From patchwork Wed Dec 18 22:02:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54314 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7619AE7718A for ; Wed, 18 Dec 2024 22:02:38 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.116956.1734559355362783121 for ; Wed, 18 Dec 2024 14:02:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nUF4V+Tg; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-725ee27e905so200552b3a.2 for ; Wed, 18 Dec 2024 14:02:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559354; x=1735164154; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BabJGshN89sx2HzxGcfH4DAznMTdlCgQDOtFwvTdriA=; b=nUF4V+TgGNb2Z1YAQBhXYOkrcWn/ObxNs6uIQLZ4yuoPADbuqfEDLJCnzIppw7nx1O p6BlnI4ObAjLeCAEsv0OUOyOcSz4H8D2G1USgI1RkqMan3OWWNe4pJ4yGL/rxgELvjo8 LhsIHV+WhPoSygL9CcwAovN15bRXWR/JdjzcfbxZbHV6/Mzz4iu2v57WhtzrW3rNqo6t 1DicbL2wesNZu3BNteFm2GZsQXndgoZaV6XlWLRhUERTLjBCTuOYxzWdhwpVfl574F5t 12//G3gpca6aN0OXaI6KbptorI8b6ZoQlfjECu3d+fRA3GmzxEkQYtNp4WNcxkeZn5tS Nbtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559354; x=1735164154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BabJGshN89sx2HzxGcfH4DAznMTdlCgQDOtFwvTdriA=; b=RCywNfqDUuvFXsxSqRD5q1MD8yrKQw0WDLLonxNh9Hwcys0Z1r0p4gQ46Qaxhgl/lS 2ehenEacRHN2SyBDySNotCR4fvbL2+fh3QUecwnEBuNR2sYD0Xlx+8HiHr7JLIdhYWHO FvnNiOSfaf+/7a3/FpejCELGd2+Vs/JSUB+56K7KSW0hr8cwVNX9otExr6EPkGVVTlL3 ClA/xkA3ZabJs3xRBh1Q8WxIlQZoIIjJ7L9ncl4mvln0wvwFDGTNsUCfSXmGK0OwZpeI Gm94YnLdimbN/SpSsEC2ct702Hor1S1F5DtNhk8uXWazi6ZfuOFyn1UplooHPzeA/SB1 /PkA== X-Gm-Message-State: AOJu0YysH8rdWQSdYBIHh8vTtx/L52Os3AYCdd4n8ibcq2z/utL/3glK zpdt4XDpdYHSAXOV8KYN5/V4LYJFNwsF+RHqRMmqM52xA4imuoakfGvx2TG1URFQJEFzlpK1yP7 H X-Gm-Gg: ASbGncuX9lFzav9wYp29o0jXKXO0QIz6QOvIo5MTw5MtdTgXLfB8lp3rSH7uiMbrlJp 2JHFbLtrr7gv6S/m2Fja12Q27Mk+A2MHtwWIA1aMWzYk38mu3JsPZs0U4WJv9hkWe5DkXJtfoae k1lqakIUdlNBxyRE31jlkySNGwspFHloYYQQ494i0naXTMADPBricoCMHwHUU/LbzprK+dwxA9n OUajPtcUUiLERsMHbLEhlxARFh2BwLXb977OpOd6wb3lg== X-Google-Smtp-Source: AGHT+IEl/hySfVi9QylyfDW4HMmYY3OGiLXeUd2AJ+1H0xGLXH8wWLf1v30cdUw4q2Io/l8R2AadaQ== X-Received: by 2002:a05:6a00:ad2:b0:727:4e5e:881c with SMTP id d2e1a72fcca58-72a8d23f76cmr5695996b3a.15.1734559354505; Wed, 18 Dec 2024 14:02:34 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:34 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/10] binutils: Fix CVE-2024-53589 Date: Wed, 18 Dec 2024 14:02:05 -0800 Message-Id: <15635eb807ea1cbf0fd04e0cbe9cf169df107a05.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208881 From: Yash Shinde A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0016-CVE-2024-53589.patch | 92 +++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index bff97b50c3..41ed39632d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -36,5 +36,6 @@ SRC_URI = "\ file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ file://0015-gprofng-change-use-of-bignum-to-bigint.patch \ + file://0016-CVE-2024-53589.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch new file mode 100644 index 0000000000..380112a3ba --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch @@ -0,0 +1,92 @@ +Author: Alan Modra +Date: Mon Nov 11 10:24:09 2024 +1030 + + Re: tekhex object file output fixes + + Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be + bfd_abs_section, but bfd_abs_section needs to be treated specially. + In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr) + is invalid. + + PR 32347 + * tekhex.c (first_phase): Guard against modification of + _bfd_std_section[] entries. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] +CVE: CVE-2024-53589 + +Signed-off-by: Yash Shinde + +diff --git a/bfd/tekhex.c b/bfd/tekhex.c +index aea2ebb23df..b305c1f96f1 100644 +--- a/bfd/tekhex.c ++++ b/bfd/tekhex.c +@@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) + { + asection *section, *alt_section; + unsigned int len; ++ bfd_vma addr; + bfd_vma val; + char sym[17]; /* A symbol can only be 16chars long. */ + +@@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) + { + case '6': + /* Data record - read it and store it. */ +- { +- bfd_vma addr; +- +- if (!getvalue (&src, &addr, src_end)) +- return false; +- +- while (*src && src < src_end - 1) +- { +- insert_byte (abfd, HEX (src), addr); +- src += 2; +- addr++; +- } +- return true; +- } ++ if (!getvalue (&src, &addr, src_end)) ++ return false; ++ ++ while (*src && src < src_end - 1) ++ { ++ insert_byte (abfd, HEX (src), addr); ++ src += 2; ++ addr++; ++ } ++ return true; + + case '3': + /* Symbol record, read the segment. */ +@@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) + { + case '1': /* Section range. */ + src++; +- if (!getvalue (&src, §ion->vma, src_end)) ++ if (!getvalue (&src, &addr, src_end)) + return false; + if (!getvalue (&src, &val, src_end)) + return false; +- if (val < section->vma) +- val = section->vma; +- section->size = val - section->vma; ++ if (bfd_is_const_section (section)) ++ break; ++ section->vma = addr; ++ if (val < addr) ++ val = addr; ++ section->size = val - addr; + /* PR 17512: file: objdump-s-endless-loop.tekhex. + Check for overlarge section sizes. */ + if (section->size & 0x80000000) +@@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) + new_symbol->symbol.flags = BSF_LOCAL; + if (stype == '2' || stype == '6') + new_symbol->symbol.section = bfd_abs_section_ptr; ++ else if (bfd_is_const_section (section)) ++ ; + else if (stype == '3' || stype == '7') + { + if ((section->flags & SEC_DATA) == 0) From patchwork Wed Dec 18 22:02:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54313 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74C45E77188 for ; Wed, 18 Dec 2024 22:02:38 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.117198.1734559356808776168 for ; Wed, 18 Dec 2024 14:02:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Zcv2pL6A; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-728d1a2f180so132711b3a.1 for ; Wed, 18 Dec 2024 14:02:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559356; x=1735164156; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E1s4RdZuyXknRgrySJ1RnHsbCZrT2rYbD/VplL4zpnw=; b=Zcv2pL6AYEKFEvJdawC5e8UBqxpFnUWwpBnCuqTRzQRkXukac4fLwuX+ijug8RNnnG 31zimzBfwzwfXifHmmdptwHmGjWasdL0ePrpc+iA9pt/enie9mRaL1d3ghBiz1fryYqA qh699cHMMqptquySVQS8vEe6ODK7ACYXaFVta+KgkxEs4AEILSK18xpZbSI2Lc/fPIQJ 91Vig7xDT/JeQXuQ6SseIZcTiKTgo/IEIEXfaCEdLC4kNRSNXstO53nkDPvTp++x4aEj bPvrb+0QaHy21Zb8P3AcvfDcjd2T+f0XS89jTP+Ysx+L90V4kkvZPvPOAYN0tBnfk4ML BrjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559356; x=1735164156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E1s4RdZuyXknRgrySJ1RnHsbCZrT2rYbD/VplL4zpnw=; b=D6sIBvMh2QnAivGh0F1pv6YYo+xfWFvkObnspKFvCq66+l3RBKR44bGY7gBEIW/+3T vG1e0NMqyaVjPZUoYts53je16dwYZfHWtzGmhrlYFtvzav5r0I9ulY6+z6Qbi+0fsk3Z x30LVv9Xd/yXK+7mf3r8FeXDfC8nNjmbeg73nbyVjcrsSga+1H7h/yyrZiS4R7ITIsX7 c/s009IFLuJcL5cSSHhl/mYM1Amhza5GoTpBlhVtQ/dFzb6M6YrrqA+IQlRyZU5O1m5x WIsKBrivMKQLFP1nhvaapiPKtCFPLMo4ESK24Fkvvtzf9X8a2UFg7hd0K4S38/MZfMZz Jy6g== X-Gm-Message-State: AOJu0Yx1QRHMfGguDaspbKpEyc/MaZW7x6zYRSHGRz58Ww/wby5IrBXf H/ld2aPwge7x/iITaT6CCuSqtJYvuYu3jeXJWBuvW0wnRwEkm1f4NdLbyGSkQmVV77gb2KQFizt h X-Gm-Gg: ASbGncvl75r8G/Ia9FQRu/x1S5NFedPg5Hy/v+61gu+64EMIYmgGz4NFQ30b/nhdhPn Iv9oFizbwH+Sv4D6xfoy4w08y/QRwg2jslMHOsy35ubGgI+3t6Z45nQP7ZDAULkWpcalmLD6f4r TaWu1D8brjjl2CPCj/UbxakZLAMoVrL1GUv2b0EwF3n/d/ZjgwX1p0zv36EM9qwYEAJOySTGC2w QoFK/feLK/eqxxgaVnY14bK6I2Ch4QVEhzmrXZ6ic2HAA== X-Google-Smtp-Source: AGHT+IFP9gJHpaqEhAbwxO119CUXzyrkI5b27eKQKilJ/YeyMESgTg0yzgkQkYSpLvXgqTmj/Y7Q/Q== X-Received: by 2002:a05:6a00:4ac4:b0:725:f359:4641 with SMTP id d2e1a72fcca58-72aa9a1a7b7mr1281140b3a.1.1734559356044; Wed, 18 Dec 2024 14:02:36 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/10] subversion: fix CVE-2024-46901 Date: Wed, 18 Dec 2024 14:02:06 -0800 Message-Id: <16c212bd9a9e9c35256ff308da72a518c76ce11d.