From patchwork Tue Dec 10 20:56:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53893 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01272E77184 for ; Tue, 10 Dec 2024 20:56:47 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web11.3940.1733864198529232973 for ; Tue, 10 Dec 2024 12:56:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=mMEwxfji; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-7fc93152edcso33493a12.0 for ; Tue, 10 Dec 2024 12:56:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864198; x=1734468998; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/ePxnDtVd1lXCKhTZ7ERiX0WX0FKkBszkK0W4yMQKXA=; b=mMEwxfjiPAxkk8rIl/nSSwNggJs4ysPdcewl5E6wpcgxswcUjK1oOkshX/79CnV5he IDFsP1qNag2rVuxZQyKfwaIws/0bP8unYPZayzZUe6moM4bg+inMgMwnT2se8ZH7xZ7E KjpMtOR1Zm/X1gnLcNNCbfhqpfoiHnE1sVwdVMayqAw17fJTNvLXAjevMLXBJyeryeKK F8+iYroXhJLD0qiO2NmhRk49npjJmTlnCmG5FlMoFYwqbioMeCYUE31rrZA2F0sX3bgX QayO2qWWvVUHJElqtuLg/kn8Icordx0svE2uSUnFlKEvbv1vhwPwWI3xf8rDwEWv1OLG lX8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864198; x=1734468998; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/ePxnDtVd1lXCKhTZ7ERiX0WX0FKkBszkK0W4yMQKXA=; b=a63iBgLgXdl82cMFwhDUYujrqEg3Rwd6jLVSY8TZAVynnBSVrnBnR4A8HYDtldg46T 73aJqMIHMRjhRs+aqZy8LVUm78wEGaLXLJ6VH9K4PaNJb9jKqIUE/c2J7rRO2lVVYbJl D6MhnCEOVrVhEZ73UHodRLAW++xzk90OmwJJo5I1q9TxgM6bNR3bfkwtskZd6FeLxvBO nR/73ow5Mk6FJ8Wk9Tvvr43znnOUh2ZJkesrzAGIPNBbmYzHLpoAz0Noaoj6sQ/dUfwa 2iK4zqrbkyKaCOHpFFZwVuLmJmS67HT3UFbwJJU+cxxBxuFZ1y3ybbqroaM6sZVE537C 8FCg== X-Gm-Message-State: AOJu0Yw97uWhTZEFhPvl27I5cOQlsRzW3A8p1WNL+GKppTLBfTkfOg7y 0GCNUwQBmEfpJc7UfbAWxlYKDG6K1sp2H6hPP2yZXqaYVPMTHRXBUwVxUc9RwU/RfW9lEum04IG J X-Gm-Gg: ASbGncvum1kkYK2hj3I0OOsdvt8bMIF6lUGWoDoik6jiDAS0KVFXw3jxYQRiYVtIE2A rqKL18yoIBR6oIYrZU/WANp5mq4Xulgs5Tx2W+AbRpE8bp/8lwRAON2JUE1nv7Eoc9b1CyoowzN DhqfS+jmjiXIo+j3MkeM0zBBQ7T+ZUNdVwCZuD0VHfF2lzI9HpV8ao6ldW81PUHuxp4DGIMOr4a 5kdgyFYTLjECi8B31tu1gjujVO8lsMWo0PbzcSvIh4= X-Google-Smtp-Source: AGHT+IGrXvSFOCd23DUuzKDjhmGFMA39gtW8HXgfzA95m7SVjU88y/pB216knKDp98EKtUBKK+g0Mw== X-Received: by 2002:a17:90b:3945:b0:2ee:b8ac:73b7 with SMTP id 98e67ed59e1d1-2f12881b39bmr263366a91.16.1733864197695; Tue, 10 Dec 2024 12:56:37 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/12] ffmpeg: fix CVE-2023-49501 Date: Tue, 10 Dec 2024 12:56:17 -0800 Message-Id: <873025145d42ffe75d421884160ec299d85d21ef.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208544 From: Archana Polampalli Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-49501.patch | 30 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch new file mode 100644 index 0000000000..80d542952a --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch @@ -0,0 +1,30 @@ +From 4adb93dff05dd947878c67784d98c9a4e13b57a7 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Thu, 23 Nov 2023 14:58:35 +0100 +Subject: [PATCH] avfilter/asrc_afirsrc: fix by one smaller allocation of + buffer + +CVE: CVE-2023-49501 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7] + +Signed-off-by: Archana Polampalli +--- + libavfilter/asrc_afirsrc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c +index e2359c1..ea04c35 100644 +--- a/libavfilter/asrc_afirsrc.c ++++ b/libavfilter/asrc_afirsrc.c +@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink) + if (ret < 0) + return ret; + +- s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude)); ++ s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude)); + if (!s->magnitude) + return AVERROR(ENOMEM); + memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(*s->magnitude) * s->nb_magnitude); +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 84bba3b7b6..47be4d3e71 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -32,6 +32,7 @@ SRC_URI = " \ file://CVE-2024-31582.patch \ file://CVE-2023-50008.patch \ file://CVE-2024-32230.patch \ + file://CVE-2023-49501.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Tue Dec 10 20:56:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53897 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D826E77185 for ; Tue, 10 Dec 2024 20:56:47 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.3981.1733864199925932759 for ; Tue, 10 Dec 2024 12:56:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1c3OPlBY; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2efb17478adso2121355a91.1 for ; Tue, 10 Dec 2024 12:56:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864199; x=1734468999; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yIBTmdZT1CeQa/YiyV/zUEgqbfRcHG6e+rqZgX+0bV4=; b=1c3OPlBYHdQ+raJMmQsEN2iMZsQvs0Yj7WojIPoRnKtNu3sZoNbamiSG/T+F9jJtsn 5fiMPjnS3zS2vexa4BKZ20UP2PBfJWrLg9FJJgKD9AHVQ7hnIn5WTjgLxHl3YsebUs10 OBFCDzTu+zCgtP4hbZuSrXLst9VnuDKTB/xMWOiCmNXvz1F97yAygaBk5OusplcxRU4n /LqulZH3QeEN4rUrv9TYDiKxgaBTuP9NhB3Gplrc2z2yUBCzkghS2H4/LshOa9VukWEb IOBDSJ1+gWaqve+vUT/uqV0uwXnjWig1X1lDAWMrtlhS+vLZgHzdmpx3OcZAWAXtMFdi 2eOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864199; x=1734468999; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yIBTmdZT1CeQa/YiyV/zUEgqbfRcHG6e+rqZgX+0bV4=; b=Mf6ytFN41GDoyLzEIAY6g4o2htDlFXT4+LdNVi2N8DVDLxM4mYvwLfd2KsvN3p/xuU ThCKvSoX6t4HK4CzLwAw2zQE3uvuKb6gNY0DcS3lRuMpyzHe8Hb/aTOA8yMl1w5AiuSY QUOLhSgDrcraw0+TYHp692qNdfZLtkWLiXl24VawzmjOo32IWH0W6XkDFuz0GJ4/FFHT zbts5+VrgQfgOSH7mL2xkNMqJJ+zYsDA3ME2rOEJHOGmHzuIVMyhMrlFPewR9CZVQsdx sOCZjurgv+924RG2RgOH5FR3eevRVQR0LA2E+3eVjRLP4zb5J5sAOZ8ANUacnrLahEOV B+FA== X-Gm-Message-State: AOJu0Yx4D8/+59mdTQNbMdIZxtags8179wRx+jXx6+4Zp/zp11SYefxM VSvotwtei1BwutyOZLQgMs5mAxw34qmZ7tAPFyTc86geTwbbtVDp1Fh9EKp5wDN6lExDIxCuL0q 0 X-Gm-Gg: ASbGncviGnKvnDZ2teM+9dBt3wGfMCNA6LSh11EMNai/c9CjizJ4aFbIBN3RjUs09DP gXWB0rdN0ejXkieb9huvZdqod/g7NpV26nz8dA2ASrKTu4N0M5fSsIhlKVixj/hDO426L1FEJah lOf/hD93K7L/67eVq+G6rwVIH0Wgtsi/DLp2neV6VPC0ze0esOkfh7ClwurHllOyAV0EjkcqYqA pNuBkpmNc/sC14gcojjsYNOAWgP+d60rl2l9ex+xuM= X-Google-Smtp-Source: AGHT+IGLUAWPHVWD7DQBfyVCKTG+CWNDSIQWOtbAjy+DKlomi3/VaSFeVAQShZW6vxDFV8sAuOex5w== X-Received: by 2002:a17:90a:c107:b0:2ee:b26c:10a0 with SMTP id 98e67ed59e1d1-2f12808bb7dmr634782a91.24.1733864199170; Tue, 10 Dec 2024 12:56:39 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:38 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/12] ffmpeg: fix CVE-2024-28661 Date: Tue, 10 Dec 2024 12:56:18 -0800 Message-Id: <4ca1544e95e327c7060efa845aa69c2a1eb1d782.