From patchwork Tue Dec 3 13:37:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53517 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C449E64A97 for ; Tue, 3 Dec 2024 13:37:34 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.19579.1733233050527642410 for ; Tue, 03 Dec 2024 05:37:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=dbel5ROt; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-21572ca3cccso24676975ad.2 for ; Tue, 03 Dec 2024 05:37:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233050; x=1733837850; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5Y8uTAisc/YWKFOj5iCEx/HCA8u7jm/RlidoOFbjIMw=; b=dbel5ROtNO47ottUmjmJXnsXkXtEOdUG+q1jgAtGsk6m4WDQMvRxHvkF9TEFHbNiBN uPpWjIL2CRmHrYsoPuBqdrzlCKPmUIKrniCR0uvcr004N6r90MjMdFl74VJAGD5nDNcd yjyfAch4TbhX1VqP1smAlfxkaGxkFopj8YV1y3PfY4foye2Ogqv5dt6VzVXl4DqlwkrA SivSocn4bWs7vQOYR9uDhf1aARFponJb1dzdQ+6qrpjl0/7HvTM2fWchnr1rUr5GliqH i0UrcRUrxXmYphgxTETsyvYycRyHM6OwCl307zZBmyNRqddxt2rkPDxZuoJg4DA1nZvh Twzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233050; x=1733837850; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5Y8uTAisc/YWKFOj5iCEx/HCA8u7jm/RlidoOFbjIMw=; b=kI0kj4IfSR9ODzz5E59pSXx5ixFw7p9e8GkW8Oys/zCFT3ORCVivWqo3fj1RXA9rKL QmfUIMnv7GUS8XyYBs4oskanWeFJgBaw4LEb9Xxz41iSCeTXfACssPnqjv1d9Jd74p4f uBOGrpiNdpzo/WMtOml1o/LPGt3Ysv38TGKimE9UOFPVsugpu7Dl5oT2KAAdjZ+2RvPF 9Ap4EUHYwnpisiG6WUCLuCP+D7/Y4Kaa2N+pR7azBVIjW9M1zCip67JcB43N11f1Ql3J gMmUf/EWQlDK03uFf3Voqs2xbtrWgEKNfZxZw75UGqXSOjkUiUj11iWRq3s/2SCozgjh WNCA== X-Gm-Message-State: AOJu0YyJqOaec4Sbnpt9YdxEbDa0hxJQvgs0/5SLU2cJPGjbSztpTRpm FAGdMJj+H3TmX64rtXgdFyUoDd86Ss4G7yHOC7x4LUvuDsdR79IIxP6sCpiGGETzBf79eaoagyp f X-Gm-Gg: ASbGnctMEnCpWY97ThHar4H64cuUxZqx8BDWmUVfrnYmWvAz9cWDYcu8S6/IjCr+pKp t4htd06n+4Nuv0vcQI6uUS2bizzClnV4qYQfBcNEX3CGAUdTGjPmSuDWanPSqYC2h7+0JXBnM4+ HBR+kiyx1+axSWmXu0hS4QfVFDfoEFQus/3YX4/8LD5xO034P20t9S/LC3Y9Mzsn1P/iqMcW37T EJzlmIbHy/axTvgup1BRfloXugSsjfi96svoyA= X-Google-Smtp-Source: AGHT+IHv33axVJ8ZYevgD+fubojq/L5PkuUQZzRonhGrFLwkRz3gz25z+LBvjuNr7tsUlv0R2Yapcg== X-Received: by 2002:a17:902:f688:b0:215:a964:e680 with SMTP id d9443c01a7336-215bd200355mr28964585ad.25.1733233049786; Tue, 03 Dec 2024 05:37:29 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:29 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/16] python3-zipp: fix CVE-2024-5569 Date: Tue, 3 Dec 2024 05:37:05 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208190 From: Jiaying Song A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. References: https://nvd.nist.gov/vuln/detail/CVE-2024-5569 Upstream patches: https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547 https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0 https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806 https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7 Signed-off-by: Jiaying Song Signed-off-by: Steve Sakoman --- .../python/python3-zipp/CVE-2024-5569.patch | 138 ++++++++++++++++++ .../python/python3-zipp_3.17.0.bb | 1 + 2 files changed, 139 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch diff --git a/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch new file mode 100644 index 0000000000..1cc43243bf --- /dev/null +++ b/meta/recipes-devtools/python/python3-zipp/CVE-2024-5569.patch @@ -0,0 +1,138 @@ +From b1804347ec2db16452a7bff2b469d2c66776b904 Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Fri, 31 May 2024 11:20:57 -0400 +Subject: [PATCH] fix CVE-2024-5569 + +The patch includes the following changes: +c18417e Add news fragment. +58115d2 Employ SanitizedNames in CompleteDirs. Fixes broken test. +564fcc1 Add SanitizedNames mixin. +79a309f Add some assertions about malformed paths. + +Upstream-Status: Backport +[https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547] +[https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0] +[https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806] +[https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7] + +CVE: CVE-2024-5569 + +Signed-off-by: Jiaying Song +--- + newsfragments/119.bugfix.rst | 1 + + tests/test_path.py | 17 ++++++++++ + zipp/__init__.py | 64 +++++++++++++++++++++++++++++++++++- + 3 files changed, 81 insertions(+), 1 deletion(-) + create mode 100644 newsfragments/119.bugfix.rst + +diff --git a/newsfragments/119.bugfix.rst b/newsfragments/119.bugfix.rst +new file mode 100644 +index 0000000..6c72e2d +--- /dev/null ++++ b/newsfragments/119.bugfix.rst +@@ -0,0 +1 @@ ++Improved handling of malformed zip files. +\ No newline at end of file +diff --git a/tests/test_path.py b/tests/test_path.py +index a77a5de..3752243 100644 +--- a/tests/test_path.py ++++ b/tests/test_path.py +@@ -575,3 +575,20 @@ class TestPath(unittest.TestCase): + zipp.Path(alpharep) + with self.assertRaises(KeyError): + alpharep.getinfo('does-not-exist') ++ ++ def test_malformed_paths(self): ++ """ ++ Path should handle malformed paths. ++ """ ++ data = io.BytesIO() ++ zf = zipfile.ZipFile(data, "w") ++ zf.writestr("/one-slash.txt", b"content") ++ zf.writestr("//two-slash.txt", b"content") ++ zf.writestr("../parent.txt", b"content") ++ zf.filename = '' ++ root = zipfile.Path(zf) ++ assert list(map(str, root.iterdir())) == [ ++ 'one-slash.txt', ++ 'two-slash.txt', ++ 'parent.txt', ++ ] +diff --git a/zipp/__init__.py b/zipp/__init__.py +index becd010..e980e9b 100644 +--- a/zipp/__init__.py ++++ b/zipp/__init__.py +@@ -84,7 +84,69 @@ class InitializedState: + super().__init__(*args, **kwargs) + + +-class CompleteDirs(InitializedState, zipfile.ZipFile): ++class SanitizedNames: ++ """ ++ ZipFile mix-in to ensure names are sanitized. ++ """ ++ ++ def namelist(self): ++ return list(map(self._sanitize, super().namelist())) ++ ++ @staticmethod ++ def _sanitize(name): ++ r""" ++ Ensure a relative path with posix separators and no dot names. ++ ++ Modeled after ++ https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813 ++ but provides consistent cross-platform behavior. ++ ++ >>> san = SanitizedNames._sanitize ++ >>> san('/foo/bar') ++ 'foo/bar' ++ >>> san('//foo.txt') ++ 'foo.txt' ++ >>> san('foo/.././bar.txt') ++ 'foo/bar.txt' ++ >>> san('foo../.bar.txt') ++ 'foo../.bar.txt' ++ >>> san('\\foo\\bar.txt') ++ 'foo/bar.txt' ++ >>> san('D:\\foo.txt') ++ 'D/foo.txt' ++ >>> san('\\\\server\\share\\file.txt') ++ 'server/share/file.txt' ++ >>> san('\\\\?\\GLOBALROOT\\Volume3') ++ '?/GLOBALROOT/Volume3' ++ >>> san('\\\\.\\PhysicalDrive1\\root') ++ 'PhysicalDrive1/root' ++ ++ Retain any trailing slash. ++ >>> san('abc/') ++ 'abc/' ++ ++ Raises a ValueError if the result is empty. ++ >>> san('../..') ++ Traceback (most recent call last): ++ ... ++ ValueError: Empty filename ++ """ ++ ++ def allowed(part): ++ return part and part not in {'..', '.'} ++ ++ # Remove the drive letter. ++ # Don't use ntpath.splitdrive, because that also strips UNC paths ++ bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE) ++ clean = bare.replace('\\', '/') ++ parts = clean.split('/') ++ joined = '/'.join(filter(allowed, parts)) ++ if not joined: ++ raise ValueError("Empty filename") ++ return joined + '/' * name.endswith('/') ++ ++ ++class CompleteDirs(InitializedState, SanitizedNames, zipfile.ZipFile): + """ + A ZipFile subclass that ensures that implied directories + are always included in the namelist. +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb index e9e220e315..9f756887b5 100644 --- a/meta/recipes-devtools/python/python3-zipp_3.17.0.bb +++ b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb @@ -3,6 +3,7 @@ HOMEPAGE = "https://github.com/jaraco/zipp" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" +SRC_URI += "file://CVE-2024-5569.patch" SRC_URI[sha256sum] = "84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0" DEPENDS += "python3-setuptools-scm-native" From patchwork Tue Dec 3 13:37:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53519 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9450CE64A9B for ; Tue, 3 Dec 2024 13:37:34 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.19378.1733233052005049087 for ; Tue, 03 Dec 2024 05:37:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=YJz8QBL4; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-215909152c5so21652825ad.3 for ; Tue, 03 Dec 2024 05:37:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233051; x=1733837851; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SixfBqQngLO8BoBuEhWvg3hpbkuzOypAXTvolQxSzqQ=; b=YJz8QBL4Qg3l7eaTrkWsebL9CaSXUrBvao/xCcymyR7tCWsMOF3QCSjmKStUgubSwH sktPvBS75ISb9kHCF7EOjWqv7BmCRAPXARYk8H1OHyan2kF79d2gkP/YlxZhVPJ3XbBR uxpqubDMATK6CfvOYSWc6q7crOOG+0gCHexEFXISn3JIQIYd/rFqMMpfxKezOIfMDK3N XkX0OuhBe49DhWesRof9/87IUY2xGaYYXRL/5G8rnShcvk4vOifrR1czoXp2sR4ICiWt KjvLs7lQnnGRFECcjrAuQz3PQr1Ju+FJj7VdYb/gpXgDQHwG8BcWTEkQIWcpBLaWzfzm ed1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233051; x=1733837851; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SixfBqQngLO8BoBuEhWvg3hpbkuzOypAXTvolQxSzqQ=; b=Pe42dqpvNnG1uA1tlCHo5h1W7sMVzmajL1/udmLTWckSLUh1SF4zS3HR9uMlnFZP9e VZWraVR7yQSQ/mnTdpwZhUZcQ9wttR1cFPe3w3Ey0iT7ErxawcPWiqtemORWfIpSPIWv 8qlw5tBtOgMWtGSsHbuDzCjJQKE3u9MTICAalZGQx6efDs9NYPOrnwlVUfx8QJKBdaul nbqbGAAaX5TqoHmCGeeNvLOVWQtYgz2ZSdCasZF6ULdoytG7AaHZmfxwpflfuQUrHx4T 80UiV9KXTPaLdZfLH9H3fb/phDxL+Iwq2EojPnnwERQCbuj5USfkzVJmDlthi/PYrPle BAlw== X-Gm-Message-State: AOJu0Yx+N0s6XmEOzRaE7VPQIJGinfCbprW/rk7y+EI9fcUt1Ze9I45i mHLfSLtkZEl80Ckntjr5JQMyEoPiTiPcidetj/cOqBhqIzR3eygt7oJ+MBDIcK1kY6/o36zntXh W X-Gm-Gg: ASbGnctSFonlq7OnpHQWbUubpTbdWZxkMSVGclo1i4iTOP3FSQlg3EdT4Ixht3+6n7w bFOyMNP5ao99ZOvh7UAyUxwUs2xrvyASdTE8y3ETr3iZ57AKezCGO6IVtXPpEGDmrvt3LtWbJA7 r9/JIFkrWk1CUIA9KV4aeYqxeE1GCgwKPhzj71rNC9fEJuD5vjnmCPVQRuE/LQ5U2PcEnM/toXd 7TC6Pl/kE7wX6BJPZy4PSzqjjVBRMgaKZkxiSA= X-Google-Smtp-Source: AGHT+IEtVnwE7N1EmZ7T03iu+Kd+0EFV3D/WYvS66IL4GhB7dFkon0gqY0GrxhBCWKH1idDri6sAMQ== X-Received: by 2002:a17:902:ea05:b0:215:b058:28a5 with SMTP id d9443c01a7336-215bd1ce4eamr34145805ad.18.1733233051164; Tue, 03 Dec 2024 05:37:31 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/16] acpica: fix CVE-2024-24856 Date: Tue, 3 Dec 2024 05:37:06 -0800 Message-Id: <5c590ccd1973d343f47e7b7171691400490dfc1a.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208191 From: Changqing Li The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../acpica/acpica_20240322.bb | 3 +- .../acpica/files/CVE-2024-24856.patch | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/acpica/files/CVE-2024-24856.patch diff --git a/meta/recipes-extended/acpica/acpica_20240322.bb b/meta/recipes-extended/acpica/acpica_20240322.bb index 90e3599d32..1f93c0d435 100644 --- a/meta/recipes-extended/acpica/acpica_20240322.bb +++ b/meta/recipes-extended/acpica/acpica_20240322.bb @@ -16,7 +16,8 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "m4-native flex-native bison-native" -SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master" +SRC_URI = "git://github.com/acpica/acpica;protocol=https;branch=master \ + file://CVE-2024-24856.patch" SRCREV = "170fc3076a86777077637f10b05c32ac21ac13aa" S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/acpica/files/CVE-2024-24856.patch b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch new file mode 100644 index 0000000000..c0c9c00d12 --- /dev/null +++ b/meta/recipes-extended/acpica/files/CVE-2024-24856.patch @@ -0,0 +1,31 @@ +From 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 Mon Sep 17 00:00:00 2001 +From: Huai-Yuan Liu +Date: Tue, 9 Apr 2024 23:23:39 +0800 +Subject: [PATCH] check null return of ACPI_ALLOCATE_ZEROED in + AcpiDbConvertToPackage + +ACPI_ALLOCATE_ZEROED may fails, Elements might be null and will cause null pointer dereference later. + +Signed-off-by: Huai-Yuan Liu + +CVE: CVE-2024-24856 +Upstream-Status: Backport [https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0] + +Signed-off-by: Changqing Li +--- + source/components/debugger/dbconvert.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/source/components/debugger/dbconvert.c b/source/components/debugger/dbconvert.c +index 6a41000036..32ad5be179 100644 +--- a/source/components/debugger/dbconvert.c ++++ b/source/components/debugger/dbconvert.c +@@ -354,6 +354,8 @@ AcpiDbConvertToPackage ( + + Elements = ACPI_ALLOCATE_ZEROED ( + DB_DEFAULT_PKG_ELEMENTS * sizeof (ACPI_OBJECT)); ++ if (!Elements) ++ return (AE_NO_MEMORY); + + This = String; + for (i = 0; i < (DB_DEFAULT_PKG_ELEMENTS - 1); i++) From patchwork Tue Dec 3 13:37:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53520 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E91CE64A98 for ; Tue, 3 Dec 2024 13:37:34 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.19380.1733233053411846330 for ; Tue, 03 Dec 2024 05:37:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ASdIa/oB; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-21561af95c3so26040205ad.3 for ; Tue, 03 Dec 2024 05:37:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233053; x=1733837853; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NKa42mTULD2X58YVxSxYhuBT7yAZ/1wCbUi5zcZw2AM=; b=ASdIa/oBrMtTEkYVlTnu+o62dwx8oOD+LqmiSUR2rvrCIGmmPPqgdJrUYyA6YZulby Thr7XXforKm0hbjYLNxrS2A572CHQRpkkraLloI+1UzlFOQlJCtz0WmKJDdOEHkkm476 /uaJmsmQkmiobpMSokYbtKGy81Pwh6sxhX+VqMLcQcv0qkISbsAEL8nRaT8FcP+5eahA BtEfBiwA95M71wcODYB9x3ceq7y1uZkOj1XduBtao/NoRS4G2CC8SHctvdvkj1Tt47cr f/qWc+s9fcSMl8Ji1uygshwCnYjCOmMnIJUswESTxJ2Esy2TBkHSR9VEz2HTVTG0hkXR hrlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233053; x=1733837853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NKa42mTULD2X58YVxSxYhuBT7yAZ/1wCbUi5zcZw2AM=; b=dZmuMHV80AeT8LD1tEaWWNKcQAA14khB4oQZk8E1LlTfYpUHjJF+vJY9EFWX5RStbq bZz6wI+tK/qGzCd5UWPi+xz/Y3xtHPZTgQAPavWznoIXyE0YsiHxCFerLI0vkxBglHA1 6L/meCfW8PXPGLjS/Mo3eKCAFuTCI0MesPpj/5jJbsg4oo9M5hHiDz+W9R8GBL5l3iB/ lBL0d8ChN0ShJ4i5H1dX4m/AdvbQeUvBnzCCoXnGlz4rNwbeWGTHnIcHDysCRdqp5A7C k3crrzTycUqAK4GFGsV3muDKT6Ppwdaftm4rQQiPfUAT8/MKrVEifsThVkT3bhs+QDZ+ ZPFA== X-Gm-Message-State: AOJu0YxCCHZzn8fMknoIHFkRxjknvKmC2kZhQ2tVJAlRqYPxpTANKLOd mv7bvYF44vBIy/Y/m1AOEC3pBXgCGy2jTq9szj/Rb+RFvKhKMy1XrdF/XShHCiRGXoZz8so5a9I G X-Gm-Gg: ASbGncsDfMeP40UH20kJwKoL77GKvUEPB35R+nf2bedKCvMdWCckhR8eTLHLPnvX4qT V45/4ZW0WCV0Bk5HPl+BPn4ppCM6roYZQsVo+PrNdKHbM9AqaLaA7ZUzk8ZpaBFrrICZgh5Cb1l bk1R8Z9OP8vFI6DzOh3f+SPWcqBss/LSfNKOH1266LSYeoMtbNbZUFVWS96WFWSHPzhZGJkTMai gB0L03+pqE4rckcnKMxPS+L4mTlEmHffZjGMZ0= X-Google-Smtp-Source: AGHT+IG6FT/qI8eu5/7aZZyhZkwMeh47t44EPGIcn+azisoGfXdysIM7NIz2m8WOu23lVFBk+FPcpA== X-Received: by 2002:a17:902:e849:b0:215:6426:30a5 with SMTP id d9443c01a7336-215bd11caa6mr29351495ad.40.1733233052688; Tue, 03 Dec 2024 05:37:32 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:32 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/16] builder: set CVE_PRODUCT Date: Tue, 3 Dec 2024 05:37:07 -0800 Message-Id: <408c987e9134180616f27ae5df3f59166eeaa6d9.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208192 From: Peter Marko Builder is a common word and there are many other builder components which makes us to ignore CVEs for all of them. There is already 1 ignored and currently 3 new ones. Instead, set product to yocto to filter them. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-graphics/builder/builder_0.1.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb index 52c9351f93..709a0b4608 100644 --- a/meta/recipes-graphics/builder/builder_0.1.bb +++ b/meta/recipes-graphics/builder/builder_0.1.bb @@ -28,4 +28,5 @@ do_install () { chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh } -CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder" +# do not report CVEs for other builder apps +CVE_PRODUCT = "yoctoproject:builder" From patchwork Tue Dec 3 13:37:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53522 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AD99E64A9A for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.19382.1733233055044386333 for ; Tue, 03 Dec 2024 05:37:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Griirp89; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2155e9dcbe7so28764015ad.3 for ; Tue, 03 Dec 2024 05:37:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233054; x=1733837854; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IAstdyO8wWB5i7L0Vq3eQls6hxuua7Ho2HsbVM749Nw=; b=Griirp89pshoSzyg2E3oONJf/zZD3QfTflE2J8Dsb8CS97tRv5pU0t4oAYwqRmWc3n xpgjEhauU7Tk8A7CqCJrTbL8rOnWFGdtJ8luD2BLiWfmOxeXh0/FpBE2enis3eH+cK2v qGIMC2HWyW0Jvhv8W2qkOlXweILTESZtgBFGbmthXSyA5PoN5dSHKbEIt0s95zj0IYBJ Gzh7us4fPr1e32EatTYovObSpNlknbZ3MFeA3ia67+x/GcYFUMf3E1Wdukgw5rNCEXJ6 OOXYdTk+iqzI+MT/77j1M3DfZQcq3Acihb1QVi3aNzjN29bg+HBc9OZPOAksYpiTIDls EOfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233054; x=1733837854; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IAstdyO8wWB5i7L0Vq3eQls6hxuua7Ho2HsbVM749Nw=; b=g72xr5SGt3RnXolH7KPXhZcGCwNLEE5+8M9SXLjOqBOcFo9fMmu25u2cgUq6dTatcF 8PyB6wJL2pudZVUqeP8csYNEKUScLCiGxEBmdzMLSy09Dzv728YwfFMzigzfFrDk/bIF BUU55r2oTr0ME+E9I+QbsiMXTKtNtXFKdxEUrAsHZGCKDpaDX8glW3NWyswNN5r9iRKn p88VuhJHYMpyKylxIXLQ2EPBO3zCIwEO8b0T/uT6sNAM0uANZLASSXcBdtEpPWRwUBMF zjA5nE4zQi4cafyKmhAjv5gJIjklAchFMSLYVkbgJs6VjyWv+zMTLv30q4roPWZYLBWA 2WyA== X-Gm-Message-State: AOJu0YyZpK+bjKUKe3OKfi0pQjzJc1iMLsYemmFJoj3sciiphTDYVzDt REq5VntfYKnsWKV59G5tOjt75dTRr9uj0r56QF4xeJjbqct5wjZUrqwTInbAJhwcqVRus448kbt 7 X-Gm-Gg: ASbGncuTYfQTKUSu84Bbjo2U7IF/g29O8nA07LRBVrWKDMUoHd45n0LvvGsw8ICmiPK qBZ0DG3VaaCgSR/t5y6Bb8qIhFQjSpjxYIBUXN2c/HjJbhHwvHmT4X3/FnmMcLl0wnW6kG9Pu/1 IRQjjjH7cPCAwrPM5X+oTQRqHRBB7sILm46d8G0IxNprkmraG9rlXUejYA1jbfcnW5u/7BB5rtm G/xURnwXR4rYO7MV6JxQD1MBBiWlKopgqBDRPM= X-Google-Smtp-Source: AGHT+IHVuke9Iq2qINE5BukyHFYvyvBCSJzneU35hLO1/FVzuYl/16WVOhnwus5iVmxgljJLizREYw== X-Received: by 2002:a17:902:e5ca:b0:215:522d:72d2 with SMTP id d9443c01a7336-215bd16f755mr26780345ad.45.1733233054246; Tue, 03 Dec 2024 05:37:34 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/16] libsndfile: fix CVE-2024-50612 Date: Tue, 3 Dec 2024 05:37:08 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208193 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libsndfile1/CVE-2024-50612.patch | 412 ++++++++++++++++++ .../libsndfile/libsndfile1_1.2.2.bb | 1 + 2 files changed, 413 insertions(+) create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch new file mode 100644 index 0000000000..d96f2915c4 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch @@ -0,0 +1,412 @@ +From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001 +From: Arthur Taylor +Date: Fri, 15 Nov 2024 19:46:53 -0800 +Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035 + +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba] +CVE: CVE-2024-50612 +Signed-off-by: Hitendra Prajapati +--- + src/ogg.c | 12 ++-- + src/ogg_opus.c | 17 +++-- + src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++--------------------- + 3 files changed, 114 insertions(+), 85 deletions(-) + +diff --git a/src/ogg.c b/src/ogg.c +index 8cd4379..534c8f7 100644 +--- a/src/ogg.c ++++ b/src/ogg.c +@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata) + + int + ogg_write_page (SF_PRIVATE *psf, ogg_page *page) +-{ int bytes ; ++{ int n ; + +- bytes = psf_fwrite (page->header, 1, page->header_len, psf) ; +- bytes += psf_fwrite (page->body, 1, page->body_len, psf) ; ++ n = psf_fwrite (page->header, 1, page->header_len, psf) ; ++ if (n == page->header_len) ++ n += psf_fwrite (page->body, 1, page->body_len, psf) ; + +- return bytes == page->header_len + page->body_len ; ++ if (n != page->body_len + page->header_len) ++ return -1 ; ++ ++ return n ; + } /* ogg_write_page */ + + sf_count_t +diff --git a/src/ogg_opus.c b/src/ogg_opus.c +index 596bb69..8e3800a 100644 +--- a/src/ogg_opus.c ++++ b/src/ogg_opus.c +@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + + /* The first page MUST only contain the header, so flush it out now */ + ogg_stream_packetin (&odata->ostream, &op) ; +- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; ) +- { if (! (nn = ogg_write_page (psf, &odata->opage))) ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ { nn = ogg_write_page (psf, &odata->opage) ; ++ if (nn < 0) + { psf_log_printf (psf, "Opus : Failed to write header!\n") ; + if (psf->error) + return psf->error ; + return SFE_INTERNAL ; + } ; + psf->dataoffset += nn ; +- } ++ } ; + + /* + ** Metadata Tags (manditory) +@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ; + op.packetno = 2 ; + ogg_stream_packetin (&odata->ostream, &op) ; +- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; ) +- { if (! (nn = ogg_write_page (psf, &odata->opage))) ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ { nn = ogg_write_page (psf, &odata->opage) ; ++ if (nn < 0) + { psf_log_printf (psf, "Opus : Failed to write comments!\n") ; + if (psf->error) + return psf->error ; + return SFE_INTERNAL ; + } ; + psf->dataoffset += nn ; +- } ++ } ; + + return 0 ; + } /* ogg_opus_write_header */ +@@ -1132,7 +1134,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus) + if (nbytes > 0) + { oopus->u.encode.last_segments -= ogg_page_segments (&odata->opage) ; + oopus->pg_pos = oopus->pkt_pos ; +- ogg_write_page (psf, &odata->opage) ; ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + } + else + break ; +diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c +index f9428ed..2cdbed3 100644 +--- a/src/ogg_vorbis.c ++++ b/src/ogg_vorbis.c +@@ -82,28 +82,6 @@ + /* How many seconds in the future to not bother bisection searching for. */ + #define VORBIS_SEEK_THRESHOLD 2 + +-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; +- +-static int vorbis_read_header (SF_PRIVATE *psf) ; +-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; +-static int vorbis_close (SF_PRIVATE *psf) ; +-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; +-static int vorbis_byterate (SF_PRIVATE *psf) ; +-static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ; +-static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ; +-static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ; +-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; +-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; +-static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ; +- + typedef struct + { int id ; + const char *name ; +@@ -145,6 +123,45 @@ typedef struct + sf_count_t last_page ; + } VORBIS_PRIVATE ; + ++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; ++ ++static int vorbis_read_header (SF_PRIVATE *psf) ; ++static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; ++static int vorbis_close (SF_PRIVATE *psf) ; ++static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; ++static int vorbis_byterate (SF_PRIVATE *psf) ; ++static int vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ; ++static int vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ; ++static int vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ; ++static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; ++static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; ++static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ; ++static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ; ++static void vorbis_log_error (SF_PRIVATE *psf, int error) ; ++ ++ ++static void ++vorbis_log_error(SF_PRIVATE *psf, int error) { ++ switch (error) ++ { case 0: return; ++ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ; ++ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ; ++ case OV_EFAULT: ++ case OV_EINVAL: ++ default: psf->error = SFE_INTERNAL ; ++ } ; ++} ; ++ + static int + vorbis_read_header (SF_PRIVATE *psf) + { OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; +@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + { ogg_packet header ; + ogg_packet header_comm ; + ogg_packet header_code ; +- int result ; + + vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ; + ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */ +@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + /* This ensures the actual + * audio data will start on a new page, as per spec + */ +- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0) +- { ogg_write_page (psf, &odata->opage) ; +- } ; ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + } + + return 0 ; +@@ -402,6 +418,7 @@ static int + vorbis_close (SF_PRIVATE *psf) + { OGG_PRIVATE* odata = psf->container_data ; + VORBIS_PRIVATE *vdata = psf->codec_data ; ++ int ret = 0 ; + + if (odata == NULL || vdata == NULL) + return 0 ; +@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf) + if (psf->file.mode == SFM_WRITE) + { + if (psf->write_current <= 0) +- vorbis_write_header (psf, 0) ; +- +- vorbis_analysis_wrote (&vdata->vdsp, 0) ; +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) +- { ++ ret = vorbis_write_header (psf, 0) ; + +- /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; +- +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) +- { /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; +- +- /* write out pages (if any) */ +- while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) break ; +- ogg_write_page (psf, &odata->opage) ; +- +- /* this could be set above, but for illustrative purposes, I do +- it here (to show that vorbis does know where the stream ends) */ +- +- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ; +- } +- } +- } +- } ++ if (ret == 0) ++ { /* A write of zero samples tells Vorbis the stream is done and to ++ flush. */ ++ ret = vorbis_write_samples (psf, odata, vdata, 0) ; ++ } ; ++ } ; + + /* ogg_page and ogg_packet structs always point to storage in + libvorbis. They are never freed or manipulated directly */ +@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf) + vorbis_comment_clear (&vdata->vcomment) ; + vorbis_info_clear (&vdata->vinfo) ; + +- return 0 ; ++ return ret ; + } /* vorbis_close */ + + int +@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens) + /*============================================================================== + */ + +-static void ++static int + vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) +-{ +- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ; ++{ int ret ; ++ ++ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0) ++ return ret ; + + /* + ** Vorbis does some data preanalysis, then divvies up blocks for + ** more involved (potentially parallel) processing. Get a single + ** block for encoding now. + */ +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) ++ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1) + { + /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; ++ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0) ++ return ret ; ++ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0) ++ return ret ; + +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) ++ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1) + { + /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; ++ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0) ++ return ret ; + + /* write out pages (if any) */ + while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) ++ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ; ++ if (ret == 0) + break ; +- ogg_write_page (psf, &odata->opage) ; ++ ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + + /* This could be set above, but for illustrative purposes, I do + ** it here (to show that vorbis does know where the stream ends) */ +@@ -722,16 +726,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata + odata->eos = 1 ; + } ; + } ; ++ if (ret != 0) ++ return ret ; + } ; ++ if (ret != 0) ++ return ret ; + + vdata->gp += in_frames ; ++ ++ return 0 ; + } /* vorbis_write_data */ + + + static sf_count_t + vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) + { +- int i, m, j = 0 ; ++ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 32767.