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208882 From: Jiaying Song Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. References: https://nvd.nist.gov/vuln/detail/CVE-2024-46901 Upstream patches: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt Signed-off-by: Jiaying Song Signed-off-by: Steve Sakoman --- .../subversion/CVE-2024-46901.patch | 161 ++++++++++++++++++ .../subversion/subversion_1.14.3.bb | 3 +- 2 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch new file mode 100644 index 0000000000..4b28a58507 --- /dev/null +++ b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch @@ -0,0 +1,161 @@ +From 149e299cd7eaadc8248480300b6e13b097c5b3fa Mon Sep 17 00:00:00 2001 +From: Jiaying Song +Date: Fri, 13 Dec 2024 12:19:43 +0800 +Subject: [PATCH] Fix CVE-2024-46901 + +It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames. + +Upstream-Status: Backport +[https://subversion.apache.org/security/CVE-2024-46901-advisory.txt] + +CVE: CVE-2024-46901 + +Signed-off-by: Jiaying Song +--- + .../include/private/svn_repos_private.h | 8 +++++ + subversion/libsvn_repos/commit.c | 3 +- + subversion/libsvn_repos/repos.c | 10 +++++++ + subversion/mod_dav_svn/lock.c | 7 +++++ + subversion/mod_dav_svn/repos.c | 29 +++++++++++++++++++ + 5 files changed, 55 insertions(+), 2 deletions(-) + +diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h +index 1fd34e8..1d5fc9c 100644 +--- a/subversion/include/private/svn_repos_private.h ++++ b/subversion/include/private/svn_repos_private.h +@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor, + const char *update_anchor_relpath, + apr_pool_t *pool); + ++/* Validate that the given PATH is a valid pathname that can be stored in ++ * a Subversion repository, according to the name constraints used by the ++ * svn_repos_* layer. ++ */ ++svn_error_t * ++svn_repos__validate_new_path(const char *path, ++ apr_pool_t *scratch_pool); ++ + #ifdef __cplusplus + } + #endif /* __cplusplus */ +diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c +index 515600d..aad37ee 100644 +--- a/subversion/libsvn_repos/commit.c ++++ b/subversion/libsvn_repos/commit.c +@@ -308,8 +308,7 @@ add_file_or_directory(const char *path, + svn_boolean_t was_copied = FALSE; + const char *full_path, *canonicalized_path; + +- /* Reject paths which contain control characters (related to issue #4340). */ +- SVN_ERR(svn_path_check_valid(path, pool)); ++ SVN_ERR(svn_repos__validate_new_path(path, pool)); + + SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path, + pool, pool)); +diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c +index 2189de8..119f04b 100644 +--- a/subversion/libsvn_repos/repos.c ++++ b/subversion/libsvn_repos/repos.c +@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type, + svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool), + pool); + } ++ ++svn_error_t * ++svn_repos__validate_new_path(const char *path, ++ apr_pool_t *scratch_pool) ++{ ++ /* Reject paths which contain control characters (related to issue #4340). */ ++ SVN_ERR(svn_path_check_valid(path, scratch_pool)); ++ ++ return SVN_NO_ERROR; ++} +diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c +index 7e9c94b..d2a6aa9 100644 +--- a/subversion/mod_dav_svn/lock.c ++++ b/subversion/mod_dav_svn/lock.c +@@ -36,6 +36,7 @@ + #include "svn_pools.h" + #include "svn_props.h" + #include "private/svn_log.h" ++#include "private/svn_repos_private.h" + + #include "dav_svn.h" + +@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb, + + /* Commit a 0-byte file: */ + ++ if ((serr = svn_repos__validate_new_path(resource->info->repos_path, ++ resource->pool))) ++ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST, ++ "Request specifies an invalid path.", ++ resource->pool); ++ + if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool))) + return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR, + "Could not determine youngest revision", +diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c +index 8cbd5e7..778ae9b 100644 +--- a/subversion/mod_dav_svn/repos.c ++++ b/subversion/mod_dav_svn/repos.c +@@ -2928,6 +2928,15 @@ open_stream(const dav_resource *resource, + + if (kind == svn_node_none) /* No existing file. */ + { ++ serr = svn_repos__validate_new_path(resource->info->repos_path, ++ resource->pool); ++ ++ if (serr != NULL) ++ { ++ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST, ++ "Request specifies an invalid path.", ++ resource->pool); ++ } + serr = svn_fs_make_file(resource->info->root.root, + resource->info->repos_path, + resource->pool); +@@ -4120,6 +4129,14 @@ create_collection(dav_resource *resource) + return err; + } + ++ if ((serr = svn_repos__validate_new_path(resource->info->repos_path, ++ resource->pool)) != NULL) ++ { ++ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST, ++ "Request specifies an invalid path.", ++ resource->pool); ++ } ++ + if ((serr = svn_fs_make_dir(resource->info->root.root, + resource->info->repos_path, + resource->pool)) != NULL) +@@ -4193,6 +4210,12 @@ copy_resource(const dav_resource *src, + if (err) + return err; + } ++ ++ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool); ++ if (serr) ++ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST, ++ "Request specifies an invalid path.", ++ dst->pool); + + src_repos_path = svn_repos_path(src->info->repos->repos, src->pool); + dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool); +@@ -4430,6 +4453,12 @@ move_resource(dav_resource *src, + if (err) + return err; + ++ serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool); ++ if (serr) ++ return dav_svn__convert_err(serr, HTTP_BAD_REQUEST, ++ "Request specifies an invalid path.", ++ dst->pool); ++ + /* Copy the src to the dst. */ + serr = svn_fs_copy(src->info->root.root, /* the root object of src rev*/ + src->info->repos_path, /* the