6 months in seconds, i.e. a date in summer = DST */ +- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); ++ /* a date in summer = DST */ ++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0); ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2)); + g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); + g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); + g_assert (!g_time_zone_is_dst (tz, i1)); +@@ -2669,6 +2666,8 @@ test_posix_parse (void) + g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); + g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); ++ g_date_time_unref (gdt1); ++ g_date_time_unref (gdt2); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); + #ifdef G_OS_WIN32 +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch new file mode 100644 index 0000000000..b9afad15c5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch @@ -0,0 +1,63 @@ +From 9dd5e9f49620f13a3eaf2b862b7aa3c680953f01 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:23:42 +0100 +Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is + not available + +On recent versions of Debian, PST8PDT is part of the tzdata-legacy +package, which is not always installed and might disappear in future. +Successfully tested with and without tzdata-legacy on Debian unstable. + +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 22aa5112a..4e963b171 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2626,6 +2626,7 @@ test_posix_parse (void) + GTimeZone *tz; + GDateTime *gdt1, *gdt2; + gint i1, i2; ++ const char *expect_id; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2648,11 +2649,25 @@ test_posix_parse (void) + g_time_zone_unref (tz); + + /* This fails rules_from_identifier on Unix (though not on Windows) +- * but passes anyway because PST8PDT is a zone name. ++ * but can pass anyway because PST8PDT is a legacy System V zone name. + */ + tz = g_time_zone_new_identifier ("PST8PDT"); ++ expect_id = "PST8PDT"; ++ ++#ifndef G_OS_WIN32 ++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and ++ * not always present in some OSs; fall back to the equivalent geographical ++ * name if the "backward" time zones are absent. */ ++ if (tz == NULL) ++ { ++ g_test_message ("Legacy PST8PDT time zone not available, falling back"); ++ tz = g_time_zone_new_identifier ("America/Los_Angeles"); ++ expect_id = "America/Los_Angeles"; ++ } ++#endif ++ + g_assert_nonnull (tz); +- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); ++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id); + /* a date in winter = non-DST */ + gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); + i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 8007de0613..b8c75eaa49 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -51,6 +51,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2024-34397_18.patch \ file://0001-gvariant-serialiser-Convert-endianness-of-offsets.patch \ file://CVE-2024-52533.patch \ + file://gdatetime-test-fail-0001.patch \ + file://gdatetime-test-fail-0002.patch \ + file://gdatetime-test-fail-0003.