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_s */ + + static sf_count_t + vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_i */ + + static sf_count_t + vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_f */ + + static sf_count_t + vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_d */ +@@ -884,7 +906,7 @@ vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) + return 0 ; + + /* Search for a position a half large-block before our target. As Vorbis is +- ** lapped, every sample position come from two blocks, the "left" half of ++ ** lapped, every sample position comes from two blocks, the "left" half of + ** one block and the "right" half of the previous block. The granule + ** position of an Ogg page of a Vorbis stream is the sample offset of the + ** last finished sample in the stream that can be decoded from a page. A +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb index a9ee7c3575..2a1b96d5e7 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb @@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \ file://noopus.patch \ file://cve-2022-33065.patch \ + file://CVE-2024-50612.patch \ " GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/" From patchwork Tue Dec 3 13:37:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53526 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B330E64AA1 for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.19582.1733233057563581306 for ; Tue, 03 Dec 2024 05:37:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=F2dYKam2; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-215bd2c32a6so7306315ad.1 for ; Tue, 03 Dec 2024 05:37:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233057; x=1733837857; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WqqwygsYogRfXq3FcjEQlLjiAY7c3tAId1HbIRxfa7A=; b=F2dYKam2AQAUxYUdOD7k4tdTGEF8667/3oLjXU82Rls8cpehQHX03Clsvdl15R9o/7 PwjJqtbKMqM/Z46BUzeO4FdpeB2DaQubKFLqyLHMbANrapjBj1ZLgLvxrZwHASr5QrHM msukXFqs5atUkxp9M4TDjdGxVrUyIq3BAZSHLCJPCdLoyCsj4K5FVpudsBgxqL2yC9oN C1UgcoHKfYppl1Un/DJ0UtdeqvoPHRc2e7pk+jxigoARldepaURcGaSnjvs5px1JDbo3 4uyuAlNXYNh3nIBwg/5w4kvSB8UTbfepwK4evTFnJhtRaQB4dlZwZhNoDDR1nBd4wUCc xe8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233057; x=1733837857; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WqqwygsYogRfXq3FcjEQlLjiAY7c3tAId1HbIRxfa7A=; b=P+SFhWijvT8+XWEcQvTKbq7DMEIEU9AdP4nMq8t6LKNsLC6jxWer3lVTR00HQwBSLo D7PPHQXsqWRFixZvYEz6Y8DGZdc/KCBzAhawNwYvj8WPvHFzFOJkmxUM7xI3Yuc7Vr7v pE3cZrfVbPcD7X8M4v65nNT+1Op1LyJr7hM8EjNerQODCAQNIWndy2rAytWhzRKQCq6z GbRogcku2SM6UfonEe8wKV2/7NlrgZrz6jF9floEhJ4oPFXXhy2o6vKSQ4zB2PkmQL8V LbHUWqUTum9z5Ia8zyP+nyj+AIchUw9EQjlcBdki8gyoMnfG85arH+9CAWCASZaiHZsH NBog== X-Gm-Message-State: AOJu0Yxcfank40+VMpqROuq0FLrYXM/i6U6idFJCj3CMDuuRnj6bgnqc rmTfBj2pYIy7mm7/U9BMdxbRGG4+LJjw4XK0f/1/vvBPV8rb5lsmF6yK6Lpz0EMX3YC7ahj60lE g X-Gm-Gg: ASbGncsnkrgLBbaUYILuFgC4vhobs6jojJ/cJKl67lVPpbyklN5zfMbRmRSI/5aSnkN qypQZzR4smM5xn53JxKLiNGsniT9uetvJ1HTxvAV2wxC0YcF56n8GW9zKdEtOlGQoUCrY92bbtL pntPeyvVcGqPOmMbJSRObHoTgU1krd36kH95Lg6uLDtoFYKpwq4qr8lLZ3Yx+1xQbmPtWTe+OPc 5yPg8tzULayk8SIacHaITbh4K5JY7oqbctZiZM= X-Google-Smtp-Source: AGHT+IGsaT5MG17grGmVNJgEZihOxvGwW+U4ilJ2Aw3P/z5oPYzLFpPtFJmv+If6METveJALiJrMGw== X-Received: by 2002:a17:902:e743:b0:215:a96d:ec17 with SMTP id d9443c01a7336-215bd0d2fb6mr33736975ad.14.1733233056566; Tue, 03 Dec 2024 05:37:36 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:36 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/16] libsoup: fix CVE-2024-52530, CVE-2024-52531 Date: Tue, 3 Dec 2024 05:37:09 -0800 Message-Id: <0af9ac076cdbab70f526520acbbb0c38d237c407.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208194 From: Changqing Li CVE-2024-52531: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52531 CVE-2024-52530: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52530 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup-3.4.4/CVE-2024-52530.patch | 150 ++++++++++++++++++ .../libsoup-3.4.4/CVE-2024-52531-1.patch | 116 ++++++++++++++ .../libsoup-3.4.4/CVE-2024-52531-2.patch | 40 +++++ .../libsoup-3.4.4/CVE-2024-52531-3.patch | 136 ++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 + 5 files changed, 446 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch new file mode 100644 index 0000000000..fb6d5c3c6f --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52530.patch @@ -0,0 +1,150 @@ +From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Mon, 8 Jul 2024 12:33:15 -0500 +Subject: [PATCH] headers: Strictly don't allow NUL bytes + +In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem. + +CVE: CVE-2024-52530 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b] + +Signed-off-by: Changqing Li +--- + libsoup/soup-headers.c | 15 +++------ + tests/header-parsing-test.c | 62 +++++++++++++++++-------------------- + 2 files changed, 32 insertions(+), 45 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index a0cf351ac..f30ee467a 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + * ignorable trailing whitespace. + */ + ++ /* No '\0's are allowed */ ++ if (memchr (str, '\0', len)) ++ return FALSE; ++ + /* Skip over the Request-Line / Status-Line */ + headers_start = memchr (str, '\n', len); + if (!headers_start) + return FALSE; +- /* No '\0's in the Request-Line / Status-Line */ +- if (memchr (str, '\0', headers_start - str)) +- return FALSE; + + /* We work on a copy of the headers, which we can write '\0's + * into, so that we don't have to individually g_strndup and +@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest) + headers_copy[copy_len] = '\0'; + value_end = headers_copy; + +- /* There shouldn't be any '\0's in the headers already, but +- * this is the web we're talking about. +- */ +- while ((p = memchr (headers_copy, '\0', copy_len))) { +- memmove (p, p + 1, copy_len - (p - headers_copy)); +- copy_len--; +- } +- + while (*(value_end + 1)) { + name = value_end + 1; + name_end = strchr (name, ':'); +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index edf8eebb3..715c2c6f2 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -358,24 +358,6 @@ static struct RequestTest { + } + }, + +- { "NUL in header name", "760832", +- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36, +- SOUP_STATUS_OK, +- "GET", "/", SOUP_HTTP_1_1, +- { { "Host", "example.com" }, +- { NULL } +- } +- }, +- +- { "NUL in header value", "760832", +- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35, +- SOUP_STATUS_OK, +- "GET", "/", SOUP_HTTP_1_1, +- { { "Host", "examplecom" }, +- { NULL } +- } +- }, +- + /************************/ + /*** INVALID REQUESTS ***/ + /************************/ +@@ -448,6 +430,21 @@ static struct RequestTest { + SOUP_STATUS_EXPECTATION_FAILED, + NULL, NULL, -1, + { { NULL } } ++ }, ++ ++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 ++ { "NUL in header name", NULL, ++ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } ++ }, ++ ++ { "NUL in header value", NULL, ++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } + } + }; + static const int num_reqtests = G_N_ELEMENTS (reqtests); +@@ -620,22 +617,6 @@ static struct ResponseTest { + { NULL } } + }, + +- { "NUL in header name", "760832", +- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28, +- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK", +- { { "Foo", "bar" }, +- { NULL } +- } +- }, +- +- { "NUL in header value", "760832", +- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, +- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK", +- { { "Foo", "bar" }, +- { NULL } +- } +- }, +- + /********************************/ + /*** VALID CONTINUE RESPONSES ***/ + /********************************/ +@@ -768,6 +749,19 @@ static struct ResponseTest { + { { NULL } + } + }, ++ ++ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 ++ { "NUL in header name", NULL, ++ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28, ++ -1, 0, NULL, ++ { { NULL } } ++ }, ++ ++ { "NUL in header value", "760832", ++ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28, ++ -1, 0, NULL, ++ { { NULL } } ++ }, + }; + static const int num_resptests = G_N_ELEMENTS (resptests); + +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch new file mode 100644 index 0000000000..c8e855c128 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-1.patch @@ -0,0 +1,116 @@ +From 4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 27 Aug 2024 12:18:58 -0500 +Subject: [PATCH] fuzzing: Cover soup_header_parse_param_list + +CVE: CVE-2024-52531 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=4ec9e3d286b6d3e982cb0fc3564dee0bf8d87ede] + +Signed-off-by: Changqing Li + +--- + fuzzing/fuzz.h | 9 +++++++-- + fuzzing/fuzz_header_parsing.c | 19 +++++++++++++++++++ + fuzzing/fuzz_header_parsing.dict | 8 ++++++++ + fuzzing/meson.build | 2 ++ + 4 files changed, 36 insertions(+), 2 deletions(-) + create mode 100644 fuzzing/fuzz_header_parsing.c + create mode 100644 fuzzing/fuzz_header_parsing.dict + +diff --git a/fuzzing/fuzz.h b/fuzzing/fuzz.h +index 0d380285..f3bd28ee 100644 +--- a/fuzzing/fuzz.h ++++ b/fuzzing/fuzz.h +@@ -1,13 +1,14 @@ + #include "libsoup/soup.h" + + int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size); ++static int set_logger = 0; + + #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + static GLogWriterOutput + empty_logging_func (GLogLevelFlags log_level, const GLogField *fields, + gsize n_fields, gpointer user_data) + { +- return G_LOG_WRITER_HANDLED; ++ return G_LOG_WRITER_HANDLED; + } + #endif + +@@ -16,6 +17,10 @@ static void + fuzz_set_logging_func (void) + { + #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +- g_log_set_writer_func (empty_logging_func, NULL, NULL); ++ if (!set_logger) ++ { ++ set_logger = 1; ++ g_log_set_writer_func (empty_logging_func, NULL, NULL); ++ } + #endif + } +diff --git a/fuzzing/fuzz_header_parsing.c b/fuzzing/fuzz_header_parsing.c +new file mode 100644 +index 00000000..a8e5c1f9 +--- /dev/null ++++ b/fuzzing/fuzz_header_parsing.c +@@ -0,0 +1,19 @@ ++#include "fuzz.h" ++ ++int ++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) ++{ ++ GHashTable *elements; ++ ++ // We only accept NUL terminated strings ++ if (!size || data[size - 1] != '\0') ++ return 0; ++ ++ fuzz_set_logging_func (); ++ ++ elements = soup_header_parse_param_list((char*)data); ++ ++ g_hash_table_unref(elements); ++ ++ return 0; ++} +\ No newline at end of file +diff --git a/fuzzing/fuzz_header_parsing.dict b/fuzzing/fuzz_header_parsing.dict +new file mode 100644 +index 00000000..1562ca3a +--- /dev/null ++++ b/fuzzing/fuzz_header_parsing.dict +@@ -0,0 +1,8 @@ ++"*=UTF-8''" ++"*=iso-8859-1''" ++"'" ++"''" ++"=" ++"*=" ++""" ++";" +\ No newline at end of file +diff --git a/fuzzing/meson.build b/fuzzing/meson.build +index b14cbb50..5dd0f417 100644 +--- a/fuzzing/meson.build ++++ b/fuzzing/meson.build +@@ -5,6 +5,7 @@ fuzz_targets = [ + 'fuzz_cookie_parse', + 'fuzz_content_sniffer', + 'fuzz_date_time', ++ 'fuzz_header_parsing', + ] + + fuzzing_args = '-fsanitize=fuzzer,address,undefined' +@@ -34,6 +35,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto()) + '-runs=200000', + '-artifact_prefix=meson-logs/' + target + '-', + '-print_final_stats=1', ++ '-max_len=4096', + ] + extra_args, + env: [ + 'ASAN_OPTIONS=fast_unwind_on_malloc=0', +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch new file mode 100644 index 0000000000..7e0d81ba4c --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-2.patch @@ -0,0 +1,40 @@ +From 825fda3425546847b42ad5270544e9388ff349fe Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 27 Aug 2024 13:52:08 -0500 +Subject: [PATCH] tests: Add test for passing invalid UTF-8 to + soup_header_parse_semi_param_list() + +CVE: CVE-2024-52531 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=825fda3425546847b42ad5270544e9388ff349fe] + +Signed-off-by: Changqing Li +--- + tests/header-parsing-test.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index 715c2c6f..5e423d2b 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -825,6 +825,17 @@ static struct ParamListTest { + { "filename", "t\xC3\xA9st.txt" }, + }, + }, ++ ++ /* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */ ++ { TRUE, ++ "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo", ++ { ++ { "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" }, ++ { "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" }, ++ { "foo", NULL }, ++ ++ }, ++ } + }; + static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests); + +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch new file mode 100644 index 0000000000..a47c8747c5 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2024-52531-3.patch @@ -0,0 +1,136 @@ +From a35222dd0bfab2ac97c10e86b95f762456628283 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 27 Aug 2024 13:53:26 -0500 +Subject: [PATCH] headers: Be more robust against invalid input when parsing + params + +If you pass invalid input to a function such as soup_header_parse_param_list_strict() +it can cause an overflow if it decodes the input to UTF-8. + +This should never happen with valid UTF-8 input which libsoup's client API +ensures, however it's server API does not currently. + +CVE: CVE-2024-52531 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=a35222dd0bfab2ac97c10e86b95f762456628283] + +Signed-off-by: Changqing Li + +--- + libsoup/soup-headers.c | 46 ++++++++++++++++++++++-------------------- + 1 file changed, 24 insertions(+), 22 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index f30ee467..613e1905 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -646,8 +646,9 @@ soup_header_contains (const char *header, const char *token) + } + + static void +-decode_quoted_string (char *quoted_string) ++decode_quoted_string_inplace (GString *quoted_gstring) + { ++ char *quoted_string = quoted_gstring->str; + char *src, *dst; + + src = quoted_string + 1; +@@ -661,10 +662,11 @@ decode_quoted_string (char *quoted_string) + } + + static gboolean +-decode_rfc5987 (char *encoded_string) ++decode_rfc5987_inplace (GString *encoded_gstring) + { + char *q, *decoded; + gboolean iso_8859_1 = FALSE; ++ const char *encoded_string = encoded_gstring->str; + + q = strchr (encoded_string, '\''); + if (!q) +@@ -696,14 +698,7 @@ decode_rfc5987 (char *encoded_string) + decoded = utf8; + } + +- /* If encoded_string was UTF-8, then each 3-character %-escape +- * will be converted to a single byte, and so decoded is +- * shorter than encoded_string. If encoded_string was +- * iso-8859-1, then each 3-character %-escape will be +- * converted into at most 2 bytes in UTF-8, and so it's still +- * shorter. +- */ +- strcpy (encoded_string, decoded); ++ g_string_assign (encoded_gstring, decoded); + g_free (decoded); + return TRUE; + } +@@ -713,15 +708,17 @@ parse_param_list (const char *header, char delim, gboolean strict) + { + GHashTable *params; + GSList *list, *iter; +- char *item, *eq, *name_end, *value; +- gboolean override, duplicated; + + params = g_hash_table_new_full (soup_str_case_hash, + soup_str_case_equal, +- g_free, NULL); ++ g_free, g_free); + + list = parse_list (header, delim); + for (iter = list; iter; iter = iter->next) { ++ char *item, *eq, *name_end; ++ gboolean override, duplicated; ++ GString *parsed_value = NULL; ++ + item = iter->data; + override = FALSE; + +@@ -736,19 +733,19 @@ parse_param_list (const char *header, char delim, gboolean strict) + + *name_end = '\0'; + +- value = (char *)skip_lws (eq + 1); ++ parsed_value = g_string_new ((char *)skip_lws (eq + 1)); + + if (name_end[-1] == '*' && name_end > item + 1) { + name_end[-1] = '\0'; +- if (!decode_rfc5987 (value)) { ++ if (!decode_rfc5987_inplace (parsed_value)) { ++ g_string_free (parsed_value, TRUE); + g_free (item); + continue; + } + override = TRUE; +- } else if (*value == '"') +- decode_quoted_string (value); +- } else +- value = NULL; ++ } else if (parsed_value->str[0] == '"') ++ decode_quoted_string_inplace (parsed_value); ++ } + + duplicated = g_hash_table_lookup_extended (params, item, NULL, NULL); + +@@ -756,11 +753,16 @@ parse_param_list (const char *header, char delim, gboolean strict) + soup_header_free_param_list (params); + params = NULL; + g_slist_foreach (iter, (GFunc)g_free, NULL); ++ if (parsed_value) ++ g_string_free (parsed_value, TRUE); + break; +- } else if (override || !duplicated) +- g_hash_table_replace (params, item, value); +- else ++ } else if (override || !duplicated) { ++ g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL); ++ } else { ++ if (parsed_value) ++ g_string_free (parsed_value, TRUE); + g_free (item); ++ } + } + + g_slist_free (list); +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index 0e66715589..b2e32b892a 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -14,6 +14,10 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2024-52532-0001.patch \ file://CVE-2024-52532-0002.patch \ + file://CVE-2024-52530.patch \ + file://CVE-2024-52531-1.patch \ + file://CVE-2024-52531-2.patch \ + file://CVE-2024-52531-3.patch \ " SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa" From patchwork Tue Dec 3 13:37:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53525 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AF56E64AA3 for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.19386.1733233059356766172 for ; Tue, 03 Dec 2024 05:37:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wHBjFWYO; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-215cc7b0c56so2902945ad.3 for ; Tue, 03 Dec 2024 05:37:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233059; x=1733837859; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PYM3t1AZz0Q/rWsT46gID8CxDHLNQO7IsgP4cTRdZO4=; b=wHBjFWYOpD/3X4uyJ9gkyTFtErItdboTVdqwbySVq4FDgbbXJBSNi8JYPQxzo071k0 LGgjEJmZ0EJ/kyMHNK15F5BK8AvRDMiyma7vyBgJpC6RpPCjcfO0N+AjtcBoMVbfcNcP YTSjYKzoG5zzNcQ29tdgF0iL0yobRtzl6prn7wa/9abNzuEwhFMg85/sfJaKMInZHj8Y 50B9tYkC1TbnzLVjN2UAOoIhV5wTifs44umNKDDjgUvoeKCdJfLjgpnNF9QZE8Bt1A1k 069nL533C+WJRe6HHtka7hoGRG7HkUZEn2V3P1ljggF8SjUgEQatYu64wP26riTix9ZN 3VHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233059; x=1733837859; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PYM3t1AZz0Q/rWsT46gID8CxDHLNQO7IsgP4cTRdZO4=; b=snTKT4GSOo2q4gLaNhvpT6XzHchgcaq1QmXjwEgYCqLJEwiO+cFxX+8TQHjedozEan 2ZTwx8GaiCIRTr5s5L2mK+UJdMOQj5RWBMigR2peqYWslzMUTgxeNlc4MLWxYazijwjK svYofKgyPpoXIAd6Ir54ZA//o9fqAihLvh69tVjk6c51ZtuAaYypRuaAIWTDhZ648nhA UZZPav1Rz5rA4Ffn95Uo3lbbSQkIiC6Fc2LpJ67VKp1a+IZbBKq09nBqqrAs95QbImNF gzdPkXps34h8F2i7BT9l5jgH3wS6GvrDOwvZoDXXeaJEpZ5F5dXmpg1H9+5dbiJoA5zT iUCw== X-Gm-Message-State: AOJu0Yxj1XMgyAmZGFqRsOJEaPVqQfx24bX7FOgglsWdrzRZHdR6M/wg MS87z5Y5eEEf31vuKQ74N5tReJtZ9/cJuEcgfkvRFIb9qPYyTtEsNf7h652hm6vstnOmtDm+BdP E X-Gm-Gg: ASbGnctdhQ6X4hrRosELgi34RXwus0GiqBgKCPutnB4a8P14Pvuaj4oknJvUSxeAbrO iLqeiV9sJpv5j4k2J+PdrEQ83m48Yjbc0fkeDzJfjzZRH+No+zWsbmDWMzJ8TVqfn8HLGLCJtVB b6qR0zl2gjl3Xd7Izu+bQIaT1BxlF77orqEZQ23/xJydSoCltWt5jn5HHrtZx2KvRun2zHbgnJ9 jG2a5mLPbLJ8iENk/q9a28kF0qEP+qpy5mZGDM= X-Google-Smtp-Source: AGHT+IHdO5THbgza4O+ISvg9Q2d8xzGBFg1l+e7wtN0FWH4Bjk8anopFV+iM+5aVDMsY4tg3x/sBhQ== X-Received: by 2002:a17:902:d490:b0:212:4aec:f646 with SMTP id d9443c01a7336-215bd10fe24mr29489665ad.33.1733233058488; Tue, 03 Dec 2024 05:37:38 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:38 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/16] tzdata&tzcode-native: upgrade 2024a -> 2024b Date: Tue, 3 Dec 2024 05:37:10 -0800 Message-Id: <76fcb907f4db9ec64669d81e5e9c6baffac71973.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208195 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman (cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22) Signed-off-by: Steve Sakoman --- .../glib-2.0/gdatetime-test-fail-0001.patch | 72 +++++++++++++++++++ .../glib-2.0/gdatetime-test-fail-0002.patch | 65 +++++++++++++++++ .../glib-2.0/gdatetime-test-fail-0003.patch | 63 ++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 3 + meta/recipes-extended/timezone/timezone.inc | 6 +- 5 files changed, 206 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch new file mode 100644 index 0000000000..1997f88f12 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0001.patch @@ -0,0 +1,72 @@ +From 39af934b11ec7bb8f943ba963919816266a3316e Mon Sep 17 00:00:00 2001 +From: "Rebecca N. Palmer" +Date: Fri, 11 Oct 2024 09:38:52 +0100 +Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly + -8/-7 + +In newer tzdata, it is an alias for America/Los_Angeles, which has a +slightly different meaning: DST did not exist there before 1883. As a +result, we can no longer hard-code the knowledge that interval 0 is +standard time and interval 1 is summer time, and instead we need to look +up the correct intervals from known timestamps. + +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502 +Bug-Debian: https://bugs.debian.org/1084190 +[smcv: expand commit message, fix whitespace] +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/c0619f08e6c608fd6464d2f0c6970ef0bbfb9ecf] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 141263b66..cfe00906d 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2625,6 +2625,7 @@ test_posix_parse (void) + { + GTimeZone *tz; + GDateTime *gdt1, *gdt2; ++ gint i1, i2; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2648,16 +2649,25 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. ++ * ++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in ++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, ++ * and hence be aware that DST has not always existed. ++ * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600); +- g_assert (!g_time_zone_is_dst (tz, 0)); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600); +- g_assert (g_time_zone_is_dst (tz, 1)); ++ /* a date in winter = non-DST */ ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); ++ /* approximately 6 months in seconds, i.e. a date in summer = DST */ ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); ++ g_assert (!g_time_zone_is_dst (tz, i1)); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); ++ g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch new file mode 100644 index 0000000000..b3d11b5076 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0002.patch @@ -0,0 +1,65 @@ +From 27eb6eb01d5752c201dd2ec02f656463d12ebee0 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:03:19 +0100 +Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously + correct + +Instead of using timestamp 0 as a magic number (in this case interpreted +as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent +year/month/day in winter, in this case 2024-01-01T00:00:00-08:00. + +Similarly, instead of using a timestamp 15 million seconds later +(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent +year/month/day in summer, in this case 2024-07-01T00:00:00-07:00. + +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/30e9cfa5733003cd1079e0e9e8a4bff1a191171a] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index cfe00906d..22aa5112a 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2649,19 +2649,16 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. +- * +- * Intervals i1 and i2 (rather than 0 and 1) are needed because in +- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, +- * and hence be aware that DST has not always existed. +- * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); + /* a date in winter = non-DST */ +- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); +- /* approximately 6 months in seconds, i.e. a date in summer = DST */ +- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); ++ /* a date in summer = DST */ ++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0); ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2)); + g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); + g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); + g_assert (!g_time_zone_is_dst (tz, i1)); +@@ -2669,6 +2666,8 @@ test_posix_parse (void) + g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); + g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); ++ g_date_time_unref (gdt1); ++ g_date_time_unref (gdt2); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); + #ifdef G_OS_WIN32 +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch new file mode 100644 index 0000000000..b9afad15c5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/gdatetime-test-fail-0003.patch @@ -0,0 +1,63 @@ +From 9dd5e9f49620f13a3eaf2b862b7aa3c680953f01 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:23:42 +0100 +Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is + not available + +On recent versions of Debian, PST8PDT is part of the tzdata-legacy +package, which is not always installed and might disappear in future. +Successfully tested with and without tzdata-legacy on Debian unstable. + +Signed-off-by: Simon McVittie + +Upstream-Status: Backport +[https://github.com/GNOME/glib/commit/fe2699369f79981dcf913af4cfd98b342b84a9c1] + +Signed-off-by: Jinfeng Wang +--- + glib/tests/gdatetime.