relative path of src */ +-- +2.25.1 + diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb index 1cf4e1734b..1ef3d498a5 100644 --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb @@ -10,7 +10,8 @@ DEPENDS:append:class-native = " file-replacement-native" SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://serfmacro.patch \ - " + file://CVE-2024-46901.patch \ + " SRC_URI[sha256sum] = "949efd451a09435f7e8573574c71c7b71b194d844890fa49cd61d2262ea1a440" From patchwork Wed Dec 18 22:02:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54315 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 701CDE77188 for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.117200.1734559358399625004 for ; Wed, 18 Dec 2024 14:02:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=CenZMZ77; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-72909c459c4so119483b3a.1 for ; Wed, 18 Dec 2024 14:02:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559357; x=1735164157; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8GAfxCqdD6H9Vl+lQF4FUkFZyxaJJPf7d1ZH0JB5vOU=; b=CenZMZ77jOhcyAXVx1acAhT0mEhUKgMfwfUlTEmSVZRjky5JvnVchKmXDPB5kqDgI/ mxWMDt4uZ3w5Uzk+HEDEwNIRqAZtidkGJ5QGH1lnKEgCyzsvjE8P39RPEBCvHw/qaows RwH/j/LQ3TVPUz8E8203G5Y+bjcoW4cotP0bxhOsQfzysoEPJ18zNG1gbFrSB7dP/dBS os3V1ItRJVPjvzI56MKdatMwpMWKXLwsnxJAo0F2j0331YsVWD5mcjD0Y45JSUlNdoTU J8M0CEsIsQulmJwQtS8h41XYzehimTC+/KdbCjDRVe3a683TA+wB3UIFnsMoyh03ZwRV 08EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559357; x=1735164157; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8GAfxCqdD6H9Vl+lQF4FUkFZyxaJJPf7d1ZH0JB5vOU=; b=Kmm61YYBNhKpPpkT0MSGz8dPybBBopQ+oM6+HSI090OJDKgsbVOnLiDfYmmOX42brK oz5pNU0R/j2iB00JKk0DQT/Vfs2FqOzFIQSArqwWoQ8cv3soGsu0Cgn4lqGTtzWWBtZU TBv9aCoqz+ha7vJYTpUJFCZv3VjVVnl/Xxx1AdJR0dQRnCys1aj3cz6ekYbGZfxVwQKZ pMcRcb0rmTTBaQ0sBQAoU2KxeLhjN4Co6GwVzgBroWUZ8vWOMRbfU3vUYjyWI9yVtudD yAyTQLRbjnwmC7uffJ5c7tOBrN/mZAXPeJ5El/6cFb9ptSiq9+a1Vu1bboS1FLIABIA0 HPaw== X-Gm-Message-State: AOJu0YzPooY/ULVSLuJHUvWY/rTu2+47Gk8YYvS+yJFIqmvSqn7aZQBN yF53o7HDXe9B7Oumwz+Q9CV2TjwkkuSi/TQtVmkLg0Gg7fvd8ikZtaDFry/oI0KYM6knqS1truk D X-Gm-Gg: ASbGncvF89NnpRHyZ3ptafOF1AfCsVyyT6ySCLuIzQvJkdFhYTRBtwybuFnGn8nJ3D8 tzk/pfdIKSmjIHRJMm7dt+K6HV/ofSznXAw+Le9jsvGJsgb5Jre16jC9WeYjYSfAS8l74pYBI2o sgGUwmeqWidYlz4kp83dHqfWMv7x4zTM2fh4e+Exss6jwKKGNjniIpKoFN1IaYrirsLO6yOZUzh T5/rdYCXgC1wTVkGR265aI/dxsav2G/AfD51I9ooFwIEA== X-Google-Smtp-Source: AGHT+IF5NBHRnGdfHTBlmhyM6LIUn6JU9ApmkWUrwcgrHLvsZOQT2CxaDVYJn4DfjfY2XR49vuSsaw== X-Received: by 2002:a05:6a20:7343:b0:1e0:e027:2eaf with SMTP id adf61e73a8af0-1e5b48229fbmr7641085637.19.1734559357511; Wed, 18 Dec 2024 14:02:37 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/10] ffmpeg: fix CVE-2024-35366 Date: Wed, 18 Dec 2024 14:02:07 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208883 From: Archana Polampalli FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-35366.patch | 35 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch new file mode 100644 index 0000000000..f7f16a5b92 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch @@ -0,0 +1,35 @@ +From 0bed22d597b78999151e3bde0768b7fe763fc2a6 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Tue, 26 Mar 2024 00:39:49 +0100 +Subject: [PATCH] avformat/sbgdec: Check for negative duration + +Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long' +Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768 + +Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg +Signed-off-by: Michael Niedermayer + +CVE: CVE-2024-35366 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6] + +Signed-off-by: Archana Polampalli +--- + libavformat/sbgdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c +index b2662ea..281fe62 100644 +--- a/libavformat/sbgdec.c ++++ b/libavformat/sbgdec.c +@@ -386,7 +386,7 @@ static int parse_options(struct sbg_parser *p) + case 'L': + FORWARD_ERROR(parse_optarg(p, opt, &oarg)); + r = str_to_time(oarg.s, &p->scs.opt_duration); +- if (oarg.e != oarg.s + r) { ++ if (oarg.e != oarg.s + r || p->scs.opt_duration < 0) { + snprintf(p->err_msg, sizeof(p->err_msg), + "syntax error for option -L"); + return AVERROR_INVALIDDATA; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 8f4a8d34c0..dd95629648 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -37,6 +37,7 @@ SRC_URI = " \ file://CVE-2023-50007.patch \ file://CVE-2023-49528.patch \ file://CVE-2024-7055.patch \ + file://CVE-2024-35366.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Wed Dec 18 22:02:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54319 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FEC9E7718E for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.117201.1734559359744599006 for ; Wed, 18 Dec 2024 14:02:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Q0CsQdkd; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-728f28744c5so165970b3a.1 for ; Wed, 18 Dec 2024 14:02:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559359; x=1735164159; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jOqsWV8NpuSqcoKkLSb3BpVNKbp7VsogaCZRYKMZu1g=; b=Q0CsQdkdK3/KV8tPfxmvKxvrQGf47VTkhPhb9A/YjGvps4fdhQxvoUDp+L4xY7S/8r qVJkdFIkE8HKVaYOFUSp43DEdgofbGZF1j1irePxRlsdvqsSjfS7nRxoSlf6/sQK5ild 9c+wWGUPM6hl8mziWuY31RjJFVIvmYCdtCuABNDvX9Ys9eSFulA3nwiqew+sq3zUFHqK gqyVe1OPdiobHmi3XAcrCjwJUS/Yj56rdCbyNEwU3rrrO789goao0K9HD/YZzgsOKQ9X TBVtUmsC15msTTCeaZ1q9l62/T8F/nZbLnjwY5WWlcVX3InHAsBayWhtqQIwUDtdoAZE 5yHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559359; x=1735164159; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jOqsWV8NpuSqcoKkLSb3BpVNKbp7VsogaCZRYKMZu1g=; b=h9m1sXzM+3QSxkwvR3bl3Zk3w59MVHmmt3HLlxp3U5FaiTFOZaEYQOyhPB0krBER0w zcv6jYjIm1MyYlp5/XcofTbcIWz4/MYntB1uevlMMHsNvv6PFrxvuwPxBnkohxOsARqj mDF6EPzY/xkfYpvqM7h2g0kAU0W9TTzKLeNiXmS0i0xxovbPNhAM4CJZWnSKvlK4mXOq CqOAaZhSq9gy9A9/MIT0OUXl0H/W4FrNGMnnmjk4T91VdCHfWLEBAsOytkzP9G5rRjCY CCWskduG5B77WVtVK6TWttzV2wRaZ0T8MjEGu+UppX0lTBklSOo7ruuiUtxFkyxLeTTd V/kA== X-Gm-Message-State: AOJu0YyxSs54Ljey3JnGvvIndg0QA3f3RfXo9VmqE6/6MbwSSq8PjvKy Y/elRegqmYTLdE0uBQiHOzPvVbuVmz2gduK8795eq9lDLPRj2JkrEfRA4BLIxMI0N2/B6LmqLOU + X-Gm-Gg: ASbGncusOD/XcHVq7MvuJN1WUqe/0ee2I0bqnI9uSYSbfmY3UeVhg7WJKb3TvymP8Do azSQK39jcNyy2HnDaAH3DHZd/B7MVyJe8w1jNRhXzuGLUZgxyHTr+NtAV2JY/3+R1+zGYCQ1Zkb bXgFtXpwelC9LwIqo4LnXf0S3VltGUnz0Cw4yNoEETB300Ag5+alERMTVgAU/nT8vBAoa8LZC0Z BY2G+fwtPVDeM3vIG7z5ALWK+aJ0+sXDNr2dnqnW9Z41w== X-Google-Smtp-Source: AGHT+IFpyHLVOvqvqfxI4QQ9iYUkQTs5X/VZ7TUF5aIVOkKb16rhUbCTYmlyQ1jxjpVIvourvbwcxg== X-Received: by 2002:a05:6a20:72a2:b0:1e0:d934:6189 with SMTP id adf61e73a8af0-1e5b487ec2dmr7735493637.31.1734559359008; Wed, 18 Dec 2024 14:02:39 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:38 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/10] ffmpeg: fix CVE-2024-35367 Date: Wed, 18 Dec 2024 14:02:08 -0800 Message-Id: <64d77d422d3c99d8a246ab03edfb54d9d185326e.