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 4734adcc08..adf095280f 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2024a" +PV = "2024b" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8" -SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" +SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672" +SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550" From patchwork Wed Nov 27 18:50:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53319 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F832D6D221 for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.78794.1732733428000664042 for ; Wed, 27 Nov 2024 10:50:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=dnK8Jp6e; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-724f1ce1732so92038b3a.1 for ; Wed, 27 Nov 2024 10:50:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733427; x=1733338227; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gT9puL6y6aM1sBVdaPhgBW2nfnIf/ojv6Kr4z6juhj0=; b=dnK8Jp6eg3BymBLgg5mk82zz7qbe4RoOJLIYe30cv15RceWQL3lZiwFRmJstNkAblJ DZQSUubI9j4oWtuLZ4N3Sn9Tel0Ton0kIo04awHAQjUl7EdcUYWdVmo0B4KK0S5s0PnA q3Ol6roWPj5DVq5mGRaUf2JzCZAYNFtmnH8k0dsNEHtCPyypllZ0QSoGg4PDS+GV/I/x y13PGlzcENwIFqgsrVgH+ZqE8Uv0IEv3livfC9zHX6QqKlBOeh8IV5czR3tyCPs6NkFT KZOhJNN5x9t11MweoRDsBqX0B6nakB0RTNqXDAg6ppc5xvRN3exDk6Vbx1RTFhejnVdj txfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733427; x=1733338227; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gT9puL6y6aM1sBVdaPhgBW2nfnIf/ojv6Kr4z6juhj0=; b=GX1MNOR182mRcG5h3s8y66UxBbMvE/K7S4He5NBDCr4PxwyKlhH4FGXaW9yULoAdNK VTlIibg1hM0tiM0zuGFK5LrY95Q9Q7GkA834QPoqe4ZugzKG8NT/TIjuEl++J3PHo5oc Rvr2AITT5GCqsQbYgmXuQJNM9Ll+vXnNz+ZO4IncKEAbdJlSGgyuf2iKukaQ99L91xl1 YTDWHpYy5McgLm+CU6VSuuwK982TdofDUWi/Kxkvz7AV2bjuZh5tZd7vgNOm+L7yGW8f 5Bf/InucuLClzjMPvcituTHf+Oy+2u5twKePq53Tku7m74XUqi/6yuHRVzJWVoKmgpUS hALw== X-Gm-Message-State: AOJu0YyFLkgGRnLIzsfS3y1gZKPo2jL0MjABWYD5Ok4FUCLeEZbLeI6A 17BgrwlCAlQ3slt0h28YOOjOMgRAkeDOgRO4Xj3Ut8woJkDe0ZWZYva8qLYk4sWwRhjsRBMYehV h X-Gm-Gg: ASbGnctM8C6DYgereUPGGWzIWkFNUKdK9reRDxJgyzPXLSCr++JntsTGMejjF+zsmpJ t8v3Kqeh2pzxPvGwRfLOYjbRWPk5kgQFm53NYTDfXrgfpnbOX8Ubz2xVKqer3JGRqZ0VZMOusDC yLV+LOz/DaZh75dljWCw69vEgeBwGa96ICBSEnYgJD6V+Ui8ht0RNAirtjA5Ydi6MRVa+B61ARG bBAJ0HRhMLwsRn3JEVgLdliXGJ+jBeGrzcL8gs= X-Google-Smtp-Source: AGHT+IE2uwj05dNfz9SlVgilztQZ2TBpSmRVOKo0n0rfiNcIYnCqVGp345+AheZFZbjsl5Ae5dpGEw== X-Received: by 2002:a05:6a00:1492:b0:71e:59d2:9c99 with SMTP id d2e1a72fcca58-7252ff9f26emr5647283b3a.4.1732733427212; Wed, 27 Nov 2024 10:50:27 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:26 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/14] package_rpm: use zstd's default compression level Date: Wed, 27 Nov 2024 10:50:04 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207953 From: Alexander Kanavin zstd uses 3 by default, while 19 is the highest and slowest. It's not clear why 19 was picked to begin with, possibly I copy-pasted it from rpm's examples without thinking: https://git.yoctoproject.org/poky/commit/?h=master-next&id=4a4d5f78a6962dda5f63e9891825c80a8a87bf66 This brings significant speedups in rpm's compression step: for example compressing webkitgtk takes 11s instead of 36s. The rpm size increases from 175648k to 234860k. I think it's a worthy default tradeoff. Signed-off-by: Alexander Kanavin Signed-off-by: Steve Sakoman --- meta/classes/package_rpm.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass index f403af5343..198a6d0afd 100644 --- a/meta/classes/package_rpm.bbclass +++ b/meta/classes/package_rpm.bbclass @@ -4,7 +4,7 @@ IMAGE_PKGTYPE ?= "rpm" RPM="rpm" RPMBUILD="rpmbuild" -RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}" +RPMBUILD_COMPMODE ?