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 22aa5112a..4e963b171 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2626,6 +2626,7 @@ test_posix_parse (void) + GTimeZone *tz; + GDateTime *gdt1, *gdt2; + gint i1, i2; ++ const char *expect_id; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2648,11 +2649,25 @@ test_posix_parse (void) + g_time_zone_unref (tz); + + /* This fails rules_from_identifier on Unix (though not on Windows) +- * but passes anyway because PST8PDT is a zone name. ++ * but can pass anyway because PST8PDT is a legacy System V zone name. + */ + tz = g_time_zone_new_identifier ("PST8PDT"); ++ expect_id = "PST8PDT"; ++ ++#ifndef G_OS_WIN32 ++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and ++ * not always present in some OSs; fall back to the equivalent geographical ++ * name if the "backward" time zones are absent. */ ++ if (tz == NULL) ++ { ++ g_test_message ("Legacy PST8PDT time zone not available, falling back"); ++ tz = g_time_zone_new_identifier ("America/Los_Angeles"); ++ expect_id = "America/Los_Angeles"; ++ } ++#endif ++ + g_assert_nonnull (tz); +- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); ++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id); + /* a date in winter = non-DST */ + gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); + i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); +-- +2.34.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index 506e72bd4c..ce7c57df9a 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -18,6 +18,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://memory-monitor.patch \ file://skip-timeout.patch \ file://CVE-2024-52533.patch \ + file://gdatetime-test-fail-0001.patch \ + file://gdatetime-test-fail-0002.patch \ + file://gdatetime-test-fail-0003.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 4734adcc08..adf095280f 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2024a" +PV = "2024b" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8" -SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" +SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672" +SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550" From patchwork Tue Dec 3 13:37:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53521 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A2BDE64A9F for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.19585.1733233060625198165 for ; Tue, 03 Dec 2024 05:37:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=JUIu/Uwn; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-215810fff52so26067995ad.1 for ; Tue, 03 Dec 2024 05:37:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233060; x=1733837860; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zF00SuKBwxVv/UMXHZzUAWFBgqhIQBb5PUBhdzzRIyI=; b=JUIu/UwngN649mkCj3AjOJbwQCwRM6GhnQHh8KiXJmiE4h43i6XGoxUJ1rTARW3gQM xraSbd+ZG5e4Y3C6PdBFnwmaxDFeeYdYjmfVnVXsDf4kKCP658/Ko/d5CN7JpCf+5A7j z+W8tFXgiLjYlJyJ6gSiLcxeKYrQUnEnrABDhl4QrAYqObeIb6fkDodFH3QDCJfvSCFF Duy9l5Xcbl68eqAK4BmQ/WQBb4kOvCaP2ls118kUM2jaZ5N0riVf1RGA1zh1NVEiVVT/ LidioyBFvr8t4VY7RKUgyLL4tOZpmrvjVEHULch1/dzNW7FP+wzjyK+I3yio7POKTOxv LVow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233060; x=1733837860; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zF00SuKBwxVv/UMXHZzUAWFBgqhIQBb5PUBhdzzRIyI=; b=vLZjWPbAMGsWNUcmKgNOjV37Si8co9qwx1iD6SsVhjHaY2IbWbUGdLWOK90Wk7N69q U7lC5TMOVE5SAy9jVvaoAWK22tmZguu9rL2ggdKtua9OoZc9DRGJo/4njVd28j33+OZT ErDcHf848hNmgfkW+lbZM/P7PKBmcILCmsFCSWWW1k233FTTWfJaHp7waV+H5MpUIbZu JxW6TTyDg3A5cL3Yc8aKEoNk8guNmYkddfvqtU6GsKaXqywO0/KgxqLLqGKZyAO6TH7k 8iIf1M4SX3BXI/T3nG4zog+JmIQwFEQUTgOyrGUkgQWv20vExQ4ZH8LMx2E6DXx/eEm7 Q2pg== X-Gm-Message-State: AOJu0YwjTq1mo+SA333X3kzGsoS4QtSKyn6/Q0Lvod5HfyZzsbWfxHl1 dMD3u4e1tSA7px5sQFtTuyzHQn47mfs8ok9BDXNz8ITM4MrA/DrKlX/8fY9rA3v/asRl/jgc0WN m X-Gm-Gg: ASbGncutfsvHy6Pxg11YVnF/OL0pus0/Jm2xAmCDPJHJCtf1nOKatQP6/x9W98vcsmv g5W/Nem3Tj4oEnJ1IDWtKCK3+5c2TWaq1qNJZdM/idW2BxnZ8oI2uZC+38KhAcG8bvMeDcpqQhw DwONPrSqqAIJ6zduv97dLkE4NCI0i6zuoOmyFc7qPttwEP/NM25BfTsaBUbJaCkSkTCcr5AbmYx dYNx1LPwEonvIjtAs31ECtfT590nhj0+vEk41U= X-Google-Smtp-Source: AGHT+IEV9gePUgAiSrqu5ZkYZ+O6PK0KqABCT+O0EGtmsTA4DqSqgoLVv5MArxQAilNkIhNQKd0YxA== X-Received: by 2002:a17:902:ec81:b0:215:76c7:451d with SMTP id d9443c01a7336-215bd1c9e43mr25243045ad.13.1733233059853; Tue, 03 Dec 2024 05:37:39 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/16] python3-urllib3: upgrade 2.2.1 -> 2.2.2 Date: Tue, 3 Dec 2024 05:37:11 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208196 From: Trevor Gamblin (From OE-Core rev: 32fdd5673c25084af4ba295b271455cd92ca09d5) Signed-off-by: Trevor Gamblin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- .../{python3-urllib3_2.2.1.bb => python3-urllib3_2.2.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_2.2.1.bb => python3-urllib3_2.2.2.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_2.2.1.bb rename to meta/recipes-devtools/python/python3-urllib3_2.2.2.bb index fc1828b4ee..31a03a60b3 100644 --- a/meta/recipes-devtools/python/python3-urllib3_2.2.1.bb +++ b/meta/recipes-devtools/python/python3-urllib3_2.2.2.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda" -SRC_URI[sha256sum] = "d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19" +SRC_URI[sha256sum] = "dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168" inherit pypi python_hatchling From patchwork Tue Dec 3 13:37:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53524 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69851E64A9E for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.19586.1733233062131375206 for ; Tue, 03 Dec 2024 05:37:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=lrbcSpvL; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-215666ea06aso22116705ad.0 for ; Tue, 03 Dec 2024 05:37:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233061; x=1733837861; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6rUDM+o1XOazbzWTK0N/5kQXVFTKBoweZtfab8YsYrs=; b=lrbcSpvL43yjg44TUJmMg+IoUbKM1PL+PhQiQrU9UXg5ydOFQVoAtD4tyL++tQOwRk 8pkb7h61UU+hI2c8FkemOp+ddPPcD8KuITyxqrmi9LdTIm5sRKU40a4ZCYnB0Wlt8ME9 B3aLdwiZaArZVMm1jBAMVURQaHEsjBKkNc7yob5VFjs2HPNXAnecya+wOTkxb7qY2jMg E0Ge3kfKGzuTVMy0yewuzz+ChTSs32rSke8MUnVr/niDNj6BIRVXf60b44pz4LCayiyD HI7aBLE8AZNYraaNKlVSn9sjoUaio+4cmY8Ks/isAERUkTFFXWT1ENi5McvJ0nhcWEB/ GJVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233061; x=1733837861; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6rUDM+o1XOazbzWTK0N/5kQXVFTKBoweZtfab8YsYrs=; b=NQqj999JrPM17hM2uv68Q+tTLj9yIA2yTz+4Zk0+kzTttaQriv3vaktPL6yK6ZmYxt qYoyXgBRd538uSDgYa2w3dU/lD6PIK6mVRH8ZzpVMWrexv6tkNfWClxY9MOuv1Z+9S2u Z0AeUwYuriQIWv2z/fe48OdLblsGxJ6/RJGw/GSkgf7v7EhJW3u4P+4QEZfFPPBqkB4h s9NNIstl1NM7vvGJ0hUg0Y0RxJtdMTS8fDP/WizDng9IpgYTekF/Yo23DxlYZYQTgC62 DjZeQzg/WIvQB1Ht9XDn93+uydsSLsiYLVQeHjocDiXP1Ydd7SxID3w+PTaald33DPxz FUDw== X-Gm-Message-State: AOJu0YympZp6QQ/EsWmghF4/H3pwe+0Vr3KR/uiXkgGTJE5yWNzfdCZJ W/sWuA9hOHfLiikhLghX3pmzaewVEpk1wTlmsisxjsQC8sMY5yzjHb9PTreA95EQySplJdn1v9a h X-Gm-Gg: ASbGncvL+K/LhtUbJa5w9iuPYheKtinBiXqDcvjuMDECd1qMldkJMgTYIszT+3IbAM1 GSnu4ZAS2rn5myrU+18M5hbNjGYOiegxygLN6fo2JhSIABloTrtuL+gy+xTZSwVs8lsNyLD542e h0fYwRbQBfzk7SO7HMCnI53i5N63rpkF49LYs4q7usmwybv0RA5wPkM47pxs45Vfw6Gmi+QCw+2 xbYnzCAGnuebHvZCstO0sUhSUwO+FWFcfXIc7s= X-Google-Smtp-Source: AGHT+IGt+zFhUHSDStYE8nQwPM+rmHabKIgHfr6xkP0NKM6kvpOakM7ZGM90VoGAt0/8K42MReu3HA== X-Received: by 2002:a17:902:dac3:b0:215:9bc2:42ef with SMTP id d9443c01a7336-2159bc24490mr124981325ad.1.1733233061345; Tue, 03 Dec 2024 05:37:41 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/16] python3-requests: upgrade 2.32.1 -> 2.32.2 Date: Tue, 3 Dec 2024 05:37:12 -0800 Message-Id: <5b420f3526729809f11b187f48469a7a86d6a93a.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208197 From: Soumya Sambu https://requests.readthedocs.io/en/latest/community/updates/#id2 2.32.2 (2024-05-21) * Deprecations - To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. * A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) https://github.com/psf/requests/compare/v2.32.1...v2.32.2 Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- .../{python3-requests_2.31.0.bb => python3-requests_2.32.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-requests_2.31.0.bb => python3-requests_2.32.0.bb} (84%) diff --git a/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/meta/recipes-devtools/python/python3-requests_2.32.0.bb similarity index 84% rename from meta/recipes-devtools/python/python3-requests_2.31.0.bb rename to meta/recipes-devtools/python/python3-requests_2.32.0.bb index 287b4f8eee..b4df4c5dc7 100644 --- a/meta/recipes-devtools/python/python3-requests_2.31.0.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" -SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1" +SRC_URI[sha256sum] = "fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8" inherit pypi setuptools3 From patchwork Tue Dec 3 13:37:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53523 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CD26E64A98 for ; Tue, 3 Dec 2024 13:37:44 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web10.19387.1733233063444226426 for ; Tue, 03 Dec 2024 05:37:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=mc6TItf8; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-215bb7bb9f9so7020755ad.2 for ; Tue, 03 Dec 2024 05:37:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233063; x=1733837863; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iKpDTxbunK9qDyIquX4Czy7ibw4CRYpG2VNBWyATX78=; b=mc6TItf8XhoNpwaTtmzCtguoojeQSRC/ezN0g5hQz3ABhZ1EQDLITBcXVnlgRBkk+Z o7axi2WqOg58VWsdGK1IXPy2G2c28c0sXGuSilMP781cx3udnHEmkM/qbUSjkXiDRhvb aHVcInJ0mHnduAyMgZyCiF0r71+6Gnh+L8L8+hTAUh6UkfkR9s2zHuKqgho93HSsi8Tz QiomWWQxaXzQiRvpUT9XfSyMMklkFsnaCqUUSHjvkJ+ivdIeckPcN0dSj9zUBp/kxdvj qUcSJjKWxuajZIeQmOZ9O+GcOVwo2RDiJ456oNPoM9RAYA8VhUC7z7aUNBXI3w+ynoOJ PG5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233063; x=1733837863; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iKpDTxbunK9qDyIquX4Czy7ibw4CRYpG2VNBWyATX78=; b=gjXX0USDGCK1SGDm2SpX8jgDeGMs5dAoRQMBdmtEP0PCMNoFvytmtNg1wmVXbqrU8x +tvDg8Ss9W2AhEjsXaqUjVASmoF4yLGm+nT8L1OTq6tqqiF+ylrN+qH9bsBE9CwajzVA Ol1otXt/ic5dLQOk/zJ6Re0ksUQcIB/7zID0u5a8RJNId+4Bs3EWByfSDW8k5OZCGruW VSdlOC30EDZ5XFp6v7mW9Km1rqY4jGcXt5j+H+bsBic7HpMdqR7cjOMNnS2WvM+RnqlX WiDdEJbfepZJg6reVqS96+OcXABUVF7sIiI+1wXQsbPOGgOWt8qIiyrwXLMcd6v8rWMb wJUg== X-Gm-Message-State: AOJu0Yx+F1ZgCTiQG3siX44Gn9TB9Wytm+yAUgBsLtqvqys4IdLMEGYY 1ka+tXtm2pN9zxIdG/uOcuZWHErDNpo5eGMPTMXch/h2S4UX7xY64cin3C2aM3sebtpmR6fGx81 m X-Gm-Gg: ASbGncuBTE+5mpuM2ExlLhvOF6itsttbZWVnY34tsY6YEm4c7GITpfkP1ck39ReBJMN pLWZtPRvqLQf/3n5TDwIbovIUbdbZkkn30K5td69OMcfWgQxl2UovqHCSjxW2eQ51dK1x87w1Ws Am386AcRH4895wOlnPZE40yvEV0uN/bx7uwvokFVxWn61qKXDX3QbtYAMzU4rVO5paD3h+cGgcM MqpomILGtqdJ7XStFHKg7LsWqX/qm7UYd/dTNQ= X-Google-Smtp-Source: AGHT+IEPr/QTcHIN562vtNeZeBu2hUxomMM1+ZgwIh2j1kzgvBYV8pL1+Qo4lbFfmWoVG3Eu1mRSHQ== X-Received: by 2002:a17:902:f542:b0:215:5d8c:7e47 with SMTP id d9443c01a7336-215d00b97c9mr3057145ad.36.1733233062750; Tue, 03 Dec 2024 05:37:42 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:42 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/16] scripts/install-buildtools: Update to 5.0.5 Date: Tue, 3 Dec 2024 05:37:13 -0800 Message-Id: <97841ea6f6d3d8225b4865e389815090f153ee55.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208198 From: Aleksandar Nikolic Update to the 5.0.5 release of the 5.0 series for buildtools. Signed-off-by: Aleksandar Nikolic Signed-off-by: Steve Sakoman --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 92a4c9dfb1..ee6bfb89eb 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-5.0.3' -DEFAULT_INSTALLER_VERSION = '5.0.3' +DEFAULT_RELEASE = 'yocto-5.0.5' +DEFAULT_INSTALLER_VERSION = '5.0.5' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Tue Dec 3 13:37:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53529 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DC2AE64A9E for ; Tue, 3 Dec 2024 13:37:54 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.19389.1733233065073182691 for ; Tue, 03 Dec 2024 05:37:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HkrWm1Am; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-215936688aeso21442725ad.1 for ; Tue, 03 Dec 2024 05:37:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233064; x=1733837864; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=idshIU+mqdZXyoGmUSL2ujZetWH+LowwCcAflE2bnY0=; b=HkrWm1Am0GSgGYEo7Ld1tFHqyLkv+jLwurSQpdzfkssKZZYkP73EC87fa1vZ9WEiI0 lfILHALdQcV137TK5oqHEPbdVobZTxzSeK5SwAoANl14Cy2svBnthCN0iKLBrC6dVWya NY8Jr8vLNrRx2GvaEwH2y3YBn7GQYrCM/tqcSwdVwG+5+14E3uOnapZhGReasvuOJUhP /LNDziS6JfkHZyhV7qwWDu2aqr2DdeyD44izXAOc+oIjxp6ak6Pfm87+nYAquvjtf0Kd mFO6PgpoAD3UZ2QKy/pA1mI2b2GPIS5976NyWwxBWP5xDxoqp1z2LW9ZvT4uFTEfi4bW OLzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233064; x=1733837864; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=idshIU+mqdZXyoGmUSL2ujZetWH+LowwCcAflE2bnY0=; b=Ys8rKqZjhE6c0Rri3/YXap3HHoDfhYuBMJVJFVyjt05sTvwFgKQpMGNIKZUqaz/s0Y ziU6bFkJoC/AFaWi4dPdQw1yN4gcheenFCtJyhb6e7fh2b6RBDQqcdzrMv6VrflW68sg eZxx3HTVEsORC60yM8tFnO1Ci3OhDvubC6541NtrmJa7FO8AZdhSq4CHEYCz2rzY86Fy 76a8vUPra/mIDMZ0Y2S3RZpIE+S5hIlLxX+lejZVBp9QmANY9tTKztBGWX7WMYrkYdZf UV0f+90NE7YLIdhZtpTLaNycuKtjOIdjw3B+hb2mfzQtuVW067sDl+ekoluN+XOvDI65 Mvrw== X-Gm-Message-State: AOJu0Yxt/UkKMbJteVzVwq8qMpFn0XBqpc9TDXL7suG0DH/Ss3Hf4MMa +rnIrhtq6urPgrK0Vl2qXXZku1rqYM9MXTYITXrwIede9LletzjRdOL6plQQ2rXOiVX/h2poWGA A X-Gm-Gg: ASbGncse5yYUOh1Xwi+XHDFtjIyJ3VrscBzW7iHdJ9WpKWJ+PCNQ/XVHVfXr2v2QntL DXPStseyVXX2IpsqaujgpHIa7ZW15iclA1rL+2ZS9n/I8JDvY7IjZyod0205g85b6urEQ5fPuY0 Ztn23yhydoV0jBrIZMySaFfDacNpq1AP6dPoC8UkDtC2E7LK6seqkFJWaw/bGCiXsFI9XKZJ9Wd HHz0aeOYYaLRh+f8An8XrMH+fzYWfCLYk3MMCA= X-Google-Smtp-Source: AGHT+IGNRBAn+a7GBVMW9FVmLFeobqz4LY4ht0ajaEmtrtwyvve7RpVqLvsUwnR977mVAHK3s+Zhnw== X-Received: by 2002:a17:902:f542:b0:215:bb7b:b8a3 with SMTP id d9443c01a7336-215d00763cemr3013765ad.33.1733233064329; Tue, 03 Dec 2024 05:37:44 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/16] glibc: stable 2.39 branch updates Date: Tue, 3 Dec 2024 05:37:14 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208199 From: Deepthi Hemraj Below commits on glibc-2.39 stable branch are updated. dcaf51b41e elf: Change ldconfig auxcache magic number (bug 32231) b3c51635ef Make tst-strtod-underflow type-generic b74be22f65 Add crt1-2.0.o for glibc 2.0 compatibility tests fcdf98f38c Add tests of more strtod special cases 3edc0f22a6 Add more tests of strtod end pointer 988de94538 Make tst-strtod2 and tst-strtod5 type-generic a2f7087237 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145) 6624318c89 Do not set errno for overflowing NaN payload in strtod/nan (bug 32045) 63bcc01744 Improve NaN payload testing 86369c9ee4 Make __strtod_internal tests type-generic a7be595c67 Fix strtod subnormal rounding (bug 30220) 9cfeccf65a More thoroughly test underflow / errno in tst-strtod-round 293e4e3c90 Test errno setting on strtod overflow in tst-strtod-round d8b4fc3653 Add tests of fread 373aab3e52 stdio-common: Add new test for fdopen Testresults: After update |Before update |Difference PASS: 4889 |PASS: 4885 |PASS: +4 FAIL: 229 |FAIL: 229 |FAIL: 0 XPASS: 4 |XPASS: 4 |XPASS: 0 XFAIL: 16 |XFAIL: 16 |XFAIL: 0 UNSUPPORTED: 227|UNSUPPORTED: 227|UNSUPPORTED: 0 Signed-off-by: Deepthi Hemraj Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index dc162b2946..b3b21bd07d 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.39/master" PV = "2.39+git" -SRCREV_glibc ?= "84f6bfce2c37e32b9888321fc3131ffbbe6deeba" +SRCREV_glibc ?= "dcaf51b41e259387602774829c45222d0507f90a" SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" From patchwork Tue Dec 3 13:37:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53531 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A01A1E64AA4 for ; Tue, 3 Dec 2024 13:37:54 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.19589.1733233068567940165 for ; Tue, 03 Dec 2024 05:37:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=t/Q6e0vZ; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2155312884fso38423175ad.0 for ; Tue, 03 Dec 2024 05:37:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233068; x=1733837868; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YCcwLxp9ugiFwG4kq5n85l5yYT63vhWM5VjJFySF15c=; b=t/Q6e0vZLrpwrxWBln3iLCqV/mtM3fihSwqWz8egMmUaaFKao2bOrZYOSgbqQc6zz6 cbHp6AyuUzgatX2DtJTCh5LOdCPkm0L8aF/O5wXRunNLfQS/LnHVusPN1txZRTeud+mt 4V+ra/rsiq3vluchKyGFen/nUYqSfBICTDFzuIbEjUQe6HP5+7sgEoOYz5V33KQOrAsS BmmrIuIbBnhmP9AxGD7dmhvvAsmsm4uyVrewa6WkLJ3dqwPNRAI4CytDHeop+3+fqtX1 CEl8EHtIONhDPyhi+ZAoHzH2jjuelr/VM/1WlxmzKjOpjhm4HH2kkp4XyJ0e9bKFs0y/ joxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233068; x=1733837868; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YCcwLxp9ugiFwG4kq5n85l5yYT63vhWM5VjJFySF15c=; b=oq47Dk6PrOKb6BLVQvkVfP7OzxzpiUQAEA4xYwvXBwbGx1FsWB4s/ehjVSdEynCtKx Ob0ljsDaytPAWJ3W5wgNNzfD/3KBo+9zhQ4pJXjdnjVPKTPSEtUYAz07nKv3dPh2ODcP 1iSJCs1aeH0g8KHai+ehepppFya+8otETV7ESmSDeC6jb04By8L6YQDbxebZrrkF0yQa Agb139/szpwbuX2ka/vVkypaLAJnGYDSdeb+KnoX95D17XC8xmY/U2jj+fb9+UJCUAAw GvDyTKIF2ktyur821YI9O8DwVueSuKh8GVXpWRYCqsxVyLwVcYoWhMWxQtSDKPy/R76r 44HA== X-Gm-Message-State: AOJu0Ywzg2zH6GUWpAx3nCOG16LitKkIMs6PFRyc0WZThoSIS6sXxX/b VYx4UeZa0wMCVbxer5L3rJ8VkfyUdfWrXayfHXMRH2PaGe6pSy2j3WAkn07RY4xijEhiBDWh0H8 3 X-Gm-Gg: ASbGncuSLg5FsT7V1xfuHF7lCdM9vT9VyjF2lDNzuuV44t1fyBR4QNlVHm9bHvzNnXn m7nnjOn0c0v8DjJt/rn77cLAXJIiXu7RXuq9sgKi5YL4Nvg4KsHiFWNMZRl9XLJsz5CLs3sCsuW WRJZtrXounHiLftOIm8D9fJaLuwHOEegqSjUZp+dt8EdrFroAEF3ou4x32bCMo1TyItFiGh46dT vTJWXJK6ezrExXFXWSKKxBnEBUuDnkUB8+8hKM= X-Google-Smtp-Source: AGHT+IFVdnsJ+h9UuZKrGy2gITQNjYzmJsiMstBttW2/50m1djK1978h/VieJXs5dW5qbanyGTE1WA== X-Received: by 2002:a17:902:d2c3:b0:215:50fb:ae4a with SMTP id d9443c01a7336-215bd0ed305mr26601135ad.0.1733233066666; Tue, 03 Dec 2024 05:37:46 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/16] qemu: upgrade 8.2.3 -> 8.2.7 Date: Tue, 3 Dec 2024 05:37:15 -0800 Message-Id: <7983ad282c37f8c1125da5bab96489e5d0039948.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208200 From: Yogita Urade This includes fix for: CVE-2024-4693, CVE-2024-6505 and CVE-2024-7730 General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2 Droped: 0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch 0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch 0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch CVE-2024-4467 and CVE-2024-7409 since already contained the fix. Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- ...u-native_8.2.3.bb => qemu-native_8.2.7.bb} | 0 ...e_8.2.3.bb => qemu-system-native_8.2.7.bb} | 0 meta/recipes-devtools/qemu/qemu.inc | 14 +- ...kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch | 75 -- ...kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch | 73 - ...cv-kvm-change-timer-regs-size-to-u64.patch | 107 -- .../qemu/qemu/CVE-2024-4467-0001.patch | 112 -- .../qemu/qemu/CVE-2024-4467-0002.patch | 55 - .../qemu/qemu/CVE-2024-4467-0003.patch | 57 - .../qemu/qemu/CVE-2024-4467-0004.patch | 1187 ----------------- .../qemu/qemu/CVE-2024-4467-0005.patch | 239 ---- .../qemu/qemu/CVE-2024-7409-0001.patch | 167 --- .../qemu/qemu/CVE-2024-7409-0002.patch | 175 --- .../qemu/qemu/CVE-2024-7409-0003.patch | 126 -- .../qemu/qemu/CVE-2024-7409-0004.patch | 164 --- .../qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} | 0 16 files changed, 1 insertion(+), 2550 deletions(-) rename meta/recipes-devtools/qemu/{qemu-native_8.2.3.bb => qemu-native_8.2.7.bb} (100%) rename meta/recipes-devtools/qemu/{qemu-system-native_8.2.3.bb => qemu-system-native_8.2.7.bb} (100%) delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch rename meta/recipes-devtools/qemu/{qemu_8.2.3.bb => qemu_8.2.7.bb} (100%) diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.7.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-native_8.2.3.bb rename to meta/recipes-devtools/qemu/qemu-native_8.2.7.bb diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb rename to meta/recipes-devtools/qemu/qemu-system-native_8.2.7.bb diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index e9f63b9eaf..40ee267a42 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -40,18 +40,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ - file://CVE-2024-4467-0001.patch \ - file://CVE-2024-4467-0002.patch \ - file://CVE-2024-4467-0003.patch \ - file://CVE-2024-4467-0004.patch \ - file://CVE-2024-4467-0005.patch \ - file://CVE-2024-7409-0001.patch \ - file://CVE-2024-7409-0002.patch \ - file://CVE-2024-7409-0003.patch \ - file://CVE-2024-7409-0004.patch \ - file://0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch \ - file://0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch \ - file://0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" @@ -68,7 +56,7 @@ SRC_URI:append:class-native = " \ file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ " -SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964" +SRC_URI[sha256sum] = "1f0604f296ab9acb4854c054764a1ba408643fc299bd54a6500cccfaaca65b55" CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch b/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch deleted file mode 100644 index 39a6a85162..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch +++ /dev/null @@ -1,75 +0,0 @@ -From bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9 Mon Sep 17 00:00:00 2001 -From: Daniel Henrique Barboza -Date: Fri, 8 Dec 2023 15:38:31 -0300 -Subject: [PATCH 1/3] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32 - -KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using -kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when -running with TARGET_RISCV64. The most likely reason why no one noticed -this is because we're not implementing kvm_cpu_synchronize_state() in -RISC-V yet. - -Create a new helper that returns a KVM ID with u32 size and use it in -RISCV_FP_F_REG(). - -Reported-by: Andrew Jones -Signed-off-by: Daniel Henrique Barboza -Reviewed-by: Andrew Jones -Message-ID: <20231208183835.2411523-2-dbarboza@ventanamicro.com> -Signed-off-by: Alistair Francis -(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838) -Signed-off-by: Michael Tokarev - -Upstream-Status: Backport [bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9] - -Signed-off-by: Chen Qi ---- - target/riscv/kvm/kvm-cpu.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c -index c1675158fe..2eef2be86a 100644 ---- a/target/riscv/kvm/kvm-cpu.c -+++ b/target/riscv/kvm/kvm-cpu.c -@@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type, - return id; - } - -+static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) -+{ -+ return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx; -+} -+ - #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \ - KVM_REG_RISCV_CORE_REG(name)) - -@@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type, - #define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \ - KVM_REG_RISCV_TIMER_REG(name)) - --#define RISCV_FP_F_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, idx) -+#define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) - - #define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx) - -@@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs) - if (riscv_has_ext(env, RVF)) { - uint32_t reg; - for (i = 0; i < 32; i++) { -- ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), ®); -+ ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), ®); - if (ret) { - return ret; - } -@@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs) - uint32_t reg; - for (i = 0; i < 32; i++) { - reg = env->fpr[i]; -- ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), ®); -+ ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), ®); - if (ret) { - return ret; - } --- -2.25.