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208884 From: Archana Polampalli FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-35367.patch | 47 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch new file mode 100644 index 0000000000..a1bec43c66 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch @@ -0,0 +1,47 @@ +From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Wed, 13 Mar 2024 02:10:26 +0100 +Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access + +h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2] +belong together and the former allows the range 0..6, +so the latter needs to support 0..3. But it has only three +elements. Add another one. +The value for the last element has been guesstimated +from subpel_filters in libavcodec/vp8dsp.c. + +This is also intended to fix FATE-failures with UBSan here: +https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu + +Tested-by: Sean McGovern +Signed-off-by: Andreas Rheinhardt + +CVE: CVE-2024-35367 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667] + +Signed-off-by: Archana Polampalli +--- + libavcodec/ppc/vp8dsp_altivec.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c +index 12dac8b..061914f 100644 +--- a/libavcodec/ppc/vp8dsp_altivec.c ++++ b/libavcodec/ppc/vp8dsp_altivec.c +@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] = + // for 6tap filters, these are the outer two taps + // The zeros mask off pixels 4-7 when filtering 0-3 + // and vice-versa +-static const vec_s8 h_subpel_filters_outer[3] = ++static const vec_s8 h_subpel_filters_outer[4] = + { + REPT4(0, 0, 2, 1), + REPT4(0, 0, 3, 3), + REPT4(0, 0, 1, 2), ++ REPT4(0, 0, 0, 0), + }; + + #define LOAD_H_SUBPEL_FILTER(i) \ +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index dd95629648..94d4cb82d5 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -38,6 +38,7 @@ SRC_URI = " \ file://CVE-2023-49528.patch \ file://CVE-2024-7055.patch \ file://CVE-2024-35366.patch \ + file://CVE-2024-35367.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Wed Dec 18 22:02:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54320 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D737E7718D for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.116958.1734559361053532446 for ; Wed, 18 Dec 2024 14:02:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PO6gmA6E; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21644e6140cso1520895ad.1 for ; Wed, 18 Dec 2024 14:02:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559360; x=1735164160; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pctzNtJSfPqhVZN74KCy9ZD/K+XpdHBOBUNptv/AXNs=; b=PO6gmA6E8AkKFEGuIs4TTywOyqrU4YqBt+NluntY6QXEfbuljoUufT205G176kZmtt 2xCkdFlM1dV/YmQUExz7GAxGEdi0m5hTWKmEOnMxvvVcQ9WShXCdRzXj+sIZGk7Dn718 0jrWILnQjDIZcQeuC4axx+7hj2QzjSftZ2OXG9v/oGe8rOH8mlTlZpYM2vOtOlntUZnE oG/EbHF294ni1F1GpSzk/q7yZP4wQ1WQh+iBursoLq4HhQnuKaxCjXbElmvtKeXpO/0+ 3CZ8bJ2lkyG6jMXaYw4s6jiaIImeD3iQLEwEeExPBAb6HytB6GEEoYy3O089pRWiqUZx 8hMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559360; x=1735164160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pctzNtJSfPqhVZN74KCy9ZD/K+XpdHBOBUNptv/AXNs=; b=Phb7P8jGdGxuRow/4rozf8lGGIGwADdDbDyfuFP1RA8ZPzcKFS1ne+3vUQLbGgW/Ns 5QyRg31CBQODYaJJYq2fXOsB3dv8EadVnhasTDLTsQzpJkRnmv3nkerT7xQ1s8L52Iq/ 9Ek+Swt8SsMoOH/1uzL4fCRg9nGlWp3OD2/HmfJrWiw9OKBy+R3gghW+YqxjNST0LQuE FU2xQAzbVagBv93q3ZeMVaSAPksjirrTF3BvQyZz73+7ec2eT3nAU/eyQBp6/A1/uiFW BHJy85nC/lWxI2vIMsXk7X88h0mQLlve9ELpn0fadILjfLrbOdgWY1lSMS3/ceUsD+5s u/Fg== X-Gm-Message-State: AOJu0Yw6gJO6IA78X56dIJmwXEpV9hcqP8ZVyXC7vxGcz7AjPjSOUqg8 tHrGNQNQPQ9yZ+RMTLp9uFKYAf+H6xmXCR1KudVp+TE8Kfe1zvX3IFB5y/oG53RJfYtey03z7G5 k X-Gm-Gg: ASbGnctguPLbgMT7s/Ig7CPjyNdmrsgrDVajcuNhrS61JUYvAtZ49YDWSvkdTr5gN7x lGpkkFzUPJGG/DB9dA/+U5csoJs6lytzYWynoICE/Y6AsP+YmXO6fRi1C+7QL+YNja1+6WfUJ12 TqyGZNc4j5DcsjG1YS/Sx6ccSzLfFkDTHJzwAzDnww7LFY71IL61kH1RDOUZQygrkFwVlTavlzO CF4cXycKI8Hf7Y7ooiI9oXkg/mqE5oqOR9z6alWdppY8A== X-Google-Smtp-Source: AGHT+IHo72agtT3t0kF7pwQvUdPud9dCkP0vdVnvEcCVMlP9t7iwEZNSzLlYn7ou+xix+RdMMHKURg== X-Received: by 2002:a17:902:f786:b0:216:5854:1062 with SMTP id d9443c01a7336-218d728cd1fmr50035035ad.57.1734559360320; Wed, 18 Dec 2024 14:02:40 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/10] ffmpeg: fix CVE-2024-35368 Date: Wed, 18 Dec 2024 14:02:09 -0800 Message-Id: <53528caafa576a2f6417436cc0dba8be06e75048.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208885 From: Archana Polampalli FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2024-35368.patch | 41 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch new file mode 100644 index 0000000000..7b802762eb --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch @@ -0,0 +1,41 @@ +From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 24 Sep 2023 13:15:48 +0200 +Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error + +After having created the AVBuffer that is put into frame->buf[0], +ownership of several objects (namely an AVDRMFrameDescriptor, +an MppFrame and some AVBufferRefs framecontextref and decoder_ref) +has passed to the AVBuffer and therefore to the frame. +Yet it has nevertheless been freed manually on error +afterwards, which would lead to a double-free as soon +as the AVFrame is unreferenced. + +Signed-off-by: Andreas Rheinhardt + +CVE: CVE-2024-35368 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c] + +Signed-off-by: Archana Polampalli +--- + libavcodec/rkmppdec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c +index 5768568..2ca368e 100644 +--- a/libavcodec/rkmppdec.c ++++ b/libavcodec/rkmppdec.c +@@ -462,8 +462,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame) + + frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref); + if (!frame->hw_frames_ctx) { +- ret = AVERROR(ENOMEM); +- goto fail; ++ av_frame_unref(frame); ++ return AVERROR(ENOMEM); + } + + return 0; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 94d4cb82d5..c3cfc87669 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb @@ -39,6 +39,7 @@ SRC_URI = " \ file://CVE-2024-7055.patch \ file://CVE-2024-35366.patch \ file://CVE-2024-35367.patch \ + file://CVE-2024-35368.patch \ " SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" From patchwork Wed Dec 18 22:02:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54321 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A3CDE7718F for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.117202.1734559362712455484 for ; Wed, 18 Dec 2024 14:02:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VrdEMKAH; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-725abf74334so138629b3a.3 for ; Wed, 18 Dec 2024 14:02:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559362; x=1735164162; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jVUb9QSUevX02QXQxKt/xLeUsIbLRsEcqL1xEwPuD1I=; b=VrdEMKAHpktctgCsnryx/hCeiHfU9vwyo0+2AgyFPs2Q9uegknzJNyuOnOtLVj9yBm