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208545 From: Archana Polampalli Some of the changes are already present in recipe version Ref: https://github.com/FFmpeg/FFmpeg/commit/148ada5577262c6c18ae97604df8fe1c18b096e2 https://ffmpeg.org/security.html Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-28661.patch | 37 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch new file mode 100644 index 0000000000..b42badb567 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch @@ -0,0 +1,37 @@ +From 66b50445cb36cf6adb49c2397362509aedb42c71 Mon Sep 17 00:00:00 2001 +From: James Almer +Date: Fri, 16 Feb 2024 11:17:13 -0300 +Subject: [PATCH 1/3] avcodec/speexdec: check for sane frame_size values + +Regression since ab39cc36c72bb73318bb911acb66873de850a107. + +Fixes heap buffer overflows +Fixes ticket #10866 + +Reported-by: sploitem +Reviewed-by: Michael Niedermayer +Signed-off-by: James Almer + +CVE: CVE-2024-28661 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/66b50445cb36cf6adb49c2397362509aedb42c71] + +Signed-off-by: Archana Polampalli +--- + libavcodec/speexdec.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c +index 08c7e77..23b8605 100644 +--- a/libavcodec/speexdec.c ++++ b/libavcodec/speexdec.c +@@ -1422,6 +1422,7 @@ static int parse_speex_extradata(AVCodecContext *avctx, + s->frame_size = bytestream_get_le32(&buf); + if (s->frame_size < NB_FRAME_SIZE << s->mode) + return AVERROR_INVALIDDATA; ++ s->frame_size *= 1 + (s->mode > 0); + s->vbr = bytestream_get_le32(&buf); + s->frames_per_packet = bytestream_get_le32(&buf); + if (s->frames_per_packet <= 0 || +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 47be4d3e71..acff21f558 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -33,6 +33,7 @@ SRC_URI = " \ file://CVE-2023-50008.patch \ file://CVE-2024-32230.patch \ file://CVE-2023-49501.patch \ + file://CVE-2024-28661.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Tue Dec 10 20:56:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53892 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBECEE77183 for ; Tue, 10 Dec 2024 20:56:46 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web11.3941.1733864201395690274 for ; Tue, 10 Dec 2024 12:56:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=u3yHZc+s; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-2ee74291415so4349733a91.3 for ; Tue, 10 Dec 2024 12:56:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864201; x=1734469001; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xr3m1Gd70iVeL8EmvxB6+77SqZ6pe13zHDBW0Mm87ws=; b=u3yHZc+sxkdnR5oOyeM5NOnx0oayaaVh3PToLZfz2LKzNvDhd2Sixw3ZGhlSWrH9U4 6rFu9TaClIvVh+hl4qs9hcenYpZIvKTI8vI+wAz+9dIyqJOyav7qRYa9u6QwjUbgG+XW 6xCqBbTksp8AIqayP2ReWzikAXPUIhAiwDcbKjGpMVWADfDzOidi09LyYlZrkMsipxQY c4mrjliFKw6iHC82dS5L2gK43S0xFoCSSzI41cBV7s8ivyptoTOutk8mfKJ/1fTLOg0G bKQ5BPh/oSKDg9xZaDTh8UN3z+mgWdemuPyLcFqjut4Mpfqx04+iejwYiYeFisSndMZN 1CZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864201; x=1734469001; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xr3m1Gd70iVeL8EmvxB6+77SqZ6pe13zHDBW0Mm87ws=; b=siULvUzqwKT3o0vf/jPi5yqndVdcvJba4kXX59JR+OCsd3Tv1moWC3cd6bEaL6cXZx KR794yTTM0J0HQAL1ehqaiKZZ2xaslACpA9gyoar4dZToUGntB0EIj0NxhRUxfVHYBC5 053A8Eag5Dke3Etu1o3jlA413m3+UJmznKo/ipnvg8DAphLfuJJuEYeDwHKFdf6sfnE8 Xvpc4bOnZPIrAilPD4U88yHYp5+AUKYXk2d1I6V8/+nLgzj3bD2Va+nlrBGhx9b3vLK3 DCEbC8GNqi36/p7UGw2HJF7J3kvRXpr9BCkU0YVc7ACFgJF5ZHSfF1sudXKl0sABVykD Y+Pw== X-Gm-Message-State: AOJu0YwVgpj6qrM1Xutva3b/jlwAxewREr7W8dby4a6fflFVdVYEMzDj m7l0AeTMDUvZ+KoyXooiGhVXghwg4jBJI2gZKR++RTQ3cidmrMeL2WuRc5vhMm7ZekHSfEXWZ5b U X-Gm-Gg: ASbGncvw8dR0i4x3/KfWKzBRrwuXB9x3M//benMC/mV2CRZ8u9gnSTheKlj0inJF1wM IHsBLw+rGIjTCNJ35HVfUtN8eHcrb9lvVDqrS3OPBcqbtf/GbbElEqCa+m4S7UHZEHPITXkSaju aqSJqdv7+SVTd6nSRa4DNdFfnPICUu409QIQzwl1TGTqCfaosP2X6+jFPQIeEDpmw4PjcEts7Ug YFosBSXaZAheDODwvx+uC9Aaq7zBsUU17eepy2MIn0= X-Google-Smtp-Source: AGHT+IFdRwB/cd8wDX0XkMCAfigZJkypFtk4QMeAaPupjOUN0fvws6pj9SvcwfxkXPB5h4HIWRbaXQ== X-Received: by 2002:a17:90b:35d2:b0:2ee:accf:9685 with SMTP id 98e67ed59e1d1-2f127f565b0mr631482a91.4.1733864200627; Tue, 10 Dec 2024 12:56:40 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/12] ffmpeg: fix CVE-2023-50007 Date: Tue, 10 Dec 2024 12:56:19 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208546 From: Archana Polampalli Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in the libavutil/samplefmt.c:260:9 component. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch new file mode 100644 index 0000000000..d86e39707e --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch @@ -0,0 +1,78 @@ +From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Mon, 27 Nov 2023 11:45:34 +0100 +Subject: [PATCH 2/3] avfilter/af_afwtdn: fix crash with EOF handling + +CVE: CVE-2023-50007 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47] + +Signed-off-by: Archana Polampalli +--- + libavfilter/af_afwtdn.c | 34 +++++++++++++++++++--------------- + 1 file changed, 19 insertions(+), 15 deletions(-) + +diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c +index 0fcfa77..63b7f5f 100644 +--- a/libavfilter/af_afwtdn.c ++++ b/libavfilter/af_afwtdn.c +@@ -408,6 +408,7 @@ typedef struct AudioFWTDNContext { + + uint64_t sn; + int64_t eof_pts; ++ int eof; + + int wavelet_type; + int channels; +@@ -1069,7 +1070,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) + s->drop_samples = 0; + } else { + if (s->padd_samples < 0 && eof) { +- out->nb_samples += s->padd_samples; ++ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples); + s->padd_samples = 0; + } + if (!eof) +@@ -1208,23 +1209,26 @@ static int activate(AVFilterContext *ctx) + + FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink); + +- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); +- if (ret < 0) +- return ret; +- if (ret > 0) +- return filter_frame(inlink, in); ++ if (!s->eof) { ++ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); ++ if (ret < 0) ++ return ret; ++ if (ret > 0) ++ return filter_frame(inlink, in); ++ } + + if (ff_inlink_acknowledge_status(inlink, &status, &pts)) { +- if (status == AVERROR_EOF) { +- while (s->padd_samples != 0) { +- ret = filter_frame(inlink, NULL); +- if (ret < 0) +- return ret; +- } +- ff_outlink_set_status(outlink, status, pts); +- return ret; +- } ++ if (status == AVERROR_EOF) ++ s->eof = 1; + } ++ ++ if (s->eof && s->padd_samples != 0) { ++ return filter_frame(inlink, NULL); ++ } else if (s->eof) { ++ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts); ++ return 0; ++ } ++ + FF_FILTER_FORWARD_WANTED(outlink, inlink); + + return FFERROR_NOT_READY; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index acff21f558..05a4c05e24 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -34,6 +34,7 @@ SRC_URI = " \ file://CVE-2024-32230.patch \ file://CVE-2023-49501.patch \ file://CVE-2024-28661.patch \ + file://CVE-2023-50007.