= "${@'w3T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" From patchwork Wed Nov 27 18:50:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53318 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 194ACD6D22C for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.79057.1732733429416409430 for ; Wed, 27 Nov 2024 10:50:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RJpBz2OC; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-7250906bc63so69391b3a.1 for ; Wed, 27 Nov 2024 10:50:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733429; x=1733338229; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pD86FHLOqtsDpBH3C4PamUIZuLKdh2ebroQAIA+20Hg=; b=RJpBz2OCFJyBYI0b1JfaPvHY4f9OCattu1CpaAbc/z3yU7Y26SiiOF6WMi/zADFYEm 76sef60BpipQZO4MAsYQTXFwdM+1fAMCXAnom+An6sIjd8Qe+01h5YLS7VFG39qpNhPv 5WSjbHqVt08yr2Psm8q1bNmZg7tFaeoYI9YkvffmOGuGLexaz4LHXNhhJJXuyBphljRz frwj6tKnIXYObclWq5fvQacsohNffihKf/ciZ72oufRbT64ryBM6ejc1+EfKcEA6ug/f rPhN/ivZQnX6BZlwuNpOjv2onOst+R5BNtU38EGUJsZAbfruVC4s5dhuYgtYBiOql6bP Kyhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733429; x=1733338229; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pD86FHLOqtsDpBH3C4PamUIZuLKdh2ebroQAIA+20Hg=; b=WbIyrPKu1xW6DIB89NlCfNzbpRlEgnD7wBoGLMaENIvqKjzNEcoee3HootS3PDw562 HeEeCpNevgOBIL5DAcjgIckuBaezhTTL/6JVmvWn3j86ZP+n4LMtce4GM6WjRXY+qky4 6H0WeO5YpaIDgAKN2MJ440TDiXZZib7T9+4NTamLqhLmCxqqpMhVfyKVUyIRY6jnaUaa YwEtx4JUALjAyAV9tPC5MH0pS4w9A7TnxEeS/ZpCBN2mdvmdGgX+fjT/0M4WqFT8s3/A 7SieScvG4UkE3Su7x520+gpqKfY3Yjc6axHnuF/L4OO3AEJPyvd4M+2pGd6035+xdmHf ODvA== X-Gm-Message-State: AOJu0YxCuMKjp5XfMF8YAuX7SvEabWs2M/h/H7PGwimansnBJCzW850x xjuT/xqGREGeBPe7KONyFOjllwMOBwIocCdnfNmLB66a3ruQjY+BPerHi8AqLadxeSQOgbZFDVH g X-Gm-Gg: ASbGncug/h1nuJ2JY/XwD5M+N0x09gnjuZ/10RPWyk9/buIhQmBSsLOuqfzi3nvBgba Dz7KXmJtD5yXe9e438m/frjG1ehTyYxyv34GkvQmVUgkq99RaZDwwHIZTmeP9K7DXKk6XpJy9pL W8E/OVwp+523dJyKIOKCqsLBua4z7fxmOPqpy4jDiAmOgLAymivnatOF3hS5MGucuTkH7Lop0rT 5/coXa0Lla5JwV5Pp/xOZT2PSR24AoLQXAS68o= X-Google-Smtp-Source: AGHT+IE+MvV+j/EivFlSJbB9IUyzh1C/fTwD6B+dQwW/Ldf+uwrUypKGAJPihryCC+wL32+oJtnIpQ== X-Received: by 2002:a05:6a00:2382:b0:725:3c2d:f7b6 with SMTP id d2e1a72fcca58-7253f364a85mr523344b3a.10.1732733428633; Wed, 27 Nov 2024 10:50:28 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/14] package_rpm: restrict rpm to 4 threads Date: Wed, 27 Nov 2024 10:50:05 -0800 Message-Id: <896192604d84a6f77095f23cd13232e249b7aac5.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207954 From: Alexander Kanavin TL;DR version: with this, and the previous compression level changes I am seeing drastic speedups in package_write_rpm completion times: webkitgtk goes from 78 seconds to 37 seconds glibc-locale goes from 399 seconds to 58 seconds (!) The long version: rpm uses multithreading for two purposes: - spawning compressors (which are nowadays themselves multi-threaded, so the feature is not as useful as it once was) - parallel file classification While the former behaves well on massively parallel CPUs (it was written and verified here :), the latter was then added by upstream and only benchmarked on their very old, slow laptop, apparently: https://github.com/rpm-software-management/rpm/commit/41f0e214f2266f02d6185ba11f797716de8125d4 On anything more capable it starts showing pathologic behavior, presumably from spawning massive amount of very short-lived threads, and then having to synchronize them. For example classifying glibc-locale takes 5m20s with 256 threads (default on my machine!) 