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch deleted file mode 100644 index 9480d3e0b5..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 125b95d79e746cbab6b72683b3382dd372e38c61 Mon Sep 17 00:00:00 2001 -From: Daniel Henrique Barboza -Date: Fri, 8 Dec 2023 15:38:32 -0300 -Subject: [PATCH 2/3] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64 - -KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in -RISCV_FP_D_REG() ends up encoding the wrong size if we're running with -TARGET_RISCV32. - -Create a new helper that returns a KVM ID with u64 size and use it with -RISCV_FP_D_REG(). - -Reported-by: Andrew Jones -Signed-off-by: Daniel Henrique Barboza -Reviewed-by: Andrew Jones -Message-ID: <20231208183835.2411523-3-dbarboza@ventanamicro.com> -Signed-off-by: Alistair Francis -(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084) -Signed-off-by: Michael Tokarev - -Upstream-Status: Backport [125b95d79e746cbab6b72683b3382dd372e38c61] - -Signed-off-by: Chen Qi ---- - target/riscv/kvm/kvm-cpu.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c -index 2eef2be86a..82ed4455a5 100644 ---- a/target/riscv/kvm/kvm-cpu.c -+++ b/target/riscv/kvm/kvm-cpu.c -@@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) - return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx; - } - -+static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) -+{ -+ return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx; -+} -+ - #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \ - KVM_REG_RISCV_CORE_REG(name)) - -@@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) - - #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) - --#define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx) -+#define RISCV_FP_D_REG(idx) kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx) - - #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \ - do { \ -@@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs) - if (riscv_has_ext(env, RVD)) { - uint64_t reg; - for (i = 0; i < 32; i++) { -- ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), ®); -+ ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), ®); - if (ret) { - return ret; - } -@@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs) - uint64_t reg; - for (i = 0; i < 32; i++) { - reg = env->fpr[i]; -- ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), ®); -+ ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), ®); - if (ret) { - return ret; - } --- -2.25.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch deleted file mode 100644 index 1ea1bcfe70..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch +++ /dev/null @@ -1,107 +0,0 @@ -From cbae1080988e0f1af0fb4c816205f7647f6de16f Mon Sep 17 00:00:00 2001 -From: Daniel Henrique Barboza -Date: Fri, 8 Dec 2023 15:38:33 -0300 -Subject: [PATCH 3/3] target/riscv/kvm: change timer regs size to u64 - -KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at -this moment we'll return u32 regs if we're running a RISCV32 target. - -Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it. - -Reported-by: Andrew Jones -Signed-off-by: Daniel Henrique Barboza -Reviewed-by: Andrew Jones -Message-ID: <20231208183835.2411523-4-dbarboza@ventanamicro.com> -Signed-off-by: Alistair Francis -(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529) -Signed-off-by: Michael Tokarev - -Upstream-Status: Backport [cbae1080988e0f1af0fb4c816205f7647f6de16f] - -Signed-off-by: Chen Qi ---- - target/riscv/kvm/kvm-cpu.c | 26 +++++++++++++------------- - 1 file changed, 13 insertions(+), 13 deletions(-) - -diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c -index 82ed4455a5..ddbe820e10 100644 ---- a/target/riscv/kvm/kvm-cpu.c -+++ b/target/riscv/kvm/kvm-cpu.c -@@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) - #define RISCV_CSR_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \ - KVM_REG_RISCV_CSR_REG(name)) - --#define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \ -+#define RISCV_TIMER_REG(name) kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \ - KVM_REG_RISCV_TIMER_REG(name)) - - #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) -@@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) - } \ - } while (0) - --#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \ -+#define KVM_RISCV_GET_TIMER(cs, name, reg) \ - do { \ -- int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \ -+ int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), ®); \ - if (ret) { \ - abort(); \ - } \ - } while (0) - --#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \ -+#define KVM_RISCV_SET_TIMER(cs, name, reg) \ - do { \ -- int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \ -+ int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), ®); \ - if (ret) { \ - abort(); \ - } \ -@@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs) - return; - } - -- KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time); -- KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare); -- KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state); -- KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency); -+ KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time); -+ KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare); -+ KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state); -+ KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency); - - env->kvm_timer_dirty = true; - } -@@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) - return; - } - -- KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time); -- KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare); -+ KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time); -+ KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare); - - /* - * To set register of RISCV_TIMER_REG(state) will occur a error from KVM -@@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) - * TODO If KVM changes, adapt here. - */ - if (env->kvm_timer_state) { -- KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state); -+ KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state); - } - - /* -@@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) - * during the migration. - */ - if (migration_is_running(migrate_get_current()->state)) { -- KVM_RISCV_GET_TIMER(cs, env, frequency, reg); -+ KVM_RISCV_GET_TIMER(cs, frequency, reg); - if (reg != env->kvm_timer_frequency) { - error_report("Dst Hosts timer frequency != Src Hosts"); - } --- -2.25.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch deleted file mode 100644 index dbcc71bb4e..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch +++ /dev/null @@ -1,112 +0,0 @@ -From bd385a5298d7062668e804d73944d52aec9549f1 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Fri, 16 Aug 2024 08:29:04 +0000 -Subject: [PATCH] qcow2: Don't open data_file with BDRV_O_NO_IO - -One use case for 'qemu-img info' is verifying that untrusted images -don't reference an unwanted external file, be it as a backing file or an -external data file. To make sure that calling 'qemu-img info' can't -already have undesired side effects with a malicious image, just don't -open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do -I/O, we don't need to have it open. - -This changes the output of iotests case 061, which used 'qemu-img info' -to show that opening an image with an invalid data file fails. After -this patch, it succeeds. Replace this part of the test with a qemu-io -call, but keep the final 'qemu-img info' to show that the invalid data -file is correctly displayed in the output. - -Fixes: CVE-2024-4467 -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Hanna Czenczek - -CVE: CVE-2024-4667 -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1] - -Signed-off-by: Yogita Urade ---- - block/qcow2.c | 17 ++++++++++++++++- - tests/qemu-iotests/061 | 6 ++++-- - tests/qemu-iotests/061.out | 8 ++++++-- - 3 files changed, 26 insertions(+), 5 deletions(-) - -diff --git a/block/qcow2.c b/block/qcow2.c -index 13e032bd5..7af7c0bee 100644 ---- a/block/qcow2.c -+++ b/block/qcow2.c -@@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags, - goto fail; - } - -- if (open_data_file) { -+ if (open_data_file && (flags & BDRV_O_NO_IO)) { -+ /* -+ * Don't open the data file for 'qemu-img info' so that it can be used -+ * to verify that an untrusted qcow2 image doesn't refer to external -+ * files. -+ * -+ * Note: This still makes has_data_file() return true. -+ */ -+ if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) { -+ s->data_file = NULL; -+ } else { -+ s->data_file = bs->file; -+ } -+ qdict_extract_subqdict(options, NULL, "data-file."); -+ qdict_del(options, "data-file"); -+ } else if (open_data_file) { - /* Open external data file */ - bdrv_graph_co_rdunlock(); - s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs, -diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061 -index 53c7d428e..b71ac097d 100755 ---- a/tests/qemu-iotests/061 -+++ b/tests/qemu-iotests/061 -@@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG" - echo - _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M - $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG" --_img_info --format-specific -+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt -+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io - TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts - - echo - $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" --_img_info --format-specific -+$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt -+$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io - TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts - - echo -diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out -index 139fc6817..24c33add7 100644 ---- a/tests/qemu-iotests/061.out -+++ b/tests/qemu-iotests/061.out -@@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 - qemu-img: data-file can only be set for images that use an external data file - - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data --qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory -+qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory -+read 4096/4096 bytes at offset 0 -+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - image: TEST_DIR/t.IMGFMT - file format: IMGFMT - virtual size: 64 MiB (67108864 bytes) -@@ -560,7 +562,9 @@ Format specific information: - corrupt: false - extended l2: false - --qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image -+qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image -+read 4096/4096 bytes at offset 0 -+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - image: TEST_DIR/t.IMGFMT - file format: IMGFMT - virtual size: 64 MiB (67108864 bytes) --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch deleted file mode 100644 index 686176189c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 2eb42a728d27a43fdcad5f37d3f65706ce6deba5 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Fri, 16 Aug 2024 09:35:24 +0000 -Subject: [PATCH] iotests/244: Don't store data-file with protocol in image - -We want to disable filename parsing for data files because it's too easy -to abuse in malicious image files. Make the test ready for the change by -passing the data file explicitly in command line options. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Hanna Czenczek - -CVE: CVE-2024-4467 -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5] - -Signed-off-by: Yogita Urade ---- - tests/qemu-iotests/244 | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244 -index 3e61fa25b..bb9cc6512 100755 ---- a/tests/qemu-iotests/244 -+++ b/tests/qemu-iotests/244 -@@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" - $QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" - - # blkdebug doesn't support copy offloading, so this tests the error path --$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG" --$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" --$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" -+test_img_with_blkdebug="json:{ -+ 'driver': 'qcow2', -+ 'file': { -+ 'driver': 'file', -+ 'filename': '$TEST_IMG' -+ }, -+ 'data-file': { -+ 'driver': 'blkdebug', -+ 'image': { -+ 'driver': 'file', -+ 'filename': '$TEST_IMG.data' -+ } -+ } -+}" -+$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug" -+$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug" - - echo - echo "=== Flushing should flush the data file ===" --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch deleted file mode 100644 index 02611d6732..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 7e1110664ecbc4826f3c978ccb06b6c1bce823e6 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Fri, 16 Aug 2024 10:24:58 +0000 -Subject: [PATCH] iotests/270: Don't store data-file with json: prefix in image - -We want to disable filename parsing for data files because it's too easy -to abuse in malicious image files. Make the test ready for the change by -passing the data file explicitly in command line options. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Eric Blake -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Hanna Czenczek - -CVE: CVE-2024-4467 -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6] - -Signed-off-by: Yogita Urade ---- - tests/qemu-iotests/270 | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270 -index 74352342d..c37b674aa 100755 ---- a/tests/qemu-iotests/270 -+++ b/tests/qemu-iotests/270 -@@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \ - # "write" 2G of data without using any space. - # (qemu-img create does not like it, though, because null-co does not - # support image creation.) --$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \ -- "$TEST_IMG" -+test_img_with_null_data="json:{ -+ 'driver': '$IMGFMT', -+ 'file': { -+ 'filename': '$TEST_IMG' -+ }, -+ 'data-file': { -+ 'driver': 'null-co', -+ 'size':'4294967296' -+ } -+}" - - # This gives us a range of: - # 2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31 -@@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \ - # on L2 boundaries, we need large L2 tables; hence the cluster size of - # 2 MB. (Anything from 256 kB should work, though, because then one L2 - # table covers 8 GB.) --$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io -+$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io - - _check_test_img - --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch deleted file mode 100644 index 7568a453c4..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch +++ /dev/null @@ -1,1187 +0,0 @@ -From 6bc30f19498547fac9cef98316a65cf6c1f14205 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi -Date: Tue, 5 Dec 2023 13:20:02 -0500 -Subject: [PATCH] graph-lock: remove AioContext locking - -Stop acquiring/releasing the AioContext lock in -bdrv_graph_wrlock()/bdrv_graph_unlock() since the lock no longer has any -effect. - -The distinction between bdrv_graph_wrunlock() and -bdrv_graph_wrunlock_ctx() becomes meaningless and they can be collapsed -into one function. - -Signed-off-by: Stefan Hajnoczi -Reviewed-by: Eric Blake -Reviewed-by: Kevin Wolf -Message-ID: <20231205182011.1976568-6-stefanha@redhat.com> -Signed-off-by: Kevin Wolf - -CVE: CVE-2024-4467 -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205] - -Signed-off-by: Yogita Urade ---- - block.c | 50 +++++++++++++++--------------- - block/backup.c | 4 +-- - block/blklogwrites.c | 8 ++--- - block/blkverify.c | 4 +-- - block/block-backend.c | 11 +++---- - block/commit.c | 16 +++++----- - block/graph-lock.c | 44 ++------------------------ - block/mirror.c | 22 ++++++------- - block/qcow2.c | 4 +-- - block/quorum.c | 8 ++--- - block/replication.c | 14 ++++----- - block/snapshot.c | 4 +-- - block/stream.c | 12 +++---- - block/vmdk.c | 20 ++++++------ - blockdev.c | 8 ++--- - blockjob.c | 12 +++---- - include/block/graph-lock.h | 21 ++----------- - scripts/block-coroutine-wrapper.py | 4 +-- - tests/unit/test-bdrv-drain.c | 40 ++++++++++++------------ - tests/unit/test-bdrv-graph-mod.c | 20 ++++++------ - 20 files changed, 133 insertions(+), 193 deletions(-) - -diff --git a/block.c b/block.c -index bfb0861ec..25e1ebc60 100644 ---- a/block.c -+++ b/block.c -@@ -1708,12 +1708,12 @@ bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, const char *node_name, - open_failed: - bs->drv = NULL; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - if (bs->file != NULL) { - bdrv_unref_child(bs, bs->file); - assert(!bs->file); - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - g_free(bs->opaque); - bs->opaque = NULL; -@@ -3575,9 +3575,9 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd, - - bdrv_ref(drain_bs); - bdrv_drained_begin(drain_bs); -- bdrv_graph_wrlock(backing_hd); -+ bdrv_graph_wrlock(); - ret = bdrv_set_backing_hd_drained(bs, backing_hd, errp); -- bdrv_graph_wrunlock(backing_hd); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(drain_bs); - bdrv_unref(drain_bs); - -@@ -3790,13 +3790,13 @@ BdrvChild *bdrv_open_child(const char *filename, - return NULL; - } - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - ctx = bdrv_get_aio_context(bs); - aio_context_acquire(ctx); - child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, - errp); - aio_context_release(ctx); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - return child; - } -@@ -4650,9 +4650,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) - aio_context_release(ctx); - } - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - tran_commit(tran); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) { - BlockDriverState *bs = bs_entry->state.bs; -@@ -4669,9 +4669,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) - goto cleanup; - - abort: -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - tran_abort(tran); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) { - if (bs_entry->prepared) { -@@ -4852,12 +4852,12 @@ bdrv_reopen_parse_file_or_backing(BDRVReopenState *reopen_state, - } - - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(new_child_bs); -+ bdrv_graph_wrlock(); - - ret = bdrv_set_file_or_backing_noperm(bs, new_child_bs, is_backing, - tran, errp); - -- bdrv_graph_wrunlock_ctx(ctx); -+ bdrv_graph_wrunlock(); - - if (old_ctx != ctx) { - aio_context_release(ctx); -@@ -5209,14 +5209,14 @@ static void bdrv_close(BlockDriverState *bs) - bs->drv = NULL; - } - -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - QLIST_FOREACH_SAFE(child, &bs->children, next, next) { - bdrv_unref_child(bs, child); - } - - assert(!bs->backing); - assert(!bs->file); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - - g_free(bs->opaque); - bs->opaque = NULL; -@@ -5509,9 +5509,9 @@ int bdrv_drop_filter(BlockDriverState *bs, Error **errp) - bdrv_graph_rdunlock_main_loop(); - - bdrv_drained_begin(child_bs); -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - ret = bdrv_replace_node_common(bs, child_bs, true, true, errp); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(child_bs); - - return ret; -@@ -5561,7 +5561,7 @@ int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top, - aio_context_acquire(old_context); - new_context = NULL; - -- bdrv_graph_wrlock(bs_top); -+ bdrv_graph_wrlock(); - - child = bdrv_attach_child_noperm(bs_new, bs_top, "backing", - &child_of_bds, bdrv_backing_role(bs_new), -@@ -5593,7 +5593,7 @@ out: - tran_finalize(tran, ret); - - bdrv_refresh_limits(bs_top, NULL, NULL); -- bdrv_graph_wrunlock(bs_top); -+ bdrv_graph_wrunlock(); - - bdrv_drained_end(bs_top); - bdrv_drained_end(bs_new); -@@ -5620,7 +5620,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs, - bdrv_ref(old_bs); - bdrv_drained_begin(old_bs); - bdrv_drained_begin(new_bs); -- bdrv_graph_wrlock(new_bs); -+ bdrv_graph_wrlock(); - - bdrv_replace_child_tran(child, new_bs, tran); - -@@ -5631,7 +5631,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs, - - tran_finalize(tran, ret); - -- bdrv_graph_wrunlock(new_bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(old_bs); - bdrv_drained_end(new_bs); - bdrv_unref(old_bs); -@@ -5718,9 +5718,9 @@ BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict *options, - bdrv_ref(bs); - bdrv_drained_begin(bs); - bdrv_drained_begin(new_node_bs); -- bdrv_graph_wrlock(new_node_bs); -+ bdrv_graph_wrlock(); - ret = bdrv_replace_node(bs, new_node_bs, errp); -- bdrv_graph_wrunlock(new_node_bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(new_node_bs); - bdrv_drained_end(bs); - bdrv_unref(bs); -@@ -5975,7 +5975,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, - - bdrv_ref(top); - bdrv_drained_begin(base); -- bdrv_graph_wrlock(base); -+ bdrv_graph_wrlock(); - - if (!top->drv || !base->drv) { - goto exit_wrlock; -@@ -6015,7 +6015,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, - * That's a FIXME. - */ - bdrv_replace_node_common(top, base, false, false, &local_err); -- bdrv_graph_wrunlock(base); -+ bdrv_graph_wrunlock(); - - if (local_err) { - error_report_err(local_err); -@@ -6052,7 +6052,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, - goto exit; - - exit_wrlock: -- bdrv_graph_wrunlock(base); -+ bdrv_graph_wrunlock(); - exit: - bdrv_drained_end(base); - bdrv_unref(top); -diff --git a/block/backup.c b/block/backup.c -index 8aae5836d..ec29d6b81 100644 ---- a/block/backup.c -+++ b/block/backup.c -@@ -496,10 +496,10 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, - block_copy_set_speed(bcs, speed); - - /* Required permissions are taken by copy-before-write filter target */ -- bdrv_graph_wrlock(target); -+ bdrv_graph_wrlock(); - block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, - &error_abort); -- bdrv_graph_wrunlock(target); -+ bdrv_graph_wrunlock(); - - return &job->common; - -diff --git a/block/blklogwrites.c b/block/blklogwrites.c -index 84e03f309..ba717dab4 100644 ---- a/block/blklogwrites.c -+++ b/block/blklogwrites.c -@@ -251,9 +251,9 @@ static int blk_log_writes_open(BlockDriverState *bs, QDict *options, int flags, - ret = 0; - fail_log: - if (ret < 0) { -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, s->log_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - s->log_file = NULL; - } - fail: -@@ -265,10 +265,10 @@ static void blk_log_writes_close(BlockDriverState *bs) - { - BDRVBlkLogWritesState *s = bs->opaque; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, s->log_file); - s->log_file = NULL; -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - } - - static int64_t coroutine_fn GRAPH_RDLOCK -diff --git a/block/blkverify.c b/block/blkverify.c -index 9b17c4664..ec45d8335 100644 ---- a/block/blkverify.c -+++ b/block/blkverify.c -@@ -151,10 +151,10 @@ static void blkverify_close(BlockDriverState *bs) - { - BDRVBlkverifyState *s = bs->opaque; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, s->test_file); - s->test_file = NULL; -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - } - - static int64_t coroutine_fn GRAPH_RDLOCK -diff --git a/block/block-backend.c b/block/block-backend.c -index 86315d62c..a2348b31e 100644 ---- a/block/block-backend.c -+++ b/block/block-backend.c -@@ -885,7 +885,6 @@ void blk_remove_bs(BlockBackend *blk) - { - ThrottleGroupMember *tgm = &blk->public.throttle_group_member; - BdrvChild *root; -- AioContext *ctx; - - GLOBAL_STATE_CODE(); - -@@ -915,10 +914,9 @@ void blk_remove_bs(BlockBackend *blk) - root = blk->root; - blk->root = NULL; - -- ctx = bdrv_get_aio_context(root->bs); -- bdrv_graph_wrlock(root->bs); -+ bdrv_graph_wrlock(); - bdrv_root_unref_child(root); -- bdrv_graph_wrunlock_ctx(ctx); -+ bdrv_graph_wrunlock(); - } - - /* -@@ -929,16 +927,15 @@ void blk_remove_bs(BlockBackend *blk) - int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp) - { - ThrottleGroupMember *tgm = &blk->public.throttle_group_member; -- AioContext *ctx = bdrv_get_aio_context(bs); - - GLOBAL_STATE_CODE(); - bdrv_ref(bs); -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - blk->root = bdrv_root_attach_child(bs, "root", &child_root, - BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, - blk->perm, blk->shared_perm, - blk, errp); -- bdrv_graph_wrunlock_ctx(ctx); -+ bdrv_graph_wrunlock(); - if (blk->root == NULL) { - return -EPERM; - } -diff --git a/block/commit.c b/block/commit.c -index 69cc75be0..1dd7a65ff 100644 ---- a/block/commit.c -+++ b/block/commit.c -@@ -100,9 +100,9 @@ static void commit_abort(Job *job) - bdrv_graph_rdunlock_main_loop(); - - bdrv_drained_begin(commit_top_backing_bs); -- bdrv_graph_wrlock(commit_top_backing_bs); -+ bdrv_graph_wrlock(); - bdrv_replace_node(s->commit_top_bs, commit_top_backing_bs, &error_abort); -- bdrv_graph_wrunlock(commit_top_backing_bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(commit_top_backing_bs); - - bdrv_unref(s->commit_top_bs); -@@ -339,7 +339,7 @@ void commit_start(const char *job_id, BlockDriverState *bs, - * this is the responsibility of the interface (i.e. whoever calls - * commit_start()). - */ -- bdrv_graph_wrlock(top); -+ bdrv_graph_wrlock(); - s->base_overlay = bdrv_find_overlay(top, base); - assert(s->base_overlay); - -@@ -370,19 +370,19 @@ void commit_start(const char *job_id, BlockDriverState *bs, - ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, - iter_shared_perms, errp); - if (ret < 0) { -- bdrv_graph_wrunlock(top); -+ bdrv_graph_wrunlock(); - goto fail; - } - } - - if (bdrv_freeze_backing_chain(commit_top_bs, base, errp) < 0) { -- bdrv_graph_wrunlock(top); -+ bdrv_graph_wrunlock(); - goto fail; - } - s->chain_frozen = true; - - ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp); -- bdrv_graph_wrunlock(top); -+ bdrv_graph_wrunlock(); - - if (ret < 0) { - goto fail; -@@ -434,9 +434,9 @@ fail: - * otherwise this would fail because of lack of permissions. */ - if (commit_top_bs) { - bdrv_drained_begin(top); -- bdrv_graph_wrlock(top); -+ bdrv_graph_wrlock(); - bdrv_replace_node(commit_top_bs, top, &error_abort); -- bdrv_graph_wrunlock(top); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(top); - } - } -diff --git a/block/graph-lock.c b/block/graph-lock.c -index 079e878d9..c81162b14 100644 ---- a/block/graph-lock.c -+++ b/block/graph-lock.c -@@ -106,27 +106,12 @@ static uint32_t reader_count(void) - return rd; - } - --void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs) -+void no_coroutine_fn bdrv_graph_wrlock(void) - { -- AioContext *ctx = NULL; -- - GLOBAL_STATE_CODE(); - assert(!qatomic_read(&has_writer)); - assert(!qemu_in_coroutine()); - -- /* -- * Release only non-mainloop AioContext. The mainloop often relies on the -- * BQL and doesn't lock the main AioContext before doing things. -- */ -- if (bs) { -- ctx = bdrv_get_aio_context(bs); -- if (ctx != qemu_get_aio_context()) { -- aio_context_release(ctx); -- } else { -- ctx = NULL; -- } -- } -- - /* Make sure that constantly arriving new I/O doesn't cause starvation */ - bdrv_drain_all_begin_nopoll(); - -@@ -155,27 +140,13 @@ void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs) - } while (reader_count() >= 1); - - bdrv_drain_all_end(); -- -- if (ctx) { -- aio_context_acquire(bdrv_get_aio_context(bs)); -- } - } - --void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx) -+void no_coroutine_fn bdrv_graph_wrunlock(void) - { - GLOBAL_STATE_CODE(); - assert(qatomic_read(&has_writer)); - -- /* -- * Release only non-mainloop AioContext. The mainloop often relies on the -- * BQL and doesn't lock the main AioContext before doing things. -- */ -- if (ctx && ctx != qemu_get_aio_context()) { -- aio_context_release(ctx); -- } else { -- ctx = NULL; -- } -- - WITH_QEMU_LOCK_GUARD(&aio_context_list_lock) { - /* - * No need for memory barriers, this works in pair with -@@ -197,17 +168,6 @@ void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx) - * progress. - */ - aio_bh_poll(qemu_get_aio_context()); -- -- if (ctx) { -- aio_context_acquire(ctx); -- } --} -- --void no_coroutine_fn bdrv_graph_wrunlock(BlockDriverState *bs) --{ -- AioContext *ctx = bs ? bdrv_get_aio_context(bs) : NULL; -- -- bdrv_graph_wrunlock_ctx(ctx); - } - - void coroutine_fn bdrv_graph_co_rdlock(void) -diff --git a/block/mirror.c b/block/mirror.c -index abbddb39e..f9db6f0f7 100644 ---- a/block/mirror.c -+++ b/block/mirror.c -@@ -768,7 +768,7 @@ static int mirror_exit_common(Job *job) - * check for an op blocker on @to_replace, and we have our own - * there. - */ -- bdrv_graph_wrlock(target_bs); -+ bdrv_graph_wrlock(); - if (bdrv_recurse_can_replace(src, to_replace)) { - bdrv_replace_node(to_replace, target_bs, &local_err); - } else { -@@ -777,7 +777,7 @@ static int mirror_exit_common(Job *job) - "would not lead to an abrupt change of visible data", - to_replace->node_name, target_bs->node_name); - } -- bdrv_graph_wrunlock(target_bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(to_replace); - if (local_err) { - error_report_err(local_err); -@@ -800,9 +800,9 @@ static int mirror_exit_common(Job *job) - * valid. - */ - block_job_remove_all_bdrv(bjob); -- bdrv_graph_wrlock(mirror_top_bs); -+ bdrv_graph_wrlock(); - bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort); -- bdrv_graph_wrunlock(mirror_top_bs); -+ bdrv_graph_wrunlock(); - - bdrv_drained_end(target_bs); - bdrv_unref(target_bs); -@@ -1916,13 +1916,13 @@ static BlockJob *mirror_start_job( - */ - bdrv_disable_dirty_bitmap(s->dirty_bitmap); - -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - ret = block_job_add_bdrv(&s->common, "source", bs, 0, - BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE | - BLK_PERM_CONSISTENT_READ, - errp); - if (ret < 0) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - goto fail; - } - -@@ -1967,17 +1967,17 @@ static BlockJob *mirror_start_job( - ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, - iter_shared_perms, errp); - if (ret < 0) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - goto fail; - } - } - - if (bdrv_freeze_backing_chain(mirror_top_bs, target, errp) < 0) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - goto fail; - } - } -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - - QTAILQ_INIT(&s->ops_in_flight); - -@@ -2003,12 +2003,12 @@ fail: - - bs_opaque->stop = true; - bdrv_drained_begin(bs); -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - assert(mirror_top_bs->backing->bs == bs); - bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing, - &error_abort); - bdrv_replace_node(mirror_top_bs, bs, &error_abort); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(bs); - - bdrv_unref(mirror_top_bs); -diff --git a/block/qcow2.c b/block/qcow2.c -index 7af7c0bee..77dd49d4f 100644 ---- a/block/qcow2.c -+++ b/block/qcow2.c -@@ -2822,9 +2822,9 @@ qcow2_do_close(BlockDriverState *bs, bool close_data_file) - if (close_data_file && has_data_file(bs)) { - GLOBAL_STATE_CODE(); - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, s->data_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - s->data_file = NULL; - bdrv_graph_rdlock_main_loop(); - } -diff --git a/block/quorum.c b/block/quorum.c -index 505b8b3e1..db8fe891c 100644 ---- a/block/quorum.c -+++ b/block/quorum.c -@@ -1037,14 +1037,14 @@ static int quorum_open(BlockDriverState *bs, QDict *options, int flags, - - close_exit: - /* cleanup on error */ -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - for (i = 0; i < s->num_children; i++) { - if (!opened[i]) { - continue; - } - bdrv_unref_child(bs, s->children[i]); - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - g_free(s->children); - g_free(opened); - exit: -@@ -1057,11 +1057,11 @@ static void quorum_close(BlockDriverState *bs) - BDRVQuorumState *s = bs->opaque; - int i; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - for (i = 0; i < s->num_children; i++) { - bdrv_unref_child(bs, s->children[i]); - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - g_free(s->children); - } -diff --git a/block/replication.c b/block/replication.c -index 5ded5f1ca..424b537ff 100644 ---- a/block/replication.c -+++ b/block/replication.c -@@ -560,7 +560,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - return; - } - -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - - bdrv_ref(hidden_disk->bs); - s->hidden_disk = bdrv_attach_child(bs, hidden_disk->bs, "hidden disk", -@@ -568,7 +568,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - &local_err); - if (local_err) { - error_propagate(errp, local_err); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - aio_context_release(aio_context); - return; - } -@@ -579,7 +579,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - BDRV_CHILD_DATA, &local_err); - if (local_err) { - error_propagate(errp, local_err); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - aio_context_release(aio_context); - return; - } -@@ -592,7 +592,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - if (!top_bs || !bdrv_is_root_node(top_bs) || - !check_top_bs(top_bs, bs)) { - error_setg(errp, "No top_bs or it is invalid"); -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - reopen_backing_file(bs, false, NULL); - aio_context_release(aio_context); - return; -@@ -600,7 +600,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, - bdrv_op_block_all(top_bs, s->blocker); - bdrv_op_unblock(top_bs, BLOCK_OP_TYPE_DATAPLANE, s->blocker); - -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - - s->backup_job = backup_job_create( - NULL, s->secondary_disk->bs, s->hidden_disk->bs, -@@ -691,12 +691,12 @@ static void replication_done(void *opaque, int ret) - if (ret == 0) { - s->stage = BLOCK_REPLICATION_DONE; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, s->secondary_disk); - s->secondary_disk = NULL; - bdrv_unref_child(bs, s->hidden_disk); - s->hidden_disk = NULL; -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - s->error = 0; - } else { -diff --git a/block/snapshot.c b/block/snapshot.c -index c4d40e80d..6fd720aef 100644 ---- a/block/snapshot.c -+++ b/block/snapshot.c -@@ -292,9 +292,9 @@ int bdrv_snapshot_goto(BlockDriverState *bs, - } - - /* .bdrv_open() will re-attach it */ -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, fallback); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - ret = bdrv_snapshot_goto(fallback_bs, snapshot_id, errp); - open_ret = drv->bdrv_open(bs, options, bs->open_flags, &local_err); -diff --git a/block/stream.c b/block/stream.c -index 01fe7c0f1..048c2d282 100644 ---- a/block/stream.c -+++ b/block/stream.c -@@ -99,9 +99,9 @@ static int stream_prepare(Job *job) - } - } - -- bdrv_graph_wrlock(s->target_bs); -+ bdrv_graph_wrlock(); - bdrv_set_backing_hd_drained(unfiltered_bs, base, &local_err); -- bdrv_graph_wrunlock(s->target_bs); -+ bdrv_graph_wrunlock(); - - /* - * This call will do I/O, so the graph can change again from here on. -@@ -366,10 +366,10 @@ void stream_start(const char *job_id, BlockDriverState *bs, - * already have our own plans. Also don't allow resize as the image size is - * queried only at the job start and then cached. - */ -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - if (block_job_add_bdrv(&s->common, "active node", bs, 0, - basic_flags | BLK_PERM_WRITE, errp)) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - goto fail; - } - -@@ -389,11 +389,11 @@ void stream_start(const char *job_id, BlockDriverState *bs, - ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, - basic_flags, errp); - if (ret < 0) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - goto fail; - } - } -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - - s->base_overlay = base_overlay; - s->above_base = above_base; -diff --git a/block/vmdk.c b/block/vmdk.c -index d6971c706..bf78e1238 100644 ---- a/block/vmdk.c -+++ b/block/vmdk.c -@@ -272,7 +272,7 @@ static void vmdk_free_extents(BlockDriverState *bs) - BDRVVmdkState *s = bs->opaque; - VmdkExtent *e; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - for (i = 0; i < s->num_extents; i++) { - e = &s->extents[i]; - g_free(e->l1_table); -@@ -283,7 +283,7 @@ static void vmdk_free_extents(BlockDriverState *bs) - bdrv_unref_child(bs, e->file); - } - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - g_free(s->extents); - } -@@ -1247,9 +1247,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, - 0, 0, 0, 0, 0, &extent, errp); - if (ret < 0) { - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, extent_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - bdrv_graph_rdlock_main_loop(); - goto out; - } -@@ -1266,9 +1266,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, - g_free(buf); - if (ret) { - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, extent_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - bdrv_graph_rdlock_main_loop(); - goto out; - } -@@ -1277,9 +1277,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, - ret = vmdk_open_se_sparse(bs, extent_file, bs->open_flags, errp); - if (ret) { - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, extent_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - bdrv_graph_rdlock_main_loop(); - goto out; - } -@@ -1287,9 +1287,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, - } else { - error_setg(errp, "Unsupported extent type '%s'", type); - bdrv_graph_rdunlock_main_loop(); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(bs, extent_file); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - bdrv_graph_rdlock_main_loop(); - ret = -ENOTSUP; - goto out; -diff --git a/blockdev.c b/blockdev.c -index c91f49e7b..9e1381169 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -1611,9 +1611,9 @@ static void external_snapshot_abort(void *opaque) - } - - bdrv_drained_begin(state->new_bs); -- bdrv_graph_wrlock(state->old_bs); -+ bdrv_graph_wrlock(); - bdrv_replace_node(state->new_bs, state->old_bs, &error_abort); -- bdrv_graph_wrunlock(state->old_bs); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(state->new_bs); - - bdrv_unref(state->old_bs); /* bdrv_replace_node() ref'ed old_bs */ -@@ -3657,7 +3657,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child, - BlockDriverState *parent_bs, *new_bs = NULL; - BdrvChild *p_child; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - - parent_bs = bdrv_lookup_bs(parent, parent, errp); - if (!parent_bs) { -@@ -3693,7 +3693,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child, - } - - out: -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - } - - BlockJobInfoList *qmp_query_block_jobs(Error **errp) -diff --git a/blockjob.c b/blockjob.c -index b7a29052b..731041231 100644 ---- a/blockjob.c -+++ b/blockjob.c -@@ -199,7 +199,7 @@ void block_job_remove_all_bdrv(BlockJob *job) - * to process an already freed BdrvChild. - */ - aio_context_release(job->job.aio_context); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - aio_context_acquire(job->job.aio_context); - while (job->nodes) { - GSList *l = job->nodes; -@@ -212,7 +212,7 @@ void block_job_remove_all_bdrv(BlockJob *job) - - g_slist_free_1(l); - } -- bdrv_graph_wrunlock_ctx(job->job.aio_context); -+ bdrv_graph_wrunlock(); - } - - bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs) -@@ -514,7 +514,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, - int ret; - GLOBAL_STATE_CODE(); - -- bdrv_graph_wrlock(bs); -+ bdrv_graph_wrlock(); - - if (job_id == NULL && !(flags & JOB_INTERNAL)) { - job_id = bdrv_get_device_name(bs); -@@ -523,7 +523,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, - job = job_create(job_id, &driver->job_driver, txn, bdrv_get_aio_context(bs), - flags, cb, opaque, errp); - if (job == NULL) { -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - return NULL; - } - -@@ -563,11 +563,11 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, - goto fail; - } - -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - return job; - - fail: -- bdrv_graph_wrunlock(bs); -+ bdrv_graph_wrunlock(); - job_early_fail(&job->job); - return NULL; - } -diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h -index 22b5db1ed..d7545e82d 100644 ---- a/include/block/graph-lock.h -+++ b/include/block/graph-lock.h -@@ -110,34 +110,17 @@ void unregister_aiocontext(AioContext *ctx); - * - * The wrlock can only be taken from the main loop, with BQL held, as only the - * main loop is allowed to modify the graph. -- * -- * If @bs is non-NULL, its AioContext is temporarily released. -- * -- * This function polls. Callers must not hold the lock of any AioContext other -- * than the current one and the one of @bs. - */ - void no_coroutine_fn TSA_ACQUIRE(graph_lock) TSA_NO_TSA --bdrv_graph_wrlock(BlockDriverState *bs); -+bdrv_graph_wrlock(void); - - /* - * bdrv_graph_wrunlock: - * Write finished, reset global has_writer to 0 and restart - * all readers that are waiting. -- * -- * If @bs is non-NULL, its AioContext is temporarily released. -- */ --void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA --bdrv_graph_wrunlock(BlockDriverState *bs); -- --/* -- * bdrv_graph_wrunlock_ctx: -- * Write finished, reset global has_writer to 0 and restart -- * all readers that are waiting. -- * -- * If @ctx is non-NULL, its lock is temporarily released. - */ - void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA --bdrv_graph_wrunlock_ctx(AioContext *ctx); -+bdrv_graph_wrunlock(void); - - /* - * bdrv_graph_co_rdlock: -diff --git a/scripts/block-coroutine-wrapper.py b/scripts/block-coroutine-wrapper.py -index a38e5833f..38364fa55 100644 ---- a/scripts/block-coroutine-wrapper.py -+++ b/scripts/block-coroutine-wrapper.py -@@ -261,8 +261,8 @@ def gen_no_co_wrapper(func: FuncDecl) -> str: - graph_lock=' bdrv_graph_rdlock_main_loop();' - graph_unlock=' bdrv_graph_rdunlock_main_loop();' - elif func.graph_wrlock: -- graph_lock=' bdrv_graph_wrlock(NULL);' -- graph_unlock=' bdrv_graph_wrunlock(NULL);' -+ graph_lock=' bdrv_graph_wrlock();' -+ graph_unlock=' bdrv_graph_wrunlock();' - - return f"""\ - /* -diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c -index 704d1a3f3..d9754dfeb 100644 ---- a/tests/unit/test-bdrv-drain.c -+++ b/tests/unit/test-bdrv-drain.c -@@ -807,9 +807,9 @@ static void test_blockjob_common_drain_node(enum drain_type drain_type, - tjob->bs = src; - job = &tjob->common; - -- bdrv_graph_wrlock(target); -+ bdrv_graph_wrlock(); - block_job_add_bdrv(job, "target", target, 0, BLK_PERM_ALL, &error_abort); -- bdrv_graph_wrunlock(target); -+ bdrv_graph_wrunlock(); - - switch (result) { - case TEST_JOB_SUCCESS: -@@ -991,11 +991,11 @@ static void bdrv_test_top_close(BlockDriverState *bs) - { - BdrvChild *c, *next_c; - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - QLIST_FOREACH_SAFE(c, &bs->children, next, next_c) { - bdrv_unref_child(bs, c); - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - } - - static int coroutine_fn GRAPH_RDLOCK -@@ -1085,10 +1085,10 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, - - null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL, - &error_abort); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, - BDRV_CHILD_DATA, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - /* This child will be the one to pass to requests through to, and - * it will stall until a drain occurs */ -@@ -1096,21 +1096,21 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, - &error_abort); - child_bs->total_sectors = 65536 >> BDRV_SECTOR_BITS; - /* Takes our reference to child_bs */ -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - tts->wait_child = bdrv_attach_child(bs, child_bs, "wait-child", - &child_of_bds, - BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY, - &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - /* This child is just there to be deleted - * (for detach_instead_of_delete == true) */ - null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL, - &error_abort); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA, - &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - blk = blk_new(qemu_get_aio_context(), BLK_PERM_ALL, BLK_PERM_ALL); - blk_insert_bs(blk, bs, &error_abort); -@@ -1193,14 +1193,14 @@ static void no_coroutine_fn detach_indirect_bh(void *opaque) - - bdrv_dec_in_flight(data->child_b->bs); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_unref_child(data->parent_b, data->child_b); - - bdrv_ref(data->c); - data->child_c = bdrv_attach_child(data->parent_b, data->c, "PB-C", - &child_of_bds, BDRV_CHILD_DATA, - &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - } - - static void coroutine_mixed_fn detach_by_parent_aio_cb(void *opaque, int ret) -@@ -1298,7 +1298,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb) - /* Set child relationships */ - bdrv_ref(b); - bdrv_ref(a); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - child_b = bdrv_attach_child(parent_b, b, "PB-B", &child_of_bds, - BDRV_CHILD_DATA, &error_abort); - child_a = bdrv_attach_child(parent_b, a, "PB-A", &child_of_bds, -@@ -1308,7 +1308,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb) - bdrv_attach_child(parent_a, a, "PA-A", - by_parent_cb ? &child_of_bds : &detach_by_driver_cb_class, - BDRV_CHILD_DATA, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - g_assert_cmpint(parent_a->refcnt, ==, 1); - g_assert_cmpint(parent_b->refcnt, ==, 1); -@@ -1727,7 +1727,7 @@ static void test_drop_intermediate_poll(void) - * Establish the chain last, so the chain links are the first - * elements in the BDS.parents lists - */ -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - for (i = 0; i < 3; i++) { - if (i) { - /* Takes the reference to chain[i - 1] */ -@@ -1735,7 +1735,7 @@ static void test_drop_intermediate_poll(void) - &chain_child_class, BDRV_CHILD_COW, &error_abort); - } - } -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - job = block_job_create("job", &test_simple_job_driver, NULL, job_node, - 0, BLK_PERM_ALL, 0, 0, NULL, NULL, &error_abort); -@@ -1982,10 +1982,10 @@ static void do_test_replace_child_mid_drain(int old_drain_count, - new_child_bs->total_sectors = 1; - - bdrv_ref(old_child_bs); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds, - BDRV_CHILD_COW, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - parent_s->setup_completed = true; - - for (i = 0; i < old_drain_count; i++) { -@@ -2016,9 +2016,9 @@ static void do_test_replace_child_mid_drain(int old_drain_count, - g_assert(parent_bs->quiesce_counter == old_drain_count); - bdrv_drained_begin(old_child_bs); - bdrv_drained_begin(new_child_bs); -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_replace_node(old_child_bs, new_child_bs, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - bdrv_drained_end(new_child_bs); - bdrv_drained_end(old_child_bs); - g_assert(parent_bs->quiesce_counter == new_drain_count); -diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c -index 074adcbb9..8ee6ef38d 100644 ---- a/tests/unit/test-bdrv-graph-mod.c -+++ b/tests/unit/test-bdrv-graph-mod.c -@@ -137,10 +137,10 @@ static void test_update_perm_tree(void) - - blk_insert_bs(root, bs, &error_abort); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(filter, bs, "child", &child_of_bds, - BDRV_CHILD_DATA, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - aio_context_acquire(qemu_get_aio_context()); - ret = bdrv_append(filter, bs, NULL); -@@ -206,11 +206,11 @@ static void test_should_update_child(void) - - bdrv_set_backing_hd(target, bs, &error_abort); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - g_assert(target->backing->bs == bs); - bdrv_attach_child(filter, target, "target", &child_of_bds, - BDRV_CHILD_DATA, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - aio_context_acquire(qemu_get_aio_context()); - bdrv_append(filter, bs, &error_abort); - aio_context_release(qemu_get_aio_context()); -@@ -248,7 +248,7 @@ static void test_parallel_exclusive_write(void) - bdrv_ref(base); - bdrv_ref(fl1); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(top, fl1, "backing", &child_of_bds, - BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, - &error_abort); -@@ -260,7 +260,7 @@ static void test_parallel_exclusive_write(void) - &error_abort); - - bdrv_replace_node(fl1, fl2, &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - bdrv_drained_end(fl2); - bdrv_drained_end(fl1); -@@ -367,7 +367,7 @@ static void test_parallel_perm_update(void) - */ - bdrv_ref(base); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(top, ws, "file", &child_of_bds, BDRV_CHILD_DATA, - &error_abort); - c_fl1 = bdrv_attach_child(ws, fl1, "first", &child_of_bds, -@@ -380,7 +380,7 @@ static void test_parallel_perm_update(void) - bdrv_attach_child(fl2, base, "backing", &child_of_bds, - BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, - &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - /* Select fl1 as first child to be active */ - s->selected = c_fl1; -@@ -434,11 +434,11 @@ static void test_append_greedy_filter(void) - BlockDriverState *base = no_perm_node("base"); - BlockDriverState *fl = exclusive_writer_node("fl1"); - -- bdrv_graph_wrlock(NULL); -+ bdrv_graph_wrlock(); - bdrv_attach_child(top, base, "backing", &child_of_bds, - BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, - &error_abort); -- bdrv_graph_wrunlock(NULL); -+ bdrv_graph_wrunlock(); - - aio_context_acquire(qemu_get_aio_context()); - bdrv_append(fl, base, &error_abort); --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch deleted file mode 100644 index bcdd0fbed8..