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Tue Dec 10 20:56:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53894 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF882E7717F for ; Tue, 10 Dec 2024 20:56:46 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.3943.1733864202740917386 for ; Tue, 10 Dec 2024 12:56:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UcLUnlNB; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-7fd45005a09so2037588a12.2 for ; Tue, 10 Dec 2024 12:56:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864202; x=1734469002; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Xkk2+YxQJ0zIsJWXce1x5t5snM40mftNztTDmM/Ilvo=; b=UcLUnlNB9pIWizqKCNCqmC4VEZbI6HgavjwDry+hOBrUVj6mE2R9nKYCSv3LY+eml8 2ITvvGgEVduNch9tC7MgtMev4Jh9keZ0hCuCqiuRpBOM2d4Zqqh/9BbwOGqJKrDnisit v88YJFuFxODVv8M40UcmgrhJxRiFT+0pybFW53bttR2zUUzPRrssjDhkl8kB/8/DoUhV BPK8dE81l/sCJY5LBf0UdP4w4b+S2D77jHoawCYmmDa9OwktCaKbO38fe4DOf59nykgI 33Kx/5r63s9vp89175afX3C71OSDZ5ogPcv14C+/Pu7jRs5GTkhyw+zZ/KyS8m1/1jk4 YWiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864202; x=1734469002; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xkk2+YxQJ0zIsJWXce1x5t5snM40mftNztTDmM/Ilvo=; b=AKk197L3dw1KgJapFhrIk/KuUqQE+GtJiLxcZk8aOT4tYgqf1wR9n7JD+dfn4wmHR8 WhQgxPVvfw+/mBpeWWGPKbbDySBR2zs2nfKuSIud2VR77Q8J09Ox7mifFw0geAKmuGC7 +g5J/abSY9imRsGiKzAnKb9wouTJVYDTfzM8yydWiogJThgDGLYzMW1Ps9003jEbtWjC fNZ3/pOcJSRNiEcrf5eF2CCRetfdme2YY7JDrsDMzg/JVeFVOeHGQ46UuKYIpOlJayxm VvyjEpWVdZIPRlieXmLi1GxaGHm/D+wFzTVlSoYQPCNocFe1l9gVIXNd8l7XzJff7REg s+TQ== X-Gm-Message-State: AOJu0Yxg2AUDXa29Yy4fVMN2FZH7pd8Xl56inJctY7MxNhVk44LhL7VS F+OuBDQWjFnPJyD+5ywaM5YmulQRvYUqnt8LVLsYCpLKmF2848RoPjkySu3NCT2TiqzwK/Os6TI U X-Gm-Gg: ASbGncu+o2xlQgk03xKOArC7YhlU05DWrpxLL9iWKNfQK+MqEJek3sOoZt8v3Up3PS2 qjieFI5sfv5OkhAJ7358FJv6zrlDVxPfwXUC0CSJRGbQ0VIYoqKxa1BJN1a2NCGX1LTDm987LvG CdPFqYKvkOo7qu5KI4RSU6OqY/ZqmsPXQS+wr9+jrJdb+b1FcmRz7U4m1pCVlvs9Sxr2gA0BiUQ 97iqLRqVCJo/3+3IvfGviwNBe0LE7OHDkGEqOUGZz8= X-Google-Smtp-Source: AGHT+IECgvFyKhF9fhoOYO210Fl4K4ple1qRXqXYFzn7Lu4bq9nFYHkqRwL2zI2vLMJd1w8eKecP2w== X-Received: by 2002:a17:90a:578e:b0:2ee:c918:cd60 with SMTP id 98e67ed59e1d1-2f127fee938mr653546a91.20.1733864201949; Tue, 10 Dec 2024 12:56:41 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/12] ffmpeg: fix CVE-2023-49528 Date: Tue, 10 Dec 2024 12:56:20 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208547 From: Archana Polampalli Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2023-49528.patch | 58 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch new file mode 100644 index 0000000000..37e1ab61d1 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch @@ -0,0 +1,58 @@ +From 2d9ed64859c9887d0504cd71dbd5b2c15e14251a Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Sat, 25 Nov 2023 12:54:28 +0100 +Subject: [PATCH 3/3] avfilter/af_dialoguenhance: fix overreads + +CVE: CVE-2023-49528 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/2d9ed64859c9887d0504cd71dbd5b2c15e14251a] + +Signed-off-by: Archana Polampalli +--- + libavfilter/af_dialoguenhance.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/libavfilter/af_dialoguenhance.c b/libavfilter/af_dialoguenhance.c +index 1762ea7..29c8ab1 100644 +--- a/libavfilter/af_dialoguenhance.c ++++ b/libavfilter/af_dialoguenhance.c +@@ -96,12 +96,12 @@ static int config_input(AVFilterLink *inlink) + if (!s->window) + return AVERROR(ENOMEM); + +- s->in_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->center_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->out_dist_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_frame = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_out = ff_get_audio_buffer(inlink, s->fft_size * 4); +- s->windowed_prev = ff_get_audio_buffer(inlink, s->fft_size * 4); ++ s->in_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->center_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->out_dist_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_out = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); ++ s->windowed_prev = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2); + if (!s->in_frame || !s->windowed_out || !s->windowed_prev || + !s->out_dist_frame || !s->windowed_frame || !s->center_frame) + return AVERROR(ENOMEM); +@@ -250,6 +250,7 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out) + float *right_osamples = (float *)out->extended_data[1]; + float *center_osamples = (float *)out->extended_data[2]; + const int offset = s->fft_size - s->overlap; ++ const int nb_samples = FFMIN(s->overlap, s->in->nb_samples); + float vad; + + // shift in/out buffers +@@ -258,8 +259,8 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out) + memmove(left_out, &left_out[s->overlap], offset * sizeof(float)); + memmove(right_out, &right_out[s->overlap], offset * sizeof(float)); + +- memcpy(&left_in[offset], left_samples, s->overlap * sizeof(float)); +- memcpy(&right_in[offset], right_samples, s->overlap * sizeof(float)); ++ memcpy(&left_in[offset], left_samples, nb_samples * sizeof(float)); ++ memcpy(&right_in[offset], right_samples, nb_samples * sizeof(float)); + memset(&left_out[offset], 0, s->overlap * sizeof(float)); + memset(&right_out[offset], 0, s->overlap * sizeof(float)); + +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 05a4c05e24..a793817ec2 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -35,6 +35,7 @@ SRC_URI = " \ file://CVE-2023-49501.patch \ file://CVE-2024-28661.patch \ file://CVE-2023-50007.patch \ + file://CVE-2023-49528.