S+3iJTRZYZajnEpR4nx0dlmD/PZ2JYy6G8CNM8aRXf9jl/qYlVqGI0OQMcRoiBiOYnhA RZMjaWEooSOX68Ip51Vto/CXtQQ+sGMgSI6/orZZlE4fbF30gfT0bqX/lPCna9yVmM94 7izoBmN249I4QakMQyHVMPHPSgRJ3S3UrIWQhdHVcD018iphiEaOgF3LrybPELM4/Scu WbLtCRmpb5xsvtYYnon27h9sIsc21Uns/4x/K5wcrswDJFeK+elbOlC7N4CuJSM047k2 QVbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559362; x=1735164162; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jVUb9QSUevX02QXQxKt/xLeUsIbLRsEcqL1xEwPuD1I=; b=qBU9dn3HGBNxBhODRGb5IRF7lSmQwfuLa5ck2P+sSzmnuxgZULMkIAxtgfLBpSVDGO 7vCiwJUf2b0mSADU0ICa4TFEgsnW5IdiZMM6eDFJz08Ij8kb72pQr1WGvkMkur9u/MAq Worw+Z5hdaNpcBcDnc40KInpAfbwvU2IDdOtcgNrqZOGjOZkBVVEPrarpHgoOBgLcsF+ 5usnve5um37kz3ZCH77XqNrIDB1ibKWtkktdmGlRloch+baJKRPjr3TqLAFaNjqxC8vZ sEGpdS2eL3TNTXXs6BJKhC23Ap8sxJzinvgc/UByDHhk0wL4vN+g0SShjjVuwGILibOP 58ug== X-Gm-Message-State: AOJu0YwX68u7lSVV+FrVmALaIUxfiB0wr7n/iirosNoP8tlUldnD0Bov YBH35R2ZyYWzw9aEVKypR5l3/eRi8SB+S4Q72QEyVoqStZA+f8QhpvXdCUwOGB2iZoupvT0YrLs h X-Gm-Gg: ASbGnctBJarlT4Q2vvw8pbWwG+DA+2/udwaQuTaHJeP9g3V0Ql5Ntok0tkG4zl61GjH eht/+ssC1Rg/svJNu6yZHVbsLhH9GqvyYEQ4kFyec0tnZWAA0CM6lsEobkLd4VjbFLXKA8Xxghx b8XBLQRQTbwNiUEwIKo5x4xUEzTClDiwPLqawNppv6MQV7mRm+eJ10Cshhh3sgV4Jnvgd53Ic0U jqHkZhMMVpOk/zf2WVzfogVl3ItJJEoAsThf6zbGaKTMQ== X-Google-Smtp-Source: AGHT+IGJZ37YMGgnW0pchfqlifg/JAgFwqlpoWlCS4rrJIOowfgBl83a6UuvTcxdPmyANgZG0qeBFg== X-Received: by 2002:a05:6a20:c797:b0:1e1:aad7:d50d with SMTP id adf61e73a8af0-1e5b48c30c0mr9067451637.46.1734559361907; Wed, 18 Dec 2024 14:02:41 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/10] gcc: Fix c++: tweak for Wrange-loop-construct Date: Wed, 18 Dec 2024 14:02:10 -0800 Message-Id: <614a8e3a06003dfcbf1f32dc2d6f4d18f74b71a4.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208886 From: Sunil Dora This commit updates the warning to use a check for "trivially constructible" instead of "trivially copyable." The original check was incorrect, as "trivially copyable" only applies to types that can be copied trivially, whereas "trivially constructible" is the correct check for types that can be trivially default-constructed. This change ensures the warning is more accurate and aligns with the proper type traits. LLVM accepted a similar fix: https://github.com/llvm/llvm-project/issues/47355 PR c++/116731 [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116731] Signed-off-by: Marek Polacek Signed-off-by: Sunil Dora Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-13.3.inc | 1 + ...ix-c-tweak-for-Wrange-loop-construct.patch | 113 ++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch diff --git a/meta/recipes-devtools/gcc/gcc-13.3.inc b/meta/recipes-devtools/gcc/gcc-13.3.inc index ffe90c7188..8b6c2a5938 100644 --- a/meta/recipes-devtools/gcc/gcc-13.3.inc +++ b/meta/recipes-devtools/gcc/gcc-13.3.inc @@ -66,6 +66,7 @@ SRC_URI = "${BASEURI} \ file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \ file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \ file://0027-Fix-gcc-vect-module-testcases.patch \ + file://0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch \ file://gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch \ " SRC_URI[sha256sum] = "0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083" diff --git a/meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch b/meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch new file mode 100644 index 0000000000..745b38f7f1 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch @@ -0,0 +1,113 @@ +From 66aa69e2add2b8641a652768b0eac30f00427145 Mon Sep 17 00:00:00 2001 +From: Sunil Dora +Date: Wed, 11 Dec 2024 09:48:16 -0800 +Subject: [PATCH] gcc: Fix c++: tweak for Wrange-loop-construct + +This commit updates the warning to use a check for "trivially constructible" instead of +"trivially copyable." The original check was incorrect, as "trivially copyable" only applies +to types that can be copied trivially, whereas "trivially constructible" is the correct check +for types that can be trivially default-constructed. + +This change ensures the warning is more accurate and aligns with the proper type traits. + +LLVM accepted a similar fix: +https://github.com/llvm/llvm-project/issues/47355 + +PR c++/116731 [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116731] + +Upstream-Status: Backport [https://gcc.gnu.org/g:179dc0f0fe01012675c1b430591b9891ce96c26e] + +Signed-off-by: Marek Polacek +Signed-off-by: Sunil Dora +--- + gcc/cp/parser.cc | 7 ++- + .../g++.dg/warn/Wrange-loop-construct3.C | 57 +++++++++++++++++++ + 2 files changed, 61 insertions(+), 3 deletions(-) + create mode 100644 gcc/testsuite/g++.dg/warn/Wrange-loop-construct3.C + +diff --git a/gcc/cp/parser.cc b/gcc/cp/parser.cc +index 4e67da6ff..5dd94357d 100644 +--- a/gcc/cp/parser.cc ++++ b/gcc/cp/parser.cc +@@ -13854,11 +13854,12 @@ warn_for_range_copy (tree decl, tree expr) + else if (!CP_TYPE_CONST_P (type)) + return; + +- /* Since small trivially copyable types are cheap to copy, we suppress the +- warning for them. 64B is a common size of a cache line. */ ++ /* Since small trivially constructible types are cheap to construct, we ++ suppress the warning for them. 64B is a common size of a cache line. */ ++ tree list = build_tree_list (NULL_TREE, TREE_TYPE (expr)); + if (TREE_CODE (TYPE_SIZE_UNIT (type)) != INTEGER_CST + || (tree_to_uhwi (TYPE_SIZE_UNIT (type)) <= 64 +- && trivially_copyable_p (type))) ++ && is_trivially_xible (INIT_EXPR, type, list))) + return; + + /* If we can initialize a reference directly, suggest that to avoid the +diff --git a/gcc/testsuite/g++.dg/warn/Wrange-loop-construct3.C b/gcc/testsuite/g++.dg/warn/Wrange-loop-construct3.C +new file mode 100644 +index 000000000..3d9d0c908 +--- /dev/null ++++ b/gcc/testsuite/g++.dg/warn/Wrange-loop-construct3.C +@@ -0,0 +1,57 @@ ++// PR c++/116731 ++// { dg-do compile { target c++11 } } ++// { dg-options "-Wrange-loop-construct" } ++ ++void ++f0 () ++{ ++ struct S { ++ char a[64]; ++ S& operator=(const S&) { return *this; }; ++ }; ++ ++ S arr[8]; ++ for (const auto r : arr) ++ (void) r; ++} ++ ++void ++f1 () ++{ ++ struct S { ++ char a[65]; ++ S& operator=(const S&) { return *this; }; ++ }; ++ ++ S arr[8]; ++ for (const auto r : arr) // { dg-warning "creates a copy" } ++ (void) r; ++} ++ ++void ++f2 () ++{ ++ struct S { ++ char a[64]; ++ S& operator=(const S&) { return *this; }; ++ ~S() { } ++ }; ++ ++ S arr[8]; ++ for (const auto r : arr) // { dg-warning "creates a copy" } ++ (void) r; ++} ++ ++void ++f3 () ++{ ++ struct S { ++ char a[65]; ++ S& operator=(const S&) { return *this; }; ++ ~S() { } ++ }; ++ ++ S arr[8]; ++ for (const auto r : arr) // { dg-warning "creates a copy" } ++ (void) r; ++} +-- +2.43.0 + From patchwork Wed Dec 18 