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 7ead946998610657d38d1a505d5f25300d4ca613 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 25 Apr 2024 14:56:02 +0000 -Subject: [PATCH] block: Parse filenames only when explicitly requested - -When handling image filenames from legacy options such as -drive or from -tools, these filenames are parsed for protocol prefixes, including for -the json:{} pseudo-protocol. - -This behaviour is intended for filenames that come directly from the -command line and for backing files, which may come from the image file -itself. Higher level management tools generally take care to verify that -untrusted images don't contain a bad (or any) backing file reference; -'qemu-img info' is a suitable tool for this. - -However, for other files that can be referenced in images, such as -qcow2 data files or VMDK extents, the string from the image file is -usually not verified by management tools - and 'qemu-img info' wouldn't -be suitable because in contrast to backing files, it already opens these -other referenced files. So here the string should be interpreted as a -literal local filename. More complex configurations need to be specified -explicitly on the command line or in QMP... - -CVE: CVE-2024-4467 -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613] - -Signed-off-by: Yogita Urade ---- - block.c | 94 ++++++++++++++++++++++++++++++++++----------------------- - 1 file changed, 57 insertions(+), 37 deletions(-) - -diff --git a/block.c b/block.c -index 25e1ebc60..f3cb32cd7 100644 ---- a/block.c -+++ b/block.c -@@ -86,6 +86,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename, - BlockDriverState *parent, - const BdrvChildClass *child_class, - BdrvChildRole child_role, -+ bool parse_filename, - Error **errp); - - static bool bdrv_recurse_has_child(BlockDriverState *bs, -@@ -2047,7 +2048,8 @@ static void parse_json_protocol(QDict *options, const char **pfilename, - * block driver has been specified explicitly. - */ - static int bdrv_fill_options(QDict **options, const char *filename, -- int *flags, Error **errp) -+ int *flags, bool allow_parse_filename, -+ Error **errp) - { - const char *drvname; - bool protocol = *flags & BDRV_O_PROTOCOL; -@@ -2089,7 +2091,7 @@ static int bdrv_fill_options(QDict **options, const char *filename, - if (protocol && filename) { - if (!qdict_haskey(*options, "filename")) { - qdict_put_str(*options, "filename", filename); -- parse_filename = true; -+ parse_filename = allow_parse_filename; - } else { - error_setg(errp, "Can't specify 'file' and 'filename' options at " - "the same time"); -@@ -3675,7 +3677,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options, - } - - backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs, -- &child_of_bds, bdrv_backing_role(bs), errp); -+ &child_of_bds, bdrv_backing_role(bs), true, -+ errp); - if (!backing_hd) { - bs->open_flags |= BDRV_O_NO_BACKING; - error_prepend(errp, "Could not open backing file: "); -@@ -3712,7 +3715,8 @@ free_exit: - static BlockDriverState * - bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key, - BlockDriverState *parent, const BdrvChildClass *child_class, -- BdrvChildRole child_role, bool allow_none, Error **errp) -+ BdrvChildRole child_role, bool allow_none, -+ bool parse_filename, Error **errp) - { - BlockDriverState *bs = NULL; - QDict *image_options; -@@ -3743,7 +3747,8 @@ bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key, - } - - bs = bdrv_open_inherit(filename, reference, image_options, 0, -- parent, child_class, child_role, errp); -+ parent, child_class, child_role, parse_filename, -+ errp); - if (!bs) { - goto done; - } -@@ -3753,6 +3758,33 @@ done: - return bs; - } - -+static BdrvChild *bdrv_open_child_common(const char *filename, -+ QDict *options, const char *bdref_key, -+ BlockDriverState *parent, -+ const BdrvChildClass *child_class, -+ BdrvChildRole child_role, -+ bool allow_none, bool parse_filename, -+ Error **errp) -+{ -+ BlockDriverState *bs; -+ BdrvChild *child; -+ -+ GLOBAL_STATE_CODE(); -+ -+ bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class, -+ child_role, allow_none, parse_filename, errp); -+ if (bs == NULL) { -+ return NULL; -+ } -+ -+ bdrv_graph_wrlock(); -+ child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, -+ errp); -+ bdrv_graph_wrunlock(); -+ -+ return child; -+} -+ - /* - * Opens a disk image whose options are given as BlockdevRef in another block - * device's options. -@@ -3778,31 +3810,15 @@ BdrvChild *bdrv_open_child(const char *filename, - BdrvChildRole child_role, - bool allow_none, Error **errp) - { -- BlockDriverState *bs; -- BdrvChild *child; -- AioContext *ctx; -- -- GLOBAL_STATE_CODE(); -- -- bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class, -- child_role, allow_none, errp); -- if (bs == NULL) { -- return NULL; -- } -- -- bdrv_graph_wrlock(); -- ctx = bdrv_get_aio_context(bs); -- aio_context_acquire(ctx); -- child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, -- errp); -- aio_context_release(ctx); -- bdrv_graph_wrunlock(); -- -- return child; -+ return bdrv_open_child_common(filename, options, bdref_key, parent, -+ child_class, child_role, allow_none, false, -+ errp); - } - - /* -- * Wrapper on bdrv_open_child() for most popular case: open primary child of bs. -+ * This does mostly the same as bdrv_open_child(), but for opening the primary -+ * child of a node. A notable difference from bdrv_open_child() is that it -+ * enables filename parsing for protocol names (including json:). - * - * The caller must hold the lock of the main AioContext and no other AioContext. - * @parent can move to a different AioContext in this function. Callers must -@@ -3819,8 +3835,8 @@ int bdrv_open_file_child(const char *filename, - role = parent->drv->is_filter ? - (BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY) : BDRV_CHILD_IMAGE; - -- if (!bdrv_open_child(filename, options, bdref_key, parent, -- &child_of_bds, role, false, errp)) -+ if (!bdrv_open_child_common(filename, options, bdref_key, parent, -+ &child_of_bds, role, false, true, errp)) - { - return -EINVAL; - } -@@ -3865,7 +3881,8 @@ BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp) - - } - -- bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp); -+ bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, false, -+ errp); - obj = NULL; - qobject_unref(obj); - visit_free(v); -@@ -3962,7 +3979,7 @@ static BlockDriverState * no_coroutine_fn - bdrv_open_inherit(const char *filename, const char *reference, QDict *options, - int flags, BlockDriverState *parent, - const BdrvChildClass *child_class, BdrvChildRole child_role, -- Error **errp) -+ bool parse_filename, Error **errp) - { - int ret; - BlockBackend *file = NULL; -@@ -4011,9 +4028,11 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, - } - - /* json: syntax counts as explicit options, as if in the QDict */ -- parse_json_protocol(options, &filename, &local_err); -- if (local_err) { -- goto fail; -+ if (parse_filename) { -+ parse_json_protocol(options, &filename, &local_err); -+ if (local_err) { -+ goto fail; -+ } - } - - bs->explicit_options = qdict_clone_shallow(options); -@@ -4038,7 +4057,8 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, - parent->open_flags, parent->options); - } - -- ret = bdrv_fill_options(&options, filename, &flags, &local_err); -+ ret = bdrv_fill_options(&options, filename, &flags, parse_filename, -+ &local_err); - if (ret < 0) { - goto fail; - } -@@ -4107,7 +4127,7 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, - - file_bs = bdrv_open_child_bs(filename, options, "file", bs, - &child_of_bds, BDRV_CHILD_IMAGE, -- true, &local_err); -+ true, true, &local_err); - if (local_err) { - goto fail; - } -@@ -4270,7 +4290,7 @@ BlockDriverState *bdrv_open(const char *filename, const char *reference, - GLOBAL_STATE_CODE(); - - return bdrv_open_inherit(filename, reference, options, flags, NULL, -- NULL, 0, errp); -+ NULL, 0, true, errp); - } - - /* Return true if the NULL-terminated @list contains @str */ --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch deleted file mode 100644 index 631e93a6d2..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch +++ /dev/null @@ -1,167 +0,0 @@ -From fb1c2aaa981e0a2fa6362c9985f1296b74f055ac Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Wed, 7 Aug 2024 08:50:01 -0500 -Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add() - -Upcoming patches to fix a CVE need to track an opaque pointer passed -in by the owner of a client object, as well as request for a time -limit on how fast negotiation must complete. Prepare for that by -changing the signature of nbd_client_new() and adding an accessor to -get at the opaque pointer, although for now the two servers -(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though -they pass in a new default timeout value. - -Suggested-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-11-eblake@redhat.com> -Reviewed-by: Daniel P. BerrangĂ© -[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan] -Signed-off-by: Eric Blake - -CVE: CVE-2024-7409 - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac] - -Signed-off-by: Archana Polampalli ---- - blockdev-nbd.c | 6 ++++-- - include/block/nbd.h | 11 ++++++++++- - nbd/server.c | 20 +++++++++++++++++--- - qemu-nbd.c | 4 +++- - 4 files changed, 34 insertions(+), 7 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 213012435..267a1de90 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - nbd_update_server_watch(nbd_server); - - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); -- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, -- nbd_blockdev_client_closed); -+ /* TODO - expose handshake timeout as QMP option */ -+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, -+ nbd_server->tlscreds, nbd_server->tlsauthz, -+ nbd_blockdev_client_closed, NULL); - } - - static void nbd_update_server_watch(NBDServerData *s) -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 4e7bd6342..1d4d65922 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts; - - extern const BlockExportDriver blk_exp_nbd; - -+/* -+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must -+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow. -+ */ -+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 -+ - /* Handshake phase structs - this struct is passed on the wire */ - - typedef struct NBDOption { -@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp); - NBDExport *nbd_export_find(const char *name); - - void nbd_client_new(QIOChannelSocket *sioc, -+ uint32_t handshake_max_secs, - QCryptoTLSCreds *tlscreds, - const char *tlsauthz, -- void (*close_fn)(NBDClient *, bool)); -+ void (*close_fn)(NBDClient *, bool), -+ void *owner); -+void *nbd_client_owner(NBDClient *client); - void nbd_client_get(NBDClient *client); - void nbd_client_put(NBDClient *client); - -diff --git a/nbd/server.c b/nbd/server.c -index 091b57119..f8881936e 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -124,12 +124,14 @@ struct NBDMetaContexts { - struct NBDClient { - int refcount; /* atomic */ - void (*close_fn)(NBDClient *client, bool negotiated); -+ void *owner; - - QemuMutex lock; - - NBDExport *exp; - QCryptoTLSCreds *tlscreds; - char *tlsauthz; -+ uint32_t handshake_max_secs; - QIOChannelSocket *sioc; /* The underlying data channel */ - QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ - -@@ -3160,6 +3162,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - - qemu_co_mutex_init(&client->send_lock); - -+ /* TODO - utilize client->handshake_max_secs */ - if (nbd_negotiate(client, &local_err)) { - if (local_err) { - error_report_err(local_err); -@@ -3174,14 +3177,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - } - - /* -- * Create a new client listener using the given channel @sioc. -+ * Create a new client listener using the given channel @sioc and @owner. - * Begin servicing it in a coroutine. When the connection closes, call -- * @close_fn with an indication of whether the client completed negotiation. -+ * @close_fn with an indication of whether the client completed negotiation -+ * within @handshake_max_secs seconds (0 for unbounded). - */ - void nbd_client_new(QIOChannelSocket *sioc, -+ uint32_t handshake_max_secs, - QCryptoTLSCreds *tlscreds, - const char *tlsauthz, -- void (*close_fn)(NBDClient *, bool)) -+ void (*close_fn)(NBDClient *, bool), -+ void *owner) - { - NBDClient *client; - Coroutine *co; -@@ -3194,13 +3200,21 @@ void nbd_client_new(QIOChannelSocket *sioc, - object_ref(OBJECT(client->tlscreds)); - } - client->tlsauthz = g_strdup(tlsauthz); -+ client->handshake_max_secs = handshake_max_secs; - client->sioc = sioc; - qio_channel_set_delay(QIO_CHANNEL(sioc), false); - object_ref(OBJECT(client->sioc)); - client->ioc = QIO_CHANNEL(sioc); - object_ref(OBJECT(client->ioc)); - client->close_fn = close_fn; -+ client->owner = owner; - - co = qemu_coroutine_create(nbd_co_client_start, client); - qemu_coroutine_enter(co); - } -+ -+void * -+nbd_client_owner(NBDClient *client) -+{ -+ return client->owner; -+} -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 186e6468b..5fa399c0b 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -389,7 +389,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - - nb_fds++; - nbd_update_server_watch(); -- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed); -+ /* TODO - expose handshake timeout as command line option */ -+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, -+ tlscreds, tlsauthz, nbd_client_closed, NULL); - } - - static void nbd_update_server_watch(void) --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch deleted file mode 100644 index ca8ef0b44d..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch +++ /dev/null @@ -1,175 +0,0 @@ -From c8a76dbd90c2f48df89b75bef74917f90a59b623 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Tue, 6 Aug 2024 13:53:00 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100 - -Allowing an unlimited number of clients to any web service is a recipe -for a rudimentary denial of service attack: the client merely needs to -open lots of sockets without closing them, until qemu no longer has -any more fds available to allocate. - -For qemu-nbd, we default to allowing only 1 connection unless more are -explicitly asked for (-e or --shared); this was historically picked as -a nice default (without an explicit -t, a non-persistent qemu-nbd goes -away after a client disconnects, without needing any additional -follow-up commands), and we are not going to change that interface now -(besides, someday we want to point people towards qemu-storage-daemon -instead of qemu-nbd). - -But for qemu proper, and the newer qemu-storage-daemon, the QMP -nbd-server-start command has historically had a default of unlimited -number of connections, in part because unlike qemu-nbd it is -inherently persistent until nbd-server-stop. Allowing multiple client -sockets is particularly useful for clients that can take advantage of -MULTI_CONN (creating parallel sockets to increase throughput), -although known clients that do so (such as libnbd's nbdcopy) typically -use only 8 or 16 connections (the benefits of scaling diminish once -more sockets are competing for kernel attention). Picking a number -large enough for typical use cases, but not unlimited, makes it -slightly harder for a malicious client to perform a denial of service -merely by opening lots of connections withot progressing through the -handshake. - -This change does not eliminate CVE-2024-7409 on its own, but reduces -the chance for fd exhaustion or unlimited memory usage as an attack -surface. On the other hand, by itself, it makes it more obvious that -with a finite limit, we have the problem of an unauthenticated client -holding 100 fds opened as a way to block out a legitimate client from -being able to connect; thus, later patches will further add timeouts -to reject clients that are not making progress. - -This is an INTENTIONAL change in behavior, and will break any client -of nbd-server-start that was not passing an explicit max-connections -parameter, yet expects more than 100 simultaneous connections. We are -not aware of any such client (as stated above, most clients aware of -MULTI_CONN get by just fine on 8 or 16 connections, and probably cope -with later connections failing by relying on the earlier connections; -libvirt has not yet been passing max-connections, but generally -creates NBD servers with the intent for a single client for the sake -of live storage migration; meanwhile, the KubeSAN project anticipates -a large cluster sharing multiple clients [up to 8 per node, and up to -100 nodes in a cluster], but it currently uses qemu-nbd with an -explicit --shared=0 rather than qemu-storage-daemon with -nbd-server-start). - -We considered using a deprecation period (declare that omitting -max-parameters is deprecated, and make it mandatory in 3 releases - -then we don't need to pick an arbitrary default); that has zero risk -of breaking any apps that accidentally depended on more than 100 -connections, and where such breakage might not be noticed under unit -testing but only under the larger loads of production usage. But it -does not close the denial-of-service hole until far into the future, -and requires all apps to change to add the parameter even if 100 was -good enough. It also has a drawback that any app (like libvirt) that -is accidentally relying on an unlimited default should seriously -consider their own CVE now, at which point they are going to change to -pass explicit max-connections sooner than waiting for 3 qemu releases. -Finally, if our changed default breaks an app, that app can always -pass in an explicit max-parameters with a larger value. - -It is also intentional that the HMP interface to nbd-server-start is -not changed to expose max-connections (any client needing to fine-tune -things should be using QMP). - -Suggested-by: Daniel P. BerrangĂ© -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-12-eblake@redhat.com> -Reviewed-by: Daniel P. BerrangĂ© -[ericb: Expand commit message to summarize Dan's argument for why we -break corner-case back-compat behavior without a deprecation period] -Signed-off-by: Eric Blake - -CVE: CVE-2024-7409 - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623] - -Signed-off-by: Archana Polampalli ---- - block/monitor/block-hmp-cmds.c | 3 ++- - blockdev-nbd.c | 8 ++++++++ - include/block/nbd.h | 7 +++++++ - qapi/block-export.json | 4 ++-- - 4 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c -index c729cbf1e..78a697585 100644 ---- a/block/monitor/block-hmp-cmds.c -+++ b/block/monitor/block-hmp-cmds.c -@@ -415,7 +415,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict) - goto exit; - } - -- nbd_server_start(addr, NULL, NULL, 0, &local_err); -+ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS, -+ &local_err); - qapi_free_SocketAddress(addr); - if (local_err != NULL) { - goto exit; -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 267a1de90..24ba5382d 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds, - - void nbd_server_start_options(NbdServerOptions *arg, Error **errp) - { -+ if (!arg->has_max_connections) { -+ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS; -+ } -+ - nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, - arg->max_connections, errp); - } -@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr, - { - SocketAddress *addr_flat = socket_address_flatten(addr); - -+ if (!has_max_connections) { -+ max_connections = NBD_DEFAULT_MAX_CONNECTIONS; -+ } -+ - nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); - qapi_free_SocketAddress(addr_flat); - } -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 1d4d65922..d4f8b21ae 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd; - */ - #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 - -+/* -+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at -+ * once; must be large enough to allow a MULTI_CONN-aware client like -+ * nbdcopy to create its typical number of 8-16 sockets. -+ */ -+#define NBD_DEFAULT_MAX_CONNECTIONS 100 -+ - /* Handshake phase structs - this struct is passed on the wire */ - - typedef struct NBDOption { -diff --git a/qapi/block-export.json b/qapi/block-export.json -index 7874a49ba..1d255d77e 100644 ---- a/qapi/block-export.json -+++ b/qapi/block-export.json -@@ -28,7 +28,7 @@ - # @max-connections: The maximum number of connections to allow at the - # same time, 0 for unlimited. Setting this to 1 also stops the - # server from advertising multiple client support (since 5.2; --# default: 0) -+# default: 100) - # - # Since: 4.2 - ## -@@ -63,7 +63,7 @@ - # @max-connections: The maximum number of connections to allow at the - # same time, 0 for unlimited. Setting this to 1 also stops the - # server from advertising multiple client support (since 5.2; --# default: 0). -+# default: 100). - # - # Returns: error if the server is already running. - # --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch deleted file mode 100644 index b2b9b15c54..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch +++ /dev/null @@ -1,126 +0,0 @@ -From b9b72cb3ce15b693148bd09cef7e50110566d8a0 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 8 Aug 2024 16:05:08 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients - -A client that opens a socket but does not negotiate is merely hogging -qemu's resources (an open fd and a small amount of memory); and a -malicious client that can access the port where NBD is listening can -attempt a denial of service attack by intentionally opening and -abandoning lots of unfinished connections. The previous patch put a -default bound on the number of such ongoing connections, but once that -limit is hit, no more clients can connect (including legitimate ones). -The solution is to insist that clients complete handshake within a -reasonable time limit, defaulting to 10 seconds. A client that has -not successfully completed NBD_OPT_GO by then (including the case of -where the client didn't know TLS credentials to even reach the point -of NBD_OPT_GO) is wasting our time and does not deserve to stay -connected. Later patches will allow fine-tuning the limit away from -the default value (including disabling it for doing integration -testing of the handshake process itself). - -Note that this patch in isolation actually makes it more likely to see -qemu SEGV after nbd-server-stop, as any client socket still connected -when the server shuts down will now be closed after 10 seconds rather -than at the client's whims. That will be addressed in the next patch. - -For a demo of this patch in action: -$ qemu-nbd -f raw -r -t -e 10 file & -$ nbdsh --opt-mode -c ' -H = list() -for i in range(20): - print(i) - H.insert(i, nbd.NBD()) - H[i].set_opt_mode(True) - H[i].connect_uri("nbd://localhost") -' -$ kill $! - -where later connections get to start progressing once earlier ones are -forcefully dropped for taking too long, rather than hanging. - -Suggested-by: Daniel P. BerrangĂ© -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-13-eblake@redhat.com> -Reviewed-by: Daniel P. BerrangĂ© -[eblake: rebase to changes earlier in series, reduce scope of timer] -Signed-off-by: Eric Blake - -CVE: CVE-2024-7409 - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0] - -Signed-off-by: Archana Polampalli ---- - nbd/server.c | 28 +++++++++++++++++++++++++++- - nbd/trace-events | 1 + - 2 files changed, 28 insertions(+), 1 deletion(-) - -diff --git a/nbd/server.c b/nbd/server.c -index f8881936e..6155e329a 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -3155,22 +3155,48 @@ static void nbd_client_receive_next_request(NBDClient *client) - } - } - -+static void nbd_handshake_timer_cb(void *opaque) -+{ -+ QIOChannel *ioc = opaque; -+ -+ trace_nbd_handshake_timer_cb(); -+ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL); -+} -+ - static coroutine_fn void nbd_co_client_start(void *opaque) - { - NBDClient *client = opaque; - Error *local_err = NULL; -+ QEMUTimer *handshake_timer = NULL; - - qemu_co_mutex_init(&client->send_lock); - -- /* TODO - utilize client->handshake_max_secs */ -+ /* -+ * Create a timer to bound the time spent in negotiation. If the -+ * timer expires, it is likely nbd_negotiate will fail because the -+ * socket was shutdown. -+ */ -+ if (client->handshake_max_secs > 0) { -+ handshake_timer = aio_timer_new(qemu_get_aio_context(), -+ QEMU_CLOCK_REALTIME, -+ SCALE_NS, -+ nbd_handshake_timer_cb, -+ client->sioc); -+ timer_mod(handshake_timer, -+ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + -+ client->handshake_max_secs * NANOSECONDS_PER_SECOND); -+ } -+ - if (nbd_negotiate(client, &local_err)) { - if (local_err) { - error_report_err(local_err); - } -+ timer_free(handshake_timer); - client_close(client, false); - return; - } - -+ timer_free(handshake_timer); - WITH_QEMU_LOCK_GUARD(&client->lock) { - nbd_client_receive_next_request(client); - } -diff --git a/nbd/trace-events b/nbd/trace-events -index 00ae3216a..cbd0a4ab7 100644 ---- a/nbd/trace-events -+++ b/nbd/trace-events -@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload - nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64 - nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32 - nbd_trip(void) "Reading request" -+nbd_handshake_timer_cb(void) "client took too long to negotiate" - - # client-connection.c - nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64 --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch deleted file mode 100644 index 9515c631ad..