1m49s with 64 threads 59s with 16 threads 48s with 8 threads Even a more typical recipe like webkitgtk is affected: 47s with 256 threads 32s with 64 threads 27s with 16 or 8 threads I have found that the optimal amount is actually four: this also means that only four compressors are running at a time, but as they're themselves using threads, and typical recipes are dominated by just two or three large packages, this does not affect overall completion time. Signed-off-by: Alexander Kanavin Signed-off-by: Steve Sakoman --- meta/classes/package_rpm.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass index 198a6d0afd..ec31adf967 100644 --- a/meta/classes/package_rpm.bbclass +++ b/meta/classes/package_rpm.bbclass @@ -680,6 +680,7 @@ python do_package_rpm () { cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" cmd = cmd + " --define '_build_id_links none'" + cmd = cmd + " --define '_smp_ncpus_max 4'" cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'" From patchwork Wed Nov 27 18:50:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53316 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06722D6D227 for ; Wed, 27 Nov 2024 18:50:32 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web10.78797.1732733430955011975 for ; Wed, 27 Nov 2024 10:50:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ertKr/Bq; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-7251abe0e69so111859b3a.0 for ; Wed, 27 Nov 2024 10:50:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733430; x=1733338230; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f9a7kLSj7Yq/4AV3mqQfFt1ykqSQADLrf6lTcDdip/w=; b=ertKr/Bqh5FA94auJhK6zsyS0WeH3A7XLuJyJL0zEN08qd7J1lA5cz3NCFTz47beeO 3aFCWFZup/neGqaaFs+CcPyaU0zzt0S/1hEMmZamxAEFCW8FR3FydCWgxeBbypGsMU0E 1YvEI+W8Zo1GbnS/S6x3WGyf/B/EKqgijeR+jnUaCzjBN8tsEmr4HHRLlEtem/45opgr 59j8GgffiBssAHsRQff5qRKxCI8W5miKd+TOgdkNcwFNLP29aZRCqREffZ1puuC2kz// v5SUThf/D/x/hW8xISt8ELZ/NAdSDkuS2lIEWIwxJmo+e7R7Fr/XaGuEcLcFzaa0d0Ga BRJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733430; x=1733338230; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f9a7kLSj7Yq/4AV3mqQfFt1ykqSQADLrf6lTcDdip/w=; b=V3Wjvxy/83nYtXhdFN3jKE/ECzJFZbT5Qc9Jeb8h6zqxmWoAFC0OJnEPhZjzk4iVUA 1UjMBr+Suk8MXruTZ8IsHvONFbBkyM0IbC91IBvkncaaTdl+f/C6nMl8a9mnW4ny6rYg 68CCWMrLgvch+qst/4mGSB6tHsRP4akllk8dr7a1hqsEz8pEHAZKzzzFjh7XwR0Y1XCk EVS9cAv25sm7M9D9/q0loWHFaDcNbiH4SP4dlXjUikVL2Ny0qm1uERM0x1pKC4cnWY0x IEykhcBQdOO+kUwvTePv97jLIGze803Fc7sOBNyV/FnfTiTE8IvmCMjO5mhMXnQVDbvJ MZuA== X-Gm-Message-State: AOJu0YwyGB+NRmFbkjsJNn8yz67vLNVkpSaElrtlf5BoVB69CBqVj5a9 LyJaRKYkZ47amW3DRw7KASRPk24a8mOv8ff4NJVAxNN7GDe35O54Dt9EVugs/ntNAhH+C9Palbh e X-Gm-Gg: ASbGnctlMTmDhuJVN5n1k6/pOUeHt5Q67lRpNQqUeGVeImMsrubMWOl/XiMFIl32MQQ N256CV8xebtxrr0vu8HZWuM3X+OD1hNy4yNPMLfc5seJyFf4Uuf68WIc4AYunEMutuWouMyYJjx TivBK5/nNC68rstE/746akezAnvtMWsP446GiJ8DQDFDHKL8OoiQfYMTn2Q62R6Q9VHELPkn82i 5jkeJSpSsiP/BleFizHk4OlQ7xezqAEoz/MB1o= X-Google-Smtp-Source: AGHT+IGKHwvo4wE7OVXHMTlXd+IP8sQSCpSBihBGx96n3o577cqdIJC3WzaUf1MrdWaID9Pg7to65g== X-Received: by 2002:a05:6a00:230b:b0:724:5d26:d904 with SMTP id d2e1a72fcca58-7253014341cmr5041906b3a.18.1732733430150; Wed, 27 Nov 2024 10:50:30 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:29 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/14] ninja: fix build with python 3.13 Date: Wed, 27 Nov 2024 10:50:06 -0800 Message-Id: <1a02cf1997216cb943d8965fe74f971a8cb2f70f.