22:02:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54317 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F677E7718B for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web11.117203.1734559364206170895 for ; Wed, 18 Dec 2024 14:02:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=BDw05KmY; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-216395e151bso1197305ad.0 for ; Wed, 18 Dec 2024 14:02:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559363; x=1735164163; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Xk4bYH8v7U7gVyN+k1ARdXo4HZyMrgyz7YfUXSmgF8U=; b=BDw05KmYMukUmkdQFmAa+AYmZZJhwJEHYM1Uhx4V3INnuNYbRPNxEPRMaf4dHsFzyK h0t0GsEOg0rUEDYrsh/EVxDLyiVrxC418v6q63c/dkW/t27wD091Z2LlgS1B0ofKi4Rh 7D4b0Vn0xKet+mngHsaO4tuxYXuxhoJWfKjSWg3B3iCzF73I8TGvG52Lyxo9ymRRQU4F YnpELCdf7afgjLxdEpLLlWvRoqkDTmJ5oLiJbgR2pu536MI/pdKl429gjNOH76myJSAy 0AvJ6NWW33hgaHdU+c09U25gPyh6boW1Ajb31ZfA4ZkWNzjtCbPZ6ugUTIJi5cs/956X BDpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559363; x=1735164163; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xk4bYH8v7U7gVyN+k1ARdXo4HZyMrgyz7YfUXSmgF8U=; b=I6rfY+FfKKjor4kxIQGMIQIuiRSn7s9A1e7QmFMce2BGXPa28I4ETpV37pi8vhG+wW bO2tp9je8d1JccIIXlUH9IH+PgP2bNRaDxx9/MuRrcjYk4rSplrGLxj09QMptnMJafLr DG5aFiaZ547h9XpgJDMNqqqnl8j2o70RCnIXtodBPNVzsuf6o/zoaDqa8YIjH3Y40+y1 lETUusXsvggYYJhyPQ7lpRCoX0e6nPIiCRCjNa377cC+9w58K4SlPmQrwAMgSf50zK2W E/auDpFCMekJBAeWdOHoQ7zwMgppztW6r6K49uN7ioM3vpcmMOLIFC7wlEu7PieYh3RK VHDg== X-Gm-Message-State: AOJu0YxTku6WjjnvxIdB/agpS7ioQt25T+aSpYUpWrH/El1aZa8pknMe 9WAtlDXpD3H8n9VKDrpTQdxoF0oAMRwyINerQRC441wQRmp5dv6oeHySVh/I+o2q6XqJ/cvFH/V / X-Gm-Gg: ASbGncueWlmr1QLvMvO+hgfYcPGgkRk2wGbadJElwlO7JcW7YBPMYNPVU288fA1XVtn 10V+7VJKS4NB/uZadEmkKj82Zfi3SbLsnxSey1guCcmE2hcAPc3zWtf/8qoXecggqkZ8Hjq77YJ bnzaN7Upxe44SB1N7b+zsg6MGqMwhyCav7oebbTh/n4hPiSelmE/7vYISW32iym7Xg93Vy4zXoS 5OJlrMCdFFUdF1aykR863xvA+/PTQXQ00TVb+sjAVOvVw== X-Google-Smtp-Source: AGHT+IFVYzDSjwfzeq5SQiuKiNLA09jdUdOo/iBPVXtx/84K8G3dRQwiIs7cBSZ4m6oBcRLk9Zg9nA== X-Received: by 2002:a17:903:903:b0:216:6284:8a00 with SMTP id d9443c01a7336-219da5b9cb9mr13815135ad.2.1734559363305; Wed, 18 Dec 2024 14:02:43 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/10] python3: Drop empty patch Date: Wed, 18 Dec 2024 14:02:11 -0800 Message-Id: <555623d2378138fdcfae95c04e06ba384cebab5b.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208887 From: Khem Raj The fix brought by this patch is already part of python 3.12.3 therefore drop it. Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- ...lize-struct-termios-before-calling-t.patch | 26 ------------------- .../recipes-devtools/python/python3_3.12.6.bb | 1 - 2 files changed, 27 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch diff --git a/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch b/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch deleted file mode 100644 index 8406ef30a2..0000000000 --- a/meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 439aa02f42d6e6715c172076261757fcb89a936a Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Tue, 23 Jan 2024 23:02:02 +0100 -Subject: [PATCH] gh-114492: Initialize struct termios before calling - tcgetattr() (GH-114495) (GH-114502) - -On Alpine Linux it could leave some field non-initialized. -(cherry picked from commit d22c066b802592932f9eb18434782299e80ca42e) - -Upstream-Status: Backport [https://github.com/python/cpython/commit/386c72d9928c51aa2c855ce592bd8022da3b407f] -Co-authored-by: Serhiy Storchaka -Signed-off-by: Khem Raj ---- - .../next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst | 2 ++ - 1 file changed, 2 insertions(+) - create mode 100644 Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst - -diff --git a/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst b/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst -new file mode 100644 -index 0000000..8df8299 ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-01-23-21-20-40.gh-issue-114492.vKxl5o.rst -@@ -0,0 +1,2 @@ -+Make the result of :func:`termios.tcgetattr` reproducible on Alpine Linux. -+Previously it could leave a random garbage in some fields. diff --git a/meta/recipes-devtools/python/python3_3.12.6.bb b/meta/recipes-devtools/python/python3_3.12.6.bb index ae69f0e781..63a3134b36 100644 --- a/meta/recipes-devtools/python/python3_3.12.6.bb +++ b/meta/recipes-devtools/python/python3_3.12.6.bb @@ -29,7 +29,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \ file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \ file://0001-test_storlines-skip-due-to-load-variability.patch \ - file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \ file://0001-test_shutdown-skip-problematic-test.patch \ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ file://0001-test_deadlock-skip-problematic-test.patch \ From patchwork Wed Dec 18 22:02:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54318 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E5A3E7718C for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.116960.1734559365604890643 for ; Wed, 18 Dec 2024 14:02:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Mu70b1wr; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-21683192bf9so1641505ad.3 for ; Wed, 18 Dec 2024 14:02:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559365; x=1735164165; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GGNBmnfF2JsyZwuTBO25CRdBtXZKQytGWrGImw1MM2o=; b=Mu70b1wry/sBw6M5uERctEygrxgppxuimsytE8v6IalewvtdKpxPjOWqV655bRBVH5 B8iQjgD+gXHYx++g/lukN5YlLjC+m95E/+Aj/S0a7Da2eO07HeXudyzoasxQbLaQMssB Hh3VZV1Fv3CNkil6/HL3+/t0IMD2omGlhfX/MgdH7dh/QeSSkftyoexU83oiYUjeH2uG tXCA79Gn+lPvKfMXyf0o7Zw1JmrY4RQ/d1Rl20G9o+gUJPvdvCUP/ZRzL3WSYvSdOSRJ I27tRb37QGy0a/C6BTfwXZb7SyjlvmPEjAZprKHO1lPoP68ejPdRpm+GpesUJJuI6+v6 SCww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559365; x=1735164165; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GGNBmnfF2JsyZwuTBO25CRdBtXZKQytGWrGImw1MM2o=; b=leRtrGEjrx01USzcraqqNtXLH6hqHbPd95qv6IJcMcjJsrAdqqNzpaHI4LyZXNqYVY zza3ZcP4xKz4Y1Og2eAXReWc6jz5J7zrG9jKyJr//VwtlHUXEwUWM7A1whEL9v0Ju4hf 1HXYcI73pKHnSiFnik7qw3C6/HGE97CmixunBxM9GP3wvyYLtcND/qlHWovm1aOqLLwk TMwVOtTOhbPHVeChjxMOHUB3ZnZhLxvXVBNxHdEHSnqhRVL8P8Rvge+0yU+xJjJI29xE 2Zz6RgyF2Mt+apZPogjH3TNgZ+XUwN0m6Q85VhFAxqRzPXsk+U1Lqe9bYYGJHOIHWp0v jCXA== X-Gm-Message-State: AOJu0Yz1O0j2dQJkYH6c4VhliPwM7VFMZwM17TuGnxa35aaNvFK8Rell SPLquHj3t9KI1rBO75/o33W0aYXtsOZvMzVZ79p6auQngs5yTMyo3JFvNdW80+bK+IErSCwz0hA t X-Gm-Gg: ASbGnctdn/rMIhfQn8MMT9K5n6HbVOnp2j+7WGqh4NNvgOaUlLsDALW7RpDS6SvPV4j GBPfRjhAUmWN/9eG3LM0k5l+ZagGflSBMziW63vsadSFYJFfP4GkgA9mhKh6ijTVg/+2Em1v6GQ pzE7gLl+gNB+ldaFz5sNieab9Sf3rVe1tiqfu0pvL20Ox3ta9AWJ7lh64YokTN8k/MA8KuUyXWz 5Jh+P/QvISiOr+xSU09Zmzx3y0oZm5yGqczOZLtUqINSA== X-Google-Smtp-Source: AGHT+IG3bm0aLgkSaEfTuYKxI+2tjsNcSTOGxsqn+a0WLBXIiSD9ylgnonZsEV2a6Sp57MyrMYlARA== X-Received: by 2002:a17:902:eccf:b0:216:32c4:f7f5 with SMTP id d9443c01a7336-218d70e524bmr54482015ad.19.1734559364686; Wed, 18 Dec 2024 14:02:44 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/10] python3: add dependency on -compression to -core Date: Wed, 18 Dec 2024 14:02:12 -0800 Message-Id: <05166eafb99cf8c7adb6879277069ab384a2f8df.1734553652.