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 3e7ef738c8462c45043a1d39f702a0990406a3b3 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Wed, 7 Aug 2024 12:23:13 -0500 -Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop - -A malicious client can attempt to connect to an NBD server, and then -intentionally delay progress in the handshake, including if it does -not know the TLS secrets. Although the previous two patches reduce -this behavior by capping the default max-connections parameter and -killing slow clients, they did not eliminate the possibility of a -client waiting to close the socket until after the QMP nbd-server-stop -command is executed, at which point qemu would SEGV when trying to -dereference the NULL nbd_server global which is no longer present. -This amounts to a denial of service attack. Worse, if another NBD -server is started before the malicious client disconnects, I cannot -rule out additional adverse effects when the old client interferes -with the connection count of the new server (although the most likely -is a crash due to an assertion failure when checking -nbd_server->connections > 0). - -For environments without this patch, the CVE can be mitigated by -ensuring (such as via a firewall) that only trusted clients can -connect to an NBD server. Note that using frameworks like libvirt -that ensure that TLS is used and that nbd-server-stop is not executed -while any trusted clients are still connected will only help if there -is also no possibility for an untrusted client to open a connection -but then stall on the NBD handshake. - -Given the previous patches, it would be possible to guarantee that no -clients remain connected by having nbd-server-stop sleep for longer -than the default handshake deadline before finally freeing the global -nbd_server object, but that could make QMP non-responsive for a long -time. So intead, this patch fixes the problem by tracking all client -sockets opened while the server is running, and forcefully closing any -such sockets remaining without a completed handshake at the time of -nbd-server-stop, then waiting until the coroutines servicing those -sockets notice the state change. nbd-server-stop now has a second -AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the -blk_exp_close_all_type() that disconnects all clients that completed -handshakes), but forced socket shutdown is enough to progress the -coroutines and quickly tear down all clients before the server is -freed, thus finally fixing the CVE. - -This patch relies heavily on the fact that nbd/server.c guarantees -that it only calls nbd_blockdev_client_closed() from the main loop -(see the assertion in nbd_client_put() and the hoops used in -nbd_client_put_nonzero() to achieve that); if we did not have that -guarantee, we would also need a mutex protecting our accesses of the -list of connections to survive re-entrancy from independent iothreads. - -Although I did not actually try to test old builds, it looks like this -problem has existed since at least commit 862172f45c (v2.12.0, 2017) - -even back when that patch started using a QIONetListener to handle -listening on multiple sockets, nbd_server_free() was already unaware -that the nbd_blockdev_client_closed callback can be reached later by a -client thread that has not completed handshakes (and therefore the -client's socket never got added to the list closed in -nbd_export_close_all), despite that patch intentionally tearing down -the QIONetListener to prevent new clients. - -Reported-by: Alexander Ivanov -Fixes: CVE-2024-7409 -CC: qemu-stable@nongnu.org -Signed-off-by: Eric Blake -Message-ID: <20240807174943.771624-14-eblake@redhat.com> -Reviewed-by: Daniel P. BerrangĂ© - -CVE: CVE-2024-7409 - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3] - -Signed-off-by: Archana Polampalli ---- - blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++- - 1 file changed, 34 insertions(+), 1 deletion(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index 24ba5382d..f73409ae4 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -21,12 +21,18 @@ - #include "io/channel-socket.h" - #include "io/net-listener.h" - -+typedef struct NBDConn { -+ QIOChannelSocket *cioc; -+ QLIST_ENTRY(NBDConn) next; -+} NBDConn; -+ - typedef struct NBDServerData { - QIONetListener *listener; - QCryptoTLSCreds *tlscreds; - char *tlsauthz; - uint32_t max_connections; - uint32_t connections; -+ QLIST_HEAD(, NBDConn) conns; - } NBDServerData; - - static NBDServerData *nbd_server; -@@ -51,6 +57,14 @@ int nbd_server_max_connections(void) - - static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) - { -+ NBDConn *conn = nbd_client_owner(client); -+ -+ assert(qemu_in_main_thread() && nbd_server); -+ -+ object_unref(OBJECT(conn->cioc)); -+ QLIST_REMOVE(conn, next); -+ g_free(conn); -+ - nbd_client_put(client); - assert(nbd_server->connections > 0); - nbd_server->connections--; -@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) - static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, - gpointer opaque) - { -+ NBDConn *conn = g_new0(NBDConn, 1); -+ -+ assert(qemu_in_main_thread() && nbd_server); - nbd_server->connections++; -+ object_ref(OBJECT(cioc)); -+ conn->cioc = cioc; -+ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next); - nbd_update_server_watch(nbd_server); - - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); - /* TODO - expose handshake timeout as QMP option */ - nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, - nbd_server->tlscreds, nbd_server->tlsauthz, -- nbd_blockdev_client_closed, NULL); -+ nbd_blockdev_client_closed, conn); - } - - static void nbd_update_server_watch(NBDServerData *s) -@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s) - - static void nbd_server_free(NBDServerData *server) - { -+ NBDConn *conn, *tmp; -+ - if (!server) { - return; - } - -+ /* -+ * Forcefully close the listener socket, and any clients that have -+ * not yet disconnected on their own. -+ */ - qio_net_listener_disconnect(server->listener); - object_unref(OBJECT(server->listener)); -+ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { -+ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, -+ NULL); -+ } -+ -+ AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0); -+ - if (server->tlscreds) { - object_unref(OBJECT(server->tlscreds)); - } --- -2.40.0 diff --git a/meta/recipes-devtools/qemu/qemu_8.2.3.bb b/meta/recipes-devtools/qemu/qemu_8.2.7.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu_8.2.3.bb rename to meta/recipes-devtools/qemu/qemu_8.2.7.bb From patchwork Tue Dec 3 13:37:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53530 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A12A9E64AA7 for ; Tue, 3 Dec 2024 13:37:54 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.19392.1733233070292976804 for ; Tue, 03 Dec 2024 05:37:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PhQ3opfF; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2155157c31fso29350935ad.1 for ; Tue, 03 Dec 2024 05:37:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233069; x=1733837869; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ksnnqwdZq95cLOeXlX7o7Otgt9YYrAenjJgVcqd/ajQ=; b=PhQ3opfFCSoLeHGEVnfKRQyntJPjtcYzxYkVBPVoxd576sVVlKKLjrjzOFNQ+QrDlA /WshGFqmFmF53WrVXNzS48VPamAhhoJ0v8T2oueIFDrg9/ynSs8wtu+5wbhqiA/qW4so WGt57y1Co6JuKu+1RVUerZH0d28pqja0XSoHgWBCuc7Ij6CuiUS7RtobgoF0RZr8LZbg By5Mo2BKFdYL8931QMaLvAL6SJ5KbnovmCf+oUFWRMw+e6Q9Tx6Id85H+5yyGrbN7zV+ pmuINLogJpbLQ59N6shTR8cMYhmjc7OL85KfKl4aeOTW2/JH02jAHvDMLqhzFd5W98Ln fHVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233069; x=1733837869; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ksnnqwdZq95cLOeXlX7o7Otgt9YYrAenjJgVcqd/ajQ=; b=rxYxYBMkwayAtT0lvyXoWHzTzgUxpkF6KDGCHgk6eOnvChK+nDg0eibGsDy6FSRdY8 885PVj+7TBniBwtqjeqmjPZgDfAuHs8yDSqix/RaRssmh8XehCeRLz4TyOAE5/2SZMN+ q62tDNw3fAjYdojubZluAfWw3/bJqB3s13PBJ0PNO4bjZlCTeZcTfCIPoxybmD9mEJah alonefbj+ae97H9n1P+eogJKZo6zBvkUGz4pTyXs+T9SC6vg7eMRnIzVcONl2HtTAl8j CHvnNcOQkwbo9nwxrQA/xaaJCYVHdy75zWxczoZtHOQIbIKfrpnWa7nQZNUx+zZggIb/ 4TcQ== X-Gm-Message-State: AOJu0YzBn1YtMOfFaOFwN1MX0podb/jVrAETLBRqaKLxcGk9ac9otVnD DEaC6zyArc5lasVKOwz0SXz1ZD/07fl+1Oa6Dw5oyb0E6n43LvjOpoftSuHAxsnD9z2pWXA4wUJ 7 X-Gm-Gg: ASbGncu88z3MxT4q+MW8osRdG5euxP3Wb5e/PlPVmXPFHMRvsdyCeez46T+1CeGElGW XElEhqMslxEspRk9aGxymjhN9QIHJaFTz3Iq3IJYZSMYoJb6cBehCjOy1s8lAEMcJvhw/iOJfC8 kLjEM1rkZA10A++sAP6RpwQIJp7Y8GXx/C4km1bgy52QQTQjrXdXtdEymPsve/H6AZyDsUEYEFU VrzPR/umd0X4x5frZwFsqqm2RgOH8z3YhZwiT8= X-Google-Smtp-Source: AGHT+IGMqEKuQLp6GIuM6NH3xm2rJLQ9lHUO5MVns4IDfVHrWxcBJm5hpjMqKjL7mxjKdn25LFXVyQ== X-Received: by 2002:a17:902:e845:b0:215:9c06:272a with SMTP id d9443c01a7336-2159c062adbmr115921795ad.24.1733233068995; Tue, 03 Dec 2024 05:37:48 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:48 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/16] gcc: add a backport patch to fix an issue with tzdata 2024b Date: Tue, 3 Dec 2024 05:37:16 -0800 Message-Id: <05d05d9c199de6ec81d2ee9b06f0bff84a9144be.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208201 From: Markus Volk There is an issue in the std::chrono::tzdb parser that causes problems since the tzdata-2024b release started using %z in the main format. As a real world problem I encounter an issue with the waybar clock module, which ignores the timezone setting and only shows system time. Signed-off-by: Markus Volk Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-13.3.inc | 1 + ...4fffe3fc82a710bea66ad651720d71c938b8.patch | 549 ++++++++++++++++++ 2 files changed, 550 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch diff --git a/meta/recipes-devtools/gcc/gcc-13.3.inc b/meta/recipes-devtools/gcc/gcc-13.3.inc index 90f5ef88a9..ffe90c7188 100644 --- a/meta/recipes-devtools/gcc/gcc-13.3.inc +++ b/meta/recipes-devtools/gcc/gcc-13.3.inc @@ -66,6 +66,7 @@ SRC_URI = "${BASEURI} \ file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \ file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \ file://0027-Fix-gcc-vect-module-testcases.patch \ + file://gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch \ " SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083" diff --git a/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch b/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch new file mode 100644 index 0000000000..e5abdcc703 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch @@ -0,0 +1,549 @@ +From ab884fffe3fc82a710bea66ad651720d71c938b8 Mon Sep 17 00:00:00 2001 +From: Jonathan Wakely +Date: Tue, 30 Apr 2024 09:52:13 +0100 +Subject: [PATCH] libstdc++: Fix std::chrono::tzdb to work with vanguard format + +I found some issues in the std::chrono::tzdb parser by testing the +tzdata "vanguard" format, which uses new features that aren't enabled in +the "main" and "rearguard" data formats. + +Since 2024a the keyword "minimum" is no longer valid for the FROM and TO +fields in a Rule line, which means that "m" is now a valid abbreviation +for "maximum". Previously we expected either "mi" or "ma". For backwards +compatibility, a FROM field beginning with "mi" is still supported and +is treated as 1900. The "maximum" keyword is only allowed in TO now, +because it makes no sense in FROM. To support these changes the +minmax_year and minmax_year2 classes for parsing FROM and TO are +replaced with a single years_from_to class that reads both fields. + +The vanguard format makes use of %z in Zone FORMAT fields, which caused +an exception to be thrown from ZoneInfo::set_abbrev because no % or / +characters were expected when a Zone doesn't use a named Rule. The +ZoneInfo::to(sys_info&) function now uses format_abbrev_str to replace +any %z with the current offset. Although format_abbrev_str also checks +for %s and STD/DST formats, those only make sense when a named Rule is +in effect, so won't occur when ZoneInfo::to(sys_info&) is used. + +Since making this change on trunk, the tzdata-2024b release started +using %z in the main format, not just vanguard. This makes a backport to +release branches necessary (see PR 116657). + +This change also implements a feature that has always been missing from +time_zone::_M_get_sys_info: finding the Rule that is active before the +specified time point, so that we can correctly handle %s in the FORMAT +for the first new sys_info that gets created. This requires implementing +a poorly documented feature of zic, to get the LETTERS field from a +later transition, as described at +https://mm.icann.org/pipermail/tz/2024-April/058891.html +In order for this to work we need to be able to distinguish an empty +letters field (as used by CE%sT where the variable part is either empty +or "S") from "the letters field is not known for this transition". The +tzdata file uses "-" for an empty letters field, which libstdc++ was +previously replacing with "" when the Rule was parsed. Instead, we now +preserve the "-" in the Rule object, so that "" can be used for the case +where we don't know the letters (and so need to decide it). + +(cherry picked from commit 0ca8d56f2085715f27ee536c6c344bc47af49cdd) + +Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=5ceea2ac106d6dd1aa8175670b15a801316cf1c9] + +Signed-off-by: Markus Volk +--- + libstdc++-v3/src/c++20/tzdb.cc | 265 +++++++++++------- + .../std/time/time_zone/sys_info_abbrev.cc | 106 +++++++ + libstdc++-v3/testsuite/std/time/tzdb/1.cc | 6 +- + 3 files changed, 274 insertions(+), 103 deletions(-) + create mode 100644 libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc + +diff --git a/libstdc++-v3/src/c++20/tzdb.cc b/libstdc++-v3/src/c++20/tzdb.cc +index c7c7cc9deee6..7e8cce7ce8cf 100644 +--- a/libstdc++-v3/src/c++20/tzdb.cc ++++ b/libstdc++-v3/src/c++20/tzdb.cc +@@ -342,51 +342,103 @@ namespace std::chrono + friend istream& operator>>(istream&, on_day&); + }; + +- // Wrapper for chrono::year that reads a year, or one of the keywords +- // "minimum" or "maximum", or an unambiguous prefix of a keyword. +- struct minmax_year ++ // Wrapper for two chrono::year values, which reads the FROM and TO ++ // fields of a Rule line. The FROM field is a year and TO is a year or ++ // one of the keywords "maximum" or "only" (or an abbreviation of those). ++ // For backwards compatibility, the keyword "minimum" is recognized ++ // for FROM and interpreted as 1900. ++ struct years_from_to + { +- year& y; ++ year& from; ++ year& to; + +- friend istream& operator>>(istream& in, minmax_year&& y) ++ friend istream& operator>>(istream& in, years_from_to&& yy) + { +- if (ws(in).peek() == 'm') // keywords "minimum" or "maximum" ++ string s; ++ auto c = ws(in).peek(); ++ if (c == 'm') [[unlikely]] // keyword "minimum" + { +- string s; +- in >> s; // extract the rest of the word, but only look at s[1] +- if (s[1] == 'a') +- y.y = year::max(); +- else if (s[1] == 'i') +- y.y = year::min(); +- else +- in.setstate(ios::failbit); ++ in >> s; // extract the rest of the word ++ yy.from = year(1900); ++ } ++ else if (int num = 0; in >> num) [[likely]] ++ yy.from = year{num}; ++ ++ c = ws(in).peek(); ++ if (c == 'm') // keyword "maximum" ++ { ++ in >> s; // extract the rest of the word ++ yy.to = year::max(); ++ } ++ else if (c == 'o') // keyword "only" ++ { ++ in >> s; // extract the rest of the word ++ yy.to = yy.from; + } + else if (int num = 0; in >> num) +- y.y = year{num}; ++ yy.to = year{num}; ++ + return in; + } + }; + +- // As above for minmax_year, but also supports the keyword "only", +- // meaning that the TO year is the same as the FROM year. +- struct minmax_year2 ++ bool ++ select_std_or_dst_abbrev(string& abbrev, minutes save) + { +- minmax_year to; +- year from; ++ if (size_t pos = abbrev.find('/'); pos != string::npos) ++ { ++ // Select one of "STD/DST" for standard or daylight. ++ if (save == 0min) ++ abbrev.erase(pos); ++ else ++ abbrev.erase(0, pos + 1); ++ return true; ++ } ++ return false; ++ } + +- friend istream& operator>>(istream& in, minmax_year2&& y) +- { +- if (ws(in).peek() == 'o') // keyword "only" +- { +- string s; +- in >> s; // extract the whole keyword +- y.to.y = y.from; +- } +- else +- in >> std::move(y.to); +- return in; +- } +- }; ++ // Set the sys_info::abbrev string by expanding any placeholders. ++ void ++ format_abbrev_str(sys_info& info, string_view letters = {}) ++ { ++ if (size_t pos = info.abbrev.find('%'); pos != string::npos) ++ { ++ if (info.abbrev[pos + 1] == 's') ++ { ++ // Expand "%s" to the variable part, given by Rule::letters. ++ if (letters == "-") ++ info.abbrev.erase(pos, 2); ++ else ++ info.abbrev.replace(pos, 2, letters); ++ } ++ else if (info.abbrev[pos + 1] == 'z') ++ { ++ // Expand "%z" to the UT offset as +/-hh, +/-hhmm, or +/-hhmmss. ++ hh_mm_ss t(info.offset); ++ string z(1, "+-"[t.is_negative()]); ++ long val = t.hours().count(); ++ int digits = 2; ++ if (int m = t.minutes().count()) ++ { ++ digits = 4; ++ val *= 100; ++ val += m; ++ if (int s = t.seconds().count()) ++ { ++ digits = 6; ++ val *= 100; ++ val += s; ++ } ++ } ++ auto sval = std::to_string(val); ++ z += string(digits - sval.size(), '0'); ++ z += sval; ++ info.abbrev.replace(pos, 2, z); ++ } ++ } ++ else ++ select_std_or_dst_abbrev(info.abbrev, info.save); ++ } + + // A time zone information record. + // Zone NAME STDOFF RULES FORMAT [UNTIL] +@@ -462,6 +514,7 @@ namespace std::chrono + info.offset = offset(); + info.save = minutes(m_save); + info.abbrev = format(); ++ format_abbrev_str(info); // expand %z + return true; + } + +@@ -469,12 +522,9 @@ namespace std::chrono + friend class time_zone; + + void +- set_abbrev(const string& abbrev) ++ set_abbrev(string abbrev) + { +- // In practice, the FORMAT field never needs expanding here. +- if (abbrev.find_first_of("/%") != abbrev.npos) +- __throw_runtime_error("std::chrono::time_zone: invalid data"); +- m_buf = abbrev; ++ m_buf = std::move(abbrev); + m_pos = 0; + m_expanded = true; + } +@@ -544,9 +594,7 @@ namespace std::chrono + + // Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S + +- in >> quoted(rule.name) +- >> minmax_year{rule.from} +- >> minmax_year2{rule.to, rule.from}; ++ in >> quoted(rule.name) >> years_from_to{rule.from, rule.to}; + + if (char type; in >> type && type != '-') + in.setstate(ios::failbit); +@@ -557,7 +605,7 @@ namespace std::chrono + if (save_time.indicator != at_time::Wall) + { + // We don't actually store the save_time.indicator, because we +- // assume that it's always deducable from the actual offset value. ++ // assume that it's always deducible from the offset value. + auto expected = save_time.time == 0s + ? at_time::Standard + : at_time::Daylight; +@@ -567,8 +615,6 @@ namespace std::chrono + rule.save = save_time.time; + + in >> rule.letters; +- if (rule.letters == "-") +- rule.letters.clear(); + return in; + } + +@@ -719,58 +765,6 @@ namespace std::chrono + #endif // TZDB_DISABLED + }; + +-#ifndef TZDB_DISABLED +- namespace +- { +- bool +- select_std_or_dst_abbrev(string& abbrev, minutes save) +- { +- if (size_t pos = abbrev.find('/'); pos != string::npos) +- { +- // Select one of "STD/DST" for standard or daylight. +- if (save == 0min) +- abbrev.erase(pos); +- else +- abbrev.erase(0, pos + 1); +- return true; +- } +- return false; +- } +- +- // Set the sys_info::abbrev string by expanding any placeholders. +- void +- format_abbrev_str(sys_info& info, string_view letters = {}) +- { +- if (size_t pos = info.abbrev.find("%s"); pos != string::npos) +- { +- // Expand "%s" to the variable part, given by Rule::letters. +- info.abbrev.replace(pos, 2, letters); +- } +- else if (size_t pos = info.abbrev.find("%z"); pos != string::npos) +- { +- // Expand "%z" to the UT offset as +/-hh, +/-hhmm, or +/-hhmmss. +- hh_mm_ss t(info.offset); +- string z(1, "+-"[t.is_negative()]); +- long val = t.hours().count(); +- if (minutes m = t.minutes(); m != m.zero()) +- { +- val *= 100; +- val += m.count(); +- if (seconds s = t.seconds(); s != s.zero()) +- { +- val *= 100; +- val += s.count(); +- } +- } +- z += std::to_string(val); +- info.abbrev.replace(pos, 2, z); +- } +- else +- select_std_or_dst_abbrev(info.abbrev, info.save); +- } +- } +-#endif // TZDB_DISABLED +- + // Implementation of std::chrono::time_zone::get_info(const sys_time&) + sys_info + time_zone::_M_get_sys_info(sys_seconds tp) const +@@ -839,12 +833,72 @@ namespace std::chrono + info.abbrev = ri.format(); + + string_view letters; +- if (i != infos.begin()) ++ if (i != infos.begin() && i[-1].expanded()) ++ letters = i[-1].next_letters(); ++ ++ if (letters.empty()) + { +- if (i[-1].expanded()) +- letters = i[-1].next_letters(); +- // XXX else need to find Rule active before this time and use it +- // to know the initial offset, save, and letters. ++ sys_seconds t = info.begin - seconds(1); ++ const year_month_day date(chrono::floor(t)); ++ ++ // Try to find a Rule active before this time, to get initial ++ // SAVE and LETTERS values. There may not be a Rule for the period ++ // before the first DST transition, so find the earliest DST->STD ++ // transition and use the LETTERS from that. ++ const Rule* active_rule = nullptr; ++ sys_seconds active_rule_start = sys_seconds::min(); ++ const Rule* first_std = nullptr; ++ for (const auto& rule : rules) ++ { ++ if (rule.save == minutes(0)) ++ { ++ if (!first_std) ++ first_std = &rule; ++ else if (rule.from < first_std->from) ++ first_std = &rule; ++ else if (rule.from == first_std->from) ++ { ++ if (rule.start_time(rule.from, {}) ++ < first_std->start_time(first_std->from, {})) ++ first_std = &rule; ++ } ++ } ++ ++ year y = date.year(); ++ ++ if (y > rule.to) // rule no longer applies at time t ++ continue; ++ if (y < rule.from) // rule doesn't apply yet at time t ++ continue; ++ ++ sys_seconds rule_start; ++ ++ seconds offset{}; // appropriate for at_time::Universal ++ if (rule.when.indicator == at_time::Wall) ++ offset = info.offset; ++ else if (rule.when.indicator == at_time::Standard) ++ offset = ri.offset(); ++ ++ // Time the rule takes effect this year: ++ rule_start = rule.start_time(y, offset); ++ ++ if (rule_start >= t && rule.from < y) ++ { ++ // Try this rule in the previous year. ++ rule_start = rule.start_time(--y, offset); ++ } ++ ++ if (active_rule_start < rule_start && rule_start < t) ++ { ++ active_rule_start = rule_start; ++ active_rule = &rule; ++ } ++ } ++ ++ if (active_rule) ++ letters = active_rule->letters; ++ else if (first_std) ++ letters = first_std->letters; + } + + const Rule* curr_rule = nullptr; +@@ -2069,9 +2123,11 @@ namespace std::chrono + istringstream in2(std::move(rules)); + in2 >> rules_time; + inf.m_save = duration_cast(rules_time.time); ++ // If the FORMAT is "STD/DST" then we can choose the right one ++ // now, so that we store a shorter string. + select_std_or_dst_abbrev(fmt, inf.m_save); + } +- inf.set_abbrev(fmt); ++ inf.set_abbrev(std::move(fmt)); + } + + // YEAR [MONTH [DAY [TIME]]] +@@ -2082,7 +2138,12 @@ namespace std::chrono + abbrev_month m{January}; + int d = 1; + at_time t{}; ++ // XXX DAY should support ON format, e.g. lastSun or Sun>=8 + in >> m >> d >> t; ++ // XXX UNTIL field should be interpreted ++ // "using the rules in effect just before the transition" ++ // so might need to store as year_month_day and hh_mm_ss and only ++ // convert to a sys_time once we know the offset in effect. + inf.m_until = sys_days(year(y)/m.m/day(d)) + seconds(t.time); + } + else +diff --git a/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc b/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc +new file mode 100644 +index 000000000000..f1a8fff02f58 +--- /dev/null ++++ b/libstdc++-v3/testsuite/std/time/time_zone/sys_info_abbrev.cc +@@ -0,0 +1,106 @@ ++// { dg-do run { target c++20 } } ++// { dg-require-effective-target tzdb } ++// { dg-require-effective-target cxx11_abi } ++// { dg-xfail-run-if "no weak override on AIX" { powerpc-ibm-aix* } } ++ ++#include ++#include ++#include ++ ++static bool override_used = false; ++ ++namespace __gnu_cxx ++{ ++ const char* zoneinfo_dir_override() { ++ override_used = true; ++ return "./"; ++ } ++} ++ ++using namespace std::chrono; ++ ++void ++test_format() ++{ ++ std::ofstream("tzdata.zi") << R"(# version test_1 ++Zone Africa/Bissau -1:2:20 - LMT 1912 Ja 1 1u ++ -1 - %z 1975 ++ 0 - GMT ++Zon Some/Zone 1:2:3 - %z 1900 ++ 1:23:45 - %z 1950 ++Zo Another/Zone 1:2:3 - AZ0 1901 ++ 1 Roolz A%sZ 2000 ++ 1 Roolz SAZ/DAZ 2005 ++ 1 Roolz %z ++Rule Roolz 1950 max - April 1 2 1 D ++Rul Roolz 1950 max - Oct 1 1 0 S ++Z Strange/Zone 1 - X%sX 1980 ++ 1 - FOO/BAR 1990 ++ 2:00 - %zzz 1995 ++ 0:9 - %zzz 1996 ++ 0:8:7 - %zzz 1997 ++ 0:6:5.5 - %zzz 1998 ++)"; ++ ++ const auto& db = reload_tzdb(); ++ VERIFY( override_used ); // If this fails then XFAIL for the target. ++ VERIFY( db.version == "test_1" ); ++ ++ // Test formatting %z as ++ auto tz = locate_zone("Africa/Bissau"); ++ auto inf = tz->get_info(sys_days(1974y/1/1)); ++ VERIFY( inf.abbrev == "-01" ); ++ ++ tz = locate_zone("Some/Zone"); ++ inf = tz->get_info(sys_days(1899y/1/1)); ++ VERIFY( inf.abbrev == "+010203" ); ++ inf = tz->get_info(sys_days(1955y/1/1)); ++ VERIFY( inf.abbrev == "+012345" ); ++ ++ tz = locate_zone("Another/Zone"); ++ // Test formatting %s as the LETTER/S field from the active Rule. ++ inf = tz->get_info(sys_days(1910y/January/1)); ++ VERIFY( inf.abbrev == "ASZ" ); ++ inf = tz->get_info(sys_days(1950y/January/1)); ++ VERIFY( inf.abbrev == "ASZ" ); ++ inf = tz->get_info(sys_days(1950y/June/1)); ++ VERIFY( inf.abbrev == "ADZ" ); ++ inf = tz->get_info(sys_days(1999y/January/1)); ++ VERIFY( inf.abbrev == "ASZ" ); ++ inf = tz->get_info(sys_days(1999y/July/1)); ++ VERIFY( inf.abbrev == "ADZ" ); ++ // Test formatting STD/DST according to the active Rule. ++ inf = tz->get_info(sys_days(2000y/January/2)); ++ VERIFY( inf.abbrev == "SAZ" ); ++ inf = tz->get_info(sys_days(2001y/January/1)); ++ VERIFY( inf.abbrev == "SAZ" ); ++ inf = tz->get_info(sys_days(2001y/July/1)); ++ VERIFY( inf.abbrev == "DAZ" ); ++ // Test formatting %z as the offset determined by the active Rule. ++ inf = tz->get_info(sys_days(2005y/January/2)); ++ VERIFY( inf.abbrev == "+01" ); ++ inf = tz->get_info(sys_days(2006y/January/1)); ++ VERIFY( inf.abbrev == "+01" ); ++ inf = tz->get_info(sys_days(2006y/July/1)); ++ VERIFY( inf.abbrev == "+02" ); ++ ++ // Test formatting %z, %s and S/D for a Zone with no associated Rules. ++ tz = locate_zone("Strange/Zone"); ++ inf = tz->get_info(sys_days(1979y/January/1)); ++ VERIFY( inf.abbrev == "XX" ); // No Rule means nothing to use for %s. ++ inf = tz->get_info(sys_days(1981y/July/1)); ++ VERIFY( inf.abbrev == "FOO" ); // Always standard time means first string. ++ inf = tz->get_info(sys_days(1994y/July/1)); ++ VERIFY( inf.abbrev == "+02zz" ); ++ inf = tz->get_info(sys_days(1995y/July/1)); ++ VERIFY( inf.abbrev == "+0009zz" ); ++ inf = tz->get_info(sys_days(1996y/July/1)); ++ VERIFY( inf.abbrev == "+000807zz" ); ++ inf = tz->get_info(sys_days(1997y/July/1)); ++ VERIFY( inf.abbrev == "+000606zz" ); ++} ++ ++int main() ++{ ++ test_format(); ++} +diff --git a/libstdc++-v3/testsuite/std/time/tzdb/1.cc b/libstdc++-v3/testsuite/std/time/tzdb/1.cc +index 796f3a8b4256..7a31c1c20ba7 100644 +--- a/libstdc++-v3/testsuite/std/time/tzdb/1.cc ++++ b/libstdc++-v3/testsuite/std/time/tzdb/1.cc +@@ -39,11 +39,15 @@ test_locate() + const tzdb& db = get_tzdb(); + const time_zone* tz = db.locate_zone("GMT"); + VERIFY( tz != nullptr ); +- VERIFY( tz->name() == "Etc/GMT" ); + VERIFY( tz == std::chrono::locate_zone("GMT") ); + VERIFY( tz == db.locate_zone("Etc/GMT") ); + VERIFY( tz == db.locate_zone("Etc/GMT+0") ); + ++ // Since 2022f GMT is now a Zone and Etc/GMT a link instead of vice versa, ++ // but only when using the vanguard format. As of 2024a, the main and ++ // rearguard formats still have Etc/GMT as a Zone and GMT as a link. ++ VERIFY( tz->name() == "GMT" || tz->name() == "Etc/GMT" ); ++ + VERIFY( db.locate_zone(db.current_zone()->name()) == db.current_zone() ); + } + +-- +2.43.5 + From patchwork Tue Dec 3 13:37:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53527 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DFA1E64A9F for ; Tue, 3 Dec 2024 13:37:54 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.19590.1733233071583471216 for ; Tue, 03 Dec 2024 05:37:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cL1Y9BXu; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2127d4140bbso52329745ad.1 for ; Tue, 03 Dec 2024 05:37:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233071; x=1733837871; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=u+LJK9GuBcYVYCB9wwxPh9ifLeWhmJy2RP00pHwiP7A=; b=cL1Y9BXugDxZkNyqi6WKj6JIh3uyw4O2mZPt3egMZZdgus+G0jRv4RM7C30SzItbKq noLhfcuu+/J2Z9PReAqQ48/GL/T2+mjqzt8fPjH+hTBT53dkk05XqeK6WeKM04pdgfMw +rAxBCiznE5ow2MnTHXnvaUv1VyHjv9sHBMji3RAKD+Ovh6+wCH/xhHu/RPKn6UwF90v PR1X1yuIN4ynaLRCEkMpW/WQGiIB9ohQcSDJ+cdJkzmCZaasW2q0FaC/fvDKFUjOeERv KzADcumJO8oGc1sdwrnbbxWeoC1lExrGb1O3RudDFNqyw5ggUSQ3ZL6YHk4TxUzIbGyn 3Z3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233071; x=1733837871; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u+LJK9GuBcYVYCB9wwxPh9ifLeWhmJy2RP00pHwiP7A=; b=t9XalYSTCVJmEViN9FXjX+rGIbtI4c4b8TB7/hBW9uArfqAjG17qaM4ot+RbSzmeKk YpESfclbvs8LgxMZyoG1QB+OMsrLwrIlHl7zieH2p7/y1PW6tiszG0OZZY8vtuVeACT2 O0mOYZAScRmmNi2AJqvibL1icoX26UEe6a+ry9SjdWZltLm/aeTrWxh4C2Z10szVbY2P FJmYHpvfLrEa7yAsFVTDS5aGoyz08ZwNU0/KYH647UuuB/zSZJQUfBSqMGzYQxuXZfwU McsqGvExR3Ui2N89pl3twwsOHxz9JIITvZAw50ipi2JtgbmbNtIbv3sYBAzJSK3MzuHV Of9g== X-Gm-Message-State: AOJu0YwJqEKXJjUQ/Woh66NVHKYI3bJOtgoB/BS2Yh+2bRCN8+HMcxmF QCKlCJsEw+EJsn0TSem7uTfsiKj3XMX6wuzzab2FHEXML/nvP69Qm9IJ/IfVpYuWGn1lG0+phfN O X-Gm-Gg: ASbGncsTipIvlQv4xjDeLFZfM5HN3clvzev+5kSADSBWIRerhcFNQYU6LDI3LvYWnGS 3/uA2Xdix1n1j0u9kQo/4xCVUpcD0py9cdzg62KtY787es9WerhAYzy8IiHaSsfccOP09mppZct DOgCr8Cwx+w0ROrVN2ChOY3m05Ki0vhGOkGha4IqwQ1RiSrpm1YKpAAHEmmiB2okqyEL/UrGKMB FUc3GSJPhWhJH9ShS2ziveaEy2yyu2GXjpcsS4= X-Google-Smtp-Source: AGHT+IHfKZQatsvajJF9Yh0wciZ00c6DT3OLeCqZAtQNR6XxWafe6XUrteXfdUJIvYzTC/pbg/BB6Q== X-Received: by 2002:a17:903:1c9:b0:215:6211:693 with SMTP id d9443c01a7336-215bd18ed72mr23898425ad.57.1733233070794; Tue, 03 Dec 2024 05:37:50 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:50 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/16] ninja: fix build with python 3.13 Date: Tue, 3 Dec 2024 05:37:17 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208202 From: Markus Volk python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13 This commit adds a backport patch to use subprocess module instead Signed-off-by: Markus Volk Signed-off-by: Steve Sakoman --- ...4efb41c039789b81f0dc0d67c1ed0faea17c.patch | 62 +++++++++++++++++++ meta/recipes-devtools/ninja/ninja_1.11.1.bb | 5 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch diff --git a/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch new file mode 100644 index 0000000000..b23bedd04b --- /dev/null +++ b/meta/recipes-devtools/ninja/ninja/885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch @@ -0,0 +1,62 @@ +From 9cf13cd1ecb7ae649394f4133d121a01e191560b Mon Sep 17 00:00:00 2001 +From: Byoungchan Lee +Date: Mon, 9 Oct 2023 20:13:20 +0900 +Subject: [PATCH 1/2] Replace pipes.quote with shlex.quote in configure.py + +Python 3.12 deprecated the pipes module and it will be removed +in Python 3.13. In configure.py, I have replaced the usage of pipes.quote +with shlex.quote, which is the exactly same function as pipes.quote. + +For more details, refer to PEP 0594: https://peps.python.org/pep-0594 + +Upstream-Status: Backport [https://github.com/ninja-build/ninja/commit/885b4efb41c039789b81f0dc0d67c1ed0faea17c] + +Signed-off-by: Markus Volk +--- + configure.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.py b/configure.py +index 588250aa8a..c6973cd1a5 100755 +--- a/configure.py ++++ b/configure.py +@@ -21,7 +21,7 @@ + + from optparse import OptionParser + import os +-import pipes ++import shlex + import string + import subprocess + import sys +@@ -262,7 +262,7 @@ def _run_command(self, cmdline): + env_keys = set(['CXX', 'AR', 'CFLAGS', 'CXXFLAGS', 'LDFLAGS']) + configure_env = dict((k, os.environ[k]) for k in os.environ if k in env_keys) + if configure_env: +- config_str = ' '.join([k + '=' + pipes.quote(configure_env[k]) ++ config_str = ' '.join([k + '=' + shlex.quote(configure_env[k]) + for k in configure_env]) + n.variable('configure_env', config_str + '$ ') + n.newline() + +From 0a9c9c5f50c60de4a7acfed8aaa048c74cd2f43b Mon Sep 17 00:00:00 2001 +From: Byoungchan Lee +Date: Mon, 9 Oct 2023 20:13:50 +0900 +Subject: [PATCH 2/2] Remove unused module string in configure.py + +--- + configure.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/configure.py b/configure.py +index c6973cd1a5..939153df60 100755 +--- a/configure.py ++++ b/configure.py +@@ -22,7 +22,6 @@ + from optparse import OptionParser + import os + import shlex +-import string + import subprocess + import sys + diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb index 8e297ec4d4..b74150bc64 100644 --- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb +++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb @@ -8,7 +8,10 @@ DEPENDS = "re2c-native ninja-native" SRCREV = "a524bf3f6bacd1b4ad85d719eed2737d8562f27a" -SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https" +SRC_URI = " \ + git://github.com/ninja-build/ninja.git;branch=release;protocol=https \ + file://885b4efb41c039789b81f0dc0d67c1ed0faea17c.patch \ +" UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" S = "${WORKDIR}/git" From patchwork Tue Dec 3 13:37:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53528 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84333E64AA3 for ; Tue, 3 Dec 2024 13:37:54 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.19393.1733233073217804286 for ; Tue, 03 Dec 2024 05:37:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=3XyYKnOs; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-215b13e9ccbso14733715ad.0 for ; Tue, 03 Dec 2024 05:37:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233072; x=1733837872; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sc+6J8dtxcssvs9qglvuanq1v0hscFAqytw3JPRcvqg=; b=3XyYKnOsZemoYzWcPNzBvcyfCXz2LdcnUtJj3CemC1LznjGOC8n1PY3L5sz4boNc48 GsbN5nqitDiCXJiMNfoVSFxpJwAIT/VWDRMBPQStX6OrXGrKGxOyhL9T+4fVjJRA6mXY B71a4o0cVvuF/FK5ano9F8Mmuc8lVdFWeepg769B9CsZp0JHzPALTcnIxe2AClt9TTFJ aV8OeFxTYGZsIu3QvPdHLmcb3cgi/mTrMFjQKlKenR5hY1AsldgT4pJdLG8QV8aXhqcS F8w/a4UCTHtt9xa+7HSgTZPyTgfxpAqb3sI6P2adZN7YAcuc8pJZ+PSYI1AH68uGpctU 8fOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233072; x=1733837872; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sc+6J8dtxcssvs9qglvuanq1v0hscFAqytw3JPRcvqg=; b=IB6lgUgShz2coLtsP5Ckygd3mBZ+EwOrpQb9B1aDRzbhG2bVb+M6wGhD41EjEKAhhq lFfXYehxU3HO3skGhz6du9WAWqe3U9rRKEiRsbuxcC9HThaNd4u0n/5hisaHpwjqVscT TM5mEMBrp/v/s9w/UaVbjBVFOquf8i13YK9q02hu5c7AcwyVyer9lDhT/r1gtluB/GKD +M1rMmUpgl7rkmxBotcSeN2KhCBFdskOyeGhyzfMtTOSnoP6juZKaROJcUh3maJIUzSm +Z0/nS/0l/YsPwjcRNbrNLuKIGqwHgisDsnb/0boAFrmkIUNdTVf07JSOgRAWjUZL0zB e8aQ== X-Gm-Message-State: AOJu0Yz2pYUySKergqAKgtsdxp7D7+8eWjFG8Rf3nflO7kOhC8kMyBSD /f2IKK7WoKfa71K1BUdAcIoakdGQgjAOgUqUwLGeU2M3utZdiYlL0YWhgJ3jYJp9cqMox6TZh08 E X-Gm-Gg: ASbGncsDrgsUWcCVbMl6WsOsmkTPjzGg0CUMXAKQJtJ/u3vjZwz4xP1AKrvm3dPGcEk +jhthWAazq71LkAPchd8VIO4tmPVQzhJpSvE2d9IhltC9r27QQwCY9IcWNemfsoxuK9crtc+wua WG6QAcLmjGmiS743J+QSpaPFmIQsGSYUdgv29Jd/rlI63ATrrJGgaWd88G2OfFiN2PcgpYc4HUB rHU2Mo48d94K/1plnqx6KWt91p+ankZQwIw/10= X-Google-Smtp-Source: AGHT+IHBBPcBCMHbSAwNKfqjeY+/WcY3Ct3iBWv0b2jH88GMzsd1/dSlp+Nym7HG9qNVeiWmGng8LA== X-Received: by 2002:a17:902:dad1:b0:215:5d8c:7e4d with SMTP id d9443c01a7336-215bd181de7mr31460255ad.54.1733233072455; Tue, 03 Dec 2024 05:37:52 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:52 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/16] libgcrypt: Fix building error with '-O2' in sysroot path Date: Tue, 3 Dec 2024 05:37:18 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:37:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208203 From: Robert Yang * Backport a patch to fix: $ . oe-init-build-env build-O2 $ bitbake libgcrypt random/rndjent.c:40:10: fatal error: stdio.h: No such file or directory * Remove 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch which is fixed by the backported patch. Note, master branch's libgcrypt_1.11.0.bb has already fixed this problem. Signed-off-by: Robert Yang Signed-off-by: Steve Sakoman --- ...ilding-error-with-O2-in-sysroot-path.patch | 64 +++++++++++++++++++ ...ilding-error-with-O2-in-sysroot-path.patch | 39 ----------- .../libgcrypt/libgcrypt_1.10.3.bb | 2 +- 3 files changed, 65 insertions(+), 40 deletions(-) create mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch delete mode 100644 meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch diff --git a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch new file mode 100644 index 0000000000..dee4969f35 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch @@ -0,0 +1,64 @@ +From b99952adc6ee611641709610d2e4dc90ba9acf37 Mon Sep 17 00:00:00 2001 +From: "simit.ghane" +Date: Tue, 7 May 2024 14:09:03 +0530 +Subject: [PATCH] Fix building error with '-O2' in sysroot path + +* cipher/Makefile.am (o_flag_munging): Tweak the sed script. +* random/Makefile.am (o_flag_munging): Ditto. +-- + +Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0' +respectively when compiling cipher and random in the filesystem +paths as well if they happen to contain '-O2' or '-Ofast + +If we are cross compiling libgcrypt and sysroot contains such +characters, we would +get compile errors because the sysroot path has been modified. + +Fix this by adding blank spaces and tabs before the original matching +pattern in the sed command. + +Signed-off-by: simit.ghane + +ChangeLog entries added by wk + +Note that there is also the configure option --disable-O-flag-munging; +see the README. + +Upstream-Status: Backport [https://dev.gnupg.org/rCb99952adc6ee611641709610d2e4dc90ba9acf37 https://dev.gnupg.org/rC5afadba008918d651afefb842ae123cc18454c74] + +Signed-off-by: Robert Yang +--- + cipher/Makefile.am | 2 +- + random/Makefile.am | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cipher/Makefile.am b/cipher/Makefile.am +index 2c39586e..a914ed2b 100644 +--- a/cipher/Makefile.am ++++ b/cipher/Makefile.am +@@ -168,7 +168,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c + + + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g' ++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g' + else + o_flag_munging = cat + endif +diff --git a/random/Makefile.am b/random/Makefile.am +index 0c935a05..340df38a 100644 +--- a/random/Makefile.am ++++ b/random/Makefile.am +@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h + + # The rndjent module needs to be compiled without optimization. */ + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/-O\([1-9sgz][1-9sgz]*\)/-O0/g' -e 's/-Ofast/-O0/g' ++o_flag_munging = sed -e 's/[[:blank:]]-O\([1-9sgz][1-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g' + else + o_flag_munging = cat + endif +-- +2.44.1 + diff --git a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch deleted file mode 100644 index cf9ebfb3e6..0000000000 --- a/meta/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0f66e796a8522e1043dda03b88d5f6feae839d16 Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Wed, 16 Aug 2017 10:44:41 +0800 -Subject: [PATCH] libgcrypt: fix building error with '-O2' in sysroot path - -Upstream-Status: Pending - -Characters like '-O2' or '-Ofast' will be replaced by '-O1' when -compiling cipher. -If we are cross compiling libgcrypt and sysroot contains such -characters, we would -get compile errors because the sysroot path has been modified. - -Fix this by adding blank spaces before and after the original matching -pattern in the -sed command. - -Signed-off-by: Chen Qi - -Rebase to 1.8.0 -Signed-off-by: Hongxu Jia - ---- - cipher/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cipher/Makefile.am b/cipher/Makefile.am -index c3d642b..88c883a 100644 ---- a/cipher/Makefile.am -+++ b/cipher/Makefile.am -@@ -153,7 +153,7 @@ gost-s-box: gost-s-box.c - - - if ENABLE_O_FLAG_MUNGING --o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g' -+o_flag_munging = sed -e 's/ -O\([2-9sgz][2-9sgz]*\) / -O1 /' -e 's/ -Ofast / -O1 /g' - else - o_flag_munging = cat - endif diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb index 5a76201ab5..3d49d586bb 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb @@ -21,11 +21,11 @@ DEPENDS = "libgpg-error" UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \ - file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ file://no-native-gpg-error.patch \ file://no-bench-slope.patch \ file://run-ptest \ + file://0001-Fix-building-error-with-O2-in-sysroot-path.patch \ " SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa" From patchwork Tue Dec 3 13:37:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53533 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A97AE64AA6 for ; Tue, 3 Dec 2024 13:38:04 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.19591.1733233075663722592 for ; Tue, 03 Dec 2024 05:37:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tozLPqRO; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-21583cf5748so21033995ad.1 for ; Tue, 03 Dec 2024 05:37:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233075; x=1733837875; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QOcJs0m8NDhEEMao40XAlH96WUHYxgDP0r+4kn36He4=; b=tozLPqROshUDvG+dTrnSS4fN7dqH37BO6hu81ff7V7NuqSbRAH5xLFii1XgVM230DQ vxV+TvosIWv+KfENVNjtjS4qfYhk9UKfwbtF69g9W5SB6MjDJnWoe6A2dAGFDPl0oCw7 EVzP+UQnGeAbX7LZj90cvWev3VTxeRiVvdwLZ7qPmWKG8yDBqkPEJYEWBgoEwhsXlI4B WvI4I3m+E1yYwoOMvBpqPwBlLJB852cAD8F7mvqi44toyhli/YYJs2GJWt4kqw4z0QRL GRxSme/Eser9tPArj4nAH05cfnH9KaO0KxxCI9+gQ5EqxP+NqSWGnbq1i4OJf7CWRwJx hUbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233075; x=1733837875; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QOcJs0m8NDhEEMao40XAlH96WUHYxgDP0r+4kn36He4=; b=Z1Tyre+FCai8iSUe/lciuu/J/+b4uJAEGDyqYHbeKEC5eBFfs3kl2l65b236uPKmMh xRjvHLDbT1vuWu3dpPr1O2/mLTKx0eHlYC1Vvm3MoTKjd44sJdEUnuNsCKoGdA892EVX rju+02oFoUDNWGGa89mK7sKrYKGxJzYjMMEH96Hr4bG982PlMgF6RKEFEhYP20FjZ3d8 zvjlG8vt0n+DItEfUid15gDaM1OEt96QNOukCAoJizibV6SNvImVOwqG/fc9usFDVL0w +hQUUm7AJy/pj45rBjK3wEqcWGKge9tEAc6n7lXsA9eTP70mfzbiG5uedxYMJzUxgI35 5AgA== X-Gm-Message-State: AOJu0YzIy9j+bmwIL7415P73RQs4R36btIuLjhhhjG9iEkmzUvVBrExe 9Tvpx6KwB69vjWw9x6V0wEbxrp9LAW8CKxwxzk0Fd8+RCTaMZ3FPxJErqo/TjiiOlXa/1aRSVAe / X-Gm-Gg: ASbGncv50JmGlk121TK/sDVRWf/KyyetNcKbNQw3m5/vTu0Mip07a1h6nsS7HdC72OX 0E//SQi7xoJotaTGmtaDQjjglTvLmOwTX0pCdX0v9pk6Tvv+ow6NQlRt7h+paHU9JYXhKAdYXh7 uphRuuXvnb2LP9zFMxc07zGeopK4/83sn9Jcmzl5hamMmW8ASuwBCJNLD6uW9y8wcE+tPic5ZMK be9l1u5dsmoGElr3fmOvUwd9dtTgBA5tn0mAxU= X-Google-Smtp-Source: AGHT+IHfHjZ2FS5U2X9C6Ha2coBMOL9oFETjoo50o2gY3UlqXowX1STYkwgXGQsHyZcVdgCU7vp5uQ== X-Received: by 2002:a17:902:e5cf:b0:215:6e01:ad07 with SMTP id d9443c01a7336-215bcfc3bcamr34734805ad.6.1733233074933; Tue, 03 Dec 2024 05:37:54 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:54 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/16] dropbear: backport fix for concurrent channel open/close Date: Tue, 3 Dec 2024 05:37:19 -0800 Message-Id: <808972c0418a64fbed2134b55f25fb90e5d498e9.1733232895.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:38:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208204 From: Florian Kreutzer Prevents sporadic crashes of dropbear server when multiple channels are active at the same time. Upstream discussion: https://github.com/mkj/dropbear/pull/326/commits https://github.com/mkj/dropbear/issues/321 Issue was introduced in dropbear-2022.83 and fixed in v2024.86. Signed-off-by: Florian Kreutzer Signed-off-by: Steve Sakoman --- ...e-channels-when-a-PID-hasn-t-started.patch | 45 +++++++++++++++++++ .../recipes-core/dropbear/dropbear_2022.83.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch diff --git a/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch new file mode 100644 index 0000000000..dff6534027 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch @@ -0,0 +1,45 @@ +From 5c34e70b80e5fc539f96e029b56b95cdee556010 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Sun, 8 Sep 2024 11:07:41 +0200 +Subject: Don't close channels when a PID hasn't started + +If check_close() ran prior to a server channel exec/shell +request, it would send a close immediately. +This fix changes it to exclude write_fd==FD_UNINIT from +being closed there. + +When a channel was closed by the time shell/exec request +was received, then data sent hits an assertion. +This fixes #321 on Github. + +The "pid == 0" check was initially added to avoid waiting +to close a channel when a process has never been launched +(which is correct), but that isn't correct in the case +of the closed-fd test. + +Fixes: 8e6f73e879ca ("- Remove "flushing" handling for exited processes) + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/71521d1b78706a70d3570b860e65234cefdc8c81] + +Signed-off-by: Florian Kreutzer +--- + common-channel.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/common-channel.c b/common-channel.c +index be5b57f..9926972 100644 +--- a/common-channel.c ++++ b/common-channel.c +@@ -317,7 +317,8 @@ static void check_close(struct Channel *channel) { + + if ((channel->recv_eof && !write_pending(channel)) + /* have a server "session" and child has exited */ +- || (channel->type->check_close && close_allowed)) { ++ || (channel->writefd != FD_UNINIT ++ && channel->type->check_close && close_allowed)) { + close_chan_fd(channel, channel->writefd, SHUT_WR); + } + +-- +2.34.1 + diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb index 686cb8a809..772e08eaed 100644 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb @@ -14,6 +14,7 @@ RCONFLICTS:${PN} = "openssh-sshd openssh" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-urandom-xauth-changes-to-options.h.patch \ + file://0007-Don-t-close-channels-when-a-PID-hasn-t-started.patch \ file://init \ file://dropbearkey.service \ file://dropbear@.service \ From patchwork Tue Dec 3 13:37:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53532 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A8A8E64AA3 for ; Tue, 3 Dec 2024 13:38:04 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.19592.1733233077551795160 for ; Tue, 03 Dec 2024 05:37:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=SXCoLdOA; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-211fb27cc6bso44544915ad.0 for ; Tue, 03 Dec 2024 05:37:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733233077; x=1733837877; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BBGfNT3q3EOpwM6LB3o9HKtIYE6zkIUNBtcGwXfdh/o=; b=SXCoLdOAmPdcD86AXXBXCeTwQ+MFqEIFgeiZ/oa4LjKreMk53sG1/8EZh8aT+r90MK FWxX78RZAq7q7NAQoBLD0puCVg+NmLyHZTmSY7ztJiNYhlLxERTiRLwKak2xjzAw/qzI a9GQR7F1txcd8JBFgwJH4nLo2NboYFBpcM/c8Jjc6ODlQkidiBdi8yOaJiB3rcLc35Qx LwhS6C2yAcqoieN9qfD2bOCIdNkOxpI/hnCOOAOALX0ibK88mr9jjc9vHxCwf7z5P+6u r0qFbnsNoHcOZoluWkpvU1oqHa9xhTMhs/qwNMeh0OYABecBLWwqKBkdyIesbkPkSb7z pwJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733233077; x=1733837877; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BBGfNT3q3EOpwM6LB3o9HKtIYE6zkIUNBtcGwXfdh/o=; b=rg74fyzyTouTlbYTZNXnFQ5zQdlYr6ZvAGNBVaidk1RmngLwY+90DFUlU5hab9w4sc fOrg42uTgbuvIBGVoq8vlFbUe1pgkWYjxiXbfrCE/TTwST3Gb1OhC51A5BElq8Ov4eSX eKX57J9FK62MYTGozXrvwCl8WTTxMOLMMgSl73k3AhHGxjCJfCkNS1HDoKr19jImd8mg ZJ+Upj4tGP1p808+77VLsNhoV+XSr9bZeGH9vUGNLpL/MgzAFAxqyemAZjrEHYl4Vfzc ac9RFE/vVE/PcYg+LJSvwvaBxki8IQk6fdjLidNlCNdmHFSWYQtVl3k5rhCh1nKstt41 lu2A== X-Gm-Message-State: AOJu0YzqHbG1BVYfW6vDLHRjDSA63KxBE2wBVYIn5SLdyKFfNV7yemXU 22nVNJQsgiaizkjIeB/HSbpBrB6uig9Ri2DWw/HXDWpOKwKdnkWcCDuX8IaAYPtA5q8nOUcxk5C 7 X-Gm-Gg: ASbGncvXRnGKKNxcJU9SJpIAw2povDYAlaU+juS0rCRccxCkV0kl4IxFg7J92I34ISy +f0tW3fzE0fz6T3PeRoU7dhmQwCoDs+S3iwOHNyFNq2nSMt4ZmZIazPIDZD8fHrPoErIQlFrhLW z1lG7LlTkZSH5nDYtvKhxfh4WVjvj2sgqUBJ746h+/OYmVumptg22Cg2xjx3ZhIzkzLBZaqNjAG FwyQ79bArnatEKAlT0W6fZXWaTjSBCZpQ0dhM8= X-Google-Smtp-Source: AGHT+IGAIhz+70SHPjsdvZ/v3CImyrAw6sUDYBWyy36u+4HEekSODwtKs88uePLUJBg0EKImRkeFAA== X-Received: by 2002:a17:902:f542:b0:215:5d8c:7e47 with SMTP id d9443c01a7336-215d00b97c9mr3069545ad.36.1733233076804; Tue, 03 Dec 2024 05:37:56 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2153540d792sm84560225ad.66.2024.12.03.05.37.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 05:37:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/16] rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts Date: Tue, 3 Dec 2024 05:37:20 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Dec 2024 13:38:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208205 From: "Gassner, Tobias.ext" This patch ensures that pkg_postinst_ontarget task is executed for read only rootfs when read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES. The issue was that run-postinsts could be uninstalled at the end of rootfs construction and that shouldn't happen for the delayed usecase. In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py testing the fix has been implemented. Signed-off-by: Gassner, Tobias.ext Signed-off-by: Alexandre Belloni (cherry picked from commit 60f587475dda99eaa07848880058b69286b8900e) Signed-off-by: Steve Sakoman --- meta/lib/oe/rootfs.py | 4 +++ meta/lib/oeqa/selftest/cases/overlayfs.py | 41 ++++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/rootfs.py b/meta/lib/oe/rootfs.py index 8cd48f9450..5abce4ad7d 100644 --- a/meta/lib/oe/rootfs.py +++ b/meta/lib/oe/rootfs.py @@ -269,7 +269,11 @@ class Rootfs(object, metaclass=ABCMeta): self.pm.remove(["run-postinsts"]) image_rorfs = bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", + True, False, self.d) and \ + not bb.utils.contains("IMAGE_FEATURES", + "read-only-rootfs-delayed-postinsts", True, False, self.d) + image_rorfs_force = self.d.getVar('FORCE_RO_REMOVE') if image_rorfs or image_rorfs_force == "1": diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py b/meta/lib/oeqa/selftest/cases/overlayfs.py index e31063567b..580fbdcb9c 100644 --- a/meta/lib/oeqa/selftest/cases/overlayfs.py +++ b/meta/lib/oeqa/selftest/cases/overlayfs.py @@ -5,7 +5,7 @@ # from oeqa.selftest.case import OESelftestTestCase -from oeqa.utils.commands import bitbake, runqemu +from oeqa.utils.commands import bitbake, runqemu, get_bb_vars from oeqa.core.decorator import OETestTag from oeqa.core.decorator.data import skipIfNotMachine @@ -466,6 +466,45 @@ IMAGE_INSTALL:append = " overlayfs-user" line = getline_qemu(output, "Read-only file system") self.assertTrue(line, msg=output) + @skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently") + def test_postinst_on_target_for_read_only_rootfs(self): + """ + Summary: The purpose of this test case is to verify that post-installation + on target scripts are executed even if using read-only rootfs when + read-only-rootfs-delayed-postinsts is set + Expected: The test files are created on first boot + """ + + import oe.path + + vars = get_bb_vars(("IMAGE_ROOTFS", "sysconfdir"), "core-image-minimal") + sysconfdir = vars["sysconfdir"] + self.assertIsNotNone(sysconfdir) + # Need to use oe.path here as sysconfdir starts with / + targettestdir = os.path.join(sysconfdir, "postinst-test") + + config = self.get_working_config() + + args = { + 'OVERLAYFS_INIT_OPTION': "", + 'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1, + 'OVERLAYFS_ROOTFS_TYPE': "ext4", + 'OVERLAYFS_ETC_CREATE_MOUNT_DIRS': 1 + } + + # read-only-rootfs is already set in get_working_config() + config += 'EXTRA_IMAGE_FEATURES += "read-only-rootfs-delayed-postinsts"\n' + config += 'CORE_IMAGE_EXTRA_INSTALL = "postinst-delayed-b"\n' + + self.write_config(config.format(**args)) + + res = bitbake('core-image-minimal') + + with runqemu('core-image-minimal', image_fstype='wic') as qemu: + for filename in ("rootfs", "delayed-a", "delayed-b"): + status, output = qemu.run_serial("test -f %s && echo found" % os.path.join(targettestdir, filename)) + self.assertIn("found", output, "%s was not present on boot" % filename) + def get_working_config(self): return """ # Use systemd as init manager