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Tue Dec 10 20:56:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53895 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1F82E77182 for ; Tue, 10 Dec 2024 20:56:46 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web11.3944.1733864204176906093 for ; Tue, 10 Dec 2024 12:56:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aQmP2awj; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-2ee6c2d6db0so5333572a91.1 for ; Tue, 10 Dec 2024 12:56:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864203; x=1734469003; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PuUHVQCswlzYbvobDYLhncBUImR62llYhq9rgUmg2P8=; b=aQmP2awj/o1UQbNfEkQ+RSWndbngGlWNZSPmecN8XR8mesxG6bGYeZmM5f6gvI1LJA 15AvPvmpF0n19T6nfkrQ1fNfCIlCZKP8V5853Fo+aXVBK9gSfBeziykiqhl4UqG1tFbL RXaP0yGxsTUgVAISgkxxGfwTRxnA0u+GBYW7IUEoR41Drec6iqFpXP307TOkTErabaUM LjrkIsf4e7B9FZU+XFxDBTOH7xYRy/+wv1Keb5evYbD2P/mTGZvp8aiEl0YWK4ecODvO 9vUVhTX9FB/So9e2+A7IZ7EhXQU2J61bPY9z1DiMhDgrIFwUI6zseM+E8k3gnAm5FsC3 AJpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864203; x=1734469003; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PuUHVQCswlzYbvobDYLhncBUImR62llYhq9rgUmg2P8=; b=Ot6UXtDraUfTlREf9YmjheE+ofR4eDdV2hU4DRmUBTEWIeSsSPysO5nacWUyAzXYiU Ksq/BG56GErjAJWHTO8PKPrYat1Y5zK6/w52veeOyxHtSS2Qz3k9iZu+5eBt8eWHDSw/ WuWg+IJIrti0NQz8HkTsz+8tLOfJPbaAv4VPX4yA8dN9BUh9GjmfbYgFhHt3AnRNFiip jLGtq87Jmb4XOvYFbX2vdyEtQ7uPTbLAGq53wz75PMz3wiXdSstUEENdhSWVkrQHhbPK hpO0pKxxOZEjAhurLPltQPDnmnpZYiaaVQRLPr1cm8xxI9X4FGEbEV9mouhsOic7w4YQ LCLA== X-Gm-Message-State: AOJu0YxTX0rh4oUS7VJ/K+i9eKloYGn/ZgkjLA3Qj9rIsiz/XftpS3Sm OvEt6PJY86xoQYGaDFHNXV5susax6gZYxw3OPyqLfylYGwuuEs51nvUAZF6rAznl0XTaPvdkbaE 5 X-Gm-Gg: ASbGncuaUwfAjlpjrJkD310ZranAv6k81LZ3OC+q/g55kHjckX1ED2sHqj15Xv67Fsx ETP3vhBbVzI59R0fVUSP3KPS/QPn2HqdR4XtlOiCIFKBe78dmb2bZGWVK8T+PJu4gUTZt+4yJet Nu/Ak+uSBnN4viYky/6Txt+v/S//0PbFGT+yew/SjedXyDiKgk7FjwFi9ea2mM2J+J2bdT2xnU3 v9brvrvhLPGqbbbRK/Zce3OOCTOUmz7WMBnK+vcZEc= X-Google-Smtp-Source: AGHT+IFxhsxfpJwAIO/OdcA+0yumhy0SwexpNr/h18PYs70iZXnmSQVUL6XZ1ucaaXXUxBRQ7VRuDw== X-Received: by 2002:a17:90b:230c:b0:2ee:b0f1:ba17 with SMTP id 98e67ed59e1d1-2f128048ebfmr620856a91.37.1733864203435; Tue, 10 Dec 2024 12:56:43 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/12] ffmpeg: fix CVE-2024-7055 Date: Tue, 10 Dec 2024 12:56:21 -0800 Message-Id: <71a9c2d01ad8ed83f9da6e6b9541fcf1d9baed48.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208548 From: Archana Polampalli A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-7055.patch | 38 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch new file mode 100644 index 0000000000..afd857ceac --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch @@ -0,0 +1,38 @@ +From 587acd0d4020859e67d1f07aeff2c885797ebcce Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Thu, 18 Jul 2024 21:12:54 +0200 +Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check + +Fixes: out of array read +Fixes: poc3 + +Reported-by: VulDB CNA Team +Found-by: CookedMelon +Signed-off-by: Michael Niedermayer +(cherry picked from commit 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8) +Signed-off-by: Michael Niedermayer + +CVE: CVE-2024-7055 + +Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=587acd0d4020859e67d1f07aeff2c885797ebcce] + +Signed-off-by: Archana Polampalli +--- + libavcodec/pnmdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c +index acd77ea..40cc2ae 100644 +--- a/libavcodec/pnmdec.c ++++ b/libavcodec/pnmdec.c +@@ -264,7 +264,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p, + break; + case AV_PIX_FMT_GBRPF32: + if (!s->half) { +- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream) ++ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream) + return AVERROR_INVALIDDATA; + scale = 1.f / s->scale; + if (s->endian) { +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index a793817ec2..8f4a8d34c0 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -36,6 +36,7 @@ SRC_URI = " \ file://CVE-2024-28661.patch \ file://CVE-2023-50007.patch \ file://CVE-2023-49528.patch \ + file://CVE-2024-7055.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Tue Dec 10 20:56:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53896 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 014FDE77186 for ; Tue, 10 Dec 2024 20:56:47 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.3945.1733864205678554350 for ; Tue, 10 Dec 2024 12:56:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uCsRUVJ8; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-7ea9739647bso4448433a12.0 for ; Tue, 10 Dec 2024 12:56:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864205; x=1734469005; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=S+L+o5R+WzOhmMwOLidCY80pFVQEYtsamxVDTCHke8Q=; b=uCsRUVJ8Q6BmUAS14eBri9dug18+iE9xo1w8CkHq8tPNz9iSF2vTDedLCduEkq89/c 8GNLsrPteHM9YzkN1YN6Y6ebQbhsXPXX0HPz9m/MKMn02IhJ/Fp+SAV3TwMmdTFHgi1z ZoAJQlAGI7SE7kIG03MVOGJjc1Nt55GOdQ5G//O+N/LuIZ0TOtIqKu2yBYlqUAvxn41q f+pn6Saehy6WgBO1yq3JLlwUC8UOQ5XiRMik6CpQ4MQzQkNSiUMCjhUwRTdiWnJItemu nPfr8Q+r5w4AMEbdNOgxnh82CZFZTlMkBEcF1dJFqDFDV+a0CGIIUjxr136Bea1gfHbg k31g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864205; x=1734469005; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S+L+o5R+WzOhmMwOLidCY80pFVQEYtsamxVDTCHke8Q=; b=gNE2w6WTQK/2MCM2Jo67vp0BK6AGBu5W7Dv0NS0EaGtDBdca36pLxMgna3rNpJ4yk7 lJhkbvvK5LCaf12fHhthV8aoHN3OPCXawvJnGoKMQPs7a52FwNvzN0RKn7htm+iiXnkm Ppjs4VQ69dL/OVy//Ha7SHVbzLqa32iKPCMlWUddxuYNNmAR+3LvjHUhen9Ghl3mPQOj bJpkMYfTTXmFrqiFilZ1Qiee4aeSuoE7SjO8Hs4pEby+ik7HbV2gY4150HSbBZ0Z/o9p UMrD20pGwE+2WvOYYJ1fNUdM0HMERrAbVZY/4S1vegItB4WSWSTZY+nbW3xPxSzIAda3 +Nqw== X-Gm-Message-State: AOJu0YwWF3bDlgGq3tjTeRJNKiO8MOZLaX85PAIyR11/xLhFYsERbFX4 GBsjkFkYth7C6OXf7ufY6WjQiFOXYeA62lYZr5Bc54Tjurqf8dQs4QQDeNyIK4au74RrFhvumXD G X-Gm-Gg: ASbGncsMWAQkOuiq8UTL/SirhyKltxurasVwEvt3OJvZ6mTotL4SOoET453Jz2rEDQd zBde0utYLDgI37jzKvygWhwINCNn+ZTys2snNpKdvYOL0ktTMTfdFBeJwV5aYySixz9sZJ64UZy GC+bEIrnt9M6jTuTFDvdHasH565JYkXI4PQxrqkpvBpDV3q5CRbrrhaZW4+2X9i1EigcwtqQM0z VKNyZDDiyIU66u5khXBIojxGbl1iSV8BwF9FzqbyDc= X-Google-Smtp-Source: AGHT+IFUIciwZ4/SUs+hzeGtXQx0dhR8zI42IHvZsCRzomDrrhxYM6SJeV6qEnTAVXjRNj+VOnu/ig== X-Received: by 2002:a17:90b:1c05:b0:2ee:f550:3848 with SMTP id 98e67ed59e1d1-2f127f7e124mr660478a91.5.1733864204866; Tue, 10 Dec 2024 12:56:44 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/12] qemu: set CVE-2024-6505 to fixed Date: Tue, 10 Dec 2024 12:56:22 -0800 Message-Id: <33050bf82add43409675122a8f29acbcda4e8439.