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207955 From: Markus Volk python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13 This commit adds a backport patch to use subprocess module instead Signed-off-by: Markus Volk Signed-off-by: Steve Sakoman --- ...4efb41c039789b81f0dc0d67c1ed0faea17c.patch | 62 +++++++++++++++++++ meta/recipes-devtools/ninja/ninja_1.10.2.bb | 5 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch diff --git a/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch new file mode 100644 index 0000000000..b23bedd04b --- /dev/null +++ b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch @@ -0,0 +1,62 @@ +From 9cf13cd1ecb7ae649394f4133d121a01e191560b Mon Sep 17 00:00:00 2001 +From: Byoungchan Lee +Date: Mon, 9 Oct 2023 20:13:20 +0900 +Subject: [PATCH 1/2] Replace pipes.quote with shlex.quote in configure.py + +Python 3.12 deprecated the pipes module and it will be removed +in Python 3.13. In configure.py, I have replaced the usage of pipes.quote +with shlex.quote, which is the exactly same function as pipes.quote. + +For more details, refer to PEP 0594: https://peps.python.org/pep-0594 + +Upstream-Status: Backport [https://github.com/ninja-build/ninja/commit/885b4efb41c039789b81f0dc0d67c1ed0faea17c] + +Signed-off-by: Markus Volk +--- + configure.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.py b/configure.py +index 588250aa8a..c6973cd1a5 100755 +--- a/configure.py ++++ b/configure.py +@@ -21,7 +21,7 @@ + + from optparse import OptionParser + import os +-import pipes ++import shlex + import string + import subprocess + import sys +@@ -262,7 +262,7 @@ def _run_command(self, cmdline): + env_keys = set(['CXX', 'AR', 'CFLAGS', 'CXXFLAGS', 'LDFLAGS']) + configure_env = dict((k, os.environ[k]) for k in os.environ if k in env_keys) + if configure_env: +- config_str = ' '.join([k + '=' + pipes.quote(configure_env[k]) ++ config_str = ' '.join([k + '=' + shlex.quote(configure_env[k]) + for k in configure_env]) + n.variable('configure_env', config_str + '$ ') + n.newline() + +From 0a9c9c5f50c60de4a7acfed8aaa048c74cd2f43b Mon Sep 17 00:00:00 2001 +From: Byoungchan Lee +Date: Mon, 9 Oct 2023 20:13:50 +0900 +Subject: [PATCH 2/2] Remove unused module string in configure.py + +--- + configure.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/configure.py b/configure.py +index c6973cd1a5..939153df60 100755 +--- a/configure.py ++++ b/configure.py +@@ -22,7 +22,6 @@ + from optparse import OptionParser + import os + import shlex +-import string + import subprocess + import sys + diff --git a/meta/recipes-devtools/ninja/ninja_1.10.2.bb b/meta/recipes-devtools/ninja/ninja_1.10.2.bb index 1509a54c9e..e7b82ed9ec 100644 --- a/meta/recipes-devtools/ninja/ninja_1.10.2.bb +++ b/meta/recipes-devtools/ninja/ninja_1.10.2.bb @@ -8,7 +8,10 @@ DEPENDS = "re2c-native ninja-native" SRCREV = "e72d1d581c945c158ed68d9bc48911063022a2c6" -SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https" +SRC_URI = " \ + git://github.com/ninja-build/ninja.git;branch=release;protocol=https \ + file://885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch \ +" UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" S = "${WORKDIR}/git" From patchwork Wed Nov 27 18:50:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53322 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FDA9D6D229 for ; Wed, 27 Nov 2024 18:50:42 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web10.78799.1732733432338358345 for ; Wed, 27 Nov 2024 10:50:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KJ4kMRAr; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-7253bc4d25eso90995b3a.0 for ; Wed, 27 Nov 2024 10:50:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732733431; x=1733338231; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NZrENFngfW2X4gynVh5g9yUxj3wwToqsy6RIxHOF/x4=; b=KJ4kMRArETwenEZjtrdSC5+TV9NdxCllzH29+5KQxjiCKJPLdONKnMeoG9yluQ6mjz