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208888 From: Ross Burton importlib.metadata is part of -core, but that will import zipfile which is part of -compression. Obviously this shows that our packaging of the Python modules is not optimal. I plan to follow up with a redesign of the splitting which focuses on simply pulling out the larger or esoteric modules and having a more featureful core. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3/python3-manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json b/meta/recipes-devtools/python/python3/python3-manifest.json index 46092d4004..292c5bbc5d 100644 --- a/meta/recipes-devtools/python/python3/python3-manifest.json +++ b/meta/recipes-devtools/python/python3/python3-manifest.json @@ -216,7 +216,7 @@ }, "core": { "summary": "Python interpreter and core modules", - "rdepends": [], + "rdepends": ["compression"], "files": [ "${bindir}/python${PYTHON_MAJMIN}", "${bindir}/python${PYTHON_MAJMIN}.real", From patchwork Wed Dec 18 22:02:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54316 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70203E7718A for ; Wed, 18 Dec 2024 22:02:48 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web10.116961.1734559367191698230 for ; Wed, 18 Dec 2024 14:02:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=G0mU3NqZ; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-725ed193c9eso155050b3a.1 for ; Wed, 18 Dec 2024 14:02:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559366; x=1735164166; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tQgd9qTf/ohWXUFXrQsXtbbUSgtB43IJ5zWOg6LpA4A=; b=G0mU3NqZhFrfoP4yR9hXP8Ysx2wChl3X2E5/AFK47cdDTMK+3fRhrRuTX1Bm7E6LsW 1BjxN+NZK+uOkIUcCpPirq490RF4G0/EUi6ncDj1TMoE38NLoImDEsLn4f+MyfZ8rTGA /mP3Q51CqrxxeJWHCpJ1riLYLRnrD9VMMWTZFxwSy4xwgDk6cBi8kCdeWvIpejR9vDdn fPLpGiWnAKHyRaZ0VSBJDr+LqMcDq6fUvUDoGtfm8LnOTocf5943ZZGCgz5wlKfoqksR EOb15TtHA5h88kq/GGBUqgS5be3qnpn+a4X6uzp3n/2yiH2w9WC1VmZxLqH31I+1TZmJ 3kOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559366; x=1735164166; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tQgd9qTf/ohWXUFXrQsXtbbUSgtB43IJ5zWOg6LpA4A=; b=aq5dc7G+rPvxyL+FxEaGKm9ffgZJUCXBedCqf4ORUEQgzQTXcyBI8+S25AKulgCisM uq3sPm3UcAP8QIAB4aE630GnyN/qL6mjBJWO/4pfIsuZMnDIpfw9L/T/LKZpyPBY7MZ4 Zj3c4uLDy9itin5EeSpHx486MZjERi7Np/of9YcEW0sVEgSKnlCiu16x4vth+Eyok0oc Jv+bDH7T/jOZ8uUXbZJ19xGvykCCNSNnceQEhmgqwOoeAF9qOGH8A83YrQ425m8HUjqR yndIGvklcePrUuJlHcsBY2IF58xVOtyJ6Dff0uMH1kT4DOTm0qvK1nea4fJtD+Sa+wwx lCMw== X-Gm-Message-State: AOJu0YxMALs9JFPCtwCpTy4Lc2RmazE71nearrMq8+BFFT0EN9LOH+Yb JN9VTWtR3xAs4ltfYQ10GBduZr6e6SglQHDedEAD0bq8zJcaPVVNUevEuonJC7EryeNXlijeyU9 w X-Gm-Gg: ASbGnctU+KjeNAHSuiEsXmnMwwoydrionD/kzyjzUCfpXZhmcaZC1xWPMYxZlv3+mUT ZAd3mUll542EmloBKvV/Qr24Xz4nnIjMQ9ndv+kvjoLAsdj/62YVK2y3FHQYDX4qwispnI3v6OG 6qCx4Z1TphdqIiJ+uIJWbJ/qUyGo7lzhvv5Wu93JYVld4ZbLvgjb/G/5wEdnnvDTSNRCe6tG8fK gxH6f+JA1tDYJvLZf/IHkMf2en/UtLjRngKsvTc5OsIXA== X-Google-Smtp-Source: AGHT+IENHvCQF+giu/LJdlVw1S/Dk6rWDCZcx5dy00bTD8AmT2Be21lWYtCUFuy5zYorQ1KmeBpuLQ== X-Received: by 2002:a05:6a20:a10b:b0:1e1:ae4a:1d42 with SMTP id adf61e73a8af0-1e5c76aeec8mr1661686637.31.1734559366367; Wed, 18 Dec 2024 14:02:46 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/10] kern-tools-native: fix SyntaxWarning for RegEx calls on Python 3.12 Date: Wed, 18 Dec 2024 14:02:13 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:48 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208889 From: Hongxu Jia Python 3.12 emmits a SyntaxWarning when using unescaped character inside a RegEx string. ''' recipe-sysroot-native/usr/bin/symbol_why.py:161: SyntaxWarning: invalid escape sequence '\.' if re.match( ".*\.config", opt ): recipe-sysroot-native/usr/bin/symbol_why.py:216: SyntaxWarning: invalid escape sequence '\w' x = re.match( "^# .*Linux/\w*\s*([0-9]*\.[0-9]*\.[0-9]*).*Kernel Configuration", line ) recipe-sysroot-native/usr/bin/symbol_why.py:495: SyntaxWarning: invalid escape sequence '\s' if re.search( "^#\s*CONFIG_", option ): ''' According to [1], use raw strings for regular expression [1] https://docs.python.org/dev/whatsnew/3.12.html#other-language-changes Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- ...yntaxWarning-for-RegEx-calls-on-Pyth.patch | 60 +++++++++++++++++++ .../kern-tools/kern-tools-native_git.bb | 4 +- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-kernel/kern-tools/files/0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch diff --git a/meta/recipes-kernel/kern-tools/files/0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch b/meta/recipes-kernel/kern-tools/files/0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch new file mode 100644 index 0000000000..e87067c8ac --- /dev/null +++ b/meta/recipes-kernel/kern-tools/files/0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch @@ -0,0 +1,60 @@ +From 1f64368e4e82e47cd0e0dfe37b0e1b8958566d21 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Tue, 17 Dec 2024 01:25:29 -0800 +Subject: [PATCH] symbol_why: fix SyntaxWarning for RegEx calls on Python 3.12 + +Python 3.12 emmits a SyntaxWarning when using unescaped +character inside a RegEx string. +''' +recipe-sysroot-native/usr/bin/symbol_why.py:161: SyntaxWarning: invalid escape sequence '\.' + if re.match( ".*\.config", opt ): +recipe-sysroot-native/usr/bin/symbol_why.py:216: SyntaxWarning: invalid escape sequence '\w' + x = re.match( "^# .*Linux/\w*\s*([0-9]*\.[0-9]*\.[0-9]*).*Kernel Configuration", line ) +recipe-sysroot-native/usr/bin/symbol_why.py:495: SyntaxWarning: invalid escape sequence '\s' + if re.search( "^#\s*CONFIG_", option ): +''' + +According to [1], use raw strings for regular expression + +[1] https://docs.python.org/dev/whatsnew/3.12.html#other-language-changes + +Upstream-Status: Submitted [linux-yocto@lists.yoctoproject.org] +Signed-off-by: Hongxu Jia +--- + tools/symbol_why.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tools/symbol_why.py b/tools/symbol_why.py +index 326e84f..4864378 100755 +--- a/tools/symbol_why.py ++++ b/tools/symbol_why.py +@@ -158,7 +158,7 @@ for opt in args.args: + elif re.match( "--ksrc=*", opt): + temp, ksrc = opt.split('=', 2) + else: +- if re.match( ".*\.config", opt ): ++ if re.match( r".*\.config", opt ): + dotconfig=opt + elif not ksrc: + ksrc=opt +@@ -213,7 +213,7 @@ if not os.getenv("KERNELVERSION"): + hconfig = open( dotconfig ) + for line in hconfig: + line = line.rstrip() +- x = re.match( "^# .*Linux/\w*\s*([0-9]*\.[0-9]*\.[0-9]*).*Kernel Configuration", line ) ++ x = re.match( r"^# .