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208549 From: Peter Marko CVE patch was removed on last upgrade as fixing commit was backported to stable 8.2.x branch. NVD DB has this CVE as version-less (with "-"). So explicit status set is needed to mark it as fixed. (From OE-Core rev: 64359ec3b60ae68d39c2e6444f903fd20e397cff) Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 40ee267a42..4dc6c104c7 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -78,6 +78,9 @@ CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 a CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" +# NVD DB has this CVE as version-less (with "-") +CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" From patchwork Tue Dec 10 20:56:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53899 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 000A9E7717F for ; Tue, 10 Dec 2024 20:56:56 +0000 (UTC) Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) by mx.groups.io with SMTP id smtpd.web10.3984.1733864207001019242 for ; Tue, 10 Dec 2024 12:56:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Q02RLA8r; spf=softfail (domain: sakoman.com, ip: 209.85.215.176, mailfrom: steve@sakoman.com) Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-7e6cbf6cd1dso3389770a12.3 for ; Tue, 10 Dec 2024 12:56:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864206; x=1734469006; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ck0vvc5jpzVntllXROP+LsBxGyUhnv6sotCL0ScrpKM=; b=Q02RLA8rDnQBahMfJquEv/G1JgaRnPq597eEGbNbowYskd1vVlu8byiDhLwQDbxxQV iH6MEM8BQVW2+3swb9S+6TSLQOTB0K+6Dh9+cNPAzvpqtx2Jhg81B23d0s1B4uI+NuDM n/L1gW4mtypWv3iMHyZxNVciDv7mPlVJlqXrO+JiZoQ68AEWSBH/eDfXmKpA2mPe8iNz eqHUhCvjfBfDYSe9NxAjWalfFpl1jQYRWzoQu+jk60z5j9jcY6AVnRklzgQgF5MqRle/ dlHpvMKeInKw9+6vVk+GadtOIEeO9tBHovfNFTqdWB6QVLuk9iXewi4/WqIy6oMja2Av 6odw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864206; x=1734469006; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ck0vvc5jpzVntllXROP+LsBxGyUhnv6sotCL0ScrpKM=; b=pGQumT16G6iycvi7GF9GCMrrzmWSyEjltIU4lpOjNxsuJNQCOfmbdr4JCgPHNLn9hG KGOQ6RGcj2sKLoee0zOHbyYRSfJWnuVdM2c54HJjekOw4Pv0EK/WZ9KGIKN4SiPohfKT YzU++V4TJ0wmGhXMGiLoXUch7kstNUCck/WKAXoehj0dZ9+W2G9R96ava4nUz9ra2+Ja UmSPhtMUTmfPhwNJ1QvGcbFF+1f17CmZmQYhWpqrjHzddrLZBZimHBkLnNd++QJnhfAh 9EcPfvdXRAjn0avYWuc061LBJ5aZY28+X/NHFW6ureQDmr5rLp0fm/kW2t+zD4JpaDbd 5BdQ== X-Gm-Message-State: AOJu0Yy7r+uBpdEROkBOvcmXBTKdm1FxO4JgMofo2QOpzsxFlPYmxqOR 5jO4DZH2SEfiQTZGiq55EjYglFBON1kjz9i3ucp4Mb2Tq/TqIM+wztbk1r814C79X+BzkbnujZ2 z X-Gm-Gg: ASbGncu8SC9/JeFhgHUvfMYfOsTmuuu5mMXgKDVf8DMl9jT2y1y8lU0TBlyguXqJ6ZL /m8FY+sEX7fe4SJgdsezZB1ul0FpGp7/RviIpnjBQKk+5dbUozpMMSRKnzXWE8b65ehDGP6Qnwl 6olsNAgVxc48NM7uJIEW5lYxh7LOc0afN5hzgwVOCM2nKcXX2V4TYxFoQ6vEMgmeN1b7J17V292 rJBPcIpAOVms7o6bzDgWAkxHSOh6me6TuY1etLaWdU= X-Google-Smtp-Source: AGHT+IEYaFFDknjMDrKasts68PpQ6t5d/c7raSU6uny2OpPBLEkaN5qBHkhB8vm8uAN9n4Co+5wsrQ== X-Received: by 2002:a17:90b:2812:b0:2ea:7fd8:9dc1 with SMTP id 98e67ed59e1d1-2f127fdbcc9mr594765a91.18.1733864206297; Tue, 10 Dec 2024 12:56:46 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:45 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/12] libpam: fix CVE-2024-10041 Date: Tue, 10 Dec 2024 12:56:23 -0800 Message-Id: <0e76d9bf150ac3bf96081cc1bda07e03e16fe994.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208550 From: Divya Chellam A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. References: https://security-tracker.debian.org/tracker/CVE-2024-10041 Upstream patches: https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../pam/libpam/CVE-2024-10041.patch | 98 +++++++++++++++++++ meta/recipes-extended/pam/libpam_1.5.3.bb | 1 + 2 files changed, 99 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-10041.patch b/meta/recipes-extended/pam/libpam/CVE-2024-10041.patch new file mode 100644 index 0000000000..41949cbf2a --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2024-10041.patch @@ -0,0 +1,98 @@ +From b3020da7da384d769f27a8713257fbe1001878be Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Mon, 1 Jan 2024 12:00:00 +0000 +Subject: [PATCH] pam_unix/passverify: always run the helper to obtain shadow + password file entries + +Initially, when pam_unix.so verified the password, it used to try to +obtain the shadow password file entry for the given user by invoking +getspnam(3), and only when that didn't work and the effective uid +was nonzero, pam_unix.so used to invoke the helper as a fallback. + +When SELinux support was introduced by commit +67aab1ff5515054341a438cf9804e9c9b3a88033, the fallback was extended +also for the case when SELinux was enabled. + +Later, commit f220cace205332a3dc34e7b37a85e7627e097e7d extended the +fallback conditions for the case when pam_modutil_getspnam() failed +with EACCES. + +Since commit 470823c4aacef5cb3b1180be6ed70846b61a3752, the helper is +invoked as a fallback when pam_modutil_getspnam() fails for any reason. + +The ultimate solution for the case when pam_unix.so does not have +permissions to obtain the shadow password file entry is to stop trying +to use pam_modutil_getspnam() and to invoke the helper instead. +Here are two recent examples. + +https://github.com/linux-pam/linux-pam/pull/484 describes a system +configuration where libnss_systemd is enabled along with libnss_files +in the shadow entry of nsswitch.conf, so when libnss_files is unable +to obtain the shadow password file entry for the root user, e.g. when +SELinux is enabled, NSS falls back to libnss_systemd which returns +a synthesized shadow password file entry for the root user, which +in turn locks the root user out. + +https://bugzilla.redhat.com/show_bug.cgi?id=2150155 describes +essentially the same problem in a similar system configuration. + +This commit is the final step in the direction of addressing the issue: +for password verification pam_unix.so now invokes the helper instead of +making the pam_modutil_getspnam() call. + +* modules/pam_unix/passverify.c (get_account_info) [!HELPER_COMPILE]: +Always return PAM_UNIX_RUN_HELPER instead of trying to obtain +the shadow password file entry. + +Complements: https://github.com/linux-pam/linux-pam/pull/386 +Resolves: https://github.com/linux-pam/linux-pam/pull/484 +Link: https://github.com/authselect/authselect/commit/1e78f7e048747024a846fd22d68afc6993734e92 + +CVE: CVE-2024-10041 + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be] + +Signed-off-by: Divya Chellam +--- + modules/pam_unix/passverify.