LQBiMZ6fdv7EIYP+JbzEVjeOIqhVqk2FJt8klP5F2MvkQbAtjlvSv89GW2i6lAFTyFQ1 R+MUfEAHUoaYI8ud1BuyCFkdVSKet1k84E4jOHRTOaitdisEH9vzjHARxGJzmDUrBSwH oSwbHVo+nfawAL9VkFKalHrvykYOSNHy271RJpAKz1MBP0MHFyeasw+Py4KuZiwJumEF 1NxdxiSGa237XfNegBpW+VSABIIoCDVbtUsmgaNxsLWaCAZxoshmLTZUV1vxFxA/Xn6r R85Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732733431; x=1733338231; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NZrENFngfW2X4gynVh5g9yUxj3wwToqsy6RIxHOF/x4=; b=Eb5EjRx20woAEnFTFt9NjbVO19d8QUT+tJ8Nr9ApK4Bp8hNoFRieqyocftGraB1egZ 8ffK/On+FTV5riU5ExV+KxhmpUC7OENXwV4sUWoBWgSYLRhCiuBAXpNBknNMxldqcKK4 ASStaaC9Plpr2H4cpwI3wZsoKPH8AifDg4RHE391E6rWLPJZXMEAovXAdFhsvI81aAYs HN5SHuoeI9i/UN9weEnvVSZUp54UdIAcdWQ2PA2++z8DmHU6H0lyIrNm5yhKzEUTNdUl ECZM7OqDdl79F1N7JKH4EhWRpLkL1G0qEGn7pBXVOf38Lun2Gn6A5OtcYaC526O4cpeL B54w== X-Gm-Message-State: AOJu0YzwJiWy0lj4Dwf+vKMkTgU7Q/0SclKajXeop8JggZ6+tGsqCe5n yMOHWhDC/g1dlAIYQNtUY6kyfXPlkAjHFMjRhN7ScZdwjp9BL9YKXcFX41b3GiQdiuVu/mHKE5z Y X-Gm-Gg: ASbGnctVGLU116oDEg/k/zZ2SgQdNPBCRhpyFQC2GLgWCo1fnm9TIDFvq3fR6pHPnj0 3LXS13/+IgAx0ka+Gp5bePLgaH6iPDkA92ZXKPndRVz0mW/6D6WfCfuc2VAQIQ/anNuLsestUHG RqzByUmzrzIgVVyeuY5vsjlGS7QGCtd3N1+ZoXmBxe8zAzE42ivos5vhTqlOsTCAhlo0Fn0bFVA 07PwB6thndcizIZwAfM2Vggdi0ZGbRg+/h2XaM= X-Google-Smtp-Source: AGHT+IHrkrgtx5NG5hbb4I2syD4huheTvdwHFeWDLKpepBE+sUfByq638CJPSEUJTo9c42Svjzhntg== X-Received: by 2002:a05:6a00:1782:b0:724:d733:a7ee with SMTP id d2e1a72fcca58-7253f34a2ccmr532327b3a.7.1732733431507; Wed, 27 Nov 2024 10:50:31 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72522e0375asm3403519b3a.94.2024.11.27.10.50.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Nov 2024 10:50:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/14] gstreamer1.0: improve test reliability Date: Wed, 27 Nov 2024 10:50:07 -0800 Message-Id: <13b13b81b91f618c13cf972067c47bd810de852f.1732733274.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 27 Nov 2024 18:50:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/207956 From: Ross Burton First, libcheck has the ability to increase all test timeouts by an arbitrary multiplier. Because we run our tests on loaded build machines, increase all timeouts by 10x to reduce the chance of load causing failures. Second, use GST_CHECKS_IGNORE to list test cases that should be skipped. Drop skip-aggregator-test.patch as this is now redundant, and also skip gstnetclientclock.c:test_functioning as this is very sensitive to load. [ YOCTO #14808 ] Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 669d0df81f651f7c033c8cb7872cac5bfe670a4f) Signed-off-by: Steve Sakoman --- .../gstreamer/gstreamer1.0/run-ptest | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest index 0cfa955f03..7d0312005f 100755 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest @@ -1,2 +1,16 @@ -#!/usr/bin/env sh +#! /bin/sh + +# Multiply all timeouts by ten so they're more likely to work +# on a loaded system. +export CK_TIMEOUT_MULTIPLIER=5 + +# Skip some tests that we know are problematic +export GST_CHECKS_IGNORE="" +# gstnetclientclock.c:test_functioning is very sensitive to load +GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning" + +# aggregator.c:test_infinite_seek_50_src_live is known to be flaky +# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 +GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_infinite_seek_50_src_live" + gnome-desktop-testing-runner gstreamer