*Linux/\w*\s*([0-9]*\.[0-9]*\.[0-9]*).*Kernel Configuration", line ) + if x: + os.environ["KERNELVERSION"] = x.group(1) + if verbose: +@@ -492,7 +492,7 @@ def split_option( config_option_str ): + opt = m.group(1) + val = m.group(2) + except: +- if re.search( "^#\s*CONFIG_", option ): ++ if re.search( r"^#\s*CONFIG_", option ): + # print( "option is a is not set!!! %s" % option ) + m = re.match(r"# (CONFIG_[^ ]+) is not set", option ) + if m: +-- +2.25.1 + diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 8eff00821a..7d11889eda 100644 --- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -16,7 +16,9 @@ PV = "0.3+git" inherit native -SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master;protocol=https" +SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master;protocol=https \ + file://0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch \ +" S = "${WORKDIR}/git" do_configure() { From patchwork Wed Dec 18 22:02:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54322 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9542FE7718B for ; Wed, 18 Dec 2024 22:02:58 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.117207.1734559368696644468 for ; Wed, 18 Dec 2024 14:02:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=f9saaYQ1; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-728e78c4d7bso136002b3a.0 for ; Wed, 18 Dec 2024 14:02:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734559368; x=1735164168; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BtyWdkrxa89LEFGlzjn4oIiwWesM7fkTrMhbm0lDGWA=; b=f9saaYQ1yiis0+mmYPPi7mrKbQ9Pp+oI402hIzm/lpLmZUnzdIAoK4CeZA2b8KM1qc ogXrAtdJCE+ntJkiwKObAc8u1a2+/bRrDhwepd2CGhI7c+yKYfm/Vq+XsvivEqdRNqgC HT5Fv5GyrqGcgaSOcmtFjDqyMt5M/cb0XfNECLvLPwIcDn6EFW/Yb9MG59G5e/1lJsWV 3ZmRW4wzGYpuYiQFtdYBmIWYJ3Db77tMSPQeFsRL6NBj2nsT0LOq2xYs6aTSWofFjRFs Sqe1dnyxWTvrQxLG7Flo9g0mKi0bG9Iar+z3+CuF4XPWP+8igJ7KI2NGpLuF4kQkDqIl wwbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734559368; x=1735164168; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BtyWdkrxa89LEFGlzjn4oIiwWesM7fkTrMhbm0lDGWA=; b=eDMVBzAzlYlKCXiZIAPSzZCgk0LdXp4L/xBiGkKJRg0E2/H0DiDCPPiEZkg/RdsPUs ZmPIzAlcSTNpQ23a7l8CnhN0RooL+ob1RXHr46ZD/QqXJq+ImObdCQNJT3eekfRAT6Tk hIKIwx0/zRPCfFdi11riq4z02grCJW3FEU5CO8hwpe+Akml8SOTH/RCzrpMxEpCJS7/O dCgl+YFifpDfotZBtYmUbnkuU8pKNEezeI32s9AcU8ozi1GDzkPFnL2vmdaXzNJG5IcT Are7DtZUzLRQ2P75l9IpSNu0IFRif9L5H+MGUw3Qe2+9ivwfzFgpuNSL/Za+5erabtxo rXVg== X-Gm-Message-State: AOJu0Yy3t3pw0ffP5svo6ymzsDxvQa9W//3wh2dvylxEgD5Ak0kkksYW X/88jSkFCIK1cu252nxBfPEhUmMcGKtZeDSvpafZlRk/SpCtjectqp8Sq4Q0Bn0z+J2ZpRs1tu9 u X-Gm-Gg: ASbGncvDaM2vdaDF8J7d+xuLofnpEK0M4lGN8MuHF+TjwrJhC33hA9v8CDviHcYwqGJ 5dfl9p2VJbZ7YMi6ILP3+UqMTbiFsyuQTDSC+iu0h2XvrBgyWvfL/1ZXWRBsRwhTkkwLgSkZCH4 qZkacPd3S+88D2AAexnyhkDA1pVkFYLxxs6EKFccjbRcfYYxjDEhkF5wIVGycGAV64vTuwjnLXy 659VFCUZck03x1FayvupUd5o541Ps4yqDCNqbxa5DaV8g== X-Google-Smtp-Source: AGHT+IFltMEGlUETpLk/NX2tZqPI7AXzXkePM+Yb1DhD/4vmlQvekZZyUyv5ox8u2z6Yryt6tv3jSQ== X-Received: by 2002:a05:6a20:9145:b0:1d7:e76:6040 with SMTP id adf61e73a8af0-1e5c6ec6e4amr1460156637.4.1734559367875; Wed, 18 Dec 2024 14:02:47 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-801d5aa4b92sm7965116a12.13.2024.12.18.14.02.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 14:02:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/10] rust: add reproducibility patch to eliminate host leakage Date: Wed, 18 Dec 2024 14:02:14 -0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Dec 2024 22:02:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208890 From: Alexander Kanavin [YOCTO #15185] Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 924df18b47e9a69fa295bafe37bdb39d8eaea2bb) Signed-off-by: Steve Sakoman --- ...te-host-information-into-compilation.patch | 51 +++++++++++++++++++ meta/recipes-devtools/rust/rust-source.inc | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch diff --git a/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch b/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch new file mode 100644 index 0000000000..a6ee867605 --- /dev/null +++ b/meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch @@ -0,0 +1,51 @@ +From 065d7c263091118437465d714d8a29dbb6296921 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Mon, 13 May 2024 14:57:54 +0200 +Subject: [PATCH] cargo: do not write host information into compilation unit + hashes + +This breaks reproducibility in cross-builds where the cross-target +can be the same, but build hosts are different, as seen with +"rustc --version -v": +... +host: x86_64-unknown-linux-gnu + +vs. + +host: aarch64-unknown-linux-gnu + +This can possibly be improved by only hashing host info if the build +is a native one (e.g. there's no --target option passed to cargo +invocation) but I'm not sure how. + +Upstream-Status: Inappropriate [reported at https://github.com/rust-lang/cargo/issues/13922] +Signed-off-by: Alexander Kanavin +--- + .../src/cargo/core/compiler/context/compilation_files.rs | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs b/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs +index d83dbf10c..b2ad8d9f3 100644 +--- a/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs ++++ b/src/tools/cargo/src/cargo/core/compiler/context/compilation_files.rs +@@ -652,7 +652,7 @@ fn hash_rustc_version(bcx: &BuildContext<'_, '_>, hasher: &mut StableHasher) { + if vers.pre.is_empty() || bcx.config.cli_unstable().separate_nightlies { + // For stable, keep the artifacts separate. This helps if someone is + // testing multiple versions, to avoid recompiles. +- bcx.rustc().verbose_version.hash(hasher); ++ //bcx.rustc().verbose_version.hash(hasher); + return; + } + // On "nightly"/"beta"/"dev"/etc, keep each "channel" separate. Don't hash +@@ -665,7 +665,7 @@ fn hash_rustc_version(bcx: &BuildContext<'_, '_>, hasher: &mut StableHasher) { + // Keep "host" since some people switch hosts to implicitly change + // targets, (like gnu vs musl or gnu vs msvc). In the future, we may want + // to consider hashing `unit.kind.short_name()` instead. +- bcx.rustc().host.hash(hasher); ++ //bcx.rustc().host.hash(hasher); + // None of the other lines are important. Currently they are: + // binary: rustc <-- or "rustdoc" + // commit-hash: 38114ff16e7856f98b2b4be7ab4cd29b38bed59a +-- +2.39.2 + diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc index 8a8e48b8ca..55ea1b77e6 100644 --- a/meta/recipes-devtools/rust/rust-source.inc +++ b/meta/recipes-devtools/rust/rust-source.inc @@ -13,6 +13,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://target-build-value.patch;patchdir=${RUSTSRC} \ file://0001-Handle-vendored-sources-when-remapping-paths.patch;patchdir=${RUSTSRC} \ file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \ + file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"