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 81b10d8..97a81d6 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -237,20 +237,21 @@ PAMH_ARG_DECL(int get_account_info, + return PAM_UNIX_RUN_HELPER; + #endif + } else if (is_pwd_shadowed(*pwd)) { ++#ifdef HELPER_COMPILE + /* +- * ...and shadow password file entry for this user, ++ * shadow password file entry for this user, + * if shadowing is enabled + */ +- *spwdent = pam_modutil_getspnam(pamh, name); +- if (*spwdent == NULL) { +-#ifndef HELPER_COMPILE +- /* still a chance the user can authenticate */ +- return PAM_UNIX_RUN_HELPER; +-#endif +- return PAM_AUTHINFO_UNAVAIL; +- } +- if ((*spwdent)->sp_pwdp == NULL) ++ *spwdent = getspnam(name); ++ if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) + return PAM_AUTHINFO_UNAVAIL; ++#else ++ /* ++ * The helper has to be invoked to deal with ++ * the shadow password file entry. ++ */ ++ return PAM_UNIX_RUN_HELPER; ++#endif + } + } else { + return PAM_USER_UNKNOWN; +-- +2.40.0 + diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb index f05272652d..55b4dd7ee1 100644 --- a/meta/recipes-extended/pam/libpam_1.5.3.bb +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -27,6 +27,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://0001-pam_namespace-include-stdint-h.patch \ file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \ file://CVE-2024-22365.patch \ + file://CVE-2024-10041.patch \ " SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" From patchwork Tue Dec 10 20:56:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53900 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B505E77185 for ; Tue, 10 Dec 2024 20:56:57 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web11.3947.1733864208367577080 for ; Tue, 10 Dec 2024 12:56:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OQgvOEmH; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-2ef6af22ea8so4200075a91.0 for ; Tue, 10 Dec 2024 12:56:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864207; x=1734469007; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HtJi1jI08unfJI9Yw1XbgfbgvoZ1s4oBFmNozbZggOw=; b=OQgvOEmHig8M0nClrBAXcBi0+X8QYMUCIFxakL5hFx/v2A4roontSb01P4C0gKwOBx zFV7m2K/3UI8XEP1joVDGiI/ok8XOpcGVXiyg2sMU75UOaVlFc3ET71Y1gyrkLHE1faH /ErU/c2k234ZAcLIpGbMC7pwlqu2raGZPwLfn4krsEP9uKHTu8QGhP1U7qFI/awIPTaX vFA5BsBsVXb6/AukgfegRErwTEbOHpwtz6W+aBQiJPrd8QBrkjcN9Sf+dwLySYvdHmYI dW15HBuEWeXnQNQy+ODWVmHR8edv2cKLJ1zV7FrANfXr5Nqwz2I/5uW0OXbS3hnvpsKw GlIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864207; x=1734469007; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HtJi1jI08unfJI9Yw1XbgfbgvoZ1s4oBFmNozbZggOw=; b=X4oioIlN7Zk20i1Yd7iVNJx2z3d0qqpA/EB9E87jpMO+d7OD2PKg1igGeKIsOHDykJ B36vcgJ5bzBPPHXc1YlP5kf5mvyL84yXcNyc2wUL28UsqloO5LgDIisig2RthWwR0b1X az/GkLpMz72BUkhzbe5Wx1n4agqI3PtYT0PpArgllUIYVroVINzl4j0G2fQU52ZKIDz0 Edjt1hREXlD6dEJNZtY35Cx890RvO3nE/jF9pemdNHSzejWd3UOXKs+/L3EL13UPvEC+ CEnV2E245JtsLWaltU6iKBK2yIu/mQqJqnAiFlCzsSc8ni6K3W5/k/WVPkBFAFXqACVC k/Hg== X-Gm-Message-State: AOJu0Yyoys03hWQa+iv+RX+nw3oYHvuWjD2xuP+6V8Eu8ulaBtuexPwk a5ECnhM/T4Wb7uh5gJuQDTuQ4gtM+8FnHgr/bYr4h0S9qklLID1khOR9IK+PyVYNU3zg9vc67GP C X-Gm-Gg: ASbGncsmGSqve4pRdh3jzkhAFJTi6MfhjdKCjGYQm20za2UJrGxGC4Ww87cXm/6BOSB 59VWhDr4vCR1ZHbz95fZDRpCGCegfgpLQ3ttbkK1Z64WAjzVlHnB1tXs8JjijKLvG6O6197P8UJ 6gUuyYNNxHez8o20z2YWZMN5ssxtBWG4lP72EXbNYGCE4Kcn/h5QlJOOs52tShEvV2PMWlmtpsr tdJ7krT0Z4YbuW6F11uXSHSQI8Opbmw0IR+Jkt8DSc= X-Google-Smtp-Source: AGHT+IHJzhNK7tliX86O3VLEyZO+oqWTbyryVtMeD95rHheWQFR4L1QguvN9sraE8ED7aSGTwUlK6A== X-Received: by 2002:a17:90b:35c8:b0:2ee:ab11:fab2 with SMTP id 98e67ed59e1d1-2f127fee426mr590466a91.22.1733864207656; Tue, 10 Dec 2024 12:56:47 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/12] systemd: drop intltool-native from DEPENDS Date: Tue, 10 Dec 2024 12:56:24 -0800 Message-Id: <60e6fd2b7e3adfbe4260cd266dbe245c745344a9.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208551 From: Guðni Már Gilbert intltool was dropped as a dependency in v236 See commit for reference: https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319 Signed-off-by: Guðni Már Gilbert Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-core/systemd/systemd_255.13.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/systemd/systemd_255.13.bb b/meta/recipes-core/systemd/systemd_255.13.bb index 0ccca8a567..fa3ad1d2cd 100644 --- a/meta/recipes-core/systemd/systemd_255.13.bb +++ b/meta/recipes-core/systemd/systemd_255.13.bb @@ -4,7 +4,7 @@ PROVIDES = "udev" PE = "1" -DEPENDS = "intltool-native gperf-native libcap util-linux python3-jinja2-native" +DEPENDS = "gperf-native libcap util-linux python3-jinja2-native" SECTION = "base/shell" From patchwork Tue Dec 10 20:56:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53903 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26D01E77184 for ; Tue, 10 Dec 2024 20:56:57 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web10.3989.1733864209639578564 for ; Tue, 10 Dec 2024 12:56:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=t2nItD+B; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-7fbd9be84bdso5527167a12.1 for ; Tue, 10 Dec 2024 12:56:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864209; x=1734469009; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AeZu+eCBH4KDs0pPctYUSAKpaLuvW0/vJ2R0ktELspQ=; b=t2nItD+BmO9xLv6Judj5p3l/eiRlWSmFyejfmNUfG9kvLawnSbWXR2DOkuoBNwRhME NjQn+S9Dld/ZptTYxYTOu/gd2b8INb8Uv5Vv+MJAT8uNHFmR6bTR+i8N8S0BaxRHNcmn ifH7a1BaV1dHgjOjEPB1QLCIoLQQB5SZ0c0o8Mp18ngO9YT/rfLqlPj7JN+26qssZeJf 32e1cIIZF0DZcbppErfd91W1cHRBc0opK48kcyWfYf/WpHAoMeMV18qicizPnWXhlIf0 yLBtBWdZIL8sXQRwKgF5Si8kl8z0yX3H4YVCg3s34T8qlH68n/aGVLTEz6RQkygFSHuf /1rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864209; x=1734469009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AeZu+eCBH4KDs0pPctYUSAKpaLuvW0/vJ2R0ktELspQ=; b=w88o8nejzKpThEEZb3yCpSvO/VVl3j0TdvTeAsm1kH2nRSuOQCQkk4lZcPqfm4ttGI e3Ecpf4PgjkS6p1x9xPxfuYSQd4SnZq+IvDHqqDTuTdLgDOEp9GoTg6sTl3NQtP3LjLH BLngC2QkVofcLYgRtkP14OcMfZCoES/uJ/EHMJbb2Q5THmR8nawLyqy4P4MmV9PWjKnu pkRG+Z5EsfRAPjUaUiFfx6fPBCJfkNQJtuQ6h/HeNmWXwCvvYN8l0BzrRE6WZ2h4qPJm A+uRcMEMmlDyeez6y6blbQ+saVWcYQ2L0X0HTvtuPXfp7F65gt7pn2sdHAyJ5tLX1CT0 cPNQ== X-Gm-Message-State: AOJu0YzTqK/d6ZaY5XltOKni+1ziTRMZZYYGRYgLCtrDtz/VAz+Nbqfz 0hWHZpsT2TdQEY9t84xQE0plQSob4rIe4+I5/CbLPk+L+1tNgji5P0v/Gxn81nP0ms8MGkIlY8X G X-Gm-Gg: ASbGncv0LJiR2xAZhSliE4Zs9fGFWM710+7AX/wczwnA8bUtYe4e65MsDQVMorcnsYP ZEUm2zXmH+F22qm1ZVeRw2NDLGyFvtDK1rE2jIpu11c4qyE47Kz3Uvht3mBJrD47CgOpz5km7hk UopDu60xGD4rBtYAQMbNrp8zNTU2le30brFakTYZrnOwtLhCjVLjyD930hyjd8RqahuJh0Fp5SK VLG4qGgjUsN08CMFhhj2AxL1V5srT0mEe23DGPFrRI= X-Google-Smtp-Source: AGHT+IFvceqgMGz0VQSNOBf6MafTyJk1UJdZF9bfgSc0xB9aPBemTA5WtmFFUP5qUsSi65AG0qDWAg== X-Received: by 2002:a17:90b:3d08:b0:2ee:6db1:21d3 with SMTP id 98e67ed59e1d1-2f128089f18mr590137a91.25.1733864208940; Tue, 10 Dec 2024 12:56:48 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:48 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/12] systemd-boot: drop intltool-native from DEPENDS Date: Tue, 10 Dec 2024 12:56:25 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208552 From: Guðni Már Gilbert intltool was dropped as a dependency in v236 See commit for reference: https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319 Signed-off-by: Guðni Már Gilbert Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-core/systemd/systemd-boot_255.13.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/systemd/systemd-boot_255.13.bb b/meta/recipes-core/systemd/systemd-boot_255.13.bb index 4ee25ee72f..397316fe9b 100644 --- a/meta/recipes-core/systemd/systemd-boot_255.13.bb +++ b/meta/recipes-core/systemd/systemd-boot_255.13.bb @@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:" require conf/image-uefi.conf -DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native" +DEPENDS = "libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native" inherit meson pkgconfig gettext inherit deploy From patchwork Tue Dec 10 20:56:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53898 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00155E77180 for ; Tue, 10 Dec 2024 20:56:56 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.web10.3990.1733864210854046669 for ; Tue, 10 Dec 2024 12:56:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=x7j24HtM; spf=softfail (domain: sakoman.com, ip: 209.85.216.50, mailfrom: steve@sakoman.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-2ee76929a98so24100a91.1 for ; Tue, 10 Dec 2024 12:56:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864210; x=1734469010; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JDfKXU0FA1s1BPSF2igSbuN0hWc6qDSkeX5lX5WgtTg=; b=x7j24HtM8iNrjhHeO7w3pF+ztytwXAMTrW5KdZDquGHi5txOzfK4cdd8EnTfS4tOin gcSMtpsLgRXUBftK66Ga2k7LivAoLt/eAyFOzmOGhjc8HLB9kXSbxUOYFKLuYZlMvhNG KVb1kRfkEXT/T5VD9iAg4EsbqsNlQGuJ53Av2r4W0hExaqNS8lPwtU5FxAiouYTlOl+i +83GdAtA0JH7CfwZjAyWnUY1cUGRwZziQUA44aEtraOwtnj3oVI73t3ghb8dSyTNBTE6 vQPx9IAEMhGuncQMI7M5a9RXSB5bulljplJFdcVUCBZ6N4M9I3fzmnelInm/WUmNweR+ eeEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864210; x=1734469010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JDfKXU0FA1s1BPSF2igSbuN0hWc6qDSkeX5lX5WgtTg=; b=o4Iw6TeGmUm5XOXtfGsVL9s2xklKdBHxHEOt+RlHHSSxAMVDZiDLfWrAj8FZFEKCFf PEfEbIIjhw7nvlKnV6nfLyUXG8ismrnYV1IIs/Qx8syP3hJJ2wlzSDE0zCaMIlQNSCT4 HHaVk5/yLFzZ8VJVtBIPGD12+V5eIQQbzHkBD9U0Ek0Cwl6DwdhKvT0ru8KkusZZGeO5 wlNIqGmVScKj6y5O3RtxfM/9y4tIcttHuU0OOEzPnLrv0fnOkHpDnC1zheaOjKYkRT6z rTayNpYZiU5vjTDUaqDxZBhpgJQNCdfAC33YKe/kSDU0EHizoD52p1FBAvs5WXfNrE/6 WmPQ== X-Gm-Message-State: AOJu0Yy1qEnqJz9SkvqQrdbJd+o9lH1opKe+WSYAd7Xxgxe6hVTtM2TQ 92tfY6Dyp4in7iK8I+OP+cL0kn++DoZQtKhREyalanaRAuYKiMShBTFtizBR/+WY1RQ1jZkeWaK j X-Gm-Gg: ASbGncu3I97XkNrrUCy/PV1KIvEbS4wNnA8kvYGy8YMHgO7OHnbd/kA4n9QWQSfx8NT 62r5+/Ff5X+xOq57b8RIZWvXjUQ54CS3Xwb/qLx6D8GcYrodq5OG/QgsBw/Z/GTmtB5L62Lz9Dt odE8xwrY79sxVKKF9kfPAQSJWmttxW7thmff0QDuHao0u9+aUX3Zeh6kHU2yGvhSn8Nn7aLCczT P3T74mGiNOmqgTlGSmMtgvL6sH0vBTVPNCqjqLClRQ= X-Google-Smtp-Source: AGHT+IGa1zZIOPzRfloBXuzJvUkZ86JACD2xG6g+5LKtDZqoLEdQEnchrNW0gssbv3rp6d7OOnIwdQ== X-Received: by 2002:a17:90a:a797:b0:2ee:8253:9a9f with SMTP id 98e67ed59e1d1-2f12880d2a5mr283317a91.11.1733864210158; Tue, 10 Dec 2024 12:56:50 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/12] python3-poetry-core: drop python3-six from RDEPENDS Date: Tue, 10 Dec 2024 12:56:26 -0800 Message-Id: <09378088bba46b6e505f69381496da0ecd0ecf2c.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208553 From: Guðni Már Gilbert Looking at the history, python3-six was removed as a dependency in the poetry.lock file in v1.5.2 Even before v1.5.2 and until now (v1.9.1) there is no code in the package which imports the six module. So it can be safely dropped from the recipe. Signed-off-by: Guðni Már Gilbert Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb index 540fdffaed..d1a8b939c0 100644 --- a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb +++ b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb @@ -36,7 +36,6 @@ RDEPENDS:${PN}:append:class-target = "\ RDEPENDS:${PN} += "\ python3-pip \ - python3-six \ " BBCLASSEXTEND = "native nativesdk" From patchwork Tue Dec 10 20:56:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53902 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07A1AE77183 for ; Tue, 10 Dec 2024 20:56:57 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web11.3950.1733864212191814867 for ; Tue, 10 Dec 2024 12:56:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=feOooDHc; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-7fdc6e04411so1161406a12.2 for ; Tue, 10 Dec 2024 12:56:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864211; x=1734469011; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=R3JYqvCoIrChbAxk1J1bbb8r3TNEOe8KUuVpps0mXN0=; b=feOooDHcWUVCYCLX7wrxMZivpRpq80/ta7VRicpedJLIRC6Rudr3/YtfIBfero2ZhQ v7fhxV7nhFtnC+YAwtyFeQzwdEmTuuBWlX1eHMHivpjRwCaskcRAeRHWIJ7YU6FiDpYt WY8Ig4mTxeR4Smw4EAN2l3Su6yCBL2lwWB/PlMWxiMSor1vmz2Nng5XSy4eZ2HOF/m1n fpnGcEQpw6fxsSQwxqYyxPncFtb6TFxViMz05Oqx+PAPGM2l+nfPzs/YPiCAuLDbFt3N B17WtdP5IazbtPzsWmXCKMnZ+Sj6xlcVUMAYV6PzVgMO2jqdQgPF0zAxhlD6RBNhC233 TOzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864211; x=1734469011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R3JYqvCoIrChbAxk1J1bbb8r3TNEOe8KUuVpps0mXN0=; b=fg9NNcXZi+LJTSd0zxGCq6YZ2H4P8YKE7QgmeK37r0W/J62KagZ08HwPfV5zbP+azs r81yKcla/cqmjCA2gbaSLeRTPu3gLWhyoSEPs8He3BJ7ClZZqbHsZwU7qQ5yTAEbbfY8 kwsUA3pUYW1kC13ljD7TG17STz2lH+BhkeqjS+l5jkrYn5vybjHJenI6rB8NZnmDx5m4 0siN/xq6EodArUnqj+ZEA64BPTkeDwVrQgIdjsfJwQp9HbD78+QK/MMxvoUurX7bUu2y CW8wGEI3VWqz4jIyy78dLnnYppVtmetLGo3iHNL4KyRZin1HC49dVftX/xilBXi7lgWa dX5g== X-Gm-Message-State: AOJu0YyVgY014z48bcwVPoz+4wRCHNzLNBdRDaux2zilSBpzSFxpAHWm k7BH6jcmLVUomOe4e9va81Dv27qzTqXqqO26ZYoSRylaG59xzjVWzphj5B0LX/PUQaY9VlJlAPp d X-Gm-Gg: ASbGncvZRboYln9xjiexpNcCH7F+LH6X+fXd6BrnA64YbCzYZd/h/mPRCzKj6gax++B NgqioL8kEAn93Q97SikJoX+ccQek+EbF2c3HGdy6OfMP2YmYUETXN9XJ3P6dC6fAX/mAzpw4QUK t8/G0M6fhUh30CjzNcdFCIyNtqev0MtU3souBvAlmAurO0h4+9Lh3w7et/M5xo2q9wHHpYpAdZh 4Du74AijQ7i/QiqUMV8J54Dotdgn2C36e1il0DcpiE= X-Google-Smtp-Source: AGHT+IEHGm3swk3cW6yXqaCaVwLZ4shzmvUYspVcPPqgWo6wa1EKiwrHn+vl4v+IRS5DHdzkbGNS7Q== X-Received: by 2002:a17:90b:5112:b0:2ee:ba0c:1718 with SMTP id 98e67ed59e1d1-2f1280effe4mr626300a91.37.1733864211469; Tue, 10 Dec 2024 12:56:51 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/12] dnf: drop python3-iniparse from DEPENDS and RDEPENDS Date: Tue, 10 Dec 2024 12:56:27 -0800 Message-Id: <3273ace1e5e4b0573ceaa44f2710f651db9ae525.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208554 From: Guðni Már Gilbert python3-iniparse dependency was dropped 2019, see the following commit as reference: https://github.com/rpm-software-management/dnf/pull/1329/commits/d7d0e0e2f9d8c7d021c794821ad0b56a39ebc01f When looking at the Git history, this happened around tag 4.2.1 Signed-off-by: Guðni Már Gilbert Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/dnf/dnf_4.19.0.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/recipes-devtools/dnf/dnf_4.19.0.bb b/meta/recipes-devtools/dnf/dnf_4.19.0.bb index 37a2cc7de2..9c7c59818e 100644 --- a/meta/recipes-devtools/dnf/dnf_4.19.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.19.0.bb @@ -27,7 +27,7 @@ S = "${WORKDIR}/git" inherit cmake gettext bash-completion setuptools3-base systemd -DEPENDS += "libdnf librepo libcomps python3-iniparse" +DEPENDS += "libdnf librepo libcomps" # manpages generation requires http://www.sphinx-doc.org/ EXTRA_OECMAKE = " -DWITH_MAN=0 -DPYTHON_INSTALL_DIR=${PYTHON_SITEPACKAGES_DIR} -DPYTHON_DESIRED=3" @@ -49,7 +49,6 @@ RDEPENDS:${PN} += " \ python3-sqlite3 \ python3-compression \ python3-rpm \ - python3-iniparse \ python3-json \ python3-curses \ python3-misc \ From patchwork Tue Dec 10 20:56:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 53901 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E93FE77182 for ; Tue, 10 Dec 2024 20:56:57 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.3952.1733864213750250904 for ; Tue, 10 Dec 2024 12:56:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xharGWOE; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-7fd4c0220bbso2796289a12.0 for ; Tue, 10 Dec 2024 12:56:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1733864213; x=1734469013; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ma8RC9FSZGvZeJgLBO9uY62pAdBkZv5RCDUHTSTovUM=; b=xharGWOEkQ5diPp3nTFv8CO7bIf4tAndlrt2/F6j4z4rjG4L9cdU6JueGQwtbS5nPR 9D8qesMJ4REC5UFzfwgAFKyM5Ds+cio5NUHflXykwlrN+w4B28cCG2LUzJiolXe7NyON n6ePC87+NWQPyZcgBDiIvJ1KIZHzia4AEMMxI7EwJ4LyvCcGzksgMiHUHpn66hr9j3Yw HV3XtsypLS4CG65L0KDwufDJtZevzTnpZLRBeKvWx8FegU2BFdelbp0Zp1i+Lt6qw7jL qhZsp+Ogy+19BZUo8yPSzEfYVesA7Ep45OmAgD7Q4M3Xd4DKSW26rHUcjMSkOGxyyKM3 AIsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733864213; x=1734469013; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ma8RC9FSZGvZeJgLBO9uY62pAdBkZv5RCDUHTSTovUM=; b=f3jHxge/tw+cHO9pl0o8psbKOQVKCLs7WYoWzKVEcCtPBvAq5/vE68pHknaAKmxXQS 62WR4c50CQ3fG70fPXGfAjaNB8UfYch66OJxcvjZsZOEb2Eg+DhbrBHhFtKnbQfQwGtc /BtKBSs1xZGgzvk6P9RNqlNCmmYTZqUKaxJJJ9SF0KruLqIFoJciCCNtvUEMDqaw/JI2 R7184P/RR2F5S83h36Yev0xzzRDBznz5JZgcZ0j7jbaEw662nAFw7hAwcK/FOuwfFwfn ygvHcZ7U5piL2ZBK+UwEO1exL7ShQq3bZOIHCr04AsW9G/BuJBYePLR9wxNkvPU6TeBM PeQA== X-Gm-Message-State: AOJu0Yz11+s5Kt/a+Z4cEa8pibUk5z/77SRjclF3nwXoOu3spsalGO72 VxMvVqU4D/+y6rhxgKedm6A1mU3yIYX0GnGk2OUSZFATAZ4/5zSd4wCY32RL+zCQ5I92t1LW0Bv W X-Gm-Gg: ASbGncvk2ZezVXnfzvJ0QPHq0g3QPHrb0MjxFuXQI440HEVapgQupDeAq4vM8JIdtNL yZ8UzNYMmCVyGvBziS1dYjYxOzy7k9IV9pcqP0GgmXLsWoMizqh8dnmgmX7sslP2W7wvWVIHCrb Y3KlP6agFoig8uoP8qoY6eR7Az6UR4/tgBMtsGY/lwREXSzHy226Ryz7Lfjhv+bmJuZTN1pxDfc 5wYfqaNSgSJeodP15m8ZHC+BrEbXKjxgM8R2gqkGxg= X-Google-Smtp-Source: AGHT+IHMUM/d8MDb3xXlaezJckgWvZIr9+uFDncJmgDhDoCPJ8cbT/NAd0JcWl5wiYX4Vsx68cnuvg== X-Received: by 2002:a17:90b:1fc3:b0:2ea:77d9:6345 with SMTP id 98e67ed59e1d1-2f127fdb4afmr636246a91.22.1733864213019; Tue, 10 Dec 2024 12:56:53 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef45ff77b9sm10245470a91.36.2024.12.10.12.56.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 12:56:52 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/12] sanity: check for working user namespaces Date: Tue, 10 Dec 2024 12:56:28 -0800 Message-Id: <3577ceca39c7c3be81563de9ccf06a805f61d3ca.1733863624.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Dec 2024 20:56:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208555 From: Ross Burton If user namespaces are not available (typically because AppArmor is blocking them), alert the user. We consider network isolation sufficiently important that this is a fatal error, and the user will need to configure AppArmor to allow bitbake to create a user namespace. [ YOCTO #15592 ] Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit b6af956fe6e876957a49d4abf425e8c789bf0459) Signed-off-by: Steve Sakoman --- meta/classes-global/sanity.bbclass | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 1d242f0f0a..72dab0fea2 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass @@ -475,6 +475,29 @@ def check_wsl(d): bb.warn("You are running bitbake under WSLv2, this works properly but you should optimize your VHDX file eventually to avoid running out of storage space") return None +def check_userns(): + """ + Check that user namespaces are functional, as they're used for network isolation. + """ + + # There is a known failure case with AppAmrmor where the unshare() call + # succeeds (at which point the uid is nobody) but writing to the uid_map + # fails (so the uid isn't reset back to the user's uid). We can detect this. + parentuid = os.getuid() + pid = os.fork() + if not pid: + try: + bb.utils.disable_network() + except: + pass + os._exit(parentuid != os.getuid()) + + ret = os.waitpid(pid, 0)[1] + if ret: + bb.fatal("User namespaces are not usable by BitBake, possibly due to AppArmor.\n" + "See https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions for more information.") + + # Require at least gcc version 8.0 # # This can be fixed on CentOS-7 with devtoolset-6+ @@ -641,6 +664,7 @@ def check_sanity_version_change(status, d): status.addresult(check_git_version(d)) status.addresult(check_perl_modules(d)) status.addresult(check_wsl(d)) + status.addresult(check_userns()) missing = ""